temporarily removed consul functionality, added devops vagrant setup

.gitignore

@@ -5,3 +5,4 @@ run
 doc/style.css
 doc/index.html
 zlibs/zuper-dev
+.vagrant

conf/settings.dist

@@ -33,8 +33,8 @@ firewall=yes # yes, no or flush (blank open)
 
 # under which system UID and GID dowse will run
 # default is current user
-# dowse_uid=proxy
-# dowse_gid=proxy
+dowse_uid=proxy
+dowse_gid=proxy
 
 # what network range we choose for our LAN (class C)
 dowse_net=10.0.0.0/24

daemons/dnscap

@@ -30,7 +30,7 @@ dnscap-start() {
     pid=${2:-$R/run/dnscap.pid}
 
     [[ "$EUID" = 0 ]] || return 1
-        
+
     act "launching dnscap"
 
     # -p Asks that the interface not be put into promiscuous mode.
@@ -41,15 +41,15 @@ dnscap-start() {
 
     start-stop-daemon \
         --background --pidfile $pid --start --exec /usr/local/bin/dnscap \
-        --make-pidfile -- -p -1 -i $interface -x . -X in-addr.arpa \
+        --make-pidfile -- -1 -i $interface -x . -X in-addr.arpa \
         -P $R/src/dnscap/plugins/dowse/dowse.so \
         -o $R/log/dnscap.log -l $R/src/domain-list/data -q
-    
+
     [[ $? = 0 ]] || {
         error "problem starting dnscap"
         return 1
     }
-        
+
 }
 
 dnscap-stop() {

dowse

@@ -24,8 +24,8 @@
 
 # {{{ GLOBALS
 
-dowse_version=0.7
-dowse_release_date="Mar/2015"
+dowse_version=0.8
+dowse_release_date="Nov/2015"
 
 zkv=1
 restful=1
@@ -203,7 +203,7 @@ dowse-start() {
     freq=($R/conf/settings $R/conf/network)
     ckreq || return $?
 
-    [[ -r $R/run/consul.pid ]] && {
+    [[ -r $R/run/dnsmasq.pid ]] && {
         warn "Dowse is already running"
         return 0
     }
@@ -258,7 +258,8 @@ dowse-start() {
 
     }
 
-    consul-start || return $?
+    # consul-start || return $?
+
     mods=`find -L $R/modules/enabled -maxdepth 1 -type d | grep -v 'enabled$'`
     for m in "${(f)mods}"; do
 
@@ -268,16 +269,14 @@ dowse-start() {
 
     done
 
-    notice "Dowse succesfully started, web interface up on:"
-    act "http://${address}:8500/"
+    notice "Dowse succesfully started" # , web interface up on:"
+    # act "http://${address}:8500/"
 
 }
 
 dowse-stop() {
     fn "dowse-stop"
 
-    dowse-check || zerr
-
     mods=`find -L $R/modules/enabled -maxdepth 1 -type d | grep -v 'enabled$'`
     for m in "${(f)mods}"; do
 
@@ -286,7 +285,7 @@ dowse-stop() {
 
     done
 
-    [[ -r $R/run/consul.pid ]] && consul-stop
+    # [[ -r $R/run/consul.pid ]] && consul-stop
 
     [[ -z $root ]] || {
         dnscap-stop
@@ -304,12 +303,11 @@ dowse-stop() {
 dowse-reload() {
     fn dowse-reload
 
-    dowse-check || zerr
-
     mods=`find -L $R/modules/enabled -maxdepth 1 -type d | grep -v 'enabled$'`
+    func "modules enabled: $mods"
     for m in "${(f)mods}"; do
-        load-module || continue
-        stop-module || continue
+        load-module $m || continue
+        stop-module
         setup-module || continue
         start-module || continue
     done
@@ -334,7 +332,6 @@ END {
 
 dowse-status() {
     fn dowse-status
-    conf-load
 
     req=(address)
     freq=($R/run/leases)
@@ -361,20 +358,20 @@ dowse-status() {
 
             yes "$ping[$i]\t $mac[$i]\t $ip[$i]\t $host[$i]"
 
-            cat <<EOF | restful.put $address 8500 /v1/kv/things_known/$host[$i]
-status: $ping[$i]
-ip: $ip[$i]
-mac: $mac[$i]
-EOF
+#             cat <<EOF | restful.put $address 8500 /v1/kv/things_known/$host[$i]
+# status: $ping[$i]
+# ip: $ip[$i]
+# mac: $mac[$i]
+# EOF
 
         else
 
             no "$ping[$i]\t $mac[$i]\t $ip[$i]\t $host[$i]"
-            cat <<EOF | restful.put $address 8500 /v1/kv/things_unknown/$host[$i]
-status: $ping[$i]
-ip: $ip[$i]
-mac: $mac[$i]
-EOF
+#             cat <<EOF | restful.put $address 8500 /v1/kv/things_unknown/$host[$i]
+# status: $ping[$i]
+# ip: $ip[$i]
+# mac: $mac[$i]
+# EOF
 
         fi
     done

modules/available/squid-privoxy/dowse

@@ -34,14 +34,14 @@ EOF
 
 module-start() {
 
-    [[ -z $root ]] || {
+    [[ $EUID = 0 ]] && {
         notice "setup transparent proxy to squid"
         iptables -t nat -A PREROUTING -i $interface -s $dowse_net \
             -p tcp --dport 80 -j REDIRECT --to-port 3128
     }
 
     privoxy-start $R/run/privoxy.conf
-    
+
     squid-start $R/run/squid.conf
 
 }

ops/Vagrantfile

@@ -0,0 +1,21 @@
+Vagrant.configure(2) do |config|
+  config.vm.box = "http://vagrant.devuan.org/devuan-jessie-amd64-alpha2.box"
+  config.ssh.username = "root"
+  config.ssh.password = "devuan"
+  config.vm.guest = :debian
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+  config.vm.network :public_network
+
+  config.vm.define "leader", primary: true do |leader|
+   leader.vm.network "private_network", ip: "192.168.0.254", auto_config: false
+    leader.vm.provision "ansible" do |ansible|
+      ansible.playbook = "dowse.yml"
+      ansible.sudo = true
+    end
+  end
+
+  config.vm.define "client" do |client|
+   client.vm.network "private_network", ip: "192.168.0.101", auto_config: false
+    client.vm.provision :shell, inline: 'route del default gw 10.0.2.2 && dhclient -v eth1'
+  end
+end

ops/dowse.yml

@@ -0,0 +1,57 @@
+---
+- name: Build a Dowse machine
+
+  hosts: leader
+  remote_user: root
+
+  tasks:
+
+    - name: Running update on pkg repositories
+      apt: update_cache=yes
+      run_once: true
+
+    - name: Installing Dowse dependencies
+      apt: name={{ item }} state=latest force=yes
+      with_items:
+        - daemontools
+        - iptables
+        - ebtables
+        - gettext-base
+        - procps
+        - net-tools
+        - libssl-dev
+        - libbind-dev
+        - libpcap-dev
+        - unzip
+        - wget
+        - gcc
+        - make
+        - git
+        - zsh
+
+    # - name: Cloning Dowse source from dyne.org git repository
+    #   git:
+    #     repo=https://github.com/dyne/dowse
+    #     dest=/opt/dowse
+    #     #version=v0.8
+
+    - shell: mkdir -p /opt/dowse
+    - name: Cloning Dowse source from host git repository
+      synchronize: src=../ dest=/opt/dowse/
+        archive=yes
+
+    - name: Compiling Dowse source code
+      shell: ./src/compile.sh > compile.log
+        chdir=/opt/dowse
+
+    - name: Installing Dowse and its daemons on system
+      shell: ./utils/debian_deps.sh > install.log
+        chdir=/opt/dowse
+
+    # change this script for configs
+    - name: Configuring Dowse
+      script: dowse_setup.sh
+
+    - name: Starting Dowse
+      shell: ./start.sh
+        chdir=/opt/dowse

ops/dowse_setup.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/zsh
+
+# simple script to create dowse/conf/settings via ansible
+# takes for arguments: address, interface, wan and lan domain
+a=192.168.0.254
+n=192.168.0.0/24
+g=192.168.0.101,192.168.0.199,48h
+m=255.255.255.0
+i=eth1
+w=10.0.2.2
+d=8.8.8.8
+l=dowse.equipment
+
+[[ "$l" = "" ]] && {
+    print "Error in arguments to dowse_setup.sh script"
+    return 1
+}
+
+cat <<EOF > /opt/dowse/conf/settings
+address=$a
+interface=$i
+hostname=\$(hostname)
+wan=$w
+dns=$d
+lan=$l
+firewall=no
+dowse_uid=proxy
+dowse_gid=proxy
+#
+dowse_net=$n
+netmask=$m
+dowse_guests=$g
+EOF
+
+cat <<EOF > /opt/dowse/conf/network
+# keep
+EOF
+
+rm -f /etc/resolv.conf
+print "nameserver $a" > /etc/resolv.conf

zlibs/confstore

@@ -34,6 +34,13 @@ conf-load() {
 
         # cover defaults
         dns=${dns:-$wan}
+        dowse_uid=${dowse_uid:-privoxy}
+        dowse_gid=${dowse_gid:-privoxy}
+        dowse_net=${dowse_net:-10.0.0.0/24}
+        netmask=${netmask:-255.255.255.0}
+        dowse_guests=${dowse_guests:-10.0.0.101,10.0.0.199,48h}
+    }
+}
 
         # # read configurations from consul if running
         # [[ -r $R/run/consul.pid ]] && {
@@ -57,8 +64,6 @@ conf-load() {
         #     # dowse_guests=10.0.0.101,10.0.0.199,48h
         # }
 
-    }
-
     # [[ -r $R/run/consul.pid ]] && {
     #     # gather settings from consul's key/value store
     #     address=`.get $address /v1/kv/configuration/address`
@@ -68,4 +73,3 @@ conf-load() {
     #     lan=`.get $address /v1/kv/configuration/lan`
     #     firewall=`.get $address /v1/kv/configuration/firewall`
     # }
-}

zlibs/modules

@@ -35,7 +35,7 @@ load-module() {
 
     command -v module-setup >/dev/null && unset -f module-setup
     command -v module-start >/dev/null && unset -f module-start
-    command -v module-stop >/dev/null && unset -f module-stop        
+    command -v module-stop >/dev/null && unset -f module-stop
     unset dowse_mod_name
     unset dowse_mod_desc
     unset dowse_mod_type
@@ -88,24 +88,26 @@ start-module() {
     fn start-module
 
     notice "Starting module $dowse_mod_name"
-    
+
     if module-start; then
 
-        func "announcing modules"
-        cat <<EOF | .put $address /v1/kv/modules/$dowse_mod_name
-$dowse_mod_desc
+        act "$dowse_mod_name started succesfully"
+
+#         func "announcing modules"
+#         cat <<EOF | .put $address /v1/kv/modules/$dowse_mod_name
+# $dowse_mod_desc
 
-type: $dowse_mod_type
-ports: $dowse_mod_ports
-depends: $dowse_mod_deps
-authors: $dowse_mod_authors
-version: $dowse_mod_version"
-EOF
+# type: $dowse_mod_type
+# ports: $dowse_mod_ports
+# depends: $dowse_mod_deps
+# authors: $dowse_mod_authors
+# version: $dowse_mod_version"
+# EOF
 
-        # add service listing on consul
-        [[ ${#dowse_mod_deps} -gt 0 ]] && consul-add-service
+        # # add service listing on consul
+        # [[ ${#dowse_mod_deps} -gt 0 ]] && consul-add-service
 
-        consul reload
+        # consul reload
     else
         warning "cannot start module $dowse_mod_name"
         return 1
@@ -118,10 +120,11 @@ stop-module() {
     act "stopping module: $dowse_mod_name"
 
     if module-stop; then
-        [[ -r "$R/run/consul.d/module-${1}.js" ]] && {
-            rm "$R/run/consul.d/module-${1}.js"
-            consul-reload
-        }
+        act "$dowse_mod_name stopped"
+        # [[ -r "$R/run/consul.d/module-${1}.js" ]] && {
+        #     rm "$R/run/consul.d/module-${1}.js"
+        #     consul-reload
+        # }
     else
         warning "problems stopping module: $dowse_mod_name"
     fi