From 3b940ba6d043142920e7608fd6081f9154b9e930 Mon Sep 17 00:00:00 2001
From: Jaromil <jaromil@dyne.org>
Date: Thu, 26 Nov 2015 18:08:40 +0100
Subject: [PATCH] temporarily removed consul functionality, added devops
 vagrant setup

---
 .gitignore                            |  1 +
 conf/settings.dist                    |  4 +-
 daemons/dnscap                        |  8 ++--
 dowse                                 | 45 ++++++++++-----------
 modules/available/squid-privoxy/dowse |  4 +-
 ops/Vagrantfile                       | 21 ++++++++++
 ops/dowse.yml                         | 57 +++++++++++++++++++++++++++
 ops/dowse_setup.sh                    | 40 +++++++++++++++++++
 zlibs/confstore                       | 10 +++--
 zlibs/modules                         | 39 +++++++++---------
 10 files changed, 176 insertions(+), 53 deletions(-)
 mode change 100644 => 100755 daemons/dnscap
 mode change 100644 => 100755 modules/available/squid-privoxy/dowse
 create mode 100644 ops/Vagrantfile
 create mode 100644 ops/dowse.yml
 create mode 100755 ops/dowse_setup.sh

diff --git a/.gitignore b/.gitignore
index 8e4cfd8..aca1d18 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ run
 doc/style.css
 doc/index.html
 zlibs/zuper-dev
+.vagrant
diff --git a/conf/settings.dist b/conf/settings.dist
index b6acac2..ce751c9 100644
--- a/conf/settings.dist
+++ b/conf/settings.dist
@@ -33,8 +33,8 @@ firewall=yes # yes, no or flush (blank open)
 
 # under which system UID and GID dowse will run
 # default is current user
-# dowse_uid=proxy
-# dowse_gid=proxy
+dowse_uid=proxy
+dowse_gid=proxy
 
 # what network range we choose for our LAN (class C)
 dowse_net=10.0.0.0/24
diff --git a/daemons/dnscap b/daemons/dnscap
old mode 100644
new mode 100755
index e52c906..3ba1bbd
--- a/daemons/dnscap
+++ b/daemons/dnscap
@@ -30,7 +30,7 @@ dnscap-start() {
     pid=${2:-$R/run/dnscap.pid}
 
     [[ "$EUID" = 0 ]] || return 1
-        
+
     act "launching dnscap"
 
     # -p Asks that the interface not be put into promiscuous mode.
@@ -41,15 +41,15 @@ dnscap-start() {
 
     start-stop-daemon \
         --background --pidfile $pid --start --exec /usr/local/bin/dnscap \
-        --make-pidfile -- -p -1 -i $interface -x . -X in-addr.arpa \
+        --make-pidfile -- -1 -i $interface -x . -X in-addr.arpa \
         -P $R/src/dnscap/plugins/dowse/dowse.so \
         -o $R/log/dnscap.log -l $R/src/domain-list/data -q
-    
+
     [[ $? = 0 ]] || {
         error "problem starting dnscap"
         return 1
     }
-        
+
 }
 
 dnscap-stop() {
diff --git a/dowse b/dowse
index 00f0010..313841e 100755
--- a/dowse
+++ b/dowse
@@ -24,8 +24,8 @@
 
 # {{{ GLOBALS
 
-dowse_version=0.7
-dowse_release_date="Mar/2015"
+dowse_version=0.8
+dowse_release_date="Nov/2015"
 
 zkv=1
 restful=1
@@ -203,7 +203,7 @@ dowse-start() {
     freq=($R/conf/settings $R/conf/network)
     ckreq || return $?
 
-    [[ -r $R/run/consul.pid ]] && {
+    [[ -r $R/run/dnsmasq.pid ]] && {
         warn "Dowse is already running"
         return 0
     }
@@ -258,7 +258,8 @@ dowse-start() {
 
     }
 
-    consul-start || return $?
+    # consul-start || return $?
+
     mods=`find -L $R/modules/enabled -maxdepth 1 -type d | grep -v 'enabled$'`
     for m in "${(f)mods}"; do
 
@@ -268,16 +269,14 @@ dowse-start() {
 
     done
 
-    notice "Dowse succesfully started, web interface up on:"
-    act "http://${address}:8500/"
+    notice "Dowse succesfully started" # , web interface up on:"
+    # act "http://${address}:8500/"
 
 }
 
 dowse-stop() {
     fn "dowse-stop"
 
-    dowse-check || zerr
-
     mods=`find -L $R/modules/enabled -maxdepth 1 -type d | grep -v 'enabled$'`
     for m in "${(f)mods}"; do
 
@@ -286,7 +285,7 @@ dowse-stop() {
 
     done
 
-    [[ -r $R/run/consul.pid ]] && consul-stop
+    # [[ -r $R/run/consul.pid ]] && consul-stop
 
     [[ -z $root ]] || {
         dnscap-stop
@@ -304,12 +303,11 @@ dowse-stop() {
 dowse-reload() {
     fn dowse-reload
 
-    dowse-check || zerr
-
     mods=`find -L $R/modules/enabled -maxdepth 1 -type d | grep -v 'enabled$'`
+    func "modules enabled: $mods"
     for m in "${(f)mods}"; do
-        load-module || continue
-        stop-module || continue
+        load-module $m || continue
+        stop-module
         setup-module || continue
         start-module || continue
     done
@@ -334,7 +332,6 @@ END {
 
 dowse-status() {
     fn dowse-status
-    conf-load
 
     req=(address)
     freq=($R/run/leases)
@@ -361,20 +358,20 @@ dowse-status() {
 
             yes "$ping[$i]\t $mac[$i]\t $ip[$i]\t $host[$i]"
 
-            cat <<EOF | restful.put $address 8500 /v1/kv/things_known/$host[$i]
-status: $ping[$i]
-ip: $ip[$i]
-mac: $mac[$i]
-EOF
+#             cat <<EOF | restful.put $address 8500 /v1/kv/things_known/$host[$i]
+# status: $ping[$i]
+# ip: $ip[$i]
+# mac: $mac[$i]
+# EOF
 
         else
 
             no "$ping[$i]\t $mac[$i]\t $ip[$i]\t $host[$i]"
-            cat <<EOF | restful.put $address 8500 /v1/kv/things_unknown/$host[$i]
-status: $ping[$i]
-ip: $ip[$i]
-mac: $mac[$i]
-EOF
+#             cat <<EOF | restful.put $address 8500 /v1/kv/things_unknown/$host[$i]
+# status: $ping[$i]
+# ip: $ip[$i]
+# mac: $mac[$i]
+# EOF
 
         fi
     done
diff --git a/modules/available/squid-privoxy/dowse b/modules/available/squid-privoxy/dowse
old mode 100644
new mode 100755
index db0da68..a8fb2ed
--- a/modules/available/squid-privoxy/dowse
+++ b/modules/available/squid-privoxy/dowse
@@ -34,14 +34,14 @@ EOF
 
 module-start() {
 
-    [[ -z $root ]] || {
+    [[ $EUID = 0 ]] && {
         notice "setup transparent proxy to squid"
         iptables -t nat -A PREROUTING -i $interface -s $dowse_net \
             -p tcp --dport 80 -j REDIRECT --to-port 3128
     }
 
     privoxy-start $R/run/privoxy.conf
-    
+
     squid-start $R/run/squid.conf
 
 }
diff --git a/ops/Vagrantfile b/ops/Vagrantfile
new file mode 100644
index 0000000..88d974f
--- /dev/null
+++ b/ops/Vagrantfile
@@ -0,0 +1,21 @@
+Vagrant.configure(2) do |config|
+  config.vm.box = "http://vagrant.devuan.org/devuan-jessie-amd64-alpha2.box"
+  config.ssh.username = "root"
+  config.ssh.password = "devuan"
+  config.vm.guest = :debian
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+  config.vm.network :public_network
+
+  config.vm.define "leader", primary: true do |leader|
+   leader.vm.network "private_network", ip: "192.168.0.254", auto_config: false
+    leader.vm.provision "ansible" do |ansible|
+      ansible.playbook = "dowse.yml"
+      ansible.sudo = true
+    end
+  end
+
+  config.vm.define "client" do |client|
+   client.vm.network "private_network", ip: "192.168.0.101", auto_config: false
+    client.vm.provision :shell, inline: 'route del default gw 10.0.2.2 && dhclient -v eth1'
+  end
+end
diff --git a/ops/dowse.yml b/ops/dowse.yml
new file mode 100644
index 0000000..705ce1e
--- /dev/null
+++ b/ops/dowse.yml
@@ -0,0 +1,57 @@
+---
+- name: Build a Dowse machine
+
+  hosts: leader
+  remote_user: root
+
+  tasks:
+
+    - name: Running update on pkg repositories
+      apt: update_cache=yes
+      run_once: true
+
+    - name: Installing Dowse dependencies
+      apt: name={{ item }} state=latest force=yes
+      with_items:
+        - daemontools
+        - iptables
+        - ebtables
+        - gettext-base
+        - procps
+        - net-tools
+        - libssl-dev
+        - libbind-dev
+        - libpcap-dev
+        - unzip
+        - wget
+        - gcc
+        - make
+        - git
+        - zsh
+
+    # - name: Cloning Dowse source from dyne.org git repository
+    #   git:
+    #     repo=https://github.com/dyne/dowse
+    #     dest=/opt/dowse
+    #     #version=v0.8
+
+    - shell: mkdir -p /opt/dowse
+    - name: Cloning Dowse source from host git repository
+      synchronize: src=../ dest=/opt/dowse/
+        archive=yes
+
+    - name: Compiling Dowse source code
+      shell: ./src/compile.sh > compile.log
+        chdir=/opt/dowse
+
+    - name: Installing Dowse and its daemons on system
+      shell: ./utils/debian_deps.sh > install.log
+        chdir=/opt/dowse
+
+    # change this script for configs
+    - name: Configuring Dowse
+      script: dowse_setup.sh
+
+    - name: Starting Dowse
+      shell: ./start.sh
+        chdir=/opt/dowse
diff --git a/ops/dowse_setup.sh b/ops/dowse_setup.sh
new file mode 100755
index 0000000..439395c
--- /dev/null
+++ b/ops/dowse_setup.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/zsh
+
+# simple script to create dowse/conf/settings via ansible
+# takes for arguments: address, interface, wan and lan domain
+a=192.168.0.254
+n=192.168.0.0/24
+g=192.168.0.101,192.168.0.199,48h
+m=255.255.255.0
+i=eth1
+w=10.0.2.2
+d=8.8.8.8
+l=dowse.equipment
+
+[[ "$l" = "" ]] && {
+    print "Error in arguments to dowse_setup.sh script"
+    return 1
+}
+
+cat <<EOF > /opt/dowse/conf/settings
+address=$a
+interface=$i
+hostname=\$(hostname)
+wan=$w
+dns=$d
+lan=$l
+firewall=no
+dowse_uid=proxy
+dowse_gid=proxy
+#
+dowse_net=$n
+netmask=$m
+dowse_guests=$g
+EOF
+
+cat <<EOF > /opt/dowse/conf/network
+# keep
+EOF
+
+rm -f /etc/resolv.conf
+print "nameserver $a" > /etc/resolv.conf
diff --git a/zlibs/confstore b/zlibs/confstore
index 78a6ab4..f579366 100755
--- a/zlibs/confstore
+++ b/zlibs/confstore
@@ -34,6 +34,13 @@ conf-load() {
 
         # cover defaults
         dns=${dns:-$wan}
+        dowse_uid=${dowse_uid:-privoxy}
+        dowse_gid=${dowse_gid:-privoxy}
+        dowse_net=${dowse_net:-10.0.0.0/24}
+        netmask=${netmask:-255.255.255.0}
+        dowse_guests=${dowse_guests:-10.0.0.101,10.0.0.199,48h}
+    }
+}
 
         # # read configurations from consul if running
         # [[ -r $R/run/consul.pid ]] && {
@@ -57,8 +64,6 @@ conf-load() {
         #     # dowse_guests=10.0.0.101,10.0.0.199,48h
         # }
 
-    }
-
     # [[ -r $R/run/consul.pid ]] && {
     #     # gather settings from consul's key/value store
     #     address=`.get $address /v1/kv/configuration/address`
@@ -68,4 +73,3 @@ conf-load() {
     #     lan=`.get $address /v1/kv/configuration/lan`
     #     firewall=`.get $address /v1/kv/configuration/firewall`
     # }
-}
diff --git a/zlibs/modules b/zlibs/modules
index c7bc1f2..a278d93 100755
--- a/zlibs/modules
+++ b/zlibs/modules
@@ -35,7 +35,7 @@ load-module() {
 
     command -v module-setup >/dev/null && unset -f module-setup
     command -v module-start >/dev/null && unset -f module-start
-    command -v module-stop >/dev/null && unset -f module-stop        
+    command -v module-stop >/dev/null && unset -f module-stop
     unset dowse_mod_name
     unset dowse_mod_desc
     unset dowse_mod_type
@@ -88,24 +88,26 @@ start-module() {
     fn start-module
 
     notice "Starting module $dowse_mod_name"
-    
+
     if module-start; then
 
-        func "announcing modules"
-        cat <<EOF | .put $address /v1/kv/modules/$dowse_mod_name
-$dowse_mod_desc
+        act "$dowse_mod_name started succesfully"
+
+#         func "announcing modules"
+#         cat <<EOF | .put $address /v1/kv/modules/$dowse_mod_name
+# $dowse_mod_desc
 
-type: $dowse_mod_type
-ports: $dowse_mod_ports
-depends: $dowse_mod_deps
-authors: $dowse_mod_authors
-version: $dowse_mod_version"
-EOF
+# type: $dowse_mod_type
+# ports: $dowse_mod_ports
+# depends: $dowse_mod_deps
+# authors: $dowse_mod_authors
+# version: $dowse_mod_version"
+# EOF
 
-        # add service listing on consul
-        [[ ${#dowse_mod_deps} -gt 0 ]] && consul-add-service
+        # # add service listing on consul
+        # [[ ${#dowse_mod_deps} -gt 0 ]] && consul-add-service
 
-        consul reload
+        # consul reload
     else
         warning "cannot start module $dowse_mod_name"
         return 1
@@ -118,10 +120,11 @@ stop-module() {
     act "stopping module: $dowse_mod_name"
 
     if module-stop; then
-        [[ -r "$R/run/consul.d/module-${1}.js" ]] && {
-            rm "$R/run/consul.d/module-${1}.js"
-            consul-reload
-        }
+        act "$dowse_mod_name stopped"
+        # [[ -r "$R/run/consul.d/module-${1}.js" ]] && {
+        #     rm "$R/run/consul.d/module-${1}.js"
+        #     consul-reload
+        # }
     else
         warning "problems stopping module: $dowse_mod_name"
     fi