API tools faq
paste
Guest User

Untitled

a guest
Nov 19th, 2017
101
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.99 KB | None | 0 0
raw download clone embed print report
  1. {% set network = "master" %}
  2. {% set id = grains['id'] %}
  3. {% set interface = "Master" %}
  4. {% set interfaceConfig = pillar['vAddress'] + " 255.255.0.0" %}
  5.  
  6. {% set tincBase = "C:\\Program Files (x86)\\tinc\\" %}
  7. {% set configBase = tincBase + network + "\\" %}
  8. {% set hostsPath = configBase + "hosts\\" %}
  9. {% set port = "655" %}
  10.  
  11. Install Tinc:
  12. pkg.installed:
  13. - name: tinc
  14.  
  15. Tinc Path:
  16. win_path.exists:
  17. - name: {{ tincBase }}
  18. - require:
  19. - pkg: Install Tinc
  20.  
  21. {% for host in salt['mine.get']('*', 'tinc_export').items() %}
  22. {% set name = host[0] %}
  23. {% if name != id %}
  24. Populate Host {{ name }}:
  25. file.managed:
  26. - name: {{ hostsPath }}{{ name }}
  27. - source: salt://{{ tpldir }}/config/host.template
  28. - template: jinja
  29. - makedirs: true
  30. - defaults:
  31. interfaceConfig: {{ interfaceConfig }}
  32. interface: {{ interface }}
  33. id: {{ id }}
  34. port: {{ port }}
  35. hostName: {{ name }}
  36. mineName: tinc_export
  37. - require:
  38. - pkg: Install Tinc
  39. {% endif %}
  40. {% endfor %}
  41.  
  42. {% for host in salt['mine.get']('*', 'tinc_export_slave').items() %}
  43. {% set name = host[0] + "slave" %}
  44. {% if name != id %}
  45. Populate Host {{ name }}:
  46. file.managed:
  47. - name: {{ hostsPath }}{{ name }}
  48. - source: salt://{{ tpldir }}/config/host.template
  49. - template: jinja
  50. - makedirs: true
  51. - defaults:
  52. interfaceConfig: {{ interfaceConfig }}
  53. interface: {{ interface }}
  54. id: {{ id }}
  55. port: {{ port }}
  56. hostName: {{ host[0] }}
  57. mineName: tinc_export_slave
  58. - require:
  59. - pkg: Install Tinc
  60. {% endif %}
  61. {% endfor %}
  62.  
  63. Init Tinc:
  64. cmd.run:
  65. - name: tinc -n {{ network }} init {{ grains['id'] }}
  66. - creates:
  67. - {{ configBase }}ed25519_key.priv
  68. - {{ configBase }}rsa_key.priv
  69. - {{ hostsPath }}{{ grains['id'] }}
  70. - require:
  71. - win_path: Tinc Path
  72.  
  73. Configure Tinc:
  74. file.managed:
  75. - name: {{ configBase }}tinc.conf
  76. - source: salt://{{ tpldir }}/config/tinc.conf
  77. - template: jinja
  78. - defaults:
  79. interfaceConfig: {{ interfaceConfig }}
  80. interface: {{ interface }}
  81. network: {{ network }}
  82. id: {{ id }}
  83. port: {{ port }}
  84. - require:
  85. - cmd: Init Tinc
  86.  
  87. Configure Up Script:
  88. file.managed:
  89. - name: {{ configBase }}tinc-up.bat
  90. - source: salt://{{ tpldir }}/config/windows/tinc-up.bat
  91. - template: jinja
  92. - defaults:
  93. interfaceConfig: {{ interfaceConfig }}
  94. interface: {{ interface }}
  95. network: {{ network }}
  96. id: {{ id }}
  97. port: {{ port }}
  98. - require:
  99. - pkg: Install Tinc
  100.  
  101. Add Address:
  102. cmd.run:
  103. - name: tinc -n {{ network }} add address {{ grains['id'] }}.silvenga.net
  104. - unless: tinc -n {{ network }} get address
  105. - require:
  106. - cmd: Init Tinc
  107.  
  108. Log Directory:
  109. file.directory:
  110. - name: {{ tincBase }}log
  111.  
  112. Install Tap Cert:
  113. win_pki.import_cert:
  114. - name: salt://{{ tpldir }}/config/windows/openvpn-tap.cer
  115. - cert_format: cer
  116. - context: LocalMachine
  117. - store: TrustedPublisher
  118.  
  119. Create Tap Device:
  120. cmd.run:
  121. - name: cmd.exe /c 'tapinstall.exe install OemWin2k.inf tap0901'
  122. - cwd: C:\Program Files (x86)\tinc\tap-win64\
  123. - onlyif: get-wmiobject win32_networkadapter | ? { $_.netconnectionid -eq "{{ interface }}" } | % { exit 1 }
  124. - shell: powershell
  125. - require:
  126. - win_pki: Install Tap Cert
  127. Rename Tap Device:
  128. cmd.run:
  129. - name: get-wmiobject win32_networkadapter | ? { $_.ServiceName -eq "tap0901" } | select -first 1 | % { $_.NetConnectionID = "{{ interface }}"; $_.Put() }
  130. - onlyif: get-wmiobject win32_networkadapter | ? { $_.netconnectionid -eq "{{ interface }}" } | % { exit 1 }
  131. - shell: powershell
  132. - require:
  133. - cmd: Create Tap Device
  134. Remove Bad State Service:
  135. cmd.run:
  136. - name: tinc -n {{ network }} stop
  137. - unless: Get-Service | ?{ ($_.Status -ne "Running") -and ($_.Name -eq "tinc.{{ network }}") } | %{ exit 1 }
  138. - shell: powershell
  139. - require:
  140. - cmd: Create Tap Device
  141. Ensure Service Installed:
  142. cmd.run:
  143. - name: tinc -n {{ network }} start --logfile
  144. - onlyif: Get-Service | ? { $_.Name -eq "tinc.{{ network }}" } | %{ exit 1 }
  145. - shell: powershell
  146. - require:
  147. - cmd: Remove Bad State Service
  148. Restart Tinc Service:
  149. service.running:
  150. - name: tinc.{{ network }}
  151. - enable: True
  152. - watch:
  153. - file: Configure Tinc
  154. - cmd: Rename Tap Device
  155. - require:
  156. - cmd: Ensure Service Installed
  157. Enable Firewall Tinc TCP:
  158. win_firewall.add_rule:
  159. - name: Tinc (TCP)
  160. - localport: 655
  161. - protocol: tcp
  162. Enable Firewall Tinc UDP:
  163. win_firewall.add_rule:
  164. - name: Tinc (UDP)
  165. - localport: 655
  166. - protocol: udp
  167. Set Network Type To Private:
  168. cmd.run:
  169. - name: Get-NetConnectionProfile | ?{$_.InterfaceAlias -eq 'Master' -and $_.NetworkCategory -ne 'Private'} | Set-NetConnectionProfile -NetworkCategory Private
  170. - unless: Get-NetConnectionProfile | ?{$_.InterfaceAlias -eq 'Master' -and $_.NetworkCategory -ne 'Private'} | %{ exit 1 }
  171. - shell: powershell
  172. - require:
  173. - service: Restart Tinc Service
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!