leapcode · irregulator · May 26, 2014 · May 27, 2014 · May 28, 2014 · May 28, 2014
diff --git a/platform.rb b/platform.rb
@@ -39,7 +39,7 @@
 
     # input templates
     :provider_json_template        => 'files/service-definitions/provider.json.erb',
-    :eip_service_json_template     => 'files/service-definitions/#{arg}/eip-service.json.erb',
+    :eip_service_json_template     => 'files/service-definitions/#{arg[0]}/eip-service#{arg[1]}.json.erb',
     :soledad_service_json_template => 'files/service-definitions/#{arg}/soledad-service.json.erb',
     :smtp_service_json_template    => 'files/service-definitions/#{arg}/smtp-service.json.erb',
 

diff --git a/provider_base/files/service-definitions/v1/eip-service-2.json.erb b/provider_base/files/service-definitions/v1/eip-service-2.json.erb
@@ -0,0 +1,67 @@
+<%=
+  def underscore(words)
+    words = words.to_s.dup
+    words.downcase!
+    words.gsub! /[^a-z]/, '_'
+    words
+  end
+
+  def add_gateway(node, locations, options={})
+    return nil if options[:ip] == 'REQUIRED'
+    gateway = {}
+    gateway["capabilities"] = node.openvpn.pick(:ports, :protocols, :user_ips, :adblock, :filter_dns)
+    gateway["capabilities"]["transport"] = ["openvpn"]
+    gateway["host"] = node.domain.full
+    gateway["ip_address"] = options[:ip]
+    gateway["capabilities"]["limited"] = options[:limited]
+    if node['location']
+      location_name = underscore(node.location.name)
+      gateway["location"] = location_name
+      locations[location_name] ||= node.location
+    end
+    gateway
+  end
+
+  def add_obfsproxy(node)
+    obfsproxy = {}
+    if node.services.include?("openvpn")
+      obfsproxy["ip_address"] = node.openvpn.gateway_address
+    elsif node.services.include?("obfsproxy")
+      obfsproxy["ip_address"] = node.ip_address
+    end
+    if node['obfsproxy']['scramblesuit']
+      obfsproxy["transport"]  = "scramblesuit"
+      obfsproxy["scramblesuit"] = node.obfsproxy.scramblesuit.pick(:port, :password)
+    end
+    obfsproxy
+  end
+
+  hsh = {}
+  locations = {}
+  gateways = {}
+  obfsproxies = []
+  configuration = nil
+  nodes_like_me[:services => 'openvpn'].each_node do |node|
+    if node.openvpn.allow_limited && node.openvpn.allow_unlimited
+      gateways[node.name + '_unlimited'] =  add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false)
+      gateways[node.name + '_limited'] = add_gateway(node, locations, :ip => node.openvpn.second_gateway_address, :limited => true)
+    elsif node.openvpn.allow_unlimited
+      gateways[node.name + '_unlimited'] = add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false)
+    elsif node.openvpn.allow_limited
+      gateways[node.name + '_limited'] = add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => true)
+    end
+    if configuration && node.openvpn.configuration != configuration
+      log :error, "OpenVPN nodes in the environment `#{node.environment}` have conflicting `openvpn.configuration` values. This will result in bad errors."
+    end
+    configuration = node.openvpn.configuration
+    obfsproxies << add_obfsproxy(node)
+  end
+  nodes_like_me[:services => 'obfsproxy'].each_node do |node|
+    obfsproxies << add_obfsproxy(node)
+  end
+  hsh["gateways"] = gateways
+  hsh["locations"] = locations
+  hsh["openvpn_configuration"] = configuration
+  hsh["obfsproxies"] = obfsproxies.compact
+  JSON.sorted_generate hsh
+%>
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
@@ -45,7 +45,8 @@
   },
   "definition_files": {
     "provider": "= file :provider_json_template",
-    "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]",
+    "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s, '']",
+    "eip_service_2": "= try_file [:eip_service_json_template, 'v'+webapp.api_version.to_s, '-2']",
     "soledad_service": "= file [:soledad_service_json_template, 'v'+webapp.api_version.to_s]",
     "smtp_service": "= file [:smtp_service_json_template, 'v'+webapp.api_version.to_s]"
   },

diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
@@ -3,6 +3,7 @@
   $definition_files = hiera('definition_files')
   $provider         = $definition_files['provider']
   $eip_service      = $definition_files['eip_service']
+  $eip_service_2    = $definition_files['eip_service_2']
   $soledad_service  = $definition_files['soledad_service']
   $smtp_service     = $definition_files['smtp_service']
   $node_domain      = hiera('domain')
@@ -123,6 +124,12 @@
       content => $smtp_service,
       require => Vcsrepo['/srv/leap/webapp'],
       owner   => leap-webapp, group => leap-webapp, mode => '0644';
+
+    "/srv/leap/webapp/public/${api_version}/config/eip-service-2.json":
+      content => $eip_service_2,
+      require => Vcsrepo['/srv/leap/webapp'],
+      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+
   }
 
   try::file {