bigbluebutton-Github/bigbluebutton-tests/gns3/step-ca.service

11 lines
166 B
SYSTEMD
Raw Normal View History

gns3 virtual network for testing (#15673) * add scripts to create gns3 virtual network for testing * gns3 virtual testing network: introduce declarative syntax, i.e, declare the objects we want and only create them if they don't exist * gns3 virtual testing network: improve node autostart logic * gns3 virtual testing network: because of declarative syntax, we no longer need a special --create-test-server option * gns3 virtual testing network: allow for servers based on arbitrary git commits * gns3 virtual testing network: avoid browsers complaining about duplicate certificate serial numbers * gns3 virtual testing network: allocate space for two more servers * gns3 virtual testing network: add subnets to NAT devices, so they will boot properly * gns3 virtual testing network: allow number of ports on an Ethernet switch to be configured * gns3 virtual testing network: move everything 100 units to the left to center PublicIP switch * gns3 virtual testing network: restart the server by stop'ing and start'ing it because bbb-conf --restart doesn't start nginx if it isn't running * gns3 virtual testing network: -d switch now deletes one server; --delete-everything does what -d used to do * gns3 virtual testing network: new GUI image name (it's different for every user) * gns3 virtual testing network: start node logic now marks previously running nodes as started * gns3 virtual testing network: add a Bash function to automate ssh logins * gns3 virtual testing network: use "$@" instead of $* when relaying arguments to a bash command * gns3 virtual testing network: allow ssh connections to arbitrary hosts behind NAT4 * gns3 virtual testing network: improve start node logic to start new servers when NAT1 already running * gns3 virtual testing network: add scp command to bigbluebutton-ssh.sh * gns3 virtual testing network: gns3-bbb.py script now accepts a list of servers to install, or nothing to just install the infrastructure * gns3 virtual testing network: can now copy SSL CA key and certificate from local directory to virtual machine instead of always having the VM create a new CA * gns3 virtual testing network: get the quoting right in scp shell function for filenames with spaces * gns3 virtual testing network: update README * gns3 virtual testing network: update README * gns3 virtual testing network: add NPDC submodule and use its gns3 import in gns3-bbb.py * gns3 virtual testing network: use 3 network interfaces for testclient * gns3 virtual testing network: renumber NAT devices to match interface numbering on testclient * gns3 testing network: fix dnsmasq configuration on NAT1 so that it works for devices on the PublicIP subnet * gns3 testing network: fix dnsmasq configuration on NAT4/5/6, but still not quite right * gns3 testing network: "fix" dnsmasq configuration so that proxyjumped ssh works, along with access to the servers from the testclients * gns3 virtual testing network: label subnet switches with their CIDR prefices * gns3 virtual testing network: move the clients and their switches a bit to the right * gns3 virtual testing network: rename NAT1 to be the project name (default BigBlueButton) and get rid of InternetSwitch, that I never use * gns3 virtual testing network: allow multiple clients, all names starting with 'testclient' * gns3 virtual testing network: factor out server NAT code, to allow for recreating deleted server NAT nodes * gns3 virtual testing network: refactor client code (move things inside the function) and set "dhcp-identifier: mac" on all client interfaces * gns3 virtual testing network: make NAT1 advertise itself as ca.test into DNS domain test * gns3 virtual testing network: refactor master gateway code into its own subroutine * gns3 virtual testing network: better use of the gns3 library support for declarative nodes (nodes that are declared but only created if they don't already exist) * code cleanups; make notification_url consistently a global var; change label on cloud from "Internet" to interface name * typos from 39c5d6 * gns3 virtual testing network: move certificate authority from /ca to /opt/ca * gns3 virtual testing network: move testserver.sh from / to /root * gns3 virtual testing network: master gateway can now web proxy for servers, allowing a web browser on the bare metal machine to access those servers * gns3 virtual testing network: use a file() function instead of a predetermined list of files we need * gns3 virtual testing network: add a minimal bird configuration to use OSPF to make proxy work * gns3 virtual testing network: new-dhcp-lease.sh now picks mac addresses based on server name, allowing multiple servers, and some bug fixes * gns3 virtual testing network: get rid of generate NAT per-boot script (do everything at boot with iptables-persistent) * gns3 virtual testing network: move client NAT boxes 50 coordinates to the right * gns3 virtual testing network: autostart the nodes that were created * gns3 virtual testing network: use 2 minute DHCP leases to make it quicker to recover from update that replace the NAT devices * gns3 virtual testing network: change NAT rules around because server needs to connect to itself during bbb-install * gns3 virtual testing network: use version of NPDC that has 2 minutes timeouts on the bare metal machine's DHCP leases * gns3 virtual testing network: Improve the DNS configuration by configuring the gateway to not use the bare metal machine for DNS lookups on the ".test" domain, on either the real interface or the dummy interfaces used to inject DNS names into the bare metal machine's DNS table. This removes the need to put entries into /etc/hosts (which was causing problems when things changed IP addresses) because the gateway now consistently uses its own DNS server (dnsmasq) to resolve the ".test" domain. * gns3 virtual testing network: set "noninteractive" flag when updating persistent iptables, otherwise the system tries to prompt the user during an automatically cloud-init run (the prompts show up in /var/log/cloud-init-output.log and stall the cloud-init run) * gns3 virtual testing network: configure proxy to redirect http->https for the BigBlueButton servers * gns3 virtual testing network: put some extra checks on the SSL certificates generated for the proxy server, because if they're screwed up the apache web server won't start at all * gns3 virtual testing network: simplify getportrange.cgi by just having it accept GETs * gns3 virtual testing network: two bug fixes with punching UDP ports through the proxy server 1. if the server changed public IP addresses, a new iptables rule was not created 2. the math was wrong; it's supposed to be a range of 100 ports, not 1000 * gns3 virtual testing network: iptables rules still weren't right on the server's NAT gateways; connections to the gateway (128.8.8.254) need to go through (they weren't), while only connections to the server get hairpined back * gns3 virtual testing network: make NAT gateways listen for ssh on port 2222, so you can connect to them easily (with a suitable ssh config file) by just doing "ssh -p 2222 focal-260" * gns3 virtual testing network: now that DNS is working right (read: better), we don't need the funky shell functions for ssh and scp * gns3 virtual testing network: updated README * gns3 virtual testing network: switching to ISC bind/dhcpd for dynamic DNS and dropping the proxy server and the restricted port ranges This version works, but still has issues * gns3 virtual testing network: don't need new-dhcp-lease.sh anymore (it's now done by ISC dhcpd server, which has built-in support for DDNS) * gns3 virtual testing network: DDNS server no longer requires crypto key * gns3 virtual testing network: rearrange some comments, remove an unused script * gns3 virtual testing network: no longer need to set a port range on the servers, since they are directly reachable from the bare metal machine using OSPF and dynamic DNS * gns3 virtual testing network: drop final remnants of old "NAT1" name; it's now consistently "master gateway" * gns3 virtual testing network: reduce DHCP lease times to ten seconds * gns3 testing network: move testserver.sh from /root to /, because ubuntu needs permission to exec it * gns3 virtual testing network: move client nodes a bit to the right in the GUI * gns3 virtual testing network: simplify bird (OSPF) configuration a bit * gns3 virtual testing network: add --public-subnet and --domain options * gns3 virtual testing network: use most recent ubuntu-open-desktop image, if several are available * gns3 virtual testing network: pick up the server's domain name from the testing network now that we have a --domain option (commit f35f21) * gns3 virtual testing network: introduce --server-subnet option * gns3 virtual testing network: label server subnets with subnet prefix (if possible) * gns3 virtual testing network: all calls to dpkg-reconfigure are noninteractive * gns3 virtual testing network: turn off DHCP/DDNS conflict detection * gns3 virtual testing network: use 120 second DHCP leases; 10 second leases were a problem * gns3 virtual testing network: fix commands to save iptables (wasn't saving NAT table) * gns3 virtual testing network: add a 'certbot' node running Let's Encrypt's boulder server * gns3 virtual testing network: switch 'certbot' to use smallstep's step-ca server * gns3 virtual testing network: first attempt to dummy letsencrypt's acme service (doesn't work) * gns3 virtual testing network: a dummy ACME server works; server certbots use it to get SSL certificates * gns3 virtual testing network: switch testservers to use certbot to get SSL certificates * gns3 virtual testing network: put generateCA.sh back in (in case CA key and cert don't already exist), and remove getcert.cgi * gns3 virtual testing network: add a standard BigBlueButton turn server * gns3 virtual testing network: can now use 400 permission for CA key file * gns3 virtual testing network: dnsmasq cname doesn't work with IP addresses (why should it?); use interface_name instead * gns3 virtual testing network: install server certificate from cloud-init, rather than doing it after boot * gns3 virtual testing network: fix certbot on master gateway so that it can update certificates as they expire * gns3 virtual testing network: only build and/or start NAT4/5/6 if testclient is requested * gns3 virtual testing network: generate root CA certificate on bare metal machine and install it in all VMs from there * gns3 virtual testing network: use certbot nginx plugin instead of standalone mode interacts better with nginx (don't have to stop and restart nginx everytime you do a certbot authentication) * gns3 virtual testing network: add --no-nat switch to build virtual servers without NAT gateways * gns3 virtual testing network: need to not only start step-ca, but enable it (start on every boot) * gns3 virtual testing network: save DNS domain name in GNS3 project variables, so we don't have to specify it on the command line every time we run this script * gns3 virtual testing network: add --no-install switch * gns3 virtual testing network: fix bogus help text * gns3 virtual testing network: --delete now deletes just a specific server and its associated nodes Old behavior (deleting nodes whose name contains a substring) is now done with --delete-substring The old behavior could delete too much (focal-260 would match focal-260-2) and too little (subnet switches are named by their CIDR prefix if possible) * gns3 virtual testing network: when creating a new server, check for existing nodes in all GUI locations to be used * gns3 virtual testing network: update comments * gns3 virtual testing network: add return code checks when calling openssl * gns3 virtual testing network: README update * gns3 virtual testing network: add 'natturn' TURN server behind a NAT gateway * gns3 virtual testing network: make TURN server observe --no-install option * gns3 virtual testing network: only try to install 'natturn' if it doesn't already exist, because even though it's got "declarative" procedures (you declare what you want but it only creates it if needed), natturn's subnet will conflict with server subnets * gns3 virtual testing network: allow Ubuntu release (18 or 20) to be set for a new server * gns3 virtual testing network: add --repository and --install-script options and move computation of the install script from testserver.sh to the main script * gns3 virtual testing network: add --proxy-server option; we pass this option to bbb-install script * add --release option to specify which BigBlueButton server release should be installed, and improve --install-script option to accept local files or arbitrary URLs * gns3 virtual testing network: guess version of install script instead of defaulting to 2.6 * gns3 virtual testing network: enable NAT in both directions on gateway device * gns3 virtual testing network: check server release for validity before attempting install * updated README and newest version of NPDC * gns3 virtual testing network: add option to install greenlight * gns3 virtual testing network: drop --domain switch and instead use an initialization server instead to figure out DNS domain * gns3 virtual testing network: don't create turn or natturn devices unless specifically requested * gns3 virtual testing network: updated README * gns3 virtual testing network: use a newer version of NPDC that monitors console logs, so we watch the servers boot * gns3 virtual testing network: updated README * gns3 virtual testing network: update NPDC for backwards compatibility with Ubuntu 18 * gns3 virtual testing network: update instructions for git submodules * gns3 virtual testing network: save public IP subnet in GNS3 project variables, so we don't have to specify it every time the script runs * gns3 virtual testing network: name NAT gateways more consistently * gns3 virtual testing network: add --quiet switch * gns3 virtual testing network: compute veth domain using initsrv and use it to label the cloud icon * gns3 virtual testing network: improve handling of nginx hash bucket errors on install * gns3 virtual testing network: bump NPDC version; avoid trying to print console messages on VNC consoles (it won't work)
2023-03-24 02:30:04 +08:00
[Unit]
Description=step-ca
After=syslog.target network.target
[Service]
ExecStart=/usr/bin/step-ca /opt/ca/ca.json
Type=simple
[Install]
WantedBy=multi-user.target