Commit 8bc989a6 authored by Guillaume Bury's avatar Guillaume Bury Committed by Ulysse Beaugnon

Debian packaging in progress

parent 01f450fd
graft docs graft docs
include TODO include TODO, CHANGES
...@@ -16,9 +16,10 @@ network, by creating tunnels on the fly, and then routing targeted traffic ...@@ -16,9 +16,10 @@ network, by creating tunnels on the fly, and then routing targeted traffic
through these tunnels. through these tunnels.
re6stnet can be used to : re6stnet can be used to :
- guarantee connectedness between computers connected to the - guarantee connectedness between computers connected to the
internet, for which there exists a working route ( in case the direct route internet, for which there exists a working route ( in case the direct route
isn't available ). isn't available ).
- create very large networks - create very large networks
- give ipv6 addresses to machines with only ipv4 available - give ipv6 addresses to machines with only ipv4 available
...@@ -80,21 +81,21 @@ Later.... ...@@ -80,21 +81,21 @@ Later....
.. XXX: write monkey-patch in __init__.py .. XXX: write monkey-patch in __init__.py
Note: On certain version of python (e.g. 2.7.3~rc2-2.1 ) dns lookup is Note: On certain version of python (e.g. 2.7.3~rc2-2.1 ) dns lookup is
performed for each request, and cause a delay in response. performed for each request, and cause a delay in response.
To avoid this, one can either upgrade python, fix their resolv.conf or use To avoid this, one can either upgrade python, fix their resolv.conf or use
the fix at the end of this file. the fix at the end of this file.
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
# Fix for librpcxml to avoid doing reverse dns on each request # Fix for librpcxml to avoid doing reverse dns on each request
# it was causing a 10s delay on each request when no reverse DNS was avalaible # it was causing a 10s delay on each request when no reverse DNS was avalaible
import BaseHTTPServer import BaseHTTPServer
def not_insane_address_string(self): def not_insane_address_string(self):
host, port = self.client_address[:2] host, port = self.client_address[:2]
return '%s (reverse DNS disabled)' % host # used to call: socket.getfqdn(host) return '%s (reverse DNS disabled)' % host # used to call: socket.getfqdn(host)
BaseHTTPServer.BaseHTTPRequestHandler.address_string = not_insane_address_string BaseHTTPServer.BaseHTTPRequestHandler.address_string = not_insane_address_string
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
re6stnet (0.1-1) nexedi; urgency=low
* source package automatically created by stdeb 0.6.0+git
-- Guillaume Bury <guillaume.bury@gmail.com> Wed, 01 Aug 2012 15:05:30 +0200
Source: re6stnet
Maintainer: Julien Muchembled <jm@nexedi.com>
Section: net
Priority: optional
Build-Depends: python-setuptools (>= 0.6b3), python-all (>= 2.6.6-3), debhelper (>= 7.4.3)
Standards-Version: 3.9.1
Package: re6stnet
Architecture: all
Depends: ${misc:Depends}, ${python:Depends}, openvpn, babeld, openssl
Description: resilient, scalable, IPv6 network application
#!/usr/bin/make -f
# -*- makefile -*-
MANPAGELIST := $(patsubst %.rst, %.1, $(wildcard docs/*.rst))
# Uncomment this to turn on verbose mode.
export DH_VERBOSE=1
override_dh_auto_clean:
dh_auto_clean
rm -f $(MANPAGELIST)
%.1: %.rst
rst2man $< $@
override_dh_installman: $(MANPAGELIST)
dh_installman $^
%:
dh $@ --with python2 --buildsystem=python_distutils
OPTIONS : RE6ST-SETUP ============
usage : ./setup [options...] re6st-conf
--server address ============
-------------------------------
Configuration tool for re6stnet
-------------------------------
:Author: Nexedi
:Manual section: 1
SYNOPSIS
========
``re6st-conf`` ``--server`` `server-url` ``--port`` `server-port`
[`command`] [`options`...]
DESCRIPTION
===========
re6st-conf is a tool generating the files necessary for re6stnet to run. It
connects to a distant server to generate the certificates files used by openvpn
in re6stnet.
USAGE
=====
re6st-conf requires data about a distant server running re6st-registry.
--server address
Ip address of the machine running the re6stnet server. Both ipv4 Ip address of the machine running the re6stnet server. Both ipv4
and ipv6 addresses are supported. and ipv6 addresses are supported.
--port port --port port
Port to connect to on the machine running the re6stnet server. Port to connect to on the machine running the re6stnet server.
-d, --dir directory Commands
--------
You may give at most one of the following commands. Giving the two commands
will not raise any errors, but does not have any meaning.
--email email-address
The email address to associate with your certificates. Refrain
re6st-conf from asking you your email address in a prompt. Useful
for automatizing the configuration process.
re6st-conf will ask you the token you received by email.
--token token
Give your token if you have already received one but did not
complete the configuration process. re6st-conf will not ask you
anything. If you use this option, you do not need to give your
email address.
Options
-------
-d, ``--dir`` `directory`
Path of a directory where will be stored the files generated by the Path of a directory where will be stored the files generated by the
setup. The Setup genereates the following files, in the explicit setup. The Setup genereates the following files, in the explicit
order : order :
...@@ -17,23 +65,18 @@ OPTIONS : RE6ST-SETUP ...@@ -17,23 +65,18 @@ OPTIONS : RE6ST-SETUP
- cert.crt : individual certificate file generated by the server - cert.crt : individual certificate file generated by the server
- dh2048.pem : dh file for oenvpn server - dh2048.pem : dh file for oenvpn server
-r, --req name value
-r, ``--req`` `name` `value`
Specify an attribute to add to the certificate request sent to the Specify an attribute to add to the certificate request sent to the
server. Can be used multiple times. server. Can be used multiple times.
Each use of the --req name value, will add the attribute name with Each use of the --req name value, will add the attribute name with
the associated value in the sugbject of the certificate request. the associated value in the sugbject of the certificate request.
--ca-only --ca-only
Stop the script after downloading the certificate authority file Stop the script after downloading the certificate authority file
from the server from the server
--db-only SEE ALSO
Stop the script after creating the peers DB and downloading the ========
connection information of a bootstrap node of the VPN.
--no-boot
Does not re'quest a bootstrap peer to the peer discovery server
(useful in debug when the server does not have any peer in his
database). When requesting a bootstrap peer to a server whoch does
not have any, an execption will occur, and the script will stop
``re6stnet``\ (1), ``re6st-registry``\ (1)
OPTIONS : RE6ST-REGISTRY ================
usage : ./registry port [options...] re6st-registry
port ================
The port on which the server will listen
--private ip --------------------------------
Ipv6 address of the re6stnet client running on the machine. This Server application for re6snet
address will be advertised only to nodes having a valid --------------------------------
certificate.
:Author: Nexedi
:Manual section: 1
SYNOPSIS
========
--db path ``re6st-registry`` `port` ``--db`` `db-path` ``--ca`` `ca-path`
``--key`` `key-path` ``--mailhost`` `mailhost`
``--private`` `private-ip` [`options`...]
DESCRIPTION
===========
re6st-registry is a server for the re6st network. Its role is to deliver
vertificates to new nodes, and to maintain the complete table of peers, so it
can send part of it to nodes asking for new peers.
As of now, only one re6st-registry per re6st network should run. The node
running the re6st-registry must also have a client ( re6stnet ) running.
USAGE
=====
The re6st-registry will automatically listen on both ipv4 and ipv6 for incomming
request.
port
The port on which the server will listen
--db path
Path to the server Database file. A new DB file will be created Path to the server Database file. A new DB file will be created
and correctly initialized if the file doesn't exists. and correctly initialized if the file doesn't exists.
One can give ":memory" as path, the database is then temporary One can give ":memory" as path, the database is then temporary
--ca path --ca path
Path to the certificate authority file. The certificate authority Path to the certificate authority file. The certificate authority
MUST contain the VPN network prefix in its serial number. To MUST contain the VPN network prefix in its serial number. To
generate correct ca and key files for the 2001:db8:42:: prefix, generate correct ca and key files for the 2001:db8:42:: prefix,
...@@ -21,11 +47,23 @@ OPTIONS : RE6ST-REGISTRY ...@@ -21,11 +47,23 @@ OPTIONS : RE6ST-REGISTRY
openssl req -nodes -new -x509 -key ca.key -set_serial \ openssl req -nodes -new -x509 -key ca.key -set_serial \
0x120010db80042 -days 365 -out ca.crt 0x120010db80042 -days 365 -out ca.crt
--key path --key path
Path to the server key file. To generate a key file, see the --ca Path to the server key file. To generate a key file, see the --ca
option option
--bootstrap prefix ip port proto --mailhost mailhost
Mailhost to be used to send email containing token for registration
--private ip
Ipv6 address of the re6stnet client running on the machine. This
address will be advertised only to nodes having a valid
certificate.
Options
-------
--bootstrap prefix ip port proto
Connection informations of a node given to other as a bootstrap Connection informations of a node given to other as a bootstrap
node to initiate connection with the network. node to initiate connection with the network.
Prefix should be the prefix number of a node, given in binary and Prefix should be the prefix number of a node, given in binary and
...@@ -33,5 +71,7 @@ OPTIONS : RE6ST-REGISTRY ...@@ -33,5 +71,7 @@ OPTIONS : RE6ST-REGISTRY
2001:db8:42:1::/64 ( asusming a network prefix 2001:db8:42::/48 ) 2001:db8:42:1::/64 ( asusming a network prefix 2001:db8:42::/48 )
corresponds to a prefix 1/16 i.e 0000000000000001. corresponds to a prefix 1/16 i.e 0000000000000001.
--mailhost mailhost SEE ALSO
Mailhost to be used to send email containing token for registration ========
``re6stnet``\ (1), ``re6st-conf``\ (1)
OPTIONS : RES6NET ==========
usage : ./re6stnet.py [options...] re6stnet
--ip address port proto ==========
---------------------------------------------
Resilient, Scalable, IPv6 Network application
---------------------------------------------
:Author: Nexedi
:Manual section: 1
SYNOPSIS
========
``re6stnet`` ``--registry`` `registry-url` ``--dh`` `dh-path`
``--ca`` `ca-path` ``--cert`` `cert-path`
``--key`` `key-path` [`options`...] [``--`` [`openvpn-options`...]]
DESCRIPTION
===========
re6stnet is a client connecting to the re6st network. It establishes connections
with other nodes and create a resilient network, whose nodes all have ipv6
addresses. The goal of re6stnet is to create very large networks, guaranteeing
bandwidth between nodes and giving ipv6 to computers.
USAGE
=====
re6stnet needs information about certificates to start, as they contain data
about the network and the ipv6 address of the node. These certificates can be
obtained with the re6st-conf tool.
--registry address
Complete public ( reachable from the internet ) address of the machine
running a registry. Will be used to get the pirvate address of the
registry and/or bootstrap peers
Examples : http://192.0.2.42:80, http://[2001:db8:42::1]:80
--dh path
Path to the dh file to be used by the openvpn server
(for more information see the openvpn man page)
--ca path
Path to the certificate authority file delivered by the re6stnet
server. The prefix of the re6st network is included in the serial
number of the file.
--cert path
Path to the individual certificate file delivered by the re6stnet
server. The prefix of the machine's re6stnet ip is included in the
certificate's subject common name.
--key path
Path to the private key file generated by the re6st-conf tool.
Options
-------
-h, --help Display a summary help about the options
@file
You can give to re6stnet a config file as a regular argument
(meaning before giving optional openvpn arguments)
The file should contain one option per line, possibly ommitting
the '--'. Only long option are allowed (i.e "v 3" will not work
while "verbose 3" will)
You can give a file ( with the @ prefix ) as an argument within a
file ( since it is an optioin, it must be alone on the line ).
--ip address port proto
Specify connection information to be advertised to other nodes. Specify connection information to be advertised to other nodes.
address MUST be a ipv4 address since as of now openvpn does not address MUST be a ipv4 address since as of now openvpn does not
support ipv6 addresses. support ipv6 addresses.
Proto should be either udp or tcp-client Proto should be either udp or tcp-client
-i, --interface interface -i, ``--interface`` `interface`
Give one interface name for each use of the argument. The interface Give one interface name for each use of the argument. The interface
will be used to detect other nodes on the local network. will be used to detect other nodes on the local network.
--peers-db-refresh duration --peers-db-refresh duration
Duration in seconds of the peers DB refresh interval. Duration in seconds of the peers DB refresh interval.
Default : 3600 ( 1 hour ) Default : 3600 ( 1 hour )
-l, --log directory -l, ``--log`` `directory`
Path to the directory used for log files. Will create one file Path to the directory used for log files. Will create one file
for babel logging and one file for each openvpn server and client for babel logging and one file for each openvpn server and client
started. started.
Default : /var/log Default : /var/log
-s, --state directory -s, ``--state`` `directory`
Path to the directory used for state files. State files include : Path to the directory used for state files. State files include :
- peers.db : the peers db used to establish connection - peers.db : the peers db used to establish connection ( created
if does not exists )
- re6stnet.babeld.state : babeld state file ( created if does not - re6stnet.babeld.state : babeld state file ( created if does not
exists, overriden if exists ) exists, overriden if exists )
There must be a valid peers db file ( named peers.db ) in the
directory. A valid peers db file can be created with setup.py
Default : /var/lib/re6stnet Default : /var/lib/re6stnet
-v, --verbose level -v, ``--verbose`` `level`
Defines the verbose level, level should be an integer between 0 Defines the verbose level, level should be an integer between 0
and 3 ( including ). There is no precise convention for verbode and 3 ( including ). There is no precise convention for verbode
level for now, except an increased number means more log messages. level for now, except an increased number means more log messages.
...@@ -38,13 +105,7 @@ OPTIONS : RES6NET ...@@ -38,13 +105,7 @@ OPTIONS : RES6NET
arguments at the end of the command line arguments at the end of the command line
Default : 0 Default : 0
--registry address --hello duration
Complete public ( reachable from the internet ) address of the machine
running a registry. Will be used to get the pirvate address of the
registry and/or bootstrap peers
Examples : http://192.0.2.42:80, http://[2001:db8:42::1]:80
--hello duration
Set hello interval, in seconds, for both wired and wireless Set hello interval, in seconds, for both wired and wireless
connections. Openvpn ping-exit option is set to 4 times the hello connections. Openvpn ping-exit option is set to 4 times the hello
interval. Argument passed down to the babel daemon, equivalent interval. Argument passed down to the babel daemon, equivalent
...@@ -56,11 +117,11 @@ OPTIONS : RES6NET ...@@ -56,11 +117,11 @@ OPTIONS : RES6NET
connection has been cut connection has been cut
Default : 15 Default : 15
-w, --wireless -w, --wireless
Consider all interfaces as being wireless interfaces. Argument Consider all interfaces as being wireless interfaces. Argument
directly passed down to the babeld daemon directly passed down to the babeld daemon
--pp port proto --pp port proto
Port and protocol used by the openvpn server(s). Start one openvpn Port and protocol used by the openvpn server(s). Start one openvpn
server for each couple port/protocol specified. server for each couple port/protocol specified.
Additionally, if no external configuration is given in the command Additionally, if no external configuration is given in the command
...@@ -69,76 +130,41 @@ OPTIONS : RES6NET ...@@ -69,76 +130,41 @@ OPTIONS : RES6NET
Protocols should be either udp or tcp-server. Protocols should be either udp or tcp-server.
Default : (1194, udp), (1194, tcp-server) Default : (1194, udp), (1194, tcp-server)
--tunnel-refresh duration --tunnel-refresh duration
Interval in seconds between two tunnel refresh. Refreshing tunnels Interval in seconds between two tunnel refresh. Refreshing tunnels
mean : mean :
- killing all dead tunnels ( detected via the ping-exit option - killing all dead tunnels ( detected via the ping-exit option
if openvpn ) if openvpn )
- killing the 'worst' tunnels, so that at least the ratio of - killing the 'worst' tunnels, so that at least the ratio of
tunnels set by the --refresh-rate option have been killed tunnels set by the --refresh-rate option have been killed
- creating new tunnels to other clients randomly choosen in the - creating new tunnels to other clients randomly choosen in the
peers database, to reach the number of connection specified by peers database, to reach the number of connection specified by
the connection-count option ( There can be less tunnels if the the connection-count option ( There can be less tunnels if the
peers DB does not contain enough peers ) peers DB does not contain enough peers )
Default : 300 Default : 300
--dh path --connection-count number
Path to the dh file to be used by the openvpn server
(for more information see the openvpn man page)
--ca path
Path to the certificate authority file delivered by the re6stnet
server. The prefix of the VPN network is included in the serial
number of the file.
--cert path
Path to the individual certificate file delivered by the re6stnet
server. The prefix of the machine is included in the certificate's
subject common name.
--connection-count number
The maximum number of openvpn clients to start. The maximum number of openvpn clients to start.
Default : 20 Default : 20
--refresh-rate ratio --refresh-rate ratio
The ratio of connection to kill each time we refresh tunnels. The ratio of connection to kill each time we refresh tunnels.
For more information see the --tunnel-refresh option For more information see the --tunnel-refresh option
ratio should be a float between 0 and 1 ( included ) ratio should be a float between 0 and 1 ( included )
Default : 0.05 Default : 0.05
openvpn_args Openvpn-options
---------------
-- openvpn_args
Additional arguments to be passed down to all openvpn processes Additional arguments to be passed down to all openvpn processes
can be given at the end of the command line. can be given at the end of the command line.
In that case, insert '--' to delimit re6stnet regular options In that case, insert '--' to delimit re6stnet regular options
from the additional openvpn arguments. The list of arguments will from the additional openvpn arguments. The list of arguments will
be passed down to ALL openvpn processes ( including servers ) be passed down to ALL openvpn processes ( including servers )
exactly as they are given exactly as they are given.
One SHOULD give a --key argument with the key file delivered by the
re6stnet server
@file
You can give to re6stnet a config file as a regular argument
(meaning before giving optional openvpn arguments)
The file should contain one option per line, possibly ommitting
the '--'. Only long option are allowed (i.e "v 3" will not work
while "verbose 3" will)
You can give a file ( with the @ prefix ) as an argument within a
file
If you are using a version of python < 2.7.3-2, then you should include this at
the beggining of registry.py
--------------------------------------------------------------------------------
# Fix for librpcxml to avoid doing reverse dns on each request
# it was causing a 10s delay on each request when no reverse DNS was avalaible
import BaseHTTPServer
def not_insane_address_string(self):
host, port = self.client_address[:2]
return '%s (reverse DNS disabled)' % host # used to call: socket.getfqdn(host)
BaseHTTPServer.BaseHTTPRequestHandler.address_string = not_insane_address_string SEE ALSO
========
-------------------------------------------------------------------------------- ``re6st-conf``\ (1), ``re6st-registry``\ (1), ``babeld``\ (8), ``openvpn``\ (8)
...@@ -59,7 +59,7 @@ class main(object): ...@@ -59,7 +59,7 @@ class main(object):
_('--bootstrap', action="append", _('--bootstrap', action="append",
help='''VPN prefix of the peers to send as bootstrap peer, help='''VPN prefix of the peers to send as bootstrap peer,
instead of random ones''') instead of random ones''')
_('--private', _('--private', required=True,
help='VPN IP of the node on which runs the registry') help='VPN IP of the node on which runs the registry')
self.config = parser.parse_args() self.config = parser.parse_args()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment