dcos-openvpn's Issues
New user creation broken - again
Latest change on the "bin/run.bash" file issued by commit 22bd938 broke dcos_openvpn flask application.
On cert.py executes this bash script with invalid parameters (not admin or server). Either the run.bash needs more loose entry points to properly accommodate the rest of the system or such dependencies should be externalized.
Illegal call:
dcos-openvpn/dcos_openvpn/cert.py
Line 25 in 22bd938
Breaking change on run.bash: https://github.com/mesosphere/dcos-openvpn/blame/master/bin/run.bash#L125-L129
Cannot create client with a previously deleted username
After default setup on DCOS I cannot create a client with the same name as a previously deleted client, steps to reproduce:
1/
curl -X POST --data "name=wnkz" 'http://dcos/service/openvpn/client'`
2/
curl -X DELETE 'http://dcos/service/openvpn/client/wnkz'
{"msg": "success", "type": "status"}
3/
curl -X POST --data "name=wnkz" 'http://dcos/service/openvpn/client'
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>
On step 3, the following logs are produced on the container:
Easy-RSA error:
Request file already exists. Aborting build to avoid overwriting this file.
If you wish to continue, please use a different name or remove the file.
Matching file found at: /etc/openvpn/pki/reqs/wnkz.req
2015-08-10 14:54:10,411 - dcos_openvpn.web - ERROR - Exception on /client [POST]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python2.7/dist-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python2.7/dist-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python2.7/dist-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python2.7/dist-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/local/lib/python2.7/dist-packages/webargs-0.13.0-py2.7.egg/webargs/core.py", line 462, in wrapper
return func(parsed_args, *args, **kwargs)
File "dcos_openvpn/web.py", line 33, in create_client
cert.generate(args.get("name"))
File "dcos_openvpn/cert.py", line 16, in generate
name), shell=True)
File "/usr/lib/python2.7/subprocess.py", line 540, in check_call
raise CalledProcessError(retcode, cmd)
CalledProcessError: Command '/dcos/bin/easyrsa build-client-full wnkz nopass' returned non-zero exit status 1
2015-08-10 14:54:10,411 - dcos_openvpn.web - ERROR - Exception on /client [POST]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python2.7/dist-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python2.7/dist-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python2.7/dist-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python2.7/dist-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/local/lib/python2.7/dist-packages/webargs-0.13.0-py2.7.egg/webargs/core.py", line 462, in wrapper
return func(parsed_args, *args, **kwargs)
File "dcos_openvpn/web.py", line 33, in create_client
cert.generate(args.get("name"))
File "dcos_openvpn/cert.py", line 16, in generate
name), shell=True)
File "/usr/lib/python2.7/subprocess.py", line 540, in check_call
raise CalledProcessError(retcode, cmd)
CalledProcessError: Command '/dcos/bin/easyrsa build-client-full wnkz nopass' returned non-zero exit status 1
2015-08-10 14:54:10,412 - werkzeug - INFO - 10.0.6.220 - - [10/Aug/2015 14:54:10] "POST /client HTTP/1.0" 500 -
It turns out those files are never removed:
/etc/openvpn/pki/reqs/wnkz.req
/etc/openvpn/pki/issued/wnkz.crt
/etc/openvpn/pki/private/wnkz.key
The client reference is also present in those files (XX being a number eg. 04):
/etc/openvpn/pki/certs_by_serial/XX.pem
/etc/openvpn/pki/index.txt
After removing the first four files and the line in /etc/openvpn/pki/index.txt
I was able to create the user again from the API.
Could not install on DCOS 1.7 running AWS CoreOS
I installed DCOS 1.7 (Early Access) using the CloudFormation scripts. Currently I'm getting this error when trying install OpenVPN from the Web UI.
Log output:
I0423 04:34:50.405398 6706 exec.cpp:143] Version: 0.28.1
I0423 04:34:50.411204 6722 exec.cpp:217] Executor registered on slave 7f8152c8-4a64-4428-b0df-f2cbb7570cd6-S2
/dcos/bin/run.bash: line 98: /etc/openvpn/ovpn_env.sh: No such file or directory
do not depend on ifconfig.me
ifconfig.me is a external dependency we shouldn't depend on. Beside that, this might not be in fact the external IP on which the vpn endpoint is reachable.
Provide stable remote port
Right now openvpn binds to whatever port it gets allocated. Instead it should wait for an offer with some well known port.
Cannot create client
I'm trying to setup openvpn using the dcos package in a cluster created with the aws template. When I try to create a client I get this error:
2016-01-14 17:26:04,599 - werkzeug - INFO - 10.0.7.37 - - [14/Jan/2016 17:26:04] "GET /status HTTP/1.1" 200 -
2016-01-14 17:26:24,927 - dcos_openvpn.web - ERROR - Exception on /client [POST]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/lib/python2.7/site-packages/webargs-0.15.0-py2.7.egg/webargs/core.py", line 488, in wrapper
return func(parsed_args, *args, **kwargs)
File "dcos_openvpn/web.py", line 36, in create_client
cert.generate(args.get("name"))
File "dcos_openvpn/cert.py", line 16, in generate
name), shell=True)
File "/usr/lib/python2.7/subprocess.py", line 540, in check_call
raise CalledProcessError(retcode, cmd)
CalledProcessError: Command '/dcos/bin/easyrsa build-client-full oscar nopass' returned non-zero exit status 1
2016-01-14 17:26:24,927 - dcos_openvpn.web - ERROR - Exception on /client [POST]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/lib/python2.7/site-packages/webargs-0.15.0-py2.7.egg/webargs/core.py", line 488, in wrapper
return func(parsed_args, *args, **kwargs)
File "dcos_openvpn/web.py", line 36, in create_client
cert.generate(args.get("name"))
File "dcos_openvpn/cert.py", line 16, in generate
name), shell=True)
File "/usr/lib/python2.7/subprocess.py", line 540, in check_call
raise CalledProcessError(retcode, cmd)
CalledProcessError: Command '/dcos/bin/easyrsa build-client-full oscar nopass' returned non-zero exit status 1
2016-01-14 17:26:24,938 - werkzeug - INFO - 10.0.7.37 - - [14/Jan/2016 17:26:24] "POST /client HTTP/1.1" 500 -
2016-01-14 17:26:34,619 - werkzeug - INFO - 10.0.7.37 - - [14/Jan/2016 17:26:34] "GET /status HTTP/1.1" 200 -
openvpn server does not get rescheduled if died
It appears that if the actual openvpn server can't be started, the dcos-openvpn framework isn't restarting it.
End user config file generation is flaky
Config files generated and used by both admin/server are prone to errors while trying to automate too much. Especially on external ip part.
Even when everything looks to be working fine, the generated ovpn.config file is useless.
I believe it should be managed just like marathon-lb, with some obligatory labels.
Integrating openvpn-auth-ldap
Is "iptables: No chain/target/match by that name" to expected?
(AT BEGINNING OF FILE)
I1220 19:10:58.850419 15884 fetcher.cpp:498] Fetcher Info: {"cache_directory":"\/tmp\/mesos\/fetch\/slaves\/xxxxxx","items":[{"action":"BYPASS_CACHE","uri":{"cache":false,"executable":false,"extract":true,"value":"https:\/\/storage.googleapis.com\/gcloud-registry-credentials\/registry-ioufuel-com.docker.tar.gz"}}],"sandbox_directory":"\/var\/lib\/mesos\/slave\/slaves\/xxxxxx\/frameworks\/xxxxxx\/executors\/openvpn.xxxxxx\/runs\xxxxxx"}
I1220 19:10:58.852422 15884 fetcher.cpp:409] Fetching URI 'https://storage.googleapis.com/gcloud-registry-credentials/registry-ioufuel-com.docker.tar.gz'
I1220 19:10:58.852439 15884 fetcher.cpp:250] Fetching directly into the sandbox directory
I1220 19:10:58.852457 15884 fetcher.cpp:187] Fetching URI 'https://storage.googleapis.com/gcloud-registry-credentials/registry-ioufuel-com.docker.tar.gz'
I1220 19:10:58.852468 15884 fetcher.cpp:134] Downloading resource from 'https://storage.googleapis.com/gcloud-registry-credentials/registry-ioufuel-com.docker.tar.gz' to '/var/lib/mesos/slave/slaves/f4098a96-baa5-4c2c-83ff-13d6d072ab68-S5/frameworksxxxxxx/executors/openvpn.xxxxxx/runs/xxxxxx/registry-ioufuel-com.docker.tar.gz'
I1220 19:10:58.880971 15884 fetcher.cpp:84] Extracting with command: tar -C '/var/lib/mesos/slave/slaves/xxxxxx/frameworksxxxxxx/executors/openvpn.0a3c3966-c6e8-11e6-b69d-70b3d5800003/runs/xxxxxx' -xf '/var/lib/mesos/slave/slaves/xxxxxx/frameworks/xxxxxx/executors/openvpn.xxxxxx/runs/xxxxxx/registry-ioufuel-com.docker.tar.gz'
I1220 19:10:58.887804 15884 fetcher.cpp:92] Extracted '/var/lib/mesos/slave/slaves/xxxxxx/frameworks/xxxxxx/executors/openvpn.xxxxxx/runs/xxxxxx/registry-ioufuel-com.docker.tar.gz' into '/var/lib/mesos/slave/slaves/xxxxxx/frameworks/xxxxxx/executors/openvpnxxxxxx/runs/xxxxxx'
I1220 19:10:58.887843 15884 fetcher.cpp:547] Fetched 'https://storage.googleapis.com/gcloud-registry-credentials/registry-ioufuel-com.docker.tar.gz' to '/var/lib/mesos/slave/slaves/xxxxxx/frameworks/xxxxxx/executors/openvpnxxxxxx/runs/xxxxxx/registry-ioufuel-com.docker.tar.gz'
I1220 19:11:00.249814 15913 exec.cpp:161] Version: 1.0.1
I1220 19:11:00.257668 15921 exec.cpp:236] Executor registered on agent xxxxxx
I1220 19:11:00.259802 15921 docker.cpp:815] Running docker -H unix:///var/run/docker.sock run --privileged --cpu-shares 10 --memory 134217728 -e MARATHON_APP_LABEL_DCOS_PACKAGE_SOURCE=https://universe.mesosphere.com/repo -e MARATHON_APP_VERSION=2016-12-20T19:10:58.712Z -e HOST=10.128.0.11 -e MARATHON_APP_RESOURCE_CPUS=0.01 -e MARATHON_APP_LABEL_DCOS_PACKAGE_REGISTRY_VERSION=2.0 -e MESOS_CONFIG=zk://master.mesos:2181/mesos -e PORT_1194=1194 -e MARATHON_APP_RESOURCE_GPUS=0 -e MARATHON_APP_LABEL_DCOS_PACKAGE_RELEASE=0 -e MARATHON_APP_DOCKER_IMAGE=us.gcr.io/registry-ioufuel-com/openvpn -e MARATHON_APP_LABEL_DCOS_PACKAGE_NAME=openvpn -e MARATHON_APP_LABEL_DCOS_PACKAGE_VERSION=0.0.0-0.1 -e MESOS_TASK_ID=openvpn.xxxxxx -e PORT=1194 -e MARATHON_APP_RESOURCE_MEM=128.0 -e PORTS=1194 -e MARATHON_APP_LABEL_DCOS_PACKAGE_IS_FRAMEWORK=false -e FRAMEWORK_NAME=openvpn -e MARATHON_APP_RESOURCE_DISK=0.0 -e MARATHON_APP_LABELS=DCOS_PACKAGE_RELEASE DCOS_PACKAGE_SOURCE DCOS_PACKAGE_REGISTRY_VERSION DCOS_PACKAGE_FRAMEWORK_NAME DCOS_PACKAGE_VERSION DCOS_PACKAGE_NAME DCOS_PACKAGE_IS_FRAMEWORK -e MARATHON_APP_LABEL_DCOS_PACKAGE_FRAMEWORK_NAME=openvpn -e MARATHON_APP_ID=/openvpn -e PORT0=1194 -e LIBPROCESS_IP=10.128.0.11 -e MESOS_SANDBOX=/mnt/mesos/sandbox -e MESOS_CONTAINER_NAME=mesos-xxxxxx -v /var/lib/mesos/slave/slaves/xxxxxx/frameworks/xxxxxx/executors/openvpn.xxxxxx/runs/2b29b040-eeca-49fb-9564-230f4abcdb95:/mnt/mesos/sandbox --net bridge -p 1194:1194/udp --name mesos-xxxxxx us.gcr.io/registry-ioufuel-com/openvpn server
Connecting to ifconfig.me (153.121.72.211:80)
wget: can't connect to remote host (153.121.72.211): Operation timed out
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.```
Can't resolve master.mesos from inside container
For some reason zk-shell cannot connect to master.mesos:2181, I am connecting via IP's as a temporary workaround. Connection times out, or uploads/downloads files poorly.
I am using mesosphere-dcos on aws generated by its cloudformation template. Haven't made any lifechanging alterations
rm: can't remove '/etc/openvpn/pki': No such file or directory
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.