OpenVPN server groups built on top of the Rackspace Cloud API.

A web application with a REST based HTTP interface to create groups of servers in the cloud using secure OpenVPN networks. Each server group is created on a unique OpenVPN network that is accessible via SSH or OpenVPN. A simple web UI is also available to create, view, monitor, and manage server groups.

-Supports Centos, Fedora, RHEL, and Ubuntu, and Windows 2008 R2.

-Communication between servers is secured with OpenVPN

-Single public point of entry through the VPN server. The eth0 network interface is disabled on VPN clients. Only the gateway VPN Server node can be used to connect to the server group.

-Ability to create a group of servers with a single HTTP POST request or by using a set of HTTP POST requests to add individual servers.

-Ability to create and manage VPN certificates for external clients.

-Validates network access between Cloud Servers using ping and ssh connectivity tests.

-Easy (scriptable) access to the server group via SSH using public keys. The machine which acts as the OpenVPN server for the network acts as the SSH gateway.

-Automatically sets hostnames for each machine.

-Unique hostname namespace within each server group. Useful when creating dev/test groups in parallel.

Requires a Ruby, Rubygems, and Ruby on Rails 2.3.8. The app was developed against Ruby 1.8.7.

gem install rails -v2.3.8

The application was developed with MySQL. The following gems are required:

mysql (2.8.1) json (1.4.3) resque (1.10.0) SystemTimer (1.2.1)

Unpack the rails app and run the following commands to create the database.

rake db:create rake db:migrate

Start some linux workers to configure Linux machines:

mkdir tmp/pids rake resque:workers QUEUE=linux COUNT=3

Start the API server:

./script/server

At this point the web application should be running at localhost:3000. The default username:password is admin:cloud.

Windows worker machines are required when creating groups with Windows Servers. The following instructions outline how to configure a Windows worker node to work with Cloud Servers VPC.

1) Install jruby

2) Gem install rails 2.3.8, resque, activerecord-jdbc-adapter, jruby-openssl

3) Extract Cloud Servers VPC to c:vpc.

4) Download Pstools. Extract psexec.exe to c:psexec.exe. Add C:\ to your system environments %PATH%.

5) Run psexec.exe at least once to accept the license.

6) Download the mysql connector jar (version 5.0.8). Copy it into c:vpc.

7) Configure database.yml to use JDBC (example):

production: adapter: jdbc driver: com.mysql.jdbc.Driver url: jdbc:mysql://your_db_server:3306/cs_vpc_prod username: worker password: test123

8) Configure the default Resque Redis URL in configenvironmentsproduction.rb:

Resque.redis=“redis:://you_redis_server:6379”

9) Start a worker: cd c:vpc set CLASSPATH=c:vpcmysql-connector-java-5.0.8-bin.jar set RAILS_ENV=production rake resque:work QUEUE=windows

A set of Chef Cookbooks has been created to install and manage a Cloud Servers VPC installation. See the following project for details: github.com/dprince/cs_vpc_cookbooks

Roles are provided to install API servers, worker nodes, and the MySQL and Redis servers components as well.

The following REST API requests are available (both XML and JSON are supported).

GET /clients.xml GET /clients/1.xml POST /clients.xml DELETE /client/1.xml GET /server_groups.xml GET /server_groups/1.xml POST /server_groups.xml DELETE /server_groups/1.xml GET /servers.xml GET /server/1.xml POST /servers.xml DELETE /servers/1.xml GET /server_errors.xml

Example: creating a server group using Curl Create a file containing the following example data. Name the file example.json.

{ “name”: “mail”, “domain_name”: “vpc”, “description”: “Mail Server Group”, “vpn_network”: “172.19.0.0”, “vpn_subnet”: “255.255.128.0”, “owner_name”: “dan.prince”, “servers”: [ { “name”: “login”, “description”: “VPN Login Server”, “flavor_id”: 3, “image_id”: 51, “openvpn_server”: “true” }, { “name”: “gate1”, “description”: “Gate Server”, “flavor_id”: 4, “image_id”: 51 } ], “clients”: [ { “name”: “dan”, “description”: “Dan Laptop” } ], “ssh_public_keys”: [ { “description”: “Dan Laptop SSH key”, “public_key”: “ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA+yNMzUrQXa0EOfv+WJtfmLO1WdoOaD47G9qwllSUaaGPRkYzkTNdxcEPrR3XBR94ctOeWOHZ/w7ymhvwK5LLsoNBK+WgRz/mg8oHcii2GoL0fNojdwUMyFMIJxJT+iwjF/omyhyrWaaLAztAKRO7BdOkNlXMAAcMeKzQtFqdZm09ghoemu3BPYUTyDKHMp+t0P1d7mkHdd719oDfMf+5miixQeJZJCWAsGwroN7k8a46rvezDHEygBsDAF2ZpS2iGMABos/vTp1oyHkCgCqc3rM0OoKqcKB5iQ9Qaqi5ung08BXP/PHfVynXzdGMjTh4w+6jiMw7Dx2GrQIJsDolKQ== dan.prince@dovetail” } ] }

Run the following example curl request:

curl -k -u username:password -d “@example.json” localhost:3000/server_groups.json ** Where the Server Groups JSON data file is named example.json in the current working directory

Dan Prince <[email protected]>

See COPYING for license information. Copyright © 2010-2011, Rackspace US, Inc.