Merge pull request #25 from HoopadCorp/develop

Upgrade to version 3.1.0

Makefile

@@ -5,6 +5,7 @@ DEBUG=				$$(if [ "${OS}" = "FreeBSD" ]; then echo set -xeouv pipefail; else ech
 WANPAD_VERSION=		$$(git rev-parse HEAD)
 WANPAD_CMD=			/usr/local/bin/wanpadctl
 WANPAD_USERNAME=	hoopad
+WANPAD_GROUP=		hoopad
 
 .PHONY: all
 all:
@@ -15,9 +16,9 @@ deps:
 	@echo "Install applications"
 	@if [ -e /etc/debian_version ]; then\
 		DEBIAN_FRONTEND=noninteractive apt install -y net-tools git openvpn python3-pip wireguard snmpd libqmi-utils udhcpc build-essential\
-		 python3-dev strongswan strongswan-starter frr bird2 keepalived fprobe sudo golang-1.20-go git-lfs;\
+		 python3-dev strongswan strongswan-starter strongswan-swanctl ocserv frr bird2 keepalived fprobe sudo golang-1.20-go git-lfs jq prometheus-smokeping-prober;\
 	elif [ "${OS}" = "FreeBSD" ]; then\
-		pkg install -y git openvpn python3 py39-pip strongswan frr9 frr9-pythontools bird2 fprobe sudo node_exporter go;\
+		pkg install -y git-lite openvpn python3 py39-pip strongswan frr9 frr9-pythontools bird2 fprobe sudo node_exporter go jq gcc49;\
 	fi
 	@echo
 	@echo "Install python applications"
@@ -32,6 +33,20 @@ deps:
 		rm -rf /tmp/node_exporter*;\
 	fi
 	@echo
+	@echo "Install UDPSpeeder (FEC)"
+	@echo
+	@if [ ! -s /usr/local/bin/speederv2 ]; then\
+		git clone https://github.com/wangyu-/UDPspeeder.git /tmp/UDPspeeder;\
+		if [ -e /etc/debian_version ]; then\
+			make -C /tmp/UDPspeeder;\
+		elif [ "${OS}" = "FreeBSD" ]; then\
+			ln -s /usr/local/bin/g++49 /usr/local/bin/g++;\
+			make -C /tmp/UDPspeeder freebsd;\
+		fi;\
+		cp /tmp/UDPspeeder/speederv2 /usr/local/bin/;\
+		rm -rf /tmp/UDPspeeder;\
+	fi
+	@echo
 	@echo "Install birdwatcher"
 	@echo
 	@if [ ! -s /usr/local/bin/birdwatcher ]; then\
@@ -85,13 +100,38 @@ install: ca deps generate
 	@echo "Installing wanpad"
 	@echo
 	@cp -Rv usr /
+	@echo
+	@echo "Set ownership of wanpad configuration directory to ${WANPAD_USERNAME} and ${WANPAD_GROUP}"
+	@echo
+	@chown ${WANPAD_USERNAME}:${WANPAD_GROUP} -R /usr/local/etc/wanpad
 	@chmod +x ${WANPAD_CMD}
 	@echo
 	@echo "Install filebeat"
 	@echo
 	@tar xzvf usr/local/share/wanpad/tar-files/filebeat.tar.gz -C /usr/local/share/wanpad/client-services/
 	@ln -sf /usr/local/share/wanpad/client-services/filebeat/filebeat /usr/local/bin/
 	@echo
+	@if [ "${OS}" = "GNU/Linux" ]; then\
+		echo "Configure apparmor (Linux)";\
+		cp /usr/local/share/wanpad/apparmor.d/usr.sbin.swanctl /etc/apparmor.d/local/usr.sbin.swanctl;\
+		aa-status --enabled && apparmor_parser -r /etc/apparmor.d/usr.sbin.swanctl;\
+	fi
+	@echo "Installing wanpad configuration"
+	@if [ ! -s /usr/local/etc/wanpad/wanpad.conf ]; then\
+		cp /usr/local/etc/wanpad/wanpad.conf.sample /usr/local/etc/wanpad/wanpad.conf;\
+	else\
+		echo "wanpad configuration file is already exists at /usr/local/etc/wanpad/wanpad.conf.";\
+		echo "If you want the new configuration use the following command below:";\
+		echo "\tcp /usr/local/etc/wanpad/wanpad.conf.sample /usr/local/etc/wanpad/wanpad.conf";\
+	fi
+
+.PHONY: installonly
+installonly:
+	@echo "Installing wanpad version"
+	@echo
+	@cp -Rv usr /
+	@chmod +x ${WANPAD_CMD}
+	@echo
 	@echo "Installing wanpad configuration"
 	@if [ ! -s /usr/local/etc/wanpad/wanpad.conf ]; then\
 		cp /usr/local/etc/wanpad/wanpad.conf.sample /usr/local/etc/wanpad/wanpad.conf;\
@@ -197,4 +237,4 @@ purge: uninstall
 		 python3-dev strongswan strongswan-starter frr bird2 keepalived fprobe golang-1.20-go;\
 	elif [ "${OS}" = "FreeBSD"]; then\
 		pkg delete -y git openvpn python3 py39-pip strongswan frr9 frr9-pythontools bird2 fprobe sudo node_exporter go;\
-	fi
+	fi

README.md

@@ -43,15 +43,15 @@ Login as `root`.
 
 > NOTE: Please just hit `Enter` when you are prompted for a configuration in a pink screen! (linux only)
 
-> NOTE 2: The SSH service will be running on port 24489 after running this script!
-
 ```sh
 git clone https://github.com/HoopadCorp/wanpad-edge.git
 git lfs pull
 make install
 wanpadctl install
 ```
 
+> NOTE 2: The SSH service will be running on port 24489 after installation
+
 Wait for the installation to be completed. If there are any errors, feel free to reach out to _issues_ and inform us or call the tech assistans!
 
 ### Uninstall
@@ -76,25 +76,23 @@ wanpadctl init
 
 You'll be prompted to enter your controller URL and access token:
 
-```
+```txt
 Please Provide the following information:
-WANPAD controller URI: <URI HERE>
+WANPAD controller address: <DOMAIN HERE>
 Your access token: <TOKEN HERE>
 ```
 
-- **URI format**: `controller.wanpad.ir`
+- **DOMAIN format**: `controller.wanpad.ir`
 
 After the prompt return, you should be able to access your device through the controller panel.
 
 - **NOTE:** You can also run the script in **non-interactive** mode, doing:
 
 ```sh
-wanpadctl <URL HERE> <TOKEN HERE>
+wanpadctl init <DOMAIN HERE> <TOKEN HERE>
 ```
 
-## 
-
-# Contributions
+## Contributions
 
 Any PR(s) are welcomed.
 Check the wiki section of Github for more information.

usr/local/bin/wanpadctl

@@ -15,39 +15,15 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
-PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
-
-. /usr/local/share/wanpad/common.sh
-. /usr/local/etc/wanpad/wanpad.conf
-
 ## version
 WANPAD_VERSION="3.0.0"
 
-usage()
-{
-    cat << EOF
-wanpadctl(8) is an open-source utility for automating deployment and management of
-WANPAD edges for SD-WAN controller.
-
-Usage:
-  wanpadctl command [args]
-
-Available Commands:
-  install   prepare and set up operating system to function as edge device.
-  init      join to WANPAD controller.
-  oob       connect to WANPAD controller using oob network.
-  lte       configure lte module. (if any exists.)
-
-Use "wanpad -v|--version" for version information.
-Use "wanpad command -h|--help" for more information about a command.
-
-EOF
-    exit 1
-}
+. /usr/local/share/wanpad/common.sh
+. /usr/local/etc/wanpad/wanpad.conf
 
 [ $# -lt 1 ] && usage
 
-CMD=$1
+export CMD=$1
 shift
 
 # Handle special-case commands first.
@@ -69,5 +45,5 @@ if [ -f "${SCRIPTPATH}" ]; then
     : "${SH:=sh}"
     exec "${SH}" "${SCRIPTPATH}" "$@"
 else
-    error_exit "${SCRIPTPATH} not found."
+    print_error "${SCRIPTPATH} not found."
 fi

usr/local/etc/wanpad/startup/startup-0.sh

@@ -0,0 +1 @@
+#!/bin/sh

usr/local/etc/wanpad/startup/startup-4.sh

@@ -0,0 +1 @@
+#!/bin/sh

usr/local/etc/wanpad/startup/startup-5.sh

@@ -0,0 +1 @@
+#!/bin/sh

usr/local/etc/wanpad/startup/startup-6.sh

@@ -0,0 +1 @@
+#!/bin/sh

usr/local/etc/wanpad/startup/startup-7.sh

@@ -0,0 +1 @@
+#!/bin/sh

usr/local/etc/wanpad/startup/startup-8.sh

@@ -0,0 +1 @@
+#!/bin/sh

usr/local/etc/wanpad/startup/startup-9.sh

@@ -0,0 +1 @@
+#!/bin/sh

usr/local/etc/wanpad/startup/startup.sh

@@ -5,6 +5,15 @@
 
 DIR="/usr/local/etc/wanpad/startup"
 
+. ${DIR}/startup-0.sh
 . ${DIR}/startup-1.sh
 . ${DIR}/startup-2.sh
 . ${DIR}/startup-3.sh
+. ${DIR}/startup-4.sh
+. ${DIR}/startup-5.sh
+. ${DIR}/startup-6.sh
+. ${DIR}/startup-7.sh
+. ${DIR}/startup-8.sh
+. ${DIR}/startup-9.sh
+
+. ${DIR}/swanctl.sh

usr/local/etc/wanpad/startup/swanctl.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# This shell script ensures that strongswan has the exact configuration we want at any time.
+
+SWANCTL_DIR="/usr/local/etc/wanpad/swanctl/conf.d"
+
+if ! $(grep -q "include ${SWANCTL_DIR}/\*.conf" /etc/swanctl/swanctl.conf)
+then
+    echo "include ${SWANCTL_DIR}/*.conf" >> /etc/swanctl/swanctl.conf
+fi

usr/local/etc/wanpad/wanpad.conf.sample

@@ -12,9 +12,18 @@ DEFAULT_SSH_PORT=24489
 CLIENT_SERVICES_DIR="/usr/local/share/wanpad/client-services"
 
 # ZTP
-URI=https://deploy.wanpad.ir:8001/wanpad/api/v1/devices/plug_play/
+CONTROLLER_DOMAIN=deploy.wanpad.ir
 CONTROLLER_API_PORT=8001
+
+# Controller Token
 TOKEN=
 
+# SSL for controller connectivity
+SSL=true
+
 # OpenVPN Client
-OOB_CONFIG_FILE=/usr/local/etc/wanpad/client.ovpn
+# The ".ovpn" file must be located under /usr/local/etc/wanpad/ directory.
+OOB_CONFIG_FILE=client.ovpn
+
+# Advanced
+CONTROLLER_API_PATH=/wanpad/api/v1/devices/plug_play/

usr/local/share/wanpad/apparmor.d/usr.sbin.swanctl

@@ -0,0 +1 @@
+/usr/local/etc/wanpad/swanctl/**               r,

usr/local/share/wanpad/common.sh

@@ -15,8 +15,13 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
+set -a
 . /usr/local/etc/wanpad/wanpad.conf
+set +a
+
+# Base library should be first to call
 . /usr/local/share/wanpad/lib/base-lib.sh
+
 . /usr/local/share/wanpad/lib/install-lib.sh
 . /usr/local/share/wanpad/lib/ztp-lib.sh
-. /usr/local/share/wanpad/lib/adm-lib.sh
+. /usr/local/share/wanpad/lib/sot-lib.sh

usr/local/share/wanpad/init.sh

@@ -28,7 +28,7 @@ case "$NA" in
 		ztp_dialogue
 		;;
 	2)
-		URI=$1
+		CONTROLLER_DOMAIN=$1
 		TOKEN=$2
 		;;
 	*)
@@ -37,6 +37,6 @@ case "$NA" in
 		;;
 esac
 
-validate_token
 save_ztp_config
+validate_token $2
 run_ztp_py

usr/local/share/wanpad/install.sh

@@ -18,19 +18,16 @@
 . /usr/local/etc/wanpad/wanpad.conf
 . /usr/local/share/wanpad/common.sh
 
-set +x
 force_run_as_root
-set -x
 
 configure_birdwatcher
-if [ "$OSKERNEL" = "Linux" ]; then
-    enable_wanpad_systemd_services
-fi
+[ "$OSKERNEL" = "Linux" ] && enable_wanpad_systemd_services
 start_wanpad_services
 enable_ipv4_forward
-set_fib_multipath_hash_policy_1
+set_fib_multipath_hash_policy
 set_fib_ip_no_pmtu_disc_1
 configure_fprobe
-set_ssh_default_port
+configure_prometheus_smokeping_prober
+configure_ssh
 configure_snmpd
 save_current_nameserver_conf_and_disable_resolved