Adding OpenVPN stacks with ldap, http basi and http digest authentication backends

templates/openvpn-httpbasic/0/README.md

@@ -0,0 +1,5 @@
+# OpenVPN
+
+OpenVPN stack made to give access to Rancher network with HTTP Basic authentication.
+
+OpenVPN version: 1.0-0

templates/openvpn-httpbasic/0/docker-compose.yml

@@ -0,0 +1,33 @@
+openvpn-httpbasic-data:
+  labels:
+    io.rancher.container.start_once: 'true'
+  entrypoint:
+  - /bin/true
+  image: busybox
+  volumes:
+  - /etc/openvpn/
+
+openvpn-httpbasic-server:
+  ports:
+  - 1194:1194/tcp
+  environment:
+    AUTH_METHOD: httpbasic
+    AUTH_HTTPBASIC_URL: ${AUTH_HTTPBASIC_URL}
+    CERT_COUNTRY: ${CERT_COUNTRY}
+    CERT_PROVINCE: ${CERT_PROVINCE}
+    CERT_CITY: ${CERT_CITY}
+    CERT_ORG: ${CERT_ORG}
+    CERT_EMAIL: ${CERT_EMAIL}
+    CERT_OU: ${CERT_OU}
+    REMOTE_IP: ${REMOTE_IP}
+    REMOTE_PORT: ${REMOTE_PORT}
+    VPNPOOL_NETWORK: ${VPNPOOL_NETWORK}
+    VPNPOOL_CIDR: ${VPNPOOL_CIDR}
+    OPENVPN_EXTRACONF: ${OPENVPN_EXTRACONF}
+  labels:
+    io.rancher.sidekicks: openvpn-httpbasic-data
+    io.rancher.container.pull_image: always
+  image: mdns/rancher-openvpn:1.0
+  privileged: true
+  volumes_from:
+  - openvpn-httpbasic-data

templates/openvpn-httpbasic/0/rancher-compose.yml

@@ -0,0 +1,123 @@
+.catalog:
+  name: OpenVPN HTTP Basic
+  version: 1.0-0
+  description: |
+    OpenVPN for Rancher with HTTP Basic authentication
+  minimum_rancher_version: v0.56.0
+  maintainer: "Alexis Ducastel <alexis@ducastel.net>"
+  uuid: openvpn-httpbasic-0
+  questions:
+      
+    - variable: "AUTH_HTTPBASIC_URL"
+      description: "HTTP server url used for authentication, ex: http[s]://hostname[:port]"
+      label: "HTTP Server URL:"
+      required: true
+      default: "http[s]://hostname[:port]"
+      type: "string"
+  
+    - variable: "REMOTE_IP"
+      description: "Ip address or hostname that will be set in client configuration, you can leave default values and replace them in client config later"
+      label: "OpenVPN server endpoint address:"
+      required: true
+      default: "IP-address-or-hostname"
+      type: "string"
+      
+    - variable: "REMOTE_PORT"
+      description: "TCP port that will be set in client configuration, you can leave default values and replace them in client config later"
+      label: "OpenVPN server endpoint port :"
+      required: true
+      default: "1194"
+      type: "string"
+      
+    - variable: "VPNPOOL_NETWORK"
+      description: "VPN subnet for OpenVPN to draw client addresses from"
+      label: "Network pool:"
+      required: true
+      default: "10.43.0.0"
+      type: "string"
+      
+    - variable: "VPNPOOL_CIDR"
+      description: "CIDR netmask for VPN subnet"
+      label: "CIDR netmask:"
+      required: true
+      default: "16"
+      type: "enum"
+      options:
+        - 16
+        - 17
+        - 18
+        - 19
+        - 20
+        - 21
+        - 22
+        - 23
+        - 24
+        - 25
+        - 26
+        - 27
+        - 28
+        - 29
+        - 30
+        
+
+    - variable: "CERT_COUNTRY"
+      description: "Country code part of VPN CA (2 digits only)"
+      label: "Certificate Country code :"
+      required: true
+      default: "US"
+      type: "string"
+      
+    - variable: "CERT_PROVINCE"
+      description: "Province part of VPN CA"
+      label: "Certificate Province:"
+      required: true
+      default: "AL"
+      type: "string"
+
+    
+    - variable: "CERT_CITY"
+      description: "City part of VPN CA "
+      label: "Certificate City:"
+      required: true
+      default: "Birmingham"
+      type: "string"
+
+    - variable: "CERT_ORG"
+      description: "Organization part of VPN CA "
+      label: "Certificate Organization:"
+      required: true
+      default: "ACME"
+      type: "string"
+      
+    - variable: "CERT_OU"
+      description: "Organizational Unit part of VPN CA "
+      label: "Certificate OU:"
+      required: true
+      default: "IT"
+      type: "string"
+      
+    - variable: "CERT_EMAIL"
+      description: "Email part of VPN CA "
+      label: "Certificate Email:"
+      required: true
+      default: "foo@example.com"
+      type: "string"
+      
+    - variable: "OPENVPN_EXTRACONF"
+      description: "Optionnal custom OpenVPN config line, for example to push your own custom route"
+      label: "OpenVPN custom config:"
+      required: false
+      default: ""
+      type: "string"
+
+openvpn-httpbasic-data:
+  scale: 1
+openvpn-httpbasic-server:
+  scale: 1
+  health_check:
+    port: 1194
+    interval: 30000
+    unhealthy_threshold: 5
+    strategy: none
+    healthy_threshold: 2
+    response_timeout: 2000

templates/openvpn-httpbasic/config.yml

@@ -0,0 +1,6 @@
+name: OpenVPN HTTP Basic
+description: |
+  OpenVPN for Rancher with HTTP Basic authentication
+version: 1.0-0
+category: Networking
+maintainer: Alexis Ducastel <alexis@ducastel.net>

templates/openvpn-httpdigest/0/README.md

@@ -0,0 +1,5 @@
+# OpenVPN
+
+OpenVPN stack made to give access to Rancher network with HTTP Digest authentication.
+
+OpenVPN version: 1.0-0

templates/openvpn-httpdigest/0/docker-compose.yml

@@ -0,0 +1,33 @@
+openvpn-httpdigest-data:
+  labels:
+    io.rancher.container.start_once: 'true'
+  entrypoint:
+  - /bin/true
+  image: busybox
+  volumes:
+  - /etc/openvpn/
+
+openvpn-httpdigest-server:
+  ports:
+  - 1194:1194/tcp
+  environment:
+    AUTH_METHOD: httpdigest
+    AUTH_HTTPDIGEST_URL: ${AUTH_HTTPDIGEST_URL}
+    CERT_COUNTRY: ${CERT_COUNTRY}
+    CERT_PROVINCE: ${CERT_PROVINCE}
+    CERT_CITY: ${CERT_CITY}
+    CERT_ORG: ${CERT_ORG}
+    CERT_EMAIL: ${CERT_EMAIL}
+    CERT_OU: ${CERT_OU}
+    REMOTE_IP: ${REMOTE_IP}
+    REMOTE_PORT: ${REMOTE_PORT}
+    VPNPOOL_NETWORK: ${VPNPOOL_NETWORK}
+    VPNPOOL_CIDR: ${VPNPOOL_CIDR}
+    OPENVPN_EXTRACONF: ${OPENVPN_EXTRACONF}
+  labels:
+    io.rancher.sidekicks: openvpn-httpdigest-data
+    io.rancher.container.pull_image: always
+  image: mdns/rancher-openvpn:1.0
+  privileged: true
+  volumes_from:
+  - openvpn-httpdigest-data

templates/openvpn-httpdigest/0/rancher-compose.yml

@@ -0,0 +1,123 @@
+.catalog:
+  name: OpenVPN HTTP Digest
+  version: 1.0-0
+  description: |
+    OpenVPN for Rancher with HTTP Digest authentication
+  minimum_rancher_version: v0.56.0
+  maintainer: "Alexis Ducastel <alexis@ducastel.net>"
+  uuid: openvpn-httpdigest-0
+  questions:
+      
+    - variable: "AUTH_HTTPDIGEST_URL"
+      description: "HTTP server url used for authentication, ex: http[s]://hostname[:port]"
+      label: "HTTP Server URL:"
+      required: true
+      default: "http[s]://hostname[:port]"
+      type: "string"
+  
+    - variable: "REMOTE_IP"
+      description: "Ip address or hostname that will be set in client configuration, you can leave default values and replace them in client config later"
+      label: "OpenVPN server endpoint address:"
+      required: true
+      default: "IP-address-or-hostname"
+      type: "string"
+      
+    - variable: "REMOTE_PORT"
+      description: "TCP port that will be set in client configuration, you can leave default values and replace them in client config later"
+      label: "OpenVPN server endpoint port :"
+      required: true
+      default: "1194"
+      type: "string"
+      
+    - variable: "VPNPOOL_NETWORK"
+      description: "VPN subnet for OpenVPN to draw client addresses from"
+      label: "Network pool:"
+      required: true
+      default: "10.43.0.0"
+      type: "string"
+      
+    - variable: "VPNPOOL_CIDR"
+      description: "CIDR netmask for VPN subnet"
+      label: "CIDR netmask:"
+      required: true
+      default: "16"
+      type: "enum"
+      options:
+        - 16
+        - 17
+        - 18
+        - 19
+        - 20
+        - 21
+        - 22
+        - 23
+        - 24
+        - 25
+        - 26
+        - 27
+        - 28
+        - 29
+        - 30
+        
+
+    - variable: "CERT_COUNTRY"
+      description: "Country code part of VPN CA (2 digits only)"
+      label: "Certificate Country code :"
+      required: true
+      default: "US"
+      type: "string"
+      
+    - variable: "CERT_PROVINCE"
+      description: "Province part of VPN CA"
+      label: "Certificate Province:"
+      required: true
+      default: "AL"
+      type: "string"
+
+    
+    - variable: "CERT_CITY"
+      description: "City part of VPN CA "
+      label: "Certificate City:"
+      required: true
+      default: "Birmingham"
+      type: "string"
+
+    - variable: "CERT_ORG"
+      description: "Organization part of VPN CA "
+      label: "Certificate Organization:"
+      required: true
+      default: "ACME"
+      type: "string"
+      
+    - variable: "CERT_OU"
+      description: "Organizational Unit part of VPN CA "
+      label: "Certificate OU:"
+      required: true
+      default: "IT"
+      type: "string"
+      
+    - variable: "CERT_EMAIL"
+      description: "Email part of VPN CA "
+      label: "Certificate Email:"
+      required: true
+      default: "foo@example.com"
+      type: "string"
+      
+    - variable: "OPENVPN_EXTRACONF"
+      description: "Optionnal custom OpenVPN config line, for example to push your own custom route"
+      label: "OpenVPN custom config:"
+      required: false
+      default: ""
+      type: "string"
+
+openvpn-httpdigest-data:
+  scale: 1
+openvpn-httpdigest-server:
+  scale: 1
+  health_check:
+    port: 1194
+    interval: 30000
+    unhealthy_threshold: 5
+    strategy: none
+    healthy_threshold: 2
+    response_timeout: 2000

templates/openvpn-httpdigest/config.yml

@@ -0,0 +1,6 @@
+name: OpenVPN HTTP Digest
+description: |
+  OpenVPN for Rancher with HTTP Digest authentication
+version: 1.0-0
+category: Networking
+maintainer: Alexis Ducastel <alexis@ducastel.net>

templates/openvpn-ldap/0/README.md

@@ -0,0 +1,5 @@
+# OpenVPN
+
+OpenVPN stack made to give access to Rancher network with LDAP authentication.
+
+OpenVPN version: 1.0-0

templates/openvpn-ldap/0/docker-compose.yml

@@ -0,0 +1,37 @@
+openvpn-ldap-data:
+  labels:
+    io.rancher.container.start_once: 'true'
+  entrypoint:
+  - /bin/true
+  image: busybox
+  volumes:
+  - /etc/openvpn/
+
+openvpn-ldap-server:
+  ports:
+  - 1194:1194/tcp
+  environment:
+    AUTH_METHOD: ldap
+    AUTH_LDAP_URL: ${AUTH_LDAP_URL}
+    AUTH_LDAP_BASEDN: ${AUTH_LDAP_BASEDN}
+    AUTH_LDAP_SEARCH: ${AUTH_LDAP_SEARCH}
+    AUTH_LDAP_BINDDN: ${AUTH_LDAP_BINDDN}
+    AUTH_LDAP_BINDPWD: ${AUTH_LDAP_BINDPWD}
+    CERT_COUNTRY: ${CERT_COUNTRY}
+    CERT_PROVINCE: ${CERT_PROVINCE}
+    CERT_CITY: ${CERT_CITY}
+    CERT_ORG: ${CERT_ORG}
+    CERT_EMAIL: ${CERT_EMAIL}
+    CERT_OU: ${CERT_OU}
+    REMOTE_IP: ${REMOTE_IP}
+    REMOTE_PORT: ${REMOTE_PORT}
+    VPNPOOL_NETWORK: ${VPNPOOL_NETWORK}
+    VPNPOOL_CIDR: ${VPNPOOL_CIDR}
+    OPENVPN_EXTRACONF: ${OPENVPN_EXTRACONF}
+  labels:
+    io.rancher.sidekicks: openvpn-ldap-data
+    io.rancher.container.pull_image: always
+  image: mdns/rancher-openvpn:1.0
+  privileged: true
+  volumes_from:
+  - openvpn-ldap-data

templates/openvpn-ldap/0/rancher-compose.yml

@@ -0,0 +1,151 @@
+.catalog:
+  name: OpenVPN LDAP
+  version: 1.0-0
+  description: |
+    OpenVPN for Rancher with LDAP authentication
+  minimum_rancher_version: v0.56.0
+  maintainer: "Alexis Ducastel <alexis@ducastel.net>"
+  uuid: openvpn-ldap-0
+  questions:
+      
+    - variable: "AUTH_LDAP_URL"
+      description: "LDAP server url, ex: ldap[s]://hostname[:port]"
+      label: "LDAP URL:"
+      required: true
+      default: "ldap[s]://hostname[:port]"
+      type: "string"
+  
+    - variable: "AUTH_LDAP_BASEDN"
+      description: "Base DN for searching user dn"
+      label: "LDAP Base DN:"
+      required: true
+      default: "dc=acme,dc=tld"
+      type: "string"
+  
+    - variable: "AUTH_LDAP_SEARCH"
+      description: "LDAP Search request, with a parameter $username, ex : (uid=$username) or more complex example : (|(uid=$username)(mail=$username))"
+      label: "LDAP Search:"
+      required: true
+      default: "(uid=$username)"
+      type: "string"
+  
+    - variable: "AUTH_LDAP_BINDDN"
+      description: "(Optionnal) Bind DN to perfrom search operation, leave blank if not required. Ex : cn=admin,dc=acme,dc=tld" 
+      label: "LDAP Bind DN:"
+      required: false
+      default: ""
+      type: "string"
+  
+    - variable: "AUTH_LDAP_BINDPWD"
+      description: "(Optionnal) Bind password to perfrom search operation, leave blank if not required" 
+      label: "LDAP Bind password:"
+      required: false
+      default: ""
+      type: "password"
+  
+    - variable: "REMOTE_IP"
+      description: "Ip address or hostname that will be set in client configuration, you can leave default values and replace them in client config later"
+      label: "OpenVPN server endpoint address:"
+      required: true
+      default: "IP-address-or-hostname"
+      type: "string"
+      
+    - variable: "REMOTE_PORT"
+      description: "TCP port that will be set in client configuration, you can leave default values and replace them in client config later"
+      label: "OpenVPN server endpoint port :"
+      required: true
+      default: "1194"
+      type: "string"
+      
+    - variable: "VPNPOOL_NETWORK"
+      description: "VPN subnet for OpenVPN to draw client addresses from"
+      label: "Network pool:"
+      required: true
+      default: "10.43.0.0"
+      type: "string"
+      
+    - variable: "VPNPOOL_CIDR"
+      description: "CIDR netmask for VPN subnet"
+      label: "CIDR netmask:"
+      required: true
+      default: "16"
+      type: "enum"
+      options:
+        - 16
+        - 17
+        - 18
+        - 19
+        - 20
+        - 21
+        - 22
+        - 23
+        - 24
+        - 25
+        - 26
+        - 27
+        - 28
+        - 29
+        - 30
+        
+
+    - variable: "CERT_COUNTRY"
+      description: "Country code part of VPN CA (2 digits only)"
+      label: "Certificate Country code :"
+      required: true
+      default: "US"
+      type: "string"
+      
+    - variable: "CERT_PROVINCE"
+      description: "Province part of VPN CA"
+      label: "Certificate Province:"
+      required: true
+      default: "AL"
+      type: "string"
+
+    
+    - variable: "CERT_CITY"
+      description: "City part of VPN CA "
+      label: "Certificate City:"
+      required: true
+      default: "Birmingham"
+      type: "string"
+
+    - variable: "CERT_ORG"
+      description: "Organization part of VPN CA "
+      label: "Certificate Organization:"
+      required: true
+      default: "ACME"
+      type: "string"
+      
+    - variable: "CERT_OU"
+      description: "Organizational Unit part of VPN CA "
+      label: "Certificate OU:"
+      required: true
+      default: "IT"
+      type: "string"
+      
+    - variable: "CERT_EMAIL"
+      description: "Email part of VPN CA "
+      label: "Certificate Email:"
+      required: true
+      default: "foo@example.com"
+      type: "string"
+      
+    - variable: "OPENVPN_EXTRACONF"
+      description: "Optionnal custom OpenVPN config line, for example to push your own custom route"
+      label: "OpenVPN custom config:"
+      required: false
+      default: ""
+      type: "string"
+
+openvpn-ldap-data:
+  scale: 1
+openvpn-ldap-server:
+  scale: 1
+  health_check:
+    port: 1194
+    interval: 30000
+    unhealthy_threshold: 5
+    strategy: none
+    healthy_threshold: 2
+    response_timeout: 2000

templates/openvpn-ldap/config.yml

@@ -0,0 +1,6 @@
+name: OpenVPN LDAP
+description: |
+  OpenVPN for Rancher with LDAP authentication
+version: 1.0-0
+category: Networking
+maintainer: Alexis Ducastel <alexis@ducastel.net>