read openvpn client list through management console

nicolas-f · Jul 28, 2023 · a9f09cc · a9f09cc
1 parent 597fc6d
commit a9f09cc
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 4 deletions.
diff --git a/services/ansible_openvpn/docker/README.md b/services/ansible_openvpn/docker/README.md
@@ -0,0 +1,19 @@
+Create a file in this folder with your own generated credentials for the docker compose:
+
+```shell
+MYSQL_PASSWORD=DATABASE_PASSWORD
+SEMAPHORE_ADMIN_PASSWORD=YOUR_ADMIN_PASSWORD
+SEMAPHORE_ACCESS_KEY_ENCRYPTION="YOUR_RANDOM_KEY"
+MANAGEMENT_OPENVPN_PASSWORD=YOUR_OPENVPN_MANAGEMENT_CONSOLE_PASSWORD
+MANAGEMENT_OPENVPN_PORT=5555
+OPENVPN_STATUS_PATH=""
+```
+
+SEMAPHORE_ACCESS_KEY_ENCRYPTION value is generated with 
+
+```shell
+head -c32 /dev/urandom | base64
+```
+
+
+OPENVPN_STATUS_PATH could be `/var/log/openvpn/openvpn-status.log` if the container have access to it
diff --git a/services/ansible_openvpn/docker/backup_ansible.sh b/services/ansible_openvpn/docker/backup_ansible.sh
@@ -1,4 +1,6 @@
 # From
 # https://docs.docker.com/storage/volumes/#back-up-restore-or-migrate-data-volumes
+# will save backup.tar in the current working directory
+# mysql container should be shutdown before doing this backup
 sudo docker run --rm --volumes-from semaphore-mysql-1 -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /var/lib/mysql
 
diff --git a/services/ansible_openvpn/docker/docker-compose.yml b/services/ansible_openvpn/docker/docker-compose.yml
@@ -26,6 +26,7 @@ services:
     restart: unless-stopped
     ports:
       - 3000:3000
+      - 5555:5555 # OpenVPN management console port, update in the .env file, look at README.md
     image: semaphoreui/semaphore:latest
     environment:
       SEMAPHORE_DB_USER: semaphore

diff --git a/services/ansible_openvpn/docker/requirements.txt b/services/ansible_openvpn/docker/requirements.txt
@@ -1 +0,0 @@
-pyserial==3.5

diff --git a/services/ansible_openvpn/openvpn_ansible.py b/services/ansible_openvpn/openvpn_ansible.py
@@ -31,12 +31,24 @@
 import os
 import argparse
 import json
+import socket
+import sys
+import time
 
 # This script convert OpenVPN status into a dynamic Ansible inventory
 # It can use local /var/log/openvpn/openvpn-status.log file
 # or OpenVPN telnet management console
 
 
+def receive(s):
+    time.sleep(0.1)
+    return s.recv(4096).decode("utf-8")
+
+
+def send(s, command):
+    s.send(bytes(command, "utf-8"))
+
+
 def parse_openvpn_status(log_text):
     # Split the log text into lines
     lines = log_text.strip().split('\n')
@@ -89,10 +101,28 @@ def main():
     )
     args = arg_parser.parse_args()
     # Replace this with the path to your openvpn-status.log file
-    log_file_path = "openvpn-status.log"
+    log_text = ""
 
-    with open(log_file_path, 'r') as file:
-        log_text = file.read()
+    if "OPENVPN_STATUS_PATH" in os.environ and \
+            os.environ["OPENVPN_STATUS_PATH"]:
+        if not os.path.exists(os.environ["OPENVPN_STATUS_PATH"]):
+            print("Could not find "+os.environ["OPENVPN_STATUS_PATH"] +
+                  " file, abort..", file=sys.stderr)
+            exit(-1)
+        with open(os.environ["OPENVPN_STATUS_PATH"], 'r') as file:
+            log_text = file.read()
+    else:
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        s.connect("localhost:"+os.environ["MANAGEMENT_OPENVPN_PORT"])
+        sout = receive(s)
+        if sout == 'ENTER PASSWORD:':
+            s.send(os.environ["MANAGEMENT_OPENVPN_PASSWORD"] + "\n")
+            sout = receive(s)
+        if not ">INFO:" not in sout:
+            print(sout, file=sys.stderr)
+            exit(-1)
+        s.send("status\n")
+        log_text = receive(s)
 
     hosts = parse_openvpn_status(log_text)