Skip to content

Instantly share code, notes, and snippets.

Forked from fclairamb/hosts
Last active August 28, 2015 01:54
What would you like to do?
TINC setup ansible playbook It generates a private/public key pair on each host, get each public key and push them back to each server
# sample config file
[do] tinc_ip= hostname=ca_1_1 tinc_connectto=ca_2_2 tinc_ip= hostname=ca_1_2 tinc_connectto=ca_1_1 tinc_ip= hostname=ca_1_3 tinc_connectto=ca_1_2 tinc_ip= hostname=ca_2_1 tinc_connectto=ca_1_3 tinc_ip= hostname=ca_2_2 tinc_connectto=ca_2_1
import os
import argparse
import sys
import logging
# Arguments handling
# Sample call:
# sudo rm /etc/tinc/ttt -Rf && sudo python -t -n ttt --hostname s1 -p -c s1,s2
parser = argparse.ArgumentParser()
parser.add_argument("-n", "--network", help="tinc network name")
parser.add_argument("-p", "--public-ip", help="Public IP")
parser.add_argument("-t", "--tinc-ip", help="Tinc IP")
parser.add_argument("-a", "--hostname", help="Hostname in the tinc network")
parser.add_argument("-c", "--connect-to", help="Hosts to connect to")
args = parser.parse_args()
# Logging
log = logging.getLogger("default")
stStdout = logging.StreamHandler()
stStdout.setFormatter(logging.Formatter("%(asctime)s | %(levelname)8s | %(message)s"))
# Preparing parameters
hostname= args.hostname
net =
log.debug("net = "+net)
netdir = "/etc/tinc/"+net
log.debug("netdir = "+netdir)
conffile = netdir+"/tinc.conf"
tincupfile = netdir+"/tinc-up"
log.debug("conffile = "+conffile)
pubfile = netdir+"/"
privfile = netdir+"/rsa_key.priv"
hostsdir = netdir+"/hosts"
sharedfile = hostsdir + "/"+hostname
tincip = args.tinc_ip
pubip = args.public_ip
connectTo = args.connect_to
# Let's go "Starting tinc setup" )
# tinc dir
if not os.path.exists( netdir ):"Creating dir \""+netdir+"\"");
os.mkdir( netdir )
with open("/etc/tinc/nets.boot", "a") as f:
f.write( net+"\n" )
# tinc keys
if not os.path.exists( pubfile ) or not os.path.exists( privfile ):"Creating public (\""+pubfile+"\") and private (\""+privfile+"\") keys")
os.system("tincd -K2048 -c "+netdir+" </dev/null 2>/dev/null")
# tinc conf file
if not os.path.exists( conffile ):"Creating tinc conf file \""+conffile+"\"")
with open( conffile, "w") as f:
f.write("Name = "+hostname+"\n")
if connectTo:
for ct in connectTo.split(','):
if hostname != ct:
f.write("ConnectTo = "+ct+"\n")
#Interface = tun0
Device = /dev/net/tun
AddressFamily = any
# tinc-up file
if not os.path.exists( tincupfile ):"Creating tinc-up file \""+tincupfile+"\"")
with open( tincupfile, "w") as f:
ifconfig $INTERFACE {tincip} netmask
os.system('chmod a+rx '+tincupfile)
# tinc hosts dir
if not os.path.exists( hostsdir ):"Creating hosts dir \""+hostsdir+"\"")
os.mkdir( hostsdir )
# tinc own file
if not os.path.exists( sharedfile ):"Creating tinc host description file \""+sharedfile+"\"")
with open(sharedfile, "w") as f:
f.write( "Address = "+pubip+"\n")
f.write( "Subnet = "+tincip+"/32\n" )
# We copy the content of the public key into the tinc file
with open( pubfile ) as p:
for l in p.readlines():
f.write( l )
# We must have a local "hosts" dir
- name: tinc install & setup
hosts: do
user: root
tincnet: cloudnet
- name: Install tinc package
action: command apt-get install tinc python-argparse -y
- name: Copy tinc setup script
action: copy dest=/tmp/ mode=755
- name: Run tinc setup script
action: command /tmp/ --public-ip {{ ansible_eth0["ipv4"]["address"] }} --network {{ tincnet }} --tinc-ip {{ tinc_ip }} --hostname {{ hostname }} --connect-to {{ tinc_connectto }}
- name: Prepare a local hosts directory
local_action: shell [ -e hosts ] || mkdir hosts ; rm hosts/* -Rf
- name: Fetch back the tinc file
action: fetch src=/etc/tinc/{{ tincnet }}/hosts/{{ hostname }} dest=hosts dest_prefix=simple
- name: Create an archive with these hosts files
local_action: shell [ ! -e hosts.tar.gz ] || rm hosts.tar.gz ; tar -zcf hosts.tar.gz hosts
- name: Copy the hosts dir
action: copy src=hosts.tar.gz dest=/etc/tinc/{{ tincnet }}/hosts.tar.gz
- name: Extract the hosts dir
action: shell cd /etc/tinc/{{ tincnet }} && [ ! -e hosts ] || rm -Rf hosts ; tar -zxvf hosts.tar.gz
- name: Restart tinc
action: command /etc/init.d/tinc restart
#action: service name=tinc state=restarted
- name: Adding firewall rule
action: command ufw allow 655
Copy link

hvisage commented Aug 28, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment