perfecto25/init.sls

## init.sls
sshuttle:
    pkg.installed: []

    group.present:
        - gid: 2024
    user.present:
        - fullname: sshuttle
        - uid: 2024
        - gid: 2024
        - allow_uid_change: True
        - allow_gid_change: True
        - createhome: True
        - shell: '/bin/bash'
        - home: /home/sshuttle

    ## Manage SSH Keys
    ssh_auth.present:
        - user: sshuttle
        - names:
            - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlQ2xxxxxxxxxxxxxxxx sshuttle

    file.managed:
        - names:
            - /home/sshuttle/.ssh/id_ed25519:
                - source: salt://{{ slspath }}/files/id_ed25519
                - mode: 600
            - /home/sshuttle/.ssh/id_ed25519.pub:
                - source: salt://{{ slspath }}/files/id_ed25519.pub
                - mode: 644
        - user: sshuttle
        - group: sshuttle

/etc/sshuttle:
    file.directory:
        - user: sshuttle
        - group: sshuttle
        - dirmode: 744
        - makedirs: True

sshuttle_config:
    file.serialize:
        - name: /etc/sshuttle/config.json
        - formatter: json
        - create: True
        - user: sshuttle
        - group: sshuttle
        - mode: 644
        - makedirs: True
        - dataset:
            {{ salt['pillar.get']('sshuttle') }}

sshuttle_runscript:
    file.managed:
        - name: /etc/sshuttle/sshuttle.py
        - source: salt://{{ slspath }}/files/sshuttle.py
        - user: sshuttle
        - group: sshuttle
        - mode: 744

sshuttle_sudoers:
    file.managed:
        - name: /etc/sudoers.d/sshuttle
        - source: salt://{{ slspath }}/files/sudoers
        - user: root
        - group: root
        - mode: 644

sshuttle_service_file:
    file.managed:
        - name: /etc/systemd/system/sshuttle.service
        - source: salt://{{ slspath }}/files/service
        - user: root
        - group: root
        - mode: 644

sshuttle_service:
    service.running:
        - name: sshuttle
        - enable: True
        - watch:
            - file: sshuttle_config


## sshuttle.py
#!/usr/bin/env python
## REQUIRES MINIMUM PY VERSION 2.7
from __future__ import print_function

import os
import sys
import json
import signal
import time
import socket
import subprocess
from subprocess import CalledProcessError
import logging
import logging.handlers

log = logging.getLogger(__name__)
log.setLevel(logging.DEBUG)
handler = logging.handlers.SysLogHandler(address = '/dev/log')
formatter = logging.Formatter('%(module)s.%(funcName)s: %(message)s')
handler.setFormatter(formatter)
log.addHandler(handler)

conf = "/etc/sshuttle/config.json"
ssh_user = "sshuttle"  ## username thats used for SSH connection

def precheck():
    if len(sys.argv) < 2:
        print("need to pass argument: start | stop | restart | status ")
        sys.exit()

    if sys.argv[1] in ["help", "-h", "--help", "h"]:
        print("sshuttle.py start | stop | restart | status")
        sys.exit()

    if not sys.argv[1] in ["start", "stop", "restart", "status"]:
        print("usage: sshuttle.py start | stop | restart | status")
        sys.exit()

    if not os.path.exists(conf):
        print("no sshuttle config file present, exiting.")
        sys.exit()

    # check if sshuttle is installed
    try:
        subprocess.check_output(["which", "sshuttle"]).strip()
    except CalledProcessError:
        print("sshuttle is not installed on this host")
        sys.exit()

def start():

    with open(conf) as jsondata:
        data = json.load(jsondata)

    keys = sorted(data.keys())

    for rhost in data.keys():
        if ":" in rhost:
            relay = rhost.split(":")[1]
        else:
            relay = rhost
        netrange = ""

        # if single network, turn into List
        if not type(data[rhost]) is list:
            networks = data[rhost].split()
        else:
            networks = data[rhost]

        for network in networks:

            # check if CIDR format
            if "/" in network:
                netrange = netrange + " " + network
            else:
                netrange = netrange + " " + socket.gethostbyname(network)
        netrange = netrange.strip()

        # build rpath
        rpath = "-r {0}@{1} {2} -l listen '0.0.0.0' --ssh-cmd 'ssh -o ServerAliveInterval=60' --no-latency-control".format(ssh_user, rhost, netrange)
        try:
            print("starting sshuttle..")
            log.info("starting sshuttle for networks: %s via %s" % (netrange, rhost))
            subprocess.Popen("sshuttle {}".format(rpath), shell=True)
        except CalledProcessError as err:
            log.error("error running sshuttle: %s" % str(err))

        # sleep to give connection time to establish SSH handshake, in case other connections use this conn as a hop
        time.sleep(3)

def get_pid():
    search = "ps -ef | grep '/usr/bin/python /usr/share/sshuttle/main.py /usr/bin/python -r' | grep -v grep | awk {'print $2'}"
    pids = []
    for line in os.popen(search):
        fields = line.split()
        pids.append(fields[0])
    return pids

def stop():
    pids = get_pid()
    for pid in pids:
        print("stopping sshuttle PID %s " % pid)
        log.info("stopping sshuttle")
        os.kill(int(pid), signal.SIGTERM)

def status():
    pids = get_pid()
    if pids:
        print("sshuttle is running..")
    else:
        print("sshuttle is not running..")

if __name__ == "__main__":

    precheck()

    cmd = sys.argv[1].lower()

    if cmd == "start":
        start()

    if cmd == "stop":
        stop()

    if cmd == "restart":
        print("restarting sshuttle..")
        stop()
        start()

    if cmd == "status":
        status()

## sshuttle.service
[Unit]
Description=sshuttle service
After=network.target

[Service]
User=sshuttle
Restart=always
Type=forking
WorkingDirectory=/etc/sshuttle
ExecStart=/etc/sshuttle/sshuttle.py start
ExecStop=/etc/sshuttle/sshuttle.py stop

[Install]
WantedBy=multi-user.target

## sshuttle_initd_service
#!/bin/sh
### SSHUTTLE INIT.D SERVICE SCRIPT
### REQUIRED MINIMUM Python version of 2.7

SCRIPT=/etc/sshuttle/sshuttle.py
RUNAS=sshuttle
LOGFILE=/var/log/messages

start() {
  su -c "$SCRIPT start" $RUNAS >&2
}

stop() {
  su -c "$SCRIPT stop" $RUNAS >&2
}

restart() {
    stop
    start
}

status() {
  su -c "$SCRIPT status" >&2
}
case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    stop
    start
    ;;
  status)
    status
    ;;
  *)
    echo "Usage: $0 {start|stop|restart|status}"
esac

## sshuttle_sudoers

sshuttle ALL=(root) NOPASSWD: /usr/bin/python /usr/share/sshuttle/main.py /usr/bin/python --firewall 12*** 0
	sshuttle:
	pkg.installed: []

	group.present:
	- gid: 2024
	user.present:
	- fullname: sshuttle
	- uid: 2024
	- gid: 2024
	- allow_uid_change: True
	- allow_gid_change: True
	- createhome: True
	- shell: '/bin/bash'
	- home: /home/sshuttle

	## Manage SSH Keys
	ssh_auth.present:
	- user: sshuttle
	- names:
	- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlQ2xxxxxxxxxxxxxxxx sshuttle

	file.managed:
	- names:
	- /home/sshuttle/.ssh/id_ed25519:
	- source: salt://{{ slspath }}/files/id_ed25519
	- mode: 600
	- /home/sshuttle/.ssh/id_ed25519.pub:
	- source: salt://{{ slspath }}/files/id_ed25519.pub
	- mode: 644
	- user: sshuttle
	- group: sshuttle

	/etc/sshuttle:
	file.directory:
	- user: sshuttle
	- group: sshuttle
	- dirmode: 744
	- makedirs: True

	sshuttle_config:
	file.serialize:
	- name: /etc/sshuttle/config.json
	- formatter: json
	- create: True
	- user: sshuttle
	- group: sshuttle
	- mode: 644
	- makedirs: True
	- dataset:
	{{ salt['pillar.get']('sshuttle') }}

	sshuttle_runscript:
	file.managed:
	- name: /etc/sshuttle/sshuttle.py
	- source: salt://{{ slspath }}/files/sshuttle.py
	- user: sshuttle
	- group: sshuttle
	- mode: 744

	sshuttle_sudoers:
	file.managed:
	- name: /etc/sudoers.d/sshuttle
	- source: salt://{{ slspath }}/files/sudoers
	- user: root
	- group: root
	- mode: 644

	sshuttle_service_file:
	file.managed:
	- name: /etc/systemd/system/sshuttle.service
	- source: salt://{{ slspath }}/files/service
	- user: root
	- group: root
	- mode: 644

	sshuttle_service:
	service.running:
	- name: sshuttle
	- enable: True
	- watch:
	- file: sshuttle_config
	#!/usr/bin/env python
	## REQUIRES MINIMUM PY VERSION 2.7
	from __future__ import print_function

	import os
	import sys
	import json
	import signal
	import time
	import socket
	import subprocess
	from subprocess import CalledProcessError
	import logging
	import logging.handlers

	log = logging.getLogger(__name__)
	log.setLevel(logging.DEBUG)
	handler = logging.handlers.SysLogHandler(address = '/dev/log')
	formatter = logging.Formatter('%(module)s.%(funcName)s: %(message)s')
	handler.setFormatter(formatter)
	log.addHandler(handler)

	conf = "/etc/sshuttle/config.json"
	ssh_user = "sshuttle" ## username thats used for SSH connection

	def precheck():
	if len(sys.argv) < 2:
	print("need to pass argument: start \| stop \| restart \| status ")
	sys.exit()

	if sys.argv[1] in ["help", "-h", "--help", "h"]:
	print("sshuttle.py start \| stop \| restart \| status")
	sys.exit()

	if not sys.argv[1] in ["start", "stop", "restart", "status"]:
	print("usage: sshuttle.py start \| stop \| restart \| status")
	sys.exit()

	if not os.path.exists(conf):
	print("no sshuttle config file present, exiting.")
	sys.exit()

	# check if sshuttle is installed
	try:
	subprocess.check_output(["which", "sshuttle"]).strip()
	except CalledProcessError:
	print("sshuttle is not installed on this host")
	sys.exit()

	def start():

	with open(conf) as jsondata:
	data = json.load(jsondata)

	keys = sorted(data.keys())

	for rhost in data.keys():
	if ":" in rhost:
	relay = rhost.split(":")[1]
	else:
	relay = rhost
	netrange = ""

	# if single network, turn into List
	if not type(data[rhost]) is list:
	networks = data[rhost].split()
	else:
	networks = data[rhost]

	for network in networks:

	# check if CIDR format
	if "/" in network:
	netrange = netrange + " " + network
	else:
	netrange = netrange + " " + socket.gethostbyname(network)
	netrange = netrange.strip()

	# build rpath
	rpath = "-r {0}@{1} {2} -l listen '0.0.0.0' --ssh-cmd 'ssh -o ServerAliveInterval=60' --no-latency-control".format(ssh_user, rhost, netrange)
	try:
	print("starting sshuttle..")
	log.info("starting sshuttle for networks: %s via %s" % (netrange, rhost))
	subprocess.Popen("sshuttle {}".format(rpath), shell=True)
	except CalledProcessError as err:
	log.error("error running sshuttle: %s" % str(err))

	# sleep to give connection time to establish SSH handshake, in case other connections use this conn as a hop
	time.sleep(3)

	def get_pid():
	search = "ps -ef \| grep '/usr/bin/python /usr/share/sshuttle/main.py /usr/bin/python -r' \| grep -v grep \| awk {'print $2'}"
	pids = []
	for line in os.popen(search):
	fields = line.split()
	pids.append(fields[0])
	return pids

	def stop():
	pids = get_pid()
	for pid in pids:
	print("stopping sshuttle PID %s " % pid)
	log.info("stopping sshuttle")
	os.kill(int(pid), signal.SIGTERM)

	def status():
	pids = get_pid()
	if pids:
	print("sshuttle is running..")
	else:
	print("sshuttle is not running..")

	if __name__ == "__main__":

	precheck()

	cmd = sys.argv[1].lower()

	if cmd == "start":
	start()

	if cmd == "stop":
	stop()

	if cmd == "restart":
	print("restarting sshuttle..")
	stop()
	start()

	if cmd == "status":
	status()
	[Unit]
	Description=sshuttle service
	After=network.target

	[Service]
	User=sshuttle
	Restart=always
	Type=forking
	WorkingDirectory=/etc/sshuttle
	ExecStart=/etc/sshuttle/sshuttle.py start
	ExecStop=/etc/sshuttle/sshuttle.py stop

	[Install]
	WantedBy=multi-user.target
	#!/bin/sh
	### SSHUTTLE INIT.D SERVICE SCRIPT
	### REQUIRED MINIMUM Python version of 2.7

	SCRIPT=/etc/sshuttle/sshuttle.py
	RUNAS=sshuttle
	LOGFILE=/var/log/messages

	start() {
	su -c "$SCRIPT start" $RUNAS >&2
	}

	stop() {
	su -c "$SCRIPT stop" $RUNAS >&2
	}

	restart() {
	stop
	start
	}

	status() {
	su -c "$SCRIPT status" >&2
	}
	case "$1" in
	start)
	start
	;;
	stop)
	stop
	;;
	restart)
	stop
	start
	;;
	status)
	status
	;;
	*)
	echo "Usage: $0 {start\|stop\|restart\|status}"
	esac

	sshuttle ALL=(root) NOPASSWD: /usr/bin/python /usr/share/sshuttle/main.py /usr/bin/python --firewall 12*** 0