Update document

Author: zero88

Pipfile

@@ -14,4 +14,4 @@ netifaces = "*"
 google-cloud-dns = "*"
 
 [requires]
-python_version = "3.8"
+python_version = "3"

Pipfile.lock

@@ -30,12 +30,27 @@
 - [x] `openresolv`
 - [x] `connman`
 
+### How to use
+
+Please read [VPNC README](./cli/python/src/client/README.md)
+
 ## VPNC Deployer
 
 ![Docker Image Version (latest semver)](https://img.shields.io/docker/v/playio/vpnc-deployer?sort=semver)
 ![Docker Image Size (latest semver)](https://img.shields.io/docker/image-size/playio/vpnc-deployer?sort=semver)
 
+The `CLI` tool based on `ansible` and `docker` to mass deploy VPN client on one or many devices/computers.
+
 ## VPN DDNS
 
 ![Docker Image Version (latest semver)](https://img.shields.io/docker/v/playio/vpnddns?sort=semver)
 ![Docker Image Size (latest semver)](https://img.shields.io/docker/image-size/playio/vpnddns?sort=semver)
+
+The `CLI` application syncs every 2 minutes VPN client IP addresses to private Google Cloud DNS:
+
+- DNS zone name for each customer: `device.<customer-code>`
+- Device DNS name: `<device-hostname>.device.<customer-code>`
+
+## How to contribute
+
+Please read [SETUP.md](SETUP.md) to setup your environment.

README.md

@@ -1,12 +1,45 @@
-# Development
+# Setup Development Environment
 
-- [scripts](./scripts) folder contains some linux script to build/run `vpnserver`/`vpnc`/`vpnddns` and shared artifact to `vagrant`
+- [scripts](./scripts) folder contains some linux script to build/run `vpnserver`/`vpnc`/`vpnddns` and shared artifact
+  to `vagrant`
 - [docker](./docker) folder contains a list of `vpnserver`/`vpnc`/`vpnddns` `dockerfile` and `docker-compose`
 
-## SoftEther VPN server
+## Vagrant
+
+It is used for test VPN client CLI in the specific environment/`OS`.
+
+Use [./scripts/vagrant.sh](./scripts/vagrant.sh) to `up`/`halt`/`destroy`/`status`/`port`/`ssh` one or
+multiple `vagrant` boxes. The `vagrant` box parameter is one of folder name in [./vagrant](vagrant)
+
+For example:
+
+```bash
+# Up multiple boxes
+./scripts/vagrant.sh up ubuntu20 fedora32 debian10
+# ssh to one box
+./scripts/vagrant.sh ssh ubuntu20
+```
+
+## Docker multi arches
+
+- Use `docker` [buildx](https://github.com/docker/buildx/#installing)
+- Use `docker` [registry](https://github.com/zero88/gh-registry) to distribute image in local registry
+
+```bash
+# Create buildx instance
+docker buildx create --append --name multiarch --buildkitd-flags --use '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host'
+docker buildx ls
+
+# Create docker registry as service
+docker run -v docker-registry-data:/var/lib/registry -p 5000:5000 --privileged --network host -d --restart always
+```
+
+## VPN server
 
 ### Docker
 
+[Dockerfile](./docker/dockerfile)
+
 #### Build
 
 2 edition repositories:
@@ -55,52 +88,76 @@ curl -k -X POST -H 'Content-Type: application/json' \
         https://localhost:8443/api/
 ```
 
-## VPN client CLI
+## VPN CLI
 
-### Vagrant
+### Setup python environment
 
 ```bash
+## Install pipenv
+# By pip/or pip3
+pip3 install pipenv
+# Debian Buster+:
+sudo apt install pipenv
+# Fedora/Redhat/centos
+sudo dnf install pipenv
+
+# In root project dir
+pipenv install
+# Join pipenv in virtualenv
+pipenv shell
+```
+
+### VPN client
+
+#### Build and test
+
+[vpnclient.Dockerfile](cli/python/docker/vpnc.Dockerfile)
+
+```bash
+#==========================================================
+#### USE VAGRANT ------------------------------------------
 # Build VPN Client CLI then copy to vagrant/shared
 ./scripts/build.vpnc_2_vagrant.sh
 # go to any box in vagrant folder then up. Binary file will be synced to /vagrant/playio-vpnc
 # with ubuntu20
-cd vagrant/ubuntu20 && vagrant up && vagrant ssh
+./scripts/vagrant.sh up ubuntu20 && ./scripts/vagrant.sh ssh ubuntu20
 # now, it is inside vagrant guest machine, and binary already symlink to /usr/local/bin/playio-vpnc  
 playio-vpnc version
-```
-
-### Docker
-
-#### Setup multiple arch
-
-- Use `docker` [buildx](https://github.com/docker/buildx/#installing)
-- Use `docker` [registry](https://github.com/zero88/gh-registry) to distribute image in local registry
 
-```bash
-# Create buildx instance
-docker buildx create --append --name multiarch --buildkitd-flags --use '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host'
-docker buildx ls
+#==========================================================
+#### USE DOCKER -------------------------------------------
+# build amd64 arch
+./scripts/docker.vpntool.sh c
 
-# Create docker registry as service
-docker run -v docker-registry-data:/var/lib/registry -p 5000:5000 --privileged --network host -d --restart always
+# build multiple arch (amd64/armv7)
+./scripts/docker.vpntool.sh c true
 ```
 
-#### Build
 
-[vpnclient.Dockerfile](cli/python/docker/vpnc.Dockerfile)
+### VPNC Deployer
 
-```bash
-# build amd64 arch
-./scripts/docker.vpntool.sh c
+[vpnc-deployer.Dockerfile](cli/ansible/docker/vpnc-deployer.Dockerfile)
 
-# build multiple arch (amd64/armv7)
-./scripts/docker.vpntool.sh c true
+```bash
+./scripts/docker.vpntool.sh ddns
 ```
 
-## VPN DDNS
+Please read [VPNC Deployer](./cli/ansible/README.md) to see how it works based on `ansible` and `docker`
+
+### VPN DDNS
 
 [vpnddns.Dockerfile](cli/python/docker/vpnddns.Dockerfile)
 
 ```bash
 ./scripts/docker.vpntool.sh ddns
 ```
+
+Please read [VPN DDNS k8s](./cli/k8s/ddns/README.md) to see sample `k8s` deployment
+
+### Implementation
+
+Please consume [vpnc-dev](./cli/python/DEV.md)
+
+## VPN manager
+
+TBD

DEV.md renamed to SETUP.md

@@ -1,31 +1,12 @@
 # Development
 
-## Install pipenv
-
-```bash
-# By pip/or pip3
-pip3 install pipenv
-
-# Debian Buster+:
-sudo apt install pipenv
-
-# Fedora/Redhat/centos
-sudo dnf install pipenv
-```
-
-## Install dependencies
-
-```bash
-pipenv install
-# Join pipenv in virtualenv
-pipenv shell
-```
-
 ## Develop VPN client tool
 
 ### Run in dev
 
 ```bash
+# Navigate to python source
+cd cli/python
 # After pipenv shell
 python -m src.client.cmd_client -h
 # OR

cli/python/DEV.md

@@ -1,31 +1,6 @@
 # PlayiO VPN overview
 
-## Index script
-
-- Install `pipenv`
-
-  ```sh
-  pip install pipenv
-  ```
-
-- Invoke `index.py` will show available commands
-
-  ```sh
-  python index.py --help
-  Usage: index.py [OPTIONS] COMMAND [ARGS]...
-
-  Options:
-    --help  Show this message and exit.
-
-  Commands:
-    hub     HUB tool to add/modify SoftEther VPN users and groups.
-    secret  Secret utils
-    server  Server tool
-  ```
-
-More detail in `README` in each sub folders.
-
-### External connection
+## External connection
 
 Note
 
@@ -42,15 +17,15 @@ This is collection of script to bootstrap, manage, setup softether-vpn server.
   - Use `TLS 1.2`
   - [Cipher suite](https://en.wikipedia.org/wiki/Cipher_suite): `ECDHE-RSA-AES256-GCM-SHA384`
 
-### Internal communication
+## Internal communication
 
 - VPN connection type: [Remote Access VPN](https://www.softether.org/4-docs/1-manual/1._SoftEther_VPN_Overview/1.4_VPN_Processing_Principle_and_Communication_Method#1.4.7_Remote_Access_VPN)
 - Separate customers to `Virtual Hubs`.
 - `Virtual Hubs` are isolated to each other.
 
-### Virtual Hub setup
+## Virtual Hub setup
 
-#### IP network
+### IP network
 
 Enable `secureNAT`
 
@@ -68,7 +43,7 @@ Enable `secureNAT`
 
     \*And all necessary routes to `internal resource subnets` defined for each customer.
 
-#### User authentication
+### User authentication
 
 - Define groups and users for each customer
 - Authentication method
@@ -78,33 +53,10 @@ Enable `secureNAT`
     - Each device has each `ssh` public/private key
   - (Optional) Interactive user: `basic password`
 
-#### Virtual hub security policy
+### Virtual Hub security policy
 
 Status: `WIP`
 
 - [ ] Define hub admin security policy
 - [ ] Define security policy and apply to group
 - [ ] Define hub extended options
-
-### Cloud sync
-
-Cronjob on Cloud `Production GKE` run every 2 minutes to sync client IP addresses to private Google Cloud DNS:
-
-- DNS zone name for each customer: `<customer-code>.device`
-- Device DNS name: `<device-hostname>.<customer-code>.device`
-
-## VPN Client overview
-
-**More details** in [Client](./src/client/README.md)
-
-An automated setup and configuration for `IoT` devices using client scripts.
-
-Standard configuration:
-
-- Installation path: `/app/vpnclient`
-- Virtual network interface: `vpn_playio`
-- SoftEther VPN client account name: `playio`
-- Linux services auto start on system boot up: `playio-vpn`
-- VPN username: (follow naming convention)
-- Authentication: `client certificate` (signed certificate and corresponding private key)
-- Server certificate verification(`WIP`)