nexedi / re6stnet

prevent this kind of errors when running openssl fail:

```
10-12-2018 19:04:02 ERROR     AttributeError: 'NoneType' object has no attribute 'splitlines'
Traceback (most recent call last):
  File "/opt/re6st/eggs/re6stnet-0.513-py2.7.egg/re6st/cli/node.py", line 428, in main
    s(*args)
  File "/opt/re6st/eggs/re6stnet-0.513-py2.7.egg/re6st/utils.py", line 191, in select
    R[r]()
  File "/opt/re6st/eggs/re6stnet-0.513-py2.7.egg/re6st/tunnel.py", line 399, in handlePeerEvent
    True, crypto.FILETYPE_ASN1)
  File "/opt/re6st/eggs/re6stnet-0.513-py2.7.egg/re6st/x509.py", line 136, in loadVerify
    for x in err.splitlines():
```

/reviewed-on !6

Ideally, babeld should not keep running when it can't set such routes.
Currently, it only outputs an error message in its log.

In SQLite, a string that only contains '0' chars evaluates to False.

We currently have issues with OpenVPN hook scripts that aren't always killed
at exit. Such orphan processes prevent re6st from starting again (EADDRINUSE).

We want to know if it's an OpenVPN that does not exit cleanly on TERM,
or if it sometimes does not exit at all after 5s (then re6st sends a KILL
signal and at that point we should indeed make sure that any subprocess is
also KILLed).

gaierror: [Errno -2] Name or service not known
Traceback (most recent call last):
 File "re6st/cli/node.py", line 271, in main
   remote_gateway, config.disable_proto, config.neighbour)
 File "re6st/tunnel.py", line 663, in __init__
   cache, cert, address)
 File "re6st/tunnel.py", line 236, in __init__
   self._updateCountry(address)
 File "re6st/tunnel.py", line 643, in _updateCountry
   family, ip = resolve(*address)
 File "re6st/tunnel.py", line 30, in resolve
   for x in socket.getaddrinfo(ip, port, family, 0, proto))

where ip is '-a'

/reviewed-on !4

error: [Errno 21] Is a directory: 're6st/cli'

/reviewed-on !3

Also, add iptables/ip6tables example configuration.

Using datetime objects was a bad idea anyway. Its extra accuracy for
microseconds is lost because datime.utcnow() is slower than time.time().

Required to share the connectivity with others.

The list of authorized IPs for private RPCs is now configurable.
This is required when the registry is not bound to localhost.

With this API, a client can query IPv6/IPv4 information outside re6stnet/babel
for reporting.

The API considers that the email is unique, else it returns the first
occurrence. For SlapOS integration, it is more than enough to consider
that email will not be repeated.

    addToken, isToken and DeleteToken are introduced to manage tokens created
    by other system (like SlapOS for example).

If token is present, raise conflict instead loop until timeout.

This is a useful class that can be used for other reasons.