def targets(self):
'''
Return ip addrs based on netmask, sitting in the "glob" spot because
it is the default
'''
addrs = ()
ret = {}
ports = __opts__['ssh_scan_ports']
if not isinstance(ports, list):
# Comma-separate list of integers
ports = list(map(int, str(ports).split(',')))
try:
addrs = [ipaddress.ip_address(self.tgt)]
except ValueError:
try:
addrs = ipaddress.ip_network(self.tgt).hosts()
except ValueError:
pass
for addr in addrs:
for port in ports:
try:
sock = salt.utils.network.get_socket(addr, socket.SOCK_STREAM)
sock.settimeout(float(__opts__['ssh_scan_timeout']))
sock.connect((str(addr), port))
sock.shutdown(socket.SHUT_RDWR)
sock.close()
ret[addr] = {'host': addr, 'port': port}
except socket.error:
pass
return ret
def targets(self):
'''
Return ip addrs based on netmask, sitting in the "glob" spot because
it is the default
'''
addrs = ()
ret = {}
ports = __opts__['ssh_scan_ports']
if not isinstance(ports, list):
# Comma-separate list of integers
ports = list(map(int, str(ports).split(',')))
try:
addrs = [ipaddress.ip_address(self.tgt)]
except ValueError:
try:
addrs = ipaddress.ip_network(self.tgt).hosts()
except ValueError:
pass
for addr in addrs:
for port in ports:
try:
sock = salt.utils.network.get_socket(
addr, socket.SOCK_STREAM)
sock.settimeout(float(__opts__['ssh_scan_timeout']))
sock.connect((str(addr), port))
sock.shutdown(socket.SHUT_RDWR)
sock.close()
ret[addr] = {'host': addr, 'port': port}
except socket.error:
pass
return ret
def is_loopback(ip_addr):
'''
Check if the given IP address is a loopback address
.. versionadded:: 2014.7.0
.. versionchanged:: Beryllium
IPv6 support
CLI Example::
salt '*' network.is_loopback 127.0.0.1
'''
return ipaddress.ip_address(ip_addr).is_loopback
def is_private(ip_addr):
'''
Check if the given IP address is a private address
.. versionadded:: 2014.7.0
.. versionchanged:: Beryllium
IPv6 support
CLI Example::
salt '*' network.is_private 10.0.0.3
'''
return ipaddress.ip_address(ip_addr).is_private
def reverse_ip(ip_addr):
'''
Returns the reversed IP address
.. versionchanged:: Beryllium
IPv6 support
CLI Example:
.. code-block:: bash
salt '*' network.reverse_ip 172.17.0.4
'''
return ipaddress.ip_address(ip_addr).reverse_pointer
def ensure(name, cidr, overlay, mtu=1420):
'''
Ensure that a bridge (named <name>) is configured for containers.
Under the covers we will make sure that
- The bridge exists
- The MTU is set
- The correct network is added to the bridge
- iptables is set up for MASQUERADE for egress
cidr:
The cidr range in the form of 10.244.x.0/24
mtu:
The MTU to set on the interface
'''
ret = {'name': name, 'changes': {}, 'result': False, 'comment': ''}
# This is a little hacky. I should probably import a real library for this
# but this'll work for now.
try:
cidr_network = ipaddr.ip_interface(cidr)
except Exception:
raise salt.exceptions.SaltInvocationError(
'Invalid CIDR \'{0}\''.format(cidr))
if cidr_network.version == 4:
for net in overlay:
iptables_rule = {
'table': 'nat',
'chain': 'POSTROUTING',
'rule': '-j MASQUERADE \! -d {0} -s {0}'.format(net)
}
else:
iptables_rule = None
def bridge_exists(name):
'Determine if a bridge exists already.'
out = __salt__['cmd.run_stdout']('brctl show {0}'.format(name))
for line in out.splitlines():
# get rid of first line
if line.startswith('bridge name'):
continue
# get rid of ^\n's
vals = line.split()
if not vals:
continue
if len(vals) > 1:
return True
return False
def get_ip_addr_details(name):
'For the given interface, get address details.'
out = __salt__['cmd.run']('ip addr show dev {0}'.format(name))
ret = { 'networks': [] }
for line in out.splitlines():
match = re.match(
r'^\d*:\s+([\w.\-]+)(?:@)?([\w.\-]+)?:\s+<(.+)>.*mtu (\d+)',
line)
if match:
iface, parent, attrs, mtu = match.groups()
if 'UP' in attrs.split(','):
ret['up'] = True
else:
ret['up'] = False
if parent:
ret['parent'] = parent
ret['mtu'] = int(mtu)
continue
cols = line.split()
if len(cols) > 2 and cols[0] == 'inet':
ret['networks'].append(cols[1])
return ret
def get_current_state():
'Helper that returns a dict of current bridge state.'
ret = {}
ret['name'] = name
ret['exists'] = bridge_exists(name)
if ret['exists']:
ret['details'] = get_ip_addr_details(name)
else:
ret['details'] = {}
# This module function is strange and returns True if the rule exists.
# If not, it returns a string with the error from the call to iptables.
if iptables_rule:
ret['iptables_rule_exists'] = \
__salt__['iptables.check'](**iptables_rule) == True
else:
ret['iptables_rule_exists'] = True
return ret
desired_network = '{0}/{1}'.format(
str(ipaddr.ip_address(cidr_network.network.network_address._ip + 1)),
str(cidr_network.network.prefixlen))
current_state = get_current_state()
if (current_state['exists']
and current_state['details']['mtu'] == mtu
and desired_network in current_state['details']['networks']
and current_state['details']['up']
and current_state['iptables_rule_exists']):
ret['result'] = True
ret['comment'] = 'System already in the correct state'
return ret
# The state of the system does need to be changed. Check if we're running
# in ``test=true`` mode.
if __opts__['test'] == True:
ret['comment'] = 'The state of "{0}" will be changed.'.format(name)
ret['changes'] = {
'old': current_state,
'new': 'Create and configure bridge'
}
# Return ``None`` when running with ``test=true``.
ret['result'] = None
return ret
# Finally, make the actual change and return the result.
if not current_state['exists']:
__salt__['cmd.run']('brctl addbr {0}'.format(name))
new_state = get_current_state()
if new_state['details']['mtu'] != mtu:
__salt__['cmd.run'](
'ip link set dev {0} mtu {1}'.format(name, str(mtu)))
new_state = get_current_state()
if desired_network not in new_state['details']['networks']:
__salt__['cmd.run'](
'ip addr flush dev {0}'.format(name))
__salt__['cmd.run'](
'ip addr add {0} dev {1}'.format(desired_network, name))
new_state = get_current_state()
if not new_state['details']['up']:
__salt__['cmd.run'](
'ip link set dev {0} up'.format(name))
new_state = get_current_state()
if iptables_rule and not new_state['iptables_rule_exists']:
__salt__['iptables.append'](**iptables_rule)
new_state = get_current_state()
ret['comment'] = 'The state of "{0}" was changed!'.format(name)
ret['changes'] = {
'old': current_state,
'new': new_state,
}
ret['result'] = True
return ret
