def post_config_change(self, method):
route = CsRoute(self.dev)
route.routeTable()
route.add(self.address, method)
self.fw_router()
self.fw_vpcrouter()
# On deletion nw_type will no longer be known
if self.get_type() in ["guest"] and self.config.is_vpc():
CsDevice(self.dev, self.config).configure_rp()
logging.error(
"Not able to setup sourcenat for a regular router yet")
dns = CsDnsmasq(self)
dns.add_firewall_rules()
app = CsApache(self)
app.setup()
# If redundant then this is dealt with by the master backup functions
if self.get_type() in ["guest"] and not self.config.cl.is_redundant():
pwdsvc = CsPasswdSvc(self.address['public_ip']).start()
if self.get_type() == "public" and self.config.is_vpc():
if self.address["source_nat"]:
vpccidr = self.config.cmdline().get_vpccidr()
self.fw.append([
"filter", "",
"-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)
])
self.fw.append([
"nat", "",
"-A POSTROUTING -j SNAT -o %s --to-source %s" %
(self.dev, self.address['public_ip'])
])
def post_config_change(self, method):
route = CsRoute()
if method == "add":
route.add_table(self.dev)
route.add_route(self.dev, str(self.address["network"]))
elif method == "delete":
logging.warn("delete route not implemented")
self.fw_router()
self.fw_vpcrouter()
# On deletion nw_type will no longer be known
if self.get_type() in ["guest"] and self.config.is_vpc():
CsDevice(self.dev, self.config).configure_rp()
logging.error(
"Not able to setup source-nat for a regular router yet")
dns = CsDnsmasq(self)
dns.add_firewall_rules()
app = CsApache(self)
app.setup()
cmdline = self.config.cmdline()
# If redundant then this is dealt with by the master backup functions
if self.get_type() in ["guest"] and not cmdline.is_redundant():
pwdsvc = CsPasswdSvc(self.address['public_ip']).start()
if self.get_type() == "public" and self.config.is_vpc():
if self.address["source_nat"]:
vpccidr = cmdline.get_vpccidr()
self.fw.append(
["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)])
self.fw.append(
["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip'])])
def post_config_change(self, method):
route = CsRoute()
if method == "add":
route.add_table(self.dev)
route.add_route(self.dev, str(self.address["network"]))
elif method == "delete":
logging.warn("delete route not implemented")
self.fw_router()
self.fw_vpcrouter()
# On deletion nw_type will no longer be known
if self.get_type() in ('guest'):
if self.config.is_vpc() or self.config.is_router():
CsDevice(self.dev, self.config).configure_rp()
logging.error(
"Not able to setup source-nat for a regular router yet")
if self.config.has_dns() or self.config.is_dhcp():
dns = CsDnsmasq(self)
dns.add_firewall_rules()
if self.config.has_metadata():
app = CsApache(self)
app.setup()
cmdline = self.config.cmdline()
# Start passwd server on non-redundant routers and on the master router of redundant pairs
# CsRedundant will handle fail-over.
if self.get_type() in ["guest"] and (not self.cl.is_redundant()
or self.cl.is_master()):
CsPasswdSvc(self.address['public_ip']).start()
elif self.get_type() in ["guest"]:
# Or else make sure it's stopped
CsPasswdSvc(self.address['public_ip']).stop()
if self.get_type() == "public" and self.config.is_vpc():
if self.address["source_nat"]:
logging.info("Adding SourceNAT for interface %s to %s" %
(self.dev, self.address['public_ip']))
self.fw.append([
"nat", "",
"-A POSTROUTING -j SNAT -o %s --to-source %s" %
(self.dev, self.address['public_ip'])
])
else:
logging.info(
"Not adding SourceNAT for interface %s to %s, because source_nat=False"
% (self.dev, self.address['public_ip']))
def post_config_change(self, method):
route = CsRoute()
if method == "add":
route.add_table(self.dev)
route.add_route(self.dev, str(self.address["network"]))
elif method == "delete":
logging.warn("delete route not implemented")
self.fw_router()
self.fw_vpcrouter()
# On deletion nw_type will no longer be known
if self.get_type() in ('guest'):
if self.config.is_vpc() or self.config.is_router():
CsDevice(self.dev, self.config).configure_rp()
logging.error(
"Not able to setup source-nat for a regular router yet")
if self.config.has_dns() or self.config.is_dhcp():
dns = CsDnsmasq(self)
dns.add_firewall_rules()
if self.config.has_metadata():
app = CsApache(self)
app.setup()
cmdline = self.config.cmdline()
# If redundant then this is dealt with by the master backup functions
if self.get_type() in ["guest"] and not cmdline.is_redundant():
pwdsvc = CsPasswdSvc(self.address['public_ip']).start()
if self.get_type() == "public" and self.config.is_vpc():
if self.address["source_nat"]:
vpccidr = cmdline.get_vpccidr()
self.fw.append([
"filter", 3,
"-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)
])
self.fw.append([
"nat", "",
"-A POSTROUTING -j SNAT -o %s --to-source %s" %
(self.dev, self.address['public_ip'])
])
def post_config_change(self, method):
route = CsRoute()
if method == "add":
route.add_table(self.dev)
route.add_route(self.dev, str(self.address["network"]))
elif method == "delete":
logging.warn("delete route not implemented")
self.fw_router()
self.fw_vpcrouter()
# On deletion nw_type will no longer be known
if self.get_type() in ["guest"] and self.config.is_vpc():
CsDevice(self.dev, self.config).configure_rp()
logging.error("Not able to setup source-nat for a regular router yet")
dns = CsDnsmasq(self)
dns.add_firewall_rules()
app = CsApache(self)
app.setup()
cmdline = self.config.cmdline()
# Start passwd server on non-redundant routers and on the master router of redundant pairs
# CsRedundant will handle fail-over.
if self.get_type() in ["guest"] and (not self.cl.is_redundant() or self.cl.is_master()):
CsPasswdSvc(self.address["public_ip"]).start()
elif self.get_type() in ["guest"]:
# Or else make sure it's stopped
CsPasswdSvc(self.address["public_ip"]).stop()
if self.get_type() == "public" and self.config.is_vpc():
if self.address["source_nat"]:
vpccidr = cmdline.get_vpccidr()
self.fw.append(["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)])
self.fw.append(
["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address["public_ip"])]
)
def post_config_change(self, method):
route = CsRoute()
tableName = "Table_" + self.dev
if method == "add":
if not self.config.is_vpc():
if self.get_type() in ["public"]:
route.set_route(
"table %s throw %s proto static" %
(tableName,
self.config.address().dbag['eth0'][0]['network']))
route.set_route(
"table %s throw %s proto static" %
(tableName,
self.config.address().dbag['eth1'][0]['network']))
# add 'default via gateway' rule in the device specific routing table
if "gateway" in self.address and self.address[
"gateway"] and self.address["gateway"] != "None":
route.add_route(self.dev, self.address["gateway"])
if "network" in self.address and self.address["network"]:
route.add_network_route(self.dev,
str(self.address["network"]))
if self.get_type() in ["public"]:
CsRule(self.dev).addRule("from " +
str(self.address["network"]))
if self.config.is_vpc():
if self.get_type() in [
"public"
] and "gateway" in self.address and self.address[
"gateway"] and self.address["gateway"] != "None":
route.add_route(self.dev, self.address["gateway"])
for inf, addresses in self.config.address().dbag.iteritems(
):
if not inf.startswith("eth"):
continue
for address in addresses:
if "nw_type" in address and address[
"nw_type"] == "guest":
route.add_network_route(
self.dev, str(address["network"]))
route.add_network_route(self.dev, str(self.address["network"]))
CsHelper.execute("sudo ip route flush cache")
elif method == "delete":
# treat the last IP to be dis-associated with interface as special case to clean up the routing rules
if self.get_type() in [
"public"
] and (not self.config.is_vpc()) and (len(self.iplist) == 0):
CsHelper.execute("sudo ip rule delete table " + tableName)
CsHelper.execute("sudo ip route flush table " + tableName)
CsHelper.execute("sudo ip route flush cache")
CsRule(self.dev).delMark()
self.fw_router()
self.fw_vpcrouter()
cmdline = self.config.cmdline()
# On deletion nw_type will no longer be known
if self.get_type() in ('guest'):
if self.config.is_vpc() or self.config.is_router():
CsDevice(self.dev, self.config).configure_rp()
logging.error(
"Not able to setup source-nat for a regular router yet")
if (self.config.has_dns()
or self.config.is_dhcp()) and self.config.expose_dns():
logging.info("Making dns publicly available")
dns = CsDnsmasq(self)
dns.add_firewall_rules()
else:
logging.info("Not making dns publicly available")
if self.config.has_metadata():
app = CsApache(self)
app.setup()
# If redundant then this is dealt with
# by the primary backup functions
if not cmdline.is_redundant():
if method == "add":
CsPasswdSvc(self.address['public_ip']).start()
elif method == "delete":
CsPasswdSvc(self.address['public_ip']).stop()
elif cmdline.is_primary():
if method == "add":
CsPasswdSvc(self.get_gateway() + "," +
self.address['public_ip']).start()
elif method == "delete":
CsPasswdSvc(self.get_gateway() + "," +
self.address['public_ip']).stop()
if self.get_type() == "public" and self.config.is_vpc(
) and method == "add":
if self.address["source_nat"]:
vpccidr = cmdline.get_vpccidr()
self.fw.append([
"filter", 3,
"-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)
])
self.fw.append([
"nat", "",
"-A POSTROUTING -j SNAT -o %s --to-source %s" %
(self.dev, self.address['public_ip'])
])
def post_config_change(self, method):
route = CsRoute()
tableName = "Table_" + self.dev
if method == "add":
if not self.config.is_vpc():
# treat the first IP on a interface as special case to set up the routing rules
if self.get_type() in ["public"] and (len(self.iplist) == 1):
CsHelper.execute("sudo ip route add throw " + self.config.address().dbag['eth0'][0]['network'] + " table " + tableName + " proto static")
CsHelper.execute("sudo ip route add throw " + self.config.address().dbag['eth1'][0]['network'] + " table " + tableName + " proto static")
# add 'defaul via gateway' rule in the device specific routing table
if "gateway" in self.address and self.address["gateway"] != "None":
route.add_route(self.dev, self.address["gateway"])
route.add_network_route(self.dev, str(self.address["network"]))
if self.get_type() in ["public"]:
CsRule(self.dev).addRule("from " + str(self.address["network"]))
if self.config.is_vpc():
if self.get_type() in ["public"] and "gateway" in self.address and self.address["gateway"] != "None":
route.add_route(self.dev, self.address["gateway"])
for inf, addresses in self.config.address().dbag.iteritems():
if not inf.startswith("eth"):
continue
for address in addresses:
if "nw_type" in address and address["nw_type"] == "guest":
route.add_network_route(self.dev, str(address["network"]))
route.add_network_route(self.dev, str(self.address["network"]))
CsHelper.execute("sudo ip route flush cache")
elif method == "delete":
# treat the last IP to be dis-associated with interface as special case to clean up the routing rules
if self.get_type() in ["public"] and (not self.config.is_vpc()) and (len(self.iplist) == 0):
CsHelper.execute("sudo ip rule delete table " + tableName)
CsHelper.execute("sudo ip route flush table " + tableName)
CsHelper.execute("sudo ip route flush cache")
CsRule(self.dev).delMark()
self.fw_router()
self.fw_vpcrouter()
cmdline = self.config.cmdline()
# On deletion nw_type will no longer be known
if self.get_type() in ('guest'):
if self.config.is_vpc() or self.config.is_router():
CsDevice(self.dev, self.config).configure_rp()
logging.error(
"Not able to setup source-nat for a regular router yet")
if self.config.has_dns() or self.config.is_dhcp():
dns = CsDnsmasq(self)
dns.add_firewall_rules()
if self.config.has_metadata():
app = CsApache(self)
app.setup()
# If redundant then this is dealt with
# by the master backup functions
if not cmdline.is_redundant():
if method == "add":
CsPasswdSvc(self.address['public_ip']).start()
elif method == "delete":
CsPasswdSvc(self.address['public_ip']).stop()
if self.get_type() == "public" and self.config.is_vpc() and method == "add":
if self.address["source_nat"]:
vpccidr = cmdline.get_vpccidr()
self.fw.append(
["filter", 3, "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)])
self.fw.append(
["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip'])])
