Exemple #1
0
    def post_config_change(self, method):
        route = CsRoute()
        if method == "add":
            route.add_table(self.dev)
            route.add_route(self.dev, str(self.address["network"]))
        elif method == "delete":
            logging.warn("delete route not implemented")

        self.fw_router()
        self.fw_vpcrouter()

        # On deletion nw_type will no longer be known
        if self.get_type() in ["guest"] and self.config.is_vpc():

            CsDevice(self.dev, self.config).configure_rp()

            logging.error(
                "Not able to setup source-nat for a regular router yet")
            dns = CsDnsmasq(self)
            dns.add_firewall_rules()
            app = CsApache(self)
            app.setup()

        cmdline = self.config.cmdline()
        # If redundant then this is dealt with by the master backup functions
        if self.get_type() in ["guest"] and not cmdline.is_redundant():
            pwdsvc = CsPasswdSvc(self.address['public_ip']).start()

        if self.get_type() == "public" and self.config.is_vpc():
            if self.address["source_nat"]:
                vpccidr = cmdline.get_vpccidr()
                self.fw.append(
                    ["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)])
                self.fw.append(
                    ["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip'])])
Exemple #2
0
    def set_master(self):
        """ Set the current router to master """
        if not self.cl.is_redundant():
            logging.error("Set master called on non-redundant router")
            return

        self.set_lock()
        logging.debug("Setting router to master")

        dev = ''
        interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()]
        route = CsRoute()
        for interface in interfaces:
            if dev == interface.get_device():
                continue
            dev = interface.get_device()
            logging.info("Will proceed configuring device ==> %s" % dev)
            cmd = "ip link set %s up" % dev
            if CsDevice(dev, self.config).waitfordevice():
                CsHelper.execute(cmd)
                logging.info("Bringing public interface %s up" % dev)

                try:
                    gateway = interface.get_gateway()
                    logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev))
                    if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]:
                        route.add_defaultroute(gateway)
                except:
                    logging.error("ERROR getting gateway from device %s" % dev)
            else:
                logging.error("Device %s was not ready could not bring it up" % dev)

        logging.debug("Configuring static routes")
        static_routes = CsStaticRoutes("staticroutes", self.config)
        static_routes.process()

        cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
        CsHelper.execute("%s -c" % cmd)
        CsHelper.execute("%s -f" % cmd)
        CsHelper.execute("%s -R" % cmd)
        CsHelper.execute("%s -B" % cmd)
        CsHelper.service("ipsec", "restart")
        CsHelper.service("xl2tpd", "restart")
        interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()]
        for interface in interfaces:
            # Listen on local ip address, as cloud-init uses the 'dhcp-server-identifier' address,
            #  which unfortunately is not the gateway address.
            CsPasswdSvc(interface.get_ip()).start()

        CsHelper.service("dnsmasq", "restart")
        self.cl.set_master_state(True)
        self.cl.save()
        self.release_lock()

        interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()]
        CsHelper.reconfigure_interfaces(self.cl, interfaces)
        logging.info("Router switched to master mode")
Exemple #3
0
    def set_master(self):
        """ Set the current router to master """
        if not self.cl.is_redundant():
            logging.error("Set master called on non-redundant router")
            return

        self.set_lock()
        logging.debug("Setting router to master")

        dev = ''
        interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()]
        route = CsRoute()
        for interface in interfaces:
            if dev == interface.get_device():
                continue
            dev = interface.get_device()
            logging.info("Will proceed configuring device ==> %s" % dev)
            cmd = "ip link set %s up" % dev
            if CsDevice(dev, self.config).waitfordevice():
                CsHelper.execute(cmd)
                logging.info("Bringing public interface %s up" % dev)

                try:
                    gateway = interface.get_gateway()
                    logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev))
                    if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]:
                        route.add_defaultroute(gateway)
                except Exception:
                    logging.error("ERROR getting gateway from device %s" % dev)
            else:
                logging.error("Device %s was not ready could not bring it up" % dev)

        logging.debug("Configuring static routes")
        static_routes = CsStaticRoutes("staticroutes", self.config)
        static_routes.process()

        cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
        CsHelper.execute("%s -c" % cmd)
        CsHelper.execute("%s -f" % cmd)
        CsHelper.execute("%s -R" % cmd)
        CsHelper.execute("%s -B" % cmd)
        CsHelper.service("ipsec", "restart")
        CsHelper.service("xl2tpd", "restart")

        interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()]
        for interface in interfaces:
            CsPasswdSvc(interface.get_ip()).restart()
            CsPasswdSvc(interface.get_gateway()).restart()

        CsHelper.service("dnsmasq", "restart")
        self.cl.set_master_state(True)
        self.cl.save()
        self.release_lock()

        interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()]
        CsHelper.reconfigure_interfaces(self.cl, interfaces)
        logging.info("Router switched to master mode")
Exemple #4
0
 def post_configure(self):
     """ The steps that must be done after a device is configured """
     if not self.get_type() in ["control"]:
         route = CsRoute(self.dev)
         route.routeTable()
         CsRule(self.dev).addMark()
         self.check_is_up()
         self.set_mark()
         self.arpPing()
         CsRpsrfs(self.dev).enable()
         self.post_config_change("add")
Exemple #5
0
 def post_configure(self):
     """ The steps that must be done after a device is configured """
     if not self.get_type() in ["control"]:
         route = CsRoute()
         route.add_table(self.dev)
         CsRule(self.dev).addMark()
         self.check_is_up()
         self.set_mark()
         self.arpPing()
         CsRpsrfs(self.dev).enable()
         self.post_config_change("add")
Exemple #6
0
    def post_configure(self, address):
        """ The steps that must be done after a device is configured """
        route = CsRoute()
        if not self.get_type() in ["control"]:
            route.add_table(self.dev)

            CsRule(self.dev).addMark()

            interfaces = [CsInterface(address, self.config)]
            CsHelper.reconfigure_interfaces(self.cl, interfaces)

            self.set_mark()
            if 'gateway' in self.address:
                self.arpPing()

            CsRpsrfs(self.dev).enable()
            self.post_config_change("add")
        '''For isolated/redundant and dhcpsrvr routers, call this method after the post_config is complete '''
        if not self.config.is_vpc():
            self.setup_router_control()

        if self.config.is_vpc() or self.cl.is_redundant():
            # The code looks redundant here, but we actually have to cater for routers and
            # VPC routers in a different manner. Please do not remove this block otherwise
            # The VPC default route will be broken.
            if self.get_type() in ["public"]:
                gateway = str(address["gateway"])
                route.add_defaultroute(gateway)
        else:
            # once we start processing public ip's we need to verify there
            # is a default route and add if needed
            if self.cl.get_gateway():
                route.add_defaultroute(self.cl.get_gateway())
Exemple #7
0
    def set_master(self):
        """ Set the current router to master """
        if not self.cl.is_redundant():
            logging.error("Set master called on non-redundant router")
            return

        self.set_lock()
        logging.debug("Setting router to master")

        ads = [o for o in self.address.get_ips() if o.is_public()]
        dev = ''
        route = CsRoute()
        for o in ads:
            if dev == o.get_device():
                continue
            dev = o.get_device()
            logging.info("Will proceed configuring device ==> %s" % dev)
            cmd2 = "ip link set %s up" % dev
            if CsDevice(dev, self.config).waitfordevice():
                CsHelper.execute(cmd2)
                logging.info("Bringing public interface %s up" % dev)

                try:
                    gateway = o.get_gateway()
                    logging.info("Adding gateway ==> %s to device ==> %s" %
                                 (gateway, dev))
                    route.add_defaultroute(gateway)
                except:
                    logging.error("ERROR getting gateway from device %s" % dev)
            else:
                logging.error("Device %s was not ready could not bring it up" %
                              dev)

        # ip route add default via $gw table Table_$dev proto static
        cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
        CsHelper.execute("%s -c" % cmd)
        CsHelper.execute("%s -f" % cmd)
        CsHelper.execute("%s -R" % cmd)
        CsHelper.execute("%s -B" % cmd)
        CsHelper.service("ipsec", "restart")
        CsHelper.service("xl2tpd", "restart")
        ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
        for o in ads:
            CsPasswdSvc(o.get_gateway()).restart()

        CsHelper.service("dnsmasq", "restart")
        self.cl.set_master_state(True)
        self.cl.save()
        self.release_lock()
        logging.info("Router switched to master mode")
Exemple #8
0
 def post_configure(self):
     """ The steps that must be done after a device is configured """
     if not self.get_type() in ["control"]:
         route = CsRoute()
         route.add_table(self.dev)
         CsRule(self.dev).addMark()
         self.check_is_up()
         self.set_mark()
         self.arpPing()
         CsRpsrfs(self.dev).enable()
         self.post_config_change("add")
     '''For isolated/redundant and dhcpsrvr routers, call this method after the post_config is complete '''
     if not self.config.is_vpc():
         self.setup_router_control()
Exemple #9
0
    def post_configure(self):
        """ The steps that must be done after a device is configured """
        if not self.get_type() in ["control"]:
            route = CsRoute()
            route.add_table(self.dev)
            CsRule(self.dev).addMark()
            self.check_is_up()
            self.set_mark()
            self.arpPing()
            CsRpsrfs(self.dev).enable()
            self.post_config_change("add")

        '''For isolated/redundant and dhcpsrvr routers, call this method after the post_config is complete '''
        if not self.config.is_vpc():
            self.setup_router_control()
Exemple #10
0
    def set_master(self):
        """ Set the current router to master """
        if not self.cl.is_redundant():
            logging.error("Set master called on non-redundant router")
            return

        self.set_lock()
        logging.debug("Setting router to master")

        ads = [o for o in self.address.get_ips() if o.is_public()]
        dev = ''
        route = CsRoute()
        for o in ads:
            if dev == o.get_device():
                continue
            dev = o.get_device()
            logging.info("Will proceed configuring device ==> %s" % dev)
            cmd2 = "ip link set %s up" % dev
            if CsDevice(dev, self.config).waitfordevice():
                CsHelper.execute(cmd2)
                logging.info("Bringing public interface %s up" % dev)

                try:
                    gateway = o.get_gateway()
                    logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev))
                    route.add_defaultroute(gateway)
                except:
                    logging.error("ERROR getting gateway from device %s" % dev)
            else:
                logging.error("Device %s was not ready could not bring it up" % dev)

        # ip route add default via $gw table Table_$dev proto static
        cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
        CsHelper.execute("%s -c" % cmd)
        CsHelper.execute("%s -f" % cmd)
        CsHelper.execute("%s -R" % cmd)
        CsHelper.execute("%s -B" % cmd)
        CsHelper.service("ipsec", "restart")
        CsHelper.service("xl2tpd", "restart")
        ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
        for o in ads:
            CsPasswdSvc(o.get_gateway()).restart()

        CsHelper.service("dnsmasq", "restart")
        self.cl.set_master_state(True)
        self.cl.save()
        self.release_lock()
        logging.info("Router switched to master mode")
Exemple #11
0
    def post_configure(self, address):
        """ The steps that must be done after a device is configured """
        route = CsRoute()
        if not self.get_type() in ["control"]:
            route.add_table(self.dev)
            
            CsRule(self.dev).addMark()
            self.check_is_up()
            self.set_mark()
            self.arpPing()
            
            CsRpsrfs(self.dev).enable()
            self.post_config_change("add")

        '''For isolated/redundant and dhcpsrvr routers, call this method after the post_config is complete '''
        if not self.config.is_vpc():
            self.setup_router_control()
        
        if self.config.is_vpc() or self.cl.is_redundant():
            # The code looks redundant here, but we actually have to cater for routers and
            # VPC routers in a different manner. Please do not remove this block otherwise
            # The VPC default route will be broken.
            if self.get_type() in ["public"]:
                gateway = str(address["gateway"])
                route.add_defaultroute(gateway)
        else:
            # once we start processing public ip's we need to verify there
            # is a default route and add if needed
            if(self.cl.get_gateway()):
                route.add_defaultroute(self.cl.get_gateway())
Exemple #12
0
    def process(self):
        route = CsRoute()
        found_defaultroute = False

        for dev in self.dbag:
            if dev == "id":
                continue
            ip = CsIP(dev, self.config)

            for address in self.dbag[dev]:
                #check if link is up
                if not self.check_if_link_up(dev):
                    cmd = "ip link set %s up" % dev
                    CsHelper.execute(cmd)

                gateway = str(address["gateway"])
                network = str(address["network"])

                ip.setAddress(address)

                if ip.configured():
                    logging.info("Address %s on device %s already configured",
                                 ip.ip(), dev)

                    ip.post_configure()

                else:
                    logging.info("Address %s on device %s not configured",
                                 ip.ip(), dev)
                    if CsDevice(dev, self.config).waitfordevice():
                        ip.configure()

                route.add_route(dev, network)

                # The code looks redundant here, but we actually have to cater for routers and
                # VPC routers in a different manner. Please do not remove this block otherwise
                # The VPC default route will be broken.
                if address["nw_type"] == "public" and not found_defaultroute:
                    if not route.defaultroute_exists():
                        if route.add_defaultroute(gateway):
                            found_defaultroute = True

        # once we start processing public ip's we need to verify there
        # is a default route and add if needed
        if not route.defaultroute_exists():
            cmdline = self.config.cmdline()
            if (cmdline.get_gateway()):
                route.add_defaultroute(cmdline.get_gateway())
Exemple #13
0
    def post_config_change(self, method):
        route = CsRoute(self.dev)
        route.routeTable()
        route.add(self.address, method)
        self.fw_router()
        self.fw_vpcrouter()
        # On deletion nw_type will no longer be known
        if self.get_type() in ["guest"] and self.config.is_vpc():

            CsDevice(self.dev, self.config).configure_rp()

            logging.error(
                "Not able to setup sourcenat for a regular router yet")
            dns = CsDnsmasq(self)
            dns.add_firewall_rules()
            app = CsApache(self)
            app.setup()

        # If redundant then this is dealt with by the master backup functions
        if self.get_type() in ["guest"] and not self.config.cl.is_redundant():
            pwdsvc = CsPasswdSvc(self.address['public_ip']).start()

        if self.get_type() == "public" and self.config.is_vpc():
            if self.address["source_nat"]:
                vpccidr = self.config.cmdline().get_vpccidr()
                self.fw.append([
                    "filter", "",
                    "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)
                ])
                self.fw.append([
                    "nat", "",
                    "-A POSTROUTING -j SNAT -o %s --to-source %s" %
                    (self.dev, self.address['public_ip'])
                ])
Exemple #14
0
    def post_config_change(self, method):
        route = CsRoute()
        if method == "add":
            route.add_table(self.dev)
            route.add_route(self.dev, str(self.address["network"]))
        elif method == "delete":
            logging.warn("delete route not implemented")

        self.fw_router()
        self.fw_vpcrouter()

        # On deletion nw_type will no longer be known
        if self.get_type() in ["guest"] and self.config.is_vpc():

            CsDevice(self.dev, self.config).configure_rp()

            logging.error("Not able to setup source-nat for a regular router yet")
            dns = CsDnsmasq(self)
            dns.add_firewall_rules()
            app = CsApache(self)
            app.setup()

        cmdline = self.config.cmdline()
        # Start passwd server on non-redundant routers and on the master router of redundant pairs
        # CsRedundant will handle fail-over.
        if self.get_type() in ["guest"] and (not self.cl.is_redundant() or self.cl.is_master()):
            CsPasswdSvc(self.address["public_ip"]).start()
        elif self.get_type() in ["guest"]:
            # Or else make sure it's stopped
            CsPasswdSvc(self.address["public_ip"]).stop()

        if self.get_type() == "public" and self.config.is_vpc():
            if self.address["source_nat"]:
                vpccidr = cmdline.get_vpccidr()
                self.fw.append(["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)])
                self.fw.append(
                    ["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address["public_ip"])]
                )
Exemple #15
0
    def process(self):
        route = CsRoute()
        found_defaultroute = False

        for dev in self.dbag:
            if dev == "id":
                continue
            ip = CsIP(dev, self.config)

            for address in self.dbag[dev]:

                gateway = str(address["gateway"])
                network = str(address["network"])

                ip.setAddress(address)

                if ip.configured():
                    logging.info(
                        "Address %s on device %s already configured", ip.ip(), dev)

                    ip.post_configure()

                else:
                    logging.info(
                        "Address %s on device %s not configured", ip.ip(), dev)
                    if CsDevice(dev, self.config).waitfordevice():
                        ip.configure()

                if address["nw_type"] != "control":
                    route.add_route(dev, network)

                # once we start processing public ip's we need to verify there
                # is a default route and add if needed
                if address["nw_type"] == "public" and not found_defaultroute:
                    if not route.defaultroute_exists():
                        if route.add_defaultroute(gateway):
                            found_defaultroute = True
Exemple #16
0
    def process(self):
        route = CsRoute()
        found_defaultroute = False

        for dev in self.dbag:
            if dev == "id":
                continue
            ip = CsIP(dev, self.config)

            for address in self.dbag[dev]:
                # check if link is up
                if not self.check_if_link_up(dev):
                    cmd = "ip link set %s up" % dev
                    CsHelper.execute(cmd)

                gateway = str(address["gateway"])
                network = str(address["network"])

                ip.setAddress(address)

                if ip.configured():
                    logging.info("Address %s on device %s already configured", ip.ip(), dev)

                    ip.post_configure()

                else:
                    logging.info("Address %s on device %s not configured", ip.ip(), dev)
                    if CsDevice(dev, self.config).waitfordevice():
                        ip.configure()

                route.add_route(dev, network)

                # The code looks redundant here, but we actually have to cater for routers and
                # VPC routers in a different manner. Please do not remove this block otherwise
                # The VPC default route will be broken.
                if address["nw_type"] == "public" and not found_defaultroute:
                    if not route.defaultroute_exists():
                        if route.add_defaultroute(gateway):
                            found_defaultroute = True

        # once we start processing public ip's we need to verify there
        # is a default route and add if needed
        if not route.defaultroute_exists():
            cmdline = self.config.cmdline()
            if cmdline.get_gateway():
                route.add_defaultroute(cmdline.get_gateway())
Exemple #17
0
 def process(self):
     for dev in self.dbag:
         if dev == "id":
             continue
         ip = CsIP(dev, self.config)
         for address in self.dbag[dev]:
             if not address["nw_type"] == "control":
                 CsRoute(dev).add(address)
             ip.setAddress(address)
             if ip.configured():
                 logging.info("Address %s on device %s already configured", ip.ip(), dev)
                 ip.post_configure()
             else:
                 logging.info("Address %s on device %s not configured", ip.ip(), dev)
                 if CsDevice(dev, self.config).waitfordevice():
                     ip.configure()
Exemple #18
0
    def post_config_change(self, method):
        route = CsRoute()
        if method == "add":
            route.add_table(self.dev)
            route.add_route(self.dev, str(self.address["network"]))
        elif method == "delete":
            logging.warn("delete route not implemented")

        self.fw_router()
        self.fw_vpcrouter()

        # On deletion nw_type will no longer be known
        if self.get_type() in ('guest'):
            if self.config.is_vpc() or self.config.is_router():
                CsDevice(self.dev, self.config).configure_rp()
                logging.error(
                    "Not able to setup source-nat for a regular router yet")

            if self.config.has_dns() or self.config.is_dhcp():
                dns = CsDnsmasq(self)
                dns.add_firewall_rules()

            if self.config.has_metadata():
                app = CsApache(self)
                app.setup()

        cmdline = self.config.cmdline()
        # Start passwd server on non-redundant routers and on the master router of redundant pairs
        # CsRedundant will handle fail-over.
        if self.get_type() in ["guest"] and (not self.cl.is_redundant()
                                             or self.cl.is_master()):
            CsPasswdSvc(self.address['public_ip']).start()
        elif self.get_type() in ["guest"]:
            # Or else make sure it's stopped
            CsPasswdSvc(self.address['public_ip']).stop()

        if self.get_type() == "public" and self.config.is_vpc():
            if self.address["source_nat"]:
                logging.info("Adding SourceNAT for interface %s to %s" %
                             (self.dev, self.address['public_ip']))
                self.fw.append([
                    "nat", "",
                    "-A POSTROUTING -j SNAT -o %s --to-source %s" %
                    (self.dev, self.address['public_ip'])
                ])
            else:
                logging.info(
                    "Not adding SourceNAT for interface %s to %s, because source_nat=False"
                    % (self.dev, self.address['public_ip']))
Exemple #19
0
    def process(self):
        route = CsRoute()

        for dev in self.dbag:
            if dev == "id":
                continue
            ip = CsIP(dev, self.config)

            for address in self.dbag[dev]:
                if(address["nw_type"]!="public"):
                    continue

                #check if link is up
                if (not self.check_if_link_exists(dev)):
                    logging.info("link %s does not exist, so not processing"%dev)
                    continue
                if not self.check_if_link_up(dev):
                   cmd="ip link set %s up"%dev
                   CsHelper.execute(cmd)

                network = str(address["network"])

                ip.setAddress(address)

                if ip.configured():
                    logging.info(
                        "Address %s on device %s already configured", ip.ip(), dev)

                    ip.post_configure()

                else:
                    logging.info(
                        "Address %s on device %s not configured", ip.ip(), dev)
                    if CsDevice(dev, self.config).waitfordevice():
                        ip.configure()
                route.add_route(dev, network)

        # once we start processing public ip's we need to verify there
        # is a default route and add if needed
        if not route.defaultroute_exists():
            cmdline=self.config.get_cmdline_instance()
            if(cmdline.get_gateway()):
                route.add_defaultroute(cmdline.get_gateway())
Exemple #20
0
    def post_config_change(self, method):
        route = CsRoute()
        if method == "add":
            route.add_table(self.dev)
            route.add_route(self.dev, str(self.address["network"]))
        elif method == "delete":
            logging.warn("delete route not implemented")

        self.fw_router()
        self.fw_vpcrouter()

        # On deletion nw_type will no longer be known
        if self.get_type() in ('guest'):
            if self.config.is_vpc() or self.config.is_router():
                CsDevice(self.dev, self.config).configure_rp()
                logging.error(
                    "Not able to setup source-nat for a regular router yet")

            if self.config.has_dns() or self.config.is_dhcp():
                dns = CsDnsmasq(self)
                dns.add_firewall_rules()

            if self.config.has_metadata():
                app = CsApache(self)
                app.setup()

        cmdline = self.config.cmdline()
        # If redundant then this is dealt with by the master backup functions
        if self.get_type() in ["guest"] and not cmdline.is_redundant():
            pwdsvc = CsPasswdSvc(self.address['public_ip']).start()

        if self.get_type() == "public" and self.config.is_vpc():
            if self.address["source_nat"]:
                vpccidr = cmdline.get_vpccidr()
                self.fw.append([
                    "filter", 3,
                    "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)
                ])
                self.fw.append([
                    "nat", "",
                    "-A POSTROUTING -j SNAT -o %s --to-source %s" %
                    (self.dev, self.address['public_ip'])
                ])
Exemple #21
0
    def post_config_change(self, method):
        route = CsRoute()
        tableName = "Table_" + self.dev

        if method == "add":
            if not self.config.is_vpc():
                if self.get_type() in ["public"]:
                    route.set_route(
                        "table %s throw %s proto static" %
                        (tableName,
                         self.config.address().dbag['eth0'][0]['network']))
                    route.set_route(
                        "table %s throw %s proto static" %
                        (tableName,
                         self.config.address().dbag['eth1'][0]['network']))

                # add 'default via gateway' rule in the device specific routing table
                if "gateway" in self.address and self.address[
                        "gateway"] and self.address["gateway"] != "None":
                    route.add_route(self.dev, self.address["gateway"])
                if "network" in self.address and self.address["network"]:
                    route.add_network_route(self.dev,
                                            str(self.address["network"]))

                if self.get_type() in ["public"]:
                    CsRule(self.dev).addRule("from " +
                                             str(self.address["network"]))

            if self.config.is_vpc():
                if self.get_type() in [
                        "public"
                ] and "gateway" in self.address and self.address[
                        "gateway"] and self.address["gateway"] != "None":
                    route.add_route(self.dev, self.address["gateway"])
                    for inf, addresses in self.config.address().dbag.iteritems(
                    ):
                        if not inf.startswith("eth"):
                            continue
                        for address in addresses:
                            if "nw_type" in address and address[
                                    "nw_type"] == "guest":
                                route.add_network_route(
                                    self.dev, str(address["network"]))

                route.add_network_route(self.dev, str(self.address["network"]))

            CsHelper.execute("sudo ip route flush cache")

        elif method == "delete":
            # treat the last IP to be dis-associated with interface as special case to clean up the routing rules
            if self.get_type() in [
                    "public"
            ] and (not self.config.is_vpc()) and (len(self.iplist) == 0):
                CsHelper.execute("sudo ip rule delete table " + tableName)
                CsHelper.execute("sudo ip route flush table " + tableName)
                CsHelper.execute("sudo ip route flush cache")
                CsRule(self.dev).delMark()

        self.fw_router()
        self.fw_vpcrouter()

        cmdline = self.config.cmdline()

        # On deletion nw_type will no longer be known
        if self.get_type() in ('guest'):
            if self.config.is_vpc() or self.config.is_router():
                CsDevice(self.dev, self.config).configure_rp()

                logging.error(
                    "Not able to setup source-nat for a regular router yet")

            if (self.config.has_dns()
                    or self.config.is_dhcp()) and self.config.expose_dns():
                logging.info("Making dns publicly available")
                dns = CsDnsmasq(self)
                dns.add_firewall_rules()
            else:
                logging.info("Not making dns publicly available")

            if self.config.has_metadata():
                app = CsApache(self)
                app.setup()

                # If redundant then this is dealt with
                # by the primary backup functions
                if not cmdline.is_redundant():
                    if method == "add":
                        CsPasswdSvc(self.address['public_ip']).start()
                    elif method == "delete":
                        CsPasswdSvc(self.address['public_ip']).stop()
                elif cmdline.is_primary():
                    if method == "add":
                        CsPasswdSvc(self.get_gateway() + "," +
                                    self.address['public_ip']).start()
                    elif method == "delete":
                        CsPasswdSvc(self.get_gateway() + "," +
                                    self.address['public_ip']).stop()

        if self.get_type() == "public" and self.config.is_vpc(
        ) and method == "add":
            if self.address["source_nat"]:
                vpccidr = cmdline.get_vpccidr()
                self.fw.append([
                    "filter", 3,
                    "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)
                ])
                self.fw.append([
                    "nat", "",
                    "-A POSTROUTING -j SNAT -o %s --to-source %s" %
                    (self.dev, self.address['public_ip'])
                ])
Exemple #22
0
    def post_config_change(self, method):
        route = CsRoute()
        tableName = "Table_" + self.dev

        if method == "add":
            if not self.config.is_vpc():
                # treat the first IP on a interface as special case to set up the routing rules
                if self.get_type() in ["public"] and (len(self.iplist) == 1):
                    CsHelper.execute("sudo ip route add throw " + self.config.address().dbag['eth0'][0]['network'] + " table " + tableName + " proto static")
                    CsHelper.execute("sudo ip route add throw " + self.config.address().dbag['eth1'][0]['network'] + " table " + tableName + " proto static")

                # add 'defaul via gateway' rule in the device specific routing table
                if "gateway" in self.address and self.address["gateway"] != "None":
                    route.add_route(self.dev, self.address["gateway"])
                route.add_network_route(self.dev, str(self.address["network"]))

                if self.get_type() in ["public"]:
                    CsRule(self.dev).addRule("from " + str(self.address["network"]))

            if self.config.is_vpc():
                if self.get_type() in ["public"] and "gateway" in self.address and self.address["gateway"] != "None":
                    route.add_route(self.dev, self.address["gateway"])
                    for inf, addresses in self.config.address().dbag.iteritems():
                        if not inf.startswith("eth"):
                            continue
                        for address in addresses:
                            if "nw_type" in address and address["nw_type"] == "guest":
                                route.add_network_route(self.dev, str(address["network"]))

                route.add_network_route(self.dev, str(self.address["network"]))

            CsHelper.execute("sudo ip route flush cache")

        elif method == "delete":
            # treat the last IP to be dis-associated with interface as special case to clean up the routing rules
            if self.get_type() in ["public"] and (not self.config.is_vpc()) and (len(self.iplist) == 0):
                CsHelper.execute("sudo ip rule delete table " + tableName)
                CsHelper.execute("sudo ip route flush table " + tableName)
                CsHelper.execute("sudo ip route flush cache")
                CsRule(self.dev).delMark()

        self.fw_router()
        self.fw_vpcrouter()

        cmdline = self.config.cmdline()

        # On deletion nw_type will no longer be known
        if self.get_type() in ('guest'):
            if self.config.is_vpc() or self.config.is_router():
                CsDevice(self.dev, self.config).configure_rp()

                logging.error(
                    "Not able to setup source-nat for a regular router yet")

            if self.config.has_dns() or self.config.is_dhcp():
                dns = CsDnsmasq(self)
                dns.add_firewall_rules()

            if self.config.has_metadata():
                app = CsApache(self)
                app.setup()

                # If redundant then this is dealt with
                # by the master backup functions
                if not cmdline.is_redundant():
                    if method == "add":
                        CsPasswdSvc(self.address['public_ip']).start()
                    elif method == "delete":
                        CsPasswdSvc(self.address['public_ip']).stop()

        if self.get_type() == "public" and self.config.is_vpc() and method == "add":
            if self.address["source_nat"]:
                vpccidr = cmdline.get_vpccidr()
                self.fw.append(
                    ["filter", 3, "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)])
                self.fw.append(
                    ["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip'])])
Exemple #23
0
    def set_primary(self):
        """ Set the current router to primary """
        if not self.cl.is_redundant():
            logging.error("Set primary called on non-redundant router")
            return

        self.set_lock()
        logging.debug("Setting router to primary")

        dev = ''
        interfaces = [
            interface for interface in self.address.get_interfaces()
            if interface.is_public()
        ]
        route = CsRoute()
        for interface in interfaces:
            if dev == interface.get_device():
                continue
            dev = interface.get_device()
            logging.info("Will proceed configuring device ==> %s" % dev)
            cmd = "ip link set %s up" % dev
            if CsDevice(dev, self.config).waitfordevice():
                CsHelper.execute(cmd)
                logging.info("Bringing public interface %s up" % dev)

                try:
                    gateway = interface.get_gateway()
                    logging.info("Adding gateway ==> %s to device ==> %s" %
                                 (gateway, dev))
                    if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]:
                        route.add_defaultroute(gateway)
                except Exception:
                    logging.error("ERROR getting gateway from device %s" % dev)
                if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]:
                    try:
                        self._add_ipv6_to_interface(interface,
                                                    interface.get_ip6())
                        if interface.get_gateway6():
                            route.add_defaultroute_v6(interface.get_gateway6())
                    except Exception as e:
                        logging.error(
                            "ERROR adding IPv6, getting IPv6 gateway from device %s: %s"
                            % (dev, e))
            else:
                logging.error("Device %s was not ready could not bring it up" %
                              dev)

        self._add_ipv6_guest_gateway()

        logging.debug("Configuring static routes")
        static_routes = CsStaticRoutes("staticroutes", self.config)
        static_routes.process()

        cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
        CsHelper.execute("%s -c" % cmd)
        CsHelper.execute("%s -f" % cmd)
        CsHelper.execute("%s -R" % cmd)
        CsHelper.execute("%s -B" % cmd)
        CsHelper.service("ipsec", "restart")
        CsHelper.service("xl2tpd", "restart")

        interfaces = [
            interface for interface in self.address.get_interfaces()
            if interface.needs_vrrp()
        ]
        for interface in interfaces:
            if interface.is_added():
                CsPasswdSvc(interface.get_gateway() + "," +
                            interface.get_ip()).restart()

        CsHelper.service("dnsmasq", "restart")
        self.cl.set_primary_state(True)
        self.cl.save()
        self.release_lock()

        interfaces = [
            interface for interface in self.address.get_interfaces()
            if interface.is_public()
        ]
        CsHelper.reconfigure_interfaces(self.cl, interfaces)

        public_devices = list(
            set([interface.get_device() for interface in interfaces]))
        if len(public_devices) > 1:
            # Handle specific failures when multiple public interfaces

            public_devices.sort()

            # Ensure the default route is added, or outgoing traffic from VMs with static NAT on
            # the subsequent interfaces will go from the wrong IP
            route = CsRoute()
            dev = ''
            for interface in interfaces:
                if dev == interface.get_device():
                    continue
                dev = interface.get_device()
                gateway = interface.get_gateway()
                if gateway:
                    route.add_route(dev, gateway)

            # The first public interface has a static MAC address between VRs.  Subsequent ones don't,
            # so an ARP announcement is needed on failover
            for device in public_devices[1:]:
                logging.info("Sending garp messages for IPs on %s" % device)
                for interface in interfaces:
                    if interface.get_device() == device:
                        CsHelper.execute("arping -I %s -U %s -c 1" %
                                         (device, interface.get_ip()))

        logging.info("Router switched to primary mode")