def post_config_change(self, method): route = CsRoute() if method == "add": route.add_table(self.dev) route.add_route(self.dev, str(self.address["network"])) elif method == "delete": logging.warn("delete route not implemented") self.fw_router() self.fw_vpcrouter() # On deletion nw_type will no longer be known if self.get_type() in ["guest"] and self.config.is_vpc(): CsDevice(self.dev, self.config).configure_rp() logging.error( "Not able to setup source-nat for a regular router yet") dns = CsDnsmasq(self) dns.add_firewall_rules() app = CsApache(self) app.setup() cmdline = self.config.cmdline() # If redundant then this is dealt with by the master backup functions if self.get_type() in ["guest"] and not cmdline.is_redundant(): pwdsvc = CsPasswdSvc(self.address['public_ip']).start() if self.get_type() == "public" and self.config.is_vpc(): if self.address["source_nat"]: vpccidr = cmdline.get_vpccidr() self.fw.append( ["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)]) self.fw.append( ["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip'])])
def set_master(self): """ Set the current router to master """ if not self.cl.is_redundant(): logging.error("Set master called on non-redundant router") return self.set_lock() logging.debug("Setting router to master") dev = '' interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] route = CsRoute() for interface in interfaces: if dev == interface.get_device(): continue dev = interface.get_device() logging.info("Will proceed configuring device ==> %s" % dev) cmd = "ip link set %s up" % dev if CsDevice(dev, self.config).waitfordevice(): CsHelper.execute(cmd) logging.info("Bringing public interface %s up" % dev) try: gateway = interface.get_gateway() logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev)) if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]: route.add_defaultroute(gateway) except: logging.error("ERROR getting gateway from device %s" % dev) else: logging.error("Device %s was not ready could not bring it up" % dev) logging.debug("Configuring static routes") static_routes = CsStaticRoutes("staticroutes", self.config) static_routes.process() cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -c" % cmd) CsHelper.execute("%s -f" % cmd) CsHelper.execute("%s -R" % cmd) CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()] for interface in interfaces: # Listen on local ip address, as cloud-init uses the 'dhcp-server-identifier' address, # which unfortunately is not the gateway address. CsPasswdSvc(interface.get_ip()).start() CsHelper.service("dnsmasq", "restart") self.cl.set_master_state(True) self.cl.save() self.release_lock() interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] CsHelper.reconfigure_interfaces(self.cl, interfaces) logging.info("Router switched to master mode")
def set_master(self): """ Set the current router to master """ if not self.cl.is_redundant(): logging.error("Set master called on non-redundant router") return self.set_lock() logging.debug("Setting router to master") dev = '' interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] route = CsRoute() for interface in interfaces: if dev == interface.get_device(): continue dev = interface.get_device() logging.info("Will proceed configuring device ==> %s" % dev) cmd = "ip link set %s up" % dev if CsDevice(dev, self.config).waitfordevice(): CsHelper.execute(cmd) logging.info("Bringing public interface %s up" % dev) try: gateway = interface.get_gateway() logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev)) if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]: route.add_defaultroute(gateway) except Exception: logging.error("ERROR getting gateway from device %s" % dev) else: logging.error("Device %s was not ready could not bring it up" % dev) logging.debug("Configuring static routes") static_routes = CsStaticRoutes("staticroutes", self.config) static_routes.process() cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -c" % cmd) CsHelper.execute("%s -f" % cmd) CsHelper.execute("%s -R" % cmd) CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()] for interface in interfaces: CsPasswdSvc(interface.get_ip()).restart() CsPasswdSvc(interface.get_gateway()).restart() CsHelper.service("dnsmasq", "restart") self.cl.set_master_state(True) self.cl.save() self.release_lock() interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] CsHelper.reconfigure_interfaces(self.cl, interfaces) logging.info("Router switched to master mode")
def post_configure(self): """ The steps that must be done after a device is configured """ if not self.get_type() in ["control"]: route = CsRoute(self.dev) route.routeTable() CsRule(self.dev).addMark() self.check_is_up() self.set_mark() self.arpPing() CsRpsrfs(self.dev).enable() self.post_config_change("add")
def post_configure(self): """ The steps that must be done after a device is configured """ if not self.get_type() in ["control"]: route = CsRoute() route.add_table(self.dev) CsRule(self.dev).addMark() self.check_is_up() self.set_mark() self.arpPing() CsRpsrfs(self.dev).enable() self.post_config_change("add")
def post_configure(self, address): """ The steps that must be done after a device is configured """ route = CsRoute() if not self.get_type() in ["control"]: route.add_table(self.dev) CsRule(self.dev).addMark() interfaces = [CsInterface(address, self.config)] CsHelper.reconfigure_interfaces(self.cl, interfaces) self.set_mark() if 'gateway' in self.address: self.arpPing() CsRpsrfs(self.dev).enable() self.post_config_change("add") '''For isolated/redundant and dhcpsrvr routers, call this method after the post_config is complete ''' if not self.config.is_vpc(): self.setup_router_control() if self.config.is_vpc() or self.cl.is_redundant(): # The code looks redundant here, but we actually have to cater for routers and # VPC routers in a different manner. Please do not remove this block otherwise # The VPC default route will be broken. if self.get_type() in ["public"]: gateway = str(address["gateway"]) route.add_defaultroute(gateway) else: # once we start processing public ip's we need to verify there # is a default route and add if needed if self.cl.get_gateway(): route.add_defaultroute(self.cl.get_gateway())
def set_master(self): """ Set the current router to master """ if not self.cl.is_redundant(): logging.error("Set master called on non-redundant router") return self.set_lock() logging.debug("Setting router to master") ads = [o for o in self.address.get_ips() if o.is_public()] dev = '' route = CsRoute() for o in ads: if dev == o.get_device(): continue dev = o.get_device() logging.info("Will proceed configuring device ==> %s" % dev) cmd2 = "ip link set %s up" % dev if CsDevice(dev, self.config).waitfordevice(): CsHelper.execute(cmd2) logging.info("Bringing public interface %s up" % dev) try: gateway = o.get_gateway() logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev)) route.add_defaultroute(gateway) except: logging.error("ERROR getting gateway from device %s" % dev) else: logging.error("Device %s was not ready could not bring it up" % dev) # ip route add default via $gw table Table_$dev proto static cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -c" % cmd) CsHelper.execute("%s -f" % cmd) CsHelper.execute("%s -R" % cmd) CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") ads = [o for o in self.address.get_ips() if o.needs_vrrp()] for o in ads: CsPasswdSvc(o.get_gateway()).restart() CsHelper.service("dnsmasq", "restart") self.cl.set_master_state(True) self.cl.save() self.release_lock() logging.info("Router switched to master mode")
def post_configure(self): """ The steps that must be done after a device is configured """ if not self.get_type() in ["control"]: route = CsRoute() route.add_table(self.dev) CsRule(self.dev).addMark() self.check_is_up() self.set_mark() self.arpPing() CsRpsrfs(self.dev).enable() self.post_config_change("add") '''For isolated/redundant and dhcpsrvr routers, call this method after the post_config is complete ''' if not self.config.is_vpc(): self.setup_router_control()
def post_configure(self, address): """ The steps that must be done after a device is configured """ route = CsRoute() if not self.get_type() in ["control"]: route.add_table(self.dev) CsRule(self.dev).addMark() self.check_is_up() self.set_mark() self.arpPing() CsRpsrfs(self.dev).enable() self.post_config_change("add") '''For isolated/redundant and dhcpsrvr routers, call this method after the post_config is complete ''' if not self.config.is_vpc(): self.setup_router_control() if self.config.is_vpc() or self.cl.is_redundant(): # The code looks redundant here, but we actually have to cater for routers and # VPC routers in a different manner. Please do not remove this block otherwise # The VPC default route will be broken. if self.get_type() in ["public"]: gateway = str(address["gateway"]) route.add_defaultroute(gateway) else: # once we start processing public ip's we need to verify there # is a default route and add if needed if(self.cl.get_gateway()): route.add_defaultroute(self.cl.get_gateway())
def process(self): route = CsRoute() found_defaultroute = False for dev in self.dbag: if dev == "id": continue ip = CsIP(dev, self.config) for address in self.dbag[dev]: #check if link is up if not self.check_if_link_up(dev): cmd = "ip link set %s up" % dev CsHelper.execute(cmd) gateway = str(address["gateway"]) network = str(address["network"]) ip.setAddress(address) if ip.configured(): logging.info("Address %s on device %s already configured", ip.ip(), dev) ip.post_configure() else: logging.info("Address %s on device %s not configured", ip.ip(), dev) if CsDevice(dev, self.config).waitfordevice(): ip.configure() route.add_route(dev, network) # The code looks redundant here, but we actually have to cater for routers and # VPC routers in a different manner. Please do not remove this block otherwise # The VPC default route will be broken. if address["nw_type"] == "public" and not found_defaultroute: if not route.defaultroute_exists(): if route.add_defaultroute(gateway): found_defaultroute = True # once we start processing public ip's we need to verify there # is a default route and add if needed if not route.defaultroute_exists(): cmdline = self.config.cmdline() if (cmdline.get_gateway()): route.add_defaultroute(cmdline.get_gateway())
def post_config_change(self, method): route = CsRoute(self.dev) route.routeTable() route.add(self.address, method) self.fw_router() self.fw_vpcrouter() # On deletion nw_type will no longer be known if self.get_type() in ["guest"] and self.config.is_vpc(): CsDevice(self.dev, self.config).configure_rp() logging.error( "Not able to setup sourcenat for a regular router yet") dns = CsDnsmasq(self) dns.add_firewall_rules() app = CsApache(self) app.setup() # If redundant then this is dealt with by the master backup functions if self.get_type() in ["guest"] and not self.config.cl.is_redundant(): pwdsvc = CsPasswdSvc(self.address['public_ip']).start() if self.get_type() == "public" and self.config.is_vpc(): if self.address["source_nat"]: vpccidr = self.config.cmdline().get_vpccidr() self.fw.append([ "filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr) ]) self.fw.append([ "nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip']) ])
def post_config_change(self, method): route = CsRoute() if method == "add": route.add_table(self.dev) route.add_route(self.dev, str(self.address["network"])) elif method == "delete": logging.warn("delete route not implemented") self.fw_router() self.fw_vpcrouter() # On deletion nw_type will no longer be known if self.get_type() in ["guest"] and self.config.is_vpc(): CsDevice(self.dev, self.config).configure_rp() logging.error("Not able to setup source-nat for a regular router yet") dns = CsDnsmasq(self) dns.add_firewall_rules() app = CsApache(self) app.setup() cmdline = self.config.cmdline() # Start passwd server on non-redundant routers and on the master router of redundant pairs # CsRedundant will handle fail-over. if self.get_type() in ["guest"] and (not self.cl.is_redundant() or self.cl.is_master()): CsPasswdSvc(self.address["public_ip"]).start() elif self.get_type() in ["guest"]: # Or else make sure it's stopped CsPasswdSvc(self.address["public_ip"]).stop() if self.get_type() == "public" and self.config.is_vpc(): if self.address["source_nat"]: vpccidr = cmdline.get_vpccidr() self.fw.append(["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)]) self.fw.append( ["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address["public_ip"])] )
def process(self): route = CsRoute() found_defaultroute = False for dev in self.dbag: if dev == "id": continue ip = CsIP(dev, self.config) for address in self.dbag[dev]: gateway = str(address["gateway"]) network = str(address["network"]) ip.setAddress(address) if ip.configured(): logging.info( "Address %s on device %s already configured", ip.ip(), dev) ip.post_configure() else: logging.info( "Address %s on device %s not configured", ip.ip(), dev) if CsDevice(dev, self.config).waitfordevice(): ip.configure() if address["nw_type"] != "control": route.add_route(dev, network) # once we start processing public ip's we need to verify there # is a default route and add if needed if address["nw_type"] == "public" and not found_defaultroute: if not route.defaultroute_exists(): if route.add_defaultroute(gateway): found_defaultroute = True
def process(self): route = CsRoute() found_defaultroute = False for dev in self.dbag: if dev == "id": continue ip = CsIP(dev, self.config) for address in self.dbag[dev]: # check if link is up if not self.check_if_link_up(dev): cmd = "ip link set %s up" % dev CsHelper.execute(cmd) gateway = str(address["gateway"]) network = str(address["network"]) ip.setAddress(address) if ip.configured(): logging.info("Address %s on device %s already configured", ip.ip(), dev) ip.post_configure() else: logging.info("Address %s on device %s not configured", ip.ip(), dev) if CsDevice(dev, self.config).waitfordevice(): ip.configure() route.add_route(dev, network) # The code looks redundant here, but we actually have to cater for routers and # VPC routers in a different manner. Please do not remove this block otherwise # The VPC default route will be broken. if address["nw_type"] == "public" and not found_defaultroute: if not route.defaultroute_exists(): if route.add_defaultroute(gateway): found_defaultroute = True # once we start processing public ip's we need to verify there # is a default route and add if needed if not route.defaultroute_exists(): cmdline = self.config.cmdline() if cmdline.get_gateway(): route.add_defaultroute(cmdline.get_gateway())
def process(self): for dev in self.dbag: if dev == "id": continue ip = CsIP(dev, self.config) for address in self.dbag[dev]: if not address["nw_type"] == "control": CsRoute(dev).add(address) ip.setAddress(address) if ip.configured(): logging.info("Address %s on device %s already configured", ip.ip(), dev) ip.post_configure() else: logging.info("Address %s on device %s not configured", ip.ip(), dev) if CsDevice(dev, self.config).waitfordevice(): ip.configure()
def post_config_change(self, method): route = CsRoute() if method == "add": route.add_table(self.dev) route.add_route(self.dev, str(self.address["network"])) elif method == "delete": logging.warn("delete route not implemented") self.fw_router() self.fw_vpcrouter() # On deletion nw_type will no longer be known if self.get_type() in ('guest'): if self.config.is_vpc() or self.config.is_router(): CsDevice(self.dev, self.config).configure_rp() logging.error( "Not able to setup source-nat for a regular router yet") if self.config.has_dns() or self.config.is_dhcp(): dns = CsDnsmasq(self) dns.add_firewall_rules() if self.config.has_metadata(): app = CsApache(self) app.setup() cmdline = self.config.cmdline() # Start passwd server on non-redundant routers and on the master router of redundant pairs # CsRedundant will handle fail-over. if self.get_type() in ["guest"] and (not self.cl.is_redundant() or self.cl.is_master()): CsPasswdSvc(self.address['public_ip']).start() elif self.get_type() in ["guest"]: # Or else make sure it's stopped CsPasswdSvc(self.address['public_ip']).stop() if self.get_type() == "public" and self.config.is_vpc(): if self.address["source_nat"]: logging.info("Adding SourceNAT for interface %s to %s" % (self.dev, self.address['public_ip'])) self.fw.append([ "nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip']) ]) else: logging.info( "Not adding SourceNAT for interface %s to %s, because source_nat=False" % (self.dev, self.address['public_ip']))
def process(self): route = CsRoute() for dev in self.dbag: if dev == "id": continue ip = CsIP(dev, self.config) for address in self.dbag[dev]: if(address["nw_type"]!="public"): continue #check if link is up if (not self.check_if_link_exists(dev)): logging.info("link %s does not exist, so not processing"%dev) continue if not self.check_if_link_up(dev): cmd="ip link set %s up"%dev CsHelper.execute(cmd) network = str(address["network"]) ip.setAddress(address) if ip.configured(): logging.info( "Address %s on device %s already configured", ip.ip(), dev) ip.post_configure() else: logging.info( "Address %s on device %s not configured", ip.ip(), dev) if CsDevice(dev, self.config).waitfordevice(): ip.configure() route.add_route(dev, network) # once we start processing public ip's we need to verify there # is a default route and add if needed if not route.defaultroute_exists(): cmdline=self.config.get_cmdline_instance() if(cmdline.get_gateway()): route.add_defaultroute(cmdline.get_gateway())
def post_config_change(self, method): route = CsRoute() if method == "add": route.add_table(self.dev) route.add_route(self.dev, str(self.address["network"])) elif method == "delete": logging.warn("delete route not implemented") self.fw_router() self.fw_vpcrouter() # On deletion nw_type will no longer be known if self.get_type() in ('guest'): if self.config.is_vpc() or self.config.is_router(): CsDevice(self.dev, self.config).configure_rp() logging.error( "Not able to setup source-nat for a regular router yet") if self.config.has_dns() or self.config.is_dhcp(): dns = CsDnsmasq(self) dns.add_firewall_rules() if self.config.has_metadata(): app = CsApache(self) app.setup() cmdline = self.config.cmdline() # If redundant then this is dealt with by the master backup functions if self.get_type() in ["guest"] and not cmdline.is_redundant(): pwdsvc = CsPasswdSvc(self.address['public_ip']).start() if self.get_type() == "public" and self.config.is_vpc(): if self.address["source_nat"]: vpccidr = cmdline.get_vpccidr() self.fw.append([ "filter", 3, "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr) ]) self.fw.append([ "nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip']) ])
def post_config_change(self, method): route = CsRoute() tableName = "Table_" + self.dev if method == "add": if not self.config.is_vpc(): if self.get_type() in ["public"]: route.set_route( "table %s throw %s proto static" % (tableName, self.config.address().dbag['eth0'][0]['network'])) route.set_route( "table %s throw %s proto static" % (tableName, self.config.address().dbag['eth1'][0]['network'])) # add 'default via gateway' rule in the device specific routing table if "gateway" in self.address and self.address[ "gateway"] and self.address["gateway"] != "None": route.add_route(self.dev, self.address["gateway"]) if "network" in self.address and self.address["network"]: route.add_network_route(self.dev, str(self.address["network"])) if self.get_type() in ["public"]: CsRule(self.dev).addRule("from " + str(self.address["network"])) if self.config.is_vpc(): if self.get_type() in [ "public" ] and "gateway" in self.address and self.address[ "gateway"] and self.address["gateway"] != "None": route.add_route(self.dev, self.address["gateway"]) for inf, addresses in self.config.address().dbag.iteritems( ): if not inf.startswith("eth"): continue for address in addresses: if "nw_type" in address and address[ "nw_type"] == "guest": route.add_network_route( self.dev, str(address["network"])) route.add_network_route(self.dev, str(self.address["network"])) CsHelper.execute("sudo ip route flush cache") elif method == "delete": # treat the last IP to be dis-associated with interface as special case to clean up the routing rules if self.get_type() in [ "public" ] and (not self.config.is_vpc()) and (len(self.iplist) == 0): CsHelper.execute("sudo ip rule delete table " + tableName) CsHelper.execute("sudo ip route flush table " + tableName) CsHelper.execute("sudo ip route flush cache") CsRule(self.dev).delMark() self.fw_router() self.fw_vpcrouter() cmdline = self.config.cmdline() # On deletion nw_type will no longer be known if self.get_type() in ('guest'): if self.config.is_vpc() or self.config.is_router(): CsDevice(self.dev, self.config).configure_rp() logging.error( "Not able to setup source-nat for a regular router yet") if (self.config.has_dns() or self.config.is_dhcp()) and self.config.expose_dns(): logging.info("Making dns publicly available") dns = CsDnsmasq(self) dns.add_firewall_rules() else: logging.info("Not making dns publicly available") if self.config.has_metadata(): app = CsApache(self) app.setup() # If redundant then this is dealt with # by the primary backup functions if not cmdline.is_redundant(): if method == "add": CsPasswdSvc(self.address['public_ip']).start() elif method == "delete": CsPasswdSvc(self.address['public_ip']).stop() elif cmdline.is_primary(): if method == "add": CsPasswdSvc(self.get_gateway() + "," + self.address['public_ip']).start() elif method == "delete": CsPasswdSvc(self.get_gateway() + "," + self.address['public_ip']).stop() if self.get_type() == "public" and self.config.is_vpc( ) and method == "add": if self.address["source_nat"]: vpccidr = cmdline.get_vpccidr() self.fw.append([ "filter", 3, "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr) ]) self.fw.append([ "nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip']) ])
def post_config_change(self, method): route = CsRoute() tableName = "Table_" + self.dev if method == "add": if not self.config.is_vpc(): # treat the first IP on a interface as special case to set up the routing rules if self.get_type() in ["public"] and (len(self.iplist) == 1): CsHelper.execute("sudo ip route add throw " + self.config.address().dbag['eth0'][0]['network'] + " table " + tableName + " proto static") CsHelper.execute("sudo ip route add throw " + self.config.address().dbag['eth1'][0]['network'] + " table " + tableName + " proto static") # add 'defaul via gateway' rule in the device specific routing table if "gateway" in self.address and self.address["gateway"] != "None": route.add_route(self.dev, self.address["gateway"]) route.add_network_route(self.dev, str(self.address["network"])) if self.get_type() in ["public"]: CsRule(self.dev).addRule("from " + str(self.address["network"])) if self.config.is_vpc(): if self.get_type() in ["public"] and "gateway" in self.address and self.address["gateway"] != "None": route.add_route(self.dev, self.address["gateway"]) for inf, addresses in self.config.address().dbag.iteritems(): if not inf.startswith("eth"): continue for address in addresses: if "nw_type" in address and address["nw_type"] == "guest": route.add_network_route(self.dev, str(address["network"])) route.add_network_route(self.dev, str(self.address["network"])) CsHelper.execute("sudo ip route flush cache") elif method == "delete": # treat the last IP to be dis-associated with interface as special case to clean up the routing rules if self.get_type() in ["public"] and (not self.config.is_vpc()) and (len(self.iplist) == 0): CsHelper.execute("sudo ip rule delete table " + tableName) CsHelper.execute("sudo ip route flush table " + tableName) CsHelper.execute("sudo ip route flush cache") CsRule(self.dev).delMark() self.fw_router() self.fw_vpcrouter() cmdline = self.config.cmdline() # On deletion nw_type will no longer be known if self.get_type() in ('guest'): if self.config.is_vpc() or self.config.is_router(): CsDevice(self.dev, self.config).configure_rp() logging.error( "Not able to setup source-nat for a regular router yet") if self.config.has_dns() or self.config.is_dhcp(): dns = CsDnsmasq(self) dns.add_firewall_rules() if self.config.has_metadata(): app = CsApache(self) app.setup() # If redundant then this is dealt with # by the master backup functions if not cmdline.is_redundant(): if method == "add": CsPasswdSvc(self.address['public_ip']).start() elif method == "delete": CsPasswdSvc(self.address['public_ip']).stop() if self.get_type() == "public" and self.config.is_vpc() and method == "add": if self.address["source_nat"]: vpccidr = cmdline.get_vpccidr() self.fw.append( ["filter", 3, "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)]) self.fw.append( ["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip'])])
def set_primary(self): """ Set the current router to primary """ if not self.cl.is_redundant(): logging.error("Set primary called on non-redundant router") return self.set_lock() logging.debug("Setting router to primary") dev = '' interfaces = [ interface for interface in self.address.get_interfaces() if interface.is_public() ] route = CsRoute() for interface in interfaces: if dev == interface.get_device(): continue dev = interface.get_device() logging.info("Will proceed configuring device ==> %s" % dev) cmd = "ip link set %s up" % dev if CsDevice(dev, self.config).waitfordevice(): CsHelper.execute(cmd) logging.info("Bringing public interface %s up" % dev) try: gateway = interface.get_gateway() logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev)) if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]: route.add_defaultroute(gateway) except Exception: logging.error("ERROR getting gateway from device %s" % dev) if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]: try: self._add_ipv6_to_interface(interface, interface.get_ip6()) if interface.get_gateway6(): route.add_defaultroute_v6(interface.get_gateway6()) except Exception as e: logging.error( "ERROR adding IPv6, getting IPv6 gateway from device %s: %s" % (dev, e)) else: logging.error("Device %s was not ready could not bring it up" % dev) self._add_ipv6_guest_gateway() logging.debug("Configuring static routes") static_routes = CsStaticRoutes("staticroutes", self.config) static_routes.process() cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -c" % cmd) CsHelper.execute("%s -f" % cmd) CsHelper.execute("%s -R" % cmd) CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") interfaces = [ interface for interface in self.address.get_interfaces() if interface.needs_vrrp() ] for interface in interfaces: if interface.is_added(): CsPasswdSvc(interface.get_gateway() + "," + interface.get_ip()).restart() CsHelper.service("dnsmasq", "restart") self.cl.set_primary_state(True) self.cl.save() self.release_lock() interfaces = [ interface for interface in self.address.get_interfaces() if interface.is_public() ] CsHelper.reconfigure_interfaces(self.cl, interfaces) public_devices = list( set([interface.get_device() for interface in interfaces])) if len(public_devices) > 1: # Handle specific failures when multiple public interfaces public_devices.sort() # Ensure the default route is added, or outgoing traffic from VMs with static NAT on # the subsequent interfaces will go from the wrong IP route = CsRoute() dev = '' for interface in interfaces: if dev == interface.get_device(): continue dev = interface.get_device() gateway = interface.get_gateway() if gateway: route.add_route(dev, gateway) # The first public interface has a static MAC address between VRs. Subsequent ones don't, # so an ARP announcement is needed on failover for device in public_devices[1:]: logging.info("Sending garp messages for IPs on %s" % device) for interface in interfaces: if interface.get_device() == device: CsHelper.execute("arping -I %s -U %s -c 1" % (device, interface.get_ip())) logging.info("Router switched to primary mode")