def clean_nat(self):
'''
Flush the tables of iptables.
'''
Bash('iptables --flush')
Bash('iptables --table nat --flush')
Bash('iptables --delete-chain')
Bash('iptables --table nat --delete-chain')
Bash('iptables --flush')
def set_nat(self, wan_interface):
'''
Set a rule to performe as a NAT
in iptables.
'''
Bash('cp /etc/sysctl.conf /etc/sysctl.conf.bak')
Bash('cp ' + os.path.realpath(
os.path.abspath(
os.path.split(inspect.getfile(inspect.currentframe()))[0])) +
'/sysctl.conf /etc/sysctl.conf')
# Delete and flush iptables
Bash('iptables --flush')
Bash('iptables --table nat --flush')
Bash('iptables --delete-chain')
Bash('iptables --table nat --delete-chain')
Bash('iptables --flush')
#chain = iptc.Chain(iptc.Table(iptc.Table.NAT), "POSTROUTING")
#rule = iptc.Rule()
#rule.out_interface = wan_interface
#target = iptc.Target(rule, "MASQUERADE")
#rule.target = target
#chain.insert_rule(rule)
bash = Bash('iptables -t nat -A POSTROUTING -o ' + wan_interface +
' -j MASQUERADE')
Bash('service iptables restart')
def set_floating(self):
for address in self.floating_ip:
Bash('iptables -t nat -I POSTROUTING -s ' +
address['private_address'] + ' -j SNAT --to ' +
address['public_address'])
Bash('iptables -t nat -I PREROUTING -d ' +
address['public_address'] + ' -j DNAT --to-destination ' +
address['private_address'])
wan_interface_name = self.get_wan_interface_name()
Bash('ip addr add ' + address['public_address'] + ' dev ' +
wan_interface_name)
def configure_dhcp(self, dhcp_server_conf):
'''
example of configuration
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 192.168.1.1, 192.168.1.2;
option domain-name "mydomain.example";
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
range 192.168.1.150 192.168.1.200;
}
'''
with open('/etc/dhcp/dhcpd.conf', 'w') as dhcpd_file:
dhcpd_file.write('default-lease-time '+dhcp_server_conf['defaultLeaseTime']+';\n')
dhcpd_file.write('max-lease-time '+dhcp_server_conf['maxLeaseTime']+';\n')
dhcpd_file.write('option subnet-mask '+dhcp_server_conf['gatewayIp']['gatewayMask']+';\n')
dhcpd_file.write('option routers '+dhcp_server_conf['gatewayIp']['gatewayIp']+';\n')
dhcpd_file.write('option domain-name-servers '+dhcp_server_conf['domainNameServer']+';\n')
dhcpd_file.write('option domain-name "'+dhcp_server_conf['domainName']+'";\n')
if 'mtu' in dhcp_server_conf:
dhcpd_file.write('option interface-mtu "' + str(dhcp_server_conf['mtu']) + '";\n')
network = str(self.get_network(dhcp_server_conf['gatewayIp']['gatewayMask'], dhcp_server_conf['gatewayIp']['gatewayIp']))
dhcpd_file.write('subnet '+network+' netmask '+dhcp_server_conf['gatewayIp']['gatewayMask']+' {\n')
for section in dhcp_server_conf['sections']['section']:
dhcpd_file.write(' range '+section['sectionStartIp']+' '+section['sectionEndIp']+';\n')
dhcpd_file.write('}')
dhcpd_file.truncate()
# Set interfaces
isc_dhcp_server = 'INTERFACES="'
for index, interface in enumerate(self.dhcp_interfaces):
if index != 0:
isc_dhcp_server += ' '
isc_dhcp_server += interface.name
isc_dhcp_server += '"'
with open('/etc/default/isc-dhcp-server', 'w') as isc_dhcp_server_file:
isc_dhcp_server_file.write(isc_dhcp_server)
isc_dhcp_server_file.truncate()
# Restart service
Bash('service isc-dhcp-server restart')
if len(self.dhcp_interfaces) == 0:
Bash('service isc-dhcp-server stop')
def set_status(self, json_instance):
'''
Set the status of the VNF starting from a
json instance
'''
logging.debug(json_instance)
if_entries = json_instance[self.yang_module_name + ':' +
'interfaces']['ifEntry']
interfaces = []
self.wan_interface = None
for interface in if_entries:
# Set interface
logging.debug(interface)
if 'default_gw' not in interface:
default_gw = None
else:
default_gw = interface['default_gw']
if 'address' not in interface:
address = None
else:
address = interface['address']
new_interface = Interface(
name=interface['name'],
ipv4_address=address,
_type=interface['type'],
configuration_type=interface['configurationType'],
default_gw=default_gw)
if new_interface.type == 'wan':
self.wan_interface = new_interface
else:
new_interface.set_interface()
interfaces.append(new_interface)
self.if_entries = if_entries
self.json_instance = json_instance
self.if_entries = self.json_instance[self.yang_module_name + ':' +
'interfaces']['ifEntry']
if self.wan_interface is not None:
Bash('route del default gw 0.0.0.0')
Bash('ip addr flush dev ' + self.wan_interface.name)
self.wan_interface.set_interface()
self.set_nat(self.wan_interface.name)
else:
self.clean_nat()
self.get_interfaces()
self.get_interfaces_dict()
self.floating_ip = json_instance[self.yang_module_name + ':' +
'staticBindings']['floatingIP']
self.set_floating()
def base_conf(self):
Bash('echo "UseDNS no" >> /etc/ssh/sshd_config')