def main():
"""Run the main application."""
# Parse user args
user_args = args()
# Get the contents of the system environment json
environment_file = file_find(filename=user_args['file'])
with open(environment_file, 'rb') as f:
inventory_json = json.loads(f.read())
commands = []
nodes = []
pools = []
virts = []
sslvirts = []
pubvirts = []
commands.extend([
'### CREATE SECURITY iRULE ###',
'create ltm rule /' + PART + '/' + PREFIX_NAME + '_DISCARD_ALL',
' --> Copy and Paste the following between pre-included curly brackets <--',
'when CLIENT_ACCEPTED { discard }\n',
'### CREATE EXTERNAL MONITOR ###',
' --> Upload External monitor file to disk <--',
' run util bash', ' cd /config/monitors/',
' vi RPC-MON-EXT-ENDPOINT.monitor',
' --> Copy and Paste the External monitor into vi <--',
' create sys file external-monitor /' + PART +
'/RPC-MON-EXT-ENDPOINT { source-path file:///config/monitors/RPC-MON-EXT-ENDPOINT.monitor }',
' save sys config', ' create ltm monitor external /' +
PART + '/RPC-MON-EXT-ENDPOINT { interval 20 timeout 61 run /' + PART +
'/RPC-MON-EXT-ENDPOINT }\n'
])
if user_args['ssl_domain_name']:
commands.extend([
'### UPLOAD SSL CERT KEY PAIR ###',
'cd /RPC',
'install sys crypto cert /' + PART +
'/%(ssl_domain_name)s.crt from-editor' % user_args,
' --> Copy and Paste provided domain cert for public api endpoint <--',
'install sys crypto key /' + PART +
'/%(ssl_domain_name)s.key from-editor' % user_args,
' --> Copy and Paste provided domain key for public api endpoint <--',
'cd /Common\n',
'### CREATE SSL PROFILES ###',
('create ltm profile client-ssl'
' /' + PART + '/' + PREFIX_NAME + '_PROF_SSL_%(ssl_domain_name)s'
' { cert /' + PART + '/%(ssl_domain_name)s.crt key'
' /' + PART +
'/%(ssl_domain_name)s.key defaults-from clientssl }') % user_args,
'create ltm profile server-ssl /' + PART + '/' + PREFIX_NAME +
'_PROF_SSL_SERVER { defaults-from /Common/serverssl }\n' %
user_args,
])
if user_args['Superman']:
print " ************************** "
print " .*##*:*####***:::**###*:######*. "
print " *##: .###* *######:,##* "
print " *##: :####: *####*. :##: "
print " *##,:########**********:, :##: "
print " .#########################*, *#* "
print " *#########################*##: "
print " *##, ..,,::**#####: "
print " ,##*,*****, *##* "
print " *#########*########: "
print " *##*:*******###* "
print " .##*. ,##* "
print " :##* *##, "
print " *####: "
print " :, "
# Kal-El
# SUPERMAN
# JNA
pool_parts = build_pool_parts(inventory=inventory_json)
lb_vip_address = inventory_json['all']['vars']['internal_lb_vip_address']
for key, value in pool_parts.iteritems():
value['group_name'] = key.upper()
value['vs_name'] = '%s_VS_%s' % (PREFIX_NAME, value['group_name'])
value['pool_name'] = '%s_POOL_%s' % (PREFIX_NAME, value['group_name'])
node_data = []
priority = 100
for node in value['hosts']:
node['node_name'] = '%s_NODE_%s' % (PREFIX_NAME, node['hostname'])
nodes.append(NODES % node)
if value.get('persist'):
persist = PERSIST_OPTION
else:
persist = str()
virtual_dict = {
'port': value['port'],
'vs_name': value['vs_name'],
'pool_name': value['pool_name'],
'internal_lb_vip_address': lb_vip_address,
'persist': persist,
'ssl_domain_name': user_args['ssl_domain_name'],
'ssl_public_ip': user_args['ssl_public_ip'],
}
##########################################
virt = '%s' % VIRTUAL_ENTRIES % virtual_dict
if virt not in virts:
virts.append(virt)
if user_args['ssl_public_ip']:
if not value.get('backend_ssl'):
virtual_dict['ssl_profiles'] = (
'/' + PART + '/' + PREFIX_NAME +
'_PROF_SSL_%(ssl_domain_name)s { context clientside }'
) % user_args
else:
virtual_dict[
'ssl_profiles'] = '/' + PART + '/' + PREFIX_NAME + '_PROF_SSL_SERVER { context serverside } /' + PART + '/' + PREFIX_NAME + '_PROF_SSL_%(ssl_domain_name)s { context clientside }' % user_args
if value.get('make_public'):
if value.get('ssl_impossible'):
virtual_dict['vs_name'] = '%s_VS_%s' % (
'RPC_PUB', value['group_name'])
pubvirt = (
'%s\n') % PUB_NONSSL_VIRTUAL_ENTRIES % virtual_dict
if pubvirt not in pubvirts:
pubvirts.append(pubvirt)
else:
virtual_dict['vs_name'] = '%s_VS_%s' % (
'RPC_PUB_SSL', value['group_name'])
sslvirt = '%s' % PUB_SSL_VIRTUAL_ENTRIES % virtual_dict
if sslvirt not in sslvirts:
sslvirts.append(sslvirt)
if value.get('priority') is True:
node_data.append('%s:%s %s' %
(node['node_name'], value['backend_port'],
PRIORITY_ENTRY % {
'priority_int': priority
}))
priority -= 5
else:
node_data.append('%s:%s' %
(node['node_name'], value['backend_port']))
##########################################
value['nodes'] = ' '.join(node_data)
pool_node = [POOL_NODE['beginning'] % value]
if value.get('priority') is True:
pool_node.append(POOL_NODE['priority'])
pool_node.append(POOL_NODE['end'] % value)
pools.append('%s' % ' '.join(pool_node))
# define the SNAT pool address
snat_pool_adds = user_args.get('snat_pool_address')
if snat_pool_adds is None:
container_cidr = inventory_json['all']['vars']['container_cidr']
network = netaddr.IPNetwork(container_cidr)
snat_pool_adds = str(network[15])
snat_pool_addresses = ' '.join(snat_pool_adds.split(','))
snat_pool = '%s\n' % SNAT_POOL % {
'snat_pool_addresses': snat_pool_addresses
}
script = [
'#!/usr/bin/bash\n', r'### CREATE RPC PARTITION ###',
'create auth partition %s\n' % PART,
r'### SET DISPLAY PORT NUMBERS ###',
'modify cli global-settings service number\n', snat_pool
]
script.extend(['### CREATE MONITORS ###'])
script.extend(['%s' % i % user_args for i in MONITORS])
script.extend(['%s' % i for i in commands])
script.extend(['### CREATE PERSISTENCE PROFILES ###'])
script.extend(['%s' % i % user_args for i in PERSISTANCE])
script.extend(['### CREATE NODES ###'])
script.extend(['%s' % i % user_args for i in nodes])
script.extend(['\n### CREATE POOLS ###'])
script.extend(pools)
script.extend(['\n### CREATE VIRTUAL SERVERS ###'])
script.extend(virts)
script.extend(['\n### CREATE PUBLIC SSL OFFLOADED VIRTUAL SERVERS ###'])
script.extend(sslvirts)
script.extend(['\n### CREATE PUBLIC SSL PASS-THROUGH VIRTUAL SERVERS ###'])
script.extend(pubvirts)
if user_args['sec_host_network']:
hostnet, netmask = user_args['sec_host_network'].split(':')
if not user_args['sec_public_vlan_name']:
raise SystemExit('Please set the [ --sec-public-vlan-name ] value')
script.append(
SEC_HOSTNET_VIRTUAL_ENTRIES % {
'sec_host_net': hostnet,
'sec_host_netmask': netmask,
'sec_public_vlan_name': user_args['sec_public_vlan_name']
})
if user_args['sec_container_network']:
hostnet, netmask = user_args['sec_container_network'].split(':')
script.append(SEC_CONTAINER_VIRTUAL_ENTRIES % {
'sec_container_net': hostnet,
'sec_container_netmask': netmask
})
script.extend(['%s\n' % i for i in END_COMMANDS])
if user_args['print']:
for i in script:
print(i)
with open(user_args['export'], 'w+') as f:
f.writelines("\n".join(script))
def getCidr(ip, netmask):
try:
ipn = netaddr.IPNetwork("%s/%s" % (ip, netmask))
return str(ipn.cidr)
except netaddr.AddrFormatError:
return False
def ipaddr(value, query="", version=False, alias="ipaddr"):
""" Check if string is an IP address or network and filter it """
query_func_extra_args = {
"": ("vtype", ),
"6to4": ("vtype", "value"),
"cidr_lookup": ("iplist", "value"),
"first_usable": ("vtype", ),
"int": ("vtype", ),
"ipv4": ("value", ),
"ipv6": ("value", ),
"last_usable": ("vtype", ),
"link-local": ("value", ),
"loopback": ("value", ),
"lo": ("value", ),
"multicast": ("value", ),
"next_usable": ("vtype", ),
"peer": ("vtype", ),
"previous_usable": ("vtype", ),
"private": ("value", ),
"public": ("value", ),
"unicast": ("value", ),
"range_usable": ("vtype", ),
"wrap": ("vtype", "value"),
}
query_func_map = {
"": _empty_ipaddr_query,
"6to4": _6to4_query,
"address": _ip_query,
"address/prefix": _address_prefix_query, # deprecate
"bool": _bool_ipaddr_query,
"broadcast": _broadcast_query,
"cidr": _cidr_query,
"cidr_lookup": _cidr_lookup_query,
"first_usable": _first_usable_query,
"gateway": _address_prefix_query, # deprecate
"gw": _address_prefix_query, # deprecate
"host": _host_query,
"host/prefix": _address_prefix_query, # deprecate
"hostmask": _hostmask_query,
"hostnet": _address_prefix_query, # deprecate
"int": _int_query,
"ip": _ip_query,
"ip/prefix": _ip_prefix_query,
"ip_netmask": _ip_netmask_query,
# 'ip_wildcard': _ip_wildcard_query, built then could not think of use case
"ipv4": _ipv4_query,
"ipv6": _ipv6_query,
"last_usable": _last_usable_query,
"link-local": _link_local_query,
"lo": _loopback_query,
"loopback": _loopback_query,
"multicast": _multicast_query,
"net": _net_query,
"next_usable": _next_usable_query,
"netmask": _netmask_query,
"network": _network_query,
"network_id": _network_query,
"network/prefix": _subnet_query,
"network_netmask": _network_netmask_query,
"network_wildcard": _network_wildcard_query,
"peer": _peer_query,
"prefix": _prefix_query,
"previous_usable": _previous_usable_query,
"private": _private_query,
"public": _public_query,
"range_usable": _range_usable_query,
"revdns": _revdns_query,
"router": _address_prefix_query, # deprecate
"size": _size_query,
"size_usable": _size_usable_query,
"subnet": _subnet_query,
"type": _type_query,
"unicast": _unicast_query,
"v4": _ipv4_query,
"v6": _ipv6_query,
"version": _version_query,
"wildcard": _hostmask_query,
"wrap": _wrap_query,
}
vtype = None
# Check if value is a list and parse each element
if isinstance(value, (list, tuple, types.GeneratorType)):
_ret = [ipaddr(element, str(query), version) for element in value]
return [item for item in _ret if item]
elif not value or value is True:
# TODO: Remove this check in a major version release of collection with porting guide
# TODO: and raise exception commented out below
display.warning(
"The value '%s' is not a valid IP address or network, passing this value to ipaddr filter"
" might result in breaking change in future." % value)
return False
# Check if value is a number and convert it to an IP address
elif str(value).isdigit():
# We don't know what IP version to assume, so let's check IPv4 first,
# then IPv6
try:
if (not version) or (version and version == 4):
v = netaddr.IPNetwork("0.0.0.0/0")
v.value = int(value)
v.prefixlen = 32
elif version and version == 6:
v = netaddr.IPNetwork("::/0")
v.value = int(value)
v.prefixlen = 128
# IPv4 didn't work the first time, so it definitely has to be IPv6
except Exception:
try:
v = netaddr.IPNetwork("::/0")
v.value = int(value)
v.prefixlen = 128
# The value is too big for IPv6. Are you a nanobot?
except Exception:
return False
# We got an IP address, let's mark it as such
value = str(v)
vtype = "address"
# value has not been recognized, check if it's a valid IP string
else:
try:
v = netaddr.IPNetwork(value)
# value is a valid IP string, check if user specified
# CIDR prefix or just an IP address, this will indicate default
# output format
try:
address, prefix = value.split("/")
vtype = "network"
except Exception:
vtype = "address"
# value hasn't been recognized, maybe it's a numerical CIDR?
except Exception:
try:
address, prefix = value.split("/")
address.isdigit()
address = int(address)
prefix.isdigit()
prefix = int(prefix)
# It's not numerical CIDR, give up
except Exception:
return False
# It is something, so let's try and build a CIDR from the parts
try:
v = netaddr.IPNetwork("0.0.0.0/0")
v.value = address
v.prefixlen = prefix
# It's not a valid IPv4 CIDR
except Exception:
try:
v = netaddr.IPNetwork("::/0")
v.value = address
v.prefixlen = prefix
# It's not a valid IPv6 CIDR. Give up.
except Exception:
return False
# We have a valid CIDR, so let's write it in correct format
value = str(v)
vtype = "network"
# We have a query string but it's not in the known query types. Check if
# that string is a valid subnet, if so, we can check later if given IP
# address/network is inside that specific subnet
try:
# ?? 6to4 and link-local were True here before. Should they still?
if (query and (query not in query_func_map or query == "cidr_lookup")
and not str(query).isdigit() and ipaddr(query, "network")):
iplist = netaddr.IPSet([netaddr.IPNetwork(query)])
query = "cidr_lookup"
except Exception:
pass
# This code checks if value maches the IP version the user wants, ie. if
# it's any version ("ipaddr()"), IPv4 ("ipv4()") or IPv6 ("ipv6()")
# If version does not match, return False
if version and v.version != version:
return False
extras = []
for arg in query_func_extra_args.get(query, tuple()):
extras.append(locals()[arg])
try:
return query_func_map[query](v, *extras)
except KeyError:
try:
float(query)
if v.size == 1:
if vtype == "address":
return str(v.ip)
elif vtype == "network":
return str(v)
elif v.size > 1:
try:
return str(v[query]) + "/" + str(v.prefixlen)
except Exception:
return False
else:
return value
except Exception:
raise AnsibleFilterError(alias +
": unknown filter type: %s" % query)
return False
def get_next_subnet(cidr):
return netaddr.IPNetwork(cidr).next()
def add(self, cidr, scope='global', add_broadcast=True):
net = netaddr.IPNetwork(cidr)
args = ['add', cidr, 'scope', scope, 'dev', self.name]
if add_broadcast and net.version == 4:
args += ['brd', str(net[-1])]
self._as_root([net.version], tuple(args))
def _build_ipv4v6_mac_ip_list(self, mac, ip_address, mac_ipv4_pairs,
mac_ipv6_pairs):
if netaddr.IPNetwork(ip_address).version == 4:
mac_ipv4_pairs.append((mac, ip_address))
else:
mac_ipv6_pairs.append((mac, ip_address))
def configure(self):
"""
Returns a cassandra template with seed nodes
"""
self.add_description('Sets up Cassandra in all Zones')
self.get_eni_policies()
self.get_default_security_groups()
self.get_standard_parameters()
self.get_standard_policies()
_global_config = constants.ENVIRONMENTS[self.env]
self.ami = self.add_parameter(
Parameter('AMI',
Type='String',
Description='AMI ID for instances',
Default=get_latest_ami_id(
self.region, 'ivy-cassandra',
_global_config.get('ami_owner', 'self'))))
_cassandra_security_group = self.add_resource(
ec2.SecurityGroup(
'{}SecurityGroup'.format(self.name),
VpcId=self.vpc_id,
GroupDescription='Security Group for {} Instances'.format(
self.name),
SecurityGroupIngress=[
{
'IpProtocol': 'tcp',
'FromPort': 7000,
'ToPort': 7001,
'CidrIp': self.vpc_cidr
}, # inter-node
{
'IpProtocol': 'tcp',
'FromPort': 7199,
'ToPort': 7199,
'CidrIp': self.vpc_cidr
}, # jmx
{
'IpProtocol': 'tcp',
'FromPort': 9042,
'ToPort': 9042,
'CidrIp': self.vpc_cidr
}, # client port
{
'IpProtocol': 'tcp',
'FromPort': 9160,
'ToPort': 9160,
'CidrIp': self.vpc_cidr
}, # client (thrift)
]))
self.add_resource(
ec2.SecurityGroupIngress(
'{}IngressSecurityGroup'.format(self.name),
GroupId=Ref(_cassandra_security_group),
IpProtocol='-1',
FromPort=-1,
ToPort=-1,
SourceSecurityGroupId=Ref(_cassandra_security_group
) # this allows members all traffic
))
self.add_security_group(Ref(_cassandra_security_group))
# Add support for creating EBS snapshots and tagging them
self.add_iam_policy(
iam.Policy(PolicyName='CassandraBackups',
PolicyDocument={
'Statement': [{
'Effect':
'Allow',
'Resource':
'*',
'Action': [
'ec2:AttachVolume', 'ec2:CreateSnapshot',
'ec2:CreateTags', 'ec2:DeleteSnapshot',
'ec2:DescribeInstances',
'ec2:DescribeSnapshots', 'ec2:DescribeTags',
'ec2:DescribeVolumeAttribute',
'ec2:DescribeVolumeStatus',
'ec2:DescribeVolumes', 'ec2:DetachVolume'
]
}]
}))
for cluster in constants.ENVIRONMENTS[
self.env]['cassandra']['clusters']:
for _instance in cluster['instances']:
subnet = [
s for s in self.get_subnets('private')
if netaddr.IPAddress(_instance['ip']) in netaddr.IPNetwork(
s['CidrBlock'])
][0]
service = 'cassandra-{}'.format(cluster['name'])
role = '-'.join([
self.name, cluster['name'], subnet['AvailabilityZone'],
_instance['ip']
])
tags = self.get_tags(service_override=service,
role_override=role)
# Create ENI for this server, and hold onto a Ref for it so we can feed it into the userdata
uniq_id = hashlib.md5(role.encode('utf-8')).hexdigest()[:10]
eni = ec2.NetworkInterface(
self.name + cluster['name'] + "ENI" + uniq_id,
Description=
'Cassandra: Cluster: {} ENV: {} PrivateSubnet {}'.format(
cluster['name'], self.env, subnet['SubnetId']),
GroupSet=self.security_groups,
PrivateIpAddress=_instance['ip'],
SourceDestCheck=True,
SubnetId=subnet['SubnetId'],
Tags=tags,
)
self.add_resource(eni)
# Add the rootfs
_block_device_mapping = get_block_device_mapping(
self.parameters['InstanceType'].resource['Default'])
_block_device_mapping += {
ec2.BlockDeviceMapping(DeviceName="/dev/xvda",
Ebs=ec2.EBSBlockDevice(
DeleteOnTermination=True,
VolumeSize=cluster.get(
'rootfs_size', 20),
VolumeType="gp2",
))
}
# Seed the cluster from one node in the remote DC, plus three nodes in this DC
# We want to avoid making too many nodes into seeds
if cluster.get('remote_seed'):
remote_env_name = cluster['remote_seed']['datacenter']
remote_cluster_name = cluster['remote_seed']['cluster']
remote_clusters = constants.ENVIRONMENTS[remote_env_name][
'cassandra']['clusters']
# filter to just the remote cluster in the remote DC and return that one only
remote_cluster = list(
filter(lambda x: x['name'] == remote_cluster_name,
remote_clusters))[0]
remote_seeds = [
i['ip'] for i in remote_cluster['instances']
][:1]
local_seeds = [i['ip'] for i in cluster['instances']][:3]
seeds = ','.join(remote_seeds + local_seeds)
else:
# Use the first three cassandra nodes as seeds
seeds = ','.join([i['ip']
for i in cluster['instances']][:3])
if cluster.get('data_volume_size'):
# Create the EBS volume
data_volume = ec2.Volume(
'{}{}DataVolume{}'.format(
self.name, cluster['name'], uniq_id
), # something like 'envnameCassandraappDataVolumec47145e176'
Size=cluster.get('data_volume_size', 20),
VolumeType='gp2',
AvailabilityZone=subnet['AvailabilityZone'],
DeletionPolicy='Retain',
Tags=tags + [ec2.Tag('Name', role + "-datavol")])
self.add_resource(data_volume)
else:
data_volume = None
# Create the user data in two phases
# Phase 1: substitute from constants in Rain
user_data_template = self.get_cloudinit_template(
cluster['cassandra_template'],
replacements=(('__PROMPT_COLOR__', self.prompt_color()),
('__CASSANDRA_CLUSTER__', cluster['name']),
('__CASSANDRA_CLUSTER_OVERRIDE__',
cluster.get('cluster_name_override',
"")), ('__CASSANDRA_SEEDS__',
seeds), ('__SERVICE__',
service)))
# Phase 2: Allow AWS Cloudformation to further substitute Ref()'s in the userdata
userdata = Base64(
Sub(
user_data_template.replace(
'${', '${!'
) # Replace bash brackets with CFN escaped style
.replace(
'{#', '${'
), # Replace rain-style CFN escapes with proper CFN brackets
{
'CFN_ENI_ID':
Ref(eni),
'CFN_DATA_EBS_VOLUME_ID':
Ref(data_volume) if data_volume else ""
}))
# Create the Launch Configuration / ASG
_instance_type = cluster.get('instance_type',
Ref(self.instance_type))
launch_configuration = self.add_resource(
autoscaling.LaunchConfiguration(
'{}{}LaunchConfiguration{}'.format(
self.name, cluster['name'], uniq_id),
AssociatePublicIpAddress=False,
BlockDeviceMappings=_block_device_mapping,
EbsOptimized=True if _instance_type
in EBS_OPTIMIZED_INSTANCES else False,
ImageId=Ref(self.ami),
InstanceType=_instance_type,
InstanceMonitoring=False,
IamInstanceProfile=Ref(self.instance_profile),
KeyName=Ref(self.keypair_name),
SecurityGroups=self.security_groups,
UserData=userdata))
self.add_resource(
autoscaling.AutoScalingGroup(
'{}{}ASGroup{}'.format(self.name, cluster['name'],
uniq_id),
AvailabilityZones=[subnet['AvailabilityZone']],
HealthCheckType='EC2',
LaunchConfigurationName=Ref(launch_configuration),
MinSize=1,
MaxSize=1,
VPCZoneIdentifier=[subnet['SubnetId']],
Tags=self.get_autoscaling_tags(
service_override=service, role_override=role) +
[autoscaling.Tag('Name', role, True)]))
def interface_configure_bridge_safe(self,
interface=None,
ipaddr=None,
gw=None,
mask=None):
"""
will in a safe way configure bridge brpub
if available and has ip addr to go to internet then nothing will happen
otherwise system will try in a safe way set this ipaddr, this is a dangerous operation
if ipaddr == None then will look for existing config on interface and use that one to configure the bridge
"""
import pynetlinux
if ipaddr == None or mask == None or interface == None:
print("get default network config for main interface")
interface2, ipaddr2 = self.getDefaultIPConfig()
if interface == None:
interface = str(interface2)
print("interface found:%s" % interface)
if ipaddr == None:
ipaddr = ipaddr2
print("ipaddr found:%s" % ipaddr)
if interface == "brpub":
gw = pynetlinux.route.get_default_gw()
if not j.sal.nettools.pingMachine(gw, pingtimeout=2):
raise j.exceptions.RuntimeError(
"cannot continue to execute on bridgeConfigResetPub, gw was not reachable."
)
#this means the default found interface is already brpub, so can leave here
return
i = pynetlinux.ifconfig.Interface(interface)
try:
i.mac
except IOError as e:
if e.errno == 19:
raise j.exceptions.RuntimeError("Did not find interface: %s" %
interface)
else:
raise
if ipaddr == None:
raise j.exceptions.RuntimeError("Did not find ipaddr: %s" % ipaddr)
if mask == None:
mask = i.get_netmask()
print("mask found:%s" % mask)
if gw == None:
gw = pynetlinux.route.get_default_gw()
print("gw found:%s" % gw)
if gw == None:
raise j.exceptions.RuntimeError("Did not find gw: %s" % gw)
if not j.sal.nettools.pingMachine(gw, pingtimeout=2):
raise j.exceptions.RuntimeError(
"cannot continue to execute on bridgeConfigResetPub, gw was not reachable."
)
print("gw can be reached")
if self.bridgeExists("brpub"):
br = pynetlinux.brctl.findbridge("brpub")
br.down()
cmd = "brctl delbr brpub"
j.sal.process.execute(cmd)
try:
import netaddr
n = netaddr.IPNetwork("%s/%s" % (ipaddr, mask))
self.removeNetworkFromInterfaces(str(n.network.ipv4()))
#bring all other brdiges down
for br in pynetlinux.brctl.list_bridges():
counter = 0
while br.is_up() and counter < 10:
br.down()
time.sleep(1)
counter += 1
print("waiting for bridge:%s to go down" % br.name)
#bring own interface down
i = pynetlinux.ifconfig.findif(interface)
if i != None:
print("found %s, will try to bring down." % interface)
i.down()
counter = 0
while i.is_up() and counter < 10:
i.down()
time.sleep(1)
counter += 1
print("waiting for interface:%s to go down" % interface)
cmd = "ip addr flush dev %s" % interface
j.sal.process.execute(cmd)
j.sal.process.execute("sudo stop network-manager",
outputToStdout=False,
outputStderr=False,
die=False)
j.sal.fs.writeFile("/etc/init/network-manager.override", "manual")
j.sal.netconfig.reset()
#now we should have no longer a network & all is clean
j.sal.netconfig.enableInterface(dev=interface,
start=False,
dhcp=False)
j.sal.netconfig.enableInterfaceBridgeStatic(dev="brpub",
ipaddr="%s/%s" %
(ipaddr, mask),
bridgedev=interface,
gw=gw,
start=True)
j.sal.netconfig.setNameserver("8.8.8.8")
except Exception as e:
print("error in bridgeConfigResetPub:'%s'" % e)
j.sal.nettools.setBasicNetConfiguration(interface,
ipaddr,
gw,
mask,
config=False)
return interface, ipaddr, mask, gw
def __init__(self, prefix, policy, ge=None, le=None):
super(PrefixFilter, self).__init__(policy)
self._prefix = prefix
self._network = netaddr.IPNetwork(prefix)
self._ge = ge
self._le = le
def _misc(self):
# TODO: find a way to properly get this at runtime
# see: https://bugzilla.redhat.com/1228215
_interface_name = 'eth0'
self._directory_name = tempfile.mkdtemp()
user_data = ('#cloud-config\n' '# vim: syntax=yaml\n')
f_user_data = os.path.join(self._directory_name, 'user-data')
if (self.environment[ohostedcons.CloudInit.ROOT_SSH_PUBKEY]
or self.environment[ohostedcons.CloudInit.ROOTPWD]):
user_data += ('disable_root: false\n')
if self.environment[ohostedcons.CloudInit.ROOT_SSH_PUBKEY]:
user_data += ('ssh_authorized_keys:\n'
' - {pubkey}\n').format(pubkey=self.environment[
ohostedcons.CloudInit.ROOT_SSH_PUBKEY], )
if self.environment[ohostedcons.CloudInit.ROOTPWD]:
# TODO: use salted hashed password
user_data += (
'ssh_pwauth: True\n'
'chpasswd:\n'
' list: |\n'
' root:{password}\n'
' expire: False\n').format(
password=self.environment[ohostedcons.CloudInit.ROOTPWD], )
if self.environment[ohostedcons.CloudInit.VM_TZ]:
user_data += ('timezone: {tz}\n').format(
tz=self.environment[ohostedcons.CloudInit.VM_TZ])
bootcmd = ''
if (self.environment[ohostedcons.CloudInit.VM_ETC_HOSTS]
or self.environment[ohostedcons.CloudInit.VM_STATIC_CIDR]):
if self.environment[ohostedcons.CloudInit.VM_ETC_HOSTS]:
bootcmd += (
' - echo "{myip} {myfqdn}" >> /etc/hosts\n'
).format(
myip=self.environment[ohostedcons.CloudInit.HOST_IP],
myfqdn=self.environment[ohostedcons.NetworkEnv.HOST_NAME],
)
if self.environment[
ohostedcons.CloudInit.
VM_STATIC_CIDR] and self.environment[
ohostedcons.CloudInit.INSTANCE_HOSTNAME]:
ip = netaddr.IPNetwork(
self.environment[ohostedcons.CloudInit.VM_STATIC_CIDR])
bootcmd += (
' - echo "{ip} {fqdn}" >> /etc/hosts\n').format(
ip=ip.ip,
fqdn=self.environment[
ohostedcons.CloudInit.INSTANCE_HOSTNAME],
)
# Due to a cloud-init bug
# (https://bugs.launchpad.net/cloud-init/+bug/1225922)
# we have to deactivate and reactive the interface just after
# the boot on static IP configurations
if self.environment[ohostedcons.CloudInit.VM_STATIC_CIDR]:
fname = ('/etc/sysconfig/network-scripts/ifcfg-{iname}'.format(
iname=_interface_name))
if self.environment[ohostedcons.CloudInit.VM_DNS]:
dnslist = [
d.strip() for d in self.environment[
ohostedcons.CloudInit.VM_DNS].split(',')
]
dn = 1
for dns in dnslist:
bootcmd += ' - echo "DNS{dn}={dns}" >> {f}\n'.format(
dn=dn,
dns=dns,
f=fname,
)
dn += 1
if self.environment[
ohostedcons.CloudInit.INSTANCE_DOMAINNAME]:
bootcmd += ' - echo "DOMAIN={d}" >> {f}\n'.format(
d=self.environment[
ohostedcons.CloudInit.INSTANCE_DOMAINNAME],
f=fname,
)
# Due to another cloud-init bug we have now also to force
# the gataway address:
# https://bugs.launchpad.net/cloud-init/+bug/1686856
# https://bugzilla.redhat.com/show_bug.cgi?id=1492726
# TODO: remove ASAP once fixed on cloud-init side
if self.environment[ohostedcons.NetworkEnv.GATEWAY]:
bootcmd += (
' - if ! grep -Gq "^GATEWAY" {f}; '
'then echo "GATEWAY={g}" >> {f}; '
'fi\n').format(
g=self.environment[ohostedcons.NetworkEnv.GATEWAY],
f=fname,
)
bootcmd += (' - if ! grep -Gq "^DEFROUTE" {f}; '
'then echo "DEFROUTE=yes" >> {f}; '
'fi\n').format(f=fname, )
bootcmd += (' - ifdown {iname}\n'
' - ifup {iname}\n').format(iname=_interface_name)
# see: https://bugzilla.redhat.com/1126096
bootcmd += ' - setenforce 0\n'
if bootcmd:
user_data += ('bootcmd:\n' '{b}').format(b=bootcmd)
user_data += (
' - if grep -Gq "^\s*PermitRootLogin" /etc/ssh/sshd_config;'
' then sed -re'
' "s/^\s*(PermitRootLogin)\s+(yes|no|without-password)/'
' \\1 {root_ssh}/" -i.$(date -u +%Y%m%d%H%M%S)'
' /etc/ssh/sshd_config;'
' else'
' echo "PermitRootLogin {root_ssh}" >> /etc/ssh/sshd_config;'
' fi\n').format(root_ssh=self.environment[
ohostedcons.CloudInit.ROOT_SSH_ACCESS].lower())
if self.environment[ohostedcons.CloudInit.EXECUTE_ESETUP]:
org = 'Test'
if '.' in self.environment[
ohostedcons.NetworkEnv.OVIRT_HOSTED_ENGINE_FQDN]:
org = self.environment[
ohostedcons.NetworkEnv.OVIRT_HOSTED_ENGINE_FQDN].split(
'.', 1)[1]
engine_restore = ''
adminPwd = (
' OVESETUP_CONFIG/adminPassword=str:{password}\n').format(
password=self.environment[
ohostedcons.EngineEnv.ADMIN_PASSWORD], )
if self.environment[ohostedcons.CoreEnv.UPGRADING_APPLIANCE]:
engine_restore = (
' - engine-backup --mode=restore --file={backup_file}'
' --log=engine_restore.log --restore-permissions'
' --provision-db {p_dwh_db} {p_reports_db}'
' 1>{port}'
' 2>&1\n'
' - if [ $? -eq 0 ];'
' then echo "{success_string}" >{port};'
' else echo "{fail_string}" >{port};'
' fi\n'
).format(
backup_file=self.environment[
ohostedcons.Upgrade.DST_BACKUP_FILE],
p_dwh_db='--provision-dwh-db' if
self.environment[ohostedcons.Upgrade.RESTORE_DWH] else '',
p_reports_db='--provision-reports-db'
if self.environment[ohostedcons.Upgrade.RESTORE_REPORTS]
else '',
port=(ohostedcons.Const.VIRTIO_PORTS_PATH +
ohostedcons.Const.OVIRT_HE_CHANNEL_NAME),
success_string=ohostedcons.Const.E_RESTORE_SUCCESS_STRING,
fail_string=ohostedcons.Const.E_RESTORE_FAIL_STRING,
)
adminPwd = ''
self.logger.debug('engine_restore: {er}'.format(er=engine_restore))
libgfapi_enable = ''
if self.environment[ohostedcons.StorageEnv.ENABLE_LIBGFAPI]:
libgfapi_enable = (
'&& engine-config -s LibgfApiSupported=true --cver=4.1 '
'&& engine-config -s LibgfApiSupported=true --cver=4.2 '
'&& systemctl restart ovirt-engine')
user_data += (
'write_files:\n'
' - content: |\n'
' [environment:init]\n'
' DIALOG/autoAcceptDefault=bool:True\n'
' [environment:default]\n'
'{adminPwd}'
' OVESETUP_CONFIG/fqdn=str:{fqdn}\n'
' OVESETUP_PKI/organization=str:{org}\n'
' path: {heanswers}\n'
' owner: root:root\n'
' permissions: \'0640\'\n'
'runcmd:\n'
# restarting sshd only at runcmd stage and restarting it
# in background to be sure it will never block this script
' - systemctl restart sshd &\n'
'{engine_restore}'
' - /usr/bin/engine-setup --offline'
' --config-append={applianceanswers}'
' --config-append={heanswers}'
' 1>{port}'
' 2>&1 {libgfapi_enable}\n'
' - if [ $? -eq 0 ];'
' then echo "{success_string}" >{port};'
' else echo "{fail_string}" >{port};'
' fi\n'
' - rm {heanswers}\n'
' - setenforce 1\n'
).format(
fqdn=self.environment[
ohostedcons.NetworkEnv.OVIRT_HOSTED_ENGINE_FQDN],
org=org,
adminPwd=adminPwd,
applianceanswers=ohostedcons.Const.CLOUD_INIT_APPLIANCEANSWERS,
heanswers=ohostedcons.Const.CLOUD_INIT_HEANSWERS,
port=(ohostedcons.Const.VIRTIO_PORTS_PATH +
ohostedcons.Const.OVIRT_HE_CHANNEL_NAME),
success_string=ohostedcons.Const.E_SETUP_SUCCESS_STRING,
fail_string=ohostedcons.Const.E_SETUP_FAIL_STRING,
engine_restore=engine_restore,
libgfapi_enable=libgfapi_enable)
if 'runcmd:\n' not in user_data:
user_data += 'runcmd:\n'
user_data += (' - systemctl mask cloud-init-local || '
' chkconfig cloud-init-local off\n'
' - systemctl mask cloud-init || ('
' chkconfig cloud-init off &&'
' chkconfig cloud-config off &&'
' chkconfig cloud-final off'
' )\n')
f = open(f_user_data, 'w')
f.write(user_data)
f.close()
meta_data = 'instance-id: {instance}\n'.format(
instance=self.environment[ohostedcons.VMEnv.VM_UUID], )
f_meta_data = os.path.join(self._directory_name, 'meta-data')
if self.environment[ohostedcons.CloudInit.INSTANCE_HOSTNAME]:
meta_data += ('local-hostname: {hostname}\n').format(
instance=self.environment[ohostedcons.VMEnv.VM_UUID],
hostname=self.environment[
ohostedcons.CloudInit.INSTANCE_HOSTNAME],
)
if self.environment[ohostedcons.CloudInit.VM_STATIC_CIDR]:
ip = netaddr.IPNetwork(
self.environment[ohostedcons.CloudInit.VM_STATIC_CIDR])
meta_data += (
'network-interfaces: |\n'
' auto {iname}\n'
' iface {iname} inet static\n'
' address {ip_addr}\n'
' network {network}\n'
' netmask {netmask}\n'
' broadcast {broadcast}\n'
' gateway {gateway}\n').format(
ip_addr=ip.ip,
network=ip.network,
netmask=ip.netmask,
broadcast=ip.broadcast,
gateway=self.environment[ohostedcons.NetworkEnv.GATEWAY],
iname=_interface_name,
)
f = open(f_meta_data, 'w')
f.write(meta_data)
f.close()
f_cloud_init_iso = os.path.join(self._directory_name, 'seed.iso')
rc, stdout, stderr = self.execute((
self.command.get('genisoimage'),
'-output',
f_cloud_init_iso,
'-volid',
'cidata',
'-joliet',
'-rock',
'-input-charset',
'utf-8',
f_meta_data,
f_user_data,
))
if rc != 0:
raise RuntimeError(_('Error generating cloud-init ISO image'))
os.unlink(f_meta_data)
os.unlink(f_user_data)
self.environment[ohostedcons.VMEnv.CDROM] = f_cloud_init_iso
os.chmod(self._directory_name, 0o710)
os.chown(
self._directory_name,
pwd.getpwnam('vdsm').pw_uid,
pwd.getpwnam('qemu').pw_uid,
)
os.chmod(f_cloud_init_iso, 0o600)
os.chown(
f_cloud_init_iso,
pwd.getpwnam('qemu').pw_uid,
pwd.getpwnam('qemu').pw_uid,
)
def interface_configure(self,
dev,
ipaddr=None,
bridgedev=None,
gw=None,
dhcp=False,
apply=True):
"""
ipaddr in form of 192.168.10.2/24 (can be list)
gateway in form of 192.168.10.254
"""
if dhcp:
C = """
auto $int
iface $int inet dhcp
"""
else:
C = """
auto $int
iface $int inet static
"""
C = j.do.textstrip(C)
if bridgedev != None:
C += " bridge_fd 0\n"
C += " bridge_maxwait 0\n"
if ipaddr != None:
if dhcp:
raise j.exceptions.RuntimeError("cannot specify ipaddr & dhcp")
C += " address $ip\n"
C += " netmask $mask\n"
C += " network $net\n"
else:
C = C.replace("static", "manual")
if bridgedev != None:
C += " bridge_ports %s\n" % bridgedev
# else:
# C+=" bridge_ports none\n"
if gw != None:
C += " gateway %s" % gw
# future="""
# #broadcast <broadcast IP here, e.g. 192.168.1.255>
# # dns-* options are implemented by the resolvconf package, if installed
# #dns-nameservers <name server IP address here, e.g. 192.168.1.1>
# #dns-search your.search.domain.here
# """
path = self._getInterfacePath()
ed = j.tools.code.getTextFileEditor(path)
ed.setSection(dev, C)
ip = netaddr.IPNetwork(ipaddr)
C = C.replace("$ip", str(ip.ip))
C = C.replace("$mask", str(ip.netmask))
C = C.replace("$net", str(ip.network))
C = C.replace("$int", dev)
path = self._getInterfacePath()
ed = j.tools.code.getTextFileEditor(path)
ed.setSection(devToApplyTo, C)
if apply:
self.interfaces_restart(dev)
if dhcp:
print("refresh dhcp")
self._executor.execute("dhclient %s" % dev)
def _test_delete_rule(self, ip, table, priority):
ip_version = netaddr.IPNetwork(ip).version
self.rule_cmd.delete(ip, table, priority)
self._assert_sudo([ip_version],
('del', 'table', table, 'priority', priority))
def _test_add_rule_exists(self, ip, table, priority, output):
self.parent._as_root.return_value = output
ip_version = netaddr.IPNetwork(ip).version
self.rule_cmd.add(ip, table, priority)
self._assert_sudo([ip_version], (['show']))
def validate_hostmask(ugettext, hostmask):
try:
netaddr.IPNetwork(hostmask)
except (ValueError, AddrFormatError):
return _('invalid hostmask')
def as_netaddr(self):
"""Convenient function to get cidr as a netaddr object."""
return netaddr.IPNetwork(self['cidr'])
def _flush_ips(self, device, ip_version):
device.addr.flush(ip_version)
for ip_address in device.addr.list():
cidr = netaddr.IPNetwork(ip_address['cidr'])
self.assertNotEqual(ip_version, cidr.version)
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from unittest2 import TestCase
import mock
import netaddr
from collections import OrderedDict
from akanda.router import models
from akanda.router.drivers import dnsmasq
ext_subnet = mock.Mock()
ext_subnet.gateway_ip = netaddr.IPAddress('dead:beef::1')
ext_subnet.cidr = netaddr.IPNetwork('dead:beef::/64')
ext_subnet.dns_nameservers = []
ext_subnet.host_routes = [models.StaticRoute('172.16.0.0/16', '192.168.1.1')]
ext_subnet.dns_nameservers = ['8.8.8.8', '8.8.4.4']
ext_net = mock.Mock()
ext_net.subnets = [ext_subnet]
ext_net.is_internal_network = False
ext_net.is_external_network = True
ext_net.is_tenant_network = False
ext_net.interface.ifname = 'ge0'
ext_net.address_allocations = [
models.Allocation(
'fa:da:fa:da:fa:da:',
{
'192.168.1.2': True,
def _port_has_ipv6_subnet(port):
if 'subnets' in port:
for subnet in port['subnets']:
if (netaddr.IPNetwork(subnet['cidr']).version == 6 and
subnet['cidr'] != n_const.PROVISIONAL_IPV6_PD_PREFIX):
return True
def _fixup_allowed_ipaddress_pairs(cls, allowed_address_pairs):
"""unify (ip address or network address) into network address"""
for address_pair in allowed_address_pairs:
ip_address = address_pair['ip_address']
network_address = str(netaddr.IPNetwork(ip_address))
address_pair['ip_address'] = network_address
def ipaddr(value, query='', version=False, alias='ipaddr'):
''' Check if string is an IP address or network and filter it '''
query_func_extra_args = {
'': ('vtype', ),
'6to4': ('vtype', 'value'),
'cidr_lookup': ('iplist', 'value'),
'first_usable': ('vtype', ),
'int': ('vtype', ),
'ipv4': ('value', ),
'ipv6': ('value', ),
'last_usable': ('vtype', ),
'link-local': ('value', ),
'loopback': ('value', ),
'lo': ('value', ),
'multicast': ('value', ),
'next_usable': ('vtype', ),
'previous_usable': ('vtype', ),
'private': ('value', ),
'public': ('value', ),
'unicast': ('value', ),
'range_usable': ('vtype', ),
'wrap': ('vtype', 'value'),
}
query_func_map = {
'': _empty_ipaddr_query,
'6to4': _6to4_query,
'address': _ip_query,
'address/prefix': _address_prefix_query, # deprecate
'bool': _bool_ipaddr_query,
'broadcast': _broadcast_query,
'cidr': _cidr_query,
'cidr_lookup': _cidr_lookup_query,
'first_usable': _first_usable_query,
'gateway': _gateway_query, # deprecate
'gw': _gateway_query, # deprecate
'host': _host_query,
'host/prefix': _address_prefix_query, # deprecate
'hostmask': _hostmask_query,
'hostnet': _gateway_query, # deprecate
'int': _int_query,
'ip': _ip_query,
'ip/prefix': _ip_prefix_query,
'ip_netmask': _ip_netmask_query,
# 'ip_wildcard': _ip_wildcard_query, built then could not think of use case
'ipv4': _ipv4_query,
'ipv6': _ipv6_query,
'last_usable': _last_usable_query,
'link-local': _link_local_query,
'lo': _loopback_query,
'loopback': _loopback_query,
'multicast': _multicast_query,
'net': _net_query,
'next_usable': _next_usable_query,
'netmask': _netmask_query,
'network': _network_query,
'network_id': _network_id_query,
'network/prefix': _subnet_query,
'network_netmask': _network_netmask_query,
'network_wildcard': _network_wildcard_query,
'prefix': _prefix_query,
'previous_usable': _previous_usable_query,
'private': _private_query,
'public': _public_query,
'range_usable': _range_usable_query,
'revdns': _revdns_query,
'router': _gateway_query, # deprecate
'size': _size_query,
'size_usable': _size_usable_query,
'subnet': _subnet_query,
'type': _type_query,
'unicast': _unicast_query,
'v4': _ipv4_query,
'v6': _ipv6_query,
'version': _version_query,
'wildcard': _hostmask_query,
'wrap': _wrap_query,
}
vtype = None
if not value:
return False
elif value is True:
return False
# Check if value is a list and parse each element
elif isinstance(value, (list, tuple, types.GeneratorType)):
_ret = []
for element in value:
if ipaddr(element, str(query), version):
_ret.append(ipaddr(element, str(query), version))
if _ret:
return _ret
else:
return list()
# Check if value is a number and convert it to an IP address
elif str(value).isdigit():
# We don't know what IP version to assume, so let's check IPv4 first,
# then IPv6
try:
if ((not version) or (version and version == 4)):
v = netaddr.IPNetwork('0.0.0.0/0')
v.value = int(value)
v.prefixlen = 32
elif version and version == 6:
v = netaddr.IPNetwork('::/0')
v.value = int(value)
v.prefixlen = 128
# IPv4 didn't work the first time, so it definitely has to be IPv6
except:
try:
v = netaddr.IPNetwork('::/0')
v.value = int(value)
v.prefixlen = 128
# The value is too big for IPv6. Are you a nanobot?
except:
return False
# We got an IP address, let's mark it as such
value = str(v)
vtype = 'address'
# value has not been recognized, check if it's a valid IP string
else:
try:
v = netaddr.IPNetwork(value)
# value is a valid IP string, check if user specified
# CIDR prefix or just an IP address, this will indicate default
# output format
try:
address, prefix = value.split('/')
vtype = 'network'
except:
vtype = 'address'
# value hasn't been recognized, maybe it's a numerical CIDR?
except:
try:
address, prefix = value.split('/')
address.isdigit()
address = int(address)
prefix.isdigit()
prefix = int(prefix)
# It's not numerical CIDR, give up
except:
return False
# It is something, so let's try and build a CIDR from the parts
try:
v = netaddr.IPNetwork('0.0.0.0/0')
v.value = address
v.prefixlen = prefix
# It's not a valid IPv4 CIDR
except:
try:
v = netaddr.IPNetwork('::/0')
v.value = address
v.prefixlen = prefix
# It's not a valid IPv6 CIDR. Give up.
except:
return False
# We have a valid CIDR, so let's write it in correct format
value = str(v)
vtype = 'network'
# We have a query string but it's not in the known query types. Check if
# that string is a valid subnet, if so, we can check later if given IP
# address/network is inside that specific subnet
try:
# ?? 6to4 and link-local were True here before. Should they still?
if query and (query not in query_func_map
or query == 'cidr_lookup') and ipaddr(query, 'network'):
iplist = netaddr.IPSet([netaddr.IPNetwork(query)])
query = 'cidr_lookup'
except:
pass
# This code checks if value maches the IP version the user wants, ie. if
# it's any version ("ipaddr()"), IPv4 ("ipv4()") or IPv6 ("ipv6()")
# If version does not match, return False
if version and v.version != version:
return False
extras = []
for arg in query_func_extra_args.get(query, tuple()):
extras.append(locals()[arg])
try:
return query_func_map[query](v, *extras)
except KeyError:
try:
float(query)
if v.size == 1:
if vtype == 'address':
return str(v.ip)
elif vtype == 'network':
return str(v)
elif v.size > 1:
try:
return str(v[query]) + '/' + str(v.prefixlen)
except:
return False
else:
return value
except:
raise errors.AnsibleFilterError(alias +
': unknown filter type: %s' %
query)
return False
def test_is_cidr_host_ipv6_netaddr(self):
net = netaddr.IPNetwork("2000::1")
self.assertTrue(utils.is_cidr_host(net))
def ipsubnet(value, query='', index='x'):
''' Manipulate IPv4/IPv6 subnets '''
try:
vtype = ipaddr(value, 'type')
if vtype == 'address':
v = ipaddr(value, 'cidr')
elif vtype == 'network':
v = ipaddr(value, 'subnet')
value = netaddr.IPNetwork(v)
except:
return False
query_string = str(query)
if not query:
return str(value)
elif query_string.isdigit():
vsize = ipaddr(v, 'size')
query = int(query)
try:
float(index)
index = int(index)
if vsize > 1:
try:
return str(list(value.subnet(query))[index])
except:
return False
elif vsize == 1:
try:
return str(value.supernet(query)[index])
except:
return False
except:
if vsize > 1:
try:
return str(len(list(value.subnet(query))))
except:
return False
elif vsize == 1:
try:
return str(value.supernet(query)[0])
except:
return False
elif query_string:
vtype = ipaddr(query, 'type')
if vtype == 'address':
v = ipaddr(query, 'cidr')
elif vtype == 'network':
v = ipaddr(query, 'subnet')
else:
msg = 'You must pass a valid subnet or IP address; {0} is invalid'.format(
query_string)
raise errors.AnsibleFilterError(msg)
query = netaddr.IPNetwork(v)
for i, subnet in enumerate(query.subnet(value.prefixlen), 1):
if subnet == value:
return str(i)
msg = '{0} is not in the subnet {1}'.format(value.cidr, query.cidr)
raise errors.AnsibleFilterError(msg)
return False
def get_node_link_address(node: Box, ifdata: Box, node_link_data: dict,
prefix: dict, node_id: int) -> typing.Optional[str]:
if common.DEBUG: # pragma: no cover (debugging)
print(f"get_node_link_address for {node.name}:\n" +
f".. ifdata: {ifdata}\n" +
f".. node_link_data: {node_link_data}\n" +
f".. prefix: {prefix}\n" + f".. node_id: {node_id}")
if 'unnumbered' in prefix: # Special case: old-style unnumbered link
if common.DEBUG: # pragma: no cover (debugging)
print(f"... node loopback: {node.loopback}")
for af in ('ipv4', 'ipv6'): # Set AF to True for all address families
if af in node_link_data:
return (
f'{af} address ignored for node {node.name} on a fully-unnumbered link'
)
if af in node.loopback: # ... present on node loopback interface
ifdata[af] = True
node_link_data[af] = True
return None
for af in ('ipv4', 'ipv6'):
node_addr = None
if af in node_link_data: # static IP address or host index
if isinstance(node_link_data[af],
bool): # unnumbered node, leave it alone
continue
if isinstance(
node_link_data[af],
int): # host portion of IP address specified as an integer
if af in prefix:
if isinstance(prefix[af], bool):
return (
f'Node {node.name} is using host index for {af} on an unnumbered link'
)
try:
node_addr = netaddr.IPNetwork(
prefix[af][node_link_data[af]])
node_addr.prefixlen = prefix[af].prefixlen
except Exception as ex:
return (
f'Cannot assign host index {node_link_data[af]} in {af} from prefix {prefix[af]} to node {node.name}\n'
+ f'... {ex}')
else:
return (
f'Node {node.name} is using host index {node_link_data[af]} for {af} on a link that does not have {af} prefix'
)
else: # static IP address
try:
node_addr = netaddr.IPNetwork(node_link_data[af])
except:
return (
f'Invalid {af} link address {node_link_data[af]} for node {node.name}'
)
if '/' not in node_link_data[af] and af in prefix:
node_addr.prefixlen = prefix[af].prefixlen
if str(node_addr) == str(
node_addr.cidr
): # Check whether the node address includes a host portion
lb = not(':' in str(node_addr)) \
and node_addr.prefixlen == 32 # Exception#1: IPv4/32
lb = lb or node_addr.prefixlen == 128 # Exception#2: IPv6/128
if not lb:
return (
f'Static node address {node_link_data[af]} for node {node.name} does not include a host portion'
)
elif af in prefix:
if isinstance(prefix[af], bool): # New-style unnumbered link
if prefix[af]: # Copy only True value into interface data
ifdata[af] = prefix[
af] # ... to ensure AF presence in ifdata indicates protocol-on-interface
node_link_data[af] = prefix[af]
else:
try:
node_addr = netaddr.IPNetwork(prefix[af][node_id])
except Exception as ex:
return (
f'Cannot assign {af} address from prefix {prefix[af]} to node {node.name} with ID {node.id}\n'
+ f'... {ex}')
node_addr.prefixlen = prefix[af].prefixlen
if node_addr:
node_link_data[af] = str(node_addr)
ifdata[af] = node_link_data[af]
if common.DEBUG: # pragma: no cover (debugging)
print(f"get_node_link_address for {node.name} completed:\n" +
f".. ifdata: {ifdata}\n" +
f".. node_link_data: {node_link_data}")
print
return None
def router_append_interface(router,
count=1,
ip_version=lib_constants.IP_VERSION_4,
ra_mode=None,
addr_mode=None,
dual_stack=False,
same_port=False):
interfaces = router[lib_constants.INTERFACE_KEY]
current = sum([
netaddr.IPNetwork(subnet['cidr']).version == ip_version
for p in interfaces for subnet in p['subnets']
])
# If dual_stack=True, create IPv4 and IPv6 subnets on each port
# If same_port=True, create ip_version number of subnets on a single port
# Else create just an ip_version subnet on each port
if dual_stack:
ip_versions = [lib_constants.IP_VERSION_4, lib_constants.IP_VERSION_6]
elif same_port:
ip_versions = [ip_version] * count
count = 1
else:
ip_versions = [ip_version]
mac_address = netaddr.EUI('ca:fe:de:ad:be:ef')
mac_address.dialect = netaddr.mac_unix
for i in range(current, current + count):
fixed_ips = []
subnets = []
for loop_version in ip_versions:
if (loop_version == lib_constants.IP_VERSION_4 and
(ip_version == lib_constants.IP_VERSION_4 or dual_stack)):
ip_pool = '35.4.%i.4'
cidr_pool = '35.4.%i.0/24'
prefixlen = 24
gw_pool = '35.4.%i.1'
elif (loop_version == lib_constants.IP_VERSION_6 and
(ip_version == lib_constants.IP_VERSION_6 or dual_stack)):
ip_pool = 'fd01:%x:1::6'
cidr_pool = 'fd01:%x:1::/64'
prefixlen = 64
gw_pool = 'fd01:%x:1::1'
else:
continue
subnet_id = _uuid()
fixed_ips.append({
'ip_address': ip_pool % i,
'subnet_id': subnet_id,
'prefixlen': prefixlen
})
subnets.append({
'id': subnet_id,
'cidr': cidr_pool % i,
'gateway_ip': gw_pool % i,
'ipv6_ra_mode': ra_mode,
'ipv6_address_mode': addr_mode
})
if not fixed_ips:
raise ValueError("Invalid ip_version: %s" % ip_version)
interfaces.append({
'id': _uuid(),
'mtu': 1500,
'network_id': _uuid(),
'admin_state_up': True,
'fixed_ips': fixed_ips,
'mac_address': str(mac_address),
'subnets': subnets
})
mac_address.value += 1
def get_random_ip_network(version=4):
return netaddr.IPNetwork(get_random_cidr(version=version))
default="console",
help="desired nmap output flag. default is to screen")
nmapscan.add_argument("-output_file",
type=str,
required=False,
default="results.txt",
help="path of results. default is results.txt")
nmapscan.add_argument("-packet_rate",
type=int,
required=False,
default=1,
help="Packet rate")
nmapargs = nmapscan.parse_args()
if nmapargs.netrange is not None:
for ip in netaddr.IPNetwork(nmapargs.netrange).iter_hosts():
threads = [nmapargs.packet_rate]
nmapthread = threading.Thread(target=nmap_run, args=(str(ip), ))
threads.append(nmapthread)
nmapthread.start()
elif nmapargs.ip is not None:
nmap_run(nmapargs.ip)
elif nmapargs.target_file is not None:
with open(nmapargs.target_file, mode='r', buffering=1) as targets_file:
targets = targets_file.readlines()
for target in targets:
for ip in netaddr.IPNetwork(target).iter_hosts():
threads = [nmapargs.packet_rate]
nmapthread = threading.Thread(target=nmap_run,
def getCidrSize(cidr):
try:
ipn = netaddr.IPNetwork(cidr)
return ipn.size
except netaddr.AddrFormatError:
return False
def is_in_subnet(self, subnet):
if self['address'] and subnet['cidr']:
return (netaddr.IPAddress(self['address'])
in netaddr.IPNetwork(subnet['cidr']))
else:
return False
def configure_extra_routes(self, ctx, payload):
t_router_id = payload[constants.JT_ROUTER]
t_client = self._get_client()
t_router = t_client.get_routers(ctx, t_router_id)
if not t_router:
return
if t_router.get('external_gateway_info'):
t_ext_net_id = t_router['external_gateway_info']['network_id']
else:
t_ext_net_id = None
non_vm_port_types = [q_constants.DEVICE_OWNER_ROUTER_INTF,
q_constants.DEVICE_OWNER_DVR_INTERFACE,
q_constants.DEVICE_OWNER_ROUTER_SNAT,
q_constants.DEVICE_OWNER_ROUTER_GW,
q_constants.DEVICE_OWNER_DHCP]
ew_attached_port_types = [q_constants.DEVICE_OWNER_ROUTER_INTF,
q_constants.DEVICE_OWNER_DVR_INTERFACE,
q_constants.DEVICE_OWNER_ROUTER_GW]
ns_attached_port_types = [q_constants.DEVICE_OWNER_ROUTER_INTF,
q_constants.DEVICE_OWNER_DVR_INTERFACE]
mappings = db_api.get_bottom_mappings_by_top_id(ctx, t_router_id,
constants.RT_ROUTER)
if not mappings:
b_pods, b_router_ids = [], []
else:
b_pods, b_router_ids = map(list, zip(*mappings))
ns_mappings = db_api.get_bottom_mappings_by_top_id(
ctx, t_router_id, constants.RT_NS_ROUTER)
b_ns_pdd, b_ns_router_id = None, None
if ns_mappings:
b_ns_pdd, b_ns_router_id = ns_mappings[0]
b_pods.append(b_ns_pdd)
b_router_ids.append(b_ns_router_id)
router_ew_bridge_ip_map = {}
router_ns_bridge_ip_map = {}
router_ips_map = {}
for i, b_pod in enumerate(b_pods):
is_ns_router = b_router_ids[i] == b_ns_router_id
bottom_client = self._get_client(b_pod['region_name'])
if is_ns_router:
device_owner_filter = ns_attached_port_types
else:
device_owner_filter = ew_attached_port_types
b_interfaces = bottom_client.list_ports(
ctx, filters=[{'key': 'device_id',
'comparator': 'eq',
'value': b_router_ids[i]},
{'key': 'device_owner',
'comparator': 'eq',
'value': device_owner_filter}])
router_ips_map[b_router_ids[i]] = {}
for b_interface in b_interfaces:
ip = b_interface['fixed_ips'][0]['ip_address']
bridge_cidr = CONF.client.bridge_cidr
if netaddr.IPAddress(ip) in netaddr.IPNetwork(bridge_cidr):
if is_ns_router:
# this ip is the default gateway ip for north-south
# networking
router_ns_bridge_ip_map[b_router_ids[i]] = ip
else:
# this ip is the next hop for east-west networking
router_ew_bridge_ip_map[b_router_ids[i]] = ip
continue
b_net_id = b_interface['network_id']
b_subnet = bottom_client.get_subnets(
ctx, b_interface['fixed_ips'][0]['subnet_id'])
b_ports = bottom_client.list_ports(
ctx, filters=[{'key': 'network_id',
'comparator': 'eq',
'value': b_net_id}])
b_vm_ports = [b_port for b_port in b_ports if b_port.get(
'device_owner', '') not in non_vm_port_types]
ips = [vm_port['fixed_ips'][0][
'ip_address'] for vm_port in b_vm_ports]
router_ips_map[b_router_ids[i]][b_subnet['cidr']] = ips
# handle extra routes for east-west traffic
for i, b_router_id in enumerate(b_router_ids):
if b_router_id == b_ns_router_id:
continue
bottom_client = self._get_client(b_pods[i]['region_name'])
extra_routes = []
if not router_ips_map[b_router_id]:
bottom_client.update_routers(
ctx, b_router_id, {'router': {'routes': extra_routes}})
continue
for router_id, cidr_ips_map in six.iteritems(router_ips_map):
if router_id == b_router_id:
continue
for cidr, ips in six.iteritems(cidr_ips_map):
if cidr in router_ips_map[b_router_id]:
continue
for ip in ips:
route = {'nexthop': router_ew_bridge_ip_map[router_id],
'destination': ip + '/32'}
extra_routes.append(route)
if router_ns_bridge_ip_map and t_ext_net_id:
extra_routes.append(
{'nexthop': router_ns_bridge_ip_map.values()[0],
'destination': constants.DEFAULT_DESTINATION})
bottom_client.update_routers(
ctx, b_router_id, {'router': {'routes': extra_routes}})
if not b_ns_router_id:
# router for north-south networking not exist, skip extra routes
# configuration for north-south router
return
if not t_ext_net_id:
# router not attached to external gateway but router for north-
# south networking exists, clear the extra routes
bottom_client = self._get_client(b_ns_pdd['region_name'])
bottom_client.update_routers(
ctx, b_ns_router_id, {'router': {'routes': []}})
return
# handle extra routes for north-south router
ip_bridge_ip_map = {}
for router_id, cidr_ips_map in six.iteritems(router_ips_map):
if router_id not in router_ew_bridge_ip_map:
continue
for cidr, ips in six.iteritems(cidr_ips_map):
for ip in ips:
nexthop = router_ew_bridge_ip_map[router_id]
destination = ip + '/32'
ip_bridge_ip_map[destination] = nexthop
bottom_client = self._get_client(b_ns_pdd['region_name'])
extra_routes = []
for fixed_ip in ip_bridge_ip_map:
extra_routes.append(
{'nexthop': ip_bridge_ip_map[fixed_ip],
'destination': fixed_ip})
bottom_client.update_routers(
ctx, b_ns_router_id, {'router': {'routes': extra_routes}})
def coerce(obj, attr, value):
try:
return netaddr.IPNetwork(value, version=6)
except netaddr.AddrFormatError as e:
raise ValueError(six.text_type(e))