def deploy_nat(self): if not self.provide_nat: return subst = self.subst_dict() floatnet = from_db('floating') if not self.floating_gateway: self.floating_gateway = floatnet.ipmanager.get_random_free_address( ) self.persist_floating_gateway() floatnet.persist_ipmanager() subst['floating_router'] = floatnet.ipmanager.get_address_at_index(1) subst['floating_gateway'] = self.floating_gateway subst['floating_netmask'] = floatnet.netmask with lockutils.lock('sf_net_%s' % self.uuid, external=True, lock_path='/tmp/'): if not subst['floating_gateway'] in list( util.get_interface_addresses( subst['namespace'], subst['physical_veth_inner'])): with util.RecordedOperation('enable virtual routing', self) as _: processutils.execute( '%(in_namespace)s ip addr add %(floating_gateway)s/%(floating_netmask)s ' 'dev %(physical_veth_inner)s' % subst, shell=True) processutils.execute( '%(in_namespace)s ip link set %(physical_veth_inner)s up' % subst, shell=True) processutils.execute( '%(in_namespace)s route add default gw %(floating_router)s' % subst, shell=True) if not util.nat_rules_for_ipblock(self.ipmanager.network_address): with util.RecordedOperation('enable nat', self) as _: processutils.execute( 'echo 1 > /proc/sys/net/ipv4/ip_forward', shell=True) processutils.execute( '%(in_namespace)s iptables -A FORWARD -o %(physical_veth_inner)s ' '-i %(vx_veth_inner)s -j ACCEPT' % subst, shell=True) processutils.execute( '%(in_namespace)s iptables -A FORWARD -i %(physical_veth_inner)s ' '-o %(vx_veth_inner)s -j ACCEPT' % subst, shell=True) processutils.execute( '%(in_namespace)s iptables -t nat -A POSTROUTING -s %(ipblock)s/%(netmask)s ' '-o %(physical_veth_inner)s -j MASQUERADE' % subst, shell=True)
def deploy_nat(self): if not self.provide_nat: return subst = self.subst_dict() if not self.floating_gateway: with db.get_lock('ipmanager', None, 'floating', ttl=120): ipm = db.get_ipmanager('floating') self.floating_gateway = ipm.get_random_free_address() db.persist_ipmanager('floating', ipm.save()) self.persist_floating_gateway() # No lock because no data changing ipm = db.get_ipmanager('floating') subst['floating_router'] = ipm.get_address_at_index(1) subst['floating_gateway'] = self.floating_gateway subst['floating_netmask'] = ipm.netmask with db.get_lock('network', None, self.uuid, ttl=120): if not subst['floating_gateway'] in list( util.get_interface_addresses( subst['netns'], subst['physical_veth_inner'])): with util.RecordedOperation('enable virtual routing', self): util.execute( None, '%(in_netns)s ip addr add %(floating_gateway)s/%(floating_netmask)s ' 'dev %(physical_veth_inner)s' % subst) util.execute( None, '%(in_netns)s ip link set %(physical_veth_inner)s up' % subst) util.execute( None, '%(in_netns)s route add default gw %(floating_router)s' % subst) if not util.nat_rules_for_ipblock(self.network_address): with util.RecordedOperation('enable nat', self): util.execute(None, 'echo 1 > /proc/sys/net/ipv4/ip_forward') util.execute( None, '%(in_netns)s iptables -A FORWARD -o %(physical_veth_inner)s ' '-i %(vx_veth_inner)s -j ACCEPT' % subst) util.execute( None, '%(in_netns)s iptables -A FORWARD -i %(physical_veth_inner)s ' '-o %(vx_veth_inner)s -j ACCEPT' % subst) util.execute( None, '%(in_netns)s iptables -t nat -A POSTROUTING -s %(ipblock)s/%(netmask)s ' '-o %(physical_veth_inner)s -j MASQUERADE' % subst)
def deploy_nat(self): if not self.db_entry['provide_nat']: return subst = self.subst_dict() if not self.db_entry['floating_gateway']: with db.get_lock('ipmanager', None, 'floating', ttl=120, op='Network deploy NAT'): ipm = db.get_ipmanager('floating') self.db_entry[ 'floating_gateway'] = ipm.get_random_free_address() db.persist_ipmanager('floating', ipm.save()) self.persist_floating_gateway() # No lock because no data changing ipm = db.get_ipmanager('floating') subst['floating_router'] = ipm.get_address_at_index(1) subst['floating_gateway'] = self.db_entry['floating_gateway'] subst['floating_netmask'] = ipm.netmask with db.get_object_lock(self, ttl=120, op='Network deploy NAT'): # Ensure network was not deleted whilst waiting for the lock. if self.is_dead(): raise DeadNetwork('network=%s' % self) with util.RecordedOperation('enable virtual routing', self): addresses = util.get_interface_addresses( subst['netns'], subst['physical_veth_inner']) if not subst['floating_gateway'] in list(addresses): util.execute( None, '%(in_netns)s ip addr add ' '%(floating_gateway)s/%(floating_netmask)s ' 'dev %(physical_veth_inner)s' % subst) util.execute( None, '%(in_netns)s ip link set ' '%(physical_veth_inner)s up' % subst) default_routes = util.get_default_routes(subst['netns']) if default_routes != [subst['floating_router']]: if default_routes: for default_route in default_routes: util.execute( None, '%s route del default gw %s' % (subst['in_netns'], default_route)) util.execute( None, '%(in_netns)s route add default ' 'gw %(floating_router)s' % subst) if not util.nat_rules_for_ipblock(self.network_address): with util.RecordedOperation('enable nat', self): util.execute(None, 'echo 1 > /proc/sys/net/ipv4/ip_forward') util.execute( None, '%(in_netns)s iptables -A FORWARD ' '-o %(physical_veth_inner)s ' '-i %(vx_veth_inner)s -j ACCEPT' % subst) util.execute( None, '%(in_netns)s iptables -A FORWARD ' '-i %(physical_veth_inner)s ' '-o %(vx_veth_inner)s -j ACCEPT' % subst) util.execute( None, '%(in_netns)s iptables -t nat -A POSTROUTING ' '-s %(ipblock)s/%(netmask)s ' '-o %(physical_veth_inner)s ' '-j MASQUERADE' % subst)
def test_nat_rules_for_ipblock(self, mock_execute): found = util.nat_rules_for_ipblock('192.168.242.0') self.assertEqual(True, found) found = util.nat_rules_for_ipblock('10.0.0.0') self.assertEqual(False, found)