コード例 #1
0
ファイル: net.py プロジェクト: bradh/shakenfist
    def deploy_nat(self):
        if not self.provide_nat:
            return

        subst = self.subst_dict()
        floatnet = from_db('floating')
        if not self.floating_gateway:
            self.floating_gateway = floatnet.ipmanager.get_random_free_address(
            )
            self.persist_floating_gateway()
            floatnet.persist_ipmanager()

        subst['floating_router'] = floatnet.ipmanager.get_address_at_index(1)
        subst['floating_gateway'] = self.floating_gateway
        subst['floating_netmask'] = floatnet.netmask

        with lockutils.lock('sf_net_%s' % self.uuid,
                            external=True,
                            lock_path='/tmp/'):
            if not subst['floating_gateway'] in list(
                    util.get_interface_addresses(
                        subst['namespace'], subst['physical_veth_inner'])):
                with util.RecordedOperation('enable virtual routing',
                                            self) as _:
                    processutils.execute(
                        '%(in_namespace)s ip addr add %(floating_gateway)s/%(floating_netmask)s '
                        'dev %(physical_veth_inner)s' % subst,
                        shell=True)
                    processutils.execute(
                        '%(in_namespace)s ip link set %(physical_veth_inner)s up'
                        % subst,
                        shell=True)
                    processutils.execute(
                        '%(in_namespace)s route add default gw %(floating_router)s'
                        % subst,
                        shell=True)

            if not util.nat_rules_for_ipblock(self.ipmanager.network_address):
                with util.RecordedOperation('enable nat', self) as _:
                    processutils.execute(
                        'echo 1 > /proc/sys/net/ipv4/ip_forward', shell=True)
                    processutils.execute(
                        '%(in_namespace)s iptables -A FORWARD -o %(physical_veth_inner)s '
                        '-i %(vx_veth_inner)s -j ACCEPT' % subst,
                        shell=True)
                    processutils.execute(
                        '%(in_namespace)s iptables -A FORWARD -i %(physical_veth_inner)s '
                        '-o %(vx_veth_inner)s -j ACCEPT' % subst,
                        shell=True)
                    processutils.execute(
                        '%(in_namespace)s iptables -t nat -A POSTROUTING -s %(ipblock)s/%(netmask)s '
                        '-o %(physical_veth_inner)s -j MASQUERADE' % subst,
                        shell=True)
コード例 #2
0
    def deploy_nat(self):
        if not self.provide_nat:
            return

        subst = self.subst_dict()
        if not self.floating_gateway:
            with db.get_lock('ipmanager', None, 'floating', ttl=120):
                ipm = db.get_ipmanager('floating')
                self.floating_gateway = ipm.get_random_free_address()
                db.persist_ipmanager('floating', ipm.save())
                self.persist_floating_gateway()

        # No lock because no data changing
        ipm = db.get_ipmanager('floating')
        subst['floating_router'] = ipm.get_address_at_index(1)
        subst['floating_gateway'] = self.floating_gateway
        subst['floating_netmask'] = ipm.netmask

        with db.get_lock('network', None, self.uuid, ttl=120):
            if not subst['floating_gateway'] in list(
                    util.get_interface_addresses(
                        subst['netns'], subst['physical_veth_inner'])):
                with util.RecordedOperation('enable virtual routing', self):
                    util.execute(
                        None,
                        '%(in_netns)s ip addr add %(floating_gateway)s/%(floating_netmask)s '
                        'dev %(physical_veth_inner)s' % subst)
                    util.execute(
                        None,
                        '%(in_netns)s ip link set %(physical_veth_inner)s up' %
                        subst)
                    util.execute(
                        None,
                        '%(in_netns)s route add default gw %(floating_router)s'
                        % subst)

            if not util.nat_rules_for_ipblock(self.network_address):
                with util.RecordedOperation('enable nat', self):
                    util.execute(None,
                                 'echo 1 > /proc/sys/net/ipv4/ip_forward')
                    util.execute(
                        None,
                        '%(in_netns)s iptables -A FORWARD -o %(physical_veth_inner)s '
                        '-i %(vx_veth_inner)s -j ACCEPT' % subst)
                    util.execute(
                        None,
                        '%(in_netns)s iptables -A FORWARD -i %(physical_veth_inner)s '
                        '-o %(vx_veth_inner)s -j ACCEPT' % subst)
                    util.execute(
                        None,
                        '%(in_netns)s iptables -t nat -A POSTROUTING -s %(ipblock)s/%(netmask)s '
                        '-o %(physical_veth_inner)s -j MASQUERADE' % subst)
コード例 #3
0
    def deploy_nat(self):
        if not self.db_entry['provide_nat']:
            return

        subst = self.subst_dict()
        if not self.db_entry['floating_gateway']:
            with db.get_lock('ipmanager',
                             None,
                             'floating',
                             ttl=120,
                             op='Network deploy NAT'):
                ipm = db.get_ipmanager('floating')
                self.db_entry[
                    'floating_gateway'] = ipm.get_random_free_address()
                db.persist_ipmanager('floating', ipm.save())
                self.persist_floating_gateway()

        # No lock because no data changing
        ipm = db.get_ipmanager('floating')
        subst['floating_router'] = ipm.get_address_at_index(1)
        subst['floating_gateway'] = self.db_entry['floating_gateway']
        subst['floating_netmask'] = ipm.netmask

        with db.get_object_lock(self, ttl=120, op='Network deploy NAT'):
            # Ensure network was not deleted whilst waiting for the lock.
            if self.is_dead():
                raise DeadNetwork('network=%s' % self)

            with util.RecordedOperation('enable virtual routing', self):
                addresses = util.get_interface_addresses(
                    subst['netns'], subst['physical_veth_inner'])
                if not subst['floating_gateway'] in list(addresses):
                    util.execute(
                        None, '%(in_netns)s ip addr add '
                        '%(floating_gateway)s/%(floating_netmask)s '
                        'dev %(physical_veth_inner)s' % subst)
                    util.execute(
                        None, '%(in_netns)s ip link set '
                        '%(physical_veth_inner)s up' % subst)

                default_routes = util.get_default_routes(subst['netns'])
                if default_routes != [subst['floating_router']]:
                    if default_routes:
                        for default_route in default_routes:
                            util.execute(
                                None, '%s route del default gw %s' %
                                (subst['in_netns'], default_route))

                    util.execute(
                        None, '%(in_netns)s route add default '
                        'gw %(floating_router)s' % subst)

            if not util.nat_rules_for_ipblock(self.network_address):
                with util.RecordedOperation('enable nat', self):
                    util.execute(None,
                                 'echo 1 > /proc/sys/net/ipv4/ip_forward')
                    util.execute(
                        None, '%(in_netns)s iptables -A FORWARD '
                        '-o %(physical_veth_inner)s '
                        '-i %(vx_veth_inner)s -j ACCEPT' % subst)
                    util.execute(
                        None, '%(in_netns)s iptables -A FORWARD '
                        '-i %(physical_veth_inner)s '
                        '-o %(vx_veth_inner)s -j ACCEPT' % subst)
                    util.execute(
                        None, '%(in_netns)s iptables -t nat -A POSTROUTING '
                        '-s %(ipblock)s/%(netmask)s '
                        '-o %(physical_veth_inner)s '
                        '-j MASQUERADE' % subst)
コード例 #4
0
ファイル: test_util.py プロジェクト: mcarden/shakenfist
    def test_nat_rules_for_ipblock(self, mock_execute):
        found = util.nat_rules_for_ipblock('192.168.242.0')
        self.assertEqual(True, found)

        found = util.nat_rules_for_ipblock('10.0.0.0')
        self.assertEqual(False, found)