def delete_node(job):
"""
this method will be called from the node.zero-os to remove the node from zerotier
"""
from zerotier import client
node = job.service.aysrepo.serviceGet(role='node', instance=job.model.args['node_name'])
service = job.service
token = service.model.data.zerotierToken
netid = service.model.data.zerotierNetID
zerotier = client.Client()
zerotier.set_auth_header('bearer {}'.format(token))
resp = zerotier.network.listMembers(netid)
members = resp.json()
for member in members:
if node.model.data.redisAddr in member['config']['ipAssignments']:
try:
zerotier.network.deleteMember(member['nodeId'], netid)
except Exception as err:
job.logger.error(str(err))
break
def bootstrap(job):
from zerotier import client
service = job.service
token = service.model.data.zerotierToken
netid = service.model.data.zerotierNetID
zerotier = client.Client()
zerotier.set_auth_header('bearer {}'.format(token))
resp = zerotier.network.listMembers(netid)
members = resp.json()
job.logger.info("Received %s members" % len(members))
# First make sure all members that need to be authorzed anyway, are authorized
to_process = list()
for member in members:
if member['nodeId'] in service.model.data.authorizedZerotierMembers:
if not member['config']['authorized']:
job.logger.info("Authorizing %s" % member['nodeId'])
member['config']['authorized'] = True
zerotier.network.updateMember(member, member['nodeId'], netid)
else:
to_process.append(member)
# In a second pass process all the others
for member in to_process:
try:
try_authorize(job, job.logger, netid, member, zerotier)
except Exception as err:
job.logger.error(str(err))
member['config']['authorized'] = False
zerotier.network.updateMember(member, member['nodeId'], netid)
def main():
token = 'xs9kKSrhHHqcgCqymjAxj9e69tktPDbJ' # fill it with your zerotier token
# create client and set the authentication header
client = ztclient.Client()
client.set_auth_header("Bearer " + token)
# print network status
resp = client.status.getStatus()
print("NETWORK STATUS \n", resp.text)
# print name of first network
networks = client.network.listNetworks().json()
if len(networks) <= 0:
return
net1 = networks[0]
print("network name = ", net1['config']['name'])
# modify network name
net1['config']['name'] = net1['config'][
'name'][::-1] # reverse the network name
print(client.network.updateNetwork(net1, net1['id']))
# get the modified network
new_net = client.network.getNetwork(net1['id']).json()
print("new network name=", new_net['config']['name'])
def zerotier_get(uri=None, data=None, params=None):
authkey = get_authkey()
client = ztclient.Client('http://127.0.0.1:9993')
headers = {"X-ZT1-Auth": authkey}
resp = client.get(uri, data, headers, params, 'json')
return resp.text
def zerotier_nic_config(service, logger, container, nic):
from zerotier import client
wait_for_interface(container)
service.model.data.zerotiernodeid = container.client.zerotier.info()['address']
if nic.token:
zerotier = client.Client()
zerotier.set_auth_header('bearer {}'.format(nic.token))
member = get_member(zerotier, service.model.data.zerotiernodeid, nic.id)
if not member['config']['authorized']:
# authorized new member
logger.info("authorize new member {} to network {}".format(member['nodeId'], nic.id))
member['config']['authorized'] = True
zerotier.network.updateMember(member, member['nodeId'], nic.id)
def start(job):
import time
from zerotier import client
from zeroos.orchestrator.sal.Container import Container
service = job.service
container = Container.from_ays(service, job.context['token'])
container.start()
if container.is_running():
service.model.data.status = "running"
else:
raise j.exceptions.RuntimeError("container didn't started")
def get_member():
start = time.time()
while start + 60 > time.time():
resp = zerotier.network.getMember(service.model.data.zerotiernodeid, nic.id)
if resp.content:
return resp.json()
time.sleep(0.5)
raise j.exceptions.RuntimeError('Could not find member on zerotier network')
def wait_for_interface():
start = time.time()
while start + 60 > time.time():
for link in container.client.ip.link.list():
if link['type'] == 'tun':
return
time.sleep(0.5)
raise j.exceptions.RuntimeError("Could not find zerotier network interface")
for nic in service.model.data.nics:
if nic.type == 'zerotier':
wait_for_interface()
service.model.data.zerotiernodeid = container.client.zerotier.info()['address']
if nic.token:
zerotier = client.Client()
zerotier.set_auth_header('bearer {}'.format(nic.token))
member = get_member()
if not member['config']['authorized']:
# authorized new member
job.logger.info("authorize new member {} to network {}".format(member['nodeId'], nic.id))
member['config']['authorized'] = True
zerotier.network.updateMember(member, member['nodeId'], nic.id)
service.saveAll()
def bootstrap(job):
from zerotier import client
service = job.service
token = service.model.data.zerotierToken
netid = service.model.data.zerotierNetID
zerotier = client.Client()
zerotier.set_auth_header('bearer {}'.format(token))
resp = zerotier.network.listMembers(netid)
members = resp.json()
for member in members:
try:
try_authorize(job, job.logger, netid, member, zerotier)
except Exception as err:
job.logger.error(str(err))
member['config']['authorized'] = False
zerotier.network.updateMember(member, member['nodeId'], netid)
def install(job):
import time
from zerotier import client as ztclient
client = _get_client(job, job.context['token'])
client.zerotier.join(job.service.model.data.nwid)
def get_member():
start = time.time()
while start + 60 > time.time():
resp = zerotier.network.getMember(address,
job.service.model.data.nwid)
if resp.content:
return resp.json()
time.sleep(0.5)
raise j.exceptions.RuntimeError(
'Could not find member on zerotier network')
token = job.service.model.data.token
if token:
address = client.zerotier.info()['address']
zerotier = ztclient.Client()
zerotier.set_auth_header('bearer {}'.format(token))
member = get_member()
if not member['config']['authorized']:
# authorized new member
job.logger.info("authorize new member {} to network {}".format(
member['nodeId'], job.service.model.data.nwid))
member['config']['authorized'] = True
zerotier.network.updateMember(member, member['nodeId'],
job.service.model.data.nwid)
while True:
net = _get_network(job, job.context['token'])
if (token and net['status'] == 'OK') or (not token and net['status']
in ['OK', 'ACCESS_DENIED']):
break
time.sleep(1)
_update_model(job, net)
def setup_zerotierbridges(job):
from zeroos.orchestrator.sal.Container import Container
from zeroos.orchestrator.configuration import get_jwt_token
from zerotier import client
import time
job.context['token'] = get_jwt_token(job.service.aysrepo)
service = job.service
container = service.producers.get('container')[0]
containerobj = Container.from_ays(container,
job.context['token'],
logger=service.logger)
# get dict version of nics
nics = service.model.data.to_dict()['nics']
def wait_for_interface():
start = time.time()
while start + 60 > time.time():
for link in containerobj.client.ip.link.list():
if link['type'] == 'tun':
return
time.sleep(0.5)
raise j.exceptions.RuntimeError(
"Could not find zerotier network interface")
ip = containerobj.client.ip
for nic in nics:
zerotierbridge = nic.pop('zerotierbridge', None)
if zerotierbridge:
nicname = nic['name']
linkname = 'l-{}'.format(nicname)[:15]
wait_for_interface()
zerotiername = get_zerotier_nic(zerotierbridge['id'], containerobj)
token = zerotierbridge.get('token')
if token:
zerotier = client.Client()
zerotier.set_auth_header('bearer {}'.format(token))
resp = zerotier.network.getMember(
container.model.data.zerotiernodeid, zerotierbridge['id'])
member = resp.json()
job.logger.info(
"Enable bridge in member {} on network {}".format(
member['nodeId'], zerotierbridge['id']))
member['config']['activeBridge'] = True
zerotier.network.updateMember(member, member['nodeId'],
zerotierbridge['id'])
# check if configuration is already done
linkmap = {link['name']: link for link in ip.link.list()}
if linkmap[nicname]['type'] == 'bridge':
continue
# bring related interfaces down
ip.link.down(nicname)
ip.link.down(zerotiername)
# remove IP and rename
ipaddresses = ip.addr.list(nicname)
for ipaddress in ipaddresses:
ip.addr.delete(nicname, ipaddress)
ip.link.name(nicname, linkname)
# create bridge and add interface and IP
ip.bridge.add(nicname)
ip.bridge.addif(nicname, linkname)
ip.bridge.addif(nicname, zerotiername)
# readd IP and bring interfaces up
for ipaddress in ipaddresses:
ip.addr.add(nicname, ipaddress)
ip.link.up(nicname)
ip.link.up(linkname)
ip.link.up(zerotiername)
service.model.data.zerotiernodeid = container.model.data.zerotiernodeid
service.saveAll()
def __init__(self, api_token: str) -> None:
self._client = ztclient.Client()
self._client.set_auth_header("Bearer " + api_token)
self._status = self.get_status()
def start(job):
from zeroos.orchestrator.sal.Container import Container
import time
from zerotier import client
service = job.service
container = service.producers.get('container')[0]
if str(container.model.data.status) == 'halted':
j.tools.async.wrappers.sync(container.executeAction('start', context=job.context))
# setup zerotiers bridges
containerobj = Container.from_ays(container, job.context['token'])
nics = service.model.data.to_dict()['nics'] # get dict version of nics
# setup resolv.conf
containerobj.upload_content('/etc/resolv.conf', 'nameserver 127.0.0.1\n')
def get_zerotier_nic(zerotierid):
for zt in containerobj.client.zerotier.list():
if zt['id'] == zerotierid:
return zt['portDeviceName']
else:
raise j.exceptions.RuntimeError("Failed to get zerotier network device")
def wait_for_interface():
start = time.time()
while start + 60 > time.time():
for link in containerobj.client.ip.link.list():
if link['type'] == 'tun':
return
time.sleep(0.5)
raise j.exceptions.RuntimeError("Could not find zerotier network interface")
ip = containerobj.client.ip
for nic in nics:
zerotierbridge = nic.pop('zerotierbridge', None)
if zerotierbridge:
nicname = nic['name']
linkname = 'l-{}'.format(nicname)[:15]
wait_for_interface()
zerotiername = get_zerotier_nic(zerotierbridge['id'])
token = zerotierbridge.get('token')
if token:
zerotier = client.Client()
zerotier.set_auth_header('bearer {}'.format(token))
resp = zerotier.network.getMember(container.model.data.zerotiernodeid, zerotierbridge['id'])
member = resp.json()
job.logger.info("Enable bridge in member {} on network {}".format(member['nodeId'], zerotierbridge['id']))
member['config']['activeBridge'] = True
zerotier.network.updateMember(member, member['nodeId'], zerotierbridge['id'])
# check if configuration is already done
linkmap = {link['name']: link for link in ip.link.list()}
if linkmap[nicname]['type'] == 'bridge':
continue
# bring related interfaces down
ip.link.down(nicname)
ip.link.down(zerotiername)
# remove IP and rename
ipaddresses = ip.addr.list(nicname)
for ipaddress in ipaddresses:
ip.addr.delete(nicname, ipaddress)
ip.link.name(nicname, linkname)
# create bridge and add interface and IP
ip.bridge.add(nicname)
ip.bridge.addif(nicname, linkname)
ip.bridge.addif(nicname, zerotiername)
# readd IP and bring interfaces up
for ipaddress in ipaddresses:
ip.addr.add(nicname, ipaddress)
ip.link.up(nicname)
ip.link.up(linkname)
ip.link.up(zerotiername)
service.model.data.zerotiernodeid = container.model.data.zerotiernodeid
service.saveAll()
# setup cloud-init magical ip
loaddresses = ip.addr.list('lo')
magicip = '169.254.169.254/32'
if magicip not in loaddresses:
ip.addr.add('lo', magicip)
# start services
http = container.consumers.get('http')[0]
dhcp = container.consumers.get('dhcp')[0]
cloudinit = container.consumers.get('cloudinit')[0]
firewall = container.consumers.get('firewall')[0]
j.tools.async.wrappers.sync(container.executeAction('start', context=job.context))
j.tools.async.wrappers.sync(dhcp.executeAction('start', context=job.context))
j.tools.async.wrappers.sync(http.executeAction('start', context=job.context))
j.tools.async.wrappers.sync(firewall.executeAction('start', context=job.context))
j.tools.async.wrappers.sync(cloudinit.executeAction('start', context=job.context))
service.model.data.status = "running"
def __init__(self, token):
self.client = ztclient.Client()
self.client.set_auth_header("Bearer " + token)
