def configure_ipsec(self, obj): leftpeer = obj['local_public_ip'] rightpeer = obj['peer_gateway_ip'] peerlist = obj['peer_guest_cidr_list'].replace(' ', '') vpnconffile = "%s/ipsec.vpn-%s.conf" % (self.VPNCONFDIR, rightpeer) vpnsecretsfile = "%s/ipsec.vpn-%s.secrets" % (self.VPNCONFDIR, rightpeer) ikepolicy = obj['ike_policy'].replace(';', '-') esppolicy = obj['esp_policy'].replace(';', '-') pfs = 'no' if 'modp' in esppolicy: pfs = 'yes' if rightpeer in self.confips: self.confips.remove(rightpeer) file = CsFile(vpnconffile) file.add("#conn for vpn-%s" % rightpeer, 0) file.search("conn ", "conn vpn-%s" % rightpeer) file.addeq(" left=%s" % leftpeer) file.addeq(" leftsubnet=%s" % obj['local_guest_cidr']) file.addeq(" leftnexthop=%s" % obj['local_public_gateway']) file.addeq(" right=%s" % rightpeer) file.addeq(" rightsubnet=%s" % peerlist) file.addeq(" type=tunnel") file.addeq(" authby=secret") file.addeq(" keyexchange=ike") file.addeq(" ike=%s" % ikepolicy) file.addeq(" ikelifetime=%s" % self.convert_sec_to_h(obj['ike_lifetime'])) file.addeq(" esp=%s" % esppolicy) file.addeq(" lifetime=%s" % self.convert_sec_to_h(obj['esp_lifetime'])) file.addeq(" pfs=%s" % pfs) file.addeq(" keyingtries=2") file.addeq(" auto=start") if 'encap' not in obj: obj['encap'] = False file.addeq(" forceencaps=%s" % CsHelper.bool_to_yn(obj['encap'])) if obj['dpd']: file.addeq(" dpddelay=30") file.addeq(" dpdtimeout=120") file.addeq(" dpdaction=restart") secret = CsFile(vpnsecretsfile) secret.search( "%s " % leftpeer, "%s %s : PSK \"%s\"" % (leftpeer, rightpeer, obj['ipsec_psk'])) if secret.is_changed() or file.is_changed(): secret.commit() file.commit() logging.info("Configured vpn %s %s", leftpeer, rightpeer) CsHelper.execute("ipsec rereadsecrets") CsHelper.execute("ipsec reload") if not obj['passive']: CsHelper.execute("sudo nohup ipsec down vpn-%s" % rightpeer) CsHelper.execute("sudo nohup ipsec up vpn-%s &" % rightpeer) os.chmod(vpnsecretsfile, 0400)
def write_hosts(self): file = CsFile("/etc/hosts") file.repopulate() for ip in self.hosts: file.add("%s\t%s" % (ip, self.hosts[ip])) if file.is_changed(): file.commit() logging.info("Updated hosts file") else: logging.debug("Hosts file unchanged")
def write_hosts(self): file = CsFile("/etc/hosts") file.repopulate() for ip in self.hosts: file.add("%s\t%s" % (ip, self.hosts[ip])) file.commit() if file.is_changed(): logging.info("Updated hosts file") else: logging.debug("Hosts file unchanged")
def configure_ipsec(self, obj): leftpeer = obj['local_public_ip'] rightpeer = obj['peer_gateway_ip'] peerlist = obj['peer_guest_cidr_list'].replace(' ', '') vpnconffile = "%s/ipsec.vpn-%s.conf" % (self.VPNCONFDIR, rightpeer) vpnsecretsfile = "%s/ipsec.vpn-%s.secrets" % (self.VPNCONFDIR, rightpeer) ikepolicy = obj['ike_policy'].replace(';', '-') esppolicy = obj['esp_policy'].replace(';', '-') if rightpeer in self.confips: self.confips.remove(rightpeer) file = CsFile(vpnconffile) file.add("#conn for vpn-%s" % rightpeer, 0) file.search("conn ", "conn vpn-%s" % rightpeer) file.addeq(" left=%s" % leftpeer) file.addeq(" leftsubnet=%s" % obj['local_guest_cidr']) file.addeq(" right=%s" % rightpeer) file.addeq(" rightsubnet=%s" % peerlist) file.addeq(" type=tunnel") file.addeq(" authby=secret") file.addeq(" keyexchange=ike") file.addeq(" ike=%s" % ikepolicy) file.addeq(" ikelifetime=%s" % self.convert_sec_to_h(obj['ike_lifetime'])) file.addeq(" esp=%s" % esppolicy) file.addeq(" lifetime=%s" % self.convert_sec_to_h(obj['esp_lifetime'])) file.addeq(" keyingtries=2") file.addeq(" auto=route") if 'encap' not in obj: obj['encap'] = False file.addeq(" forceencaps=%s" % CsHelper.bool_to_yn(obj['encap'])) if obj['dpd']: file.addeq(" dpddelay=30") file.addeq(" dpdtimeout=120") file.addeq(" dpdaction=restart") secret = CsFile(vpnsecretsfile) secret.search("%s " % leftpeer, "%s %s : PSK \"%s\"" % (leftpeer, rightpeer, obj['ipsec_psk'])) if secret.is_changed() or file.is_changed(): secret.commit() file.commit() logging.info("Configured vpn %s %s", leftpeer, rightpeer) CsHelper.execute("ipsec rereadsecrets") # This will load the new config CsHelper.execute("ipsec reload") os.chmod(vpnsecretsfile, 0400) for i in xrange(3): result = CsHelper.execute('ipsec status vpn-%s | grep "%s"' % (rightpeer, peerlist.split(",", 1)[0])) if len(result) > 0: break time.sleep(1) # With 'auto=route', connections are established on an attempt to # communicate over the S2S VPN. This uses ping to initialize the connection. CsHelper.execute("timeout 5 ping -c 3 %s" % (peerlist.split("/", 1)[0].replace(".0", ".1")))
def configure_ipsec(self, obj): leftpeer = obj['local_public_ip'] rightpeer = obj['peer_gateway_ip'] peerlist = obj['peer_guest_cidr_list'].replace(' ', '') vpnconffile = "%s/ipsec.vpn-%s.conf" % (self.VPNCONFDIR, rightpeer) vpnsecretsfile = "%s/ipsec.vpn-%s.secrets" % (self.VPNCONFDIR, rightpeer) ikepolicy=obj['ike_policy'].replace(';','-') esppolicy=obj['esp_policy'].replace(';','-') pfs='no' if 'modp' in esppolicy: pfs='yes' if rightpeer in self.confips: self.confips.remove(rightpeer) file = CsFile(vpnconffile) file.add("#conn for vpn-%s" % rightpeer, 0) file.search("conn ", "conn vpn-%s" % rightpeer) file.addeq(" left=%s" % leftpeer) file.addeq(" leftsubnet=%s" % obj['local_guest_cidr']) file.addeq(" leftnexthop=%s" % obj['local_public_gateway']) file.addeq(" right=%s" % rightpeer) file.addeq(" rightsubnet=%s" % peerlist) file.addeq(" type=tunnel") file.addeq(" authby=secret") file.addeq(" keyexchange=ike") file.addeq(" ike=%s" % ikepolicy) file.addeq(" ikelifetime=%s" % self.convert_sec_to_h(obj['ike_lifetime'])) file.addeq(" esp=%s" % esppolicy) file.addeq(" lifetime=%s" % self.convert_sec_to_h(obj['esp_lifetime'])) file.addeq(" pfs=%s" % pfs) file.addeq(" keyingtries=2") file.addeq(" auto=start") if 'encap' not in obj: obj['encap']=False file.addeq(" forceencaps=%s" % CsHelper.bool_to_yn(obj['encap'])) if obj['dpd']: file.addeq(" dpddelay=30") file.addeq(" dpdtimeout=120") file.addeq(" dpdaction=restart") secret = CsFile(vpnsecretsfile) secret.search("%s " % leftpeer, "%s %s : PSK \"%s\"" % (leftpeer, rightpeer, obj['ipsec_psk'])) if secret.is_changed() or file.is_changed(): secret.commit() file.commit() logging.info("Configured vpn %s %s", leftpeer, rightpeer) CsHelper.execute("ipsec rereadsecrets") # This will load the new config and start the connection when needed since auto=start in the config CsHelper.execute("ipsec reload") os.chmod(vpnsecretsfile, 0400)
def add_l2tp_ipsec_user(self, user, obj): userfound = False password = obj['password'] userAddEntry = "%s * %s *" % (user, password) logging.debug("Adding vpn user '%s'" % user) file = CsFile(self.PPP_CHAP) userfound = file.searchString(userAddEntry, '#') if not userfound: logging.debug("User is not there already, so adding user") self.del_l2tp_ipsec_user(user, obj) file.add(userAddEntry) file.commit()
class CsDhcp(CsDataBag): """ Manage dhcp entries """ def process(self): self.hosts = {} self.changed = [] self.devinfo = CsHelper.get_device_info() self.preseed() self.cloud = CsFile(DHCP_HOSTS) self.conf = CsFile(CLOUD_CONF) self.cloud.repopulate() for item in self.dbag: if item == "id": continue self.add(self.dbag[item]) self.write_hosts() if self.cloud.is_changed(): self.delete_leases() self.configure_server() self.conf.commit() self.cloud.commit() # We restart DNSMASQ every time the configure.py is called in order to avoid lease problems. if not self.cl.is_redundant() or self.cl.is_master(): CsHelper.service("dnsmasq", "restart") def configure_server(self): # self.conf.addeq("dhcp-hostsfile=%s" % DHCP_HOSTS) for i in self.devinfo: if not i['dnsmasq']: continue device = i['dev'] ip = i['ip'].split('/')[0] sline = "dhcp-range=interface:%s,set:interface" % (device) line = "dhcp-range=interface:%s,set:interface-%s,%s,static" % (device, device, ip) self.conf.search(sline, line) gn = CsGuestNetwork(device, self.config) sline = "dhcp-option=tag:interface-%s,15" % device line = "dhcp-option=tag:interface-%s,15,%s" % (device, gn.get_domain()) self.conf.search(sline, line) # DNS search order if gn.get_dns() and device: sline = "dhcp-option=tag:interface-%s,6" % device dns_list = [x for x in gn.get_dns() if x is not None] line = "dhcp-option=tag:interface-%s,6,%s" % (device, ','.join(dns_list)) self.conf.search(sline, line) # Gateway gateway = '' if self.config.is_vpc(): gateway = gn.get_gateway() else: gateway = i['gateway'] sline = "dhcp-option=tag:interface-%s,3," % device line = "dhcp-option=tag:interface-%s,3,%s" % (device, gateway) self.conf.search(sline, line) # Netmask netmask = '' if self.config.is_vpc(): netmask = gn.get_netmask() else: netmask = self.config.address().get_guest_netmask() sline = "dhcp-option=tag:interface-%s,1," % device line = "dhcp-option=tag:interface-%s,1,%s" % (device, netmask) self.conf.search(sline, line) def delete_leases(self): try: open(LEASES, 'w').close() except IOError: return def preseed(self): self.add_host("127.0.0.1", "localhost") self.add_host("::1", "localhost ip6-localhost ip6-loopback") self.add_host("ff02::1", "ip6-allnodes") self.add_host("ff02::2", "ip6-allrouters") if self.config.is_vpc(): self.add_host("127.0.0.1", CsHelper.get_hostname()) if self.config.is_router(): self.add_host(self.config.address().get_guest_ip(), "%s data-server" % CsHelper.get_hostname()) def write_hosts(self): file = CsFile("/etc/hosts") file.repopulate() for ip in self.hosts: file.add("%s\t%s" % (ip, self.hosts[ip])) if file.is_changed(): file.commit() logging.info("Updated hosts file") else: logging.debug("Hosts file unchanged") def add(self, entry): self.add_host(entry['ipv4_adress'], entry['host_name']) self.cloud.add("%s,%s,%s,infinite" % (entry['mac_address'], entry['ipv4_adress'], entry['host_name'])) i = IPAddress(entry['ipv4_adress']) # Calculate the device for v in self.devinfo: if i > v['network'].network and i < v['network'].broadcast: v['dnsmasq'] = True # Virtual Router v['gateway'] = entry['default_gateway'] def add_host(self, ip, hosts): self.hosts[ip] = hosts
class CsDhcp(CsDataBag): """ Manage dhcp entries """ def process(self): self.hosts = {} self.changed = [] self.devinfo = CsHelper.get_device_info() self.preseed() self.cloud = CsFile(DHCP_HOSTS) self.conf = CsFile(CLOUD_CONF) length = len(self.conf) for item in self.dbag: if item == "id": continue self.add(self.dbag[item]) self.write_hosts() if self.cloud.is_changed(): self.delete_leases() self.configure_server() self.conf.commit() self.cloud.commit() if self.conf.is_changed(): CsHelper.service("dnsmasq", "restart") elif self.cloud.is_changed(): CsHelper.hup_dnsmasq("dnsmasq", "dnsmasq") def configure_server(self): # self.conf.addeq("dhcp-hostsfile=%s" % DHCP_HOSTS) for i in self.devinfo: if not i['dnsmasq']: continue device = i['dev'] ip = i['ip'].split('/')[0] sline = "dhcp-range=interface:%s,set:interface" % (device) line = "dhcp-range=interface:%s,set:interface-%s,%s,static" % ( device, device, ip) self.conf.search(sline, line) gn = CsGuestNetwork(device, self.config) sline = "dhcp-option=tag:interface-%s,15" % device line = "dhcp-option=tag:interface-%s,15,%s" % (device, gn.get_domain()) self.conf.search(sline, line) # DNS search order sline = "dhcp-option=tag:interface-%s,6" % device line = "dhcp-option=tag:interface-%s,6,%s" % (device, ','.join( gn.get_dns())) self.conf.search(sline, line) # Gateway gateway = '' if self.config.is_vpc(): gateway = gn.get_gateway() else: gateway = i['gateway'] sline = "dhcp-option=tag:interface-%s,3," % device line = "dhcp-option=tag:interface-%s,3,%s" % (device, gateway) self.conf.search(sline, line) # Netmask netmask = '' if self.config.is_vpc(): netmask = gn.get_netmask() else: netmask = self.config.address().get_guest_netmask() sline = "dhcp-option=tag:interface-%s,1," % device line = "dhcp-option=tag:interface-%s,1,%s" % (device, netmask) self.conf.search(sline, line) def delete_leases(self): changed = [] leases = [] try: for line in open(LEASES): bits = line.strip().split(' ') to = { "device": bits[0], "mac": bits[1], "ip": bits[2], "host": bits[3:], "del": False } changed.append(to) for v in changed: if v['mac'] == to['mac'] or v['ip'] == to['ip'] or v[ 'host'] == to['host']: to['del'] = True leases.append(to) for o in leases: if o['del']: cmd = "dhcp_release eth%s %s %s" % (o['device'], o['ip'], o['mac']) logging.info(cmd) CsHelper.execute(cmd) except IOError: return def preseed(self): self.add_host("127.0.0.1", "localhost") self.add_host("::1", "localhost ip6-localhost ip6-loopback") self.add_host("ff02::1", "ip6-allnodes") self.add_host("ff02::2", "ip6-allrouters") if self.config.is_vpc(): self.add_host("127.0.0.1", CsHelper.get_hostname()) if self.config.is_router(): self.add_host(self.config.address().get_guest_ip(), "%s data-server" % CsHelper.get_hostname()) def write_hosts(self): file = CsFile("/etc/hosts") file.repopulate() for ip in self.hosts: file.add("%s\t%s" % (ip, self.hosts[ip])) file.commit() if file.is_changed(): logging.info("Updated hosts file") else: logging.debug("Hosts file unchanged") def add(self, entry): self.add_host(entry['ipv4_adress'], entry['host_name']) self.cloud.add( "%s,%s,%s,infinite" % (entry['mac_address'], entry['ipv4_adress'], entry['host_name'])) i = IPAddress(entry['ipv4_adress']) # Calculate the device for v in self.devinfo: if i > v['network'].network and i < v['network'].broadcast: v['dnsmasq'] = True # Virtual Router v['gateway'] = entry['default_gateway'] def add_host(self, ip, hosts): self.hosts[ip] = hosts
class CsDhcp(CsDataBag): """ Manage dhcp entries """ def process(self): self.hosts = {} self.changed = [] self.devinfo = CsHelper.get_device_info() self.preseed() self.cloud = CsFile(DHCP_HOSTS) self.conf = CsFile(CLOUD_CONF) self.cloud.repopulate() for item in self.dbag: if item == "id": continue self.add(self.dbag[item]) self.write_hosts() if self.cloud.is_changed(): self.delete_leases() self.configure_server() self.conf.commit() self.cloud.commit() # We restart DNSMASQ every time the configure.py is called in order to avoid lease problems. if not self.cl.is_redundant() or self.cl.is_master(): CsHelper.service("dnsmasq", "restart") def configure_server(self): # self.conf.addeq("dhcp-hostsfile=%s" % DHCP_HOSTS) for i in self.devinfo: if not i['dnsmasq']: continue device = i['dev'] ip = i['ip'].split('/')[0] sline = "dhcp-range=interface:%s,set:interface" % (device) line = "dhcp-range=interface:%s,set:interface-%s,%s,static" % ( device, device, ip) self.conf.search(sline, line) gn = CsGuestNetwork(device, self.config) sline = "dhcp-option=tag:interface-%s,15" % device line = "dhcp-option=tag:interface-%s,15,%s" % (device, gn.get_domain()) self.conf.search(sline, line) # DNS search order if gn.get_dns() and device: sline = "dhcp-option=tag:interface-%s,6" % device dns_list = [x for x in gn.get_dns() if x is not None] line = "dhcp-option=tag:interface-%s,6,%s" % ( device, ','.join(dns_list)) self.conf.search(sline, line) # Gateway gateway = '' if self.config.is_vpc(): gateway = gn.get_gateway() else: gateway = i['gateway'] sline = "dhcp-option=tag:interface-%s,3," % device line = "dhcp-option=tag:interface-%s,3,%s" % (device, gateway) self.conf.search(sline, line) # Netmask netmask = '' if self.config.is_vpc(): netmask = gn.get_netmask() else: netmask = self.config.address().get_guest_netmask() sline = "dhcp-option=tag:interface-%s,1," % device line = "dhcp-option=tag:interface-%s,1,%s" % (device, netmask) self.conf.search(sline, line) def delete_leases(self): try: open(LEASES, 'w').close() except IOError: return def preseed(self): self.add_host("127.0.0.1", "localhost") self.add_host("::1", "localhost ip6-localhost ip6-loopback") self.add_host("ff02::1", "ip6-allnodes") self.add_host("ff02::2", "ip6-allrouters") if self.config.is_vpc(): self.add_host("127.0.0.1", CsHelper.get_hostname()) if self.config.is_router(): self.add_host(self.config.address().get_guest_ip(), "%s data-server" % CsHelper.get_hostname()) def write_hosts(self): file = CsFile("/etc/hosts") file.repopulate() for ip in self.hosts: file.add("%s\t%s" % (ip, self.hosts[ip])) if file.is_changed(): file.commit() logging.info("Updated hosts file") else: logging.debug("Hosts file unchanged") def add(self, entry): self.add_host(entry['ipv4_adress'], entry['host_name']) self.cloud.add( "%s,%s,%s,infinite" % (entry['mac_address'], entry['ipv4_adress'], entry['host_name'])) i = IPAddress(entry['ipv4_adress']) # Calculate the device for v in self.devinfo: if i > v['network'].network and i < v['network'].broadcast: v['dnsmasq'] = True # Virtual Router v['gateway'] = entry['default_gateway'] def add_host(self, ip, hosts): self.hosts[ip] = hosts
class CsDhcp(CsDataBag): """ Manage dhcp entries """ def process(self): self.hosts = {} self.changed = [] self.devinfo = CsHelper.get_device_info() self.preseed() self.dhcp_hosts = CsFile(DHCP_HOSTS) self.dhcp_opts = CsFile(DHCP_OPTS) self.conf = CsFile(CLOUD_CONF) self.dhcp_leases = CsFile(LEASES) self.dhcp_hosts.repopulate() self.dhcp_opts.repopulate() for item in self.dbag: if item == "id": continue if not self.dbag[item]['remove']: self.add(self.dbag[item]) self.configure_server() restart_dnsmasq = False need_delete_leases = False if self.conf.commit(): restart_dnsmasq = True need_delete_leases = True if self.dhcp_hosts.commit(): need_delete_leases = True if self.dhcp_leases.commit(): need_delete_leases = True self.dhcp_opts.commit() if need_delete_leases: self.delete_leases() self.write_hosts() if not self.cl.is_redundant() or self.cl.is_primary(): if restart_dnsmasq: CsHelper.service("dnsmasq", "restart") else: CsHelper.start_if_stopped("dnsmasq") CsHelper.service("dnsmasq", "reload") def configure_server(self): # self.conf.addeq("dhcp-hostsfile=%s" % DHCP_HOSTS) idx = 0 listen_address = ["127.0.0.1"] for i in self.devinfo: if not i['dnsmasq']: continue device = i['dev'] ip = i['ip'].split('/')[0] gn = CsGuestNetwork(device, self.config) # Gateway gateway = '' if self.config.is_vpc(): gateway = gn.get_gateway() else: gateway = i['gateway'] sline = "dhcp-range=set:interface-%s-%s" % (device, idx) if self.cl.is_redundant(): line = "dhcp-range=set:interface-%s-%s,%s,static" % (device, idx, gateway) else: line = "dhcp-range=set:interface-%s-%s,%s,static" % (device, idx, ip) self.conf.search(sline, line) sline = "dhcp-option=tag:interface-%s-%s,15" % (device, idx) line = "dhcp-option=tag:interface-%s-%s,15,%s" % (device, idx, gn.get_domain()) self.conf.search(sline, line) # DNS search order if gn.get_dns() and device: sline = "dhcp-option=tag:interface-%s-%s,6" % (device, idx) dns_list = [x for x in gn.get_dns() if x] line = "dhcp-option=tag:interface-%s-%s,6,%s" % (device, idx, ','.join(dns_list)) self.conf.search(sline, line) if gateway != '0.0.0.0': sline = "dhcp-option=tag:interface-%s-%s,3," % (device, idx) line = "dhcp-option=tag:interface-%s-%s,3,%s" % (device, idx, gateway) self.conf.search(sline, line) # Netmask netmask = '' if self.config.is_vpc(): netmask = gn.get_netmask() else: netmask = str(i['network'].netmask) sline = "dhcp-option=tag:interface-%s-%s,1," % (device, idx) line = "dhcp-option=tag:interface-%s-%s,1,%s" % (device, idx, netmask) self.conf.search(sline, line) # Listen Address if self.cl.is_redundant(): listen_address.append(gateway) else: listen_address.append(ip) # Add localized "data-server" records in /etc/hosts for VPC routers if self.config.is_vpc(): self.add_host(gateway, "%s data-server" % CsHelper.get_hostname()) idx += 1 # Listen Address sline = "listen-address=" line = "listen-address=%s" % (','.join(listen_address)) self.conf.search(sline, line) def delete_leases(self): macs_dhcphosts = [] try: logging.info("Attempting to delete entries from dnsmasq.leases file for VMs which are not on dhcphosts file") for host in open(DHCP_HOSTS): macs_dhcphosts.append(host.split(',')[0]) removed = 0 for leaseline in open(LEASES): lease = leaseline.split(' ') mac = lease[1] ip = lease[2] if mac not in macs_dhcphosts: cmd = "dhcp_release $(ip route get %s | grep eth | head -1 | awk '{print $3}') %s %s" % (ip, ip, mac) logging.info(cmd) CsHelper.execute(cmd) removed = removed + 1 self.del_host(ip) logging.info("Deleted %s entries from dnsmasq.leases file" % str(removed)) except Exception as e: logging.error("Caught error while trying to delete entries from dnsmasq.leases file: %s" % e) def preseed(self): self.add_host("127.0.0.1", "localhost") self.add_host("127.0.1.1", "%s" % CsHelper.get_hostname()) self.add_host("::1", "localhost ip6-localhost ip6-loopback") self.add_host("ff02::1", "ip6-allnodes") self.add_host("ff02::2", "ip6-allrouters") if self.config.is_router() or self.config.is_dhcp(): self.add_host(self.config.address().get_guest_ip(), "%s data-server" % CsHelper.get_hostname()) def write_hosts(self): file = CsFile("/etc/hosts") file.repopulate() for ip in self.hosts: file.add("%s\t%s" % (ip, self.hosts[ip])) if file.is_changed(): file.commit() logging.info("Updated hosts file") else: logging.debug("Hosts file unchanged") def add(self, entry): self.add_host(entry['ipv4_address'], entry['host_name']) # Lease time set to "infinite" since we properly control all DHCP/DNS config via CloudStack. # Infinite time helps avoid some edge cases which could cause DHCPNAK being sent to VMs since # (RHEL) system lose routes when they receive DHCPNAK. # When VM is expunged, its active lease and DHCP/DNS config is properly removed from related files in VR, # so the infinite duration of lease does not cause any issues or garbage. lease = 'infinite' if entry['default_entry']: self.dhcp_hosts.add("%s,%s,%s,%s" % (entry['mac_address'], entry['ipv4_address'], entry['host_name'], lease)) self.dhcp_leases.search(entry['mac_address'], "0 %s %s %s *" % (entry['mac_address'], entry['ipv4_address'], entry['host_name'])) else: tag = entry['ipv4_address'].replace(".", "_") self.dhcp_hosts.add("%s,set:%s,%s,%s,%s" % (entry['mac_address'], tag, entry['ipv4_address'], entry['host_name'], lease)) self.dhcp_opts.add("%s,%s" % (tag, 3)) self.dhcp_opts.add("%s,%s" % (tag, 6)) self.dhcp_opts.add("%s,%s" % (tag, 15)) self.dhcp_leases.search(entry['mac_address'], "0 %s %s %s *" % (entry['mac_address'], entry['ipv4_address'], entry['host_name'])) i = IPAddress(entry['ipv4_address']) # Calculate the device for v in self.devinfo: if i > v['network'].network and i < v['network'].broadcast: v['dnsmasq'] = True # Virtual Router v['gateway'] = entry['default_gateway'] def add_host(self, ip, hosts): self.hosts[ip] = hosts def del_host(self, ip): if ip in self.hosts: self.hosts.pop(ip)
class CsDhcp(CsDataBag): """ Manage dhcp entries """ def process(self): self.hosts = {} self.changed = [] self.devinfo = CsHelper.get_device_info() self.preseed() self.cloud = CsFile(DHCP_HOSTS) self.dhcp_opts = CsFile(DHCP_OPTS) self.conf = CsFile(CLOUD_CONF) self.cloud.repopulate() self.dhcp_opts.repopulate() for item in self.dbag: if item == "id": continue self.add(self.dbag[item]) if self.dbag[item]['default_gateway'] == "0.0.0.0": self.add_dhcp_opts(self.dbag[item]) self.write_hosts() if self.cloud.is_changed(): self.delete_leases() self.configure_server() self.conf.commit() self.cloud.commit() self.dhcp_opts.commit() # We restart DNSMASQ every time the configure.py is called in order to avoid lease problems. # But only do that on the master or else VMs will get leases from the backup resulting in # Cloud-init to get the passwd and other meta-data from the backup as well. if not self.cl.is_redundant() or self.cl.is_master(): CsHelper.execute2("service dnsmasq restart") def configure_server(self): # self.conf.addeq("dhcp-hostsfile=%s" % DHCP_HOSTS) idx = 0 for i in self.devinfo: if not i['dnsmasq']: continue device = i['dev'] # Listen only on the interfaces we configure VMs on sline = "interface=%s" % (device) line = "interface=%s" % (device) self.conf.search(sline, line) # Ip address ip = i['ip'].split('/')[0] sline = "dhcp-range=interface:%s,set:interface-%s-%s" % ( device, device, idx) line = "dhcp-range=interface:%s,set:interface-%s-%s,%s,static" % ( device, device, idx, ip) self.conf.search(sline, line) gn = CsGuestNetwork(device, self.config) sline = "dhcp-option=tag:interface-%s-%s,15" % (device, idx) line = "dhcp-option=tag:interface-%s-%s,15,%s" % (device, idx, gn.get_domain()) self.conf.search(sline, line) # DNS search order if gn.get_dns() and device: sline = "dhcp-option=tag:interface-%s-%s,6" % (device, idx) dns_list = [x for x in gn.get_dns() if x is not None] line = "dhcp-option=tag:interface-%s-%s,6,%s" % ( device, idx, ','.join(dns_list)) self.conf.search(sline, line) # Gateway gateway = '' if self.config.is_vpc(): gateway = gn.get_gateway() else: gateway = i['gateway'] if gateway != '0.0.0.0': sline = "dhcp-option=tag:interface-%s-%s,3," % (device, idx) line = "dhcp-option=tag:interface-%s-%s,3,%s" % (device, idx, gateway) self.conf.search(sline, line) # Netmask netmask = '' if self.config.is_vpc(): netmask = gn.get_netmask() else: netmask = self.config.address().get_guest_netmask() sline = "dhcp-option=tag:interface-%s-%s,1," % (device, idx) line = "dhcp-option=tag:interface-%s-%s,1,%s" % (device, idx, netmask) self.conf.search(sline, line) idx += 1 def delete_leases(self): try: open(LEASES, 'w').close() except IOError: return def preseed(self): self.add_host("127.0.0.1", "localhost %s" % CsHelper.get_hostname()) self.add_host("::1", "localhost ip6-localhost ip6-loopback") self.add_host("ff02::1", "ip6-allnodes") self.add_host("ff02::2", "ip6-allrouters") if self.config.is_router(): self.add_host(self.config.address().get_guest_ip(), "%s data-server" % CsHelper.get_hostname()) def write_hosts(self): file = CsFile("/etc/hosts") file.repopulate() for ip in self.hosts: file.add("%s\t%s" % (ip, self.hosts[ip])) if file.is_changed(): file.commit() logging.info("Updated hosts file") else: logging.debug("Hosts file unchanged") def add(self, entry): self.add_host(entry['ipv4_adress'], entry['host_name']) tag = "set:" + str(entry['ipv4_adress']).replace(".", "_") self.cloud.add("%s,%s,%s,%s,infinite" % (entry['mac_address'], tag, entry['ipv4_adress'], entry['host_name'])) i = IPAddress(entry['ipv4_adress']) # Calculate the device for v in self.devinfo: if i > v['network'].network and i < v['network'].broadcast: v['dnsmasq'] = True # Virtual Router v['gateway'] = entry['default_gateway'] def add_dhcp_opts(self, entry): # This means we won't serve these DHCP options for hosts with this tag tag = str(entry['ipv4_adress']).replace(".", "_") self.dhcp_opts.add("%s,%s" % (tag, 3)) self.dhcp_opts.add("%s,%s" % (tag, 6)) self.dhcp_opts.add("%s,%s" % (tag, 15)) def add_host(self, ip, hosts): self.hosts[ip] = hosts
def configure_ipsec(self, obj): leftpeer = obj['local_public_ip'] rightpeer = obj['peer_gateway_ip'] peerlist = obj['peer_guest_cidr_list'].replace(' ', '') vpnconffile = "%s/ipsec.vpn-%s.conf" % (self.VPNCONFDIR, rightpeer) vpnsecretsfile = "%s/ipsec.vpn-%s.secrets" % (self.VPNCONFDIR, rightpeer) ikepolicy = obj['ike_policy'].replace(';', '-') esppolicy = obj['esp_policy'].replace(';', '-') splitconnections = obj[ 'split_connections'] if 'split_connections' in obj else False ikeversion = obj['ike_version'] if 'ike_version' in obj and obj[ 'ike_version'].lower() in ('ike', 'ikev1', 'ikev2') else 'ike' peerlistarr = peerlist.split(',') if splitconnections: logging.debug('Splitting rightsubnets %s' % peerlistarr) peerlist = peerlistarr[0] if rightpeer in self.confips: self.confips.remove(rightpeer) file = CsFile(vpnconffile) file.repopulate( ) # This avoids issues when switching off split_connections or removing subnets with split_connections == true file.add("#conn for vpn-%s" % rightpeer, 0) file.search("conn ", "conn vpn-%s" % rightpeer) file.addeq(" left=%s" % leftpeer) file.addeq(" leftsubnet=%s" % obj['local_guest_cidr']) file.addeq(" right=%s" % rightpeer) file.addeq(" rightsubnet=%s" % peerlist) file.addeq(" type=tunnel") file.addeq(" authby=secret") file.addeq(" keyexchange=%s" % ikeversion) file.addeq(" ike=%s" % ikepolicy) file.addeq(" ikelifetime=%s" % self.convert_sec_to_h(obj['ike_lifetime'])) file.addeq(" esp=%s" % esppolicy) file.addeq(" lifetime=%s" % self.convert_sec_to_h(obj['esp_lifetime'])) file.addeq(" keyingtries=2") file.addeq(" auto=route") if 'encap' not in obj: obj['encap'] = False file.addeq(" forceencaps=%s" % CsHelper.bool_to_yn(obj['encap'])) if obj['dpd']: file.addeq(" dpddelay=30") file.addeq(" dpdtimeout=120") file.addeq(" dpdaction=restart") if splitconnections and peerlistarr.count > 1: logging.debug('Splitting connections for rightsubnets %s' % peerlistarr) for peeridx in range(1, len(peerlistarr)): logging.debug('Adding split connection -%d for subnet %s' % (peeridx + 1, peerlistarr[peeridx])) file.append('') file.search('conn vpn-.*-%d' % (peeridx + 1), "conn vpn-%s-%d" % (rightpeer, peeridx + 1)) file.append(' also=vpn-%s' % rightpeer) file.append(' rightsubnet=%s' % peerlistarr[peeridx]) secret = CsFile(vpnsecretsfile) secret.search( "%s " % leftpeer, "%s %s : PSK \"%s\"" % (leftpeer, rightpeer, obj['ipsec_psk'])) if secret.is_changed() or file.is_changed(): secret.commit() file.commit() logging.info("Configured vpn %s %s", leftpeer, rightpeer) CsHelper.execute("ipsec rereadsecrets") # This will load the new config CsHelper.execute("ipsec reload") os.chmod(vpnsecretsfile, 0400) for i in xrange(3): done = True for peeridx in range(0, len(peerlistarr)): # Check for the proper connection and subnet conn = rightpeer if not splitconnections else rightpeer if peeridx == 0 else '%s-%d' % ( rightpeer, peeridx + 1) result = CsHelper.execute('ipsec status vpn-%s | grep "%s"' % (conn, peerlistarr[peeridx])) # If any of the peers hasn't yet finished, continue the outer loop if len(result) == 0: done = False if done: break time.sleep(1) # With 'auto=route', connections are established on an attempt to # communicate over the S2S VPN. This uses ping to initialize the connection. for peer in peerlistarr: octets = peer.split('/', 1)[0].split('.') octets[3] = str((int(octets[3]) + 1)) ipinsubnet = '.'.join(octets) CsHelper.execute("timeout 5 ping -c 3 %s" % ipinsubnet)
class CsDhcp(CsDataBag): """ Manage dhcp entries """ def process(self): self.hosts = {} self.changed = [] self.devinfo = CsHelper.get_device_info() self.preseed() self.cloud = CsFile(DHCP_HOSTS) self.dhcp_opts = CsFile(DHCP_OPTS) self.conf = CsFile(CLOUD_CONF) self.cloud.repopulate() self.dhcp_opts.repopulate() for item in self.dbag: if item == "id": continue self.add(self.dbag[item]) self.write_hosts() self.configure_server() restart_dnsmasq = False if self.conf.commit(): restart_dnsmasq = True if self.cloud.commit(): restart_dnsmasq = True self.dhcp_opts.commit() if restart_dnsmasq: self.delete_leases() if not self.cl.is_redundant() or self.cl.is_master(): if restart_dnsmasq: CsHelper.service("dnsmasq", "restart") else: CsHelper.start_if_stopped("dnsmasq") CsHelper.service("dnsmasq", "reload") def configure_server(self): # self.conf.addeq("dhcp-hostsfile=%s" % DHCP_HOSTS) idx = 0 for i in self.devinfo: if not i['dnsmasq']: continue device = i['dev'] ip = i['ip'].split('/')[0] sline = "dhcp-range=set:interface-%s-%s" % (device, idx) line = "dhcp-range=set:interface-%s-%s,%s,static" % (device, idx, ip) self.conf.search(sline, line) gn = CsGuestNetwork(device, self.config) sline = "dhcp-option=tag:interface-%s-%s,15" % (device, idx) line = "dhcp-option=tag:interface-%s-%s,15,%s" % (device, idx, gn.get_domain()) self.conf.search(sline, line) # DNS search order if gn.get_dns() and device: sline = "dhcp-option=tag:interface-%s-%s,6" % (device, idx) dns_list = [x for x in gn.get_dns() if x] line = "dhcp-option=tag:interface-%s-%s,6,%s" % (device, idx, ','.join(dns_list)) self.conf.search(sline, line) # Gateway gateway = '' if self.config.is_vpc(): gateway = gn.get_gateway() else: gateway = i['gateway'] if gateway != '0.0.0.0': sline = "dhcp-option=tag:interface-%s-%s,3," % (device, idx) line = "dhcp-option=tag:interface-%s-%s,3,%s" % (device, idx, gateway) self.conf.search(sline, line) # Netmask netmask = '' if self.config.is_vpc(): netmask = gn.get_netmask() else: netmask = self.config.address().get_guest_netmask() sline = "dhcp-option=tag:interface-%s-%s,1," % (device, idx) line = "dhcp-option=tag:interface-%s-%s,1,%s" % (device, idx, netmask) self.conf.search(sline, line) idx += 1 def delete_leases(self): try: open(LEASES, 'w').close() except IOError: return def preseed(self): self.add_host("127.0.0.1", "localhost %s" % CsHelper.get_hostname()) self.add_host("::1", "localhost ip6-localhost ip6-loopback") self.add_host("ff02::1", "ip6-allnodes") self.add_host("ff02::2", "ip6-allrouters") if self.config.is_router(): self.add_host(self.config.address().get_guest_ip(), "%s data-server" % CsHelper.get_hostname()) def write_hosts(self): file = CsFile("/etc/hosts") file.repopulate() for ip in self.hosts: file.add("%s\t%s" % (ip, self.hosts[ip])) if file.is_changed(): file.commit() logging.info("Updated hosts file") else: logging.debug("Hosts file unchanged") def add(self, entry): self.add_host(entry['ipv4_address'], entry['host_name']) # lease time boils down to once a month # with a splay of 60 hours to prevent storms lease = randint(700, 760) if entry['default_entry']: self.cloud.add("%s,%s,%s,%sh" % (entry['mac_address'], entry['ipv4_address'], entry['host_name'], lease)) else: tag = entry['ipv4_address'].replace(".", "_") self.cloud.add("%s,set:%s,%s,%s,%sh" % (entry['mac_address'], tag, entry['ipv4_address'], entry['host_name'], lease)) self.dhcp_opts.add("%s,%s" % (tag, 3)) self.dhcp_opts.add("%s,%s" % (tag, 6)) self.dhcp_opts.add("%s,%s" % (tag, 15)) i = IPAddress(entry['ipv4_address']) # Calculate the device for v in self.devinfo: if i > v['network'].network and i < v['network'].broadcast: v['dnsmasq'] = True # Virtual Router v['gateway'] = entry['default_gateway'] def add_host(self, ip, hosts): self.hosts[ip] = hosts
class CsDhcp(CsDataBag): """ Manage dhcp entries """ def process(self): self.hosts = {} self.changed = [] self.devinfo = CsHelper.get_device_info() self.preseed() self.cloud = CsFile(DHCP_HOSTS) self.conf = CsFile(CLOUD_CONF) length = len(self.conf) for item in self.dbag: if item == "id": continue self.add(self.dbag[item]) self.write_hosts() if self.cloud.is_changed(): self.delete_leases() self.configure_server() self.conf.commit() self.cloud.commit() if self.conf.is_changed(): CsHelper.service("dnsmasq", "restart") elif self.cloud.is_changed(): CsHelper.hup_dnsmasq("dnsmasq", "dnsmasq") def configure_server(self): # self.conf.addeq("dhcp-hostsfile=%s" % DHCP_HOSTS) for i in self.devinfo: if not i['dnsmasq']: continue device = i['dev'] ip = i['ip'].split('/')[0] sline = "dhcp-range=interface:%s,set:interface" % (device) line = "dhcp-range=interface:%s,set:interface-%s,%s,static" % (device, device, ip) self.conf.search(sline, line) gn = CsGuestNetwork(device, self.config) sline = "dhcp-option=tag:interface-%s,15" % device line = "dhcp-option=tag:interface-%s,15,%s" % (device, gn.get_domain()) self.conf.search(sline, line) # DNS search order sline = "dhcp-option=tag:interface-%s,6" % device line = "dhcp-option=tag:interface-%s,6,%s" % (device, ','.join(gn.get_dns())) self.conf.search(sline, line) # Gateway gateway = '' if self.config.is_vpc(): gateway = gn.get_gateway() else: gateway = i['gateway'] sline = "dhcp-option=tag:interface-%s,3," % device line = "dhcp-option=tag:interface-%s,3,%s" % (device, gateway) self.conf.search(sline, line) # Netmask netmask = '' if self.config.is_vpc(): netmask = gn.get_netmask() else: netmask = self.config.address().get_guest_netmask() sline = "dhcp-option=tag:interface-%s,1," % device line = "dhcp-option=tag:interface-%s,1,%s" % (device, netmask) self.conf.search(sline, line) def delete_leases(self): changed = [] leases = [] try: for line in open(LEASES): bits = line.strip().split(' ') to = {"device": bits[0], "mac": bits[1], "ip": bits[2], "host": bits[3:], "del": False } changed.append(to) for v in changed: if v['mac'] == to['mac'] or v['ip'] == to['ip'] or v['host'] == to['host']: to['del'] = True leases.append(to) for o in leases: if o['del']: cmd = "dhcp_release eth%s %s %s" % (o['device'], o['ip'], o['mac']) logging.info(cmd) CsHelper.execute(cmd) except IOError: return def preseed(self): self.add_host("127.0.0.1", "localhost") self.add_host("::1", "localhost ip6-localhost ip6-loopback") self.add_host("ff02::1", "ip6-allnodes") self.add_host("ff02::2", "ip6-allrouters") if self.config.is_vpc(): self.add_host("127.0.0.1", CsHelper.get_hostname()) if self.config.is_router(): self.add_host(self.config.address().get_guest_ip(), "%s data-server" % CsHelper.get_hostname()) def write_hosts(self): file = CsFile("/etc/hosts") file.repopulate() for ip in self.hosts: file.add("%s\t%s" % (ip, self.hosts[ip])) file.commit() if file.is_changed(): logging.info("Updated hosts file") else: logging.debug("Hosts file unchanged") def add(self, entry): self.add_host(entry['ipv4_adress'], entry['host_name']) self.cloud.add("%s,%s,%s,infinite" % (entry['mac_address'], entry['ipv4_adress'], entry['host_name'])) i = IPAddress(entry['ipv4_adress']) # Calculate the device for v in self.devinfo: if i > v['network'].network and i < v['network'].broadcast: v['dnsmasq'] = True # Virtual Router v['gateway'] = entry['default_gateway'] def add_host(self, ip, hosts): self.hosts[ip] = hosts