def remove_mapping(source_ip, destination_ip, source_port=-1, destination_port=-1):
nat_type, nat_ip, nat_user = get_nat_details()
if nat_type == NAT_TYPE_SOFTWARE:
# source_port and destination_port are -1 when function is called for removing public IP - private IP mapping
if source_port == -1 and destination_port == -1:
logger.debug("Removing mapping for public IP: %s and private IP: %s" %(source_ip, destination_ip))
interfaces_command = get_interfaces_command('Delete', source_ip)
iptables_command = get_ip_tables_command('Delete', source_ip , destination_ip)
command = interfaces_command + iptables_command
else:
logger.debug("Removing VNC mapping from NAT for public IP %s host IP %s public VNC port %s private VNC port %s" %(source_ip, destination_ip, source_port, destination_port))
command = get_ip_tables_command('Delete', source_ip , destination_ip, source_port, destination_port)
# Create SSH session to execute all commands on NAT box.
execute_remote_bulk_cmd(nat_ip, nat_user, command)
elif nat_type == NAT_TYPE_HARDWARE:
#This function is to be implemented
raise Exception("No implementation for NAT type hardware")
elif nat_type == NAT_TYPE_MAPPING:
# This function is to be implemented
return
else:
raise Exception("NAT type is not supported")
def create_mapping(source_ip , destination_ip, source_port = -1, destination_port = -1, duration = -1 ):
nat_type, nat_ip, nat_user = get_nat_details()
if nat_type == NAT_TYPE_SOFTWARE:
if source_port == -1 & destination_port == -1:
logger.debug("Adding public ip %s private ip %s mapping on NAT" %(source_ip, destination_ip))
interfaces_command = get_interfaces_command('Add', source_ip)
iptables_command = get_ip_tables_command('Add', source_ip , destination_ip)
command = interfaces_command + iptables_command
else:
logger.debug("Creating VNC mapping on NAT box for public IP %s host IP %s public VNC port %s private VNC port %s duration %s" %(source_ip, destination_ip, source_port, destination_port, duration))
logger.debug("Creating SSH session on NAT box %s" %(nat_ip))
interfaces_command = get_interfaces_command('Add', source_ip)
iptables_command = get_ip_tables_command('Add', source_ip , destination_ip, source_port, destination_port)
command = interfaces_command + iptables_command
# Create SSH session to execute all commands on NAT box.
execute_remote_bulk_cmd(nat_ip, nat_user, command)
elif nat_type == NAT_TYPE_HARDWARE:
# This function is to be implemented
raise Exception("No implementation for NAT type hardware")
elif nat_type == NAT_TYPE_MAPPING:
# This function is to be implemented
return
else:
raise Exception("NAT type is not supported")
def clear_all_nat_mappings(db):
"""
Clears mappings from NAT
"""
nat_type, nat_ip, nat_user = _get_nat_details()
if nat_type == NAT_TYPE_SOFTWARE:
logger.debug("Clearing all NAT mappings")
command = ''
# For all public IP - private IP mappings, Delete aliases
for vm_data_info in db(db.vm_data.public_ip != None).select():
private_ip = vm_data_info.private_ip.private_ip
public_ip = vm_data_info.public_ip.public_ip
logger.debug(
'Removing private to public IP mapping for private IP: %s and public IP:%s'
% (private_ip, public_ip))
# private_ip_octets = mapping['private_ip'].split('.')
public_ip_octets = public_ip.split('.')
interface_alias = "%s:%s.%s.%s" % (
NAT_PUBLIC_INTERFACE, public_ip_octets[1], public_ip_octets[2],
public_ip_octets[3])
command += '''
rm /etc/network/interfaces.d/2_%s.cfg
ifconfig %s down
cat /etc/network/interfaces.d/*.cfg > /etc/network/interfaces
''' % (interface_alias, interface_alias)
# Flushing all rules from iptables
command += '''
iptables --flush
iptables -t nat --flush
iptables --delete-chain
iptables -t nat --delete-chain
/etc/init.d/iptables-persistent save
/etc/init.d/iptables-persistent reload
exit
'''
execute_remote_bulk_cmd(nat_ip, nat_user, command)
# Updating DB
logger.debug(
"Flushing all public Ip - private IP mappings and VNC mappings from DB"
)
db.vm_data.update(public_ip=None)
db.vnc_access.update(status=VNC_ACCESS_STATUS_INACTIVE)
elif nat_type == NAT_TYPE_HARDWARE:
# This function is to be implemented
raise Exception("No implementation for NAT type hardware")
elif nat_type == NAT_TYPE_MAPPING:
logger.debug("Clearing all mapping information from DB")
db.vm_data.update(public_ip=None)
db.vnc_access.update(status=VNC_ACCESS_STATUS_INACTIVE)
else:
raise Exception("NAT type is not supported")
def create_mapping(source_ip,
destination_ip,
source_port=-1,
destination_port=-1,
duration=-1):
"""
Function to create mappings in NAT
If NAT type is software_nat then for creating public - private IP mapping:
- Create the alias on NAT that will listen on the public IP.
- Create rules in iptables to forward the traffic coming on public IP to private IP and vice versa.
For providing VNC access:
- Check if the NAT is listening on the public IP to be used for VNC access.
- If NAT is not listening on the desired public IP, create an alias to listen on that IP.
- Create rules in iptables to forward the VNC traffic to the host.
"""
nat_type, nat_ip, nat_user = _get_nat_details()
if nat_type == NAT_TYPE_SOFTWARE:
if source_port == -1 & destination_port == -1:
logger.debug("Adding public ip %s private ip %s mapping on NAT" %
(source_ip, destination_ip))
interfaces_command = _get_interfaces_command('Add', source_ip)
iptables_command = _get_ip_tables_command('Add', source_ip,
destination_ip)
command = interfaces_command + iptables_command
else:
logger.debug(
"Creating VNC mapping on NAT box for public IP %s host IP %s public VNC port %s private VNC port %s duration %s"
% (source_ip, destination_ip, source_port, destination_port,
duration))
logger.debug("Creating SSH session on NAT box %s" % (nat_ip))
interfaces_command = _get_interfaces_command('Add', source_ip)
iptables_command = _get_ip_tables_command('Add', source_ip,
destination_ip,
source_port,
destination_port)
command = interfaces_command + iptables_command
# Create SSH session to execute all commands on NAT box.
execute_remote_bulk_cmd(nat_ip, nat_user, command)
elif nat_type == NAT_TYPE_HARDWARE:
# This function is to be implemented
raise Exception("No implementation for NAT type hardware")
elif nat_type == NAT_TYPE_MAPPING:
# This function is to be implemented
return
else:
raise Exception("NAT type is not supported")
def clear_all_timedout_vnc_mappings():
"""
Deletes all timed-out VNC mappings from NAT
"""
nat_type, nat_ip, nat_user = _get_nat_details()
if nat_type == NAT_TYPE_SOFTWARE:
logger.debug("Clearing all timed out VNC mappings from NAT box %s" %(nat_ip))
# Get all active VNC mappings from DB
vnc_mappings = current.db((current.db.vnc_access.status == VNC_ACCESS_STATUS_ACTIVE) &
(current.db.vnc_access.expiry_time < get_datetime())).select()
if (vnc_mappings != None) & (len(vnc_mappings) != 0):
# Delete the VNC mapping from NAT if the duration of access has past its requested time duration
command = ''
for mapping in vnc_mappings:
logger.debug('Removing VNC mapping for vm id: %s, host: %s, source IP: %s, source port: %s, destination port: %s' %(mapping.vm_id, mapping.host_id, mapping.vnc_server_ip, mapping.vnc_source_port, mapping.vnc_destination_port))
host_ip = mapping.host_id.host_ip.private_ip
# Delete rules from iptables on NAT box
command += '''
iptables -D PREROUTING -t nat -i %s -p tcp -d %s --dport %s -j DNAT --to %s:%s
iptables -D FORWARD -p tcp -d %s --dport %s -j ACCEPT''' %(NAT_PUBLIC_INTERFACE, mapping.vnc_server_ip, mapping.vnc_source_port, host_ip, mapping.vnc_destination_port, host_ip, mapping.vnc_destination_port)
# Update DB for each VNC access
current.db(current.db.vnc_access.id == mapping.id).update(status=VNC_ACCESS_STATUS_INACTIVE)
command += '''
/etc/init.d/iptables-persistent save
/etc/init.d/iptables-persistent reload
exit
'''
current.db.commit()
execute_remote_bulk_cmd(nat_ip, nat_user, command)
logger.debug("Done clearing vnc mappings")
elif nat_type == NAT_TYPE_HARDWARE:
# This function is to be implemented
raise Exception("No implementation for NAT type hardware")
elif nat_type == NAT_TYPE_MAPPING:
# This function is to be implemented
logger.debug('Clearing all timed out VNC mappings')
# Get all active VNC mappings from DB
vnc_mappings = current.db((current.db.vnc_access.status == VNC_ACCESS_STATUS_ACTIVE) &
(current.db.vnc_access.expiry_time < get_datetime())).select()
if (vnc_mappings != None) & (len(vnc_mappings) != 0):
for mapping in vnc_mappings:
# Update DB for each VNC access
current.db(current.db.vnc_access.id == mapping.id).update(status=VNC_ACCESS_STATUS_INACTIVE)
current.db.commit()
logger.debug("Done clearing vnc mappings")
else:
raise Exception("NAT type is not supported")
def clear_all_nat_mappings(db):
"""
Clears mappings from NAT
"""
nat_type, nat_ip, nat_user = _get_nat_details()
if nat_type == NAT_TYPE_SOFTWARE:
logger.debug("Clearing all NAT mappings")
command = ''
# For all public IP - private IP mappings, Delete aliases
for vm_data_info in db(db.vm_data.public_ip != None).select():
private_ip = vm_data_info.private_ip.private_ip
public_ip = vm_data_info.public_ip.public_ip
logger.debug('Removing private to public IP mapping for private IP: %s and public IP:%s' %(private_ip, public_ip))
# private_ip_octets = mapping['private_ip'].split('.')
public_ip_octets = public_ip.split('.')
interface_alias = "%s:%s.%s.%s" %(NAT_PUBLIC_INTERFACE, public_ip_octets[1], public_ip_octets[2], public_ip_octets[3])
command += '''
rm /etc/network/interfaces.d/2_%s.cfg
ifconfig %s down
cat /etc/network/interfaces.d/*.cfg > /etc/network/interfaces
''' %(interface_alias, interface_alias)
# Flushing all rules from iptables
command += '''
iptables --flush
iptables -t nat --flush
iptables --delete-chain
iptables -t nat --delete-chain
/etc/init.d/iptables-persistent save
/etc/init.d/iptables-persistent reload
exit
'''
execute_remote_bulk_cmd(nat_ip, nat_user, command)
# Updating DB
logger.debug("Flushing all public Ip - private IP mappings and VNC mappings from DB")
db.vm_data.update(public_ip = None)
db.vnc_access.update(status = VNC_ACCESS_STATUS_INACTIVE)
elif nat_type == NAT_TYPE_HARDWARE:
# This function is to be implemented
raise Exception("No implementation for NAT type hardware")
elif nat_type == NAT_TYPE_MAPPING:
logger.debug("Clearing all mapping information from DB")
db.vm_data.update(public_ip = None)
db.vnc_access.update(status = VNC_ACCESS_STATUS_INACTIVE)
else:
raise Exception("NAT type is not supported")
def remove_mapping(source_ip,
destination_ip,
source_port=-1,
destination_port=-1):
"""
Function to remove mapping from NAT
If NAT type is software_nat then for removing public IP - private IP mapping:
- Remove the alias on NAT listening on the public IP.
- Delete rules from iptables to forward the traffic coming on public IP to private IP and vice versa.
- Flush the entries from DB and make public IP free.
For revoking VNC access:
- Delete rules from iptables to forward the VNC traffic to the host.
- Update DB to make the VNC access inactive.
"""
nat_type, nat_ip, nat_user = _get_nat_details()
if nat_type == NAT_TYPE_SOFTWARE:
# source_port and destination_port are -1 when function is called for removing public IP - private IP mapping
if source_port == -1 and destination_port == -1:
logger.debug(
"Removing mapping for public IP: %s and private IP: %s" %
(source_ip, destination_ip))
interfaces_command = _get_interfaces_command('Delete', source_ip)
iptables_command = _get_ip_tables_command('Delete', source_ip,
destination_ip)
command = interfaces_command + iptables_command
else:
logger.debug(
"Removing VNC mapping from NAT for public IP %s host IP %s public VNC port %s private VNC port %s"
% (source_ip, destination_ip, source_port, destination_port))
command = _get_ip_tables_command('Delete', source_ip,
destination_ip, source_port,
destination_port)
# Create SSH session to execute all commands on NAT box.
execute_remote_bulk_cmd(nat_ip, nat_user, command)
elif nat_type == NAT_TYPE_HARDWARE:
#This function is to be implemented
raise Exception("No implementation for NAT type hardware")
elif nat_type == NAT_TYPE_MAPPING:
# This function is to be implemented
return
else:
raise Exception("NAT type is not supported")
def create_mapping(source_ip,
destination_ip,
source_port=-1,
destination_port=-1,
duration=-1):
nat_type, nat_ip, nat_user = get_nat_details()
if nat_type == NAT_TYPE_SOFTWARE:
if source_port == -1 & destination_port == -1:
logger.debug("Adding public ip %s private ip %s mapping on NAT" %
(source_ip, destination_ip))
interfaces_command = get_interfaces_command('Add', source_ip)
iptables_command = get_ip_tables_command('Add', source_ip,
destination_ip)
command = interfaces_command + iptables_command
else:
logger.debug(
"Creating VNC mapping on NAT box for public IP %s host IP %s public VNC port %s private VNC port %s duration %s"
% (source_ip, destination_ip, source_port, destination_port,
duration))
logger.debug("Creating SSH session on NAT box %s" % (nat_ip))
interfaces_command = get_interfaces_command('Add', source_ip)
iptables_command = get_ip_tables_command('Add', source_ip,
destination_ip,
source_port,
destination_port)
command = interfaces_command + iptables_command
# Create SSH session to execute all commands on NAT box.
execute_remote_bulk_cmd(nat_ip, nat_user, command)
elif nat_type == NAT_TYPE_HARDWARE:
# This function is to be implemented
raise Exception("No implementation for NAT type hardware")
elif nat_type == NAT_TYPE_MAPPING:
# This function is to be implemented
return
else:
raise Exception("NAT type is not supported")
def create_mapping(source_ip , destination_ip, source_port = -1, destination_port = -1, duration = -1 ):
"""
Function to create mappings in NAT
If NAT type is software_nat then for creating public - private IP mapping:
- Create the alias on NAT that will listen on the public IP.
- Create rules in iptables to forward the traffic coming on public IP to private IP and vice versa.
For providing VNC access:
- Check if the NAT is listening on the public IP to be used for VNC access.
- If NAT is not listening on the desired public IP, create an alias to listen on that IP.
- Create rules in iptables to forward the VNC traffic to the host.
"""
nat_type, nat_ip, nat_user = _get_nat_details()
if nat_type == NAT_TYPE_SOFTWARE:
if source_port == -1 & destination_port == -1:
logger.debug("Adding public ip %s private ip %s mapping on NAT" %(source_ip, destination_ip))
interfaces_command = _get_interfaces_command('Add', source_ip)
iptables_command = _get_ip_tables_command('Add', source_ip , destination_ip)
command = interfaces_command + iptables_command
else:
logger.debug("Creating VNC mapping on NAT box for public IP %s host IP %s public VNC port %s private VNC port %s duration %s" %(source_ip, destination_ip, source_port, destination_port, duration))
logger.debug("Creating SSH session on NAT box %s" %(nat_ip))
interfaces_command = _get_interfaces_command('Add', source_ip)
iptables_command = _get_ip_tables_command('Add', source_ip , destination_ip, source_port, destination_port)
command = interfaces_command + iptables_command
# Create SSH session to execute all commands on NAT box.
execute_remote_bulk_cmd(nat_ip, nat_user, command)
elif nat_type == NAT_TYPE_HARDWARE:
# This function is to be implemented
raise Exception("No implementation for NAT type hardware")
elif nat_type == NAT_TYPE_MAPPING:
# This function is to be implemented
return
else:
raise Exception("NAT type is not supported")
def remove_mapping(source_ip,
destination_ip,
source_port=-1,
destination_port=-1):
nat_type, nat_ip, nat_user = get_nat_details()
if nat_type == NAT_TYPE_SOFTWARE:
# source_port and destination_port are -1 when function is called for removing public IP - private IP mapping
if source_port == -1 and destination_port == -1:
logger.debug(
"Removing mapping for public IP: %s and private IP: %s" %
(source_ip, destination_ip))
interfaces_command = get_interfaces_command('Delete', source_ip)
iptables_command = get_ip_tables_command('Delete', source_ip,
destination_ip)
command = interfaces_command + iptables_command
else:
logger.debug(
"Removing VNC mapping from NAT for public IP %s host IP %s public VNC port %s private VNC port %s"
% (source_ip, destination_ip, source_port, destination_port))
command = get_ip_tables_command('Delete', source_ip,
destination_ip, source_port,
destination_port)
# Create SSH session to execute all commands on NAT box.
execute_remote_bulk_cmd(nat_ip, nat_user, command)
elif nat_type == NAT_TYPE_HARDWARE:
#This function is to be implemented
raise Exception("No implementation for NAT type hardware")
elif nat_type == NAT_TYPE_MAPPING:
# This function is to be implemented
return
else:
raise Exception("NAT type is not supported")
def remove_mapping(source_ip, destination_ip, source_port=-1, destination_port=-1):
"""
Function to remove mapping from NAT
If NAT type is software_nat then for removing public IP - private IP mapping:
- Remove the alias on NAT listening on the public IP.
- Delete rules from iptables to forward the traffic coming on public IP to private IP and vice versa.
- Flush the entries from DB and make public IP free.
For revoking VNC access:
- Delete rules from iptables to forward the VNC traffic to the host.
- Update DB to make the VNC access inactive.
"""
nat_type, nat_ip, nat_user = _get_nat_details()
if nat_type == NAT_TYPE_SOFTWARE:
# source_port and destination_port are -1 when function is called for removing public IP - private IP mapping
if source_port == -1 and destination_port == -1:
logger.debug("Removing mapping for public IP: %s and private IP: %s" %(source_ip, destination_ip))
interfaces_command = _get_interfaces_command('Delete', source_ip)
iptables_command = _get_ip_tables_command('Delete', source_ip , destination_ip)
command = interfaces_command + iptables_command
else:
logger.debug("Removing VNC mapping from NAT for public IP %s host IP %s public VNC port %s private VNC port %s" %(source_ip, destination_ip, source_port, destination_port))
command = _get_ip_tables_command('Delete', source_ip , destination_ip, source_port, destination_port)
# Create SSH session to execute all commands on NAT box.
execute_remote_bulk_cmd(nat_ip, nat_user, command)
elif nat_type == NAT_TYPE_HARDWARE:
#This function is to be implemented
raise Exception("No implementation for NAT type hardware")
elif nat_type == NAT_TYPE_MAPPING:
# This function is to be implemented
return
else:
raise Exception("NAT type is not supported")
def clear_all_timedout_vnc_mappings():
nat_type, nat_ip, nat_user = get_nat_details()
if nat_type == NAT_TYPE_SOFTWARE:
logger.debug("Clearing all timed out VNC mappings from NAT box %s" %
(nat_ip))
# Get all active VNC mappings from DB
vnc_mappings = current.db(
(current.db.vnc_access.status == VNC_ACCESS_STATUS_ACTIVE)
& (current.db.vnc_access.expiry_time < get_datetime())).select()
if (vnc_mappings != None) & (len(vnc_mappings) != 0):
# Delete the VNC mapping from NAT if the duration of access has past its requested time duration
command = ''
for mapping in vnc_mappings:
logger.debug(
'Removing VNC mapping for vm id: %s, host: %s, source IP: %s, source port: %s, destination port: %s'
% (mapping.vm_id, mapping.host_id, mapping.vnc_server_ip,
mapping.vnc_source_port, mapping.vnc_destination_port))
host_ip = mapping.host_id.host_ip.private_ip
# Delete rules from iptables on NAT box
command += '''
iptables -D PREROUTING -t nat -i %s -p tcp -d %s --dport %s -j DNAT --to %s:%s
iptables -D FORWARD -p tcp -d %s --dport %s -j ACCEPT''' % (
NAT_PUBLIC_INTERFACE, mapping.vnc_server_ip,
mapping.vnc_source_port, host_ip,
mapping.vnc_destination_port, host_ip,
mapping.vnc_destination_port)
# Update DB for each VNC access
current.db(current.db.vnc_access.id == mapping.id).update(
status=VNC_ACCESS_STATUS_INACTIVE)
command += '''
/etc/init.d/iptables-persistent save
/etc/init.d/iptables-persistent reload
exit
'''
current.db.commit()
execute_remote_bulk_cmd(nat_ip, nat_user, command)
logger.debug("Done clearing vnc mappings")
elif nat_type == NAT_TYPE_HARDWARE:
# This function is to be implemented
raise Exception("No implementation for NAT type hardware")
elif nat_type == NAT_TYPE_MAPPING:
# This function is to be implemented
logger.debug('Clearing all timed out VNC mappings')
# Get all active VNC mappings from DB
vnc_mappings = current.db(
(current.db.vnc_access.status == VNC_ACCESS_STATUS_ACTIVE)
& (current.db.vnc_access.expiry_time < get_datetime())).select()
if (vnc_mappings != None) & (len(vnc_mappings) != 0):
for mapping in vnc_mappings:
# Update DB for each VNC access
current.db(current.db.vnc_access.id == mapping.id).update(
status=VNC_ACCESS_STATUS_INACTIVE)
current.db.commit()
logger.debug("Done clearing vnc mappings")
else:
raise Exception("NAT type is not supported")