def addFWFramework(brname):
try:
cfo = configFileOps("/etc/sysctl.conf")
cfo.addEntry("net.bridge.bridge-nf-call-arptables", "1")
cfo.addEntry("net.bridge.bridge-nf-call-iptables", "1")
cfo.addEntry("net.bridge.bridge-nf-call-ip6tables", "1")
cfo.save()
execute("sysctl -p /etc/sysctl.conf")
except:
logging.debug("failed to turn on bridge netfilter")
return False
brfw = getBrfw(brname)
try:
execute("iptables -L " + brfw)
except:
execute("iptables -N " + brfw)
brfwout = brfw + "-OUT"
try:
execute("iptables -L " + brfwout)
except:
execute("iptables -N " + brfwout)
brfwin = brfw + "-IN"
try:
execute("iptables -L " + brfwin)
except:
execute("iptables -N " + brfwin)
try:
refs = execute(
"""iptables -n -L %s | awk '/%s(.*)references/ {gsub(/\(/, "") ;print $3}'""" % (brfw, brfw)
).strip()
if refs == "0":
execute("iptables -I FORWARD -i " + brname + " -j DROP")
execute("iptables -I FORWARD -o " + brname + " -j DROP")
execute("iptables -I FORWARD -i " + brname + " -m physdev --physdev-is-bridged -j " + brfw)
execute("iptables -I FORWARD -o " + brname + " -m physdev --physdev-is-bridged -j " + brfw)
phydev = execute("brctl show | awk '/^%s[ \t]/ {print $4}'" % brname).strip()
execute("iptables -A " + brfw + " -m state --state RELATED,ESTABLISHED -j ACCEPT")
execute("iptables -A " + brfw + " -m physdev --physdev-is-bridged --physdev-is-in -j " + brfwin)
execute("iptables -A " + brfw + " -m physdev --physdev-is-bridged --physdev-is-out -j " + brfwout)
execute("iptables -A " + brfw + " -m physdev --physdev-is-bridged --physdev-out " + phydev + " -j ACCEPT")
return True
except:
try:
execute("iptables -F " + brfw)
except:
return False
return False
def addFWFramework(brname):
try:
cfo = configFileOps("/etc/sysctl.conf")
cfo.addEntry("net.bridge.bridge-nf-call-arptables", "1")
cfo.addEntry("net.bridge.bridge-nf-call-iptables", "1")
cfo.addEntry("net.bridge.bridge-nf-call-ip6tables", "1")
cfo.save()
execute("sysctl -p /etc/sysctl.conf")
except:
logging.debug("failed to turn on bridge netfilter")
return False
brfw = getBrfw(brname)
try:
execute("iptables -L " + brfw)
except:
execute("iptables -N " + brfw)
brfwout = brfw + "-OUT"
try:
execute("iptables -L " + brfwout)
except:
execute("iptables -N " + brfwout)
brfwin = brfw + "-IN"
try:
execute("iptables -L " + brfwin)
except:
execute("iptables -N " + brfwin)
try:
refs = execute("""iptables -n -L " + brfw + " | awk '/%s(.*)references/ {gsub(/\(/, "") ;print $3}'""" % brfw).strip()
if refs == "0":
execute("iptables -I FORWARD -i " + brname + " -j DROP")
execute("iptables -I FORWARD -o " + brname + " -j DROP")
execute("iptables -I FORWARD -i " + brname + " -m physdev --physdev-is-bridged -j " + brfw)
execute("iptables -I FORWARD -o " + brname + " -m physdev --physdev-is-bridged -j " + brfw)
phydev = execute("brctl show | awk '/^%s[ \t]/ {print $4}'" % brname ).strip()
execute("iptables -A " + brfw + " -m state --state RELATED,ESTABLISHED -j ACCEPT")
execute("iptables -A " + brfw + " -m physdev --physdev-is-bridged --physdev-is-in -j " + brfwin)
execute("iptables -A " + brfw + " -m physdev --physdev-is-bridged --physdev-is-out -j " + brfwout)
execute("iptables -A " + brfw + " -m physdev --physdev-is-bridged --physdev-out " + phydev + " -j ACCEPT")
return True
except:
try:
execute("iptables -F " + brfw)
except:
return False
return False
def addFWFramework(brname):
try:
cfo = configFileOps("/etc/sysctl.conf")
cfo.addEntry("net.bridge.bridge-nf-call-arptables", "1")
cfo.addEntry("net.bridge.bridge-nf-call-iptables", "1")
cfo.addEntry("net.bridge.bridge-nf-call-ip6tables", "1")
cfo.save()
execute("sysctl -p /etc/sysctl.conf")
except:
logging.debug("failed to turn on bridge netfilter")
return False
brfw = "BF-" + brname
try:
execute("iptables -L " + brfw)
except:
execute("iptables -N " + brfw)
brfwout = brfw + "-OUT"
try:
execute("iptables -L " + brfwout)
except:
execute("iptables -N " + brfwout)
brfwin = brfw + "-IN"
try:
execute("iptables -L " + brfwin)
except:
execute("iptables -N " + brfwin)
try:
refs = execute("iptables -n -L " + brfw + " |grep " + brfw + " | cut -d \( -f2 | awk '{print $1}'").strip()
if refs == "0":
execute("iptables -I FORWARD -i " + brname + " -j DROP")
execute("iptables -I FORWARD -o " + brname + " -j DROP")
execute("iptables -I FORWARD -i " + brname + " -m physdev --physdev-is-bridged -j " + brfw)
execute("iptables -I FORWARD -o " + brname + " -m physdev --physdev-is-bridged -j " + brfw)
phydev = execute("brctl show |grep " + brname + " | awk '{print $4}'").strip()
execute("iptables -A " + brfw + " -m physdev --physdev-is-bridged --physdev-out " + phydev + " -j ACCEPT")
execute("iptables -A " + brfw + " -m state --state RELATED,ESTABLISHED -j ACCEPT")
execute("iptables -A " + brfw + " -m physdev --physdev-is-bridged --physdev-is-out -j " + brfwout)
execute("iptables -A " + brfw + " -m physdev --physdev-is-bridged --physdev-is-in -j " + brfwin)
return True
except:
try:
execute("iptables -F " + brfw)
except:
return False
return False
def getUserInputs():
print "Welcome to the CloudStack Agent Setup:"
cfo = configFileOps("/etc/cloudstack/agent/agent.properties")
oldMgt = cfo.getEntry("host")
mgtSvr = oldMgt
if mgtSvr == "":
mgtSvr = oldMgt
try:
socket.getaddrinfo(mgtSvr, 443)
except:
print "Failed to resolve %s. Please input a valid hostname or IP-Address."%mgtSvr
exit(1)
oldToken = cfo.getEntry("zone")
zoneToken = oldToken
if zoneToken == "":
zoneToken = oldToken
oldPod = cfo.getEntry("pod")
podId = oldPod
if podId == "":
podId = oldToken
oldCluster = cfo.getEntry("cluster")
clusterId = oldCluster
if clusterId == "":
clusterId = oldCluster
try:
defaultNic = networkConfig.getDefaultNetwork()
except:
print "Failed to get default route. Please configure your network to have a default route"
exit(1)
defNic = defaultNic.name
network = defNic
if network == "":
if defNic == "":
print "You need to specifiy one of Nic or bridge on your system"
exit(1)
elif network == "":
network = defNic
return [mgtSvr, zoneToken, network, podId, clusterId]
def getUserInputs():
print "Welcome to the CloudStack Agent Setup:"
cfo = configFileOps("/etc/cloudstack/agent/agent.properties")
oldMgt = cfo.getEntry("host")
mgtSvr = oldMgt
if mgtSvr == "":
mgtSvr = oldMgt
try:
socket.getaddrinfo(mgtSvr, 443)
except:
print "Failed to resolve %s. Please input a valid hostname or IP-Address." % mgtSvr
exit(1)
oldToken = cfo.getEntry("zone")
zoneToken = oldToken
if zoneToken == "":
zoneToken = oldToken
oldPod = cfo.getEntry("pod")
podId = oldPod
if podId == "":
podId = oldToken
oldCluster = cfo.getEntry("cluster")
clusterId = oldCluster
if clusterId == "":
clusterId = oldCluster
try:
defaultNic = networkConfig.getDefaultNetwork()
except:
print "Failed to get default route. Please configure your network to have a default route"
exit(1)
defNic = defaultNic.name
network = defNic
if network == "":
if defNic == "":
print "You need to specifiy one of Nic or bridge on your system"
exit(1)
elif network == "":
network = defNic
return [mgtSvr, zoneToken, network, podId, clusterId]
BadOptionError,
OptionError,
OptionConflictError,
OptionValueError,
)
import re
import traceback
import libvirt
logpath = "/var/run/cloud/" # FIXME: Logs should reside in /var/log/cloud
iptables = Command("iptables")
bash = Command("/bin/bash")
ebtablessave = Command("ebtables-save")
ebtables = Command("ebtables")
driver = "qemu:///system"
cfo = configFileOps("/etc/cloudstack/agent/agent.properties")
hyper = cfo.getEntry("hypervisor.type")
if hyper == "lxc":
driver = "lxc:///"
def execute(cmd):
logging.debug(cmd)
return bash("-c", cmd).stdout
def can_bridge_firewall(privnic):
try:
execute("which iptables")
except:
print "no iptables on your host machine"
import libvirt
import logging
import os
import sys
import xml.dom.minidom
from cloud_utils import Command
from cloudutils.configFileOps import configFileOps
from optparse import OptionParser
logpath = "/var/run/cloud/" # FIXME: Logs should reside in /var/log/cloud
iptables = Command("iptables")
bash = Command("/bin/bash")
ebtables = Command("ebtables")
driver = "qemu:///system"
cfo = configFileOps("/etc/cosmic/agent/agent.properties")
hyper = cfo.getEntry("hypervisor.type")
def execute(cmd):
logging.debug(cmd)
return bash("-c", cmd).stdout
def can_bridge_firewall(privnic):
try:
execute("which iptables")
except:
print "no iptables on your host machine"
sys.exit(1)
from cloud_utils import Command
from cloudutils.configFileOps import configFileOps
import logging
import sys
import os
import xml.dom.minidom
from optparse import OptionParser, OptionGroup, OptParseError, BadOptionError, OptionError, OptionConflictError, OptionValueError
import re
import libvirt
logpath = "/var/run/cloud/" # FIXME: Logs should reside in /var/log/cloud
iptables = Command("iptables")
bash = Command("/bin/bash")
ebtables = Command("ebtables")
driver = "qemu:///system"
cfo = configFileOps("/etc/cloudstack/agent/agent.properties")
hyper = cfo.getEntry("hypervisor.type")
if hyper == "lxc":
driver = "lxc:///"
def execute(cmd):
logging.debug(cmd)
return bash("-c", cmd).stdout
def can_bridge_firewall(privnic):
try:
execute("which iptables")
except:
print "no iptables on your host machine"
import libvirt
import logging
import os
import sys
import xml.dom.minidom
from cloud_utils import Command
from cloudutils.configFileOps import configFileOps
from optparse import OptionParser
logpath = "/var/run/cloud/" # FIXME: Logs should reside in /var/log/cloud
iptables = Command("iptables")
bash = Command("/bin/bash")
ebtables = Command("ebtables")
driver = "qemu:///system"
cfo = configFileOps("/etc/cosmic/agent/agent.properties")
hyper = cfo.getEntry("hypervisor.type")
def execute(cmd):
logging.debug(cmd)
return bash("-c", cmd).stdout
def can_bridge_firewall(privnic):
try:
execute("which iptables")
except:
print "no iptables on your host machine"
sys.exit(1)
