def test_init(self):
csconfig = CsConfig()
csconfig.cl = self.cmdline
csconfig.set_address()
csredundant = CsRedundant(csconfig)
self.assertTrue(csredundant is not None)
def test_init(self):
csconfig = CsConfig()
csconfig.cl = self.cmdline
csconfig.set_address()
csredundant = CsRedundant(csconfig)
self.assertTrue(csredundant is not None)
def main(argv):
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
config.set_address()
# IP configuration
config.address().compare()
config.address().process()
password = CsPassword("vmpassword", config)
password.process()
metadata = CsVmMetadata('vmdata', config)
metadata.process()
acls = CsAcl('networkacl', config)
acls.process()
acls = CsAcl('firewallrules', config)
acls.process()
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
red = CsRedundant(config)
red.set()
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
#remote access vpn
rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
rvpn.process()
#remote access vpn users
vpnuser = CsVpnUser("vpnuserlist", config)
vpnuser.process()
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
mon = CsMonitor("monitorservice", config)
mon.process()
nf = CsNetfilters()
nf.compare(config.get_fw())
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
def main(argv):
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
config.set_address()
# IP configuration
config.address().compare()
config.address().process()
password = CsPassword("vmpassword", config)
password.process()
metadata = CsVmMetadata('vmdata', config)
metadata.process()
acls = CsAcl('networkacl', config)
acls.process()
acls = CsAcl('firewallrules', config)
acls.process()
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
nf = CsNetfilters()
nf.compare(config.get_fw())
red = CsRedundant(config)
red.set()
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
mon = CsMonitor("monitorservice", config)
mon.process()
nf = CsNetfilters()
nf.compare(config.get_fw())
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
def test_get_dns(self):
csguestnetwork = CsGuestNetwork({}, CsConfig())
csguestnetwork.guest = True
csguestnetwork.set_dns("1.1.1.1,2.2.2.2")
csguestnetwork.set_router("3.3.3.3")
dns = csguestnetwork.get_dns()
self.assertTrue(len(dns) == 3)
csguestnetwork.set_dns("1.1.1.1")
dns = csguestnetwork.get_dns()
self.assertTrue(len(dns) == 2)
def main(argv):
# The file we are currently processing, if it is "cmd_line.json" everything will be processed.
process_file = argv[1]
# process_file can be None, if so assume cmd_line.json
if process_file is None:
process_file = "cmd_line.json"
# Track if changes need to be committed to NetFilter
iptables_change = False
# The "GLOBAL" Configuration object
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
# Load stored ip adresses from disk to CsConfig()
config.set_address()
logging.debug("Configuring ip addresses")
config.address().compare()
config.address().process()
if process_file in ["cmd_line.json", "guest_network.json"]:
logging.debug("Configuring Guest Network")
iptables_change = True
if process_file in ["cmd_line.json", "vm_password.json"]:
logging.debug("Configuring vmpassword")
password = CsPassword("vmpassword", config)
password.process()
if process_file in ["cmd_line.json", "vm_metadata.json"]:
logging.debug("Configuring vmdata")
metadata = CsVmMetadata('vmdata', config)
metadata.process()
if process_file in ["cmd_line.json", "network_acl.json"]:
logging.debug("Configuring networkacl")
iptables_change = True
if process_file in ["cmd_line.json", "firewall_rules.json"]:
logging.debug("Configuring firewall rules")
iptables_change = True
if process_file in [
"cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"
]:
logging.debug("Configuring PF rules")
iptables_change = True
if process_file in ["cmd_line.json", "site_2_site_vpn.json"]:
logging.debug("Configuring s2s vpn")
iptables_change = True
if process_file in ["cmd_line.json", "remote_access_vpn.json"]:
logging.debug("Configuring remote access vpn")
iptables_change = True
if process_file in ["cmd_line.json", "vpn_user_list.json"]:
logging.debug("Configuring vpn users list")
vpnuser = CsVpnUser("vpnuserlist", config)
vpnuser.process()
if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]:
logging.debug("Configuring dhcp entry")
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
if process_file in ["cmd_line.json", "load_balancer.json"]:
logging.debug("Configuring load balancer")
iptables_change = True
if process_file in ["cmd_line.json", "monitor_service.json"]:
logging.debug("Configuring monitor service")
mon = CsMonitor("monitorservice", config)
mon.process()
# If iptable rules have changed, apply them.
if iptables_change:
acls = CsAcl('networkacl', config)
acls.process()
acls = CsAcl('firewallrules', config)
acls.process()
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
rvpn.process()
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
logging.debug("Configuring iptables rules")
nf = CsNetfilters()
nf.compare(config.get_fw())
logging.debug("Configuring iptables rules done ...saving rules")
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save",
"/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save",
"/etc/iptables/router_rules.v6")
red = CsRedundant(config)
red.set()
if process_file in ["cmd_line.json", "static_routes.json"]:
logging.debug("Configuring static routes")
static_routes = CsStaticRoutes("staticroutes", config)
static_routes.process()
def test_init(self):
csconfig = CsConfig()
csconfig.cmdline()
csip = CsIP("eth0", csconfig)
csapp = CsApp(csip)
self.assertTrue(csapp is not None)
import logging
from optparse import OptionParser
parser = OptionParser()
parser.add_option("-m", "--master",
action="store_true", default=False, dest="master",
help="Set router master")
parser.add_option("-b", "--backup",
action="store_true", default=False, dest="backup",
help="Set router backup")
parser.add_option("-f", "--fault",
action="store_true", default=False, dest="fault",
help="Notify Fault")
(options, args) = parser.parse_args()
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
config.cmdline()
cl = CsCmdLine("cmdline", config)
#Update the configuration to set state as backup and let keepalived decide who is the real Master
cl.set_master_state(False)
cl.save()
config.set_address()
red = CsRedundant(config)
if options.master:
red.set_master()
def main(argv):
# The file we are currently processing, if it is "cmd_line.json" everything will be processed.
process_file = argv[1]
if process_file is None:
logging.debug(
"No file was received, do not go on processing the other actions. Just leave for now."
)
return
json_type = os.path.basename(process_file).split('.json')[0]
# The "GLOBAL" Configuration object
config = CsConfig()
# Load stored ip addresses from disk to CsConfig()
config.set_address()
logging.debug("Configuring ip addresses")
config.address().compare()
config.address().process()
databag_map = OrderedDict([
("guest_network", {
"process_iptables": True,
"executor": []
}),
("vm_password", {
"process_iptables": False,
"executor": [CsPassword("vmpassword", config)]
}),
("vm_metadata", {
"process_iptables": False,
"executor": [CsVmMetadata('vmdata', config)]
}), ("network_acl", {
"process_iptables": True,
"executor": []
}), ("firewall_rules", {
"process_iptables": True,
"executor": []
}), ("forwarding_rules", {
"process_iptables": True,
"executor": []
}), ("staticnat_rules", {
"process_iptables": True,
"executor": []
}), ("site_2_site_vpn", {
"process_iptables": True,
"executor": []
}), ("remote_access_vpn", {
"process_iptables": True,
"executor": []
}),
("vpn_user_list", {
"process_iptables": False,
"executor": [CsVpnUser("vpnuserlist", config)]
}),
("vm_dhcp_entry", {
"process_iptables": False,
"executor": [CsDhcp("dhcpentry", config)]
}),
("dhcp", {
"process_iptables": False,
"executor": [CsDhcp("dhcpentry", config)]
}), ("load_balancer", {
"process_iptables": True,
"executor": []
}),
("monitor_service", {
"process_iptables": False,
"executor": [CsMonitor("monitorservice", config)]
}),
("static_routes", {
"process_iptables": False,
"executor": [CsStaticRoutes("staticroutes", config)]
})
])
def execDatabag(key, db):
if key not in db.keys() or 'executor' not in db[key]:
logging.warn(
"Unable to find config or executor(s) for the databag type %s"
% key)
return
for executor in db[key]['executor']:
logging.debug("Processing for databag type: %s" % key)
executor.process()
def execIptables(config):
logging.debug("Processing iptables rules")
iptables_executor = IpTablesExecutor(config)
iptables_executor.process()
if json_type == "cmd_line":
logging.debug(
"cmd_line.json changed. All other files will be processed as well."
)
for key in databag_map.keys():
execDatabag(key, databag_map)
execIptables(config)
elif json_type in databag_map.keys():
execDatabag(json_type, databag_map)
if databag_map[json_type]['process_iptables']:
execIptables(config)
else:
logging.warn(
"Unable to find and process databag for file: %s, for json type=%s"
% (process_file, json_type))
red = CsRedundant(config)
red.set()
return 0
def main(argv):
# The file we are currently processing, if it is "cmd_line.json" everything will be processed.
process_file = argv[1]
# process_file can be None, if so assume cmd_line.json
if process_file is None:
process_file = "cmd_line.json"
# Track if changes need to be committed to NetFilter
iptables_change = False
# The "GLOBAL" Configuration object
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
try:
# Load stored ip adresses from disk to CsConfig()
config.set_address()
logging.debug("Configuring ip addresses")
config.address().compare()
config.address().process()
#lllkkk ..................
if process_file in ["cmd_line.json", "sql_restart.json"]:
logging.debug("Configuring sqlrestart")
password = CsSqlRestart("sqlrestrt", config)
password.process()
if process_file in ["cmd_line.json", "sql_chport.json"]:
logging.debug("Configuring sqlport")
password = CsSqlPort("sqlport", config)
password.process()
if process_file in ["cmd_line.json", "sql_chpassword.json"]:
logging.debug("Configuring sqlpassword")
password = CsSqlPassword("sqlpassword", config)
password.process()
#lllkkk-------------------
if process_file in ["cmd_line.json", "guest_network.json"]:
logging.debug("Configuring Guest Network")
iptables_change = True
if process_file in ["cmd_line.json", "vm_password.json"]:
logging.debug("Configuring vmpassword")
password = CsPassword("vmpassword", config)
password.process()
if process_file in ["cmd_line.json", "vm_metadata.json"]:
logging.debug("Configuring vmdata")
metadata = CsVmMetadata('vmdata', config)
metadata.process()
if process_file in ["cmd_line.json", "network_acl.json"]:
logging.debug("Configuring networkacl")
iptables_change = True
if process_file in ["cmd_line.json", "firewall_rules.json"]:
logging.debug("Configuring firewall rules")
iptables_change = True
if process_file in ["cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"]:
logging.debug("Configuring PF rules")
iptables_change = True
if process_file in ["cmd_line.json", "site_2_site_vpn.json"]:
logging.debug("Configuring s2s vpn")
iptables_change = True
if process_file in ["cmd_line.json", "remote_access_vpn.json"]:
logging.debug("Configuring remote access vpn")
iptables_change = True
if process_file in ["cmd_line.json", "vpn_user_list.json"]:
logging.debug("Configuring vpn users list")
vpnuser = CsVpnUser("vpnuserlist", config)
vpnuser.process()
if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]:
logging.debug("Configuring dhcp entry")
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
if process_file in ["cmd_line.json", "load_balancer.json"]:
logging.debug("Configuring load balancer")
iptables_change = True
if process_file in ["cmd_line.json", "monitor_service.json"]:
logging.debug("Configuring monitor service")
mon = CsMonitor("monitorservice", config)
mon.process()
# If iptable rules have changed, apply them.
if iptables_change:
acls = CsAcl('networkacl', config)
acls.process()
acls = CsAcl('firewallrules', config)
acls.flushAllowAllEgressRules()
acls.process()
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
rvpn.process()
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
logging.debug("Configuring iptables rules")
nf = CsNetfilters()
nf.compare(config.get_fw())
# zhangxilei 20171117 update start ( Add static routing firewall to release static routing and subnet ) #
staticRoutesRules = "/etc/cloudstack/static_routes_rules.json"
logging.debug("xrstack - Read Configuring static routes rules file: %s" % staticRoutesRules)
if os.path.isfile(staticRoutesRules):
logging.debug("xrstack - Configuring static routes rules json file exist")
f = open(staticRoutesRules)
setting = json.load(f)
logging.debug("xrstack - Processing static routes rules json file id ==> %s " % setting['id'])
for item in setting['configs']:
if item['add']:
#iptables -A FORWARD -s 192.168.2.0/24 -d 192.168.3.0/24 -j ACCEPT
logging.debug("xrstack - Processing add static routes rules , subnet:router ==> [%s, %s]" % (item['tier'], item['router']))
command = "iptables -A FORWARD -s %s -d %s -j ACCEPT" % (item['tier'], item['router'])
CsHelper.execute(command)
else:
logging.debug("xrstack - Processing add static routes rules Json file add is false , subnet:router ==> [%s, %s]" % (item['tier'], item['router']))
else:
logging.debug("xrstack - Configuring static routes rules json file not exist")
# zhangxilei 20171117 update end ( Add static routing firewall to release static routing and subnet ) #
# zhangxilei 20171206 update start ( Set static NAT. First determine active NAT. If there is no. Add static NAT firewall rules ) #
forwardingrules = "/etc/cloudstack/forwardingrules.json"
logging.debug("xrstack - Read Configuring forwardingrules.json: %s" % forwardingrules)
if os.path.isfile(forwardingrules):
logging.debug("xrstack - Configuring static routes rules json file exist")
f = open(forwardingrules)
setting = json.load(f)
logging.debug("xrstack - Processing json file id ==> %s " % setting['id'])
for key,value in setting.items():
if len(value) and "public_ip" in value[0] and value[0].get("internal_ip") and value[0].get("type") == "staticnat":
logging.debug("xrstack - Processing add firewall rules internal_ip ==> %s" % value[0].get("internal_ip"))
command = "iptables -A FORWARD -s %s/32 ! -d %s/32 -j ACCEPT" % (value[0].get("internal_ip"), value[0].get("internal_ip"))
CsHelper.execute(command)
else:
logging.debug("xrstack - Processing add firewall rules Json, value = %s" % value)
else:
logging.debug("xrstack - Configuring forwardingrules.json file not exist")
# zhangxilei 20171206 update end ( Set static NAT. First determine active NAT. If there is no. Add static NAT firewall rules ) #
logging.debug("Configuring iptables rules done ...saving rules")
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
red = CsRedundant(config)
red.set()
if process_file in ["cmd_line.json", "static_routes.json"]:
logging.debug("Configuring static routes")
static_routes = CsStaticRoutes("staticroutes", config)
static_routes.process()
except Exception:
logging.exception("Exception while configuring router")
# This file is used by the tests to switch the redundancy status
import logging
from optparse import OptionParser
from cs.CsConfig import CsConfig
parser = OptionParser()
parser.add_option("-e", "--enable",
action="store_true", default=False, dest="enable",
help="Set router redundant")
parser.add_option("-d", "--disable",
action="store_true", default=False, dest="disable",
help="Set router non redundant")
(options, args) = parser.parse_args()
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
config.set_cl()
if options.enable:
config.get_cmdline().set_redundant("true")
if options.disable:
config.get_cmdline().set_redundant("false")
config.get_cmdline().save()
def setUp(self):
merge.DataBag.DPATH = "."
csconfig = CsConfig()
self.cmdline = CsCmdLine("cmdline", csconfig)
csconfig.cl = self.cmdline
self.csinterface = CsInterface({}, csconfig)
def main(argv):
# The file we are currently processing, if it is "cmd_line.json" everything will be processed.
process_file = argv[1]
if process_file is None:
logging.debug("No file was received, do not go on processing the other actions. Just leave for now.")
return
# The "GLOBAL" Configuration object
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
# Load stored ip addresses from disk to CsConfig()
config.set_address()
logging.debug("Configuring ip addresses")
config.address().compare()
config.address().process()
databag_map = OrderedDict([("guest_network.json", { "process_iptables": True, "executor": IpTablesExecutor(config) }),
("vm_metadata.json", { "process_iptables": False, "executor": CsVmMetadata('vmdata', config) }),
("network_acl.json", { "process_iptables": True, "executor": IpTablesExecutor(config) }),
("public_ip_acl.json", { "process_iptables": True, "executor": IpTablesExecutor(config) }),
("firewall_rules.json", { "process_iptables": True, "executor": IpTablesExecutor(config) }),
("forwarding_rules.json", { "process_iptables": True, "executor": IpTablesExecutor(config) }),
("staticnat_rules.json", { "process_iptables": True, "executor": IpTablesExecutor(config) }),
("site_2_site_vpn.json", { "process_iptables": True, "executor": IpTablesExecutor(config) }),
("remote_access_vpn.json", { "process_iptables": True, "executor": IpTablesExecutor(config) }),
("vpn_user_list.json", { "process_iptables": False, "executor": CsVpnUser("vpnuserlist", config) }),
("vm_dhcp_entry.json", { "process_iptables": False, "executor": CsDhcp("dhcpentry", config) }),
("dhcp.json", { "process_iptables": False, "executor": CsDhcp("dhcpentry", config) }),
("load_balancer.json", { "process_iptables": True, "executor": IpTablesExecutor(config) }),
("monitor_service.json", { "process_iptables": False, "executor": CsMonitor("monitorservice", config) }),
("static_routes.json", { "process_iptables": False, "executor": CsStaticRoutes("staticroutes", config) }),
("private_gateway.json", { "process_iptables": True, "executor": CsPrivateGateway("privategateway", config) })
])
if process_file.count("cmd_line.json") == OCCURRENCES:
logging.debug("cmd_line.json changed. All other files will be processed as well.")
while databag_map:
item = databag_map.popitem(last=False)
item_name = item[0]
item_dict = item[1]
if not item_dict["process_iptables"]:
executor = item_dict["executor"]
executor.process()
iptables_executor = IpTablesExecutor(config)
iptables_executor.process()
else:
while databag_map:
item = databag_map.popitem(last=False)
item_name = item[0]
item_dict = item[1]
if process_file.count(item_name) == OCCURRENCES:
executor = item_dict["executor"]
executor.process()
if item_dict["process_iptables"]:
iptables_executor = IpTablesExecutor(config)
iptables_executor.process()
break
red = CsRedundant(config)
red.set()
help="Set router master")
parser.add_option("-b",
"--backup",
action="store_true",
default=False,
dest="backup",
help="Set router backup")
parser.add_option("-f",
"--fault",
action="store_true",
default=False,
dest="fault",
help="Notify Fault")
(options, args) = parser.parse_args()
config = CsConfig()
logging.basicConfig(
level=logging.DEBUG,
format='%(asctime)s %(filename)s %(funcName)s:%(lineno)d %(message)s')
config.cmdline()
cl = CsCmdLine("cmdline", config)
# Update the configuration to set state as backup and let keepalived decide who the real Master is!
cl.set_master_state(False)
cl.save()
config.set_address()
red = CsRedundant(config)
if options.master:
red.set_master()
def test_ini(self):
csconfig = CsConfig()
self.assertTrue(csconfig is not None)
def setUp(self):
merge.DataBag.DPATH = "."
csconfig = CsConfig()
self.cmdline = CsCmdLine("cmdline", csconfig)
csconfig.cl = self.cmdline
self.csinterface = CsInterface({}, csconfig)
def main(argv):
# The file we are currently processing, if it is "cmd_line.json" everything will be processed.
process_file = argv[1]
if process_file is None:
logging.debug("No file was received, do not go on processing the other actions. Just leave for now.")
return
# Track if changes need to be committed to NetFilter
iptables_change = False
# The "GLOBAL" Configuration object
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
# Load stored ip adresses from disk to CsConfig()
config.set_address()
logging.debug("Configuring ip addresses")
config.address().compare()
config.address().process()
databag_map = OrderedDict([("guest_network.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}),
("vm_metadata.json", {"process_iptables" : False, "executor" : CsVmMetadata('vmdata', config)}),
("network_acl.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}),
("firewall_rules.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}),
("forwarding_rules.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}),
("staticnat_rules.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}),
("site_2_site_vpn.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}),
("remote_access_vpn.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}),
("vpn_user_list.json", {"process_iptables" : False, "executor" : CsVpnUser("vpnuserlist", config)}),
("vm_dhcp_entry.json", {"process_iptables" : False, "executor" : CsDhcp("dhcpentry", config)}),
("dhcp.json", {"process_iptables" : False, "executor" : CsDhcp("dhcpentry", config)}),
("load_balancer.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}),
("monitor_service.json", {"process_iptables" : False, "executor" : CsMonitor("monitorservice", config)}),
("static_routes.json", {"process_iptables" : False, "executor" : CsStaticRoutes("staticroutes", config)})
])
if process_file.count("cmd_line.json") == OCCURRENCES:
logging.debug("cmd_line.json changed. All other files will be processed as well.")
while databag_map:
item = databag_map.popitem(last = False)
item_name = item[0]
item_dict = item[1]
if not item_dict["process_iptables"]:
executor = item_dict["executor"]
executor.process()
iptables_executor = IpTablesExecutor(config)
iptables_executor.process()
else:
while databag_map:
item = databag_map.popitem(last = False)
item_name = item[0]
item_dict = item[1]
if process_file.count(item_name) == OCCURRENCES:
executor = item_dict["executor"]
executor.process()
if item_dict["process_iptables"]:
iptables_executor = IpTablesExecutor(config)
iptables_executor.process()
break
red = CsRedundant(config)
red.set()
parser = OptionParser()
parser.add_option("-e",
"--enable",
action="store_true",
default=False,
dest="enable",
help="Set router redundant")
parser.add_option("-d",
"--disable",
action="store_true",
default=False,
dest="disable",
help="Set router non redundant")
(options, args) = parser.parse_args()
config = CsConfig()
logging.basicConfig(
level=logging.DEBUG,
format='%(asctime)s %(filename)s %(funcName)s:%(lineno)d %(message)s')
config.set_cl()
if options.enable:
config.get_cmdline().set_redundant("true")
if options.disable:
config.get_cmdline().set_redundant("false")
config.get_cmdline().save()
def main(argv):
# The file we are currently processing, if it is "cmd_line.json" everything will be processed.
process_file = argv[1]
if process_file is None:
logging.debug("No file was received, do not go on processing the other actions. Just leave for now.")
return
json_type = os.path.basename(process_file).split('.json')[0]
# The "GLOBAL" Configuration object
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
# Load stored ip addresses from disk to CsConfig()
config.set_address()
logging.debug("Configuring ip addresses")
config.address().compare()
config.address().process()
databag_map = OrderedDict([("guest_network", {"process_iptables": True, "executor": []}),
("vm_password", {"process_iptables": False, "executor": [CsPassword("vmpassword", config)]}),
("vm_metadata", {"process_iptables": False, "executor": [CsVmMetadata('vmdata', config)]}),
("network_acl", {"process_iptables": True, "executor": []}),
("firewall_rules", {"process_iptables": True, "executor": []}),
("forwarding_rules", {"process_iptables": True, "executor": []}),
("staticnat_rules", {"process_iptables": True, "executor": []}),
("site_2_site_vpn", {"process_iptables": True, "executor": []}),
("remote_access_vpn", {"process_iptables": True, "executor": []}),
("vpn_user_list", {"process_iptables": False, "executor": [CsVpnUser("vpnuserlist", config)]}),
("vm_dhcp_entry", {"process_iptables": False, "executor": [CsDhcp("dhcpentry", config)]}),
("dhcp", {"process_iptables": False, "executor": [CsDhcp("dhcpentry", config)]}),
("load_balancer", {"process_iptables": True, "executor": []}),
("monitor_service", {"process_iptables": False, "executor": [CsMonitor("monitorservice", config)]}),
("static_routes", {"process_iptables": False, "executor": [CsStaticRoutes("staticroutes", config)]})
])
def execDatabag(key, db):
if key not in db.keys() or 'executor' not in db[key]:
logging.warn("Unable to find config or executor(s) for the databag type %s" % key)
return
for executor in db[key]['executor']:
logging.debug("Processing for databag type: %s" % key)
executor.process()
def execIptables(config):
logging.debug("Processing iptables rules")
iptables_executor = IpTablesExecutor(config)
iptables_executor.process()
if json_type == "cmd_line":
logging.debug("cmd_line.json changed. All other files will be processed as well.")
for key in databag_map.keys():
execDatabag(key, databag_map)
execIptables(config)
elif json_type in databag_map.keys():
execDatabag(json_type, databag_map)
if databag_map[json_type]['process_iptables']:
execIptables(config)
else:
logging.warn("Unable to find and process databag for file: %s, for json type=%s" % (process_file, json_type))
red = CsRedundant(config)
red.set()
return 0
def main(argv):
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
config.set_address()
logging.debug("Configuring ip addresses")
# IP configuration
config.address().compare()
config.address().process()
logging.debug("Configuring vmpassword")
password = CsPassword("vmpassword", config)
password.process()
logging.debug("Configuring vmdata")
metadata = CsVmMetadata('vmdata', config)
metadata.process()
logging.debug("Configuring networkacl")
acls = CsAcl('networkacl', config)
acls.process()
logging.debug("Configuring firewall rules")
acls = CsAcl('firewallrules', config)
acls.process()
logging.debug("Configuring PF rules")
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
red = CsRedundant(config)
red.set()
logging.debug("Configuring s2s vpn")
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
logging.debug("Configuring remote access vpn")
#remote access vpn
rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
rvpn.process()
logging.debug("Configuring vpn users list")
#remote access vpn users
vpnuser = CsVpnUser("vpnuserlist", config)
vpnuser.process()
logging.debug("Configuring dhcp entry")
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
logging.debug("Configuring load balancer")
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
logging.debug("Configuring monitor service")
mon = CsMonitor("monitorservice", config)
mon.process()
logging.debug("Configuring iptables rules .....")
nf = CsNetfilters()
nf.compare(config.get_fw())
logging.debug("Configuring iptables rules done ...saving rules")
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
def test_init(self):
csconfig = CsConfig()
csconfig.cmdline()
csip = CsIP("eth0", csconfig)
csapp = CsApp(csip)
self.assertTrue(csapp is not None)
import logging
from optparse import OptionParser
parser = OptionParser()
parser.add_option("-m", "--master",
action="store_true", default=False, dest="master",
help="Set router master")
parser.add_option("-b", "--backup",
action="store_true", default=False, dest="backup",
help="Set router backup")
parser.add_option("-f", "--fault",
action="store_true", default=False, dest="fault",
help="Notify Fault")
(options, args) = parser.parse_args()
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
config.cmdline()
cl = CsCmdLine("cmdline", config)
config.set_address()
red = CsRedundant(config)
if options.master:
red.set_master()
if options.backup:
red.set_backup()
# under the License.
# This file is used by the tests to switch the redundancy status
from cs.CsConfig import CsConfig
from optparse import OptionParser
import logging
parser = OptionParser()
parser.add_option("-e", "--enable",
action="store_true", default=False, dest="enable",
help="Set router redundant")
parser.add_option("-d", "--disable",
action="store_true", default=False, dest="disable",
help="Set router non redundant")
(options, args) = parser.parse_args()
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
config.set_cl()
if options.enable:
config.get_cmdline().set_redundant("true")
if options.disable:
config.get_cmdline().set_redundant("false")
config.get_cmdline().save()
def main(argv):
# The file we are currently processing, if it is "cmd_line.json" everything will be processed.
process_file = argv[1]
# process_file can be None, if so assume cmd_line.json
if process_file is None:
process_file = "cmd_line.json"
# Track if changes need to be committed to NetFilter
iptables_change = False
# The "GLOBAL" Configuration object
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
# Load stored ip adresses from disk to CsConfig()
config.set_address()
logging.debug("Configuring ip addresses")
config.address().compare()
config.address().process()
if process_file in ["cmd_line.json", "guest_network.json"]:
logging.debug("Configuring Guest Network")
iptables_change = True
if process_file in ["cmd_line.json", "vm_password.json"]:
logging.debug("Configuring vmpassword")
password = CsPassword("vmpassword", config)
password.process()
if process_file in ["cmd_line.json", "vm_metadata.json"]:
logging.debug("Configuring vmdata")
metadata = CsVmMetadata('vmdata', config)
metadata.process()
if process_file in ["cmd_line.json", "network_acl.json"]:
logging.debug("Configuring networkacl")
iptables_change = True
if process_file in ["cmd_line.json", "firewall_rules.json"]:
logging.debug("Configuring firewall rules")
iptables_change = True
if process_file in ["cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"]:
logging.debug("Configuring PF rules")
iptables_change = True
if process_file in ["cmd_line.json", "site_2_site_vpn.json"]:
logging.debug("Configuring s2s vpn")
iptables_change = True
if process_file in ["cmd_line.json", "remote_access_vpn.json"]:
logging.debug("Configuring remote access vpn")
iptables_change = True
if process_file in ["cmd_line.json", "vpn_user_list.json"]:
logging.debug("Configuring vpn users list")
vpnuser = CsVpnUser("vpnuserlist", config)
vpnuser.process()
if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]:
logging.debug("Configuring dhcp entry")
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
if process_file in ["cmd_line.json", "load_balancer.json"]:
logging.debug("Configuring load balancer")
iptables_change = True
if process_file in ["cmd_line.json", "monitor_service.json"]:
logging.debug("Configuring monitor service")
mon = CsMonitor("monitorservice", config)
mon.process()
# If iptable rules have changed, apply them.
if iptables_change:
acls = CsAcl('networkacl', config)
acls.process()
acls = CsAcl('firewallrules', config)
acls.process()
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
rvpn.process()
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
logging.debug("Configuring iptables rules")
nf = CsNetfilters()
nf.compare(config.get_fw())
logging.debug("Configuring iptables rules done ...saving rules")
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
red = CsRedundant(config)
red.set()
if process_file in ["cmd_line.json", "static_routes.json"]:
logging.debug("Configuring static routes")
static_routes = CsStaticRoutes("staticroutes", config)
static_routes.process()
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
import logging
from cs.CsConfig import CsConfig
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
