def process(self): if "config" not in self.dbag.keys(): return if 'configuration' not in self.dbag['config'][0].keys(): return config = self.dbag['config'][0]['configuration'] file1 = CsFile(HAPROXY_CONF_T) file1.empty() for x in config: [file1.append(w, -1) for w in x.split('\n')] file1.commit() file2 = CsFile(HAPROXY_CONF_P) if not file2.compare(file1): CsHelper.copy(HAPROXY_CONF_T, HAPROXY_CONF_P) proc = CsProcess(['/var/run/haproxy.pid']) if not proc.find(): logging.debug("CsLoadBalancer:: will restart HAproxy!") CsHelper.service("haproxy", "restart") else: logging.debug("CsLoadBalancer:: will reload HAproxy!") CsHelper.service("haproxy", "reload") add_rules = self.dbag['config'][0]['add_rules'] remove_rules = self.dbag['config'][0]['remove_rules'] stat_rules = self.dbag['config'][0]['stat_rules'] self._configure_firewall(add_rules, remove_rules, stat_rules)
def setup(self): self.remove_legacy_apache_config_files() CsHelper.copy_if_needed( "/etc/apache2/vhost.template", "/etc/apache2/sites-enabled/vhost-%s.conf" % self.ip) file = CsFile("/etc/apache2/sites-enabled/vhost-%s.conf" % (self.ip)) file.search("<VirtualHost.*:80>", "\t<VirtualHost %s:80>" % (self.ip)) file.search("<VirtualHost.*:443>", "\t<VirtualHost %s:443>" % (self.ip)) file.search("Listen .*:80", "Listen %s:80" % (self.ip)) file.search("Listen .*:443", "Listen %s:443" % (self.ip)) file.search("NameVirtualHost .*:80", "NameVirtualHost %s:80" % (self.ip)) file.search( "ServerName.*", "\tServerName %s.%s" % (self.config.cl.get_type(), self.config.get_domain())) if file.is_changed(): file.commit() CsHelper.service("apache2", "restart") self.fw.append([ "", "front", "-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 80 -j ACCEPT" % (self.dev, self.ip) ]) self.fw.append([ "", "front", "-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 443 -j ACCEPT" % (self.dev, self.ip) ])
def process(self): self.hosts = {} self.changed = [] self.devinfo = CsHelper.get_device_info() self.preseed() self.cloud = CsFile(DHCP_HOSTS) self.conf = CsFile(CLOUD_CONF) self.cloud.repopulate() for item in self.dbag: if item == "id": continue self.add(self.dbag[item]) self.write_hosts() if self.cloud.is_changed(): self.delete_leases() self.configure_server() self.conf.commit() self.cloud.commit() # We restart DNSMASQ every time the configure.py is called in order to avoid lease problems. if not self.cl.is_redundant() or self.cl.is_master(): CsHelper.service("dnsmasq", "restart")
def _redundant_off(self): CsHelper.service("conntrackd", "stop") CsHelper.service("keepalived", "stop") CsHelper.umount_tmpfs(self.CS_RAMDISK_DIR) CsHelper.rmdir(self.CS_RAMDISK_DIR) CsHelper.rm(self.CONNTRACKD_CONF) CsHelper.rm(self.KEEPALIVED_CONF)
def process(self): self.hosts = {} self.changed = [] self.devinfo = CsHelper.get_device_info() self.preseed() self.cloud = CsFile(DHCP_HOSTS) self.dhcp_opts = CsFile(DHCP_OPTS) self.conf = CsFile(CLOUD_CONF) self.cloud.repopulate() self.dhcp_opts.repopulate() for item in self.dbag: if item == "id": continue self.add(self.dbag[item]) self.write_hosts() if self.cloud.is_changed(): self.delete_leases() self.configure_server() restart_dnsmasq = self.conf.commit() self.cloud.commit() self.dhcp_opts.commit() if not self.cl.is_redundant() or self.cl.is_master(): if restart_dnsmasq: CsHelper.service("dnsmasq", "restart") else: CsHelper.start_if_stopped("dnsmasq") CsHelper.service("dnsmasq", "reload")
def _enable_radvd(self, dev): """ Setup radvd for primary VR """ if dev == '': return CsHelper.service("radvd", "enable") CsHelper.start_if_stopped("radvd")
def _disable_radvd(self, dev): """ Disable radvd for non-primary VR """ if dev == '': return CsHelper.service("radvd", "stop") CsHelper.service("radvd", "disable") logging.info(CsHelper.execute("systemctl status radvd"))
def process(self): if "config" not in self.dbag.keys(): return if 'configuration' not in self.dbag['config'][0].keys(): return config = self.dbag['config'][0]['configuration'] file1 = CsFile(HAPROXY_CONF_T) file2 = CsFile(HAPROXY_CONF_P) file1.empty() for x in config: [file1.append(w, -1) for w in x.split('\n')] if not file2.compare(file1): file1.commit() shutil.copy2(HAPROXY_CONF_T, HAPROXY_CONF_P) CsHelper.service("haproxy", "restart")
def setup(self): CsHelper.copy_if_needed("/etc/apache2/vhostexample.conf", "/etc/apache2/conf.d/vhost%s.conf" % self.dev) file = CsFile("/etc/apache2/conf.d/vhost%s.conf" % (self.dev)) file.search("<VirtualHost.*:80>", "\t<VirtualHost %s:80>" % (self.ip)) file.search("<VirtualHost.*:80>", "\t<VirtualHost %s:80>" % (self.ip)) file.search("<VirtualHost.*:443>", "\t<VirtualHost %s:443>" % (self.ip)) file.search("Listen .*:80", "Listen %s:80" % (self.ip)) file.search("Listen .*:443", "Listen %s:443" % (self.ip)) file.search("ServerName.*", "\tServerName vhost%s.cloudinternal.com" % (self.dev)) if file.is_changed(): file.commit() CsHelper.service("apache2", "restart") self.fw.append(["", "front", "-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 80 -j ACCEPT" % (self.dev, self.ip) ])
def setup(self): CsHelper.copy_if_needed("/etc/apache2/vhostexample.conf", "/etc/apache2/conf.d/vhost%s.conf" % self.dev) file = CsFile("/etc/apache2/conf.d/vhost%s.conf" % (self.dev)) file.search("<VirtualHost.*:80>", "\t<VirtualHost %s:80>" % (self.ip)) file.search("<VirtualHost.*:80>", "\t<VirtualHost %s:80>" % (self.ip)) file.search("<VirtualHost.*:443>", "\t<VirtualHost %s:443>" % (self.ip)) file.search("Listen .*:80", "Listen %s:80" % (self.ip)) file.search("Listen .*:443", "Listen %s:443" % (self.ip)) file.search("ServerName.*", "\tServerName vhost%s.cloudinternal.com" % (self.dev)) file.commit() if file.is_changed(): CsHelper.service("apache2", "restart") self.fw.append(["", "front", "-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 80 -j ACCEPT" % (self.dev, self.ip) ])
def process(self): logging.debug("Processing CsVpcGuestNetwork") self.conf = CsFile(RADVD_CONF_NEW) self.conf.empty() for item in self.dbag: if item == "id": continue for address in self.dbag[item]: if address['add']: self.add_address_route(address) self.add_radvd_conf(address) else: self.remove_address_route(address) self.conf.commit() file = CsFile(RADVD_CONF) if not file.compare(self.conf): CsHelper.copy(RADVD_CONF_NEW, RADVD_CONF) logging.debug("CsVpcGuestNetwork:: will restart radvd !") CsHelper.service("radvd", "restart")
def set_master(self): """ Set the current router to master """ if not self.cl.is_redundant(): logging.error("Set master called on non-redundant router") return """ if self.cl.is_master(): logging.error("Set master called on master node") return """ s = self.set_lock() logging.debug("Setting router to master") ads = [o for o in self.address.get_ips() if o.is_public()] for o in ads: # cmd2 = "ip link set %s up" % self.getDevice() CsHelper.execute("ifconfig %s down" % o.get_device()) CsHelper.execute("ifconfig %s up" % o.get_device()) CsHelper.execute("arping -I %s -A %s -c 1" % (o.get_device(), o.get_ip())) # FIXME Need to add in the default routes but I am unsure what the gateway is # ip route add default via $gw table Table_$dev proto static cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -c" % cmd) CsHelper.execute("%s -f" % cmd) CsHelper.execute("%s -R" % cmd) CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") ads = [o for o in self.address.get_ips() if o.needs_vrrp()] for o in ads: pwdsvc = CsPasswdSvc(o.get_gateway()).restart() CsHelper.service("dnsmasq", "restart") self.cl.set_master_state(True) self.cl.save() logging.info("Router switched to master mode")
def set_backup(self): """ Set the current router to backup """ if not self.cl.is_redundant(): logging.error("Set backup called on non-redundant router") return self.set_lock() logging.debug("Setting router to backup") dev = '' ips = [ip for ip in self.address.get_ips() if ip.is_public()] for ip in ips: if dev == ip.get_device(): continue logging.info("Bringing public interface %s down" % ip.get_device()) cmd2 = "ip link set %s down" % ip.get_device() CsHelper.execute(cmd2) dev = ip.get_device() cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -d" % cmd) CsHelper.service("ipsec", "stop") CsHelper.service("xl2tpd", "stop") ips = [ip for ip in self.address.get_ips() if ip.needs_vrrp()] for ip in ips: CsPasswdSvc(ip.get_gateway()).stop() CsHelper.service("dnsmasq", "stop") self.cl.set_master_state(False) self.cl.save() self.release_lock() logging.info("Router switched to backup mode")
def set_fault(self): """ Set fault mode on this router """ if not self.cl.is_redundant(): logging.error("Set fault called on non-redundant router") return self.set_lock() logging.info("Router switched to fault mode") ips = [ip for ip in self.address.get_ips() if ip.is_public()] for ip in ips: CsHelper.execute("ifconfig %s down" % ip.get_device()) cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -s" % cmd) CsHelper.service("ipsec", "stop") CsHelper.service("xl2tpd", "stop") CsHelper.service("dnsmasq", "stop") ips = [ip for ip in self.address.get_ips() if ip.needs_vrrp()] for ip in ips: CsPasswdSvc(ip.get_gateway()).stop() self.cl.set_fault_state() self.cl.save() self.release_lock() logging.info("Router switched to fault mode")
def set_master(self): """ Set the current router to master """ if not self.cl.is_redundant(): logging.error("Set master called on non-redundant router") return self.set_lock() logging.debug("Setting router to master") self.address.process() logging.info("added default routes") # ip route add default via $gw table Table_$dev proto static cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -c" % cmd) CsHelper.execute("%s -f" % cmd) CsHelper.execute("%s -R" % cmd) CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") ads = [o for o in self.address.get_ips() if o.needs_vrrp()] for o in ads: CsPasswdSvc(o.get_gateway()).restart() CsHelper.service("dnsmasq", "restart") self.cl.set_master_state(True) self.cl.save() self.release_lock() logging.info("Router switched to master mode")
def set_backup(self): """ Set the current router to backup """ if not self.cl.is_redundant(): logging.error("Set backup called on non-redundant router") return """ if not self.cl.is_master(): logging.error("Set backup called on node that is already backup") return """ self.set_lock() logging.debug("Setting router to backup") ads = [o for o in self.address.get_ips() if o.is_public()] dev = '' for o in ads: if dev == o.get_device(): continue logging.info("Bringing public interface %s down" % o.get_device()) cmd2 = "ip link set %s up" % o.get_device() CsHelper.execute(cmd2) dev = o.get_device() cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -d" % cmd) CsHelper.service("ipsec", "stop") CsHelper.service("xl2tpd", "stop") ads = [o for o in self.address.get_ips() if o.needs_vrrp()] for o in ads: CsPasswdSvc(o.get_gateway()).stop() CsHelper.service("dnsmasq", "stop") # self._set_priority(self.CS_PRIO_DOWN) self.cl.set_master_state(False) self.cl.save() self.release_lock() logging.info("Router switched to backup mode")
def process(self): self.hosts = {} self.changed = [] self.devinfo = CsHelper.get_device_info() self.preseed() self.cloud = CsFile(DHCP_HOSTS) self.conf = CsFile(CLOUD_CONF) length = len(self.conf) for item in self.dbag: if item == "id": continue self.add(self.dbag[item]) self.write_hosts() if self.cloud.is_changed(): self.delete_leases() self.configure_server() self.conf.commit() self.cloud.commit() if self.conf.is_changed(): CsHelper.service("dnsmasq", "restart") elif self.cloud.is_changed(): CsHelper.hup_dnsmasq("dnsmasq", "dnsmasq")
def process(self): self.hosts = {} self.changed = [] self.devinfo = CsHelper.get_device_info() self.preseed() self.cloud = CsFile(DHCP_HOSTS) self.dhcp_opts = CsFile(DHCP_OPTS) self.conf = CsFile(CLOUD_CONF) self.cloud.repopulate() self.dhcp_opts.repopulate() for item in self.dbag: if item == "id": continue self.add(self.dbag[item]) self.write_hosts() self.configure_server() restart_dnsmasq = False if self.conf.commit(): restart_dnsmasq = True if self.cloud.commit(): restart_dnsmasq = True self.dhcp_opts.commit() if restart_dnsmasq: self.delete_leases() if not self.cl.is_redundant() or self.cl.is_master(): if restart_dnsmasq: CsHelper.service("dnsmasq", "restart") else: CsHelper.start_if_stopped("dnsmasq") CsHelper.service("dnsmasq", "reload")
def set_backup(self): """ Set the current router to backup """ if not self.cl.is_redundant(): logging.error("Set backup called on non-redundant router") return self.set_lock() logging.debug("Setting router to backup") dev = '' interfaces = [ interface for interface in self.address.get_interfaces() if interface.is_public() ] for interface in interfaces: if dev == interface.get_device(): continue logging.info("Bringing public interface %s down" % interface.get_device()) cmd2 = "ip link set %s down" % interface.get_device() CsHelper.execute(cmd2) dev = interface.get_device() self._remove_ipv6_guest_gateway() CsHelper.service("conntrackd", "restart") CsHelper.service("ipsec", "stop") CsHelper.service("xl2tpd", "stop") interfaces = [ interface for interface in self.address.get_interfaces() if interface.needs_vrrp() ] for interface in interfaces: CsPasswdSvc(interface.get_gateway() + "," + interface.get_ip()).stop() CsHelper.service("dnsmasq", "stop") self.cl.set_primary_state(False) self.cl.save() self.release_lock() interfaces = [ interface for interface in self.address.get_interfaces() if interface.is_public() ] CsHelper.reconfigure_interfaces(self.cl, interfaces) logging.info("Router switched to backup mode")
def setup(self): CsHelper.copy_if_needed("/etc/apache2/vhost.template", "/etc/apache2/sites-enabled/vhost-%s.conf" % self.ip) file = CsFile("/etc/apache2/sites-enabled/vhost-%s.conf" % (self.ip)) file.search("<VirtualHost.*:80>", "\t<VirtualHost %s:80>" % (self.ip)) file.search("<VirtualHost.*:443>", "\t<VirtualHost %s:443>" % (self.ip)) file.search("Listen .*:80", "Listen %s:80" % (self.ip)) file.search("Listen .*:443", "Listen %s:443" % (self.ip)) file.search("ServerName.*", "\tServerName %s.%s" % (self.config.cl.get_type(), self.config.get_domain())) if file.is_changed(): file.commit() CsHelper.service("apache2", "restart") self.fw.append([ "", "front", "-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 80 -j ACCEPT" % (self.dev, self.ip) ]) self.fw.append([ "", "front", "-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 443 -j ACCEPT" % (self.dev, self.ip) ])
def set_master(self): """ Set the current router to master """ if not self.cl.is_redundant(): logging.error("Set master called on non-redundant router") return self.set_lock() logging.debug("Setting router to master") dev = '' interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] route = CsRoute() for interface in interfaces: if dev == interface.get_device(): continue dev = interface.get_device() logging.info("Will proceed configuring device ==> %s" % dev) cmd = "ip link set %s up" % dev if CsDevice(dev, self.config).waitfordevice(): CsHelper.execute(cmd) logging.info("Bringing public interface %s up" % dev) try: gateway = interface.get_gateway() logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev)) if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]: route.add_defaultroute(gateway) except: logging.error("ERROR getting gateway from device %s" % dev) else: logging.error("Device %s was not ready could not bring it up" % dev) logging.debug("Configuring static routes") static_routes = CsStaticRoutes("staticroutes", self.config) static_routes.process() cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -c" % cmd) CsHelper.execute("%s -f" % cmd) CsHelper.execute("%s -R" % cmd) CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()] for interface in interfaces: # Listen on local ip address, as cloud-init uses the 'dhcp-server-identifier' address, # which unfortunately is not the gateway address. CsPasswdSvc(interface.get_ip()).start() CsHelper.service("dnsmasq", "restart") self.cl.set_master_state(True) self.cl.save() self.release_lock() interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] CsHelper.reconfigure_interfaces(self.cl, interfaces) logging.info("Router switched to master mode")
def set_master(self): """ Set the current router to master """ if not self.cl.is_redundant(): logging.error("Set master called on non-redundant router") return self.set_lock() logging.debug("Setting router to master") dev = '' interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] route = CsRoute() for interface in interfaces: if dev == interface.get_device(): continue dev = interface.get_device() logging.info("Will proceed configuring device ==> %s" % dev) cmd = "ip link set %s up" % dev if CsDevice(dev, self.config).waitfordevice(): CsHelper.execute(cmd) logging.info("Bringing public interface %s up" % dev) try: gateway = interface.get_gateway() logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev)) if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]: route.add_defaultroute(gateway) except Exception: logging.error("ERROR getting gateway from device %s" % dev) else: logging.error("Device %s was not ready could not bring it up" % dev) logging.debug("Configuring static routes") static_routes = CsStaticRoutes("staticroutes", self.config) static_routes.process() cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -c" % cmd) CsHelper.execute("%s -f" % cmd) CsHelper.execute("%s -R" % cmd) CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()] for interface in interfaces: CsPasswdSvc(interface.get_ip()).restart() CsPasswdSvc(interface.get_gateway()).restart() CsHelper.service("dnsmasq", "restart") self.cl.set_master_state(True) self.cl.save() self.release_lock() interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] CsHelper.reconfigure_interfaces(self.cl, interfaces) logging.info("Router switched to master mode")
def set_master(self): """ Set the current router to master """ if not self.cl.is_redundant(): logging.error("Set master called on non-redundant router") return self.set_lock() logging.debug("Setting router to master") ads = [o for o in self.address.get_ips() if o.is_public()] dev = '' route = CsRoute() for o in ads: if dev == o.get_device(): continue dev = o.get_device() logging.info("Will proceed configuring device ==> %s" % dev) cmd2 = "ip link set %s up" % dev if CsDevice(dev, self.config).waitfordevice(): CsHelper.execute(cmd2) logging.info("Bringing public interface %s up" % dev) try: gateway = o.get_gateway() logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev)) route.add_defaultroute(gateway) except: logging.error("ERROR getting gateway from device %s" % dev) else: logging.error("Device %s was not ready could not bring it up" % dev) # ip route add default via $gw table Table_$dev proto static cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -c" % cmd) CsHelper.execute("%s -f" % cmd) CsHelper.execute("%s -R" % cmd) CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") ads = [o for o in self.address.get_ips() if o.needs_vrrp()] for o in ads: CsPasswdSvc(o.get_gateway()).restart() CsHelper.service("dnsmasq", "restart") self.cl.set_master_state(True) self.cl.save() self.release_lock() logging.info("Router switched to master mode")
def set_fault(self): """ Set fault mode on this router """ if not self.cl.is_redundant(): logging.error("Set fault called on non-redundant router") return self.set_lock() logging.info("Router switched to fault mode") interfaces = [ interface for interface in self.address.get_interfaces() if interface.is_public() or interface.is_privategateway() ] for interface in interfaces: CsHelper.execute("ifconfig %s down" % interface.get_device()) cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -s" % cmd) CsHelper.service("strongswan", "stop") CsHelper.service("xl2tpd", "stop") CsHelper.service("dnsmasq", "stop") interfaces = [ interface for interface in self.address.get_interfaces() if interface.needs_vrrp() ] for interface in interfaces: CsPasswordService(interface.get_ip()).stop() self.cl.set_fault_state() self.cl.save() self.release_lock() logging.info("Router switched to fault mode") interfaces = [ interface for interface in self.address.get_interfaces() if interface.is_privategateway() ] CsHelper.reconfigure_interfaces(self.cl, interfaces)
def setup(self): vhost = """ server { listen %s:80; listen %s:443 ssl; server_name _; root /var/www/html; autoindex off; location /latest/user-data { rewrite ^/latest/user-data/?$ /userdata/$remote_addr/user-data break; rewrite ^/latest/user-data$ /userdata/$remote_addr/user-data break; } location /latest/meta-data { rewrite ^/latest/meta-data/?$ /metadata/$remote_addr/meta-data break; rewrite ^/latest/meta-data/(.+[^/])/?$ /metadata/$remote_addr/$1 break; rewrite ^/latest/meta-data/(.+)$ /metadata/$remote_addr/$1 break; rewrite ^/latest/meta-data/$ /metadata/$remote_addr/meta-data break; } location /latest/availability-zone { rewrite ^/latest/availability-zone/?$ /metadata/$remote_addr/availability-zone break; rewrite ^/latest/availability-zone$ /metadata/$remote_addr/availability-zone break; } location /latest/cloud-identifier { rewrite ^/latest/cloud-identifier/?$ /metadata/$remote_addr/cloud-identifier break; rewrite ^/latest/cloud-identifier$ /metadata/$remote_addr/cloud-identifier break; } location /latest/instance-id { rewrite ^/latest/instance-id/?$ /metadata/$remote_addr/instance-id break; rewrite ^/latest/instance-id$ /metadata/$remote_addr/instance-id break; } location /latest/local-hostname { rewrite ^/latest/local-hostname/?$ /metadata/$remote_addr/local-hostname break; rewrite ^/latest/local-hostname$ /metadata/$remote_addr/local-hostname break; } location /latest/local-ipv4 { rewrite ^/latest/local-ipv4/?$ /metadata/$remote_addr/local-ipv4 break; rewrite ^/latest/local-ipv4$ /metadata/$remote_addr/local-ipv4 break; } location /latest/public-hostname { rewrite ^/latest/public-hostname/?$ /metadata/$remote_addr/public-hostname break; rewrite ^/latest/public-hostname$ /metadata/$remote_addr/public-hostname break; } location /latest/public-ipv4 { rewrite ^/latest/public-ipv4/?$ /metadata/$remote_addr/public-ipv4 break; rewrite ^/latest/public-ipv4$ /metadata/$remote_addr/public-ipv4 break; } location /latest/public-keys { rewrite ^/latest/public-keys/?$ /metadata/$remote_addr/public-keys break; rewrite ^/latest/public-keys$ /metadata/$remote_addr/public-keys break; } location /latest/service-offering { rewrite ^/latest/service-offering/?$ /metadata/$remote_addr/service-offering break; rewrite ^/latest/service-offering$ /metadata/$remote_addr/service-offering break; } location /latest/vm-id { rewrite ^/latest/vm-id/?$ /metadata/$remote_addr/vm-id break; rewrite ^/latest/vm-id$ /metadata/$remote_addr/vm-id break; } location /(userdata|metadata)/$remote_addr { autoindex off; } } """ % (self.ip, self.ip) filename = "/etc/nginx/conf.d/vhost-%s.conf" % (self.ip) with open(filename, 'w') as f: f.write(vhost) CsHelper.service("nginx", "start") CsHelper.service("nginx", "reload") self.fw.append([ "", "front", "-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 80 -j ACCEPT" % (self.dev, self.ip) ]) self.fw.append([ "", "front", "-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 443 -j ACCEPT" % (self.dev, self.ip) ])
def _redundant_on(self): guest = self.address.get_guest_if() # No redundancy if there is no guest network if self.cl.is_master() or guest is None: for obj in [o for o in self.address.get_ips() if o.is_public()]: self.check_is_up(obj.get_device()) if guest is None: self._redundant_off() return CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False) CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR) CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False) for s in self.CS_TEMPLATES: d = s if s.endswith(".templ"): d = s.replace(".templ", "") CsHelper.copy_if_needed( "%s/%s" % (self.CS_TEMPLATES_DIR, s), "%s/%s" % (self.CS_ROUTER_DIR, d)) CsHelper.copy( "%s/%s" % (self.CS_TEMPLATES_DIR, "keepalived.conf.templ"), self.KEEPALIVED_CONF) CsHelper.copy_if_needed( "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ"), self.CONNTRACKD_CONF) CsHelper.copy_if_needed( "%s/%s" % (self.CS_TEMPLATES_DIR, "checkrouter.sh.templ"), "/opt/cloud/bin/checkrouter.sh") CsHelper.execute( 'sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived') # checkrouter.sh configuration check_router = CsFile("/opt/cloud/bin/checkrouter.sh") check_router.greplace("[RROUTER_LOG]", self.RROUTER_LOG) check_router.commit() # keepalived configuration keepalived_conf = CsFile(self.KEEPALIVED_CONF) keepalived_conf.search( " router_id ", " router_id %s" % self.cl.get_name()) keepalived_conf.search( " interface ", " interface %s" % guest.get_device()) keepalived_conf.search( " virtual_router_id ", " virtual_router_id %s" % self.cl.get_router_id()) keepalived_conf.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR) keepalived_conf.section("authentication {", "}", [ " auth_type AH \n", " auth_pass %s\n" % self.cl.get_router_password()]) keepalived_conf.section( "virtual_ipaddress {", "}", self._collect_ips()) keepalived_conf.commit() # conntrackd configuration connt = CsFile(self.CONNTRACKD_CONF) if guest is not None: connt.section("Multicast {", "}", [ "IPv4_address 225.0.0.50\n", "Group 3780\n", "IPv4_interface %s\n" % guest.get_ip(), "Interface %s\n" % guest.get_device(), "SndSocketBuffer 1249280\n", "RcvSocketBuffer 1249280\n", "Checksum on\n"]) connt.section("Address Ignore {", "}", self._collect_ignore_ips()) connt.commit() if connt.is_changed(): CsHelper.service("conntrackd", "restart") # Configure heartbeat cron job - runs every 30 seconds heartbeat_cron = CsFile("/etc/cron.d/heartbeat") heartbeat_cron.add("SHELL=/bin/bash", 0) heartbeat_cron.add( "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1) heartbeat_cron.add( "* * * * * root $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1) heartbeat_cron.add( "* * * * * root sleep 30; $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1) heartbeat_cron.commit() # Configure KeepaliveD cron job - runs at every reboot keepalived_cron = CsFile("/etc/cron.d/keepalived") keepalived_cron.add("SHELL=/bin/bash", 0) keepalived_cron.add( "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1) keepalived_cron.add("@reboot root service keepalived start", -1) keepalived_cron.commit() # Configure ConntrackD cron job - runs at every reboot conntrackd_cron = CsFile("/etc/cron.d/conntrackd") conntrackd_cron.add("SHELL=/bin/bash", 0) conntrackd_cron.add( "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1) conntrackd_cron.add("@reboot root service conntrackd start", -1) conntrackd_cron.commit() proc = CsProcess(['/usr/sbin/keepalived', '--vrrp']) if not proc.find() or keepalived_conf.is_changed(): CsHelper.service("keepalived", "restart")
def stop(self): CsHelper.service("cosmic-password-server@%s" % self.ip, "stop")
def restart(self): CsHelper.service("cosmic-password-server@%s" % self.ip, "restart")
def _redundant_on(self): guest = self.address.get_guest_if() # No redundancy if there is no guest network if guest is None: self._redundant_off() return interfaces = [interface for interface in self.address.get_ips() if interface.is_guest()] isDeviceReady = False dev = '' for interface in interfaces: if dev == interface.get_device(): continue dev = interface.get_device() logging.info("Wait for devices to be configured so we can start keepalived") devConfigured = CsDevice(dev, self.config).waitfordevice() if devConfigured: command = "ip link show %s | grep 'state UP'" % dev devUp = CsHelper.execute(command) if devUp: logging.info("Device %s is present, let's start keepalive now." % dev) isDeviceReady = True if not isDeviceReady: logging.info("Guest network not configured yet, let's stop router redundancy for now.") CsHelper.service("conntrackd", "stop") CsHelper.service("keepalived", "stop") return CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False) CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR) CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False) for s in self.CS_TEMPLATES: d = s if s.endswith(".templ"): d = s.replace(".templ", "") CsHelper.copy_if_needed( "%s/%s" % (self.CS_TEMPLATES_DIR, s), "%s/%s" % (self.CS_ROUTER_DIR, d)) CsHelper.copy_if_needed( "%s/%s" % (self.CS_TEMPLATES_DIR, "keepalived.conf.templ"), self.KEEPALIVED_CONF) CsHelper.copy_if_needed( "%s/%s" % (self.CS_TEMPLATES_DIR, "checkrouter.sh.templ"), "/opt/cloud/bin/checkrouter.sh") CsHelper.execute( 'sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived') # checkrouter.sh configuration check_router = CsFile("/opt/cloud/bin/checkrouter.sh") check_router.greplace("[RROUTER_LOG]", self.RROUTER_LOG) check_router.commit() # keepalived configuration keepalived_conf = CsFile(self.KEEPALIVED_CONF) keepalived_conf.search( " router_id ", " router_id %s" % self.cl.get_name()) keepalived_conf.search( " interface ", " interface %s" % guest.get_device()) keepalived_conf.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR) keepalived_conf.section("authentication {", "}", [ " auth_type AH \n", " auth_pass %s\n" % self.cl.get_router_password()]) keepalived_conf.section( "virtual_ipaddress {", "}", self._collect_ips()) # conntrackd configuration conntrackd_template_conf = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ") conntrackd_temp_bkp = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ.bkp") CsHelper.copy(conntrackd_template_conf, conntrackd_temp_bkp) conntrackd_tmpl = CsFile(conntrackd_template_conf) conntrackd_tmpl.section("Multicast {", "}", [ "IPv4_address 225.0.0.50\n", "Group 3780\n", "IPv4_interface %s\n" % guest.get_ip(), "Interface %s\n" % guest.get_device(), "SndSocketBuffer 1249280\n", "RcvSocketBuffer 1249280\n", "Checksum on\n"]) conntrackd_tmpl.section("Address Ignore {", "}", self._collect_ignore_ips()) conntrackd_tmpl.commit() conntrackd_conf = CsFile(self.CONNTRACKD_CONF) is_equals = conntrackd_tmpl.compare(conntrackd_conf) proc = CsProcess(['/etc/conntrackd/conntrackd.conf']) if not proc.find() or not is_equals: CsHelper.copy(conntrackd_template_conf, self.CONNTRACKD_CONF) CsHelper.service("conntrackd", "restart") # Restore the template file and remove the backup. CsHelper.copy(conntrackd_temp_bkp, conntrackd_template_conf) CsHelper.execute("rm -rf %s" % conntrackd_temp_bkp) # Configure heartbeat cron job - runs every 30 seconds heartbeat_cron = CsFile("/etc/cron.d/heartbeat") heartbeat_cron.add("SHELL=/bin/bash", 0) heartbeat_cron.add( "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1) heartbeat_cron.add( "* * * * * root $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1) heartbeat_cron.add( "* * * * * root sleep 30; $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1) heartbeat_cron.commit() proc = CsProcess(['/usr/sbin/keepalived']) if not proc.find() or keepalived_conf.is_changed(): keepalived_conf.commit() CsHelper.service("keepalived", "restart")
def _redundant_on(self): guest = self.address.get_guest_if() # No redundancy if there is no guest network if self.cl.is_master() or guest is None: for obj in [o for o in self.address.get_ips() if o.is_public()]: self.check_is_up(obj.get_device()) if guest is None: self._redundant_off() return CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False) CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR) CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False) for s in self.CS_TEMPLATES: d = s if s.endswith(".templ"): d = s.replace(".templ", "") CsHelper.copy_if_needed("%s/%s" % (self.CS_TEMPLATES_DIR, s), "%s/%s" % (self.CS_ROUTER_DIR, d)) CsHelper.copy_if_needed("%s/%s" % (self.CS_TEMPLATES_DIR, "keepalived.conf.templ"), self.KEEPALIVED_CONF) CsHelper.copy_if_needed("%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ"), self.CONNTRACKD_CONF) CsHelper.copy_if_needed("%s/%s" % (self.CS_TEMPLATES_DIR, "checkrouter.sh.templ"), "/opt/cloud/bin/checkrouter.sh") CsHelper.execute('sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived') # checkrouter.sh configuration file = CsFile("/opt/cloud/bin/checkrouter.sh") file.greplace("[RROUTER_LOG]", self.RROUTER_LOG) file.commit() # keepalived configuration file = CsFile(self.KEEPALIVED_CONF) ads = [o for o in self.address.get_ips() if o.is_public()] # Add a comment for each public IP. If any change this will cause keepalived to restart # As things stand keepalived will be configured before the IP is added or deleted i = 0 for o in ads: file.addeq("! %s=%s" % (i, o.get_cidr())) i = i + 1 file.search(" router_id ", " router_id %s" % self.cl.get_name()) file.search(" priority ", " priority %s" % self.cl.get_priority()) file.search(" interface ", " interface %s" % guest.get_device()) file.search(" state ", " state %s" % "EQUAL") file.search(" virtual_router_id ", " virtual_router_id %s" % self.cl.get_router_id()) file.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR) file.section("authentication {", "}", [" auth_type AH \n", " auth_pass %s\n" % self.cl.get_router_password()]) file.section("virtual_ipaddress {", "}", self._collect_ips()) file.commit() # conntrackd configuration connt = CsFile(self.CONNTRACKD_CONF) if guest is not None: connt.section("Multicast {", "}", [ "IPv4_address 225.0.0.50\n", "Group 3780\n", "IPv4_interface %s\n" % guest.get_ip(), "Interface %s\n" % guest.get_device(), "SndSocketBuffer 1249280\n", "RcvSocketBuffer 1249280\n", "Checksum on\n"]) connt.section("Address Ignore {", "}", self._collect_ignore_ips()) connt.commit() if connt.is_changed(): CsHelper.service("conntrackd", "restart") if file.is_changed(): CsHelper.service("keepalived", "reload") # Configure heartbeat cron job cron = CsFile("/etc/cron.d/heartbeat") cron.add("SHELL=/bin/bash", 0) cron.add("PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1) cron.add("*/1 * * * * root $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1) cron.commit() proc = CsProcess(['/usr/sbin/keepalived', '--vrrp']) if not proc.find(): CsHelper.service("keepalived", "restart")
def remove(self): file = "/etc/nginx/conf.d/vhost-%s.conf" % self.dev if os.path.isfile(file): os.remove(file) CsHelper.service("nginx", "reload")
def restart(self): CsHelper.service("cloud-password-server@%s" % self.ip, "restart")
def start(self): CsHelper.service("cloud-password-server@%s" % self.ip, "start")
def stop(self): CsHelper.service("cloud-password-server@%s" % self.ip, "stop")
def remove(self): file = "/etc/apache2/sites-enabled/vhost-%s.conf" % self.dev if os.path.isfile(file): os.remove(file) CsHelper.service("apache2", "restart")
def set_primary(self): """ Set the current router to primary """ if not self.cl.is_redundant(): logging.error("Set primary called on non-redundant router") return self.set_lock() logging.debug("Setting router to primary") dev = '' interfaces = [ interface for interface in self.address.get_interfaces() if interface.is_public() ] route = CsRoute() for interface in interfaces: if dev == interface.get_device(): continue dev = interface.get_device() logging.info("Will proceed configuring device ==> %s" % dev) cmd = "ip link set %s up" % dev if CsDevice(dev, self.config).waitfordevice(): CsHelper.execute(cmd) logging.info("Bringing public interface %s up" % dev) try: gateway = interface.get_gateway() logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev)) if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]: route.add_defaultroute(gateway) except Exception: logging.error("ERROR getting gateway from device %s" % dev) if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]: try: self._add_ipv6_to_interface(interface, interface.get_ip6()) if interface.get_gateway6(): route.add_defaultroute_v6(interface.get_gateway6()) except Exception as e: logging.error( "ERROR adding IPv6, getting IPv6 gateway from device %s: %s" % (dev, e)) else: logging.error("Device %s was not ready could not bring it up" % dev) self._add_ipv6_guest_gateway() logging.debug("Configuring static routes") static_routes = CsStaticRoutes("staticroutes", self.config) static_routes.process() cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -c" % cmd) CsHelper.execute("%s -f" % cmd) CsHelper.execute("%s -R" % cmd) CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") interfaces = [ interface for interface in self.address.get_interfaces() if interface.needs_vrrp() ] for interface in interfaces: if interface.is_added(): CsPasswdSvc(interface.get_gateway() + "," + interface.get_ip()).restart() CsHelper.service("dnsmasq", "restart") self.cl.set_primary_state(True) self.cl.save() self.release_lock() interfaces = [ interface for interface in self.address.get_interfaces() if interface.is_public() ] CsHelper.reconfigure_interfaces(self.cl, interfaces) public_devices = list( set([interface.get_device() for interface in interfaces])) if len(public_devices) > 1: # Handle specific failures when multiple public interfaces public_devices.sort() # Ensure the default route is added, or outgoing traffic from VMs with static NAT on # the subsequent interfaces will go from the wrong IP route = CsRoute() dev = '' for interface in interfaces: if dev == interface.get_device(): continue dev = interface.get_device() gateway = interface.get_gateway() if gateway: route.add_route(dev, gateway) # The first public interface has a static MAC address between VRs. Subsequent ones don't, # so an ARP announcement is needed on failover for device in public_devices[1:]: logging.info("Sending garp messages for IPs on %s" % device) for interface in interfaces: if interface.get_device() == device: CsHelper.execute("arping -I %s -U %s -c 1" % (device, interface.get_ip())) logging.info("Router switched to primary mode")
def remove(self): file = "/etc/apache2/conf.d/vhost%s.conf" % self.dev if os.path.isfile(file): os.remove(file) CsHelper.service("apache2", "restart")
def _redundant_on(self): guest = self.address.get_guest_if() # No redundancy if there is no guest network if guest is None: self.set_backup() self._redundant_off() return interfaces = [ interface for interface in self.address.get_interfaces() if interface.is_guest() ] isDeviceReady = False dev = '' for interface in interfaces: if dev == interface.get_device(): continue dev = interface.get_device() logging.info( "Wait for devices to be configured so we can start keepalived") devConfigured = CsDevice(dev, self.config).waitfordevice() if devConfigured: command = "ip link show %s | grep 'state UP'" % dev devUp = CsHelper.execute(command) if devUp: logging.info( "Device %s is present, let's start keepalived now." % dev) isDeviceReady = True if not isDeviceReady: logging.info( "Guest network not configured yet, let's stop router redundancy for now." ) CsHelper.service("conntrackd", "stop") CsHelper.service("keepalived", "stop") return CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False) CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR) CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False) for s in self.CS_TEMPLATES: d = s if s.endswith(".templ"): d = s.replace(".templ", "") CsHelper.copy_if_needed("%s/%s" % (self.CS_TEMPLATES_DIR, s), "%s/%s" % (self.CS_ROUTER_DIR, d)) CsHelper.copy_if_needed( "%s/%s" % (self.CS_TEMPLATES_DIR, "keepalived.conf.templ"), self.KEEPALIVED_CONF) CsHelper.copy_if_needed( "%s/%s" % (self.CS_TEMPLATES_DIR, "checkrouter.sh.templ"), "/opt/cloud/bin/checkrouter.sh") CsHelper.execute( 'sed -i "s/--exec $DAEMON;/--exec $DAEMON -- --vrrp;/g" /etc/init.d/keepalived' ) # checkrouter.sh configuration check_router = CsFile("/opt/cloud/bin/checkrouter.sh") check_router.greplace("[RROUTER_LOG]", self.RROUTER_LOG) check_router.commit() # keepalived configuration keepalived_conf = CsFile(self.KEEPALIVED_CONF) keepalived_conf.search(" router_id ", " router_id %s" % self.cl.get_name()) keepalived_conf.search(" interface ", " interface %s" % guest.get_device()) keepalived_conf.search(" advert_int ", " advert_int %s" % self.cl.get_advert_int()) keepalived_conf.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR) keepalived_conf.section("authentication {", "}", [ " auth_type AH \n", " auth_pass %s\n" % self.cl.get_router_password()[:8] ]) keepalived_conf.section("virtual_ipaddress {", "}", self._collect_ips()) # conntrackd configuration conntrackd_template_conf = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ") conntrackd_temp_bkp = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ.bkp") CsHelper.copy(conntrackd_template_conf, conntrackd_temp_bkp) conntrackd_tmpl = CsFile(conntrackd_template_conf) conntrackd_tmpl.section("Multicast {", "}", [ "IPv4_address 225.0.0.50\n", "Group 3780\n", "IPv4_interface %s\n" % guest.get_ip(), "Interface %s\n" % guest.get_device(), "SndSocketBuffer 1249280\n", "RcvSocketBuffer 1249280\n", "Checksum on\n" ]) conntrackd_tmpl.section("Address Ignore {", "}", self._collect_ignore_ips()) conntrackd_tmpl.commit() conntrackd_conf = CsFile(self.CONNTRACKD_CONF) is_equals = conntrackd_tmpl.compare(conntrackd_conf) force_keepalived_restart = False proc = CsProcess(['/etc/conntrackd/conntrackd.conf']) if not proc.find() or not is_equals: CsHelper.copy(conntrackd_template_conf, self.CONNTRACKD_CONF) CsHelper.service("conntrackd", "restart") force_keepalived_restart = True # Restore the template file and remove the backup. CsHelper.copy(conntrackd_temp_bkp, conntrackd_template_conf) CsHelper.execute("rm -rf %s" % conntrackd_temp_bkp) # Configure heartbeat cron job - runs every 30 seconds heartbeat_cron = CsFile("/etc/cron.d/heartbeat") heartbeat_cron.add("SHELL=/bin/bash", 0) heartbeat_cron.add( "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1) heartbeat_cron.add( "* * * * * root $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1) heartbeat_cron.add( "* * * * * root sleep 30; $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1) heartbeat_cron.commit() proc = CsProcess(['/usr/sbin/keepalived']) if not proc.find(): force_keepalived_restart = True if keepalived_conf.is_changed() or force_keepalived_restart: keepalived_conf.commit() os.chmod(self.KEEPALIVED_CONF, 0o644) if force_keepalived_restart or not self.cl.is_primary(): CsHelper.service("keepalived", "restart") else: CsHelper.service("keepalived", "reload")
def _redundant_on(self): guest = self.address.get_guest_if() # No redundancy if there is no guest network if guest is None: self._redundant_off() return CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False) CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR) CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False) for s in self.CS_TEMPLATES: d = s if s.endswith(".templ"): d = s.replace(".templ", "") CsHelper.copy_if_needed( "%s/%s" % (self.CS_TEMPLATES_DIR, s), "%s/%s" % (self.CS_ROUTER_DIR, d)) CsHelper.copy_if_needed( "%s/%s" % (self.CS_TEMPLATES_DIR, "keepalived.conf.templ"), self.KEEPALIVED_CONF) CsHelper.copy_if_needed( "%s/%s" % (self.CS_TEMPLATES_DIR, "checkrouter.sh.templ"), "/opt/cloud/bin/checkrouter.sh") CsHelper.execute( 'sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived') # checkrouter.sh configuration check_router = CsFile("/opt/cloud/bin/checkrouter.sh") check_router.greplace("[RROUTER_LOG]", self.RROUTER_LOG) check_router.commit() # keepalived configuration keepalived_conf = CsFile(self.KEEPALIVED_CONF) keepalived_conf.search( " router_id ", " router_id %s" % self.cl.get_name()) keepalived_conf.search( " interface ", " interface %s" % guest.get_device()) keepalived_conf.search( " virtual_router_id ", " virtual_router_id %s" % self.cl.get_router_id()) keepalived_conf.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR) keepalived_conf.section("authentication {", "}", [ " auth_type AH \n", " auth_pass %s\n" % self.cl.get_router_password()]) keepalived_conf.section( "virtual_ipaddress {", "}", self._collect_ips()) # conntrackd configuration conntrackd_template_conf = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ") conntrackd_temp_bkp = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ.bkp") CsHelper.copy(conntrackd_template_conf, conntrackd_temp_bkp) conntrackd_tmpl = CsFile(conntrackd_template_conf) if guest is not None: conntrackd_tmpl.section("Multicast {", "}", [ "IPv4_address 225.0.0.50\n", "Group 3780\n", "IPv4_interface %s\n" % guest.get_ip(), "Interface %s\n" % guest.get_device(), "SndSocketBuffer 1249280\n", "RcvSocketBuffer 1249280\n", "Checksum on\n"]) conntrackd_tmpl.section("Address Ignore {", "}", self._collect_ignore_ips()) conntrackd_tmpl.commit() conntrackd_conf = CsFile(self.CONNTRACKD_CONF) is_equals = conntrackd_tmpl.compare(conntrackd_conf) proc = CsProcess(['/etc/conntrackd/conntrackd.conf']) if not proc.find() or not is_equals: CsHelper.copy(conntrackd_template_conf, self.CONNTRACKD_CONF) CsHelper.service("conntrackd", "restart") # Restore the template file and remove the backup. CsHelper.copy(conntrackd_temp_bkp, conntrackd_template_conf) CsHelper.execute("rm -rf %s" % conntrackd_temp_bkp) # Configure heartbeat cron job - runs every 30 seconds heartbeat_cron = CsFile("/etc/cron.d/heartbeat") heartbeat_cron.add("SHELL=/bin/bash", 0) heartbeat_cron.add( "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1) heartbeat_cron.add( "* * * * * root $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1) heartbeat_cron.add( "* * * * * root sleep 30; $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1) heartbeat_cron.commit() # Configure KeepaliveD cron job - runs at every reboot keepalived_cron = CsFile("/etc/cron.d/keepalived") keepalived_cron.add("SHELL=/bin/bash", 0) keepalived_cron.add( "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1) keepalived_cron.add("@reboot root service keepalived start", -1) keepalived_cron.commit() # Configure ConntrackD cron job - runs at every reboot conntrackd_cron = CsFile("/etc/cron.d/conntrackd") conntrackd_cron.add("SHELL=/bin/bash", 0) conntrackd_cron.add( "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1) conntrackd_cron.add("@reboot root service conntrackd start", -1) conntrackd_cron.commit() proc = CsProcess(['/usr/sbin/keepalived']) if not proc.find() or keepalived_conf.is_changed(): keepalived_conf.commit() CsHelper.service("keepalived", "restart")