def process(self):
if "config" not in self.dbag.keys():
return
if 'configuration' not in self.dbag['config'][0].keys():
return
config = self.dbag['config'][0]['configuration']
file1 = CsFile(HAPROXY_CONF_T)
file1.empty()
for x in config:
[file1.append(w, -1) for w in x.split('\n')]
file1.commit()
file2 = CsFile(HAPROXY_CONF_P)
if not file2.compare(file1):
CsHelper.copy(HAPROXY_CONF_T, HAPROXY_CONF_P)
proc = CsProcess(['/var/run/haproxy.pid'])
if not proc.find():
logging.debug("CsLoadBalancer:: will restart HAproxy!")
CsHelper.service("haproxy", "restart")
else:
logging.debug("CsLoadBalancer:: will reload HAproxy!")
CsHelper.service("haproxy", "reload")
add_rules = self.dbag['config'][0]['add_rules']
remove_rules = self.dbag['config'][0]['remove_rules']
stat_rules = self.dbag['config'][0]['stat_rules']
self._configure_firewall(add_rules, remove_rules, stat_rules)
def setup(self):
self.remove_legacy_apache_config_files()
CsHelper.copy_if_needed(
"/etc/apache2/vhost.template",
"/etc/apache2/sites-enabled/vhost-%s.conf" % self.ip)
file = CsFile("/etc/apache2/sites-enabled/vhost-%s.conf" % (self.ip))
file.search("<VirtualHost.*:80>", "\t<VirtualHost %s:80>" % (self.ip))
file.search("<VirtualHost.*:443>",
"\t<VirtualHost %s:443>" % (self.ip))
file.search("Listen .*:80", "Listen %s:80" % (self.ip))
file.search("Listen .*:443", "Listen %s:443" % (self.ip))
file.search("NameVirtualHost .*:80",
"NameVirtualHost %s:80" % (self.ip))
file.search(
"ServerName.*", "\tServerName %s.%s" %
(self.config.cl.get_type(), self.config.get_domain()))
if file.is_changed():
file.commit()
CsHelper.service("apache2", "restart")
self.fw.append([
"", "front",
"-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 80 -j ACCEPT"
% (self.dev, self.ip)
])
self.fw.append([
"", "front",
"-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 443 -j ACCEPT"
% (self.dev, self.ip)
])
def process(self):
self.hosts = {}
self.changed = []
self.devinfo = CsHelper.get_device_info()
self.preseed()
self.cloud = CsFile(DHCP_HOSTS)
self.conf = CsFile(CLOUD_CONF)
self.cloud.repopulate()
for item in self.dbag:
if item == "id":
continue
self.add(self.dbag[item])
self.write_hosts()
if self.cloud.is_changed():
self.delete_leases()
self.configure_server()
self.conf.commit()
self.cloud.commit()
# We restart DNSMASQ every time the configure.py is called in order to avoid lease problems.
if not self.cl.is_redundant() or self.cl.is_master():
CsHelper.service("dnsmasq", "restart")
def _redundant_off(self):
CsHelper.service("conntrackd", "stop")
CsHelper.service("keepalived", "stop")
CsHelper.umount_tmpfs(self.CS_RAMDISK_DIR)
CsHelper.rmdir(self.CS_RAMDISK_DIR)
CsHelper.rm(self.CONNTRACKD_CONF)
CsHelper.rm(self.KEEPALIVED_CONF)
def process(self):
if "config" not in self.dbag.keys():
return
if 'configuration' not in self.dbag['config'][0].keys():
return
config = self.dbag['config'][0]['configuration']
file1 = CsFile(HAPROXY_CONF_T)
file1.empty()
for x in config:
[file1.append(w, -1) for w in x.split('\n')]
file1.commit()
file2 = CsFile(HAPROXY_CONF_P)
if not file2.compare(file1):
CsHelper.copy(HAPROXY_CONF_T, HAPROXY_CONF_P)
proc = CsProcess(['/var/run/haproxy.pid'])
if not proc.find():
logging.debug("CsLoadBalancer:: will restart HAproxy!")
CsHelper.service("haproxy", "restart")
else:
logging.debug("CsLoadBalancer:: will reload HAproxy!")
CsHelper.service("haproxy", "reload")
add_rules = self.dbag['config'][0]['add_rules']
remove_rules = self.dbag['config'][0]['remove_rules']
stat_rules = self.dbag['config'][0]['stat_rules']
self._configure_firewall(add_rules, remove_rules, stat_rules)
def process(self):
self.hosts = {}
self.changed = []
self.devinfo = CsHelper.get_device_info()
self.preseed()
self.cloud = CsFile(DHCP_HOSTS)
self.dhcp_opts = CsFile(DHCP_OPTS)
self.conf = CsFile(CLOUD_CONF)
self.cloud.repopulate()
self.dhcp_opts.repopulate()
for item in self.dbag:
if item == "id":
continue
self.add(self.dbag[item])
self.write_hosts()
if self.cloud.is_changed():
self.delete_leases()
self.configure_server()
restart_dnsmasq = self.conf.commit()
self.cloud.commit()
self.dhcp_opts.commit()
if not self.cl.is_redundant() or self.cl.is_master():
if restart_dnsmasq:
CsHelper.service("dnsmasq", "restart")
else:
CsHelper.start_if_stopped("dnsmasq")
CsHelper.service("dnsmasq", "reload")
def process(self):
self.hosts = {}
self.changed = []
self.devinfo = CsHelper.get_device_info()
self.preseed()
self.cloud = CsFile(DHCP_HOSTS)
self.conf = CsFile(CLOUD_CONF)
self.cloud.repopulate()
for item in self.dbag:
if item == "id":
continue
self.add(self.dbag[item])
self.write_hosts()
if self.cloud.is_changed():
self.delete_leases()
self.configure_server()
self.conf.commit()
self.cloud.commit()
# We restart DNSMASQ every time the configure.py is called in order to avoid lease problems.
if not self.cl.is_redundant() or self.cl.is_master():
CsHelper.service("dnsmasq", "restart")
def _enable_radvd(self, dev):
"""
Setup radvd for primary VR
"""
if dev == '':
return
CsHelper.service("radvd", "enable")
CsHelper.start_if_stopped("radvd")
def _disable_radvd(self, dev):
"""
Disable radvd for non-primary VR
"""
if dev == '':
return
CsHelper.service("radvd", "stop")
CsHelper.service("radvd", "disable")
logging.info(CsHelper.execute("systemctl status radvd"))
def process(self):
if "config" not in self.dbag.keys():
return
if 'configuration' not in self.dbag['config'][0].keys():
return
config = self.dbag['config'][0]['configuration']
file1 = CsFile(HAPROXY_CONF_T)
file2 = CsFile(HAPROXY_CONF_P)
file1.empty()
for x in config:
[file1.append(w, -1) for w in x.split('\n')]
if not file2.compare(file1):
file1.commit()
shutil.copy2(HAPROXY_CONF_T, HAPROXY_CONF_P)
CsHelper.service("haproxy", "restart")
def setup(self):
CsHelper.copy_if_needed("/etc/apache2/vhostexample.conf",
"/etc/apache2/conf.d/vhost%s.conf" % self.dev)
file = CsFile("/etc/apache2/conf.d/vhost%s.conf" % (self.dev))
file.search("<VirtualHost.*:80>", "\t<VirtualHost %s:80>" % (self.ip))
file.search("<VirtualHost.*:80>", "\t<VirtualHost %s:80>" % (self.ip))
file.search("<VirtualHost.*:443>", "\t<VirtualHost %s:443>" % (self.ip))
file.search("Listen .*:80", "Listen %s:80" % (self.ip))
file.search("Listen .*:443", "Listen %s:443" % (self.ip))
file.search("ServerName.*", "\tServerName vhost%s.cloudinternal.com" % (self.dev))
if file.is_changed():
file.commit()
CsHelper.service("apache2", "restart")
self.fw.append(["", "front",
"-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 80 -j ACCEPT" % (self.dev, self.ip)
])
def setup(self):
CsHelper.copy_if_needed("/etc/apache2/vhostexample.conf",
"/etc/apache2/conf.d/vhost%s.conf" % self.dev)
file = CsFile("/etc/apache2/conf.d/vhost%s.conf" % (self.dev))
file.search("<VirtualHost.*:80>", "\t<VirtualHost %s:80>" % (self.ip))
file.search("<VirtualHost.*:80>", "\t<VirtualHost %s:80>" % (self.ip))
file.search("<VirtualHost.*:443>", "\t<VirtualHost %s:443>" % (self.ip))
file.search("Listen .*:80", "Listen %s:80" % (self.ip))
file.search("Listen .*:443", "Listen %s:443" % (self.ip))
file.search("ServerName.*", "\tServerName vhost%s.cloudinternal.com" % (self.dev))
file.commit()
if file.is_changed():
CsHelper.service("apache2", "restart")
self.fw.append(["", "front",
"-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 80 -j ACCEPT" % (self.dev, self.ip)
])
def process(self):
logging.debug("Processing CsVpcGuestNetwork")
self.conf = CsFile(RADVD_CONF_NEW)
self.conf.empty()
for item in self.dbag:
if item == "id":
continue
for address in self.dbag[item]:
if address['add']:
self.add_address_route(address)
self.add_radvd_conf(address)
else:
self.remove_address_route(address)
self.conf.commit()
file = CsFile(RADVD_CONF)
if not file.compare(self.conf):
CsHelper.copy(RADVD_CONF_NEW, RADVD_CONF)
logging.debug("CsVpcGuestNetwork:: will restart radvd !")
CsHelper.service("radvd", "restart")
def set_master(self):
""" Set the current router to master """
if not self.cl.is_redundant():
logging.error("Set master called on non-redundant router")
return
"""
if self.cl.is_master():
logging.error("Set master called on master node")
return
"""
s = self.set_lock()
logging.debug("Setting router to master")
ads = [o for o in self.address.get_ips() if o.is_public()]
for o in ads:
# cmd2 = "ip link set %s up" % self.getDevice()
CsHelper.execute("ifconfig %s down" % o.get_device())
CsHelper.execute("ifconfig %s up" % o.get_device())
CsHelper.execute("arping -I %s -A %s -c 1" % (o.get_device(), o.get_ip()))
# FIXME Need to add in the default routes but I am unsure what the gateway is
# ip route add default via $gw table Table_$dev proto static
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -c" % cmd)
CsHelper.execute("%s -f" % cmd)
CsHelper.execute("%s -R" % cmd)
CsHelper.execute("%s -B" % cmd)
CsHelper.service("ipsec", "restart")
CsHelper.service("xl2tpd", "restart")
ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
for o in ads:
pwdsvc = CsPasswdSvc(o.get_gateway()).restart()
CsHelper.service("dnsmasq", "restart")
self.cl.set_master_state(True)
self.cl.save()
logging.info("Router switched to master mode")
def set_backup(self):
""" Set the current router to backup """
if not self.cl.is_redundant():
logging.error("Set backup called on non-redundant router")
return
self.set_lock()
logging.debug("Setting router to backup")
dev = ''
ips = [ip for ip in self.address.get_ips() if ip.is_public()]
for ip in ips:
if dev == ip.get_device():
continue
logging.info("Bringing public interface %s down" % ip.get_device())
cmd2 = "ip link set %s down" % ip.get_device()
CsHelper.execute(cmd2)
dev = ip.get_device()
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -d" % cmd)
CsHelper.service("ipsec", "stop")
CsHelper.service("xl2tpd", "stop")
ips = [ip for ip in self.address.get_ips() if ip.needs_vrrp()]
for ip in ips:
CsPasswdSvc(ip.get_gateway()).stop()
CsHelper.service("dnsmasq", "stop")
self.cl.set_master_state(False)
self.cl.save()
self.release_lock()
logging.info("Router switched to backup mode")
def set_backup(self):
""" Set the current router to backup """
if not self.cl.is_redundant():
logging.error("Set backup called on non-redundant router")
return
self.set_lock()
logging.debug("Setting router to backup")
dev = ''
ips = [ip for ip in self.address.get_ips() if ip.is_public()]
for ip in ips:
if dev == ip.get_device():
continue
logging.info("Bringing public interface %s down" % ip.get_device())
cmd2 = "ip link set %s down" % ip.get_device()
CsHelper.execute(cmd2)
dev = ip.get_device()
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -d" % cmd)
CsHelper.service("ipsec", "stop")
CsHelper.service("xl2tpd", "stop")
ips = [ip for ip in self.address.get_ips() if ip.needs_vrrp()]
for ip in ips:
CsPasswdSvc(ip.get_gateway()).stop()
CsHelper.service("dnsmasq", "stop")
self.cl.set_master_state(False)
self.cl.save()
self.release_lock()
logging.info("Router switched to backup mode")
def set_fault(self):
""" Set fault mode on this router """
if not self.cl.is_redundant():
logging.error("Set fault called on non-redundant router")
return
self.set_lock()
logging.info("Router switched to fault mode")
ips = [ip for ip in self.address.get_ips() if ip.is_public()]
for ip in ips:
CsHelper.execute("ifconfig %s down" % ip.get_device())
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -s" % cmd)
CsHelper.service("ipsec", "stop")
CsHelper.service("xl2tpd", "stop")
CsHelper.service("dnsmasq", "stop")
ips = [ip for ip in self.address.get_ips() if ip.needs_vrrp()]
for ip in ips:
CsPasswdSvc(ip.get_gateway()).stop()
self.cl.set_fault_state()
self.cl.save()
self.release_lock()
logging.info("Router switched to fault mode")
def set_fault(self):
""" Set fault mode on this router """
if not self.cl.is_redundant():
logging.error("Set fault called on non-redundant router")
return
self.set_lock()
logging.info("Router switched to fault mode")
ips = [ip for ip in self.address.get_ips() if ip.is_public()]
for ip in ips:
CsHelper.execute("ifconfig %s down" % ip.get_device())
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -s" % cmd)
CsHelper.service("ipsec", "stop")
CsHelper.service("xl2tpd", "stop")
CsHelper.service("dnsmasq", "stop")
ips = [ip for ip in self.address.get_ips() if ip.needs_vrrp()]
for ip in ips:
CsPasswdSvc(ip.get_gateway()).stop()
self.cl.set_fault_state()
self.cl.save()
self.release_lock()
logging.info("Router switched to fault mode")
def set_master(self):
""" Set the current router to master """
if not self.cl.is_redundant():
logging.error("Set master called on non-redundant router")
return
self.set_lock()
logging.debug("Setting router to master")
self.address.process()
logging.info("added default routes")
# ip route add default via $gw table Table_$dev proto static
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -c" % cmd)
CsHelper.execute("%s -f" % cmd)
CsHelper.execute("%s -R" % cmd)
CsHelper.execute("%s -B" % cmd)
CsHelper.service("ipsec", "restart")
CsHelper.service("xl2tpd", "restart")
ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
for o in ads:
CsPasswdSvc(o.get_gateway()).restart()
CsHelper.service("dnsmasq", "restart")
self.cl.set_master_state(True)
self.cl.save()
self.release_lock()
logging.info("Router switched to master mode")
def set_backup(self):
""" Set the current router to backup """
if not self.cl.is_redundant():
logging.error("Set backup called on non-redundant router")
return
"""
if not self.cl.is_master():
logging.error("Set backup called on node that is already backup")
return
"""
self.set_lock()
logging.debug("Setting router to backup")
ads = [o for o in self.address.get_ips() if o.is_public()]
dev = ''
for o in ads:
if dev == o.get_device():
continue
logging.info("Bringing public interface %s down" % o.get_device())
cmd2 = "ip link set %s up" % o.get_device()
CsHelper.execute(cmd2)
dev = o.get_device()
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -d" % cmd)
CsHelper.service("ipsec", "stop")
CsHelper.service("xl2tpd", "stop")
ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
for o in ads:
CsPasswdSvc(o.get_gateway()).stop()
CsHelper.service("dnsmasq", "stop")
# self._set_priority(self.CS_PRIO_DOWN)
self.cl.set_master_state(False)
self.cl.save()
self.release_lock()
logging.info("Router switched to backup mode")
def set_master(self):
""" Set the current router to master """
if not self.cl.is_redundant():
logging.error("Set master called on non-redundant router")
return
"""
if self.cl.is_master():
logging.error("Set master called on master node")
return
"""
s = self.set_lock()
logging.debug("Setting router to master")
ads = [o for o in self.address.get_ips() if o.is_public()]
for o in ads:
# cmd2 = "ip link set %s up" % self.getDevice()
CsHelper.execute("ifconfig %s down" % o.get_device())
CsHelper.execute("ifconfig %s up" % o.get_device())
CsHelper.execute("arping -I %s -A %s -c 1" %
(o.get_device(), o.get_ip()))
# FIXME Need to add in the default routes but I am unsure what the gateway is
# ip route add default via $gw table Table_$dev proto static
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -c" % cmd)
CsHelper.execute("%s -f" % cmd)
CsHelper.execute("%s -R" % cmd)
CsHelper.execute("%s -B" % cmd)
CsHelper.service("ipsec", "restart")
CsHelper.service("xl2tpd", "restart")
ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
for o in ads:
pwdsvc = CsPasswdSvc(o.get_gateway()).restart()
CsHelper.service("dnsmasq", "restart")
self.cl.set_master_state(True)
self.cl.save()
logging.info("Router switched to master mode")
def set_master(self):
""" Set the current router to master """
if not self.cl.is_redundant():
logging.error("Set master called on non-redundant router")
return
self.set_lock()
logging.debug("Setting router to master")
self.address.process()
logging.info("added default routes")
# ip route add default via $gw table Table_$dev proto static
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -c" % cmd)
CsHelper.execute("%s -f" % cmd)
CsHelper.execute("%s -R" % cmd)
CsHelper.execute("%s -B" % cmd)
CsHelper.service("ipsec", "restart")
CsHelper.service("xl2tpd", "restart")
ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
for o in ads:
CsPasswdSvc(o.get_gateway()).restart()
CsHelper.service("dnsmasq", "restart")
self.cl.set_master_state(True)
self.cl.save()
self.release_lock()
logging.info("Router switched to master mode")
def process(self):
self.hosts = {}
self.changed = []
self.devinfo = CsHelper.get_device_info()
self.preseed()
self.cloud = CsFile(DHCP_HOSTS)
self.conf = CsFile(CLOUD_CONF)
length = len(self.conf)
for item in self.dbag:
if item == "id":
continue
self.add(self.dbag[item])
self.write_hosts()
if self.cloud.is_changed():
self.delete_leases()
self.configure_server()
self.conf.commit()
self.cloud.commit()
if self.conf.is_changed():
CsHelper.service("dnsmasq", "restart")
elif self.cloud.is_changed():
CsHelper.hup_dnsmasq("dnsmasq", "dnsmasq")
def process(self):
self.hosts = {}
self.changed = []
self.devinfo = CsHelper.get_device_info()
self.preseed()
self.cloud = CsFile(DHCP_HOSTS)
self.dhcp_opts = CsFile(DHCP_OPTS)
self.conf = CsFile(CLOUD_CONF)
self.cloud.repopulate()
self.dhcp_opts.repopulate()
for item in self.dbag:
if item == "id":
continue
self.add(self.dbag[item])
self.write_hosts()
self.configure_server()
restart_dnsmasq = False
if self.conf.commit():
restart_dnsmasq = True
if self.cloud.commit():
restart_dnsmasq = True
self.dhcp_opts.commit()
if restart_dnsmasq:
self.delete_leases()
if not self.cl.is_redundant() or self.cl.is_master():
if restart_dnsmasq:
CsHelper.service("dnsmasq", "restart")
else:
CsHelper.start_if_stopped("dnsmasq")
CsHelper.service("dnsmasq", "reload")
def set_backup(self):
""" Set the current router to backup """
if not self.cl.is_redundant():
logging.error("Set backup called on non-redundant router")
return
self.set_lock()
logging.debug("Setting router to backup")
dev = ''
interfaces = [
interface for interface in self.address.get_interfaces()
if interface.is_public()
]
for interface in interfaces:
if dev == interface.get_device():
continue
logging.info("Bringing public interface %s down" %
interface.get_device())
cmd2 = "ip link set %s down" % interface.get_device()
CsHelper.execute(cmd2)
dev = interface.get_device()
self._remove_ipv6_guest_gateway()
CsHelper.service("conntrackd", "restart")
CsHelper.service("ipsec", "stop")
CsHelper.service("xl2tpd", "stop")
interfaces = [
interface for interface in self.address.get_interfaces()
if interface.needs_vrrp()
]
for interface in interfaces:
CsPasswdSvc(interface.get_gateway() + "," +
interface.get_ip()).stop()
CsHelper.service("dnsmasq", "stop")
self.cl.set_primary_state(False)
self.cl.save()
self.release_lock()
interfaces = [
interface for interface in self.address.get_interfaces()
if interface.is_public()
]
CsHelper.reconfigure_interfaces(self.cl, interfaces)
logging.info("Router switched to backup mode")
def process(self):
self.hosts = {}
self.changed = []
self.devinfo = CsHelper.get_device_info()
self.preseed()
self.cloud = CsFile(DHCP_HOSTS)
self.conf = CsFile(CLOUD_CONF)
length = len(self.conf)
for item in self.dbag:
if item == "id":
continue
self.add(self.dbag[item])
self.write_hosts()
if self.cloud.is_changed():
self.delete_leases()
self.configure_server()
self.conf.commit()
self.cloud.commit()
if self.conf.is_changed():
CsHelper.service("dnsmasq", "restart")
elif self.cloud.is_changed():
CsHelper.hup_dnsmasq("dnsmasq", "dnsmasq")
def setup(self):
CsHelper.copy_if_needed("/etc/apache2/vhost.template",
"/etc/apache2/sites-enabled/vhost-%s.conf" % self.ip)
file = CsFile("/etc/apache2/sites-enabled/vhost-%s.conf" % (self.ip))
file.search("<VirtualHost.*:80>", "\t<VirtualHost %s:80>" % (self.ip))
file.search("<VirtualHost.*:443>", "\t<VirtualHost %s:443>" % (self.ip))
file.search("Listen .*:80", "Listen %s:80" % (self.ip))
file.search("Listen .*:443", "Listen %s:443" % (self.ip))
file.search("ServerName.*", "\tServerName %s.%s" % (self.config.cl.get_type(), self.config.get_domain()))
if file.is_changed():
file.commit()
CsHelper.service("apache2", "restart")
self.fw.append([
"", "front",
"-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 80 -j ACCEPT" % (self.dev, self.ip)
])
self.fw.append([
"", "front",
"-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 443 -j ACCEPT" % (self.dev, self.ip)
])
def set_master(self):
""" Set the current router to master """
if not self.cl.is_redundant():
logging.error("Set master called on non-redundant router")
return
self.set_lock()
logging.debug("Setting router to master")
dev = ''
interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()]
route = CsRoute()
for interface in interfaces:
if dev == interface.get_device():
continue
dev = interface.get_device()
logging.info("Will proceed configuring device ==> %s" % dev)
cmd = "ip link set %s up" % dev
if CsDevice(dev, self.config).waitfordevice():
CsHelper.execute(cmd)
logging.info("Bringing public interface %s up" % dev)
try:
gateway = interface.get_gateway()
logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev))
if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]:
route.add_defaultroute(gateway)
except:
logging.error("ERROR getting gateway from device %s" % dev)
else:
logging.error("Device %s was not ready could not bring it up" % dev)
logging.debug("Configuring static routes")
static_routes = CsStaticRoutes("staticroutes", self.config)
static_routes.process()
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -c" % cmd)
CsHelper.execute("%s -f" % cmd)
CsHelper.execute("%s -R" % cmd)
CsHelper.execute("%s -B" % cmd)
CsHelper.service("ipsec", "restart")
CsHelper.service("xl2tpd", "restart")
interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()]
for interface in interfaces:
# Listen on local ip address, as cloud-init uses the 'dhcp-server-identifier' address,
# which unfortunately is not the gateway address.
CsPasswdSvc(interface.get_ip()).start()
CsHelper.service("dnsmasq", "restart")
self.cl.set_master_state(True)
self.cl.save()
self.release_lock()
interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()]
CsHelper.reconfigure_interfaces(self.cl, interfaces)
logging.info("Router switched to master mode")
def set_master(self):
""" Set the current router to master """
if not self.cl.is_redundant():
logging.error("Set master called on non-redundant router")
return
self.set_lock()
logging.debug("Setting router to master")
dev = ''
interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()]
route = CsRoute()
for interface in interfaces:
if dev == interface.get_device():
continue
dev = interface.get_device()
logging.info("Will proceed configuring device ==> %s" % dev)
cmd = "ip link set %s up" % dev
if CsDevice(dev, self.config).waitfordevice():
CsHelper.execute(cmd)
logging.info("Bringing public interface %s up" % dev)
try:
gateway = interface.get_gateway()
logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev))
if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]:
route.add_defaultroute(gateway)
except Exception:
logging.error("ERROR getting gateway from device %s" % dev)
else:
logging.error("Device %s was not ready could not bring it up" % dev)
logging.debug("Configuring static routes")
static_routes = CsStaticRoutes("staticroutes", self.config)
static_routes.process()
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -c" % cmd)
CsHelper.execute("%s -f" % cmd)
CsHelper.execute("%s -R" % cmd)
CsHelper.execute("%s -B" % cmd)
CsHelper.service("ipsec", "restart")
CsHelper.service("xl2tpd", "restart")
interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()]
for interface in interfaces:
CsPasswdSvc(interface.get_ip()).restart()
CsPasswdSvc(interface.get_gateway()).restart()
CsHelper.service("dnsmasq", "restart")
self.cl.set_master_state(True)
self.cl.save()
self.release_lock()
interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()]
CsHelper.reconfigure_interfaces(self.cl, interfaces)
logging.info("Router switched to master mode")
def set_master(self):
""" Set the current router to master """
if not self.cl.is_redundant():
logging.error("Set master called on non-redundant router")
return
self.set_lock()
logging.debug("Setting router to master")
ads = [o for o in self.address.get_ips() if o.is_public()]
dev = ''
route = CsRoute()
for o in ads:
if dev == o.get_device():
continue
dev = o.get_device()
logging.info("Will proceed configuring device ==> %s" % dev)
cmd2 = "ip link set %s up" % dev
if CsDevice(dev, self.config).waitfordevice():
CsHelper.execute(cmd2)
logging.info("Bringing public interface %s up" % dev)
try:
gateway = o.get_gateway()
logging.info("Adding gateway ==> %s to device ==> %s" %
(gateway, dev))
route.add_defaultroute(gateway)
except:
logging.error("ERROR getting gateway from device %s" % dev)
else:
logging.error("Device %s was not ready could not bring it up" %
dev)
# ip route add default via $gw table Table_$dev proto static
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -c" % cmd)
CsHelper.execute("%s -f" % cmd)
CsHelper.execute("%s -R" % cmd)
CsHelper.execute("%s -B" % cmd)
CsHelper.service("ipsec", "restart")
CsHelper.service("xl2tpd", "restart")
ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
for o in ads:
CsPasswdSvc(o.get_gateway()).restart()
CsHelper.service("dnsmasq", "restart")
self.cl.set_master_state(True)
self.cl.save()
self.release_lock()
logging.info("Router switched to master mode")
def set_master(self):
""" Set the current router to master """
if not self.cl.is_redundant():
logging.error("Set master called on non-redundant router")
return
self.set_lock()
logging.debug("Setting router to master")
ads = [o for o in self.address.get_ips() if o.is_public()]
dev = ''
route = CsRoute()
for o in ads:
if dev == o.get_device():
continue
dev = o.get_device()
logging.info("Will proceed configuring device ==> %s" % dev)
cmd2 = "ip link set %s up" % dev
if CsDevice(dev, self.config).waitfordevice():
CsHelper.execute(cmd2)
logging.info("Bringing public interface %s up" % dev)
try:
gateway = o.get_gateway()
logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev))
route.add_defaultroute(gateway)
except:
logging.error("ERROR getting gateway from device %s" % dev)
else:
logging.error("Device %s was not ready could not bring it up" % dev)
# ip route add default via $gw table Table_$dev proto static
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -c" % cmd)
CsHelper.execute("%s -f" % cmd)
CsHelper.execute("%s -R" % cmd)
CsHelper.execute("%s -B" % cmd)
CsHelper.service("ipsec", "restart")
CsHelper.service("xl2tpd", "restart")
ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
for o in ads:
CsPasswdSvc(o.get_gateway()).restart()
CsHelper.service("dnsmasq", "restart")
self.cl.set_master_state(True)
self.cl.save()
self.release_lock()
logging.info("Router switched to master mode")
def set_fault(self):
""" Set fault mode on this router """
if not self.cl.is_redundant():
logging.error("Set fault called on non-redundant router")
return
self.set_lock()
logging.info("Router switched to fault mode")
interfaces = [
interface for interface in self.address.get_interfaces()
if interface.is_public() or interface.is_privategateway()
]
for interface in interfaces:
CsHelper.execute("ifconfig %s down" % interface.get_device())
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -s" % cmd)
CsHelper.service("strongswan", "stop")
CsHelper.service("xl2tpd", "stop")
CsHelper.service("dnsmasq", "stop")
interfaces = [
interface for interface in self.address.get_interfaces()
if interface.needs_vrrp()
]
for interface in interfaces:
CsPasswordService(interface.get_ip()).stop()
self.cl.set_fault_state()
self.cl.save()
self.release_lock()
logging.info("Router switched to fault mode")
interfaces = [
interface for interface in self.address.get_interfaces()
if interface.is_privategateway()
]
CsHelper.reconfigure_interfaces(self.cl, interfaces)
def setup(self):
vhost = """
server {
listen %s:80;
listen %s:443 ssl;
server_name _;
root /var/www/html;
autoindex off;
location /latest/user-data {
rewrite ^/latest/user-data/?$ /userdata/$remote_addr/user-data break;
rewrite ^/latest/user-data$ /userdata/$remote_addr/user-data break;
}
location /latest/meta-data {
rewrite ^/latest/meta-data/?$ /metadata/$remote_addr/meta-data break;
rewrite ^/latest/meta-data/(.+[^/])/?$ /metadata/$remote_addr/$1 break;
rewrite ^/latest/meta-data/(.+)$ /metadata/$remote_addr/$1 break;
rewrite ^/latest/meta-data/$ /metadata/$remote_addr/meta-data break;
}
location /latest/availability-zone {
rewrite ^/latest/availability-zone/?$ /metadata/$remote_addr/availability-zone break;
rewrite ^/latest/availability-zone$ /metadata/$remote_addr/availability-zone break;
}
location /latest/cloud-identifier {
rewrite ^/latest/cloud-identifier/?$ /metadata/$remote_addr/cloud-identifier break;
rewrite ^/latest/cloud-identifier$ /metadata/$remote_addr/cloud-identifier break;
}
location /latest/instance-id {
rewrite ^/latest/instance-id/?$ /metadata/$remote_addr/instance-id break;
rewrite ^/latest/instance-id$ /metadata/$remote_addr/instance-id break;
}
location /latest/local-hostname {
rewrite ^/latest/local-hostname/?$ /metadata/$remote_addr/local-hostname break;
rewrite ^/latest/local-hostname$ /metadata/$remote_addr/local-hostname break;
}
location /latest/local-ipv4 {
rewrite ^/latest/local-ipv4/?$ /metadata/$remote_addr/local-ipv4 break;
rewrite ^/latest/local-ipv4$ /metadata/$remote_addr/local-ipv4 break;
}
location /latest/public-hostname {
rewrite ^/latest/public-hostname/?$ /metadata/$remote_addr/public-hostname break;
rewrite ^/latest/public-hostname$ /metadata/$remote_addr/public-hostname break;
}
location /latest/public-ipv4 {
rewrite ^/latest/public-ipv4/?$ /metadata/$remote_addr/public-ipv4 break;
rewrite ^/latest/public-ipv4$ /metadata/$remote_addr/public-ipv4 break;
}
location /latest/public-keys {
rewrite ^/latest/public-keys/?$ /metadata/$remote_addr/public-keys break;
rewrite ^/latest/public-keys$ /metadata/$remote_addr/public-keys break;
}
location /latest/service-offering {
rewrite ^/latest/service-offering/?$ /metadata/$remote_addr/service-offering break;
rewrite ^/latest/service-offering$ /metadata/$remote_addr/service-offering break;
}
location /latest/vm-id {
rewrite ^/latest/vm-id/?$ /metadata/$remote_addr/vm-id break;
rewrite ^/latest/vm-id$ /metadata/$remote_addr/vm-id break;
}
location /(userdata|metadata)/$remote_addr {
autoindex off;
}
}
""" % (self.ip, self.ip)
filename = "/etc/nginx/conf.d/vhost-%s.conf" % (self.ip)
with open(filename, 'w') as f:
f.write(vhost)
CsHelper.service("nginx", "start")
CsHelper.service("nginx", "reload")
self.fw.append([
"", "front",
"-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 80 -j ACCEPT"
% (self.dev, self.ip)
])
self.fw.append([
"", "front",
"-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 443 -j ACCEPT"
% (self.dev, self.ip)
])
def _redundant_on(self):
guest = self.address.get_guest_if()
# No redundancy if there is no guest network
if self.cl.is_master() or guest is None:
for obj in [o for o in self.address.get_ips() if o.is_public()]:
self.check_is_up(obj.get_device())
if guest is None:
self._redundant_off()
return
CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False)
CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR)
CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False)
for s in self.CS_TEMPLATES:
d = s
if s.endswith(".templ"):
d = s.replace(".templ", "")
CsHelper.copy_if_needed(
"%s/%s" % (self.CS_TEMPLATES_DIR, s), "%s/%s" % (self.CS_ROUTER_DIR, d))
CsHelper.copy(
"%s/%s" % (self.CS_TEMPLATES_DIR, "keepalived.conf.templ"), self.KEEPALIVED_CONF)
CsHelper.copy_if_needed(
"%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ"), self.CONNTRACKD_CONF)
CsHelper.copy_if_needed(
"%s/%s" % (self.CS_TEMPLATES_DIR, "checkrouter.sh.templ"), "/opt/cloud/bin/checkrouter.sh")
CsHelper.execute(
'sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived')
# checkrouter.sh configuration
check_router = CsFile("/opt/cloud/bin/checkrouter.sh")
check_router.greplace("[RROUTER_LOG]", self.RROUTER_LOG)
check_router.commit()
# keepalived configuration
keepalived_conf = CsFile(self.KEEPALIVED_CONF)
keepalived_conf.search(
" router_id ", " router_id %s" % self.cl.get_name())
keepalived_conf.search(
" interface ", " interface %s" % guest.get_device())
keepalived_conf.search(
" virtual_router_id ", " virtual_router_id %s" % self.cl.get_router_id())
keepalived_conf.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR)
keepalived_conf.section("authentication {", "}", [
" auth_type AH \n", " auth_pass %s\n" % self.cl.get_router_password()])
keepalived_conf.section(
"virtual_ipaddress {", "}", self._collect_ips())
keepalived_conf.commit()
# conntrackd configuration
connt = CsFile(self.CONNTRACKD_CONF)
if guest is not None:
connt.section("Multicast {", "}", [
"IPv4_address 225.0.0.50\n",
"Group 3780\n",
"IPv4_interface %s\n" % guest.get_ip(),
"Interface %s\n" % guest.get_device(),
"SndSocketBuffer 1249280\n",
"RcvSocketBuffer 1249280\n",
"Checksum on\n"])
connt.section("Address Ignore {", "}", self._collect_ignore_ips())
connt.commit()
if connt.is_changed():
CsHelper.service("conntrackd", "restart")
# Configure heartbeat cron job - runs every 30 seconds
heartbeat_cron = CsFile("/etc/cron.d/heartbeat")
heartbeat_cron.add("SHELL=/bin/bash", 0)
heartbeat_cron.add(
"PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1)
heartbeat_cron.add(
"* * * * * root $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1)
heartbeat_cron.add(
"* * * * * root sleep 30; $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1)
heartbeat_cron.commit()
# Configure KeepaliveD cron job - runs at every reboot
keepalived_cron = CsFile("/etc/cron.d/keepalived")
keepalived_cron.add("SHELL=/bin/bash", 0)
keepalived_cron.add(
"PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1)
keepalived_cron.add("@reboot root service keepalived start", -1)
keepalived_cron.commit()
# Configure ConntrackD cron job - runs at every reboot
conntrackd_cron = CsFile("/etc/cron.d/conntrackd")
conntrackd_cron.add("SHELL=/bin/bash", 0)
conntrackd_cron.add(
"PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1)
conntrackd_cron.add("@reboot root service conntrackd start", -1)
conntrackd_cron.commit()
proc = CsProcess(['/usr/sbin/keepalived', '--vrrp'])
if not proc.find() or keepalived_conf.is_changed():
CsHelper.service("keepalived", "restart")
def stop(self):
CsHelper.service("cosmic-password-server@%s" % self.ip, "stop")
def restart(self):
CsHelper.service("cosmic-password-server@%s" % self.ip, "restart")
def _redundant_on(self):
guest = self.address.get_guest_if()
# No redundancy if there is no guest network
if guest is None:
self._redundant_off()
return
interfaces = [interface for interface in self.address.get_ips() if interface.is_guest()]
isDeviceReady = False
dev = ''
for interface in interfaces:
if dev == interface.get_device():
continue
dev = interface.get_device()
logging.info("Wait for devices to be configured so we can start keepalived")
devConfigured = CsDevice(dev, self.config).waitfordevice()
if devConfigured:
command = "ip link show %s | grep 'state UP'" % dev
devUp = CsHelper.execute(command)
if devUp:
logging.info("Device %s is present, let's start keepalive now." % dev)
isDeviceReady = True
if not isDeviceReady:
logging.info("Guest network not configured yet, let's stop router redundancy for now.")
CsHelper.service("conntrackd", "stop")
CsHelper.service("keepalived", "stop")
return
CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False)
CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR)
CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False)
for s in self.CS_TEMPLATES:
d = s
if s.endswith(".templ"):
d = s.replace(".templ", "")
CsHelper.copy_if_needed(
"%s/%s" % (self.CS_TEMPLATES_DIR, s), "%s/%s" % (self.CS_ROUTER_DIR, d))
CsHelper.copy_if_needed(
"%s/%s" % (self.CS_TEMPLATES_DIR, "keepalived.conf.templ"), self.KEEPALIVED_CONF)
CsHelper.copy_if_needed(
"%s/%s" % (self.CS_TEMPLATES_DIR, "checkrouter.sh.templ"), "/opt/cloud/bin/checkrouter.sh")
CsHelper.execute(
'sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived')
# checkrouter.sh configuration
check_router = CsFile("/opt/cloud/bin/checkrouter.sh")
check_router.greplace("[RROUTER_LOG]", self.RROUTER_LOG)
check_router.commit()
# keepalived configuration
keepalived_conf = CsFile(self.KEEPALIVED_CONF)
keepalived_conf.search(
" router_id ", " router_id %s" % self.cl.get_name())
keepalived_conf.search(
" interface ", " interface %s" % guest.get_device())
keepalived_conf.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR)
keepalived_conf.section("authentication {", "}", [
" auth_type AH \n", " auth_pass %s\n" % self.cl.get_router_password()])
keepalived_conf.section(
"virtual_ipaddress {", "}", self._collect_ips())
# conntrackd configuration
conntrackd_template_conf = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ")
conntrackd_temp_bkp = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ.bkp")
CsHelper.copy(conntrackd_template_conf, conntrackd_temp_bkp)
conntrackd_tmpl = CsFile(conntrackd_template_conf)
conntrackd_tmpl.section("Multicast {", "}", [
"IPv4_address 225.0.0.50\n",
"Group 3780\n",
"IPv4_interface %s\n" % guest.get_ip(),
"Interface %s\n" % guest.get_device(),
"SndSocketBuffer 1249280\n",
"RcvSocketBuffer 1249280\n",
"Checksum on\n"])
conntrackd_tmpl.section("Address Ignore {", "}", self._collect_ignore_ips())
conntrackd_tmpl.commit()
conntrackd_conf = CsFile(self.CONNTRACKD_CONF)
is_equals = conntrackd_tmpl.compare(conntrackd_conf)
proc = CsProcess(['/etc/conntrackd/conntrackd.conf'])
if not proc.find() or not is_equals:
CsHelper.copy(conntrackd_template_conf, self.CONNTRACKD_CONF)
CsHelper.service("conntrackd", "restart")
# Restore the template file and remove the backup.
CsHelper.copy(conntrackd_temp_bkp, conntrackd_template_conf)
CsHelper.execute("rm -rf %s" % conntrackd_temp_bkp)
# Configure heartbeat cron job - runs every 30 seconds
heartbeat_cron = CsFile("/etc/cron.d/heartbeat")
heartbeat_cron.add("SHELL=/bin/bash", 0)
heartbeat_cron.add(
"PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1)
heartbeat_cron.add(
"* * * * * root $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1)
heartbeat_cron.add(
"* * * * * root sleep 30; $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1)
heartbeat_cron.commit()
proc = CsProcess(['/usr/sbin/keepalived'])
if not proc.find() or keepalived_conf.is_changed():
keepalived_conf.commit()
CsHelper.service("keepalived", "restart")
def _redundant_on(self):
guest = self.address.get_guest_if()
# No redundancy if there is no guest network
if self.cl.is_master() or guest is None:
for obj in [o for o in self.address.get_ips() if o.is_public()]:
self.check_is_up(obj.get_device())
if guest is None:
self._redundant_off()
return
CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False)
CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR)
CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False)
for s in self.CS_TEMPLATES:
d = s
if s.endswith(".templ"):
d = s.replace(".templ", "")
CsHelper.copy_if_needed("%s/%s" % (self.CS_TEMPLATES_DIR, s), "%s/%s" % (self.CS_ROUTER_DIR, d))
CsHelper.copy_if_needed("%s/%s" % (self.CS_TEMPLATES_DIR, "keepalived.conf.templ"), self.KEEPALIVED_CONF)
CsHelper.copy_if_needed("%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ"), self.CONNTRACKD_CONF)
CsHelper.copy_if_needed("%s/%s" % (self.CS_TEMPLATES_DIR, "checkrouter.sh.templ"), "/opt/cloud/bin/checkrouter.sh")
CsHelper.execute('sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived')
# checkrouter.sh configuration
file = CsFile("/opt/cloud/bin/checkrouter.sh")
file.greplace("[RROUTER_LOG]", self.RROUTER_LOG)
file.commit()
# keepalived configuration
file = CsFile(self.KEEPALIVED_CONF)
ads = [o for o in self.address.get_ips() if o.is_public()]
# Add a comment for each public IP. If any change this will cause keepalived to restart
# As things stand keepalived will be configured before the IP is added or deleted
i = 0
for o in ads:
file.addeq("! %s=%s" % (i, o.get_cidr()))
i = i + 1
file.search(" router_id ", " router_id %s" % self.cl.get_name())
file.search(" priority ", " priority %s" % self.cl.get_priority())
file.search(" interface ", " interface %s" % guest.get_device())
file.search(" state ", " state %s" % "EQUAL")
file.search(" virtual_router_id ", " virtual_router_id %s" % self.cl.get_router_id())
file.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR)
file.section("authentication {", "}", [" auth_type AH \n", " auth_pass %s\n" % self.cl.get_router_password()])
file.section("virtual_ipaddress {", "}", self._collect_ips())
file.commit()
# conntrackd configuration
connt = CsFile(self.CONNTRACKD_CONF)
if guest is not None:
connt.section("Multicast {", "}", [
"IPv4_address 225.0.0.50\n",
"Group 3780\n",
"IPv4_interface %s\n" % guest.get_ip(),
"Interface %s\n" % guest.get_device(),
"SndSocketBuffer 1249280\n",
"RcvSocketBuffer 1249280\n",
"Checksum on\n"])
connt.section("Address Ignore {", "}", self._collect_ignore_ips())
connt.commit()
if connt.is_changed():
CsHelper.service("conntrackd", "restart")
if file.is_changed():
CsHelper.service("keepalived", "reload")
# Configure heartbeat cron job
cron = CsFile("/etc/cron.d/heartbeat")
cron.add("SHELL=/bin/bash", 0)
cron.add("PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1)
cron.add("*/1 * * * * root $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1)
cron.commit()
proc = CsProcess(['/usr/sbin/keepalived', '--vrrp'])
if not proc.find():
CsHelper.service("keepalived", "restart")
def remove(self):
file = "/etc/nginx/conf.d/vhost-%s.conf" % self.dev
if os.path.isfile(file):
os.remove(file)
CsHelper.service("nginx", "reload")
def restart(self):
CsHelper.service("cloud-password-server@%s" % self.ip, "restart")
def start(self):
CsHelper.service("cloud-password-server@%s" % self.ip, "start")
def stop(self):
CsHelper.service("cloud-password-server@%s" % self.ip, "stop")
def remove(self):
file = "/etc/apache2/sites-enabled/vhost-%s.conf" % self.dev
if os.path.isfile(file):
os.remove(file)
CsHelper.service("apache2", "restart")
def set_primary(self):
""" Set the current router to primary """
if not self.cl.is_redundant():
logging.error("Set primary called on non-redundant router")
return
self.set_lock()
logging.debug("Setting router to primary")
dev = ''
interfaces = [
interface for interface in self.address.get_interfaces()
if interface.is_public()
]
route = CsRoute()
for interface in interfaces:
if dev == interface.get_device():
continue
dev = interface.get_device()
logging.info("Will proceed configuring device ==> %s" % dev)
cmd = "ip link set %s up" % dev
if CsDevice(dev, self.config).waitfordevice():
CsHelper.execute(cmd)
logging.info("Bringing public interface %s up" % dev)
try:
gateway = interface.get_gateway()
logging.info("Adding gateway ==> %s to device ==> %s" %
(gateway, dev))
if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]:
route.add_defaultroute(gateway)
except Exception:
logging.error("ERROR getting gateway from device %s" % dev)
if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]:
try:
self._add_ipv6_to_interface(interface,
interface.get_ip6())
if interface.get_gateway6():
route.add_defaultroute_v6(interface.get_gateway6())
except Exception as e:
logging.error(
"ERROR adding IPv6, getting IPv6 gateway from device %s: %s"
% (dev, e))
else:
logging.error("Device %s was not ready could not bring it up" %
dev)
self._add_ipv6_guest_gateway()
logging.debug("Configuring static routes")
static_routes = CsStaticRoutes("staticroutes", self.config)
static_routes.process()
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -c" % cmd)
CsHelper.execute("%s -f" % cmd)
CsHelper.execute("%s -R" % cmd)
CsHelper.execute("%s -B" % cmd)
CsHelper.service("ipsec", "restart")
CsHelper.service("xl2tpd", "restart")
interfaces = [
interface for interface in self.address.get_interfaces()
if interface.needs_vrrp()
]
for interface in interfaces:
if interface.is_added():
CsPasswdSvc(interface.get_gateway() + "," +
interface.get_ip()).restart()
CsHelper.service("dnsmasq", "restart")
self.cl.set_primary_state(True)
self.cl.save()
self.release_lock()
interfaces = [
interface for interface in self.address.get_interfaces()
if interface.is_public()
]
CsHelper.reconfigure_interfaces(self.cl, interfaces)
public_devices = list(
set([interface.get_device() for interface in interfaces]))
if len(public_devices) > 1:
# Handle specific failures when multiple public interfaces
public_devices.sort()
# Ensure the default route is added, or outgoing traffic from VMs with static NAT on
# the subsequent interfaces will go from the wrong IP
route = CsRoute()
dev = ''
for interface in interfaces:
if dev == interface.get_device():
continue
dev = interface.get_device()
gateway = interface.get_gateway()
if gateway:
route.add_route(dev, gateway)
# The first public interface has a static MAC address between VRs. Subsequent ones don't,
# so an ARP announcement is needed on failover
for device in public_devices[1:]:
logging.info("Sending garp messages for IPs on %s" % device)
for interface in interfaces:
if interface.get_device() == device:
CsHelper.execute("arping -I %s -U %s -c 1" %
(device, interface.get_ip()))
logging.info("Router switched to primary mode")
def remove(self):
file = "/etc/apache2/conf.d/vhost%s.conf" % self.dev
if os.path.isfile(file):
os.remove(file)
CsHelper.service("apache2", "restart")
def _redundant_on(self):
guest = self.address.get_guest_if()
# No redundancy if there is no guest network
if guest is None:
self.set_backup()
self._redundant_off()
return
interfaces = [
interface for interface in self.address.get_interfaces()
if interface.is_guest()
]
isDeviceReady = False
dev = ''
for interface in interfaces:
if dev == interface.get_device():
continue
dev = interface.get_device()
logging.info(
"Wait for devices to be configured so we can start keepalived")
devConfigured = CsDevice(dev, self.config).waitfordevice()
if devConfigured:
command = "ip link show %s | grep 'state UP'" % dev
devUp = CsHelper.execute(command)
if devUp:
logging.info(
"Device %s is present, let's start keepalived now." %
dev)
isDeviceReady = True
if not isDeviceReady:
logging.info(
"Guest network not configured yet, let's stop router redundancy for now."
)
CsHelper.service("conntrackd", "stop")
CsHelper.service("keepalived", "stop")
return
CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False)
CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR)
CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False)
for s in self.CS_TEMPLATES:
d = s
if s.endswith(".templ"):
d = s.replace(".templ", "")
CsHelper.copy_if_needed("%s/%s" % (self.CS_TEMPLATES_DIR, s),
"%s/%s" % (self.CS_ROUTER_DIR, d))
CsHelper.copy_if_needed(
"%s/%s" % (self.CS_TEMPLATES_DIR, "keepalived.conf.templ"),
self.KEEPALIVED_CONF)
CsHelper.copy_if_needed(
"%s/%s" % (self.CS_TEMPLATES_DIR, "checkrouter.sh.templ"),
"/opt/cloud/bin/checkrouter.sh")
CsHelper.execute(
'sed -i "s/--exec $DAEMON;/--exec $DAEMON -- --vrrp;/g" /etc/init.d/keepalived'
)
# checkrouter.sh configuration
check_router = CsFile("/opt/cloud/bin/checkrouter.sh")
check_router.greplace("[RROUTER_LOG]", self.RROUTER_LOG)
check_router.commit()
# keepalived configuration
keepalived_conf = CsFile(self.KEEPALIVED_CONF)
keepalived_conf.search(" router_id ",
" router_id %s" % self.cl.get_name())
keepalived_conf.search(" interface ",
" interface %s" % guest.get_device())
keepalived_conf.search(" advert_int ",
" advert_int %s" % self.cl.get_advert_int())
keepalived_conf.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR)
keepalived_conf.section("authentication {", "}", [
" auth_type AH \n",
" auth_pass %s\n" % self.cl.get_router_password()[:8]
])
keepalived_conf.section("virtual_ipaddress {", "}",
self._collect_ips())
# conntrackd configuration
conntrackd_template_conf = "%s/%s" % (self.CS_TEMPLATES_DIR,
"conntrackd.conf.templ")
conntrackd_temp_bkp = "%s/%s" % (self.CS_TEMPLATES_DIR,
"conntrackd.conf.templ.bkp")
CsHelper.copy(conntrackd_template_conf, conntrackd_temp_bkp)
conntrackd_tmpl = CsFile(conntrackd_template_conf)
conntrackd_tmpl.section("Multicast {", "}", [
"IPv4_address 225.0.0.50\n", "Group 3780\n",
"IPv4_interface %s\n" % guest.get_ip(),
"Interface %s\n" % guest.get_device(), "SndSocketBuffer 1249280\n",
"RcvSocketBuffer 1249280\n", "Checksum on\n"
])
conntrackd_tmpl.section("Address Ignore {", "}",
self._collect_ignore_ips())
conntrackd_tmpl.commit()
conntrackd_conf = CsFile(self.CONNTRACKD_CONF)
is_equals = conntrackd_tmpl.compare(conntrackd_conf)
force_keepalived_restart = False
proc = CsProcess(['/etc/conntrackd/conntrackd.conf'])
if not proc.find() or not is_equals:
CsHelper.copy(conntrackd_template_conf, self.CONNTRACKD_CONF)
CsHelper.service("conntrackd", "restart")
force_keepalived_restart = True
# Restore the template file and remove the backup.
CsHelper.copy(conntrackd_temp_bkp, conntrackd_template_conf)
CsHelper.execute("rm -rf %s" % conntrackd_temp_bkp)
# Configure heartbeat cron job - runs every 30 seconds
heartbeat_cron = CsFile("/etc/cron.d/heartbeat")
heartbeat_cron.add("SHELL=/bin/bash", 0)
heartbeat_cron.add(
"PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin",
1)
heartbeat_cron.add(
"* * * * * root $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" %
self.CS_ROUTER_DIR, -1)
heartbeat_cron.add(
"* * * * * root sleep 30; $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null"
% self.CS_ROUTER_DIR, -1)
heartbeat_cron.commit()
proc = CsProcess(['/usr/sbin/keepalived'])
if not proc.find():
force_keepalived_restart = True
if keepalived_conf.is_changed() or force_keepalived_restart:
keepalived_conf.commit()
os.chmod(self.KEEPALIVED_CONF, 0o644)
if force_keepalived_restart or not self.cl.is_primary():
CsHelper.service("keepalived", "restart")
else:
CsHelper.service("keepalived", "reload")
def _redundant_on(self):
guest = self.address.get_guest_if()
# No redundancy if there is no guest network
if guest is None:
self._redundant_off()
return
CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False)
CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR)
CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False)
for s in self.CS_TEMPLATES:
d = s
if s.endswith(".templ"):
d = s.replace(".templ", "")
CsHelper.copy_if_needed(
"%s/%s" % (self.CS_TEMPLATES_DIR, s), "%s/%s" % (self.CS_ROUTER_DIR, d))
CsHelper.copy_if_needed(
"%s/%s" % (self.CS_TEMPLATES_DIR, "keepalived.conf.templ"), self.KEEPALIVED_CONF)
CsHelper.copy_if_needed(
"%s/%s" % (self.CS_TEMPLATES_DIR, "checkrouter.sh.templ"), "/opt/cloud/bin/checkrouter.sh")
CsHelper.execute(
'sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived')
# checkrouter.sh configuration
check_router = CsFile("/opt/cloud/bin/checkrouter.sh")
check_router.greplace("[RROUTER_LOG]", self.RROUTER_LOG)
check_router.commit()
# keepalived configuration
keepalived_conf = CsFile(self.KEEPALIVED_CONF)
keepalived_conf.search(
" router_id ", " router_id %s" % self.cl.get_name())
keepalived_conf.search(
" interface ", " interface %s" % guest.get_device())
keepalived_conf.search(
" virtual_router_id ", " virtual_router_id %s" % self.cl.get_router_id())
keepalived_conf.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR)
keepalived_conf.section("authentication {", "}", [
" auth_type AH \n", " auth_pass %s\n" % self.cl.get_router_password()])
keepalived_conf.section(
"virtual_ipaddress {", "}", self._collect_ips())
# conntrackd configuration
conntrackd_template_conf = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ")
conntrackd_temp_bkp = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ.bkp")
CsHelper.copy(conntrackd_template_conf, conntrackd_temp_bkp)
conntrackd_tmpl = CsFile(conntrackd_template_conf)
if guest is not None:
conntrackd_tmpl.section("Multicast {", "}", [
"IPv4_address 225.0.0.50\n",
"Group 3780\n",
"IPv4_interface %s\n" % guest.get_ip(),
"Interface %s\n" % guest.get_device(),
"SndSocketBuffer 1249280\n",
"RcvSocketBuffer 1249280\n",
"Checksum on\n"])
conntrackd_tmpl.section("Address Ignore {", "}", self._collect_ignore_ips())
conntrackd_tmpl.commit()
conntrackd_conf = CsFile(self.CONNTRACKD_CONF)
is_equals = conntrackd_tmpl.compare(conntrackd_conf)
proc = CsProcess(['/etc/conntrackd/conntrackd.conf'])
if not proc.find() or not is_equals:
CsHelper.copy(conntrackd_template_conf, self.CONNTRACKD_CONF)
CsHelper.service("conntrackd", "restart")
# Restore the template file and remove the backup.
CsHelper.copy(conntrackd_temp_bkp, conntrackd_template_conf)
CsHelper.execute("rm -rf %s" % conntrackd_temp_bkp)
# Configure heartbeat cron job - runs every 30 seconds
heartbeat_cron = CsFile("/etc/cron.d/heartbeat")
heartbeat_cron.add("SHELL=/bin/bash", 0)
heartbeat_cron.add(
"PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1)
heartbeat_cron.add(
"* * * * * root $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1)
heartbeat_cron.add(
"* * * * * root sleep 30; $SHELL %s/check_heartbeat.sh 2>&1 > /dev/null" % self.CS_ROUTER_DIR, -1)
heartbeat_cron.commit()
# Configure KeepaliveD cron job - runs at every reboot
keepalived_cron = CsFile("/etc/cron.d/keepalived")
keepalived_cron.add("SHELL=/bin/bash", 0)
keepalived_cron.add(
"PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1)
keepalived_cron.add("@reboot root service keepalived start", -1)
keepalived_cron.commit()
# Configure ConntrackD cron job - runs at every reboot
conntrackd_cron = CsFile("/etc/cron.d/conntrackd")
conntrackd_cron.add("SHELL=/bin/bash", 0)
conntrackd_cron.add(
"PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1)
conntrackd_cron.add("@reboot root service conntrackd start", -1)
conntrackd_cron.commit()
proc = CsProcess(['/usr/sbin/keepalived'])
if not proc.find() or keepalived_conf.is_changed():
keepalived_conf.commit()
CsHelper.service("keepalived", "restart")
