def post_config_change(self, method): route = CsRoute(self.dev) route.routeTable() route.add(self.address, method) self.fw_router() self.fw_vpcrouter() # On deletion nw_type will no longer be known if self.get_type() in ["guest"] and self.config.is_vpc(): CsDevice(self.dev, self.config).configure_rp() logging.error( "Not able to setup sourcenat for a regular router yet") dns = CsDnsmasq(self) dns.add_firewall_rules() app = CsApache(self) app.setup() # If redundant then this is dealt with by the master backup functions if self.get_type() in ["guest"] and not self.config.cl.is_redundant(): pwdsvc = CsPasswdSvc(self.address['public_ip']).start() if self.get_type() == "public" and self.config.is_vpc(): if self.address["source_nat"]: vpccidr = self.config.cmdline().get_vpccidr() self.fw.append([ "filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr) ]) self.fw.append([ "nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip']) ])
def post_config_change(self, method): route = CsRoute() if method == "add": route.add_table(self.dev) route.add_route(self.dev, str(self.address["network"])) elif method == "delete": logging.warn("delete route not implemented") self.fw_router() self.fw_vpcrouter() # On deletion nw_type will no longer be known if self.get_type() in ["guest"] and self.config.is_vpc(): CsDevice(self.dev, self.config).configure_rp() logging.error( "Not able to setup source-nat for a regular router yet") dns = CsDnsmasq(self) dns.add_firewall_rules() app = CsApache(self) app.setup() cmdline = self.config.cmdline() # If redundant then this is dealt with by the master backup functions if self.get_type() in ["guest"] and not cmdline.is_redundant(): pwdsvc = CsPasswdSvc(self.address['public_ip']).start() if self.get_type() == "public" and self.config.is_vpc(): if self.address["source_nat"]: vpccidr = cmdline.get_vpccidr() self.fw.append( ["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)]) self.fw.append( ["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip'])])
def post_config_change(self, method): route = CsRoute() if method == "add": route.add_table(self.dev) route.add_route(self.dev, str(self.address["network"])) elif method == "delete": logging.warn("delete route not implemented") self.fw_router() self.fw_vpcrouter() # On deletion nw_type will no longer be known if self.get_type() in ('guest'): if self.config.is_vpc() or self.config.is_router(): CsDevice(self.dev, self.config).configure_rp() logging.error( "Not able to setup source-nat for a regular router yet") if self.config.has_dns() or self.config.is_dhcp(): dns = CsDnsmasq(self) dns.add_firewall_rules() if self.config.has_metadata(): app = CsApache(self) app.setup() cmdline = self.config.cmdline() # Start passwd server on non-redundant routers and on the master router of redundant pairs # CsRedundant will handle fail-over. if self.get_type() in ["guest"] and (not self.cl.is_redundant() or self.cl.is_master()): CsPasswdSvc(self.address['public_ip']).start() elif self.get_type() in ["guest"]: # Or else make sure it's stopped CsPasswdSvc(self.address['public_ip']).stop() if self.get_type() == "public" and self.config.is_vpc(): if self.address["source_nat"]: logging.info("Adding SourceNAT for interface %s to %s" % (self.dev, self.address['public_ip'])) self.fw.append([ "nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip']) ]) else: logging.info( "Not adding SourceNAT for interface %s to %s, because source_nat=False" % (self.dev, self.address['public_ip']))
def post_config_change(self, method): route = CsRoute() if method == "add": route.add_table(self.dev) route.add_route(self.dev, str(self.address["network"])) elif method == "delete": logging.warn("delete route not implemented") self.fw_router() self.fw_vpcrouter() # On deletion nw_type will no longer be known if self.get_type() in ('guest'): if self.config.is_vpc() or self.config.is_router(): CsDevice(self.dev, self.config).configure_rp() logging.error( "Not able to setup source-nat for a regular router yet") if self.config.has_dns() or self.config.is_dhcp(): dns = CsDnsmasq(self) dns.add_firewall_rules() if self.config.has_metadata(): app = CsApache(self) app.setup() cmdline = self.config.cmdline() # If redundant then this is dealt with by the master backup functions if self.get_type() in ["guest"] and not cmdline.is_redundant(): pwdsvc = CsPasswdSvc(self.address['public_ip']).start() if self.get_type() == "public" and self.config.is_vpc(): if self.address["source_nat"]: vpccidr = cmdline.get_vpccidr() self.fw.append([ "filter", 3, "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr) ]) self.fw.append([ "nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip']) ])
def post_config_change(self, method): route = CsRoute() if method == "add": route.add_table(self.dev) route.add_route(self.dev, str(self.address["network"])) elif method == "delete": logging.warn("delete route not implemented") self.fw_router() self.fw_vpcrouter() # On deletion nw_type will no longer be known if self.get_type() in ["guest"] and self.config.is_vpc(): CsDevice(self.dev, self.config).configure_rp() logging.error("Not able to setup source-nat for a regular router yet") dns = CsDnsmasq(self) dns.add_firewall_rules() app = CsApache(self) app.setup() cmdline = self.config.cmdline() # Start passwd server on non-redundant routers and on the master router of redundant pairs # CsRedundant will handle fail-over. if self.get_type() in ["guest"] and (not self.cl.is_redundant() or self.cl.is_master()): CsPasswdSvc(self.address["public_ip"]).start() elif self.get_type() in ["guest"]: # Or else make sure it's stopped CsPasswdSvc(self.address["public_ip"]).stop() if self.get_type() == "public" and self.config.is_vpc(): if self.address["source_nat"]: vpccidr = cmdline.get_vpccidr() self.fw.append(["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)]) self.fw.append( ["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address["public_ip"])] )
def post_config_change(self, method): route = CsRoute() tableName = "Table_" + self.dev if method == "add": if not self.config.is_vpc(): if self.get_type() in ["public"]: route.set_route( "table %s throw %s proto static" % (tableName, self.config.address().dbag['eth0'][0]['network'])) route.set_route( "table %s throw %s proto static" % (tableName, self.config.address().dbag['eth1'][0]['network'])) # add 'default via gateway' rule in the device specific routing table if "gateway" in self.address and self.address[ "gateway"] and self.address["gateway"] != "None": route.add_route(self.dev, self.address["gateway"]) if "network" in self.address and self.address["network"]: route.add_network_route(self.dev, str(self.address["network"])) if self.get_type() in ["public"]: CsRule(self.dev).addRule("from " + str(self.address["network"])) if self.config.is_vpc(): if self.get_type() in [ "public" ] and "gateway" in self.address and self.address[ "gateway"] and self.address["gateway"] != "None": route.add_route(self.dev, self.address["gateway"]) for inf, addresses in self.config.address().dbag.iteritems( ): if not inf.startswith("eth"): continue for address in addresses: if "nw_type" in address and address[ "nw_type"] == "guest": route.add_network_route( self.dev, str(address["network"])) route.add_network_route(self.dev, str(self.address["network"])) CsHelper.execute("sudo ip route flush cache") elif method == "delete": # treat the last IP to be dis-associated with interface as special case to clean up the routing rules if self.get_type() in [ "public" ] and (not self.config.is_vpc()) and (len(self.iplist) == 0): CsHelper.execute("sudo ip rule delete table " + tableName) CsHelper.execute("sudo ip route flush table " + tableName) CsHelper.execute("sudo ip route flush cache") CsRule(self.dev).delMark() self.fw_router() self.fw_vpcrouter() cmdline = self.config.cmdline() # On deletion nw_type will no longer be known if self.get_type() in ('guest'): if self.config.is_vpc() or self.config.is_router(): CsDevice(self.dev, self.config).configure_rp() logging.error( "Not able to setup source-nat for a regular router yet") if (self.config.has_dns() or self.config.is_dhcp()) and self.config.expose_dns(): logging.info("Making dns publicly available") dns = CsDnsmasq(self) dns.add_firewall_rules() else: logging.info("Not making dns publicly available") if self.config.has_metadata(): app = CsApache(self) app.setup() # If redundant then this is dealt with # by the primary backup functions if not cmdline.is_redundant(): if method == "add": CsPasswdSvc(self.address['public_ip']).start() elif method == "delete": CsPasswdSvc(self.address['public_ip']).stop() elif cmdline.is_primary(): if method == "add": CsPasswdSvc(self.get_gateway() + "," + self.address['public_ip']).start() elif method == "delete": CsPasswdSvc(self.get_gateway() + "," + self.address['public_ip']).stop() if self.get_type() == "public" and self.config.is_vpc( ) and method == "add": if self.address["source_nat"]: vpccidr = cmdline.get_vpccidr() self.fw.append([ "filter", 3, "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr) ]) self.fw.append([ "nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip']) ])
def post_config_change(self, method): route = CsRoute() tableName = "Table_" + self.dev if method == "add": if not self.config.is_vpc(): # treat the first IP on a interface as special case to set up the routing rules if self.get_type() in ["public"] and (len(self.iplist) == 1): CsHelper.execute("sudo ip route add throw " + self.config.address().dbag['eth0'][0]['network'] + " table " + tableName + " proto static") CsHelper.execute("sudo ip route add throw " + self.config.address().dbag['eth1'][0]['network'] + " table " + tableName + " proto static") # add 'defaul via gateway' rule in the device specific routing table if "gateway" in self.address and self.address["gateway"] != "None": route.add_route(self.dev, self.address["gateway"]) route.add_network_route(self.dev, str(self.address["network"])) if self.get_type() in ["public"]: CsRule(self.dev).addRule("from " + str(self.address["network"])) if self.config.is_vpc(): if self.get_type() in ["public"] and "gateway" in self.address and self.address["gateway"] != "None": route.add_route(self.dev, self.address["gateway"]) for inf, addresses in self.config.address().dbag.iteritems(): if not inf.startswith("eth"): continue for address in addresses: if "nw_type" in address and address["nw_type"] == "guest": route.add_network_route(self.dev, str(address["network"])) route.add_network_route(self.dev, str(self.address["network"])) CsHelper.execute("sudo ip route flush cache") elif method == "delete": # treat the last IP to be dis-associated with interface as special case to clean up the routing rules if self.get_type() in ["public"] and (not self.config.is_vpc()) and (len(self.iplist) == 0): CsHelper.execute("sudo ip rule delete table " + tableName) CsHelper.execute("sudo ip route flush table " + tableName) CsHelper.execute("sudo ip route flush cache") CsRule(self.dev).delMark() self.fw_router() self.fw_vpcrouter() cmdline = self.config.cmdline() # On deletion nw_type will no longer be known if self.get_type() in ('guest'): if self.config.is_vpc() or self.config.is_router(): CsDevice(self.dev, self.config).configure_rp() logging.error( "Not able to setup source-nat for a regular router yet") if self.config.has_dns() or self.config.is_dhcp(): dns = CsDnsmasq(self) dns.add_firewall_rules() if self.config.has_metadata(): app = CsApache(self) app.setup() # If redundant then this is dealt with # by the master backup functions if not cmdline.is_redundant(): if method == "add": CsPasswdSvc(self.address['public_ip']).start() elif method == "delete": CsPasswdSvc(self.address['public_ip']).stop() if self.get_type() == "public" and self.config.is_vpc() and method == "add": if self.address["source_nat"]: vpccidr = cmdline.get_vpccidr() self.fw.append( ["filter", 3, "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)]) self.fw.append( ["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip'])])