def save_config(self, config, interface_map):
"""
Save iptables-persistent firewall rules to disk.
:param config: The akanda configuration to save to disk
:type config: akanda.rug.models.Configuration
:param interface_map: A mapping of virtual ('ge0') to physical ('eth0')
interface names
:type interface_map: dict
"""
rules = itertools.chain(
self._build_filter_table(config), self._build_nat_table(config), self._build_raw_table(config)
)
for version, rules in zip((4, 6), itertools.tee(rules)):
data = "\n".join(map(str, [r for r in rules if getattr(r, "for_v%s" % version)]))
# Map virtual interface names
real_name = interface_map.get("ge0")[:-1]
ifname_re = "\-(?P<flag>i|o)(?P<ws>[\s!])(?P<not>!?)(?P<if>ge)(?P<no>\d+)" # noqa
ifname_sub = r"-\g<flag>\g<ws>\g<not>%s\g<no>" % real_name
data = re.sub(ifname_re, ifname_sub, data) + "\n"
utils.replace_file("/tmp/ip%stables.rules" % version, data)
utils.execute(
["mv", "/tmp/ip%stables.rules" % version, "/etc/iptables/rules.v%s" % version], self.root_helper
)
def save_config(self, config, interface_map):
'''
Save iptables-persistent firewall rules to disk.
:param config: The akanda configuration to save to disk
:type config: akanda.rug.models.Configuration
:param interface_map: A mapping of virtual ('ge0') to physical ('eth0')
interface names
:type interface_map: dict
'''
rules = itertools.chain(self._build_filter_table(config),
self._build_nat_table(config),
self._build_raw_table(config))
for version, rules in zip((4, 6), itertools.tee(rules)):
data = '\n'.join(
map(str,
[r for r in rules if getattr(r, 'for_v%s' % version)]))
# Map virtual interface names
real_name = interface_map.get('ge0')[:-1]
ifname_re = '\-(?P<flag>i|o)(?P<ws>[\s!])(?P<not>!?)(?P<if>ge)(?P<no>\d+)' # noqa
ifname_sub = r'-\g<flag>\g<ws>\g<not>%s\g<no>' % real_name
data = re.sub(ifname_re, ifname_sub, data) + '\n'
utils.replace_file('/tmp/ip%stables.rules' % version, data)
utils.execute([
'mv',
'/tmp/ip%stables.rules' % version,
'/etc/iptables/rules.v%s' % version
], self.root_helper)
def save_config(self, config):
config_data = build_config(config)
replace_file(
'/tmp/metadata.conf',
json.dumps(config_data, sort_keys=True)
)
execute(['mv', '/tmp/metadata.conf', CONF_PATH], self.root_helper)
def update_network_dhcp_config(self, ifname, network):
if network.is_tenant_network:
config_data = self._build_dhcp_config(ifname, network)
else:
config_data = self._build_disabled_config(ifname)
file_path = os.path.join(CONF_DIR, '%s.conf' % ifname)
utils.replace_file('/tmp/dnsmasq.conf', config_data)
utils.execute(['mv', '/tmp/dnsmasq.conf', file_path], self.root_helper)
def update_hosts(self, config):
mgr = ip.IPManager()
listen_ip = mgr.get_management_address()
config_data = [
'127.0.0.1 localhost',
'::1 localhost ip6-localhost ip6-loopback',
'%s %s' % (listen_ip, config.hostname)
]
utils.replace_file('/tmp/hosts', '\n'.join(config_data))
utils.execute(['mv', '/tmp/hosts', '/etc/hosts'], self.root_helper)
def update_hosts(self, config):
mgr = ip.IPManager()
listen_ip = mgr.get_management_address()
config_data = [
'127.0.0.1 localhost',
'::1 localhost ip6-localhost ip6-loopback',
'%s %s' % (listen_ip, config.hostname)
]
utils.replace_file('/tmp/hosts', '\n'.join(config_data))
utils.execute(['mv', '/tmp/hosts', '/etc/hosts'], self.root_helper)
def _output_hosts_file(self):
"""Writes a dnsmasq compatible hosts file."""
r = re.compile('[:.]')
buf = StringIO()
for alloc in self.allocations:
name = '%s.%s' % (r.sub('-', alloc.ip_address),
self.domain)
buf.write('%s,%s,%s\n' %
(alloc.mac_address, name, alloc.ip_address))
replace_file(HOSTS_FILE, buf.getvalue())
def save_config(self, config):
"""
Writes <config> to the metadata configuration file (<CONF_PATH>).
:type config: akanda.router.models.Configuration
:param config: An akanda.router.models.Configuration object containing
the configuration of metadata service.
"""
config_data = build_config(config)
replace_file('/tmp/metadata.conf',
json.dumps(config_data, sort_keys=True))
execute(['mv', '/tmp/metadata.conf', CONF_PATH], self.root_helper)
def update_hosts(self, config):
mgt_addr = config.management_address
if not mgt_addr:
return
config_data = [
'127.0.0.1 localhost',
'::1 localhost ip6-localhost ip6-loopback',
'%s %s' % (mgt_addr, config.hostname)
]
utils.replace_file('/tmp/hosts', '\n'.join(config_data))
utils.execute(['mv', '/tmp/hosts', '/etc/hosts'], self.root_helper)
def _output_opts_file(self):
"""Write a dnsmasq compatible options file."""
# TODO (mark): add support for nameservers
options = []
for interface in self.interfaces:
options.append((self.tags[interface.ip],
'option',
'router',
interface.ip))
# XXX name is never used; please fix (remove it or use it)
name = self.get_conf_file_name('opts')
replace_file(OPTS_FILE,
'\n'.join(['tag:%s,%s:%s,%s' % o for o in options]))
def save_config(self, config, if_map):
"""
Writes config file for bird daemon.
:type config: akanda.router.models.Configuration
:param config:
:type if_map: dict
:param if_map: A (dict) mapping of generic to physical hostname, e.g.:
{'ge0': 'eth0', 'ge1': 'eth1'}
"""
config_data = build_config(config, if_map)
utils.replace_file('/tmp/bird6.conf', config_data)
utils.execute(['mv', '/tmp/bird6.conf', CONF_PATH], self.root_helper)
def save_config(self, config):
"""
Writes <config> to the metadata configuration file (<CONF_PATH>).
:type config: akanda.router.models.Configuration
:param config: An akanda.router.models.Configuration object containing
the configuration of metadata service.
"""
config_data = build_config(config)
replace_file(
'/tmp/metadata.conf',
json.dumps(config_data, sort_keys=True)
)
execute(['mv', '/tmp/metadata.conf', CONF_PATH], self.root_helper)
def update_network_dhcp_config(self, ifname, network):
"""
Updates the dnsmasq.conf config, enabling dhcp configuration for nova
networks that are mapped to tenants and disabling networks that do not
map to tenants.
:type ifname: str
:param ifname:
:type network:
:param network:
"""
if network.is_tenant_network:
config_data = self._build_dhcp_config(ifname, network)
else:
config_data = self._build_disabled_config(ifname)
file_path = os.path.join(CONF_DIR, '%s.conf' % ifname)
utils.replace_file('/tmp/dnsmasq.conf', config_data)
utils.execute(['mv', '/tmp/dnsmasq.conf', file_path], self.root_helper)
def update_network_dhcp_config(self, ifname, network):
"""
Updates the dnsmasq.conf config, enabling dhcp configuration for nova
networks that are mapped to tenants and disabling networks that do not
map to tenants.
:type ifname: str
:param ifname:
:type network:
:param network:
"""
if network.is_tenant_network:
config_data = self._build_dhcp_config(ifname, network)
else:
config_data = self._build_disabled_config(ifname)
file_path = os.path.join(CONF_DIR, '%s.conf' % ifname)
utils.replace_file('/tmp/dnsmasq.conf', config_data)
utils.execute(['mv', '/tmp/dnsmasq.conf', file_path], self.root_helper)
def save_config(self, config, if_map):
config_data = build_config(config, if_map)
replace_file('/tmp/bird6.conf', config_data)
execute(['mv', '/tmp/bird6.conf', CONF_PATH], self.root_helper)
def update_hostname(self, config):
self.sudo(config.hostname)
utils.replace_file('/tmp/hostname', config.hostname)
utils.execute(
['mv', '/tmp/hostname', '/etc/hostname'], self.root_helper
)
def update_hostname(self, config):
self.sudo(config.hostname)
utils.replace_file('/tmp/hostname', config.hostname)
utils.execute(['mv', '/tmp/hostname', '/etc/hostname'],
self.root_helper)
def update_conf(self, conf_data):
replace_file('/tmp/pf.conf', conf_data)
execute(['mv', '/tmp/pf.conf', '/etc/pf.conf'], self.root_helper)
self.sudo('-f', '/etc/pf.conf')
