mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-23 17:33:56 +03:00
31de7daa40
Signed-off-by: Ricardo Diaz <rdiaz@opennebula.systems>
107 lines
3.9 KiB
Ruby
Executable File
107 lines
3.9 KiB
Ruby
Executable File
#!/usr/bin/env ruby
|
|
|
|
# -------------------------------------------------------------------------- #
|
|
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
|
|
# #
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
|
# not use this file except in compliance with the License. You may obtain #
|
|
# a copy of the License at #
|
|
# #
|
|
# http://www.apache.org/licenses/LICENSE-2.0 #
|
|
# #
|
|
# Unless required by applicable law or agreed to in writing, software #
|
|
# distributed under the License is distributed on an "AS IS" BASIS, #
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
|
# See the License for the specific language governing permissions and #
|
|
# limitations under the License. #
|
|
#--------------------------------------------------------------------------- #
|
|
|
|
MAP_VNETS_START_SCRIPT_LOGFILE = '/var/log/map_vnets_start_script.log'
|
|
|
|
IPTABLES_NAT_PREFIX = 'iptables -tnat'
|
|
|
|
CHAIN_VROUTER_SNAT = 'chain-vrouter-snat'
|
|
CHAIN_VROUTER_DNAT = 'chain-vrouter-dnat'
|
|
|
|
require 'json'
|
|
require 'logger'
|
|
require 'tempfile'
|
|
|
|
log = Logger.new(MAP_VNETS_START_SCRIPT_LOGFILE.to_s, 'daily')
|
|
log.level = Logger::INFO
|
|
|
|
log.info 'map_vnets_start_script executed'
|
|
|
|
service = JSON.parse(`onegate service show --json --extended`)
|
|
log.debug "Service: #{service}"
|
|
|
|
sdnats = []
|
|
|
|
roles = service['SERVICE']['roles'].flatten
|
|
roles.each do |role|
|
|
next unless role['nodes']
|
|
|
|
role['nodes'].each do |node|
|
|
nic_aliases = [node['vm_info']['VM']['TEMPLATE']['NIC_ALIAS']].flatten
|
|
next unless nic_aliases.any?
|
|
|
|
nics = [node['vm_info']['VM']['TEMPLATE']['NIC']].flatten
|
|
nic_aliases.each do |nic_alias|
|
|
nic = nics.detect {|n| n['NAME'] == nic_alias['PARENT'] }
|
|
sdnats << { 'NIC' => nic['IP'], 'NIC_ALIAS' => nic_alias['IP'] }
|
|
end
|
|
end
|
|
end
|
|
|
|
log.debug "IPs: #{sdnats}"
|
|
|
|
rules = ''
|
|
|
|
begin
|
|
f = Tempfile.new
|
|
|
|
f << `iptables -tnat -S #{CHAIN_VROUTER_DNAT} >/dev/null 2>&1 ||\
|
|
echo "-N #{CHAIN_VROUTER_DNAT}"`
|
|
f << `iptables -tnat -S #{CHAIN_VROUTER_SNAT} >/dev/null 2>&1 ||\
|
|
echo "-N #{CHAIN_VROUTER_SNAT}"`
|
|
f << `iptables -tnat -C PREROUTING -j #{CHAIN_VROUTER_DNAT} 2>/dev/null ||\
|
|
echo "-A PREROUTING -j #{CHAIN_VROUTER_DNAT}"`
|
|
f << `iptables -tnat -C POSTROUTING -j #{CHAIN_VROUTER_SNAT} 2>/dev/null ||\
|
|
echo "-A POSTROUTING -j #{CHAIN_VROUTER_SNAT}"`
|
|
|
|
f << `iptables -t nat -S #{CHAIN_VROUTER_DNAT} 2>/dev/null |\
|
|
sed -n 's/-A\\(.*\\)/-D\\1/p'`
|
|
f << `iptables -t nat -S #{CHAIN_VROUTER_SNAT} 2>/dev/null |\
|
|
sed -n 's/-A\\(.*\\)/-D\\1/p'`
|
|
|
|
f.close
|
|
|
|
sdnats.each do |nat|
|
|
`iptables -tnat -C #{CHAIN_VROUTER_DNAT} -d #{nat['NIC_ALIAS']} -j DNAT\
|
|
--to-destination #{nat['NIC']} 2>/dev/null &&\
|
|
sed -i '/.*#{CHAIN_VROUTER_DNAT} -d #{nat['NIC_ALIAS']}\\/32 -j DNAT \
|
|
--to-destination #{nat['NIC']}/d' #{f.path} ||\
|
|
echo '-A #{CHAIN_VROUTER_DNAT} -d #{nat['NIC_ALIAS']} -j DNAT \
|
|
--to-destination #{nat['NIC']}' >> #{f.path}`
|
|
|
|
`iptables -tnat -C #{CHAIN_VROUTER_SNAT} -s #{nat['NIC']} -j SNAT \
|
|
--to-source #{nat['NIC_ALIAS']} 2>/dev/null &&\
|
|
sed -i '/.*#{CHAIN_VROUTER_SNAT} -s #{nat['NIC']}\\/32 -j SNAT \
|
|
--to-source #{nat['NIC_ALIAS']}/d' #{f.path}||\
|
|
echo '-A #{CHAIN_VROUTER_SNAT} -s #{nat['NIC']} -j SNAT \
|
|
--to-source #{nat['NIC_ALIAS']}' >> #{f.path}`
|
|
end
|
|
|
|
rules << `cat #{f.path}`
|
|
ensure
|
|
f.unlink
|
|
end
|
|
|
|
log.debug "Rules: #{rules}"
|
|
|
|
rules.each_line do |rule|
|
|
`iptables -tnat #{rule}`
|
|
end
|
|
|
|
log.debug "iptables-save: #{`iptables-save`}"
|