1
0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-23 17:33:56 +03:00
one/share/start-scripts/map_vnets_start_script
Ricardo Diaz 31de7daa40
M #-: map vnets compatible with OneGate (#4444)
Signed-off-by: Ricardo Diaz <rdiaz@opennebula.systems>
2020-03-30 10:03:47 +02:00

107 lines
3.9 KiB
Ruby
Executable File

#!/usr/bin/env ruby
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
MAP_VNETS_START_SCRIPT_LOGFILE = '/var/log/map_vnets_start_script.log'
IPTABLES_NAT_PREFIX = 'iptables -tnat'
CHAIN_VROUTER_SNAT = 'chain-vrouter-snat'
CHAIN_VROUTER_DNAT = 'chain-vrouter-dnat'
require 'json'
require 'logger'
require 'tempfile'
log = Logger.new(MAP_VNETS_START_SCRIPT_LOGFILE.to_s, 'daily')
log.level = Logger::INFO
log.info 'map_vnets_start_script executed'
service = JSON.parse(`onegate service show --json --extended`)
log.debug "Service: #{service}"
sdnats = []
roles = service['SERVICE']['roles'].flatten
roles.each do |role|
next unless role['nodes']
role['nodes'].each do |node|
nic_aliases = [node['vm_info']['VM']['TEMPLATE']['NIC_ALIAS']].flatten
next unless nic_aliases.any?
nics = [node['vm_info']['VM']['TEMPLATE']['NIC']].flatten
nic_aliases.each do |nic_alias|
nic = nics.detect {|n| n['NAME'] == nic_alias['PARENT'] }
sdnats << { 'NIC' => nic['IP'], 'NIC_ALIAS' => nic_alias['IP'] }
end
end
end
log.debug "IPs: #{sdnats}"
rules = ''
begin
f = Tempfile.new
f << `iptables -tnat -S #{CHAIN_VROUTER_DNAT} >/dev/null 2>&1 ||\
echo "-N #{CHAIN_VROUTER_DNAT}"`
f << `iptables -tnat -S #{CHAIN_VROUTER_SNAT} >/dev/null 2>&1 ||\
echo "-N #{CHAIN_VROUTER_SNAT}"`
f << `iptables -tnat -C PREROUTING -j #{CHAIN_VROUTER_DNAT} 2>/dev/null ||\
echo "-A PREROUTING -j #{CHAIN_VROUTER_DNAT}"`
f << `iptables -tnat -C POSTROUTING -j #{CHAIN_VROUTER_SNAT} 2>/dev/null ||\
echo "-A POSTROUTING -j #{CHAIN_VROUTER_SNAT}"`
f << `iptables -t nat -S #{CHAIN_VROUTER_DNAT} 2>/dev/null |\
sed -n 's/-A\\(.*\\)/-D\\1/p'`
f << `iptables -t nat -S #{CHAIN_VROUTER_SNAT} 2>/dev/null |\
sed -n 's/-A\\(.*\\)/-D\\1/p'`
f.close
sdnats.each do |nat|
`iptables -tnat -C #{CHAIN_VROUTER_DNAT} -d #{nat['NIC_ALIAS']} -j DNAT\
--to-destination #{nat['NIC']} 2>/dev/null &&\
sed -i '/.*#{CHAIN_VROUTER_DNAT} -d #{nat['NIC_ALIAS']}\\/32 -j DNAT \
--to-destination #{nat['NIC']}/d' #{f.path} ||\
echo '-A #{CHAIN_VROUTER_DNAT} -d #{nat['NIC_ALIAS']} -j DNAT \
--to-destination #{nat['NIC']}' >> #{f.path}`
`iptables -tnat -C #{CHAIN_VROUTER_SNAT} -s #{nat['NIC']} -j SNAT \
--to-source #{nat['NIC_ALIAS']} 2>/dev/null &&\
sed -i '/.*#{CHAIN_VROUTER_SNAT} -s #{nat['NIC']}\\/32 -j SNAT \
--to-source #{nat['NIC_ALIAS']}/d' #{f.path}||\
echo '-A #{CHAIN_VROUTER_SNAT} -s #{nat['NIC']} -j SNAT \
--to-source #{nat['NIC_ALIAS']}' >> #{f.path}`
end
rules << `cat #{f.path}`
ensure
f.unlink
end
log.debug "Rules: #{rules}"
rules.each_line do |rule|
`iptables -tnat #{rule}`
end
log.debug "iptables-save: #{`iptables-save`}"