construqt 0.0.1 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/construqt/bgps.rb +11 -2
- data/lib/construqt/flavour/delegates.rb +21 -2
- data/lib/construqt/flavour/flavour.rb +8 -0
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik.rb +12 -4
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_interface.rb +2 -2
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_result.rb +2 -1
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_schema.rb +6 -1
- data/lib/construqt/flavour/plantuml/plantuml.rb +21 -9
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu.rb +10 -3
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_bgp.rb +4 -9
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_ipsec.rb +12 -8
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_result.rb +71 -10
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_services.rb +45 -10
- data/lib/construqt/flavour/unknown/unknown.rb +7 -1
- data/lib/construqt/interfaces.rb +1 -0
- data/lib/construqt/ipsecs.rb +12 -0
- data/lib/construqt/networks.rb +0 -5
- data/lib/construqt/regions.rb +2 -1
- data/lib/construqt/services.rb +25 -6
- data/lib/construqt/version.rb +1 -1
- data/lib/construqt.rb +1 -1
- metadata +16 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ed2464c5e7f2d3a67a0b14fd55151df6d48cb6f5
|
4
|
+
data.tar.gz: 186694c783b3191b6701b6a56e3fd981ff1a5a6b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3d8494d2639046c8dba3358f15723f645298cd95f4e4257b621df5ec89cd8d100c00acc6e2e92fa0466b81c9bca05d29fadad3442eb73d8b34ed33156c1f9219
|
7
|
+
data.tar.gz: 6b540e1b967b6b49d0202902247bb321ace97dbb4effaeec4c29304ae6b97f951b81a6ab027c0b12eb3e834a8cfa866f6e1e7890d303698ad6cc8312a621867f
|
data/lib/construqt/bgps.rb
CHANGED
@@ -44,16 +44,25 @@ module Construqt
|
|
44
44
|
cfg.left.cfg = cfg
|
45
45
|
cfg.right.other = cfg.left
|
46
46
|
cfg.right.cfg = cfg
|
47
|
+
|
48
|
+
cfg.right.host.add_bgp(cfg)
|
49
|
+
cfg.left.host.add_bgp(cfg)
|
47
50
|
cfg
|
48
51
|
end
|
49
52
|
|
50
53
|
def self.build_config()
|
51
54
|
#binding.pry
|
52
55
|
hosts = {}
|
56
|
+
@bgps.values.each do |bgp|
|
57
|
+
hosts[bgp.left.host.object_id] ||= bgp.left.host
|
58
|
+
hosts[bgp.right.host.object_id] ||= bgp.right.host
|
59
|
+
end
|
60
|
+
#binding.pry
|
61
|
+
hosts.values.each do |host|
|
62
|
+
host.flavour.bgp.header(host) if host.flavour.bgp.respond_to?(:header)
|
63
|
+
end
|
53
64
|
@bgps.each do |name, bgp|
|
54
65
|
bgp.build_config()
|
55
|
-
hosts[bgp.left.host.name] = bgp.left
|
56
|
-
hosts[bgp.right.host.name] = bgp.right
|
57
66
|
end
|
58
67
|
|
59
68
|
#hosts.values.each do |flavour_bgp|
|
@@ -20,6 +20,14 @@ module Construqt
|
|
20
20
|
@tags = tags
|
21
21
|
end
|
22
22
|
|
23
|
+
def vrrp=(a)
|
24
|
+
@vrrp = a
|
25
|
+
end
|
26
|
+
|
27
|
+
def vrrp
|
28
|
+
@vrrp
|
29
|
+
end
|
30
|
+
|
23
31
|
def description
|
24
32
|
self.delegate.description
|
25
33
|
end
|
@@ -102,15 +110,22 @@ module Construqt
|
|
102
110
|
def _ident
|
103
111
|
"Gre_#{self.host.name}_#{self.name}"
|
104
112
|
end
|
113
|
+
|
114
|
+
def cfg
|
115
|
+
self.delegate.cfg
|
116
|
+
end
|
105
117
|
end
|
106
118
|
|
107
119
|
class HostDelegate
|
108
120
|
include Delegate
|
121
|
+
attr_reader :users, :bgps, :ipsecs
|
109
122
|
def initialize(host)
|
110
123
|
#binding.pry
|
111
124
|
#Construqt.logger.debug "HostDelegate.new(#{host.name})"
|
112
125
|
self.delegate = host
|
113
126
|
|
127
|
+
@ipsecs = []
|
128
|
+
@bgps = []
|
114
129
|
@users = host.users || host.region.users
|
115
130
|
end
|
116
131
|
|
@@ -151,8 +166,12 @@ module Construqt
|
|
151
166
|
self.delegate.configip
|
152
167
|
end
|
153
168
|
|
154
|
-
def
|
155
|
-
@
|
169
|
+
def add_ipsec(ipsec)
|
170
|
+
@ipsecs << ipsec
|
171
|
+
end
|
172
|
+
|
173
|
+
def add_bgp(bgp)
|
174
|
+
@bgps << bgp
|
156
175
|
end
|
157
176
|
|
158
177
|
def commit
|
@@ -230,7 +230,7 @@ TESTNAME
|
|
230
230
|
host.result.add("add", nil, "tool", "graphing", "interface")
|
231
231
|
|
232
232
|
host.result.add("set [ find name!=ssh && name!=www-ssl ] disabled=yes", nil, "ip", "service")
|
233
|
-
host.result.add("set [ find ] address
|
233
|
+
host.result.add("set [ find ] address=0::/0", nil, "ip", "service")
|
234
234
|
host.result.add("set [ find name!=admin ] comment=REMOVE", nil, "user")
|
235
235
|
|
236
236
|
host.result.render_mikrotik({
|
@@ -367,6 +367,14 @@ OUT
|
|
367
367
|
end.compact.join(":").sub(/:+$/, '::')
|
368
368
|
end
|
369
369
|
|
370
|
+
def self.ipsec
|
371
|
+
Ipsec
|
372
|
+
end
|
373
|
+
|
374
|
+
def self.bgp
|
375
|
+
Bgp
|
376
|
+
end
|
377
|
+
|
370
378
|
def self.clazzes
|
371
379
|
{
|
372
380
|
"opvn" => Ovpn,
|
@@ -377,10 +385,10 @@ OUT
|
|
377
385
|
"bridge" => Bridge,
|
378
386
|
"bond" => Bond,
|
379
387
|
"vlan" => Vlan,
|
380
|
-
"result" => Result,
|
388
|
+
#"result" => Result,
|
381
389
|
"template" => Template,
|
382
|
-
"bgp" => Ipsec,
|
383
|
-
"ipsec" => Bgp
|
390
|
+
#"bgp" => Ipsec,
|
391
|
+
#"ipsec" => Bgp
|
384
392
|
}
|
385
393
|
end
|
386
394
|
def self.clazz(name)
|
@@ -44,11 +44,11 @@ module Construqt
|
|
44
44
|
|
45
45
|
cfg['distance'] = rt.metric if rt.metric
|
46
46
|
default = {
|
47
|
-
"dst-address" => Schema.network.required,
|
47
|
+
"dst-address" => Schema.network.required.key(0),
|
48
48
|
"gateway" => Schema.address,
|
49
49
|
"type" => Schema.identifier,
|
50
50
|
"distance" => Schema.int,
|
51
|
-
"comment" => Schema.string.required.key
|
51
|
+
"comment" => Schema.string.required.key(1)
|
52
52
|
}
|
53
53
|
cfg['comment'] = "#{cfg['dst-address']} via #{cfg['gateway']} CONSTRUQT"
|
54
54
|
if rt.dst.ipv6?
|
@@ -44,7 +44,8 @@ module Construqt
|
|
44
44
|
end
|
45
45
|
|
46
46
|
OpenStruct.new(
|
47
|
-
:key => keys.
|
47
|
+
:key => keys.keys.sort{|a,b| default[a].key_order <=> default[b].key_order }
|
48
|
+
.map{|k| v=keys[k]; "#{k}=#{default[k].serialize(v)}"}.join(" && "),
|
48
49
|
:result => result,
|
49
50
|
:add_line => result.select{ |k,v|
|
50
51
|
if default[k].kind_of?(Schema) && default[k].noset?
|
@@ -111,11 +111,11 @@ UML
|
|
111
111
|
end
|
112
112
|
|
113
113
|
def self.render_object_address(iface)
|
114
|
+
tags = []
|
114
115
|
out = []
|
115
116
|
out << "name = \"#{iface.name}\""
|
116
117
|
out << "desc = \"#{iface.description}\"" if iface.description
|
117
118
|
if iface.address
|
118
|
-
tags = []
|
119
119
|
[iface.address.v4s, iface.address.v6s].each do |ips|
|
120
120
|
next unless ips.first
|
121
121
|
prefix = ips.first.ipv4? ? "ipv4" : "ipv6"
|
@@ -125,17 +125,27 @@ UML
|
|
125
125
|
end
|
126
126
|
end
|
127
127
|
|
128
|
-
iface.address.
|
129
|
-
out << "
|
128
|
+
if iface.address.dhcpv4?
|
129
|
+
out << "dhcpv4 = client"
|
130
130
|
end
|
131
|
-
|
132
|
-
|
131
|
+
|
132
|
+
if iface.address.dhcpv6?
|
133
|
+
out << "dhcpv6 = client"
|
133
134
|
end
|
134
|
-
|
135
|
-
|
135
|
+
|
136
|
+
iface.address.routes.each_with_index do |route, idx|
|
137
|
+
out << "route(#{idx}) = \"#{route.dst.to_string} via #{route.via.to_s}\""
|
136
138
|
end
|
137
139
|
end
|
138
140
|
|
141
|
+
iface.delegate.firewalls && iface.delegate.firewalls.each_with_index do |fw, idx|
|
142
|
+
out << "fw(#{idx}) = \"#{fw.name}\""
|
143
|
+
end
|
144
|
+
|
145
|
+
(iface.tags+tags).sort.uniq.each_with_index do |tag, idx|
|
146
|
+
out << "tag(#{idx}) = \"#{tag}\""
|
147
|
+
end
|
148
|
+
|
139
149
|
out.join("\n")
|
140
150
|
end
|
141
151
|
|
@@ -440,13 +450,15 @@ UML
|
|
440
450
|
elsif File.exists?("/usr/bin/dot")
|
441
451
|
dot = "/usr/bin/dot"
|
442
452
|
else
|
443
|
-
dot = "$
|
453
|
+
dot = "$(which dot)"
|
444
454
|
end
|
455
|
+
|
445
456
|
if File.exists?("#{ENV['HOMEPATH']}/Downloads/plantuml.jar")
|
446
457
|
plantuml_jar = "#{ENV['HOMEPATH']}/Downloads/plantuml.jar"
|
447
458
|
else
|
448
|
-
|
459
|
+
plantuml_jar = "$HOME/Downloads/plantuml.jar"
|
449
460
|
end
|
461
|
+
|
450
462
|
system("java -jar \"#{plantuml_jar}\" -Djava.awt.headless=true -graphvizdot \"#{dot}\" -tsvg cfgs/world.puml")
|
451
463
|
end
|
452
464
|
|
@@ -333,6 +333,13 @@ PAM
|
|
333
333
|
end
|
334
334
|
end
|
335
335
|
|
336
|
+
def self.ipsec
|
337
|
+
Ipsec
|
338
|
+
end
|
339
|
+
def self.bgp
|
340
|
+
Bgp
|
341
|
+
end
|
342
|
+
|
336
343
|
def self.clazzes
|
337
344
|
{
|
338
345
|
"opvn" => Opvn,
|
@@ -343,9 +350,9 @@ PAM
|
|
343
350
|
"bridge" => Bridge,
|
344
351
|
"bond" => Bond,
|
345
352
|
"vlan" => Vlan,
|
346
|
-
"result" => Result,
|
347
|
-
"ipsec" => Ipsec,
|
348
|
-
"bgp" => Bgp,
|
353
|
+
#"result" => Result,
|
354
|
+
#"ipsec" => Ipsec,
|
355
|
+
#"bgp" => Bgp,
|
349
356
|
"template" => Template
|
350
357
|
}
|
351
358
|
end
|
@@ -8,14 +8,8 @@ module Construqt
|
|
8
8
|
end
|
9
9
|
|
10
10
|
def self.header(host)
|
11
|
-
|
12
|
-
|
13
|
-
iface = iface.delegate
|
14
|
-
next unless iface.cfg
|
15
|
-
next unless iface.cfg.kind_of? Construqt::Bgp
|
16
|
-
addrs[iface.name] = iface
|
17
|
-
end
|
18
|
-
return if addrs.empty?
|
11
|
+
return if host.bgps.empty?
|
12
|
+
# binding.pry
|
19
13
|
bird_v4 = self.header_bird(host, OpenStruct.new(:net_clazz => IPAddress::IPv4, :filter => lambda {|ip| ip.ipv4? }))
|
20
14
|
host.result.add(self, bird_v4, Construqt::Resources::Rights::ROOT_0644, "etc", "bird", "bird.conf")
|
21
15
|
bird_v6 = self.header_bird(host, OpenStruct.new(:net_clazz => IPAddress::IPv6, :filter => lambda {|ip| ip.ipv6? }))
|
@@ -23,7 +17,7 @@ module Construqt
|
|
23
17
|
end
|
24
18
|
|
25
19
|
def self.header_bird(host, mode)
|
26
|
-
#
|
20
|
+
#binding.pry
|
27
21
|
ret = <<BGP
|
28
22
|
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
|
29
23
|
router id #{host.id.first_ipv4.first_ipv4.to_s};
|
@@ -108,6 +102,7 @@ BGP
|
|
108
102
|
end
|
109
103
|
|
110
104
|
def build_config(unused, unused1)
|
105
|
+
# binding.pry
|
111
106
|
build_bird_conf
|
112
107
|
build_bird6_conf
|
113
108
|
end
|
@@ -8,6 +8,7 @@ module Construqt
|
|
8
8
|
end
|
9
9
|
|
10
10
|
def self.header(host)
|
11
|
+
#binding.pry
|
11
12
|
addrs = {}
|
12
13
|
host.interfaces.values.each do |iface|
|
13
14
|
iface = iface.delegate
|
@@ -117,22 +118,25 @@ RACOON
|
|
117
118
|
end
|
118
119
|
end
|
119
120
|
|
121
|
+
def psk(ip, cfg)
|
122
|
+
[
|
123
|
+
"# #{cfg.name}",
|
124
|
+
"#{ip} #{Util.password(cfg.password)}"
|
125
|
+
].join("\n")
|
126
|
+
end
|
127
|
+
|
120
128
|
def build_config(unused, unused2)
|
121
129
|
# build_gre_config()
|
122
130
|
#binding.pry
|
123
131
|
if self.other.remote.first_ipv6
|
124
132
|
build_racoon_config(self.other.remote.first_ipv6.to_s)
|
125
|
-
host.result.add(self,
|
126
|
-
|
127
|
-
#{self.other.remote.first_ipv6.to_s} #{Util.password(self.cfg.password)}
|
128
|
-
IPV6
|
133
|
+
host.result.add(self, psk(self.other.remote.first_ipv6.to_s, cfg),
|
134
|
+
Construqt::Resources::Rights::ROOT_0600, "etc", "racoon", "psk.txt")
|
129
135
|
build_policy(self.remote.first_ipv6.to_s, self.other.remote.first_ipv6.to_s, self.my, self.other.my)
|
130
136
|
elsif self.other.remote.first_ipv4
|
131
137
|
build_racoon_config(self.other.remote.first_ipv4.to_s)
|
132
|
-
host.result.add(self,
|
133
|
-
|
134
|
-
#{self.other.remote.first_ipv4.to_s} #{Util.password(self.cfg.password)}
|
135
|
-
IPV4
|
138
|
+
host.result.add(self, psk(self.other.remote.first_ipv4.to_s, cfg),
|
139
|
+
Construqt::Resources::Rights::ROOT_0600, "etc", "racoon", "psk.txt")
|
136
140
|
build_policy(self.remote.first_ipv4.to_s, self.other.remote.first_ipv4.to_s, self.my, self.other.my)
|
137
141
|
else
|
138
142
|
throw "ipsec need a remote address"
|
@@ -3,6 +3,72 @@ module Construqt
|
|
3
3
|
module Flavour
|
4
4
|
module Ubuntu
|
5
5
|
|
6
|
+
class EtcConntrackdConntrackd
|
7
|
+
def initialize(result)
|
8
|
+
@result = result
|
9
|
+
@others = []
|
10
|
+
end
|
11
|
+
|
12
|
+
class Other
|
13
|
+
attr_accessor :ifname, :my_ip, :other_ip
|
14
|
+
end
|
15
|
+
|
16
|
+
def add(ifname, my_ip, other_ip)
|
17
|
+
other = Other.new
|
18
|
+
other.ifname = ifname
|
19
|
+
other.my_ip = my_ip
|
20
|
+
other.other_ip = other_ip
|
21
|
+
@others << other
|
22
|
+
end
|
23
|
+
|
24
|
+
def commit
|
25
|
+
return '' if @others.empty?
|
26
|
+
out = [<<CONNTRACKD]
|
27
|
+
General {
|
28
|
+
HashSize 32768
|
29
|
+
HashLimit 524288
|
30
|
+
Syslog on
|
31
|
+
LockFile /var/lock/conntrackd.lock
|
32
|
+
UNIX {
|
33
|
+
Path /var/run/conntrackd.sock
|
34
|
+
Backlog 20
|
35
|
+
}
|
36
|
+
SocketBufferSize 262142
|
37
|
+
SocketBufferSizeMaxGrown 655355
|
38
|
+
Filter {
|
39
|
+
Protocol Accept {
|
40
|
+
TCP
|
41
|
+
}
|
42
|
+
Address Ignore {
|
43
|
+
IPv4_address 127.0.0.1 # loopback
|
44
|
+
}
|
45
|
+
}
|
46
|
+
}
|
47
|
+
Sync {
|
48
|
+
Mode FTFW {
|
49
|
+
DisableExternalCache Off
|
50
|
+
CommitTimeout 1800
|
51
|
+
PurgeTimeout 5
|
52
|
+
}
|
53
|
+
CONNTRACKD
|
54
|
+
@others.each do |other|
|
55
|
+
out.push(<<OTHER)
|
56
|
+
UDP Default {
|
57
|
+
IPv4_address #{other.my_ip}
|
58
|
+
IPv4_Destination_Address #{other.other_ip}
|
59
|
+
Port 3780
|
60
|
+
Interface #{other.ifname}
|
61
|
+
SndSocketBuffer 24985600
|
62
|
+
RcvSocketBuffer 24985600
|
63
|
+
Checksum on
|
64
|
+
}
|
65
|
+
OTHER
|
66
|
+
end
|
67
|
+
out.push("}")
|
68
|
+
out.join("\n")
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
6
72
|
class EtcNetworkIptables
|
7
73
|
def initialize
|
8
74
|
@mangle = Section.new('mangle')
|
@@ -389,22 +455,16 @@ VRRP
|
|
389
455
|
end
|
390
456
|
|
391
457
|
class Result
|
458
|
+
attr_reader :etc_network_interfaces, :etc_network_iptables, :etc_conntrackd_conntrackd
|
392
459
|
def initialize(host)
|
393
460
|
@host = host
|
394
461
|
@etc_network_interfaces = EtcNetworkInterfaces.new(self)
|
395
462
|
@etc_network_iptables = EtcNetworkIptables.new
|
463
|
+
@etc_conntrackd_conntrackd = EtcConntrackdConntrackd.new(self)
|
396
464
|
@etc_network_vrrp = EtcNetworkVrrp.new
|
397
465
|
@result = {}
|
398
466
|
end
|
399
467
|
|
400
|
-
def etc_network_interfaces
|
401
|
-
@etc_network_interfaces
|
402
|
-
end
|
403
|
-
|
404
|
-
def etc_network_iptables
|
405
|
-
@etc_network_iptables
|
406
|
-
end
|
407
|
-
|
408
468
|
def etc_network_vrrp(ifname)
|
409
469
|
@etc_network_vrrp.get(ifname)
|
410
470
|
end
|
@@ -432,7 +492,6 @@ VRRP
|
|
432
492
|
#binding.pry
|
433
493
|
#@result[path] << [clazz.xprefix(@host)].compact
|
434
494
|
end
|
435
|
-
|
436
495
|
@result[path] << block+"\n"
|
437
496
|
end
|
438
497
|
|
@@ -460,6 +519,7 @@ VRRP
|
|
460
519
|
add(EtcNetworkIptables, etc_network_iptables.commitv4, Construqt::Resources::Rights::ROOT_0644, "etc", "network", "iptables.cfg")
|
461
520
|
add(EtcNetworkIptables, etc_network_iptables.commitv6, Construqt::Resources::Rights::ROOT_0644, "etc", "network", "ip6tables.cfg")
|
462
521
|
add(EtcNetworkInterfaces, etc_network_interfaces.commit, Construqt::Resources::Rights::ROOT_0644, "etc", "network", "interfaces")
|
522
|
+
add(EtcConntrackdConntrackd, etc_conntrackd_conntrackd.commit, Construqt::Resources::Rights::ROOT_0644, "etc", "conntrack", "conntrackd.conf")
|
463
523
|
@etc_network_vrrp.commit(self)
|
464
524
|
out = [<<BASH]
|
465
525
|
#!/bin/bash
|
@@ -471,12 +531,13 @@ fi
|
|
471
531
|
if [ $hostname != #{@host.name} ]
|
472
532
|
then
|
473
533
|
echo 'You try to run a deploy script on a host which has not the right name $hostname != #{@host.name}'
|
534
|
+
exit 47
|
474
535
|
else
|
475
536
|
echo Configure Host #{@host.name}
|
476
537
|
fi
|
477
538
|
updates=''
|
478
539
|
for i in language-pack-en language-pack-de git aptitude traceroute vlan bridge-utils tcpdump mtr-tiny \\
|
479
|
-
bird keepalived strace iptables conntrack openssl racoon ulogd2 ifenslave
|
540
|
+
bird keepalived strace iptables conntrack openssl racoon ulogd2 ifenslave conntrackd conntrack bind9
|
480
541
|
do
|
481
542
|
dpkg -l $i > /dev/null 2> /dev/null
|
482
543
|
if [ $? != 0 ]
|
@@ -9,11 +9,11 @@ module Construqt
|
|
9
9
|
end
|
10
10
|
|
11
11
|
def up(ifname)
|
12
|
-
"/usr/sbin/dhcrelay -pf /run/dhcrelay-v4.#{ifname}.pid -
|
12
|
+
"/usr/sbin/dhcrelay -pf /run/dhcrelay-v4.#{ifname}.pid -q -4 -i #{ifname} #{@service.servers.map{|i| i.to_s}.join(' ')}"
|
13
13
|
end
|
14
14
|
|
15
15
|
def down(ifname)
|
16
|
-
"kill
|
16
|
+
"kill `cat /run/dhcrelay-v4.#{ifname}.pid`"
|
17
17
|
end
|
18
18
|
|
19
19
|
def vrrp(host, ifname, iface)
|
@@ -34,23 +34,28 @@ module Construqt
|
|
34
34
|
@service = service
|
35
35
|
end
|
36
36
|
|
37
|
-
def up(ifname)
|
38
|
-
"/usr/sbin/dhcrelay -pf /run/dhcrelay-v6.#{ifname}.pid -
|
37
|
+
def up(iface, ifname)
|
38
|
+
"/usr/sbin/dhcrelay -pf /run/dhcrelay-v6.#{ifname}.pid -q -6 -l #{iface.address.first_ipv6.to_s}%#{ifname} #{@service.servers.map{|i| "-u #{i.ip}%#{i.iface}" }.join(' ')}"
|
39
39
|
end
|
40
40
|
|
41
|
-
def down(ifname)
|
42
|
-
"kill
|
41
|
+
def down(iface, ifname)
|
42
|
+
"kill `cat /run/dhcrelay-v6.#{ifname}.pid`"
|
43
43
|
end
|
44
44
|
|
45
45
|
def vrrp(host, ifname, iface)
|
46
|
-
host.result.etc_network_vrrp(iface.name).add_master(up(ifname)).add_backup(down(ifname))
|
46
|
+
host.result.etc_network_vrrp(iface.name).add_master(up(iface, ifname)).add_backup(down(iface, ifname))
|
47
47
|
end
|
48
48
|
|
49
49
|
def interfaces(host, ifname, iface, writer)
|
50
50
|
return unless iface.address && iface.address.first_ipv6
|
51
51
|
return if @service.servers.empty?
|
52
|
-
|
53
|
-
|
52
|
+
@service.servers.each do |server|
|
53
|
+
unless @service.services.region.interfaces.find(host, server.iface)
|
54
|
+
throw "DhcpV6Relay interface with name #{service.iface} not found on #{host.name}"
|
55
|
+
end
|
56
|
+
end
|
57
|
+
writer.lines.up(up(iface, ifname))
|
58
|
+
writer.lines.down(down(iface, ifname))
|
54
59
|
end
|
55
60
|
end
|
56
61
|
|
@@ -99,11 +104,41 @@ RADV
|
|
99
104
|
end
|
100
105
|
end
|
101
106
|
|
107
|
+
class ConntrackD
|
108
|
+
def initialize(service)
|
109
|
+
@service = service
|
110
|
+
end
|
111
|
+
|
112
|
+
def up(ifname)
|
113
|
+
"/usr/share/doc/conntrackd/examples/sync/primary-backup.sh primary"
|
114
|
+
end
|
115
|
+
|
116
|
+
def down(ifname)
|
117
|
+
"/usr/share/doc/conntrackd/examples/sync/primary-backup.sh backup"
|
118
|
+
end
|
119
|
+
|
120
|
+
def vrrp(host, ifname, iface)
|
121
|
+
#binding.pry
|
122
|
+
host.result.etc_network_vrrp(iface.name).add_master(up(ifname)).add_backup(down(ifname))
|
123
|
+
end
|
124
|
+
|
125
|
+
def interfaces(host, ifname, iface, writer)
|
126
|
+
throw "only vrrp ifaces could be used to conntrack: #{ifname}:#{iface.name}" unless iface.vrrp
|
127
|
+
throw "conntrack needs a ipv4 address #{ifname}:#{iface.name}" unless iface.address.first_ipv4
|
128
|
+
throw "conntrack currently a ipv4 address #{iface.host.name}:#{ifname}:#{iface.name}" unless iface.address.first_ipv4
|
129
|
+
other_if = iface.vrrp.delegate.interfaces.find{|i| i.host != host }
|
130
|
+
throw "conntrack currently a ipv4 address #{other_if.host.name}:#{other_if.name}" unless other_if.address.first_ipv4
|
131
|
+
#binding.pry
|
132
|
+
host.result.etc_conntrackd_conntrackd.add(ifname, iface.address.first_ipv4, other_if.address.first_ipv4)
|
133
|
+
end
|
134
|
+
end
|
135
|
+
|
102
136
|
def self.get_renderer(service)
|
103
137
|
factory = {
|
104
138
|
Construqt::Services::DhcpV4Relay => DhcpV4Relay,
|
105
139
|
Construqt::Services::DhcpV6Relay => DhcpV6Relay,
|
106
|
-
Construqt::Services::Radvd => Radvd
|
140
|
+
Construqt::Services::Radvd => Radvd,
|
141
|
+
Construqt::Services::ConntrackD => ConntrackD
|
107
142
|
}
|
108
143
|
found = factory.keys.find{ |i| service.kind_of?(i) }
|
109
144
|
throw "service type unknown #{service.name} #{service.class.name}" unless found
|
@@ -111,6 +111,13 @@ module Construqt
|
|
111
111
|
|
112
112
|
# end
|
113
113
|
#
|
114
|
+
#
|
115
|
+
def self.ipsec
|
116
|
+
Ipsec
|
117
|
+
end
|
118
|
+
def self.bgp
|
119
|
+
Bgp
|
120
|
+
end
|
114
121
|
def self.clazzes
|
115
122
|
{
|
116
123
|
"opvn" => Opvn,
|
@@ -122,7 +129,6 @@ module Construqt
|
|
122
129
|
"template" => Template,
|
123
130
|
"bond" => Bond,
|
124
131
|
"vlan" => Vlan,
|
125
|
-
"result" => Result
|
126
132
|
}
|
127
133
|
end
|
128
134
|
|
data/lib/construqt/interfaces.rb
CHANGED
@@ -109,6 +109,7 @@ module Construqt
|
|
109
109
|
cfg['interface'] = interface
|
110
110
|
throw "vrrp interface does not have within the same network" if nets.length == interface.address.ips.select { |adr| nets[adr.network.to_s] }.length
|
111
111
|
dev = add_device(interface.host, name, cfg)
|
112
|
+
interface.vrrp = dev
|
112
113
|
dev.address.interface = nil
|
113
114
|
dev.address.host = nil
|
114
115
|
dev.address.name = name
|
data/lib/construqt/ipsecs.rb
CHANGED
@@ -40,6 +40,9 @@ module Construqt
|
|
40
40
|
cfg.right.other = cfg.left
|
41
41
|
cfg.right.cfg = cfg
|
42
42
|
|
43
|
+
cfg.left.host.add_ipsec(cfg)
|
44
|
+
cfg.right.host.add_ipsec(cfg)
|
45
|
+
|
43
46
|
#puts "-------- #{cfg.left.my.host.name} - #{cfg.right.my.host.name}"
|
44
47
|
cfg.left.interface = cfg.left.my.host.region.interfaces.add_gre(cfg.left.my.host, cfg.left.other.host.name,
|
45
48
|
"address" => cfg.left.my,
|
@@ -56,6 +59,15 @@ module Construqt
|
|
56
59
|
end
|
57
60
|
|
58
61
|
def self.build_config()
|
62
|
+
hosts = {}
|
63
|
+
@ipsecs.values.each do |ipsec|
|
64
|
+
hosts[ipsec.left.host.object_id] ||= ipsec.left.host
|
65
|
+
hosts[ipsec.right.host.object_id] ||= ipsec.right.host
|
66
|
+
end
|
67
|
+
#binding.pry
|
68
|
+
hosts.values.each do |host|
|
69
|
+
host.flavour.ipsec.header(host) if host.flavour.ipsec.respond_to?(:header)
|
70
|
+
end
|
59
71
|
@ipsecs.each do |name, ipsec|
|
60
72
|
ipsec.build_config()
|
61
73
|
end
|
data/lib/construqt/networks.rb
CHANGED
@@ -8,14 +8,9 @@ module Construqt
|
|
8
8
|
@domain = "construqt.org"
|
9
9
|
@contact = "soa@construqt.org"
|
10
10
|
@addresses = Construqt::Addresses.new(self)
|
11
|
-
@services = Construqt::Services.new
|
12
11
|
@dns_resolver = nil
|
13
12
|
end
|
14
13
|
|
15
|
-
def services
|
16
|
-
@services
|
17
|
-
end
|
18
|
-
|
19
14
|
def addresses
|
20
15
|
@addresses
|
21
16
|
end
|
data/lib/construqt/regions.rb
CHANGED
@@ -3,7 +3,7 @@ module Construqt
|
|
3
3
|
module Regions
|
4
4
|
@regions = {}
|
5
5
|
class Region
|
6
|
-
attr_reader :name, :cables, :hosts, :interfaces, :users, :vlans, :network, :templates, :resources
|
6
|
+
attr_reader :name, :cables, :hosts, :interfaces, :users, :vlans, :network, :templates, :resources, :services
|
7
7
|
def initialize(name, network)
|
8
8
|
@name = name
|
9
9
|
@network = network
|
@@ -13,6 +13,7 @@ module Construqt
|
|
13
13
|
@templates = Construqt::Templates.new(self)
|
14
14
|
@users = Construqt::Users.new(self)
|
15
15
|
@cables = Construqt::Cables.new(self)
|
16
|
+
@services = Construqt::Services.new(self)
|
16
17
|
@resources = Construqt::Resources.new(self)
|
17
18
|
end
|
18
19
|
end
|
data/lib/construqt/services.rb
CHANGED
@@ -1,8 +1,14 @@
|
|
1
1
|
module Construqt
|
2
2
|
class Services
|
3
|
+
class ConntrackD
|
4
|
+
attr_accessor :name, :services
|
5
|
+
def initialize(name)
|
6
|
+
self.name = name
|
7
|
+
end
|
8
|
+
end
|
3
9
|
|
4
10
|
class DhcpV4Relay
|
5
|
-
attr_accessor :servers, :name
|
11
|
+
attr_accessor :servers, :name, :services
|
6
12
|
def initialize(name)
|
7
13
|
self.name = name
|
8
14
|
self.servers = []
|
@@ -15,26 +21,38 @@ module Construqt
|
|
15
21
|
end
|
16
22
|
end
|
17
23
|
class DhcpV6Relay
|
18
|
-
attr_accessor :servers, :name
|
24
|
+
attr_accessor :servers, :name, :services
|
19
25
|
def initialize(name)
|
20
26
|
self.name = name
|
21
27
|
self.servers = []
|
22
28
|
end
|
23
|
-
|
29
|
+
class Server
|
30
|
+
attr_accessor :ip, :iface
|
31
|
+
end
|
32
|
+
def add_server(name)
|
33
|
+
(ip, iface) = name.split("%")
|
34
|
+
throw "ip not set #{name}" unless ip
|
24
35
|
ip = IPAddress.parse(ip)
|
25
36
|
throw "ip must be a v6 address" unless ip.ipv6?
|
26
|
-
|
37
|
+
throw "iface not set #{name}" if iface.nil? || iface.empty?
|
38
|
+
server = Server.new
|
39
|
+
server.ip = ip
|
40
|
+
server.iface = iface
|
41
|
+
self.servers << server
|
27
42
|
self
|
28
43
|
end
|
29
44
|
end
|
30
45
|
class Radvd
|
31
|
-
attr_accessor :servers, :name
|
46
|
+
attr_accessor :servers, :name, :services
|
32
47
|
def initialize(name)
|
33
48
|
self.name = name
|
34
49
|
end
|
35
50
|
end
|
36
51
|
|
37
|
-
|
52
|
+
|
53
|
+
attr_reader :region
|
54
|
+
def initialize(region)
|
55
|
+
@region = region
|
38
56
|
@services = {}
|
39
57
|
end
|
40
58
|
|
@@ -46,6 +64,7 @@ module Construqt
|
|
46
64
|
|
47
65
|
def add(service)
|
48
66
|
@services[service.name] = service
|
67
|
+
service.services = self
|
49
68
|
self
|
50
69
|
end
|
51
70
|
|
data/lib/construqt/version.rb
CHANGED
data/lib/construqt.rb
CHANGED
metadata
CHANGED
@@ -1,15 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: construqt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Meno Abels
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-12-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: construqt-ipaddress
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ~>
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 0.8.1
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ~>
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 0.8.1
|
13
27
|
- !ruby/object:Gem::Dependency
|
14
28
|
name: rake
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|