construqt 0.0.1

data/lib/construqt/flavour/mikrotik/flavour_mikrotik.rb

@@ -0,0 +1,417 @@
+require_relative 'flavour_mikrotik_schema.rb'
+require_relative 'flavour_mikrotik_ipsec.rb'
+require_relative 'flavour_mikrotik_bgp.rb'
+require_relative 'flavour_mikrotik_result.rb'
+require_relative 'flavour_mikrotik_interface.rb'
+
+
+module Construqt
+  module Flavour
+    module Mikrotik
+
+
+      def self.name
+        'mikrotik'
+      end
+
+      Flavour.add(self)
+
+      class Device < OpenStruct
+        def initialize(cfg)
+          super(cfg)
+        end
+
+        def build_config(host, iface)
+          binding.pry if iface.default_name.nil? || iface.default_name.empty?
+          iface = iface.delegate
+          default = {
+            "l2mtu" => Schema.int.default(1590),
+            "mtu" => Schema.int.default(1500),
+            "name" => Schema.identifier.default("dummy"),
+            "default-name" => Schema.identifier.required.key.noset
+          }
+          host.result.render_mikrotik_set_by_key(default, {
+            "l2mtu" => iface.mtu,
+            "mtu" => iface.mtu,
+            "name" => iface.name,
+            "default-name" => iface.default_name
+          }, "interface")
+          Interface.build_config(host, iface)
+        end
+      end
+
+      class Vrrp < OpenStruct
+        def initialize(cfg)
+          super(cfg)
+        end
+
+        def build_config(host, iface)
+          iface = iface.delegate
+          default = {
+            "interface" => Schema.identifier.required,
+            "name" => Schema.identifier.key.required,
+            "priority" => Schema.int.required,
+            "v3-protocol" => Schema.identifier.required,
+            "vrid" => Schema.int.required
+          }
+          host.result.render_mikrotik(default, {
+            "interface" => iface.interface.name,
+            "name" => iface.name,
+            "priority" => iface.interface.priority,
+            "v3-protocol" => "ipv6",
+            "vrid" => iface.vrid
+          }, "interface", "vrrp")
+          Interface.build_config(host, iface)
+        end
+      end
+
+      class Bond < OpenStruct
+        def initialize(cfg)
+          super(cfg)
+        end
+
+        def scheduler_hack(host, iface)
+          #binding.pry if iface.name=="sw12"
+          return [] unless iface.interfaces.find{|iface| iface.class.kind_of? self.class }
+
+          system_script_schema = {
+            "name" => Schema.identifier.key.required,
+            "source" => Schema.source.required
+          }
+          host.result.render_mikrotik(system_script_schema, {
+            "no_auto_disable" => true,
+            "name" => "disable-#{iface.name}",
+            "source" => <<SRC
+/interface bonding disable [ find name=#{iface.name} ]
+/system scheduler enable [ find name=enable-#{iface.name} ]
+SRC
+          }, "system", "script")
+
+          or_condition = "(" + iface.interfaces.map{|iface| "name=#{iface.name}"}.join(" or ") + ")"
+          host.result.render_mikrotik(system_script_schema, {
+            "no_auto_disable" => true,
+            "name" => "enable-#{iface.name}",
+            "source" => <<SRC
+:local run [ /interface bonding find running=yes and #{or_condition}]
+:if ($run!="") do={
+  /interface bonding enable [find name=sw12]
+  /system schedule disable [ find name=enable-sw12 ]
+}
+SRC
+          }, "system", "script")
+
+          system_scheduler_script = {
+            "name" => Schema.identifier.key.required,
+            "on-event" => Schema.identifier.required,
+            "start-time" => Schema.identifier.null,
+            "interval" => Schema.interval.null,
+            "disabled" => Schema.boolean.default(false)
+          }
+          host.result.render_mikrotik(system_scheduler_script, {
+            "name" => "disable-#{iface.name}",
+            "on-event" => "disable-#{iface.name}",
+            "start-time" => "startup"
+          }, "system", "scheduler")
+
+          host.result.render_mikrotik(system_scheduler_script, {
+            "name" => "enable-#{iface.name}",
+            "on-event" => "enable-#{iface.name}",
+            "interval" => "00:00:10",
+            "disabled" => true
+          }, "system", "scheduler")
+        end
+
+        def build_config(host, iface)
+          iface = iface.delegate
+          default = {
+            "mode" => Schema.string.default("active-backup"),
+            "mtu" => Schema.int.required,
+            "name" => Schema.identifier.required.key,
+            "slaves" => Schema.identifiers.required,
+          }
+          host.result.render_mikrotik(default, {
+            "mtu" => iface.mtu,
+            "name" => iface.name,
+            "mode" => iface.mode,
+            "slaves" => iface.interfaces.map{|iface| iface.name}.join(',')
+          }, "interface", "bonding")
+          Interface.build_config(host, iface)
+          scheduler_hack(host, iface)
+        end
+      end
+
+      class Vlan < OpenStruct
+        def initialize(cfg)
+          super(cfg)
+        end
+
+        def build_config(host, iface)
+          iface = iface.delegate
+          default = {
+            "interface" => Schema.identifier.required,
+            "mtu" => Schema.int.required,
+            "name" => Schema.identifier.required.key,
+            "vlan-id" => Schema.int.required,
+          }
+          iface.interfaces.each do |vlan_iface|
+            host.result.render_mikrotik(default, {
+              "interface" => vlan_iface.name,
+              "mtu" => iface.mtu,
+              "name" => iface.name,
+              "vlan-id" => iface.vlan_id
+            }, "interface", "vlan")
+          end
+          Interface.build_config(host, iface)
+        end
+      end
+
+      class Bridge < OpenStruct
+        def initialize(cfg)
+          super(cfg)
+        end
+
+        def build_config(host, iface)
+          iface = iface.delegate
+          default = {
+            "auto-mac" => Schema.boolean.default(true),
+            "mtu" => Schema.int.required,
+            "priority" => Schema.int.default(57344),
+            "name" => Schema.identifier.required.key
+          }
+          host.result.render_mikrotik(default, {
+            "mtu" => iface.mtu,
+            "name" => iface.name,
+            "priority" => iface.priority
+          }, "interface", "bridge")
+          iface.interfaces.each do |port|
+            host.result.render_mikrotik({
+              "bridge" => Schema.identifier.required.key,
+              "interface" => Schema.identifier.required.key
+            }, {
+              "interface" => port.name,
+              "bridge" => iface.name,
+            }, "interface", "bridge", "port")
+          end
+          Interface.build_config(host, iface)
+        end
+      end
+
+      class Host < OpenStruct
+        def initialize(cfg)
+          super(cfg)
+        end
+
+        def footer(host)
+        end
+
+        def self.header(host)
+          host = host.delegate
+          host.result.add(<<TESTNAME, nil, "system", "identity")
+{
+  :local identity [get]
+  :if (($identity->"name") != "#{host.name}") do={
+    :put "Execute /system identity set name=#{host.name}"
+    :error ("The Script is for router #{host.name} this router named ".($identity->"name"))
+  } else={
+    :put "Configure #{host.name}"
+  }
+}
+TESTNAME
+          host.result.render_mikrotik_set_direct({ "name"=> Schema.identifier.required.key },
+                                                 { "name" => host.name }, "system", "identity")
+
+          host.result.render_mikrotik_set_direct({ "time-zone-name"=> Schema.identifier.required.key },
+                                                 { "time-zone-name" => host.time_zone||'MET' }, "system", "clock")
+
+          dns = host.region.network.dns_resolver.nameservers.ips
+          host.result.render_mikrotik_set_direct({"servers"=>Schema.addresses.required.key },
+                                                 { "servers"=> dns }, "ip", "dns")
+
+          host.result.add("add", nil, "tool", "graphing", "interface")
+
+          host.result.add("set [ find name!=ssh && name!=www-ssl ] disabled=yes", nil, "ip", "service")
+          host.result.add("set [ find ] address=#{host.id.first_ipv6.first_ipv6}", nil, "ip", "service")
+          host.result.add("set [ find name!=admin ] comment=REMOVE", nil, "user")
+
+          host.result.render_mikrotik({
+            "name" => Schema.identifier.required.key,
+            "enc-algorithms" => Schema.identifier.default("aes-256-cbc"),
+            "lifetime" => Schema.interval.default("00:01:00"),
+            "pfs-group"=> Schema.identifier.default("modp1536")
+          }, {"name" => "s2b-proposal"}, "ip", "ipsec", "proposal")
+          host.result.add("", "default=yes", "ip", "ipsec", "proposal")
+          host.result.add("", "template=yes", "ip", "ipsec", "policy")
+          host.result.add("", "name=default", "routing", "bgp", "instance")
+          host.result.add_remove_pre_condition('comment~"CONSTRUQT\$"', "ip", "address")
+          host.result.add_remove_pre_condition('comment~"CONSTRUQT\$"', "ip", "route")
+          host.result.add_remove_pre_condition('comment~"CONSTRUQT\$"', "ipv6", "address")
+          host.result.add_remove_pre_condition('comment~"CONSTRUQT\$"', "ipv6", "route")
+          host.region.users.all.each do |u|
+            host.result.add(<<OUT, nil, "user")
+{
+   :local found [find name=#{u.name.inspect} ]
+   :if ($found = "") do={
+       add comment=#{u.full_name.inspect} name=#{u.name} password=#{host.region.hosts.default_password} group=full
+   } else={
+     set $found comment=#{u.full_name.inspect}
+   }
+}
+OUT
+          end
+
+          host.result.add("remove [find comment=REMOVE ]", nil, "user" )
+          host.result.add("set [ find name=admin] disable=yes", nil, "user")
+        end
+
+        def build_config(host, unused)
+          ret = ["# host"]
+        end
+      end
+
+      class Ovpn < OpenStruct
+        def initialize(cfg)
+          super(cfg)
+        end
+
+        def build_config(host, iface)
+          throw "ovpn not impl"
+        end
+      end
+
+      class Gre < OpenStruct
+        def initialize(cfg)
+          super(cfg)
+        end
+
+        def set_interface_gre(host, cfg)
+          default = {
+            "name"=>Schema.identifier.required.key,
+            "local-address"=>Schema.address.required,
+            "remote-address"=>Schema.address.required,
+            "dscp"=>Schema.identifier.default("inherit"),
+            "mtu"=>Schema.int.default(1476)
+#            "l2mtu"=>Scheme.int.default(65535)
+          }
+          host.result.render_mikrotik(default, cfg, "interface", "gre")
+        end
+
+        def set_interface_gre6(host, cfg)
+          default = {
+            "name"=>Schema.identifier.required.key,
+            "local-address"=>Schema.address.required,
+            "remote-address"=>Schema.address.required,
+            "mtu"=>Schema.int.default(1456)
+#            "l2mtu"=>Schema.int.default(65535)
+          }
+          host.result.render_mikrotik(default, cfg, "interface", "gre6")
+        end
+
+        def build_config(host, iface)
+          iface = iface.delegate
+          #puts "iface.name=>#{iface.name}"
+          #binding.pry
+          #iname = Util.clean_if("gre6", "#{iface.name}")
+          if iface.local.first_ipv6 && iface.remote.first_ipv6
+            set_interface_gre6(host, "name"=> iface.name,
+                               "local-address"=>iface.local.first_ipv6,
+                               "remote-address"=>iface.remote.first_ipv6)
+          else
+            set_interface_gre(host, "name"=> iface.name,
+                              "local-address"=>iface.local.first_ipv4,
+                              "remote-address"=>iface.remote.first_ipv4)
+          end
+          Interface.build_config(host, iface)
+
+          #Mikrotik.set_ipv6_address(host, "address"=>iface.address.first_ipv6.to_string, "interface" => iname)
+        end
+      end
+
+      def set_ipv6_address(host, cfg)
+        default = {
+          "address"=>Schema.network.required,
+          "interface"=>Schema.identifier.required,
+          "comment" => Schema.string.required.key,
+          "advertise"=>Schema.boolean.default(false)
+        }
+        cfg['comment'] = "#{cfg['interface']}-#{cfg['address']}"
+        host.result.render_mikrotik(default, cfg, "ipv6", "address")
+      end
+
+      class Template < OpenStruct
+        def initialize(cfg)
+          super(cfg)
+        end
+
+        def build_config(host, iface)
+          throw "template not impl"
+        end
+      end
+
+      def self.compress_address(val)
+        return val.compressed if val.ipv4?
+        found = 0
+        val.groups.map do |i|
+          if found > 0 && i != 0
+            found = -1
+          end
+
+          if found == 0 && i == 0
+            found += 1
+            ""
+          elsif found > 0 && i == 0
+            found += 1
+            nil
+          else
+            i.to_s 16
+          end
+        end.compact.join(":").sub(/:+$/, '::')
+      end
+
+      def self.clazzes
+        {
+          "opvn" => Ovpn,
+          "gre" => Gre,
+          "host" => Host,
+          "device"=> Device,
+          "vrrp" => Vrrp,
+          "bridge" => Bridge,
+          "bond" => Bond,
+          "vlan" => Vlan,
+          "result" => Result,
+          "template" => Template,
+          "bgp" => Ipsec,
+          "ipsec" => Bgp
+        }
+      end
+      def self.clazz(name)
+        ret = self.clazzes[name]
+        throw "class not found #{name}" unless ret
+        ret
+      end
+
+      def self.create_host(name, cfg)
+        cfg['name'] = name
+        cfg['result'] = nil
+        host = Host.new(cfg)
+        host.result = Result.new(host)
+        host
+      end
+
+      def self.create_interface(name, cfg)
+        cfg['name'] = name
+        clazz(cfg['clazz']).new(cfg)
+        #cfg['name'] = name
+        #iface = Interface.new(cfg)
+        #iface
+      end
+
+      def self.create_bgp(cfg)
+        Bgp.new(cfg)
+      end
+
+      def self.create_ipsec(cfg)
+        Ipsec.new(cfg)
+      end
+    end
+  end
+end

data/lib/construqt/flavour/mikrotik/flavour_mikrotik_bgp.rb

@@ -0,0 +1,134 @@
+module Construqt
+  module Flavour
+    module Mikrotik
+
+      class Bgp < OpenStruct
+        def initialize(cfg)
+          super(cfg)
+        end
+
+        def self.write_filter(host)
+          Bgps.filters.each do |filter|
+            v4_name="v4-#{filter.name}"
+            v6_name="v6-#{filter.name}"
+            host.result.add("set [ find chain=#{v4_name.inspect} ] comment=to_remove", nil, "routing", "filter")
+            host.result.add("set [ find chain=#{v6_name.inspect} ] comment=to_remove", nil, "routing", "filter")
+            filter.list.each do |rule|
+              rule['network'].ips.each do |ip|
+                prefix_len = ""
+                if rule['prefix_length']
+                  prefix_len = "prefix-length=#{rule['prefix_length'].first}-#{rule['prefix_length'].last}"
+                end
+
+                host.result.add("add action=#{rule['rule']} chain=v#{ip.ipv4? ? '4':'6'}-#{filter.name} prefix=#{ip.to_string} #{prefix_len}", nil, "routing", "filter")
+              end
+            end
+
+            host.result.add("remove [ find comment=to_remove && (chain=#{v4_name.inspect} || chain=#{v6_name.inspect}) ]", nil, "routing", "filter")
+          end
+        end
+
+        def self.set_routing_bgp_instance(host, cfg)
+          default = {
+            "name" => Schema.string.required,
+            "as" => Schema.int.required.key,
+            "router-id"=> Schema.address.required,
+            "redistribute-connected" => Schema.boolean.default(true),
+            "redistribute-static" => Schema.boolean.default(true),
+            "redistribute-rip" => Schema.boolean.default(false),
+            "redistribute-ospf" => Schema.boolean.default(false),
+            "redistribute-other-bgp" => Schema.boolean.default(false),
+            "out-filter"=>Schema.identifier.default(nil),
+            "client-to-client-reflection"=>Schema.boolean.default(true),
+            "ignore-as-path-len"=>Schema.boolean.default(false),
+            "routing-table"=>Schema.identifier.default(nil),
+            "comment"=>Schema.string.default(nil)
+          }
+          host.result.render_mikrotik(default, cfg, "routing", "bgp", "instance")
+        end
+
+        def self.write_peer(host)
+          as_s = {}
+          Bgps.connections.each do |bgp|
+            as_s[bgp.left.as] ||= OpenStruct.new(:host => host) if bgp.left.my.host == host
+            as_s[bgp.right.as] ||= OpenStruct.new(:host => host) if bgp.right.my.host == host
+          end
+
+          as_s.each do |as, val|
+            host = val.host
+            #puts "****** #{host.name}"
+            digest=Digest::SHA256.hexdigest("#{host.name} #{host.id.first_ipv4.first_ipv4.to_s} #{as}")
+            net = host.id.first_ipv4.first_ipv4.to_s.split('.')[0..1]
+            net.push(digest[0..1].to_i(16).to_s)
+            net.push(digest[-2..-1].to_i(16).to_s)
+            router_id = IPAddress.parse(net.join('.')) # hack ..... achtung
+            cfg = as.to_h.inject({}){|r,(k,v)| r[k.to_s]=v; r }.merge({
+              "comment" => as.description,
+              "name"=>"#{as.name}",
+              "as" => as.num,
+              "router-id" => router_id}).inject({}) {|r,p| r[p.first.to_s] = p.last; r}
+            #puts ">>>#{cfg.inspect}"
+            set_routing_bgp_instance(host, cfg)
+          end
+
+          #puts ">>>>>> #{as_s.keys}"
+        end
+
+        def self.header(host)
+          #binding.pry if host.name == "s2b-l3-r01"
+          self.write_peer(host)
+          self.write_filter(host)
+        end
+
+        def set_routing_bgp_peer(cfg)
+          default = {
+            "name" => Schema.identifier.required.key,
+            "instance" => Schema.identifier.required,
+            "remote-address" => Schema.address.required,
+            "remote-as" => Schema.int.required,
+            "in-filter" => Schema.identifier.required,
+            "out-filter" => Schema.identifier.required,
+            "tcp-md5-key" => Schema.string.default(""),
+            "nexthop-choice" => Schema.identifier.default("force-self"),
+            "multihop" => Schema.boolean.default(false),
+            "route-reflect" => Schema.boolean.default(false),
+            "hold-time" => Schema.identifier.default("3m"),
+            "ttl" => Schema.identifier.default("default"),
+            "address-families" => Schema.identifier.required,
+            "default-originate" => Schema.identifier.default("never"),
+            "remove-private-as" => Schema.boolean.default(false),
+            "as-override" => Schema.boolean.default(false),
+            "passive" => Schema.boolean.default(false),
+            "use-bfd" => Schema.boolean.default(true),
+            "comment" => Schema.string.null
+          }
+          self.host.result.render_mikrotik(default, cfg, "routing", "bgp", "peer")
+        end
+
+        def build_config(unused, unused1)
+          #binding.pry
+          #puts "as=>#{self.as} #{self.other.my.host.name}"
+          self.other.my.address.first_ipv4 && set_routing_bgp_peer("name"=> "v4-#{self.other.my.host.name}-#{self.as.name}",
+                                                                   "comment" => "v4-#{self.other.my.host.name}-#{self.as.name}",
+                                                                   "instance" => "#{self.as.name}",
+                                                                   "remote-as" => self.other.as.num,
+                                                                   "address-families" => "ip",
+                                                                   "default-originate" => self.default_originate,
+                                                                   "remote-address" => self.other.my.address.first_ipv4,
+                                                                   "tcp-md5-key" => self.cfg.password,
+                                                                   "in-filter" => "v4-"+self.filter['in'].name,
+                                                                   "out-filter" => "v4-"+self.filter['out'].name)
+          self.other.my.address.first_ipv6 && set_routing_bgp_peer("name"=> "v6-#{self.other.my.host.name}-#{self.as.name}",
+                                                                   "comment" => "v6-#{self.other.my.host.name}-#{self.as.name}",
+                                                                   "instance" => "#{self.as.name}",
+                                                                   "remote-as" => self.other.as.num,
+                                                                   "address-families" => "ipv6",
+                                                                   "remote-address" => self.other.my.address.first_ipv6,
+                                                                   "tcp-md5-key" => self.cfg.password,
+                                                                   "in-filter" => "v6-"+self.filter['in'].name,
+                                                                   "out-filter" => "v6-"+self.filter['out'].name)
+        end
+      end
+    end
+  end
+end

data/lib/construqt/flavour/mikrotik/flavour_mikrotik_interface.rb

@@ -0,0 +1,79 @@
+module Construqt
+  module Flavour
+    module Mikrotik
+
+      class Interface
+
+        def self.render_ip(host, iface, ip)
+          cfg = {
+            "address" => ip,
+            "interface" => iface.name
+          }
+          if ip.ipv6?
+            default = {
+              "address" => Schema.addrprefix.required,
+              "interface" => Schema.identifier.required,
+              "advertise" => Schema.boolean.default(false),
+              "comment" => Schema.string.required.key
+            }
+            cfg['comment'] = "#{cfg['interface']}-#{cfg['address']}-CONSTRUQT"
+            #puts ">>>>>>>> #{cfg.inspect}"
+            host.result.render_mikrotik(default, cfg, "ipv6", "address")
+          else
+            default = {
+              "address" => Schema.addrprefix.required,
+              "interface" => Schema.identifier.required,
+              "comment" => Schema.string.required.key
+            }
+            cfg['comment'] = "#{cfg['interface']}-#{cfg['address']}-CONSTRUQT"
+            host.result.render_mikrotik(default, cfg, "ip", "address")
+          end
+        end
+
+        def self.render_route(host, iface, rt)
+          throw "dst via mismatch #{rt}" if rt.type.nil? and !(rt.dst.ipv6? == rt.via.ipv6? or rt.dst.ipv4? == rt.via.ipv4?)
+          cfg = {
+            "dst-address" => rt.dst,
+            "gateway" => rt.via,
+          }
+          if rt.type.nil?
+            cfg['gateway'] = rt.via
+          else
+            cfg['type'] = rt.type
+          end
+
+          cfg['distance'] = rt.metric if rt.metric
+          default = {
+            "dst-address" => Schema.network.required,
+            "gateway" => Schema.address,
+            "type" => Schema.identifier,
+            "distance" => Schema.int,
+            "comment" => Schema.string.required.key
+          }
+          cfg['comment'] = "#{cfg['dst-address']} via #{cfg['gateway']} CONSTRUQT"
+          if rt.dst.ipv6?
+            host.result.render_mikrotik(default, cfg, "ipv6", "route")
+          else
+            host.result.render_mikrotik(default, cfg, "ip", "route")
+          end
+        end
+
+        def self.build_config(host, iface)
+          #name = File.join(host.name, "interface", "device")
+          #ret = []
+          #ret += self.clazz.build_config(host, iface||self)
+          if !(iface.address.nil? || iface.address.ips.empty?)
+            iface.address.ips.each do |ip|
+              render_ip(host, iface, ip)
+            end
+
+            iface.address.routes.each do |rt|
+              render_route(host, iface, rt)
+            end
+          end
+          #ret
+        end
+      end
+    end
+  end
+end