construqt 0.0.5 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. checksums.yaml +4 -4
  2. data/lib/construqt/addresses.rb +121 -10
  3. data/lib/construqt/bgps.rb +10 -12
  4. data/lib/construqt/firewalls.rb +115 -16
  5. data/lib/construqt/flavour/ciscian/ciscian.rb +73 -93
  6. data/lib/construqt/flavour/ciscian/deploy_template.rb +36 -0
  7. data/lib/construqt/flavour/ciscian/dialect_dlink-dgs15xx.rb +62 -114
  8. data/lib/construqt/flavour/ciscian/dialect_hp-2510g.rb +74 -14
  9. data/lib/construqt/flavour/delegates.rb +9 -0
  10. data/lib/construqt/flavour/mikrotik/flavour_mikrotik.rb +0 -3
  11. data/lib/construqt/flavour/mikrotik/flavour_mikrotik_bgp.rb +12 -1
  12. data/lib/construqt/flavour/mikrotik/flavour_mikrotik_interface.rb +32 -1
  13. data/lib/construqt/flavour/mikrotik/flavour_mikrotik_result.rb +2 -0
  14. data/lib/construqt/flavour/mikrotik/flavour_mikrotik_schema.rb +3 -3
  15. data/lib/construqt/flavour/plantuml/plantuml.rb +2 -2
  16. data/lib/construqt/flavour/ubuntu/flavour_ubuntu.rb +24 -13
  17. data/lib/construqt/flavour/ubuntu/flavour_ubuntu_bgp.rb +16 -7
  18. data/lib/construqt/flavour/ubuntu/flavour_ubuntu_dns.rb +5 -5
  19. data/lib/construqt/flavour/ubuntu/flavour_ubuntu_firewall.rb +218 -67
  20. data/lib/construqt/flavour/ubuntu/flavour_ubuntu_ipsec.rb +33 -17
  21. data/lib/construqt/flavour/ubuntu/flavour_ubuntu_opvn.rb +5 -5
  22. data/lib/construqt/flavour/ubuntu/flavour_ubuntu_result.rb +77 -14
  23. data/lib/construqt/flavour/ubuntu/flavour_ubuntu_services.rb +77 -29
  24. data/lib/construqt/flavour/ubuntu/flavour_ubuntu_vrrp.rb +18 -3
  25. data/lib/construqt/interfaces.rb +25 -6
  26. data/lib/construqt/ipsecs.rb +5 -3
  27. data/lib/construqt/rack.rb +51 -0
  28. data/lib/construqt/resource.rb +25 -3
  29. data/lib/construqt/reverse.rb +1 -0
  30. data/lib/construqt/services.rb +15 -29
  31. data/lib/construqt/tags.rb +21 -15
  32. data/lib/construqt/templates.rb +17 -0
  33. data/lib/construqt/users.rb +4 -0
  34. data/lib/construqt/util.rb +1 -1
  35. data/lib/construqt/version.rb +1 -1
  36. data/lib/construqt/vlans.rb +13 -2
  37. data/lib/construqt.rb +2 -1
  38. metadata +4 -2
@@ -13,6 +13,30 @@ module Construqt
13
13
  def commit
14
14
  end
15
15
 
16
+ def sort_section_keys(keys)
17
+ return keys.sort do |a,b|
18
+ a = a.to_s
19
+ b = b.to_s
20
+ match_a=/^(.*[^\d])(\d+)$/.match(a)||[nil,a,1]
21
+ match_b=/^(.*[^\d])(\d+)$/.match(b)||[nil,b,1]
22
+ #puts match_a, match_b, a, b
23
+ ret=0
24
+ ret = rate_higher("hostname", match_a[1], match_b[1]) if ret==0
25
+ ret = rate_higher("snmp", match_a[1], match_b[1]) if ret==0
26
+ ret = rate_higher("trunk", match_a[1], match_b[1]) if ret==0
27
+ ret = rate_higher("max-vlans", match_a[1], match_b[1]) if ret==0
28
+ ret = rate_higher("vlan", match_a[1], match_b[1]) if ret==0
29
+ ret = rate_higher("vlan", match_a[1], match_b[1]) if ret==0
30
+ ret = match_a[1]<=>match_b[1] if ret==0
31
+ ret = match_a[2].to_i<=>match_b[2].to_i if ret==0
32
+ ret
33
+ end
34
+ end
35
+
36
+ def rate_higher(prefix, a, b)
37
+ return a.start_with?(prefix) ^ b.start_with?(prefix) ? (a.start_with?(prefix) ? -1 : 1) : 0
38
+ end
39
+
16
40
  def expand_vlan_device_name(device)
17
41
  expand_device_name(device, { "po" => "Trk%s", "ge" => "%s" })
18
42
  end
@@ -25,45 +49,71 @@ module Construqt
25
49
  end
26
50
 
27
51
  def add_host(host)
28
- @result.add("hostname", Ciscian::SingleValueVerb).add(@result.host.name)
29
- @result.add("max-vlans", Ciscian::SingleValueVerb).add(64)
30
- @result.add("snmp-server community \"public\" Unrestricted", Ciscian::SingleValueVerb)
52
+ @result.add("hostname").add(@result.host.name).quotes
53
+ @result.add("max-vlans").add(64)
54
+ @result.add("snmp-server community \"public\"")
55
+
56
+ #enable ssh per default
57
+ @result.add("ip ssh")
58
+
31
59
  @result.host.interfaces.values.each do |iface|
32
60
  next unless iface.delegate.address
33
61
  iface.delegate.address.routes.each do |route|
34
- @result.add("ip route #{route.dst.to_s} #{route.dst.netmask} #{route.via.to_s}", Ciscian::SingleValueVerb)
62
+ @result.add("ip route #{route.dst.to_s} #{route.dst.netmask} #{route.via.to_s}")
35
63
  end
36
64
  end
65
+
66
+ if host.delegate.sntp
67
+ @result.add("sntp server").add(host.delegate.sntp)
68
+ @result.add("timesync sntp")
69
+ @result.add("sntp unicast")
70
+ end
71
+
72
+ if host.delegate.logging
73
+ @result.add("logging").add(host.delegate.logging)
74
+ end
75
+
37
76
  end
38
77
 
39
78
  def add_device(device)
40
79
  end
41
80
 
42
81
  def add_bond(bond)
43
- @result.add("trunk", TrunkVerb).add("{+ports}" => bond.interfaces.map{|i| i.delegate.number }, "{*channel}" => bond.delegate.number)
82
+ @result.add("trunk", TrunkVerb).add("{+ports}" => bond.interfaces.map{|i| i.delegate.number }, "{*channel}" => bond.delegate.number, "{=mode}"=>"LACP")
44
83
  @result.add("spanning-tree #{expand_vlan_device_name(bond)} priority 4")
45
84
  end
46
85
 
47
86
  def add_vlan(vlan)
48
- @result.add("vlan #{vlan.delegate.vlan_id} jumbo") do |section|
87
+ @result.add("vlan #{vlan.delegate.vlan_id}", NestedSection) do |section|
49
88
  next unless vlan.delegate.description && !vlan.delegate.description.empty?
50
89
  throw "vlan name too long, max 32 chars" if vlan.delegate.description.length > 32
51
- section.add("name", Ciscian::SingleValueVerb).add(vlan.delegate.description)
90
+ section.add("name").add(vlan.delegate.description).quotes
91
+ section.add("jumbo")
52
92
  vlan.interfaces.each do |port|
53
-
54
- section.add({
55
- true => "tagged",
56
- false => "untagged"
57
- }[port.template.is_tagged?(vlan.vlan_id)], Ciscian::RangeVerb).add(expand_vlan_device_name(port))
93
+ range=nil
94
+ if port.template.is_tagged?(vlan.vlan_id)
95
+ range=section.add("tagged", Tagged)
96
+ range.add("{+ports}" => [expand_vlan_device_name(port)])
97
+ elsif port.template.is_untagged?(vlan.vlan_id)
98
+ range=section.add("tagged", Tagged)
99
+ range.add("{+uports}" => [expand_vlan_device_name(port)])
100
+ elsif port.template.is_nountagged?(vlan.vlan_id)
101
+ range=section.add("tagged", Tagged)
102
+ range.add("{-uports}" => [expand_vlan_device_name(port)])
103
+ end
58
104
  end
59
105
 
60
106
  if vlan.delegate.address
61
107
  if vlan.delegate.address.first_ipv4
62
- section.add("ip address").add(vlan.delegate.address.first_ipv4.to_string)
108
+ section.add("ip address").add(vlan.delegate.address.first_ipv4.to_s + " " + vlan.delegate.address.first_ipv4.netmask)
63
109
  elsif vlan.delegate.address.dhcpv4?
64
110
  section.add("ip address").add("dhcp-bootp")
65
111
  end
66
112
  end
113
+
114
+ if vlan.delegate.igmp
115
+ section.add("ip igmp")
116
+ end
67
117
  end
68
118
  end
69
119
 
@@ -81,6 +131,10 @@ module Construqt
81
131
  end.flatten.join(' ')
82
132
  end
83
133
 
134
+ def is_virtual?(line)
135
+ line.include?("vlan")
136
+ end
137
+
84
138
  def block_end?(line)
85
139
  ['end','exit'].include?(line.strip)
86
140
  end
@@ -101,8 +155,14 @@ module Construqt
101
155
  "trunk"
102
156
  end
103
157
 
158
+ def self.find_regex(variable)
159
+ {
160
+ "mode" => "(Trunk|LACP)"
161
+ }[variable]
162
+ end
163
+
104
164
  def self.patterns
105
- ["no trunk {-ports}", "trunk {+ports} Trk{*channel} Trunk"]
165
+ ["no trunk {-ports}", "trunk {+ports} Trk{*channel} {=mode}"]
106
166
  end
107
167
  end
108
168
  end
@@ -9,6 +9,7 @@ module Construqt
9
9
 
10
10
  def delegate=(a)
11
11
  throw "delegate needs to be !nil" unless a
12
+ a.delegate = self
12
13
  @delegate = a
13
14
  end
14
15
 
@@ -28,6 +29,14 @@ module Construqt
28
29
  @vrrp
29
30
  end
30
31
 
32
+ def ipsec
33
+ self.delegate.ipsec
34
+ end
35
+
36
+ def firewalls
37
+ self.delegate.firewalls
38
+ end
39
+
31
40
  def description
32
41
  self.delegate.description
33
42
  end
@@ -408,9 +408,6 @@ OUT
408
408
  def self.create_interface(name, cfg)
409
409
  cfg['name'] = name
410
410
  clazz(cfg['clazz']).new(cfg)
411
- #cfg['name'] = name
412
- #iface = Interface.new(cfg)
413
- #iface
414
411
  end
415
412
 
416
413
  def self.create_bgp(cfg)
@@ -14,7 +14,16 @@ module Construqt
14
14
  host.result.add("set [ find chain=#{v4_name.inspect} ] comment=to_remove", nil, "routing", "filter")
15
15
  host.result.add("set [ find chain=#{v6_name.inspect} ] comment=to_remove", nil, "routing", "filter")
16
16
  filter.list.each do |rule|
17
- rule['network'].ips.each do |ip|
17
+ nets = rule['network']
18
+ if nets.kind_of?(String)
19
+ #binding.pry
20
+ nets = Construqt::Tags.find(nets, Construqt::Addresses::IPV4) + Construqt::Tags.find(nets, Construqt::Addresses::IPV6)
21
+ # puts ">>>>>>>>>> #{nets.map{|i| i.class.name}}"
22
+ nets = IPAddress::summarize(nets)
23
+ else
24
+ nets = nets.ips
25
+ end
26
+ nets.each do |ip|
18
27
  prefix_len = ""
19
28
  if rule['prefix_length']
20
29
  prefix_len = "prefix-length=#{rule['prefix_length'].first}-#{rule['prefix_length'].last}"
@@ -115,6 +124,7 @@ module Construqt
115
124
  "address-families" => "ip",
116
125
  "default-originate" => self.default_originate,
117
126
  "remote-address" => self.other.my.address.first_ipv4,
127
+ "use-bfd" => self.cfg.use_bfd.kind_of?(false.class) ? false : true,
118
128
  "tcp-md5-key" => self.cfg.password,
119
129
  "in-filter" => "v4-"+self.filter['in'].name,
120
130
  "out-filter" => "v4-"+self.filter['out'].name)
@@ -124,6 +134,7 @@ module Construqt
124
134
  "remote-as" => self.other.as.num,
125
135
  "address-families" => "ipv6",
126
136
  "remote-address" => self.other.my.address.first_ipv6,
137
+ "use-bfd" => self.cfg.use_bfd.kind_of?(false.class) ? false : true,
127
138
  "tcp-md5-key" => self.cfg.password,
128
139
  "in-filter" => "v6-"+self.filter['in'].name,
129
140
  "out-filter" => "v6-"+self.filter['out'].name)
@@ -43,12 +43,16 @@ module Construqt
43
43
  end
44
44
 
45
45
  cfg['distance'] = rt.metric if rt.metric
46
+
47
+ cfg['routing-mark'] = rt.routing_table if rt.routing_table
48
+
46
49
  default = {
47
50
  "dst-address" => Schema.network.required.key(0),
48
51
  "gateway" => Schema.address,
49
52
  "type" => Schema.identifier,
50
53
  "distance" => Schema.int,
51
- "comment" => Schema.string.required.key(1)
54
+ "comment" => Schema.string.required.key(1),
55
+ "routing-mark" => Schema.identifier
52
56
  }
53
57
  cfg['comment'] = "#{cfg['dst-address']} via #{cfg['gateway']} CONSTRUQT"
54
58
  if rt.dst.ipv6?
@@ -58,10 +62,37 @@ module Construqt
58
62
  end
59
63
  end
60
64
 
65
+ def self.render_firewall_mangle(host, iface)
66
+ cfg = {
67
+ "in-interface" => iface.name,
68
+ "new-routing-mark" => iface.routing_table,
69
+ "chain" => "prerouting",
70
+ "action" => "mark-routing"
71
+ }
72
+ cfg['comment'] = "tag interface #{cfg['in-interface']} with routing-mark #{cfg['new-routing-mark']} CONSTRUQT"
73
+
74
+ default = {
75
+ "chain" => Schema.identifier.required,
76
+ "action" => Schema.identifier.required,
77
+ "new-routing-mark" => Schema.identifier.required,
78
+ "in-interface" => Schema.identifier.required,
79
+ "comment" => Schema.string.required.key(1),
80
+ }
81
+
82
+ host.result.render_mikrotik(default, cfg, "ipv6", "firewall", "mangle")
83
+ host.result.render_mikrotik(default, cfg, "ip", "firewall", "mangle")
84
+ end
85
+
86
+
61
87
  def self.build_config(host, iface)
88
+ if iface.routing_table
89
+ render_firewall_mangle(host, iface)
90
+ end
91
+
62
92
  #name = File.join(host.name, "interface", "device")
63
93
  #ret = []
64
94
  #ret += self.clazz.build_config(host, iface||self)
95
+
65
96
  if !(iface.address.nil? || iface.address.ips.empty?)
66
97
  iface.address.ips.each do |ip|
67
98
  render_ip(host, iface, ip)
@@ -155,9 +155,11 @@ module Construqt
155
155
  "interface vrrp",
156
156
  "interface gre6",
157
157
  "ipv6 address",
158
+ "ipv6 firewall mangle",
158
159
  "ipv6 route",
159
160
  "ip address",
160
161
  "ip dns",
162
+ "ip firewall mangle",
161
163
  "ip route",
162
164
  "ip ipsec proposal",
163
165
  "ip ipsec peer",
@@ -101,7 +101,7 @@ module Construqt
101
101
  end
102
102
 
103
103
  def self.serialize(schema, val)
104
- throw "Address:val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
104
+ throw "Address:val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(Construqt::Addresses::CqIpAddress) || val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
105
105
  # throw "only 0-9:\.\/ are allowed #{val}" unless val.match(/^[a-fA-F0-9:\.\/]+$/)
106
106
  return Flavour::Mikrotik.compress_address(val)
107
107
  end
@@ -113,7 +113,7 @@ module Construqt
113
113
  end
114
114
 
115
115
  def self.serialize(schema, val)
116
- throw "Address:val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
116
+ throw "Address:val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(Construqt::Addresses::CqIpAddress) || val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
117
117
  # throw "only 0-9:\.\/ are allowed #{val}" unless val.match(/^[a-fA-F0-9:\.\/]+$/)
118
118
  return "#{Flavour::Mikrotik.compress_address(val)}/#{val.prefix}"
119
119
  end
@@ -125,7 +125,7 @@ module Construqt
125
125
  end
126
126
 
127
127
  def self.serialize(schema, val)
128
- throw "Network::val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
128
+ throw "Network::val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(Construqt::Addresses::CqIpAddress) || val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
129
129
  #throw "only 0-9:\.\/ are allowed #{val}" unless val.match(/^[a-fA-F0-9:\.\/]+$/)
130
130
  return "#{Flavour::Mikrotik.compress_address(val)}/#{val.prefix}"
131
131
  end
@@ -138,11 +138,11 @@ UML
138
138
  end
139
139
  end
140
140
 
141
- iface.delegate.firewalls && iface.delegate.firewalls.each_with_index do |fw, idx|
141
+ iface.delegate && iface.delegate.firewalls && iface.delegate.firewalls.each_with_index do |fw, idx|
142
142
  out << "fw(#{idx}) = \"#{fw.name}\""
143
143
  end
144
144
 
145
- (iface.tags+tags).sort.uniq.each_with_index do |tag, idx|
145
+ iface.tags && (iface.tags+tags).sort.uniq.each_with_index do |tag, idx|
146
146
  out << "tag(#{idx}) = \"#{tag}\""
147
147
  end
148
148
 
@@ -39,7 +39,8 @@ module Construqt
39
39
  return
40
40
  end
41
41
 
42
- writer.header.mode(EtcNetworkInterfaces::Entry::Header::MODE_DHCP) if iface.address.dhcpv4?
42
+ writer.header.dhcpv4 if iface.address.dhcpv4?
43
+ writer.header.dhcpv6 if iface.address.dhcpv6?
43
44
  writer.header.mode(EtcNetworkInterfaces::Entry::Header::MODE_LOOPBACK) if iface.address.loopback?
44
45
  lines.add(iface.flavour) if iface.flavour
45
46
  iface.address.ips.each do |ip|
@@ -83,6 +84,15 @@ module Construqt
83
84
  writer.lines.down("ip link set dev #{ifname} down")
84
85
  add_address(host, ifname, iface.delegate, writer.lines, writer) #unless iface.address.nil? || iface.address.ips.empty?
85
86
  add_services(host, ifname, iface.delegate, writer)
87
+ host.ipsecs.find do |ipsec|
88
+ if ipsec.left.remote.interface == iface || ipsec.right.remote.interface == iface
89
+ writer.lines.up("STARTED_BY_CONSTRUQT=yes /etc/init.d/racoon start")
90
+ writer.lines.down("STARTED_BY_CONSTRUQT=yes /etc/init.d/racoon restart")
91
+ true
92
+ else
93
+ false
94
+ end
95
+ end
86
96
  end
87
97
  end
88
98
 
@@ -142,7 +152,7 @@ BOND
142
152
  end
143
153
 
144
154
  def build_config(host, unused)
145
- host.result.add(self, <<SCTL, Construqt::Resources::Rights::ROOT_0644, "etc", "sysctl.conf")
155
+ host.result.add(self, <<SCTL, Construqt::Resources::Rights.root_0644, "etc", "sysctl.conf")
146
156
  net.ipv4.conf.all.forwarding = 1
147
157
  net.ipv4.conf.default.forwarding = 1
148
158
  net.ipv4.vs.pmtu_disc=1
@@ -151,7 +161,7 @@ net.ipv6.conf.all.autoconf=0
151
161
  net.ipv6.conf.all.accept_ra=0
152
162
  net.ipv6.conf.all.forwarding=1
153
163
  SCTL
154
- host.result.add(self, <<HOSTS, Construqt::Resources::Rights::ROOT_0644, "etc", "hosts")
164
+ host.result.add(self, <<HOSTS, Construqt::Resources::Rights.root_0644, "etc", "hosts")
155
165
  127.0.0.1 localhost
156
166
  ::1 localhost ip6-localhost ip6-loopback
157
167
  fe00::0 ip6-localnet
@@ -161,12 +171,12 @@ ff02::2 ip6-allrouters
161
171
 
162
172
  127.0.1.1 #{host.name} #{host.region.network.fqdn(host.name)}
163
173
  HOSTS
164
- host.result.add(self, host.name, Construqt::Resources::Rights::ROOT_0644, "etc", "hostname")
165
- host.result.add(self, "# WTF resolvconf", Construqt::Resources::Rights::ROOT_0644, "etc", "resolvconf", "resolv.conf.d", "orignal");
174
+ host.result.add(self, host.name, Construqt::Resources::Rights.root_0644, "etc", "hostname")
175
+ host.result.add(self, "# WTF resolvconf", Construqt::Resources::Rights.root_0644, "etc", "resolvconf", "resolv.conf.d", "orignal");
166
176
  host.result.add(self,
167
177
  (host.region.network.dns_resolver.nameservers.ips.map{|i| "nameserver #{i.to_s}" }+
168
178
  ["search #{host.region.network.dns_resolver.search.join(' ')}"]).join("\n"),
169
- Construqt::Resources::Rights::ROOT_0644, "etc", "resolv.conf")
179
+ Construqt::Resources::Rights.root_0644, "etc", "resolv.conf")
170
180
  #binding.pry
171
181
  Dns.build_config(host) if host.delegate.dns_server
172
182
  akeys = []
@@ -178,11 +188,11 @@ HOSTS
178
188
  skeys << "#{u.shadow}" if u.shadow
179
189
  end
180
190
 
181
- host.result.add(self, skeys.join(), Construqt::Resources::Rights::ROOT_0644, "etc", "shadow.merge")
182
- host.result.add(self, akeys.join(), Construqt::Resources::Rights::ROOT_0644, "root", ".ssh", "authorized_keys")
183
- host.result.add(self, ykeys.join("\n"), Construqt::Resources::Rights::ROOT_0644, "etc", "yubikey_mappings")
191
+ #host.result.add(self, skeys.join(), Construqt::Resources::Rights.root_0644, "etc", "shadow.merge")
192
+ host.result.add(self, akeys.join(), Construqt::Resources::Rights.root_0644, "root", ".ssh", "authorized_keys")
193
+ host.result.add(self, ykeys.join("\n"), Construqt::Resources::Rights.root_0644, "etc", "yubikey_mappings")
184
194
 
185
- host.result.add(self, <<SSH , Construqt::Resources::Rights::ROOT_0644, "etc", "ssh", "sshd_config")
195
+ host.result.add(self, <<SSH , Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::SSH), "etc", "ssh", "sshd_config")
186
196
  # Package generated configuration file
187
197
  # See the sshd_config(5) manpage for details
188
198
 
@@ -272,7 +282,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
272
282
  # and ChallengeResponseAuthentication to 'no'.
273
283
  UsePAM yes
274
284
  SSH
275
- host.result.add(self, <<PAM , Construqt::Resources::Rights::ROOT_0644, "etc", "pam.d", "openvpn")
285
+ host.result.add(self, <<PAM , Construqt::Resources::Rights::root_0644, "etc", "pam.d", "openvpn")
276
286
  #{host.delegate.yubikey ? '':'# '}auth required pam_yubico.so id=16 authfile=/etc/yubikey_mappings
277
287
  auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass
278
288
  auth requisite pam_deny.so
@@ -297,7 +307,6 @@ PAM
297
307
 
298
308
  def build_config(host, gre)
299
309
  gre_delegate = gre.delegate
300
- # binding.pry
301
310
  cfg = nil
302
311
  if gre_delegate.local.first_ipv6
303
312
  cfg = OpenStruct.new(:prefix=>6, :my=>gre_delegate.local.first_ipv6, :other => gre_delegate.remote.first_ipv6, :mode => "ip6gre")
@@ -306,7 +315,7 @@ PAM
306
315
  end
307
316
 
308
317
  throw "need a local address #{host.name}:#{gre_delegate.name}" unless cfg
309
- local_iface = host.interfaces.values.find { |iface| iface.address.match_network(cfg.my) }
318
+ local_iface = host.interfaces.values.find { |iface| iface.address && iface.address.match_network(cfg.my) }
310
319
  throw "need a interface with address #{host.name}:#{cfg.my}" unless local_iface
311
320
  iname = Util.clean_if("gt#{cfg.prefix}", gre_delegate.name)
312
321
 
@@ -318,6 +327,8 @@ PAM
318
327
  writer = host.result.etc_network_interfaces.get(gre_delegate)
319
328
  writer.skip_interfaces.header.interface_name(iname)
320
329
  writer.lines.up("ip -#{cfg.prefix} tunnel add #{iname} mode #{cfg.mode} local #{cfg.my.to_s} remote #{cfg.other.to_s}")
330
+ #writer.lines.up("ip -#{cfg.prefix} tunnel add #{iname} mode #{cfg.mode} local #{cfg.my.to_s} remote #{cfg.other.to_s}")
331
+ #/sbin/ip -6 tunnel add gt4nactr01 mode ip4ip6 remote 2a04:2f80:f:f003::2 local 2a04:2f80:f:f003::1
321
332
  # writer.lines.up("ip -#{cfg.prefix} link set dev #{iname} up")
322
333
  Device.build_config(host, gre)
323
334
  # Device.add_address(host, iname, iface, writer.lines, writer)
@@ -10,10 +10,16 @@ module Construqt
10
10
  def self.header(host)
11
11
  return if host.bgps.empty?
12
12
  # binding.pry
13
- bird_v4 = self.header_bird(host, OpenStruct.new(:net_clazz => IPAddress::IPv4, :filter => lambda {|ip| ip.ipv4? }))
14
- host.result.add(self, bird_v4, Construqt::Resources::Rights::ROOT_0644, "etc", "bird", "bird.conf")
15
- bird_v6 = self.header_bird(host, OpenStruct.new(:net_clazz => IPAddress::IPv6, :filter => lambda {|ip| ip.ipv6? }))
16
- host.result.add(self, bird_v6, Construqt::Resources::Rights::ROOT_0644, "etc", "bird", "bird6.conf")
13
+ bird_v4 = self.header_bird(host, OpenStruct.new(:net_clazz => lambda {|o|
14
+ (o.kind_of?(IPAddress::IPv4)||o.kind_of?(Construqt::Addresses::CqIpAddress)) && o.ipv4?
15
+ },
16
+ :filter => lambda {|ip| ip.ipv4? }))
17
+ host.result.add(self, bird_v4, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::BGP), "etc", "bird", "bird.conf")
18
+ bird_v6 = self.header_bird(host, OpenStruct.new(:net_clazz => lambda {|o|
19
+ (o.kind_of?(IPAddress::IPv6)||o.kind_of?(Construqt::Addresses::CqIpAddress)) && o.ipv6?
20
+ },
21
+ :filter => lambda {|ip| ip.ipv6? }))
22
+ host.result.add(self, bird_v6, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::BGP), "etc", "bird", "bird6.conf")
17
23
  end
18
24
 
19
25
  def self.header_bird(host, mode)
@@ -40,6 +46,7 @@ BGP
40
46
  filter.list.each do |rule|
41
47
  nets = rule['network']
42
48
  if nets.kind_of?(String)
49
+ #binding.pry
43
50
  nets = Construqt::Tags.find(nets, mode.net_clazz)
44
51
  # puts ">>>>>>>>>> #{nets.map{|i| i.class.name}}"
45
52
  nets = IPAddress::summarize(nets)
@@ -50,7 +57,9 @@ BGP
50
57
  nets.each do |ip|
51
58
  next unless mode.filter.call(ip)
52
59
  ip_str = ip.to_string
53
- if rule['prefix_length']
60
+ if rule['addr_sub_prefix']
61
+ ip_str = "#{ip.to_string}{#{ip.prefix},#{ip.ipv4? ? 32 : 128}}"
62
+ elsif rule['prefix_length']
54
63
  ip_str = "#{ip.to_string}{#{rule['prefix_length'].first},#{rule['prefix_length'].last}}"
55
64
  end
56
65
 
@@ -66,7 +75,7 @@ BGP
66
75
 
67
76
  def build_bird_conf
68
77
  if self.my.address.first_ipv4 && self.other.my.address.first_ipv4
69
- self.my.host.result.add(self, <<BGP, Construqt::Resources::Rights::ROOT_0644, "etc", "bird", "bird.conf")
78
+ self.my.host.result.add(self, <<BGP, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::BGP), "etc", "bird", "bird.conf")
70
79
  protocol bgp #{Util.clean_bgp(self.my.host.name)}_#{Util.clean_bgp(self.other.host.name)} {
71
80
  description "#{self.my.host.name} <=> #{self.other.host.name}";
72
81
  direct;
@@ -85,7 +94,7 @@ BGP
85
94
  def build_bird6_conf
86
95
  # binding.pry
87
96
  if self.my.address.first_ipv6 && self.other.my.address.first_ipv6
88
- self.my.host.result.add(self, <<BGP, Construqt::Resources::Rights::ROOT_0644, "etc", "bird", "bird6.conf")
97
+ self.my.host.result.add(self, <<BGP, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::BGP), "etc", "bird", "bird6.conf")
89
98
  protocol bgp #{Util.clean_bgp(self.my.host.name)}_#{Util.clean_bgp(self.other.host.name)} {
90
99
  description "#{self.my.host.name} <=> #{self.other.host.name}";
91
100
  direct;
@@ -70,18 +70,18 @@ OUT
70
70
  include = {}
71
71
  forward.each do |domain, lines|
72
72
  include[domain] = "/etc/bind/tables/#{domain}.forward"
73
- host.result.add(self, write_header(host.region, domain), Construqt::Resources::Rights::ROOT_0644, "etc/bind/tables", "#{domain}.forward")
74
- host.result.add(self, lines.sort.join("\n"), Construqt::Resources::Rights::ROOT_0644, "etc/bind/tables", "#{domain}.forward")
73
+ host.result.add(self, write_header(host.region, domain), Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::DNS), "etc/bind/tables", "#{domain}.forward")
74
+ host.result.add(self, lines.sort.join("\n"), Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::DNS), "etc/bind/tables", "#{domain}.forward")
75
75
  end
76
76
 
77
77
  reverse.each do |domain, lines|
78
78
  include[domain.rev_domains.first] = "/etc/bind/tables/#{domain}.reverse"
79
- host.result.add(self, write_header(host.region, domain.rev_domains.first), Construqt::Resources::Rights::ROOT_0644, "etc/bind/tables", "#{domain.to_s}.reverse")
80
- host.result.add(self, lines.values.sort.join("\n"), Construqt::Resources::Rights::ROOT_0644, "etc/bind/tables", "#{domain.to_s}.reverse")
79
+ host.result.add(self, write_header(host.region, domain.rev_domains.first), Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::DNS), "etc/bind/tables", "#{domain.to_s}.reverse")
80
+ host.result.add(self, lines.values.sort.join("\n"), Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::DNS), "etc/bind/tables", "#{domain.to_s}.reverse")
81
81
  end
82
82
 
83
83
  include.each do |domain,path|
84
- host.result.add(self, <<DNS, Construqt::Resources::Rights::ROOT_0644, "etc/bind/named.conf.local")
84
+ host.result.add(self, <<DNS, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::DNS), "etc/bind/named.conf.local")
85
85
  zone "#{domain.to_s}" {
86
86
  type master;
87
87
  file "#{path}";