construqt 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/construqt/addresses.rb +121 -10
- data/lib/construqt/bgps.rb +10 -12
- data/lib/construqt/firewalls.rb +115 -16
- data/lib/construqt/flavour/ciscian/ciscian.rb +73 -93
- data/lib/construqt/flavour/ciscian/deploy_template.rb +36 -0
- data/lib/construqt/flavour/ciscian/dialect_dlink-dgs15xx.rb +62 -114
- data/lib/construqt/flavour/ciscian/dialect_hp-2510g.rb +74 -14
- data/lib/construqt/flavour/delegates.rb +9 -0
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik.rb +0 -3
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_bgp.rb +12 -1
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_interface.rb +32 -1
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_result.rb +2 -0
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_schema.rb +3 -3
- data/lib/construqt/flavour/plantuml/plantuml.rb +2 -2
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu.rb +24 -13
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_bgp.rb +16 -7
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_dns.rb +5 -5
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_firewall.rb +218 -67
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_ipsec.rb +33 -17
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_opvn.rb +5 -5
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_result.rb +77 -14
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_services.rb +77 -29
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_vrrp.rb +18 -3
- data/lib/construqt/interfaces.rb +25 -6
- data/lib/construqt/ipsecs.rb +5 -3
- data/lib/construqt/rack.rb +51 -0
- data/lib/construqt/resource.rb +25 -3
- data/lib/construqt/reverse.rb +1 -0
- data/lib/construqt/services.rb +15 -29
- data/lib/construqt/tags.rb +21 -15
- data/lib/construqt/templates.rb +17 -0
- data/lib/construqt/users.rb +4 -0
- data/lib/construqt/util.rb +1 -1
- data/lib/construqt/version.rb +1 -1
- data/lib/construqt/vlans.rb +13 -2
- data/lib/construqt.rb +2 -1
- metadata +4 -2
@@ -225,8 +225,8 @@ OTHER
|
|
225
225
|
class Entry
|
226
226
|
class Header
|
227
227
|
MODE_MANUAL = :manual
|
228
|
-
MODE_DHCP = :dhcp
|
229
228
|
MODE_LOOPBACK = :loopback
|
229
|
+
MODE_DHCP = :dhcp
|
230
230
|
PROTO_INET6 = :inet6
|
231
231
|
PROTO_INET4 = :inet
|
232
232
|
AUTO = :auto
|
@@ -235,6 +235,16 @@ OTHER
|
|
235
235
|
self
|
236
236
|
end
|
237
237
|
|
238
|
+
def dhcpv4
|
239
|
+
@mode = MODE_DHCP
|
240
|
+
self
|
241
|
+
end
|
242
|
+
|
243
|
+
def dhcpv6
|
244
|
+
@dhcpv6 = true
|
245
|
+
self
|
246
|
+
end
|
247
|
+
|
238
248
|
def protocol(protocol)
|
239
249
|
@protocol = protocol
|
240
250
|
self
|
@@ -263,9 +273,11 @@ OTHER
|
|
263
273
|
|
264
274
|
def commit
|
265
275
|
return "" if @entry.skip_interfaces?
|
276
|
+
ipv6_dhcp = "iface #{get_interface_name} inet6 dhcp" if @dhcpv6
|
266
277
|
out = <<OUT
|
267
278
|
# #{@entry.iface.clazz}
|
268
279
|
#{@auto ? "auto #{get_interface_name}" : ""}
|
280
|
+
#{ipv6_dhcp||""}
|
269
281
|
iface #{get_interface_name} #{@protocol.to_s} #{@mode.to_s}
|
270
282
|
up /bin/bash /etc/network/#{get_interface_name}-up.iface
|
271
283
|
down /bin/bash /etc/network/#{get_interface_name}-down.iface
|
@@ -293,19 +305,19 @@ OUT
|
|
293
305
|
@lines += block.each_line.map{|i| i.strip }.select{|i| !i.empty? }
|
294
306
|
end
|
295
307
|
|
296
|
-
def write_s(direction, blocks)
|
297
|
-
@entry.result.add(self.class, <<BLOCK, Construqt::Resources::Rights
|
308
|
+
def write_s(component, direction, blocks)
|
309
|
+
@entry.result.add(self.class, <<BLOCK, Construqt::Resources::Rights.root_0755(component), "etc", "network", "#{@entry.header.get_interface_name}-#{direction}.iface")
|
298
310
|
#!/bin/bash
|
299
311
|
exec > >(logger -t "#{@entry.header.get_interface_name}-#{direction}") 2>&1
|
300
312
|
#{blocks.join("\n")}
|
301
|
-
iptables-restore < /etc/network/iptables.cfg
|
302
|
-
ip6tables-restore < /etc/network/ip6tables.cfg
|
303
313
|
BLOCK
|
314
|
+
#iptables-restore < /etc/network/iptables.cfg
|
315
|
+
#ip6tables-restore < /etc/network/ip6tables.cfg
|
304
316
|
end
|
305
317
|
|
306
318
|
def commit
|
307
|
-
write_s("up", @ups)
|
308
|
-
write_s("down", @downs)
|
319
|
+
write_s(@entry.iface.class.name, "up", @ups)
|
320
|
+
write_s(@entry.iface.class.name, "down", @downs)
|
309
321
|
sections = @lines.inject({}) {|r, line| key = line.split(/\s+/).first; r[key] ||= []; r[key] << line; r }
|
310
322
|
sections.keys.sort.map do |key|
|
311
323
|
if sections[key]
|
@@ -429,7 +441,12 @@ BLOCK
|
|
429
441
|
def commit(result)
|
430
442
|
@interfaces.keys.sort.each do |ifname|
|
431
443
|
vrrp = @interfaces[ifname]
|
432
|
-
result.add(self, <<VRRP, Construqt::Resources::Rights::
|
444
|
+
result.add(self, <<VRRP, Construqt::Resources::Rights.root_0755(Construqt::Resources::Component::VRRP), "etc", "network", "vrrp.#{ifname}.stop.sh")
|
445
|
+
#!/bin/bash
|
446
|
+
#{vrrp.render_backups}
|
447
|
+
exit 0
|
448
|
+
VRRP
|
449
|
+
result.add(self, <<VRRP, Construqt::Resources::Rights.root_0755(Construqt::Resources::Component::VRRP), "etc", "network", "vrrp.#{ifname}.sh")
|
433
450
|
#!/bin/bash
|
434
451
|
|
435
452
|
TYPE=$1
|
@@ -473,6 +490,10 @@ VRRP
|
|
473
490
|
@host
|
474
491
|
end
|
475
492
|
|
493
|
+
def add_component(component)
|
494
|
+
@result[component] ||= ArrayWithRight.new(Construqt::Resources::Rights.root_0644(component))
|
495
|
+
end
|
496
|
+
|
476
497
|
def empty?(name)
|
477
498
|
not @result[name]
|
478
499
|
end
|
@@ -515,12 +536,55 @@ VRRP
|
|
515
536
|
'/'+File.dirname(fname)+"/.#{File.basename(fname)}.import"
|
516
537
|
end
|
517
538
|
|
539
|
+
def component_to_packages(component)
|
540
|
+
cp = Construqt::Resources::Component
|
541
|
+
ret = {
|
542
|
+
cp::UNREF => {},
|
543
|
+
"Construqt::Flavour::DeviceDelegate" => {},
|
544
|
+
"Construqt::Flavour::Ubuntu::Bond" => { "ifenslave" => true },
|
545
|
+
"Construqt::Flavour::VlanDelegate" => { "vlan" => true },
|
546
|
+
"Construqt::Flavour::Ubuntu::Gre" => { },
|
547
|
+
"Construqt::Flavour::BridgeDelegate" => { "bridge-utils" => true },
|
548
|
+
cp::NTP => { "ntpd" => true},
|
549
|
+
cp::USB_MODESWITCH => { "usb-modeswitch" => true, "usb-modeswitch-data" => true },
|
550
|
+
cp::VRRP => { "keepalived" => true },
|
551
|
+
cp::FW4 => { "iptables" => true, "ulogd2" => true },
|
552
|
+
cp::FW6 => { "iptables" => true, "ulogd2" => true },
|
553
|
+
cp::IPSEC => { "racoon" => true },
|
554
|
+
cp::SSH => { "openssh-server" => true },
|
555
|
+
cp::BGP => { "bird" => true },
|
556
|
+
cp::OPENVPN => { "openvpn" => true },
|
557
|
+
cp::DNS => { "bind9" => true },
|
558
|
+
cp::RADVD => { "radvd" => true },
|
559
|
+
cp::CONNTRACKD => { "conntrackd" => true, "conntrack" => true },
|
560
|
+
cp::DHCPRELAY => { "wide-dhcpv6-relay" => true, "dhcp-helper" => true }
|
561
|
+
}[component]
|
562
|
+
throw "Component with name not found #{component}" unless ret
|
563
|
+
ret
|
564
|
+
end
|
565
|
+
|
518
566
|
def commit
|
519
|
-
add(EtcNetworkIptables, etc_network_iptables.commitv4, Construqt::Resources::Rights::
|
520
|
-
add(EtcNetworkIptables, etc_network_iptables.commitv6, Construqt::Resources::Rights::
|
521
|
-
add(EtcNetworkInterfaces, etc_network_interfaces.commit, Construqt::Resources::Rights
|
522
|
-
add(EtcConntrackdConntrackd, etc_conntrackd_conntrackd.commit, Construqt::Resources::Rights::
|
567
|
+
add(EtcNetworkIptables, etc_network_iptables.commitv4, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::FW4), "etc", "network", "iptables.cfg")
|
568
|
+
add(EtcNetworkIptables, etc_network_iptables.commitv6, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::FW6), "etc", "network", "ip6tables.cfg")
|
569
|
+
add(EtcNetworkInterfaces, etc_network_interfaces.commit, Construqt::Resources::Rights.root_0644, "etc", "network", "interfaces")
|
570
|
+
add(EtcConntrackdConntrackd, etc_conntrackd_conntrackd.commit, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::CONNTRACKD), "etc", "conntrack", "conntrackd.conf")
|
523
571
|
@etc_network_vrrp.commit(self)
|
572
|
+
|
573
|
+
components = @result.values.inject({
|
574
|
+
"language-pack-en" => true,
|
575
|
+
"language-pack-de" => true,
|
576
|
+
"git" => true,
|
577
|
+
"aptitude" => true,
|
578
|
+
"traceroute" => true,
|
579
|
+
"tcpdump" => true,
|
580
|
+
"strace" => true,
|
581
|
+
"lsof" => true,
|
582
|
+
"ifstat" => true,
|
583
|
+
"mtr-tiny" => true,
|
584
|
+
"openssl" => true,
|
585
|
+
}) do |r, block|
|
586
|
+
r.merge(component_to_packages(block.right.component))
|
587
|
+
end.keys
|
524
588
|
out = [<<BASH]
|
525
589
|
#!/bin/bash
|
526
590
|
hostname=`hostname`
|
@@ -536,8 +600,7 @@ else
|
|
536
600
|
echo Configure Host #{@host.name}
|
537
601
|
fi
|
538
602
|
updates=''
|
539
|
-
for i in
|
540
|
-
bird keepalived strace iptables conntrack openssl racoon ulogd2 ifenslave conntrackd conntrack bind9
|
603
|
+
for i in #{components.join(" ")}
|
541
604
|
do
|
542
605
|
dpkg -l $i > /dev/null 2> /dev/null
|
543
606
|
if [ $? != 0 ]
|
@@ -8,24 +8,38 @@ module Construqt
|
|
8
8
|
@service = service
|
9
9
|
end
|
10
10
|
|
11
|
-
def up(ifname)
|
12
|
-
|
11
|
+
def up(ifname, inbounds, upstreams)
|
12
|
+
minus_i = (inbounds.map { |cqip| "-i #{cqip.container.interface.name}" }).join(' ')
|
13
|
+
servers = upstreams.map{ |cqip| "-s #{cqip.to_s}" }.join(' ')
|
14
|
+
#"/usr/sbin/dhcrelay -pf /run/dhcrelay-v4.#{ifname}.pid -q -4 #{minus_i} #{servers}"
|
15
|
+
"/usr/sbin/dhcp-helper #{servers} #{minus_i} -r /run/dhcp-helper-v4.#{ifname}.pid"
|
13
16
|
end
|
14
17
|
|
15
|
-
def down(ifname)
|
16
|
-
"kill `cat /run/dhcrelay-v4.#{ifname}.pid`"
|
18
|
+
def down(ifname, inbounds, upstreams)
|
19
|
+
#"kill `cat /run/dhcrelay-v4.#{ifname}.pid`"
|
20
|
+
"kill `cat /run/dhcp-helper-v4.#{ifname}.pid`"
|
17
21
|
end
|
18
22
|
|
19
|
-
def vrrp(host, ifname,
|
20
|
-
host.
|
23
|
+
def vrrp(host, ifname, vrrp)
|
24
|
+
inbounds = Construqt::Tags.find(@service.inbound_tag).select{ |cqip| cqip.container.interface.host == host && cqip.ipv4? && !cqip.container.interface.name.empty? }
|
25
|
+
return if inbounds.empty?
|
26
|
+
iface = vrrp.interfaces.find{|_| _.host == host }
|
27
|
+
return unless iface
|
28
|
+
upstreams = Construqt::Tags.find(@service.upstream_tag).select{ |cqip| cqip.ipv4? }
|
29
|
+
return if upstreams.empty?
|
30
|
+
host.result.etc_network_vrrp(vrrp.name).add_master(up(ifname, inbounds, upstreams))
|
31
|
+
.add_backup(down(ifname, inbounds, upstreams))
|
32
|
+
host.result.add_component(Construqt::Resources::Component::DHCPRELAY)
|
21
33
|
end
|
22
34
|
|
23
35
|
def interfaces(host, ifname, iface, writer)
|
24
|
-
|
25
|
-
return
|
26
|
-
|
27
|
-
|
28
|
-
writer.lines.
|
36
|
+
inbounds = Construqt::Tags.find(@service.inbound_tag).select{ |cqip| cqip.container.interface.host == host && cqip.ipv4? }
|
37
|
+
return if inbounds.empty?
|
38
|
+
upstreams = Construqt::Tags.find(@service.upstream_tag).select{ |cqip| cqip.ipv4? }
|
39
|
+
return if upstreams.empty?
|
40
|
+
writer.lines.up(up(ifname, inbounds, upstreams))
|
41
|
+
writer.lines.down(down(ifname, inbounds, upstreams))
|
42
|
+
host.result.add_component(Construqt::Resources::Component::DHCPRELAY)
|
29
43
|
end
|
30
44
|
end
|
31
45
|
|
@@ -34,28 +48,40 @@ module Construqt
|
|
34
48
|
@service = service
|
35
49
|
end
|
36
50
|
|
37
|
-
def up(
|
38
|
-
|
51
|
+
def up(ifname, inbounds, upstreams)
|
52
|
+
inbound_ifs = inbounds.map { |cqip| "#{cqip.container.interface.name}" }.join(' ')
|
53
|
+
minus_s = upstreams.map{ |cqip| "-s #{cqip}" }.join(' ')
|
54
|
+
minus_r = upstreams.map{ |cqip| "-r #{ifname}" }.join(' ')
|
55
|
+
#"/usr/sbin/dhcrelay -pf /run/dhcrelay-v6.#{ifname}.pid -q -6 #{minus_l} #{minus_o}"
|
56
|
+
"/usr/sbin/dhcp6relay -d -p /run/dhcp6relay-v6.#{ifname}.pid #{minus_s} #{minus_r} #{inbound_ifs}"
|
39
57
|
end
|
40
58
|
|
41
|
-
def down(
|
42
|
-
"kill `cat /run/dhcrelay-v6.#{ifname}.pid`"
|
59
|
+
def down(ifname, inbounds, upstreams)
|
60
|
+
#"kill `cat /run/dhcrelay-v6.#{ifname}.pid`"
|
61
|
+
"kill `cat /run/dhcp6relay-v6.#{ifname}.pid`"
|
43
62
|
end
|
44
63
|
|
45
|
-
def vrrp(host, ifname,
|
46
|
-
|
64
|
+
def vrrp(host, ifname, vrrp)
|
65
|
+
inbounds = Construqt::Tags.find(@service.inbound_tag).select{ |cqip| cqip.container.interface.host == host && cqip.ipv6? }
|
66
|
+
return if inbounds.empty?
|
67
|
+
iface = vrrp.interfaces.find{|_| _.host == host }
|
68
|
+
return unless iface
|
69
|
+
#binding.pry
|
70
|
+
upstreams = Construqt::Tags.find(@service.upstream_tag).select{ |cqip| cqip.ipv6? }
|
71
|
+
return if upstreams.empty?
|
72
|
+
host.result.etc_network_vrrp(vrrp.name).add_master(up(ifname, inbounds, upstreams))
|
73
|
+
.add_backup(down(ifname, inbounds, upstreams))
|
74
|
+
host.result.add_component(Construqt::Resources::Component::DHCPRELAY)
|
47
75
|
end
|
48
76
|
|
49
77
|
def interfaces(host, ifname, iface, writer)
|
50
|
-
|
51
|
-
return if
|
52
|
-
@service.
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
writer.lines.up(up(iface, ifname))
|
58
|
-
writer.lines.down(down(iface, ifname))
|
78
|
+
inbounds = Construqt::Tags.find(@service.inbound_tag).select{ |cqip| cqip.container.interface.host == host && cqip.ipv6? }
|
79
|
+
return if inbounds.empty?
|
80
|
+
upstreams = Construqt::Tags.find(@service.upstream_tag).select{ |cqip| cqip.ipv6? }
|
81
|
+
return if upstreams.empty?
|
82
|
+
writer.lines.up(up(ifname, inbounds, upstreams))
|
83
|
+
writer.lines.down(down(ifname, inbounds, upstreams))
|
84
|
+
host.result.add_component(Construqt::Resources::Component::DHCPRELAY)
|
59
85
|
end
|
60
86
|
end
|
61
87
|
|
@@ -82,7 +108,7 @@ module Construqt
|
|
82
108
|
return unless iface.address && iface.address.first_ipv6
|
83
109
|
writer.lines.up(up(ifname))
|
84
110
|
writer.lines.down(down(ifname))
|
85
|
-
host.result.add(self, <<RADV, Construqt::Resources::Rights::
|
111
|
+
host.result.add(self, <<RADV, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::RADVD), "etc", "network", "radvd.#{ifname}.conf")
|
86
112
|
interface #{ifname}
|
87
113
|
{
|
88
114
|
AdvManagedFlag on;
|
@@ -95,7 +121,7 @@ interface #{ifname}
|
|
95
121
|
prefix #{iface.address.first_ipv6.network.to_string}
|
96
122
|
{
|
97
123
|
AdvOnLink on;
|
98
|
-
AdvAutonomous off;
|
124
|
+
AdvAutonomous #{@service.adv_autonomous? ? "on" : "off"};
|
99
125
|
AdvRouterAddr on;
|
100
126
|
};
|
101
127
|
|
@@ -133,12 +159,34 @@ RADV
|
|
133
159
|
end
|
134
160
|
end
|
135
161
|
|
162
|
+
class RouteService
|
163
|
+
def initialize(service)
|
164
|
+
@service = service
|
165
|
+
end
|
166
|
+
|
167
|
+
def up(ifname)
|
168
|
+
"/sbin/ip route add #{@service.rt.dst.to_string} via #{@service.rt.via}"
|
169
|
+
end
|
170
|
+
|
171
|
+
def down(ifname)
|
172
|
+
"/sbin/ip route del #{@service.rt.dst.to_string} via #{@service.rt.via}"
|
173
|
+
end
|
174
|
+
|
175
|
+
def vrrp(host, ifname, iface)
|
176
|
+
host.result.etc_network_vrrp(iface.name).add_master(up(ifname)).add_backup(down(ifname))
|
177
|
+
end
|
178
|
+
|
179
|
+
def interfaces(host, ifname, iface, writer)
|
180
|
+
end
|
181
|
+
end
|
182
|
+
|
136
183
|
def self.get_renderer(service)
|
137
184
|
factory = {
|
138
185
|
Construqt::Services::DhcpV4Relay => DhcpV4Relay,
|
139
186
|
Construqt::Services::DhcpV6Relay => DhcpV6Relay,
|
140
187
|
Construqt::Services::Radvd => Radvd,
|
141
|
-
Construqt::Services::ConntrackD => ConntrackD
|
188
|
+
Construqt::Services::ConntrackD => ConntrackD,
|
189
|
+
Construqt::Flavour::Ubuntu::Vrrp::RouteService => RouteService
|
142
190
|
}
|
143
191
|
found = factory.keys.find{ |i| service.kind_of?(i) }
|
144
192
|
throw "service type unknown #{service.name} #{service.class.name}" unless found
|
@@ -8,13 +8,21 @@ module Construqt
|
|
8
8
|
end
|
9
9
|
|
10
10
|
def self.header(host)
|
11
|
-
host.result.add(self, <<GLOBAL, Construqt::Resources::Rights::
|
11
|
+
host.result.add(self, <<GLOBAL, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::VRRP), "etc", "keepalived", "keepalived.conf")
|
12
12
|
global_defs {
|
13
13
|
lvs_id #{host.name}
|
14
14
|
}
|
15
15
|
GLOBAL
|
16
16
|
end
|
17
17
|
|
18
|
+
class RouteService
|
19
|
+
attr_accessor :name, :rt
|
20
|
+
def initialize(name, rt)
|
21
|
+
self.name = name
|
22
|
+
self.rt = rt
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
18
26
|
def build_config(host, iface)
|
19
27
|
iface = iface.delegate
|
20
28
|
my_iface = iface.interfaces.find{|iface| iface.host == host }
|
@@ -26,16 +34,23 @@ GLOBAL
|
|
26
34
|
ret << " priority #{my_iface.priority}"
|
27
35
|
ret << " authentication {"
|
28
36
|
ret << " auth_type PASS"
|
29
|
-
ret << " auth_pass fw"
|
37
|
+
ret << " auth_pass #{iface.password||"fw"}"
|
30
38
|
ret << " }"
|
31
39
|
ret << " virtual_ipaddress {"
|
32
40
|
iface.address.ips.each do |ip|
|
33
41
|
ret << " #{ip.to_string} dev #{my_iface.name}"
|
34
42
|
end
|
43
|
+
iface.address.routes.each do |rt|
|
44
|
+
key = "#{iface.name}-#{rt.dst.to_string}-#{rt.via}"
|
45
|
+
next if iface.services.find{ |i| i.name == key }
|
46
|
+
iface.services << RouteService.new(key, rt)
|
47
|
+
end
|
48
|
+
|
35
49
|
|
36
50
|
ret << " }"
|
37
51
|
if iface.services && !iface.services.empty?
|
38
52
|
ret << " notify /etc/network/vrrp.#{iface.name}.sh"
|
53
|
+
ret << " notify_stop /etc/network/vrrp.#{iface.name}.stop.sh"
|
39
54
|
writer = host.result.etc_network_interfaces.get(iface)
|
40
55
|
iface.services.each do |service|
|
41
56
|
Services.get_renderer(service).interfaces(host, my_iface.name, my_iface, writer)
|
@@ -44,7 +59,7 @@ GLOBAL
|
|
44
59
|
end
|
45
60
|
|
46
61
|
ret << "}"
|
47
|
-
host.result.add(self, ret.join("\n"), Construqt::Resources::Rights::
|
62
|
+
host.result.add(self, ret.join("\n"), Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::VRRP), "etc", "keepalived", "keepalived.conf")
|
48
63
|
end
|
49
64
|
end
|
50
65
|
end
|
data/lib/construqt/interfaces.rb
CHANGED
@@ -32,6 +32,8 @@ module Construqt
|
|
32
32
|
# binding.pry
|
33
33
|
cfg['clazz'] ||= "device"
|
34
34
|
cfg['address'] ||= nil
|
35
|
+
cfg['firewalls'] ||= []
|
36
|
+
cfg['firewalls'] = cfg['firewalls'].map{|i| i.kind_of?(String) ? Construqt::Firewalls.find(i) : i }
|
35
37
|
(dev_name, iface) = Construqt::Tags.add(dev_name) { |name| host.flavour.create_interface(name, cfg) }
|
36
38
|
# iface.clazz.attach = iface
|
37
39
|
host.interfaces[dev_name] = iface
|
@@ -97,18 +99,23 @@ module Construqt
|
|
97
99
|
def add_vrrp(name, cfg)
|
98
100
|
nets = {}
|
99
101
|
cfg['address'].ips.each do |adr|
|
100
|
-
|
102
|
+
if adr.ipv4? && adr.prefix != 32
|
103
|
+
unless cfg['address'].routes.find{ |rt| adr.include?(rt.via) }
|
104
|
+
throw "only host ip's are allowed #{adr.to_s} with prefix != 32 or route"
|
105
|
+
end
|
106
|
+
end
|
101
107
|
throw "only host ip's are allowed #{adr.to_s}" if adr.ipv6? && adr.prefix != 128
|
102
108
|
nets[adr.network.to_s] = true
|
103
109
|
end
|
104
110
|
|
105
111
|
cfg['interfaces'].each do |interface|
|
106
|
-
throw "interface need priority #{interface}" unless interface.priority
|
112
|
+
throw "interface need priority #{interface.name}" unless interface.priority
|
107
113
|
throw "interface not found:#{name}" unless interface
|
108
114
|
cfg['clazz'] = "vrrp"
|
109
115
|
cfg['interface'] = interface
|
110
116
|
throw "vrrp interface does not have within the same network" if nets.length == interface.address.ips.select { |adr| nets[adr.network.to_s] }.length
|
111
117
|
dev = add_device(interface.host, name, cfg)
|
118
|
+
# interface.firewalls.push(*(dev.firewalls || []))
|
112
119
|
interface.vrrp = dev
|
113
120
|
dev.address.interface = nil
|
114
121
|
dev.address.host = nil
|
@@ -128,16 +135,28 @@ module Construqt
|
|
128
135
|
dev
|
129
136
|
end
|
130
137
|
|
131
|
-
def
|
138
|
+
def _find(host_or_name, iface_name)
|
132
139
|
if host_or_name.kind_of?(String)
|
133
140
|
host = @region.hosts.find(host_or_name)
|
134
|
-
|
141
|
+
return [nil, nil] unless host
|
135
142
|
else
|
136
143
|
host = host_or_name
|
137
144
|
end
|
138
|
-
|
139
145
|
iface = host.interfaces[iface_name]
|
140
|
-
|
146
|
+
return [host, nil] unless iface
|
147
|
+
[host, iface]
|
148
|
+
end
|
149
|
+
|
150
|
+
def find!(host_or_name, iface_name)
|
151
|
+
(host, iface) = _find(host_or_name, iface_name)
|
152
|
+
return nil if host.nil? || iface.nil?
|
153
|
+
iface
|
154
|
+
end
|
155
|
+
|
156
|
+
def find(host_or_name, iface_name)
|
157
|
+
(host, iface) = _find(host_or_name, iface_name)
|
158
|
+
throw "host not found #{host_or_name}" if host.nil?
|
159
|
+
throw "interface not found for #{iface_name}:#{host.name}" if iface.nil?
|
141
160
|
iface
|
142
161
|
end
|
143
162
|
|
data/lib/construqt/ipsecs.rb
CHANGED
@@ -34,6 +34,7 @@ module Construqt
|
|
34
34
|
add_connection(cfg, 'left', 'right', Util.add_gre_prefix(cfg['right']['host'].name))
|
35
35
|
add_connection(cfg, 'right', 'left', Util.add_gre_prefix(cfg['left'].host.name))
|
36
36
|
cfg['name'] = name
|
37
|
+
cfg['transport_family'] ||= Construqt::Addresses::IPV6
|
37
38
|
cfg = @ipsecs[name] = Ipsec.new(cfg)
|
38
39
|
cfg.left.other = cfg.right
|
39
40
|
cfg.left.cfg = cfg
|
@@ -47,14 +48,15 @@ module Construqt
|
|
47
48
|
cfg.left.interface = cfg.left.my.host.region.interfaces.add_gre(cfg.left.my.host, cfg.left.other.host.name,
|
48
49
|
"address" => cfg.left.my,
|
49
50
|
"local" => cfg.left.remote,
|
50
|
-
"remote" => cfg.right.remote
|
51
|
+
"remote" => cfg.right.remote,
|
52
|
+
"ipsec" => cfg
|
51
53
|
)
|
52
54
|
cfg.right.interface = cfg.left.my.host.region.interfaces.add_gre(cfg.right.my.host, cfg.right.other.host.name,
|
53
55
|
"address" => cfg.right.my,
|
54
56
|
"local" => cfg.right.remote,
|
55
|
-
"remote" => cfg.left.remote
|
57
|
+
"remote" => cfg.left.remote,
|
58
|
+
"ipsec" => cfg
|
56
59
|
)
|
57
|
-
#binding.pry
|
58
60
|
cfg
|
59
61
|
end
|
60
62
|
|
@@ -0,0 +1,51 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
module Construqt
|
4
|
+
|
5
|
+
class Racks
|
6
|
+
|
7
|
+
attr_reader :region, :racks
|
8
|
+
def initialize(region)
|
9
|
+
@region = region
|
10
|
+
@racks = {}
|
11
|
+
end
|
12
|
+
|
13
|
+
class Rack
|
14
|
+
attr_accessor :total_high
|
15
|
+
attr_accessor :location
|
16
|
+
attr_accessor :name
|
17
|
+
attr_accessor :description
|
18
|
+
attr_accessor :pin
|
19
|
+
def initialize(name)
|
20
|
+
@name = name
|
21
|
+
@entries = {}
|
22
|
+
end
|
23
|
+
def add_entry(positions, key)
|
24
|
+
if /[^0-9]+/.match(position.to_s) && 0 <= position.to_i && position.to_i <= total_high.to_i
|
25
|
+
throw "position must be between 0 <= #{total_high} #{position}"
|
26
|
+
end
|
27
|
+
@entries[position] ||= {}
|
28
|
+
throw "entry with key exists #{key} in Rack #{name}" if @entries[position][key]
|
29
|
+
entry = Entry.new(key, self)
|
30
|
+
@entries[position][key] = entry
|
31
|
+
entry
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
|
36
|
+
def add_rack(name)
|
37
|
+
throw "Rack with name exist #{name}" if @racks[name]
|
38
|
+
rack = Rack.new(name)
|
39
|
+
@racks[name] = rack
|
40
|
+
rack
|
41
|
+
end
|
42
|
+
|
43
|
+
def find_rack(name)
|
44
|
+
throw "Rack with name does not exist #{name}" unless @racks[name]
|
45
|
+
@racks[name]
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
|
data/lib/construqt/resource.rb
CHANGED
@@ -1,9 +1,31 @@
|
|
1
1
|
module Construqt
|
2
2
|
class Resources
|
3
|
+
module Component
|
4
|
+
UNREF = :unref
|
5
|
+
NTP = :ntp
|
6
|
+
USB_MODESWITCH = :usb_modeswitch
|
7
|
+
VRRP = :vrrp
|
8
|
+
FW4 = :fw4
|
9
|
+
FW6 = :fw6
|
10
|
+
IPSEC = :ipsec
|
11
|
+
SSH = :ssh
|
12
|
+
BGP = :bgp
|
13
|
+
OPENVPN = :openvpn
|
14
|
+
DNS = :dns
|
15
|
+
RADVD = :radvd
|
16
|
+
CONNTRACKD = :conntrackd
|
17
|
+
DHCPRELAY = :dhcprelay
|
18
|
+
end
|
3
19
|
module Rights
|
4
|
-
|
5
|
-
|
6
|
-
|
20
|
+
def self.root_0600(component = Component::UNREF)
|
21
|
+
OpenStruct.new :right => "0600", :owner => 'root', :component => component
|
22
|
+
end
|
23
|
+
def self.root_0644(component = Component::UNREF)
|
24
|
+
OpenStruct.new :right => "0644", :owner => 'root', :component => component
|
25
|
+
end
|
26
|
+
def self.root_0755(component = Component::UNREF)
|
27
|
+
OpenStruct.new :right => "0755", :owner => 'root', :component => component
|
28
|
+
end
|
7
29
|
end
|
8
30
|
|
9
31
|
class Resource
|
data/lib/construqt/reverse.rb
CHANGED
@@ -21,6 +21,7 @@ def render_iface(ifaces, routes)
|
|
21
21
|
ifaces.interfaces.map do |iface|
|
22
22
|
next [] if iface.name == 'lo'
|
23
23
|
next [] if iface.ips.empty?
|
24
|
+
#binding.pry
|
24
25
|
out = <<RUBY
|
25
26
|
region.interfaces.add_device(host, "#{iface.name}", "mtu" => 1500,
|
26
27
|
'mac_address' => #{iface.mac_address},
|
data/lib/construqt/services.rb
CHANGED
@@ -8,42 +8,28 @@ module Construqt
|
|
8
8
|
end
|
9
9
|
|
10
10
|
class DhcpV4Relay
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
ip = IPAddress.parse(ip)
|
18
|
-
throw "ip must be a v4 address" unless ip.ipv4?
|
19
|
-
self.servers << ip
|
20
|
-
self
|
11
|
+
attr_reader :name, :inbound_tag, :upstream_tag
|
12
|
+
attr_accessor :services
|
13
|
+
def initialize(name, inbound_tag, upstream_tag)
|
14
|
+
@name = name
|
15
|
+
@inbound_tag = inbound_tag
|
16
|
+
@upstream_tag = upstream_tag
|
21
17
|
end
|
22
18
|
end
|
23
19
|
class DhcpV6Relay
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
attr_accessor :ip, :iface
|
31
|
-
end
|
32
|
-
def add_server(name)
|
33
|
-
(ip, iface) = name.split("%")
|
34
|
-
throw "ip not set #{name}" unless ip
|
35
|
-
ip = IPAddress.parse(ip)
|
36
|
-
throw "ip must be a v6 address" unless ip.ipv6?
|
37
|
-
throw "iface not set #{name}" if iface.nil? || iface.empty?
|
38
|
-
server = Server.new
|
39
|
-
server.ip = ip
|
40
|
-
server.iface = iface
|
41
|
-
self.servers << server
|
42
|
-
self
|
20
|
+
attr_reader :name, :inbound_tag, :upstream_tag
|
21
|
+
attr_accessor :services
|
22
|
+
def initialize(name, inbound_tag, upstream_tag)
|
23
|
+
@name = name
|
24
|
+
@inbound_tag = inbound_tag
|
25
|
+
@upstream_tag = upstream_tag
|
43
26
|
end
|
44
27
|
end
|
28
|
+
|
45
29
|
class Radvd
|
30
|
+
include Construqt::Util::Chainable
|
46
31
|
attr_accessor :servers, :name, :services
|
32
|
+
chainable_attr :adv_autonomous
|
47
33
|
def initialize(name)
|
48
34
|
self.name = name
|
49
35
|
end
|