construqt 0.0.5 → 0.0.6

data/lib/construqt/flavour/ubuntu/flavour_ubuntu_result.rb

@@ -225,8 +225,8 @@ OTHER
         class Entry
           class Header
             MODE_MANUAL = :manual
-            MODE_DHCP = :dhcp
             MODE_LOOPBACK = :loopback
+            MODE_DHCP = :dhcp
             PROTO_INET6 = :inet6
             PROTO_INET4 = :inet
             AUTO = :auto
@@ -235,6 +235,16 @@ OTHER
               self
             end
 
+            def dhcpv4
+              @mode = MODE_DHCP
+              self
+            end
+
+            def dhcpv6
+              @dhcpv6 = true
+              self
+            end
+
             def protocol(protocol)
               @protocol = protocol
               self
@@ -263,9 +273,11 @@ OTHER
 
             def commit
               return "" if @entry.skip_interfaces?
+              ipv6_dhcp = "iface #{get_interface_name} inet6 dhcp" if @dhcpv6
               out = <<OUT
 # #{@entry.iface.clazz}
 #{@auto ? "auto #{get_interface_name}" : ""}
+#{ipv6_dhcp||""}
 iface #{get_interface_name} #{@protocol.to_s} #{@mode.to_s}
   up   /bin/bash /etc/network/#{get_interface_name}-up.iface
   down /bin/bash /etc/network/#{get_interface_name}-down.iface
@@ -293,19 +305,19 @@ OUT
               @lines += block.each_line.map{|i| i.strip }.select{|i| !i.empty? }
             end
 
-            def write_s(direction, blocks)
-              @entry.result.add(self.class, <<BLOCK, Construqt::Resources::Rights::ROOT_0755, "etc", "network", "#{@entry.header.get_interface_name}-#{direction}.iface")
+            def write_s(component, direction, blocks)
+              @entry.result.add(self.class, <<BLOCK, Construqt::Resources::Rights.root_0755(component), "etc", "network", "#{@entry.header.get_interface_name}-#{direction}.iface")
 #!/bin/bash
 exec > >(logger -t "#{@entry.header.get_interface_name}-#{direction}") 2>&1
 #{blocks.join("\n")}
-iptables-restore < /etc/network/iptables.cfg
-ip6tables-restore < /etc/network/ip6tables.cfg
 BLOCK
+#iptables-restore < /etc/network/iptables.cfg
+#ip6tables-restore < /etc/network/ip6tables.cfg
             end
 
             def commit
-              write_s("up", @ups)
-              write_s("down", @downs)
+              write_s(@entry.iface.class.name, "up", @ups)
+              write_s(@entry.iface.class.name, "down", @downs)
               sections = @lines.inject({}) {|r, line| key = line.split(/\s+/).first; r[key] ||= []; r[key] << line; r }
               sections.keys.sort.map do |key|
                 if sections[key]
@@ -429,7 +441,12 @@ BLOCK
         def commit(result)
           @interfaces.keys.sort.each do |ifname|
             vrrp = @interfaces[ifname]
-            result.add(self, <<VRRP, Construqt::Resources::Rights::ROOT_0755, "etc", "network", "vrrp.#{ifname}.sh")
+            result.add(self, <<VRRP, Construqt::Resources::Rights.root_0755(Construqt::Resources::Component::VRRP), "etc", "network", "vrrp.#{ifname}.stop.sh")
+#!/bin/bash
+#{vrrp.render_backups}
+exit 0
+VRRP
+            result.add(self, <<VRRP, Construqt::Resources::Rights.root_0755(Construqt::Resources::Component::VRRP), "etc", "network", "vrrp.#{ifname}.sh")
 #!/bin/bash
 
 TYPE=$1
@@ -473,6 +490,10 @@ VRRP
           @host
         end
 
+        def add_component(component)
+          @result[component] ||= ArrayWithRight.new(Construqt::Resources::Rights.root_0644(component))
+        end
+
         def empty?(name)
           not @result[name]
         end
@@ -515,12 +536,55 @@ VRRP
           '/'+File.dirname(fname)+"/.#{File.basename(fname)}.import"
         end
 
+        def component_to_packages(component)
+          cp = Construqt::Resources::Component
+          ret = {
+            cp::UNREF => {},
+            "Construqt::Flavour::DeviceDelegate" => {},
+            "Construqt::Flavour::Ubuntu::Bond" => { "ifenslave" => true },
+            "Construqt::Flavour::VlanDelegate" => { "vlan" => true },
+            "Construqt::Flavour::Ubuntu::Gre" => { },
+            "Construqt::Flavour::BridgeDelegate" => { "bridge-utils" => true },
+            cp::NTP => { "ntpd" => true},
+            cp::USB_MODESWITCH => { "usb-modeswitch" => true, "usb-modeswitch-data" => true },
+            cp::VRRP => { "keepalived" => true },
+            cp::FW4 => { "iptables" => true, "ulogd2" => true },
+            cp::FW6 => { "iptables" => true, "ulogd2" => true },
+            cp::IPSEC => { "racoon" => true },
+            cp::SSH => { "openssh-server" => true },
+            cp::BGP => { "bird" => true },
+            cp::OPENVPN => { "openvpn" => true },
+            cp::DNS => { "bind9" => true },
+            cp::RADVD => { "radvd" => true },
+            cp::CONNTRACKD => { "conntrackd" => true, "conntrack" => true },
+            cp::DHCPRELAY => { "wide-dhcpv6-relay" => true, "dhcp-helper" => true }
+          }[component]
+          throw "Component with name not found #{component}" unless ret
+          ret
+        end
+
         def commit
-          add(EtcNetworkIptables, etc_network_iptables.commitv4, Construqt::Resources::Rights::ROOT_0644, "etc", "network", "iptables.cfg")
-          add(EtcNetworkIptables, etc_network_iptables.commitv6, Construqt::Resources::Rights::ROOT_0644, "etc", "network", "ip6tables.cfg")
-          add(EtcNetworkInterfaces, etc_network_interfaces.commit, Construqt::Resources::Rights::ROOT_0644, "etc", "network", "interfaces")
-          add(EtcConntrackdConntrackd, etc_conntrackd_conntrackd.commit, Construqt::Resources::Rights::ROOT_0644, "etc", "conntrack", "conntrackd.conf")
+          add(EtcNetworkIptables, etc_network_iptables.commitv4, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::FW4), "etc", "network", "iptables.cfg")
+          add(EtcNetworkIptables, etc_network_iptables.commitv6, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::FW6), "etc", "network", "ip6tables.cfg")
+          add(EtcNetworkInterfaces, etc_network_interfaces.commit, Construqt::Resources::Rights.root_0644, "etc", "network", "interfaces")
+          add(EtcConntrackdConntrackd, etc_conntrackd_conntrackd.commit, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::CONNTRACKD), "etc", "conntrack", "conntrackd.conf")
           @etc_network_vrrp.commit(self)
+
+          components = @result.values.inject({
+            "language-pack-en" => true,
+            "language-pack-de" => true,
+            "git" => true,
+            "aptitude" => true,
+            "traceroute" => true,
+            "tcpdump" => true,
+            "strace" => true,
+            "lsof" => true,
+            "ifstat" => true,
+            "mtr-tiny" => true,
+            "openssl" => true,
+          }) do |r, block|
+            r.merge(component_to_packages(block.right.component))
+          end.keys
           out = [<<BASH]
 #!/bin/bash
 hostname=`hostname`
@@ -536,8 +600,7 @@ else
  echo Configure Host #{@host.name}
 fi
 updates=''
-for i in language-pack-en language-pack-de git aptitude traceroute vlan bridge-utils tcpdump mtr-tiny \\
-bird keepalived strace iptables conntrack openssl racoon ulogd2 ifenslave conntrackd conntrack bind9
+for i in #{components.join(" ")}
 do
  dpkg -l $i > /dev/null 2> /dev/null
  if [ $? != 0 ]

data/lib/construqt/flavour/ubuntu/flavour_ubuntu_services.rb

@@ -8,24 +8,38 @@ module Construqt
             @service = service
           end
 
-          def up(ifname)
-            "/usr/sbin/dhcrelay -pf /run/dhcrelay-v4.#{ifname}.pid -q -4 -i #{ifname} #{@service.servers.map{|i| i.to_s}.join(' ')}"
+          def up(ifname, inbounds, upstreams)
+            minus_i = (inbounds.map { |cqip| "-i #{cqip.container.interface.name}" }).join(' ')
+            servers = upstreams.map{ |cqip| "-s #{cqip.to_s}" }.join(' ')
+            #"/usr/sbin/dhcrelay -pf /run/dhcrelay-v4.#{ifname}.pid -q -4 #{minus_i} #{servers}"
+            "/usr/sbin/dhcp-helper #{servers} #{minus_i} -r /run/dhcp-helper-v4.#{ifname}.pid"
           end
 
-          def down(ifname)
-            "kill `cat /run/dhcrelay-v4.#{ifname}.pid`"
+          def down(ifname, inbounds, upstreams)
+            #"kill `cat /run/dhcrelay-v4.#{ifname}.pid`"
+            "kill `cat /run/dhcp-helper-v4.#{ifname}.pid`"
           end
 
-          def vrrp(host, ifname, iface)
-            host.result.etc_network_vrrp(iface.name).add_master(up(ifname)).add_backup(down(ifname))
+          def vrrp(host, ifname, vrrp)
+            inbounds = Construqt::Tags.find(@service.inbound_tag).select{ |cqip| cqip.container.interface.host == host && cqip.ipv4? && !cqip.container.interface.name.empty? }
+            return if inbounds.empty?
+            iface = vrrp.interfaces.find{|_| _.host == host }
+            return unless iface
+            upstreams = Construqt::Tags.find(@service.upstream_tag).select{ |cqip| cqip.ipv4? }
+            return if upstreams.empty?
+            host.result.etc_network_vrrp(vrrp.name).add_master(up(ifname, inbounds, upstreams))
+                                                    .add_backup(down(ifname, inbounds, upstreams))
+            host.result.add_component(Construqt::Resources::Component::DHCPRELAY)
           end
 
           def interfaces(host, ifname, iface, writer)
-            #binding.pry
-            return unless iface.address && iface.address.first_ipv4
-            return if @service.servers.empty?
-            writer.lines.up(up(ifname))
-            writer.lines.down(down(ifname))
+            inbounds = Construqt::Tags.find(@service.inbound_tag).select{ |cqip| cqip.container.interface.host == host && cqip.ipv4? }
+            return if inbounds.empty?
+            upstreams = Construqt::Tags.find(@service.upstream_tag).select{ |cqip| cqip.ipv4? }
+            return if upstreams.empty?
+            writer.lines.up(up(ifname, inbounds, upstreams))
+            writer.lines.down(down(ifname, inbounds, upstreams))
+            host.result.add_component(Construqt::Resources::Component::DHCPRELAY)
           end
         end
 
@@ -34,28 +48,40 @@ module Construqt
             @service = service
           end
 
-          def up(iface, ifname)
-            "/usr/sbin/dhcrelay -pf /run/dhcrelay-v6.#{ifname}.pid -q -6 -l #{iface.address.first_ipv6.to_s}%#{ifname} #{@service.servers.map{|i| "-u #{i.ip}%#{i.iface}" }.join(' ')}"
+          def up(ifname, inbounds, upstreams)
+            inbound_ifs = inbounds.map { |cqip| "#{cqip.container.interface.name}" }.join(' ')
+            minus_s = upstreams.map{ |cqip| "-s #{cqip}" }.join(' ')
+            minus_r = upstreams.map{ |cqip| "-r #{ifname}" }.join(' ')
+            #"/usr/sbin/dhcrelay -pf /run/dhcrelay-v6.#{ifname}.pid -q -6 #{minus_l} #{minus_o}"
+            "/usr/sbin/dhcp6relay -d -p /run/dhcp6relay-v6.#{ifname}.pid #{minus_s} #{minus_r} #{inbound_ifs}"
           end
 
-          def down(iface, ifname)
-            "kill `cat /run/dhcrelay-v6.#{ifname}.pid`"
+          def down(ifname, inbounds, upstreams)
+            #"kill `cat /run/dhcrelay-v6.#{ifname}.pid`"
+            "kill `cat /run/dhcp6relay-v6.#{ifname}.pid`"
           end
 
-          def vrrp(host, ifname, iface)
-            host.result.etc_network_vrrp(iface.name).add_master(up(iface, ifname)).add_backup(down(iface, ifname))
+          def vrrp(host, ifname, vrrp)
+            inbounds = Construqt::Tags.find(@service.inbound_tag).select{ |cqip| cqip.container.interface.host == host && cqip.ipv6? }
+            return if inbounds.empty?
+            iface = vrrp.interfaces.find{|_| _.host == host }
+            return unless iface
+            #binding.pry
+            upstreams = Construqt::Tags.find(@service.upstream_tag).select{ |cqip| cqip.ipv6? }
+            return if upstreams.empty?
+            host.result.etc_network_vrrp(vrrp.name).add_master(up(ifname, inbounds, upstreams))
+                                                    .add_backup(down(ifname, inbounds, upstreams))
+            host.result.add_component(Construqt::Resources::Component::DHCPRELAY)
           end
 
           def interfaces(host, ifname, iface, writer)
-            return unless iface.address && iface.address.first_ipv6
-            return if @service.servers.empty?
-            @service.servers.each do |server|
-              unless @service.services.region.interfaces.find(host, server.iface)
-                throw "DhcpV6Relay interface with name #{service.iface} not found on #{host.name}"
-              end
-            end
-            writer.lines.up(up(iface, ifname))
-            writer.lines.down(down(iface, ifname))
+            inbounds = Construqt::Tags.find(@service.inbound_tag).select{ |cqip| cqip.container.interface.host == host && cqip.ipv6? }
+            return if inbounds.empty?
+            upstreams = Construqt::Tags.find(@service.upstream_tag).select{ |cqip| cqip.ipv6? }
+            return if upstreams.empty?
+            writer.lines.up(up(ifname, inbounds, upstreams))
+            writer.lines.down(down(ifname, inbounds, upstreams))
+            host.result.add_component(Construqt::Resources::Component::DHCPRELAY)
           end
         end
 
@@ -82,7 +108,7 @@ module Construqt
             return unless iface.address && iface.address.first_ipv6
             writer.lines.up(up(ifname))
             writer.lines.down(down(ifname))
-            host.result.add(self, <<RADV, Construqt::Resources::Rights::ROOT_0644, "etc", "network", "radvd.#{ifname}.conf")
+            host.result.add(self, <<RADV, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::RADVD), "etc", "network", "radvd.#{ifname}.conf")
 interface #{ifname}
 {
         AdvManagedFlag on;
@@ -95,7 +121,7 @@ interface #{ifname}
         prefix #{iface.address.first_ipv6.network.to_string}
         {
                 AdvOnLink on;
-                AdvAutonomous off;
+                AdvAutonomous #{@service.adv_autonomous? ? "on" : "off"};
                 AdvRouterAddr on;
         };
 
@@ -133,12 +159,34 @@ RADV
           end
         end
 
+        class RouteService
+          def initialize(service)
+            @service = service
+          end
+
+          def up(ifname)
+            "/sbin/ip route add #{@service.rt.dst.to_string} via #{@service.rt.via}"
+          end
+
+          def down(ifname)
+            "/sbin/ip route del #{@service.rt.dst.to_string} via #{@service.rt.via}"
+          end
+
+          def vrrp(host, ifname, iface)
+            host.result.etc_network_vrrp(iface.name).add_master(up(ifname)).add_backup(down(ifname))
+          end
+
+          def interfaces(host, ifname, iface, writer)
+          end
+        end
+
         def self.get_renderer(service)
           factory = {
             Construqt::Services::DhcpV4Relay => DhcpV4Relay,
             Construqt::Services::DhcpV6Relay => DhcpV6Relay,
             Construqt::Services::Radvd => Radvd,
-            Construqt::Services::ConntrackD => ConntrackD
+            Construqt::Services::ConntrackD => ConntrackD,
+            Construqt::Flavour::Ubuntu::Vrrp::RouteService => RouteService
           }
           found = factory.keys.find{ |i| service.kind_of?(i) }
           throw "service type unknown #{service.name} #{service.class.name}" unless found

data/lib/construqt/flavour/ubuntu/flavour_ubuntu_vrrp.rb

@@ -8,13 +8,21 @@ module Construqt
         end
 
         def self.header(host)
-          host.result.add(self, <<GLOBAL, Construqt::Resources::Rights::ROOT_0644, "etc", "keepalived", "keepalived.conf")
+          host.result.add(self, <<GLOBAL, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::VRRP), "etc", "keepalived", "keepalived.conf")
 global_defs {
   lvs_id #{host.name}
 }
 GLOBAL
         end
 
+        class RouteService
+          attr_accessor :name, :rt
+          def initialize(name, rt)
+            self.name = name
+            self.rt = rt
+          end
+        end
+
         def build_config(host, iface)
           iface = iface.delegate
           my_iface = iface.interfaces.find{|iface| iface.host == host }
@@ -26,16 +34,23 @@ GLOBAL
           ret << "  priority #{my_iface.priority}"
           ret << "  authentication {"
           ret << "        auth_type PASS"
-          ret << "        auth_pass fw"
+          ret << "        auth_pass #{iface.password||"fw"}"
           ret << "  }"
           ret << "  virtual_ipaddress {"
           iface.address.ips.each do |ip|
             ret << "    #{ip.to_string} dev #{my_iface.name}"
           end
+          iface.address.routes.each do |rt|
+            key = "#{iface.name}-#{rt.dst.to_string}-#{rt.via}"
+            next if iface.services.find{ |i| i.name == key }
+            iface.services << RouteService.new(key, rt)
+          end
+
 
           ret << "  }"
           if iface.services && !iface.services.empty?
             ret << "  notify /etc/network/vrrp.#{iface.name}.sh"
+            ret << "  notify_stop /etc/network/vrrp.#{iface.name}.stop.sh"
             writer = host.result.etc_network_interfaces.get(iface)
             iface.services.each do |service|
               Services.get_renderer(service).interfaces(host, my_iface.name, my_iface, writer)
@@ -44,7 +59,7 @@ GLOBAL
           end
 
           ret << "}"
-          host.result.add(self, ret.join("\n"), Construqt::Resources::Rights::ROOT_0644, "etc", "keepalived", "keepalived.conf")
+          host.result.add(self, ret.join("\n"), Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::VRRP), "etc", "keepalived", "keepalived.conf")
         end
       end
     end

data/lib/construqt/interfaces.rb

@@ -32,6 +32,8 @@ module Construqt
       #    binding.pry
       cfg['clazz'] ||= "device"
       cfg['address'] ||= nil
+      cfg['firewalls'] ||= []
+      cfg['firewalls'] = cfg['firewalls'].map{|i| i.kind_of?(String) ? Construqt::Firewalls.find(i) : i }
       (dev_name, iface) = Construqt::Tags.add(dev_name) { |name| host.flavour.create_interface(name, cfg) }
       #    iface.clazz.attach = iface
       host.interfaces[dev_name] = iface
@@ -97,18 +99,23 @@ module Construqt
     def add_vrrp(name, cfg)
       nets = {}
       cfg['address'].ips.each do |adr|
-        throw "only host ip's are allowed #{adr.to_s}" if adr.ipv4? && adr.prefix != 32
+        if adr.ipv4? && adr.prefix != 32
+          unless cfg['address'].routes.find{ |rt| adr.include?(rt.via) }
+            throw "only host ip's are allowed #{adr.to_s} with prefix != 32 or route"
+          end
+        end
         throw "only host ip's are allowed #{adr.to_s}" if adr.ipv6? && adr.prefix != 128
         nets[adr.network.to_s] = true
       end
 
       cfg['interfaces'].each do |interface|
-        throw "interface need priority #{interface}" unless interface.priority
+        throw "interface need priority #{interface.name}" unless interface.priority
         throw "interface not found:#{name}" unless interface
         cfg['clazz'] = "vrrp"
         cfg['interface'] = interface
         throw "vrrp interface does not have within the same network" if nets.length == interface.address.ips.select { |adr| nets[adr.network.to_s] }.length
         dev = add_device(interface.host, name, cfg)
+#        interface.firewalls.push(*(dev.firewalls || []))
         interface.vrrp = dev
         dev.address.interface = nil
         dev.address.host = nil
@@ -128,16 +135,28 @@ module Construqt
       dev
     end
 
-    def find(host_or_name, iface_name)
+    def _find(host_or_name, iface_name)
       if host_or_name.kind_of?(String)
         host = @region.hosts.find(host_or_name)
-        throw "host not found #{host_or_name}" unless host
+        return [nil, nil] unless host
       else
         host = host_or_name
       end
-
       iface = host.interfaces[iface_name]
-      throw "interface not found for #{iface_name}:#{host.name}" unless iface
+      return [host, nil] unless iface
+      [host, iface]
+    end
+
+    def find!(host_or_name, iface_name)
+      (host, iface) = _find(host_or_name, iface_name)
+      return nil if host.nil? || iface.nil?
+      iface
+    end
+
+    def find(host_or_name, iface_name)
+      (host, iface) = _find(host_or_name, iface_name)
+      throw "host not found #{host_or_name}" if host.nil?
+      throw "interface not found for #{iface_name}:#{host.name}" if iface.nil?
       iface
     end
 

data/lib/construqt/ipsecs.rb

@@ -34,6 +34,7 @@ module Construqt
       add_connection(cfg, 'left', 'right', Util.add_gre_prefix(cfg['right']['host'].name))
       add_connection(cfg, 'right', 'left', Util.add_gre_prefix(cfg['left'].host.name))
       cfg['name'] = name
+      cfg['transport_family'] ||= Construqt::Addresses::IPV6
       cfg = @ipsecs[name] = Ipsec.new(cfg)
       cfg.left.other = cfg.right
       cfg.left.cfg = cfg
@@ -47,14 +48,15 @@ module Construqt
       cfg.left.interface = cfg.left.my.host.region.interfaces.add_gre(cfg.left.my.host, cfg.left.other.host.name,
                                                                       "address" => cfg.left.my,
                                                                       "local" => cfg.left.remote,
-                                                                      "remote" => cfg.right.remote
+                                                                      "remote" => cfg.right.remote,
+                                                                      "ipsec" => cfg
                                                                      )
       cfg.right.interface = cfg.left.my.host.region.interfaces.add_gre(cfg.right.my.host, cfg.right.other.host.name,
                                                                        "address" => cfg.right.my,
                                                                        "local" => cfg.right.remote,
-                                                                       "remote" => cfg.left.remote
+                                                                       "remote" => cfg.left.remote,
+                                                                       "ipsec" => cfg
                                                                       )
-      #binding.pry
       cfg
     end
 

data/lib/construqt/rack.rb

@@ -0,0 +1,51 @@
+
+
+module Construqt
+
+  class Racks
+
+    attr_reader :region, :racks
+    def initialize(region)
+      @region = region
+      @racks = {}
+    end
+
+    class Rack
+      attr_accessor :total_high
+      attr_accessor :location
+      attr_accessor :name
+      attr_accessor :description
+      attr_accessor :pin
+      def initialize(name)
+        @name = name
+        @entries = {}
+      end
+      def add_entry(positions, key)
+        if /[^0-9]+/.match(position.to_s) && 0 <= position.to_i && position.to_i <= total_high.to_i
+          throw "position must be between 0 <= #{total_high} #{position}"
+        end
+        @entries[position] ||= {}
+        throw "entry with key exists #{key} in Rack #{name}" if @entries[position][key]
+        entry = Entry.new(key, self)
+        @entries[position][key] = entry
+        entry
+      end
+
+    end
+
+    def add_rack(name)
+      throw "Rack with name exist #{name}" if @racks[name]
+      rack = Rack.new(name)
+      @racks[name] = rack
+      rack
+    end
+
+    def find_rack(name)
+      throw "Rack with name does not exist #{name}" unless @racks[name]
+      @racks[name]
+    end
+
+  end
+
+end
+

data/lib/construqt/resource.rb

@@ -1,9 +1,31 @@
 module Construqt
   class Resources
+    module Component
+      UNREF = :unref
+      NTP = :ntp
+      USB_MODESWITCH = :usb_modeswitch
+      VRRP = :vrrp
+      FW4 = :fw4
+      FW6 = :fw6
+      IPSEC = :ipsec
+      SSH = :ssh
+      BGP = :bgp
+      OPENVPN = :openvpn
+      DNS = :dns
+      RADVD = :radvd
+      CONNTRACKD = :conntrackd
+      DHCPRELAY = :dhcprelay
+    end
     module Rights
-      ROOT_0600 = OpenStruct.new :right => "0600", :owner => 'root'
-      ROOT_0644 = OpenStruct.new :right => "0644", :owner => 'root'
-      ROOT_0755 = OpenStruct.new :right => "0755", :owner => 'root'
+      def self.root_0600(component = Component::UNREF)
+        OpenStruct.new :right => "0600", :owner => 'root', :component => component
+      end
+      def self.root_0644(component = Component::UNREF)
+        OpenStruct.new :right => "0644", :owner => 'root', :component => component
+      end
+      def self.root_0755(component = Component::UNREF)
+        OpenStruct.new :right => "0755", :owner => 'root', :component => component
+      end
     end
 
     class Resource

data/lib/construqt/reverse.rb

@@ -21,6 +21,7 @@ def render_iface(ifaces, routes)
   ifaces.interfaces.map do |iface|
     next [] if iface.name == 'lo'
     next [] if iface.ips.empty?
+    #binding.pry
     out = <<RUBY
   region.interfaces.add_device(host, "#{iface.name}", "mtu" => 1500,
       'mac_address' => #{iface.mac_address},

data/lib/construqt/services.rb

@@ -8,42 +8,28 @@ module Construqt
     end
 
     class DhcpV4Relay
-      attr_accessor :servers, :name, :services
-      def initialize(name)
-        self.name = name
-        self.servers = []
-      end
-      def add_server(ip)
-        ip = IPAddress.parse(ip)
-        throw "ip must be a v4 address" unless ip.ipv4?
-        self.servers << ip
-        self
+      attr_reader :name, :inbound_tag, :upstream_tag
+      attr_accessor :services
+      def initialize(name, inbound_tag, upstream_tag)
+        @name = name
+        @inbound_tag = inbound_tag
+        @upstream_tag = upstream_tag
       end
     end
     class DhcpV6Relay
-      attr_accessor :servers, :name, :services
-      def initialize(name)
-        self.name = name
-        self.servers = []
-      end
-      class Server
-        attr_accessor :ip, :iface
-      end
-      def add_server(name)
-        (ip, iface) = name.split("%")
-        throw "ip not set #{name}" unless ip
-        ip = IPAddress.parse(ip)
-        throw "ip must be a v6 address" unless ip.ipv6?
-        throw "iface not set #{name}" if iface.nil? || iface.empty?
-        server = Server.new
-        server.ip = ip
-        server.iface = iface
-        self.servers << server
-        self
+      attr_reader :name, :inbound_tag, :upstream_tag
+      attr_accessor :services
+      def initialize(name, inbound_tag, upstream_tag)
+        @name = name
+        @inbound_tag = inbound_tag
+        @upstream_tag = upstream_tag
       end
     end
+
     class Radvd
+      include Construqt::Util::Chainable
       attr_accessor :servers, :name, :services
+      chainable_attr :adv_autonomous
       def initialize(name)
         self.name = name
       end