construqt 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/construqt/addresses.rb +121 -10
- data/lib/construqt/bgps.rb +10 -12
- data/lib/construqt/firewalls.rb +115 -16
- data/lib/construqt/flavour/ciscian/ciscian.rb +73 -93
- data/lib/construqt/flavour/ciscian/deploy_template.rb +36 -0
- data/lib/construqt/flavour/ciscian/dialect_dlink-dgs15xx.rb +62 -114
- data/lib/construqt/flavour/ciscian/dialect_hp-2510g.rb +74 -14
- data/lib/construqt/flavour/delegates.rb +9 -0
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik.rb +0 -3
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_bgp.rb +12 -1
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_interface.rb +32 -1
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_result.rb +2 -0
- data/lib/construqt/flavour/mikrotik/flavour_mikrotik_schema.rb +3 -3
- data/lib/construqt/flavour/plantuml/plantuml.rb +2 -2
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu.rb +24 -13
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_bgp.rb +16 -7
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_dns.rb +5 -5
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_firewall.rb +218 -67
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_ipsec.rb +33 -17
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_opvn.rb +5 -5
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_result.rb +77 -14
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_services.rb +77 -29
- data/lib/construqt/flavour/ubuntu/flavour_ubuntu_vrrp.rb +18 -3
- data/lib/construqt/interfaces.rb +25 -6
- data/lib/construqt/ipsecs.rb +5 -3
- data/lib/construqt/rack.rb +51 -0
- data/lib/construqt/resource.rb +25 -3
- data/lib/construqt/reverse.rb +1 -0
- data/lib/construqt/services.rb +15 -29
- data/lib/construqt/tags.rb +21 -15
- data/lib/construqt/templates.rb +17 -0
- data/lib/construqt/users.rb +4 -0
- data/lib/construqt/util.rb +1 -1
- data/lib/construqt/version.rb +1 -1
- data/lib/construqt/vlans.rb +13 -2
- data/lib/construqt.rb +2 -1
- metadata +4 -2
@@ -225,8 +225,8 @@ OTHER
|
|
225
225
|
class Entry
|
226
226
|
class Header
|
227
227
|
MODE_MANUAL = :manual
|
228
|
-
MODE_DHCP = :dhcp
|
229
228
|
MODE_LOOPBACK = :loopback
|
229
|
+
MODE_DHCP = :dhcp
|
230
230
|
PROTO_INET6 = :inet6
|
231
231
|
PROTO_INET4 = :inet
|
232
232
|
AUTO = :auto
|
@@ -235,6 +235,16 @@ OTHER
|
|
235
235
|
self
|
236
236
|
end
|
237
237
|
|
238
|
+
def dhcpv4
|
239
|
+
@mode = MODE_DHCP
|
240
|
+
self
|
241
|
+
end
|
242
|
+
|
243
|
+
def dhcpv6
|
244
|
+
@dhcpv6 = true
|
245
|
+
self
|
246
|
+
end
|
247
|
+
|
238
248
|
def protocol(protocol)
|
239
249
|
@protocol = protocol
|
240
250
|
self
|
@@ -263,9 +273,11 @@ OTHER
|
|
263
273
|
|
264
274
|
def commit
|
265
275
|
return "" if @entry.skip_interfaces?
|
276
|
+
ipv6_dhcp = "iface #{get_interface_name} inet6 dhcp" if @dhcpv6
|
266
277
|
out = <<OUT
|
267
278
|
# #{@entry.iface.clazz}
|
268
279
|
#{@auto ? "auto #{get_interface_name}" : ""}
|
280
|
+
#{ipv6_dhcp||""}
|
269
281
|
iface #{get_interface_name} #{@protocol.to_s} #{@mode.to_s}
|
270
282
|
up /bin/bash /etc/network/#{get_interface_name}-up.iface
|
271
283
|
down /bin/bash /etc/network/#{get_interface_name}-down.iface
|
@@ -293,19 +305,19 @@ OUT
|
|
293
305
|
@lines += block.each_line.map{|i| i.strip }.select{|i| !i.empty? }
|
294
306
|
end
|
295
307
|
|
296
|
-
def write_s(direction, blocks)
|
297
|
-
@entry.result.add(self.class, <<BLOCK, Construqt::Resources::Rights
|
308
|
+
def write_s(component, direction, blocks)
|
309
|
+
@entry.result.add(self.class, <<BLOCK, Construqt::Resources::Rights.root_0755(component), "etc", "network", "#{@entry.header.get_interface_name}-#{direction}.iface")
|
298
310
|
#!/bin/bash
|
299
311
|
exec > >(logger -t "#{@entry.header.get_interface_name}-#{direction}") 2>&1
|
300
312
|
#{blocks.join("\n")}
|
301
|
-
iptables-restore < /etc/network/iptables.cfg
|
302
|
-
ip6tables-restore < /etc/network/ip6tables.cfg
|
303
313
|
BLOCK
|
314
|
+
#iptables-restore < /etc/network/iptables.cfg
|
315
|
+
#ip6tables-restore < /etc/network/ip6tables.cfg
|
304
316
|
end
|
305
317
|
|
306
318
|
def commit
|
307
|
-
write_s("up", @ups)
|
308
|
-
write_s("down", @downs)
|
319
|
+
write_s(@entry.iface.class.name, "up", @ups)
|
320
|
+
write_s(@entry.iface.class.name, "down", @downs)
|
309
321
|
sections = @lines.inject({}) {|r, line| key = line.split(/\s+/).first; r[key] ||= []; r[key] << line; r }
|
310
322
|
sections.keys.sort.map do |key|
|
311
323
|
if sections[key]
|
@@ -429,7 +441,12 @@ BLOCK
|
|
429
441
|
def commit(result)
|
430
442
|
@interfaces.keys.sort.each do |ifname|
|
431
443
|
vrrp = @interfaces[ifname]
|
432
|
-
result.add(self, <<VRRP, Construqt::Resources::Rights::
|
444
|
+
result.add(self, <<VRRP, Construqt::Resources::Rights.root_0755(Construqt::Resources::Component::VRRP), "etc", "network", "vrrp.#{ifname}.stop.sh")
|
445
|
+
#!/bin/bash
|
446
|
+
#{vrrp.render_backups}
|
447
|
+
exit 0
|
448
|
+
VRRP
|
449
|
+
result.add(self, <<VRRP, Construqt::Resources::Rights.root_0755(Construqt::Resources::Component::VRRP), "etc", "network", "vrrp.#{ifname}.sh")
|
433
450
|
#!/bin/bash
|
434
451
|
|
435
452
|
TYPE=$1
|
@@ -473,6 +490,10 @@ VRRP
|
|
473
490
|
@host
|
474
491
|
end
|
475
492
|
|
493
|
+
def add_component(component)
|
494
|
+
@result[component] ||= ArrayWithRight.new(Construqt::Resources::Rights.root_0644(component))
|
495
|
+
end
|
496
|
+
|
476
497
|
def empty?(name)
|
477
498
|
not @result[name]
|
478
499
|
end
|
@@ -515,12 +536,55 @@ VRRP
|
|
515
536
|
'/'+File.dirname(fname)+"/.#{File.basename(fname)}.import"
|
516
537
|
end
|
517
538
|
|
539
|
+
def component_to_packages(component)
|
540
|
+
cp = Construqt::Resources::Component
|
541
|
+
ret = {
|
542
|
+
cp::UNREF => {},
|
543
|
+
"Construqt::Flavour::DeviceDelegate" => {},
|
544
|
+
"Construqt::Flavour::Ubuntu::Bond" => { "ifenslave" => true },
|
545
|
+
"Construqt::Flavour::VlanDelegate" => { "vlan" => true },
|
546
|
+
"Construqt::Flavour::Ubuntu::Gre" => { },
|
547
|
+
"Construqt::Flavour::BridgeDelegate" => { "bridge-utils" => true },
|
548
|
+
cp::NTP => { "ntpd" => true},
|
549
|
+
cp::USB_MODESWITCH => { "usb-modeswitch" => true, "usb-modeswitch-data" => true },
|
550
|
+
cp::VRRP => { "keepalived" => true },
|
551
|
+
cp::FW4 => { "iptables" => true, "ulogd2" => true },
|
552
|
+
cp::FW6 => { "iptables" => true, "ulogd2" => true },
|
553
|
+
cp::IPSEC => { "racoon" => true },
|
554
|
+
cp::SSH => { "openssh-server" => true },
|
555
|
+
cp::BGP => { "bird" => true },
|
556
|
+
cp::OPENVPN => { "openvpn" => true },
|
557
|
+
cp::DNS => { "bind9" => true },
|
558
|
+
cp::RADVD => { "radvd" => true },
|
559
|
+
cp::CONNTRACKD => { "conntrackd" => true, "conntrack" => true },
|
560
|
+
cp::DHCPRELAY => { "wide-dhcpv6-relay" => true, "dhcp-helper" => true }
|
561
|
+
}[component]
|
562
|
+
throw "Component with name not found #{component}" unless ret
|
563
|
+
ret
|
564
|
+
end
|
565
|
+
|
518
566
|
def commit
|
519
|
-
add(EtcNetworkIptables, etc_network_iptables.commitv4, Construqt::Resources::Rights::
|
520
|
-
add(EtcNetworkIptables, etc_network_iptables.commitv6, Construqt::Resources::Rights::
|
521
|
-
add(EtcNetworkInterfaces, etc_network_interfaces.commit, Construqt::Resources::Rights
|
522
|
-
add(EtcConntrackdConntrackd, etc_conntrackd_conntrackd.commit, Construqt::Resources::Rights::
|
567
|
+
add(EtcNetworkIptables, etc_network_iptables.commitv4, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::FW4), "etc", "network", "iptables.cfg")
|
568
|
+
add(EtcNetworkIptables, etc_network_iptables.commitv6, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::FW6), "etc", "network", "ip6tables.cfg")
|
569
|
+
add(EtcNetworkInterfaces, etc_network_interfaces.commit, Construqt::Resources::Rights.root_0644, "etc", "network", "interfaces")
|
570
|
+
add(EtcConntrackdConntrackd, etc_conntrackd_conntrackd.commit, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::CONNTRACKD), "etc", "conntrack", "conntrackd.conf")
|
523
571
|
@etc_network_vrrp.commit(self)
|
572
|
+
|
573
|
+
components = @result.values.inject({
|
574
|
+
"language-pack-en" => true,
|
575
|
+
"language-pack-de" => true,
|
576
|
+
"git" => true,
|
577
|
+
"aptitude" => true,
|
578
|
+
"traceroute" => true,
|
579
|
+
"tcpdump" => true,
|
580
|
+
"strace" => true,
|
581
|
+
"lsof" => true,
|
582
|
+
"ifstat" => true,
|
583
|
+
"mtr-tiny" => true,
|
584
|
+
"openssl" => true,
|
585
|
+
}) do |r, block|
|
586
|
+
r.merge(component_to_packages(block.right.component))
|
587
|
+
end.keys
|
524
588
|
out = [<<BASH]
|
525
589
|
#!/bin/bash
|
526
590
|
hostname=`hostname`
|
@@ -536,8 +600,7 @@ else
|
|
536
600
|
echo Configure Host #{@host.name}
|
537
601
|
fi
|
538
602
|
updates=''
|
539
|
-
for i in
|
540
|
-
bird keepalived strace iptables conntrack openssl racoon ulogd2 ifenslave conntrackd conntrack bind9
|
603
|
+
for i in #{components.join(" ")}
|
541
604
|
do
|
542
605
|
dpkg -l $i > /dev/null 2> /dev/null
|
543
606
|
if [ $? != 0 ]
|
@@ -8,24 +8,38 @@ module Construqt
|
|
8
8
|
@service = service
|
9
9
|
end
|
10
10
|
|
11
|
-
def up(ifname)
|
12
|
-
|
11
|
+
def up(ifname, inbounds, upstreams)
|
12
|
+
minus_i = (inbounds.map { |cqip| "-i #{cqip.container.interface.name}" }).join(' ')
|
13
|
+
servers = upstreams.map{ |cqip| "-s #{cqip.to_s}" }.join(' ')
|
14
|
+
#"/usr/sbin/dhcrelay -pf /run/dhcrelay-v4.#{ifname}.pid -q -4 #{minus_i} #{servers}"
|
15
|
+
"/usr/sbin/dhcp-helper #{servers} #{minus_i} -r /run/dhcp-helper-v4.#{ifname}.pid"
|
13
16
|
end
|
14
17
|
|
15
|
-
def down(ifname)
|
16
|
-
"kill `cat /run/dhcrelay-v4.#{ifname}.pid`"
|
18
|
+
def down(ifname, inbounds, upstreams)
|
19
|
+
#"kill `cat /run/dhcrelay-v4.#{ifname}.pid`"
|
20
|
+
"kill `cat /run/dhcp-helper-v4.#{ifname}.pid`"
|
17
21
|
end
|
18
22
|
|
19
|
-
def vrrp(host, ifname,
|
20
|
-
host.
|
23
|
+
def vrrp(host, ifname, vrrp)
|
24
|
+
inbounds = Construqt::Tags.find(@service.inbound_tag).select{ |cqip| cqip.container.interface.host == host && cqip.ipv4? && !cqip.container.interface.name.empty? }
|
25
|
+
return if inbounds.empty?
|
26
|
+
iface = vrrp.interfaces.find{|_| _.host == host }
|
27
|
+
return unless iface
|
28
|
+
upstreams = Construqt::Tags.find(@service.upstream_tag).select{ |cqip| cqip.ipv4? }
|
29
|
+
return if upstreams.empty?
|
30
|
+
host.result.etc_network_vrrp(vrrp.name).add_master(up(ifname, inbounds, upstreams))
|
31
|
+
.add_backup(down(ifname, inbounds, upstreams))
|
32
|
+
host.result.add_component(Construqt::Resources::Component::DHCPRELAY)
|
21
33
|
end
|
22
34
|
|
23
35
|
def interfaces(host, ifname, iface, writer)
|
24
|
-
|
25
|
-
return
|
26
|
-
|
27
|
-
|
28
|
-
writer.lines.
|
36
|
+
inbounds = Construqt::Tags.find(@service.inbound_tag).select{ |cqip| cqip.container.interface.host == host && cqip.ipv4? }
|
37
|
+
return if inbounds.empty?
|
38
|
+
upstreams = Construqt::Tags.find(@service.upstream_tag).select{ |cqip| cqip.ipv4? }
|
39
|
+
return if upstreams.empty?
|
40
|
+
writer.lines.up(up(ifname, inbounds, upstreams))
|
41
|
+
writer.lines.down(down(ifname, inbounds, upstreams))
|
42
|
+
host.result.add_component(Construqt::Resources::Component::DHCPRELAY)
|
29
43
|
end
|
30
44
|
end
|
31
45
|
|
@@ -34,28 +48,40 @@ module Construqt
|
|
34
48
|
@service = service
|
35
49
|
end
|
36
50
|
|
37
|
-
def up(
|
38
|
-
|
51
|
+
def up(ifname, inbounds, upstreams)
|
52
|
+
inbound_ifs = inbounds.map { |cqip| "#{cqip.container.interface.name}" }.join(' ')
|
53
|
+
minus_s = upstreams.map{ |cqip| "-s #{cqip}" }.join(' ')
|
54
|
+
minus_r = upstreams.map{ |cqip| "-r #{ifname}" }.join(' ')
|
55
|
+
#"/usr/sbin/dhcrelay -pf /run/dhcrelay-v6.#{ifname}.pid -q -6 #{minus_l} #{minus_o}"
|
56
|
+
"/usr/sbin/dhcp6relay -d -p /run/dhcp6relay-v6.#{ifname}.pid #{minus_s} #{minus_r} #{inbound_ifs}"
|
39
57
|
end
|
40
58
|
|
41
|
-
def down(
|
42
|
-
"kill `cat /run/dhcrelay-v6.#{ifname}.pid`"
|
59
|
+
def down(ifname, inbounds, upstreams)
|
60
|
+
#"kill `cat /run/dhcrelay-v6.#{ifname}.pid`"
|
61
|
+
"kill `cat /run/dhcp6relay-v6.#{ifname}.pid`"
|
43
62
|
end
|
44
63
|
|
45
|
-
def vrrp(host, ifname,
|
46
|
-
|
64
|
+
def vrrp(host, ifname, vrrp)
|
65
|
+
inbounds = Construqt::Tags.find(@service.inbound_tag).select{ |cqip| cqip.container.interface.host == host && cqip.ipv6? }
|
66
|
+
return if inbounds.empty?
|
67
|
+
iface = vrrp.interfaces.find{|_| _.host == host }
|
68
|
+
return unless iface
|
69
|
+
#binding.pry
|
70
|
+
upstreams = Construqt::Tags.find(@service.upstream_tag).select{ |cqip| cqip.ipv6? }
|
71
|
+
return if upstreams.empty?
|
72
|
+
host.result.etc_network_vrrp(vrrp.name).add_master(up(ifname, inbounds, upstreams))
|
73
|
+
.add_backup(down(ifname, inbounds, upstreams))
|
74
|
+
host.result.add_component(Construqt::Resources::Component::DHCPRELAY)
|
47
75
|
end
|
48
76
|
|
49
77
|
def interfaces(host, ifname, iface, writer)
|
50
|
-
|
51
|
-
return if
|
52
|
-
@service.
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
writer.lines.up(up(iface, ifname))
|
58
|
-
writer.lines.down(down(iface, ifname))
|
78
|
+
inbounds = Construqt::Tags.find(@service.inbound_tag).select{ |cqip| cqip.container.interface.host == host && cqip.ipv6? }
|
79
|
+
return if inbounds.empty?
|
80
|
+
upstreams = Construqt::Tags.find(@service.upstream_tag).select{ |cqip| cqip.ipv6? }
|
81
|
+
return if upstreams.empty?
|
82
|
+
writer.lines.up(up(ifname, inbounds, upstreams))
|
83
|
+
writer.lines.down(down(ifname, inbounds, upstreams))
|
84
|
+
host.result.add_component(Construqt::Resources::Component::DHCPRELAY)
|
59
85
|
end
|
60
86
|
end
|
61
87
|
|
@@ -82,7 +108,7 @@ module Construqt
|
|
82
108
|
return unless iface.address && iface.address.first_ipv6
|
83
109
|
writer.lines.up(up(ifname))
|
84
110
|
writer.lines.down(down(ifname))
|
85
|
-
host.result.add(self, <<RADV, Construqt::Resources::Rights::
|
111
|
+
host.result.add(self, <<RADV, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::RADVD), "etc", "network", "radvd.#{ifname}.conf")
|
86
112
|
interface #{ifname}
|
87
113
|
{
|
88
114
|
AdvManagedFlag on;
|
@@ -95,7 +121,7 @@ interface #{ifname}
|
|
95
121
|
prefix #{iface.address.first_ipv6.network.to_string}
|
96
122
|
{
|
97
123
|
AdvOnLink on;
|
98
|
-
AdvAutonomous off;
|
124
|
+
AdvAutonomous #{@service.adv_autonomous? ? "on" : "off"};
|
99
125
|
AdvRouterAddr on;
|
100
126
|
};
|
101
127
|
|
@@ -133,12 +159,34 @@ RADV
|
|
133
159
|
end
|
134
160
|
end
|
135
161
|
|
162
|
+
class RouteService
|
163
|
+
def initialize(service)
|
164
|
+
@service = service
|
165
|
+
end
|
166
|
+
|
167
|
+
def up(ifname)
|
168
|
+
"/sbin/ip route add #{@service.rt.dst.to_string} via #{@service.rt.via}"
|
169
|
+
end
|
170
|
+
|
171
|
+
def down(ifname)
|
172
|
+
"/sbin/ip route del #{@service.rt.dst.to_string} via #{@service.rt.via}"
|
173
|
+
end
|
174
|
+
|
175
|
+
def vrrp(host, ifname, iface)
|
176
|
+
host.result.etc_network_vrrp(iface.name).add_master(up(ifname)).add_backup(down(ifname))
|
177
|
+
end
|
178
|
+
|
179
|
+
def interfaces(host, ifname, iface, writer)
|
180
|
+
end
|
181
|
+
end
|
182
|
+
|
136
183
|
def self.get_renderer(service)
|
137
184
|
factory = {
|
138
185
|
Construqt::Services::DhcpV4Relay => DhcpV4Relay,
|
139
186
|
Construqt::Services::DhcpV6Relay => DhcpV6Relay,
|
140
187
|
Construqt::Services::Radvd => Radvd,
|
141
|
-
Construqt::Services::ConntrackD => ConntrackD
|
188
|
+
Construqt::Services::ConntrackD => ConntrackD,
|
189
|
+
Construqt::Flavour::Ubuntu::Vrrp::RouteService => RouteService
|
142
190
|
}
|
143
191
|
found = factory.keys.find{ |i| service.kind_of?(i) }
|
144
192
|
throw "service type unknown #{service.name} #{service.class.name}" unless found
|
@@ -8,13 +8,21 @@ module Construqt
|
|
8
8
|
end
|
9
9
|
|
10
10
|
def self.header(host)
|
11
|
-
host.result.add(self, <<GLOBAL, Construqt::Resources::Rights::
|
11
|
+
host.result.add(self, <<GLOBAL, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::VRRP), "etc", "keepalived", "keepalived.conf")
|
12
12
|
global_defs {
|
13
13
|
lvs_id #{host.name}
|
14
14
|
}
|
15
15
|
GLOBAL
|
16
16
|
end
|
17
17
|
|
18
|
+
class RouteService
|
19
|
+
attr_accessor :name, :rt
|
20
|
+
def initialize(name, rt)
|
21
|
+
self.name = name
|
22
|
+
self.rt = rt
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
18
26
|
def build_config(host, iface)
|
19
27
|
iface = iface.delegate
|
20
28
|
my_iface = iface.interfaces.find{|iface| iface.host == host }
|
@@ -26,16 +34,23 @@ GLOBAL
|
|
26
34
|
ret << " priority #{my_iface.priority}"
|
27
35
|
ret << " authentication {"
|
28
36
|
ret << " auth_type PASS"
|
29
|
-
ret << " auth_pass fw"
|
37
|
+
ret << " auth_pass #{iface.password||"fw"}"
|
30
38
|
ret << " }"
|
31
39
|
ret << " virtual_ipaddress {"
|
32
40
|
iface.address.ips.each do |ip|
|
33
41
|
ret << " #{ip.to_string} dev #{my_iface.name}"
|
34
42
|
end
|
43
|
+
iface.address.routes.each do |rt|
|
44
|
+
key = "#{iface.name}-#{rt.dst.to_string}-#{rt.via}"
|
45
|
+
next if iface.services.find{ |i| i.name == key }
|
46
|
+
iface.services << RouteService.new(key, rt)
|
47
|
+
end
|
48
|
+
|
35
49
|
|
36
50
|
ret << " }"
|
37
51
|
if iface.services && !iface.services.empty?
|
38
52
|
ret << " notify /etc/network/vrrp.#{iface.name}.sh"
|
53
|
+
ret << " notify_stop /etc/network/vrrp.#{iface.name}.stop.sh"
|
39
54
|
writer = host.result.etc_network_interfaces.get(iface)
|
40
55
|
iface.services.each do |service|
|
41
56
|
Services.get_renderer(service).interfaces(host, my_iface.name, my_iface, writer)
|
@@ -44,7 +59,7 @@ GLOBAL
|
|
44
59
|
end
|
45
60
|
|
46
61
|
ret << "}"
|
47
|
-
host.result.add(self, ret.join("\n"), Construqt::Resources::Rights::
|
62
|
+
host.result.add(self, ret.join("\n"), Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::VRRP), "etc", "keepalived", "keepalived.conf")
|
48
63
|
end
|
49
64
|
end
|
50
65
|
end
|
data/lib/construqt/interfaces.rb
CHANGED
@@ -32,6 +32,8 @@ module Construqt
|
|
32
32
|
# binding.pry
|
33
33
|
cfg['clazz'] ||= "device"
|
34
34
|
cfg['address'] ||= nil
|
35
|
+
cfg['firewalls'] ||= []
|
36
|
+
cfg['firewalls'] = cfg['firewalls'].map{|i| i.kind_of?(String) ? Construqt::Firewalls.find(i) : i }
|
35
37
|
(dev_name, iface) = Construqt::Tags.add(dev_name) { |name| host.flavour.create_interface(name, cfg) }
|
36
38
|
# iface.clazz.attach = iface
|
37
39
|
host.interfaces[dev_name] = iface
|
@@ -97,18 +99,23 @@ module Construqt
|
|
97
99
|
def add_vrrp(name, cfg)
|
98
100
|
nets = {}
|
99
101
|
cfg['address'].ips.each do |adr|
|
100
|
-
|
102
|
+
if adr.ipv4? && adr.prefix != 32
|
103
|
+
unless cfg['address'].routes.find{ |rt| adr.include?(rt.via) }
|
104
|
+
throw "only host ip's are allowed #{adr.to_s} with prefix != 32 or route"
|
105
|
+
end
|
106
|
+
end
|
101
107
|
throw "only host ip's are allowed #{adr.to_s}" if adr.ipv6? && adr.prefix != 128
|
102
108
|
nets[adr.network.to_s] = true
|
103
109
|
end
|
104
110
|
|
105
111
|
cfg['interfaces'].each do |interface|
|
106
|
-
throw "interface need priority #{interface}" unless interface.priority
|
112
|
+
throw "interface need priority #{interface.name}" unless interface.priority
|
107
113
|
throw "interface not found:#{name}" unless interface
|
108
114
|
cfg['clazz'] = "vrrp"
|
109
115
|
cfg['interface'] = interface
|
110
116
|
throw "vrrp interface does not have within the same network" if nets.length == interface.address.ips.select { |adr| nets[adr.network.to_s] }.length
|
111
117
|
dev = add_device(interface.host, name, cfg)
|
118
|
+
# interface.firewalls.push(*(dev.firewalls || []))
|
112
119
|
interface.vrrp = dev
|
113
120
|
dev.address.interface = nil
|
114
121
|
dev.address.host = nil
|
@@ -128,16 +135,28 @@ module Construqt
|
|
128
135
|
dev
|
129
136
|
end
|
130
137
|
|
131
|
-
def
|
138
|
+
def _find(host_or_name, iface_name)
|
132
139
|
if host_or_name.kind_of?(String)
|
133
140
|
host = @region.hosts.find(host_or_name)
|
134
|
-
|
141
|
+
return [nil, nil] unless host
|
135
142
|
else
|
136
143
|
host = host_or_name
|
137
144
|
end
|
138
|
-
|
139
145
|
iface = host.interfaces[iface_name]
|
140
|
-
|
146
|
+
return [host, nil] unless iface
|
147
|
+
[host, iface]
|
148
|
+
end
|
149
|
+
|
150
|
+
def find!(host_or_name, iface_name)
|
151
|
+
(host, iface) = _find(host_or_name, iface_name)
|
152
|
+
return nil if host.nil? || iface.nil?
|
153
|
+
iface
|
154
|
+
end
|
155
|
+
|
156
|
+
def find(host_or_name, iface_name)
|
157
|
+
(host, iface) = _find(host_or_name, iface_name)
|
158
|
+
throw "host not found #{host_or_name}" if host.nil?
|
159
|
+
throw "interface not found for #{iface_name}:#{host.name}" if iface.nil?
|
141
160
|
iface
|
142
161
|
end
|
143
162
|
|
data/lib/construqt/ipsecs.rb
CHANGED
@@ -34,6 +34,7 @@ module Construqt
|
|
34
34
|
add_connection(cfg, 'left', 'right', Util.add_gre_prefix(cfg['right']['host'].name))
|
35
35
|
add_connection(cfg, 'right', 'left', Util.add_gre_prefix(cfg['left'].host.name))
|
36
36
|
cfg['name'] = name
|
37
|
+
cfg['transport_family'] ||= Construqt::Addresses::IPV6
|
37
38
|
cfg = @ipsecs[name] = Ipsec.new(cfg)
|
38
39
|
cfg.left.other = cfg.right
|
39
40
|
cfg.left.cfg = cfg
|
@@ -47,14 +48,15 @@ module Construqt
|
|
47
48
|
cfg.left.interface = cfg.left.my.host.region.interfaces.add_gre(cfg.left.my.host, cfg.left.other.host.name,
|
48
49
|
"address" => cfg.left.my,
|
49
50
|
"local" => cfg.left.remote,
|
50
|
-
"remote" => cfg.right.remote
|
51
|
+
"remote" => cfg.right.remote,
|
52
|
+
"ipsec" => cfg
|
51
53
|
)
|
52
54
|
cfg.right.interface = cfg.left.my.host.region.interfaces.add_gre(cfg.right.my.host, cfg.right.other.host.name,
|
53
55
|
"address" => cfg.right.my,
|
54
56
|
"local" => cfg.right.remote,
|
55
|
-
"remote" => cfg.left.remote
|
57
|
+
"remote" => cfg.left.remote,
|
58
|
+
"ipsec" => cfg
|
56
59
|
)
|
57
|
-
#binding.pry
|
58
60
|
cfg
|
59
61
|
end
|
60
62
|
|
@@ -0,0 +1,51 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
module Construqt
|
4
|
+
|
5
|
+
class Racks
|
6
|
+
|
7
|
+
attr_reader :region, :racks
|
8
|
+
def initialize(region)
|
9
|
+
@region = region
|
10
|
+
@racks = {}
|
11
|
+
end
|
12
|
+
|
13
|
+
class Rack
|
14
|
+
attr_accessor :total_high
|
15
|
+
attr_accessor :location
|
16
|
+
attr_accessor :name
|
17
|
+
attr_accessor :description
|
18
|
+
attr_accessor :pin
|
19
|
+
def initialize(name)
|
20
|
+
@name = name
|
21
|
+
@entries = {}
|
22
|
+
end
|
23
|
+
def add_entry(positions, key)
|
24
|
+
if /[^0-9]+/.match(position.to_s) && 0 <= position.to_i && position.to_i <= total_high.to_i
|
25
|
+
throw "position must be between 0 <= #{total_high} #{position}"
|
26
|
+
end
|
27
|
+
@entries[position] ||= {}
|
28
|
+
throw "entry with key exists #{key} in Rack #{name}" if @entries[position][key]
|
29
|
+
entry = Entry.new(key, self)
|
30
|
+
@entries[position][key] = entry
|
31
|
+
entry
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
|
36
|
+
def add_rack(name)
|
37
|
+
throw "Rack with name exist #{name}" if @racks[name]
|
38
|
+
rack = Rack.new(name)
|
39
|
+
@racks[name] = rack
|
40
|
+
rack
|
41
|
+
end
|
42
|
+
|
43
|
+
def find_rack(name)
|
44
|
+
throw "Rack with name does not exist #{name}" unless @racks[name]
|
45
|
+
@racks[name]
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
|
data/lib/construqt/resource.rb
CHANGED
@@ -1,9 +1,31 @@
|
|
1
1
|
module Construqt
|
2
2
|
class Resources
|
3
|
+
module Component
|
4
|
+
UNREF = :unref
|
5
|
+
NTP = :ntp
|
6
|
+
USB_MODESWITCH = :usb_modeswitch
|
7
|
+
VRRP = :vrrp
|
8
|
+
FW4 = :fw4
|
9
|
+
FW6 = :fw6
|
10
|
+
IPSEC = :ipsec
|
11
|
+
SSH = :ssh
|
12
|
+
BGP = :bgp
|
13
|
+
OPENVPN = :openvpn
|
14
|
+
DNS = :dns
|
15
|
+
RADVD = :radvd
|
16
|
+
CONNTRACKD = :conntrackd
|
17
|
+
DHCPRELAY = :dhcprelay
|
18
|
+
end
|
3
19
|
module Rights
|
4
|
-
|
5
|
-
|
6
|
-
|
20
|
+
def self.root_0600(component = Component::UNREF)
|
21
|
+
OpenStruct.new :right => "0600", :owner => 'root', :component => component
|
22
|
+
end
|
23
|
+
def self.root_0644(component = Component::UNREF)
|
24
|
+
OpenStruct.new :right => "0644", :owner => 'root', :component => component
|
25
|
+
end
|
26
|
+
def self.root_0755(component = Component::UNREF)
|
27
|
+
OpenStruct.new :right => "0755", :owner => 'root', :component => component
|
28
|
+
end
|
7
29
|
end
|
8
30
|
|
9
31
|
class Resource
|
data/lib/construqt/reverse.rb
CHANGED
@@ -21,6 +21,7 @@ def render_iface(ifaces, routes)
|
|
21
21
|
ifaces.interfaces.map do |iface|
|
22
22
|
next [] if iface.name == 'lo'
|
23
23
|
next [] if iface.ips.empty?
|
24
|
+
#binding.pry
|
24
25
|
out = <<RUBY
|
25
26
|
region.interfaces.add_device(host, "#{iface.name}", "mtu" => 1500,
|
26
27
|
'mac_address' => #{iface.mac_address},
|
data/lib/construqt/services.rb
CHANGED
@@ -8,42 +8,28 @@ module Construqt
|
|
8
8
|
end
|
9
9
|
|
10
10
|
class DhcpV4Relay
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
ip = IPAddress.parse(ip)
|
18
|
-
throw "ip must be a v4 address" unless ip.ipv4?
|
19
|
-
self.servers << ip
|
20
|
-
self
|
11
|
+
attr_reader :name, :inbound_tag, :upstream_tag
|
12
|
+
attr_accessor :services
|
13
|
+
def initialize(name, inbound_tag, upstream_tag)
|
14
|
+
@name = name
|
15
|
+
@inbound_tag = inbound_tag
|
16
|
+
@upstream_tag = upstream_tag
|
21
17
|
end
|
22
18
|
end
|
23
19
|
class DhcpV6Relay
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
attr_accessor :ip, :iface
|
31
|
-
end
|
32
|
-
def add_server(name)
|
33
|
-
(ip, iface) = name.split("%")
|
34
|
-
throw "ip not set #{name}" unless ip
|
35
|
-
ip = IPAddress.parse(ip)
|
36
|
-
throw "ip must be a v6 address" unless ip.ipv6?
|
37
|
-
throw "iface not set #{name}" if iface.nil? || iface.empty?
|
38
|
-
server = Server.new
|
39
|
-
server.ip = ip
|
40
|
-
server.iface = iface
|
41
|
-
self.servers << server
|
42
|
-
self
|
20
|
+
attr_reader :name, :inbound_tag, :upstream_tag
|
21
|
+
attr_accessor :services
|
22
|
+
def initialize(name, inbound_tag, upstream_tag)
|
23
|
+
@name = name
|
24
|
+
@inbound_tag = inbound_tag
|
25
|
+
@upstream_tag = upstream_tag
|
43
26
|
end
|
44
27
|
end
|
28
|
+
|
45
29
|
class Radvd
|
30
|
+
include Construqt::Util::Chainable
|
46
31
|
attr_accessor :servers, :name, :services
|
32
|
+
chainable_attr :adv_autonomous
|
47
33
|
def initialize(name)
|
48
34
|
self.name = name
|
49
35
|
end
|