ip-wrangler 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 89f402bf64890c36deefd8756a91dcf31d077205
+  data.tar.gz: 48b32a9b15c002138927e8b345bf52d471c95486
+SHA512:
+  metadata.gz: 3a0036134eb6ac45cfb8bfcb1daf2dfcdefb934d199cee57c3658e525793daafe4c220dc1ce7fb9cd1831757b5f8b5fbf899e8b974b2cb229f8d2d57a6a39d4b
+  data.tar.gz: 0d50e1f7dd64c0c948b030d53ee2df14a2dfd3dc40e3d7f2985f5c3c1e1d7f4decee390309a3ca6f4657d61b5f6c3562e571998d578c1abcb03d2d7254bddc50

data/.gitignore

@@ -0,0 +1,16 @@
+.bundle/
+vendor/
+
+*.db
+*.log
+config.yml
+
+.idea/
+*.ipr
+*.iws
+*.iml
+
+/nbproject/private/
+/nbproject/
+
+*.gem

data/.hound.yml

@@ -0,0 +1,3 @@
+ruby:
+  enabled: true
+  config_file: .rubocop.yml

data/.rubocop.yml

@@ -0,0 +1,9 @@
+AllCops:
+  RunRailsCops: true
+
+Metrics/LineLength:
+  Max: 99
+
+StringLiterals:
+  EnforcedStyle: single_quotes
+  Enabled: true

data/CHANGELOG

@@ -0,0 +1,4 @@
+v 0.1.0
+  - Migrate to gem structure
+  - Update documentation
+  - Add installation, configuration and services scripts

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,39 @@
+PATH
+  remote: .
+  specs:
+    ip-wrangler (0.1.0)
+      json (~> 1.8)
+      sequel (~> 4.19)
+      sinatra (~> 1.4)
+      sqlite3 (~> 1.3)
+      thin (~> 1.6)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    daemons (1.1.9)
+    eventmachine (1.0.6)
+    json (1.8.2)
+    rack (1.6.0)
+    rack-protection (1.5.3)
+      rack
+    rake (10.4.2)
+    sequel (4.19.0)
+    sinatra (1.4.5)
+      rack (~> 1.4)
+      rack-protection (~> 1.4)
+      tilt (~> 1.3, >= 1.3.4)
+    sqlite3 (1.3.10)
+    thin (1.6.3)
+      daemons (~> 1.0, >= 1.0.9)
+      eventmachine (~> 1.0)
+      rack (~> 1.0)
+    tilt (1.4.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.6)
+  ip-wrangler!
+  rake (~> 10.4)

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Paweł Suder
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/MANUAL.md

@@ -0,0 +1,14 @@
+## Manual installation
+
+Install this software (as non-root):
+
+    git clone https://github.com/dice-cyfronet/ip-wrangler.git
+
+Create gem locally (as non-root, inside project directory):
+
+    gem build ip-wrangler.gemspec
+
+Install created gem:
+
+    gem install ip-wrangler-*.gem
+

data/README.md

@@ -0,0 +1,182 @@
+# IP Wrangler
+
+[![Code Climate](https://codeclimate.com/github/dice-cyfronet/ip-wrangler/badges/gpa.svg)](https://codeclimate.com/github/dice-cyfronet/ip-wrangler)
+[![Dependency Status](https://gemnasium.com/dice-cyfronet/ip-wrangler.svg)](https://gemnasium.com/dice-cyfronet/ip-wrangler)
+
+In polish __Portostawiaczka__
+
+This application manages DNAT port mappings and IP mappings for Virtual Machines
+(behind the NAT). It needs to be run on a node which is a router for Virtual
+Machines. It provides an API reachable via HTTP URL (`GET`, `POST`, `DELETE`)
+which allows the user to perform changes on `iptables` `nat` tables. It manages
+a pool of used and empty port mappings or IP mappings using an SQLite database.
+
+## Installation
+
+### Requirements
+
+* `iptables`
+* `lsof`
+* `sudo` (the user which runs `ipwrangler` needs permissions to run `/sbin/iptables` and `/usr/bin/lsof` via `sudo`)
+* `sqlite3` with `libsqlite3-dev`
+
+### Packages / Dependencies
+
+Update your system (as root, **optional**):
+
+    aptitude update
+    aptitude upgrade
+
+Install additional packages (as root, **optional**):
+
+    aptitude install iptables lsof sudo libsqlite3-dev g++ make autoconf bison build-essential libssl-dev libyaml-dev libreadline6 libreadline6-dev zlib1g zlib1g-dev
+
+Install `ruby` and `bundler` (as root, **optional**):
+
+    mkdir /tmp/ruby
+    pushd /tmp/ruby
+    curl --progress http://ftp.ruby-lang.org/pub/ruby/2.1/ruby-2.1.2.tar.gz | tar xz
+    pushd /tmp/ruby/ruby-2.1.2
+    ./configure --disable-install-rdoc
+    make
+    make install
+    gem install bundler --no-ri --no-rdoc
+    popd
+    popd
+
+Install this software:
+
+    gem install ip-wrangler
+
+Add `user_name` (which will start `ip-wrangler`) to `sudo` group (as root):
+
+    adduser user_name sudo
+
+To enable `iptables` and `lsof` for user `user_name` modify `/etc/sudoers` (as root)
+using `visudo`. Add the following line at the bottom of the file:
+
+    user_name host_name= NOPASSWD: /sbin/iptables, /usr/bin/lsof
+
+`host_name` must be the same like in `/etc/hostname`.
+
+### Configuration
+
+Before you start, configure *migratio* installation by executing short wizard:
+
+    ip-wrangler-configure ./config.yml
+
+You may edit manually configuration file, eg. `config.yml`.
+
+### Run
+
+When launching for the first time, run the application in the foreground:
+
+    ip-wrangler-start -c ./config.yml -F
+
+Verify that everything is okay.
+
+Application can be run in the background:
+
+    ip-wrangler-start -c ./config.yml -P ./ip-wrangler.pid
+
+To stop `ipwrangler` which runs in the background:
+
+    ip-wrangler-stop -P ./ip-wrangler.pid
+
+To clean rules created by `ipwrangler` in `iptables`:
+
+    ip-wrangler-clean <iptables_chain_name|maybe:IPT_WR>
+
+You can use *init.d* scripts to start and stop *migratio* automatic. Check [`initd.md`](support/initd.md)
+
+### Log'n'roll
+
+Use *logrotate* to roll generated logs. Example configuration for *logrotate*:
+
+    # ip-wrangler logrotate settings
+    # based on: http://stackoverflow.com/a/4883967
+    
+    /path/to/ip-wrangler/src/log/*.log {
+        daily
+        missingok
+        rotate 90
+        compress
+        notifempty
+        copytruncate
+    }
+
+## API
+
+### Port
+
+Listing:
+
+* `GET /nat/port` - list all NAT port(s)
+* `GET /nat/port/<private_ip>` - list NAT port(s) for specified private IP
+
+Creating:
+
+* `POST /nat/port/<private_ip>/<private_port>/<protocol>` - create NAT port for specified IP
+* `POST /nat/port/<private_ip>/<private_port>` - create NAT ports (tcp,udp) for specified IP
+
+Deleting:
+
+* `DELETE /nat/port/<private_ip>/<private_port>/<protocol>` - delete NAT port with specified protocol for specified private IP
+* `DELETE /nat/port/<private_ip>/<private_port` - delete NAT port for specified IP
+* `DELETE /nat/port/<private_ip>` - delete any NAT port for specified IP
+
+### IP
+
+Listing:
+
+* `GET /nat/ip` - get list of all NAT IPs
+* `GET /nat/ip/<private_ip>` - get list of NAT IPs for specified private IP
+
+Creating:
+
+* `POST /nat/ip/<private_ip>` - create NAT IP for specified private IP
+
+Deleting:
+
+* `DELETE /nat/ip/<private_ip>/<public_ip>` - delete NAT IP for specified private IP
+* `DELETE /nat/ip/<private_ip>` - delete any NAT IP for specified private IP
+
+## API (old version)
+
+Listing:
+
+* `GET /` - get information about REST service
+* `GET /dnat` - list all NAT port(s)
+* `GET /dnat/<private_ip>` - list NAT port(s) for specified private IP
+
+Creating:
+
+* `POST /dnat/<private_ip>` - create NAT port for specified IP. The request body should be specified in the following format:
+
+_example_
+
+    [
+        {
+            "port": 21,
+            "proto": tcp
+        },
+        {
+            "port": 22,
+            "proto": udp
+        }
+    ]
+
+Deleting:
+
+* `DELETE /dnat/<private_ip>/<private_port>/<protocol>` - delete NAT port with specified protocol for specified private IP
+* `DELETE /dnat/<private_ip>/<private_port>` - delete NAT port for specified IP
+* `DELETE /dnat/<private_ip>` - delete any NAT port for specified IP
+
+## Contributing
+
+1. Fork it!
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new *Pull Request*
+

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/ip-wrangler-clean

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+
+name = 'ip-wrangler'
+gem = Gem::Specification.find_by_name(name)
+command = File.join(gem.full_gem_path, 'bin/ip-wrangler-clean.sh')
+system(command, *ARGV)

data/bin/ip-wrangler-clean.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+if [ -z "$1" ]
+then
+    echo "Usage: $(basename $0) <iptables_chain_name|maybe:IPT_WR>"
+    exit 1
+fi
+
+iptables_chain_name=$1
+
+set -x
+
+sudo /sbin/iptables -t nat --delete PREROUTING --jump ${iptables_chain_name}_PRE
+sudo /sbin/iptables -t nat --delete POSTROUTING --jump ${iptables_chain_name}_POST
+sudo /sbin/iptables -t nat --flush ${iptables_chain_name}_PRE
+sudo /sbin/iptables -t nat --flush ${iptables_chain_name}_POST
+sudo /sbin/iptables -t nat --delete-chain ${iptables_chain_name}_PRE
+sudo /sbin/iptables -t nat --delete-chain ${iptables_chain_name}_POST

data/bin/ip-wrangler-configure

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+
+name = 'ip-wrangler'
+gem = Gem::Specification.find_by_name(name)
+command = File.join(gem.full_gem_path, 'bin/ip-wrangler-configure.sh')
+system(command, *ARGV)

data/bin/ip-wrangler-configure.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+
+export __dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export __dir="$(dirname ${__dir})"
+
+if [ -z "$1" ]
+then
+    echo "Usage: $(basename $0) <path_to_config_file:maybe:config.yml>"
+    exit 1
+fi
+
+path_to_config_file=$1
+
+echo "For more information, check: https://github.com/dice-cyfronet/ip-wrangler#configuration"
+
+echo "====="
+
+echo "Would like to override your current config with the default settings?"
+cp -i ${__dir}/lib/config.yml.example ${path_to_config_file}
+
+__log_dir="$(cat ${path_to_config_file} | grep log_dir: | awk '{print $2}')"
+__db_path="$(cat ${path_to_config_file} | grep db_path: | awk '{print $2}')"
+__username="$(cat ${path_to_config_file} | grep username: | awk '{print $2}')"
+__password="$(cat ${path_to_config_file} | grep password: | awk '{print $2}')"
+__iptables_chain_name="$(cat ${path_to_config_file} | grep iptables_chain_name: | awk '{print $2}')"
+__ext_ip="$(cat ${path_to_config_file} | grep ext_ip: | awk '{print $2}')"
+__port_ip="$(cat ${path_to_config_file} | grep port_ip: | awk '{print $2}')"
+__port_start="$(cat ${path_to_config_file} | grep port_start: | awk '{print $2}')"
+__port_stop="$(cat ${path_to_config_file} | grep port_stop: | awk '{print $2}')"
+
+echo "====="
+
+echo "Log directory (current value: \"${__log_dir}\", leave empty to use the same)"
+read __new_log_dir
+echo "Path to database file (current value: \"${__db_path}\", leave empty to use the same)"
+read __new_db_path
+
+echo "HTTP Username (current value: \"${__username}\", leave empty to use the same)"
+read __new_username
+echo "HTTP Password (current value: \"${__password}\", leave empty to use the same)"
+read __new_password
+
+echo "Iptables chains prefix (current value: \"${__iptables_chain_name}\", leave empty to use the same)"
+read __new_iptables_chain_name
+
+echo "External IP address user for NAT port. If your server is indicated by a different address than assigned to the outside interface, enter it here. (current value: \"${__ext_ip}\", leave empty to use the same)"
+read __new_ext_ip
+echo "Public IP address used for NAT port. Enter address which is assigned to the outside interface. (current value: \"${__port_ip}\", leave empty to use the same)"
+read __new_port_ip
+echo "First port in range of available ports for NAT (current value: \"${__port_start}\")"
+read __new_port_start
+echo "Last port in range of available ports for NAT (current value: \"${__port_stop}\")"
+read __new_port_stop
+
+echo "To update list of public IP used for NAT IP use your favorite text editor to edit \`${path_to_config_file}\`"
+
+function check_and_replace() {
+    __new_value="__new_${1}"
+    __value="__${1}"
+    if [ ! -z "${!__new_value}" ] && [ "${!__value}" != "${!__new_value}" ]; then
+        sed -i "s#${1}:.*#${1}: ${!__new_value}#g" ${path_to_config_file}
+    fi
+}
+
+check_and_replace log_dir
+check_and_replace db_path
+check_and_replace username
+check_and_replace password
+check_and_replace iptables_chain_name
+check_and_replace ext_ip
+check_and_replace port_ip
+check_and_replace port_start
+check_and_replace port_stop
+
+echo "====="
+echo "Show ${path_to_config_file}. You may edit this file to add IP which will use to IP mapping."
+echo "-----"
+cat ${path_to_config_file}

data/bin/ip-wrangler-start

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+
+name = 'ip-wrangler'
+gem = Gem::Specification.find_by_name(name)
+command = File.join(gem.full_gem_path, 'bin/ip-wrangler-start.sh')
+system(command, *ARGV)

data/bin/ip-wrangler-start.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+
+export __dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export __dir=$( dirname ${__dir} )
+
+export __port=8400
+export __ip=0.0.0.0
+export __tag=IpWrangler
+export __daemon=-d
+
+function usage() {
+    echo "Usage: $(basename $0) -c <config_file|maybe:config.yml> -P <pid_file|maybe:ip-wrangler.pid> -i <ip|default:0.0.0.0> -p <port|default:8400> -t <tag|default:IpWrangler> -F (foreground mode) -h (help and exit)"
+}
+
+while getopts 'c:P:i:p:t:Fh' __flag; do
+  case "${__flag}" in
+    c)
+        export __config_file="$(realpath ${OPTARG})"
+        ;;
+    P)
+        touch ${OPTARG}
+        export __pid_file="$(realpath ${OPTARG})"
+        rm ${OPTARG}
+        ;;
+    i)
+        export __ip=${OPTARG}
+        ;;
+    p)
+        export __port=${OPTARG}
+        ;;
+    t)
+        export __tag=${OPTARG}
+        ;;
+    F)
+        export __daemon=
+        export __no_log=1
+        ;;
+    h)
+        usage
+        exit 0
+        ;;
+    *)
+        error "Unexpected option: ${__flag}"
+        usage
+        exit 1
+        ;;
+  esac
+done
+
+if [ ! -z "${__daemon}" ] && [ -z "${__pid_file}" ]
+then
+    echo "No PID file defined in daemon mode."
+    usage
+    exit 1
+fi
+
+if [ ! -z "${__pid_file}" ]
+then
+    __pid_option="-P ${__pid_file}"
+fi
+
+if [ -z "${__config_file}" ]
+then
+    echo "No config file defined."
+    usage
+    exit 1
+fi
+
+pushd ${__dir}/lib/ 2>&1 >> /dev/null
+    thin ${__daemon} ${__pid_option} -a ${__ip} -p ${__port} -R ./config.ru --tag ${__tag} start
+popd 2>&1 >> /dev/null