| #!/bin/bash |
| # Copyright 2016 Telefónica Investigación y Desarrollo S.A.U. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| ############ |
| # Functions |
| ############ |
| usage(){ |
| echo -e "usage: $0 [OPTIONS]" |
| echo -e "Install NAT rules for OSM" |
| echo -e " OPTIONS" |
| echo -e " -u: UI/SO (rift) IP address" |
| echo -e " -r: RO (openmano) IP address" |
| echo -e " -v: VCA (juju) IP address" |
| echo -e " -h: show this help" |
| } |
| |
| ################### |
| # End of functions |
| ################### |
| |
| #Check root privileges |
| [ "$USER" != "root" ] && echo "Needed root privileges (run with sudo)" >&2 && exit 1 |
| |
| HERE=$(realpath $(dirname $0)) |
| OSM_DEVOPS=$(dirname $HERE) |
| OSM_JENKINS="$OSM_DEVOPS/jenkins" |
| . $OSM_JENKINS/common/all_funcs |
| |
| #Get default IP address |
| . $OSM_DEVOPS/installers/export_ips |
| |
| UI_IP=$DEFAULT_IP |
| RO_IP=$DEFAULT_IP |
| VCA_IP=$DEFAULT_IP |
| |
| #read input options |
| while getopts ":u:r:v:h-:" o; do |
| case "${o}" in |
| u) |
| export UI_IP="$OPTARG" |
| ;; |
| r) |
| export RO_IP="$OPTARG" |
| ;; |
| v) |
| export VCA_IP="$OPTARG" |
| ;; |
| h) |
| usage && exit 0 |
| ;; |
| -) |
| [ "${OPTARG}" == "help" ] && usage && exit 0 |
| echo -e "Invalid option: '--$OPTARG'\nTry $0 --help for more information" >&2 |
| exit 1 |
| ;; |
| \?) |
| echo -e "Invalid option: '-$OPTARG'\nTry $0 --help for more information" >&2 |
| exit 1 |
| ;; |
| :) |
| echo -e "Option '-$OPTARG' requires an argument\nTry $0 --help for more information" >&2 |
| exit 1 |
| ;; |
| *) |
| usage >&2 |
| exit -1 |
| ;; |
| esac |
| done |
| |
| ############# |
| # NAT port forwarding configuration |
| ############# |
| echo |
| echo "*** Configuring iptables rules ***" |
| |
| awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" ' |
| BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0} |
| /^\*nat/ { |
| innat=1; |
| print; |
| next |
| } |
| innat==1 && /\:PREROUTING/ { |
| innatpre=1; |
| print; |
| next; |
| } |
| innatpre==1 && /\#Autogenerated by nat_osm/ { |
| osmpre=1; |
| next; |
| } |
| osmpre==1 && /#End autogeneration by nat_osm/ { |
| print "#Autogenerated by nat_osm" |
| print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip |
| print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip |
| print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 4567 -j DNAT --to-destination "rift_ip |
| print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip |
| #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip |
| #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip |
| print "#End autogeneration by nat_osm" |
| osmpre=0; |
| donepre=1; |
| next; |
| } |
| osmpre==1 {next;} |
| innatpre==1 && /\:INPUT/ { |
| innatpre=0; |
| if (donepre==0) { |
| print "#Autogenerated by nat_osm" |
| print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip |
| print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip |
| print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 4567 -j DNAT --to-destination "rift_ip |
| print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip |
| #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip |
| #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip |
| print "#End autogeneration by nat_osm" |
| donepre=1; |
| } |
| print; |
| next; |
| } |
| |
| innat==1 && /\:POSTROUTING/ { |
| innatpost=1; |
| print; |
| next; |
| } |
| innatpost==1 && /\#Autogenerated by nat_osm/ { |
| osmpost=1; |
| next; |
| } |
| osmpost==1 && /#End autogeneration by nat_osm/ { |
| #print "#Autogenerated by nat_osm" |
| #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP |
| #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP |
| #print "#End autogeneration by nat_osm" |
| osmpost=0; |
| donepost=1; |
| next; |
| } |
| osmpost==1 {next;} |
| innatpost==1 && /COMMIT/ { |
| innatpost=0; |
| innat=0; |
| if (donepost==0) { |
| #print "#Autogenerated by nat_osm" |
| #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP |
| #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP |
| #print "#End autogeneration by nat_osm" |
| donepost=1; |
| } |
| print; |
| next; |
| } |
| { |
| print |
| } |
| ' /etc/iptables/rules.v4 > testfile.tmp && mv testfile.tmp /etc/iptables/rules.v4 |
| |
| service netfilter-persistent restart |
| |