Blame - installers/nat_osm - osm/devops

blob: eb6a18f94e5c6edd63a912d0113b03487b49926f [file] [log] [blame]

garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	1	#!/bin/bash
				2	# Copyright 2016 Telefónica Investigación y Desarrollo S.A.U.
				3	#
				4	# Licensed under the Apache License, Version 2.0 (the "License");
				5	# you may not use this file except in compliance with the License.
				6	# You may obtain a copy of the License at
				7	#
				8	# http://www.apache.org/licenses/LICENSE-2.0
				9	#
				10	# Unless required by applicable law or agreed to in writing, software
				11	# distributed under the License is distributed on an "AS IS" BASIS,
				12	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	# See the License for the specific language governing permissions and
				14	# limitations under the License.
				15
				16	############
				17	# Functions
				18	############
				19	usage(){
				20	echo -e "usage: $0 [OPTIONS]"
				21	echo -e "Install NAT rules for OSM"
				22	echo -e " OPTIONS"
				23	echo -e " -u: UI/SO (rift) IP address"
				24	echo -e " -r: RO (openmano) IP address"
				25	echo -e " -v: VCA (juju) IP address"
				26	echo -e " -h: show this help"
				27	}
				28
				29	###################
				30	# End of functions
				31	###################
				32
				33	#Check root privileges
				34	[ "$USER" != "root" ] && echo "Needed root privileges (run with sudo)" >&2 && exit 1
				35
				36	HERE=$(realpath $(dirname $0))
				37	OSM_DEVOPS=$(dirname $HERE)
garciadeblas	2cfd884	2016-10-02 01:38:11 +0200	[diff] [blame]	38	OSM_JENKINS="$OSM_DEVOPS/jenkins"
				39	. $OSM_JENKINS/common/all_funcs
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	40
				41	#Get default IP address
				42	. $OSM_DEVOPS/installers/export_ips
				43
				44	UI_IP=$DEFAULT_IP
				45	RO_IP=$DEFAULT_IP
				46	VCA_IP=$DEFAULT_IP
				47
				48	#read input options
				49	while getopts ":u:r:v:h-:" o; do
				50	case "${o}" in
				51	u)
				52	export UI_IP="$OPTARG"
				53	;;
				54	r)
				55	export RO_IP="$OPTARG"
				56	;;
				57	v)
				58	export VCA_IP="$OPTARG"
				59	;;
				60	h)
				61	usage && exit 0
				62	;;
				63	-)
				64	[ "${OPTARG}" == "help" ] && usage && exit 0
				65	echo -e "Invalid option: '--$OPTARG'\nTry $0 --help for more information" >&2
				66	exit 1
				67	;;
				68	\?)
				69	echo -e "Invalid option: '-$OPTARG'\nTry $0 --help for more information" >&2
				70	exit 1
				71	;;
				72	:)
				73	echo -e "Option '-$OPTARG' requires an argument\nTry $0 --help for more information" >&2
				74	exit 1
				75	;;
				76	*)
				77	usage >&2
				78	exit -1
				79	;;
				80	esac
				81	done
				82
				83	#############
				84	# NAT port forwarding configuration
				85	#############
				86	echo
				87	echo "* Configuring iptables rules *"
				88
				89	awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" '
garciadeblas	6264e9b	2018-03-15 09:40:51 +0100	[diff] [blame]	90	BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0; innatoutput=0; osmoutput=0; doneoutput=0;}
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	91	/^\*nat/ {
				92	innat=1;
				93	print;
				94	next
				95	}
				96	innat==1 && /\:PREROUTING/ {
				97	innatpre=1;
				98	print;
				99	next;
				100	}
				101	innatpre==1 && /\#Autogenerated by nat_osm/ {
				102	osmpre=1;
				103	next;
				104	}
				105	osmpre==1 && /#End autogeneration by nat_osm/ {
				106	print "#Autogenerated by nat_osm"
				107	print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
				108	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	109	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
garciadeblas	55490d4	2016-10-29 14:22:03 +0200	[diff] [blame]	110	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
Jeremy Mordkoff	baaec06	2017-10-03 15:53:14 -0400	[diff] [blame]	111	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
garciadeblas	55490d4	2016-10-29 14:22:03 +0200	[diff] [blame]	112	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	113	#print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
				114	#print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
				115	print "#End autogeneration by nat_osm"
				116	osmpre=0;
				117	donepre=1;
				118	next;
				119	}
				120	osmpre==1 {next;}
				121	innatpre==1 && /\:INPUT/ {
				122	innatpre=0;
				123	if (donepre==0) {
				124	print "#Autogenerated by nat_osm"
				125	print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
				126	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	127	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
garciadeblas	55490d4	2016-10-29 14:22:03 +0200	[diff] [blame]	128	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
Jeremy Mordkoff	baaec06	2017-10-03 15:53:14 -0400	[diff] [blame]	129	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
garciadeblas	55490d4	2016-10-29 14:22:03 +0200	[diff] [blame]	130	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	131	#print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
				132	#print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
				133	print "#End autogeneration by nat_osm"
				134	donepre=1;
				135	}
				136	print;
				137	next;
				138	}
				139
garciadeblas	6264e9b	2018-03-15 09:40:51 +0100	[diff] [blame]	140	innat==1 && /\:OUTPUT/ {
				141	innatoutput=1;
				142	print;
				143	next;
				144	}
				145	innatoutput==1 && /\#Autogenerated by nat_osm/ {
				146	osmoutput=1;
				147	next;
				148	}
				149	osmoutput==1 && /#End autogeneration by nat_osm/ {
				150	print "#Autogenerated by nat_osm"
				151	print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
				152	print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
				153	print "#End autogeneration by nat_osm"
				154	osmoutput=0;
				155	doneoutput=1;
				156	next;
				157	}
				158	osmoutput==1 {next;}
				159	innatoutput==1 && /\:POSTROUTING/ {
				160	innatoutput=0;
				161	if (doneoutput==0) {
				162	print "#Autogenerated by nat_osm"
				163	print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
				164	print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
				165	print "#End autogeneration by nat_osm"
				166	doneoutput=1;
				167	}
				168	innatpost=1;
				169	print;
				170	next;
				171	}
				172
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	173	innat==1 && /\:POSTROUTING/ {
				174	innatpost=1;
				175	print;
				176	next;
				177	}
				178	innatpost==1 && /\#Autogenerated by nat_osm/ {
				179	osmpost=1;
				180	next;
				181	}
				182	osmpost==1 && /#End autogeneration by nat_osm/ {
garciadeblas	bd8f9f3	2017-03-08 15:40:40 +0100	[diff] [blame]	183	print "#Autogenerated by nat_osm"
				184	print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
garciadeblas	6264e9b	2018-03-15 09:40:51 +0100	[diff] [blame]	185	print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
				186	print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	187	#print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
				188	#print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
garciadeblas	bd8f9f3	2017-03-08 15:40:40 +0100	[diff] [blame]	189	print "#End autogeneration by nat_osm"
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	190	osmpost=0;
				191	donepost=1;
				192	next;
				193	}
				194	osmpost==1 {next;}
				195	innatpost==1 && /COMMIT/ {
				196	innatpost=0;
				197	innat=0;
				198	if (donepost==0) {
garciadeblas	bd8f9f3	2017-03-08 15:40:40 +0100	[diff] [blame]	199	print "#Autogenerated by nat_osm"
				200	print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
garciadeblas	6264e9b	2018-03-15 09:40:51 +0100	[diff] [blame]	201	print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
				202	print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	203	#print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
				204	#print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
garciadeblas	bd8f9f3	2017-03-08 15:40:40 +0100	[diff] [blame]	205	print "#End autogeneration by nat_osm"
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	206	donepost=1;
				207	}
				208	print;
				209	next;
				210	}
				211	{
				212	print
				213	}
				214	' /etc/iptables/rules.v4 > testfile.tmp && mv testfile.tmp /etc/iptables/rules.v4
				215
				216	service netfilter-persistent restart
				217