Gitiles
Code Review Sign In
osm.etsi.org / osm / devops / 4a98a04ff0ceb544ca7f5f9033d5633dea7ab092 / . / installers / nat_osm
blob: ab0e1e1cd9c9bfda6b4acef5886aacc24fbf366a [file] [log] [blame]
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]1#!/bin/bash
2# Copyright 2016 Telefónica Investigación y Desarrollo S.A.U.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16############
17# Functions
18############
19usage(){
20 echo -e "usage: $0 [OPTIONS]"
21 echo -e "Install NAT rules for OSM"
22 echo -e " OPTIONS"
23 echo -e " -u: UI/SO (rift) IP address"
24 echo -e " -r: RO (openmano) IP address"
25 echo -e " -v: VCA (juju) IP address"
prithiv4a98a042017-12-05 23:19:39 +0000[diff] [blame^]26 echo -e " -m: MON IP address"
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]27 echo -e " -h: show this help"
28}
29
30###################
31# End of functions
32###################
33
34#Check root privileges
35[ "$USER" != "root" ] && echo "Needed root privileges (run with sudo)" >&2 && exit 1
36
37HERE=$(realpath $(dirname $0))
38OSM_DEVOPS=$(dirname $HERE)
garciadeblas2cfd8842016-10-02 01:38:11 +0200[diff] [blame]39OSM_JENKINS="$OSM_DEVOPS/jenkins"
40. $OSM_JENKINS/common/all_funcs
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]41
42#Get default IP address
43. $OSM_DEVOPS/installers/export_ips
44
45UI_IP=$DEFAULT_IP
46RO_IP=$DEFAULT_IP
47VCA_IP=$DEFAULT_IP
prithiv4a98a042017-12-05 23:19:39 +0000[diff] [blame^]48MON_IP=$DEFAULT_IP
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]49
50#read input options
51while getopts ":u:r:v:h-:" o; do
52 case "${o}" in
53 u)
54 export UI_IP="$OPTARG"
55 ;;
56 r)
57 export RO_IP="$OPTARG"
58 ;;
59 v)
60 export VCA_IP="$OPTARG"
61 ;;
62 h)
63 usage && exit 0
64 ;;
65 -)
66 [ "${OPTARG}" == "help" ] && usage && exit 0
67 echo -e "Invalid option: '--$OPTARG'\nTry $0 --help for more information" >&2
68 exit 1
69 ;;
70 \?)
71 echo -e "Invalid option: '-$OPTARG'\nTry $0 --help for more information" >&2
72 exit 1
73 ;;
74 :)
75 echo -e "Option '-$OPTARG' requires an argument\nTry $0 --help for more information" >&2
76 exit 1
77 ;;
78 *)
79 usage >&2
80 exit -1
81 ;;
82 esac
83done
84
85#############
86# NAT port forwarding configuration
87#############
88echo
89echo "*** Configuring iptables rules ***"
90
prithiv4a98a042017-12-05 23:19:39 +0000[diff] [blame^]91<<<<<<< HEAD
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]92awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" '
garciadeblas6264e9b2018-03-15 09:40:51 +0100[diff] [blame]93BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0; innatoutput=0; osmoutput=0; doneoutput=0;}
prithiv4a98a042017-12-05 23:19:39 +0000[diff] [blame^]94=======
95awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v MON_IP="$MON_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" '
96BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0}
97>>>>>>> MON Installation Changes Updated.
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]98/^\*nat/ {
99 innat=1;
100 print;
101 next
102}
103innat==1 && /\:PREROUTING/ {
104 innatpre=1;
105 print;
106 next;
107}
108innatpre==1 && /\#Autogenerated by nat_osm/ {
109 osmpre=1;
110 next;
111}
112osmpre==1 && /#End autogeneration by nat_osm/ {
113 print "#Autogenerated by nat_osm"
114 print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
115 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]116 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
garciadeblas55490d42016-10-29 14:22:03 +0200[diff] [blame]117 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
Jeremy Mordkoffbaaec062017-10-03 15:53:14 -0400[diff] [blame]118 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
garciadeblas55490d42016-10-29 14:22:03 +0200[diff] [blame]119 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]120 #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
121 #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
122 print "#End autogeneration by nat_osm"
123 osmpre=0;
124 donepre=1;
125 next;
126}
127osmpre==1 {next;}
128innatpre==1 && /\:INPUT/ {
129 innatpre=0;
130 if (donepre==0) {
131 print "#Autogenerated by nat_osm"
132 print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
133 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]134 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
garciadeblas55490d42016-10-29 14:22:03 +0200[diff] [blame]135 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
Jeremy Mordkoffbaaec062017-10-03 15:53:14 -0400[diff] [blame]136 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
garciadeblas55490d42016-10-29 14:22:03 +0200[diff] [blame]137 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]138 #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
139 #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
140 print "#End autogeneration by nat_osm"
141 donepre=1;
142 }
143 print;
144 next;
145}
146
garciadeblas6264e9b2018-03-15 09:40:51 +0100[diff] [blame]147innat==1 && /\:OUTPUT/ {
148 innatoutput=1;
149 print;
150 next;
151}
152innatoutput==1 && /\#Autogenerated by nat_osm/ {
153 osmoutput=1;
154 next;
155}
156osmoutput==1 && /#End autogeneration by nat_osm/ {
157 print "#Autogenerated by nat_osm"
158 print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
159 print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
160 print "#End autogeneration by nat_osm"
161 osmoutput=0;
162 doneoutput=1;
163 next;
164}
165osmoutput==1 {next;}
166innatoutput==1 && /\:POSTROUTING/ {
167 innatoutput=0;
168 if (doneoutput==0) {
169 print "#Autogenerated by nat_osm"
170 print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
171 print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
172 print "#End autogeneration by nat_osm"
173 doneoutput=1;
174 }
175 innatpost=1;
176 print;
177 next;
178}
179
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]180innat==1 && /\:POSTROUTING/ {
181 innatpost=1;
182 print;
183 next;
184}
185innatpost==1 && /\#Autogenerated by nat_osm/ {
186 osmpost=1;
187 next;
188}
189osmpost==1 && /#End autogeneration by nat_osm/ {
garciadeblasbd8f9f32017-03-08 15:40:40 +0100[diff] [blame]190 print "#Autogenerated by nat_osm"
191 print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
garciadeblas6264e9b2018-03-15 09:40:51 +0100[diff] [blame]192 print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
193 print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]194 #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
195 #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
garciadeblasbd8f9f32017-03-08 15:40:40 +0100[diff] [blame]196 print "#End autogeneration by nat_osm"
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]197 osmpost=0;
198 donepost=1;
199 next;
200}
201osmpost==1 {next;}
202innatpost==1 && /COMMIT/ {
203 innatpost=0;
204 innat=0;
205 if (donepost==0) {
garciadeblasbd8f9f32017-03-08 15:40:40 +0100[diff] [blame]206 print "#Autogenerated by nat_osm"
207 print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
garciadeblas6264e9b2018-03-15 09:40:51 +0100[diff] [blame]208 print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
209 print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]210 #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
211 #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
garciadeblasbd8f9f32017-03-08 15:40:40 +0100[diff] [blame]212 print "#End autogeneration by nat_osm"
garciadeblas93c61312016-09-28 15:12:48 +0200[diff] [blame]213 donepost=1;
214 }
215 print;
216 next;
217}
218{
219 print
220}
221' /etc/iptables/rules.v4 > testfile.tmp && mv testfile.tmp /etc/iptables/rules.v4
222
223service netfilter-persistent restart
224