Blame - installers/nat_osm - osm/devops

blob: e12a123f95e372af36bf4685ee6f1d1c85ec5017 [file] [log] [blame]

garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	1	#!/bin/bash
				2	# Copyright 2016 Telefónica Investigación y Desarrollo S.A.U.
				3	#
				4	# Licensed under the Apache License, Version 2.0 (the "License");
				5	# you may not use this file except in compliance with the License.
				6	# You may obtain a copy of the License at
				7	#
				8	# http://www.apache.org/licenses/LICENSE-2.0
				9	#
				10	# Unless required by applicable law or agreed to in writing, software
				11	# distributed under the License is distributed on an "AS IS" BASIS,
				12	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	# See the License for the specific language governing permissions and
				14	# limitations under the License.
				15
				16	############
				17	# Functions
				18	############
				19	usage(){
				20	echo -e "usage: $0 [OPTIONS]"
				21	echo -e "Install NAT rules for OSM"
				22	echo -e " OPTIONS"
				23	echo -e " -u: UI/SO (rift) IP address"
				24	echo -e " -r: RO (openmano) IP address"
				25	echo -e " -v: VCA (juju) IP address"
prithiv	4a98a04	2017-12-05 23:19:39 +0000	[diff] [blame]	26	echo -e " -m: MON IP address"
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	27	echo -e " -h: show this help"
				28	}
				29
				30	###################
				31	# End of functions
				32	###################
				33
				34	#Check root privileges
				35	[ "$USER" != "root" ] && echo "Needed root privileges (run with sudo)" >&2 && exit 1
				36
				37	HERE=$(realpath $(dirname $0))
				38	OSM_DEVOPS=$(dirname $HERE)
garciadeblas	3c25fab	2019-11-18 17:24:43 +0100	[diff] [blame]	39	. $OSM_DEVOPS/common/all_funcs
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	40
				41	#Get default IP address
				42	. $OSM_DEVOPS/installers/export_ips
				43
				44	UI_IP=$DEFAULT_IP
				45	RO_IP=$DEFAULT_IP
				46	VCA_IP=$DEFAULT_IP
prithiv	4a98a04	2017-12-05 23:19:39 +0000	[diff] [blame]	47	MON_IP=$DEFAULT_IP
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	48
				49	#read input options
				50	while getopts ":u:r:v:h-:" o; do
				51	case "${o}" in
				52	u)
				53	export UI_IP="$OPTARG"
				54	;;
				55	r)
				56	export RO_IP="$OPTARG"
				57	;;
				58	v)
				59	export VCA_IP="$OPTARG"
				60	;;
				61	h)
				62	usage && exit 0
				63	;;
				64	-)
				65	[ "${OPTARG}" == "help" ] && usage && exit 0
				66	echo -e "Invalid option: '--$OPTARG'\nTry $0 --help for more information" >&2
				67	exit 1
				68	;;
				69	\?)
				70	echo -e "Invalid option: '-$OPTARG'\nTry $0 --help for more information" >&2
				71	exit 1
				72	;;
				73	:)
				74	echo -e "Option '-$OPTARG' requires an argument\nTry $0 --help for more information" >&2
				75	exit 1
				76	;;
				77	*)
				78	usage >&2
				79	exit -1
				80	;;
				81	esac
				82	done
				83
				84	#############
				85	# NAT port forwarding configuration
				86	#############
				87	echo
				88	echo "* Configuring iptables rules *"
				89
prithiv	4a98a04	2017-12-05 23:19:39 +0000	[diff] [blame]	90	awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v MON_IP="$MON_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" '
				91	BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0}
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	92	/^\*nat/ {
				93	innat=1;
				94	print;
				95	next
				96	}
				97	innat==1 && /\:PREROUTING/ {
				98	innatpre=1;
				99	print;
				100	next;
				101	}
				102	innatpre==1 && /\#Autogenerated by nat_osm/ {
				103	osmpre=1;
				104	next;
				105	}
				106	osmpre==1 && /#End autogeneration by nat_osm/ {
				107	print "#Autogenerated by nat_osm"
				108	print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
				109	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	110	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
garciadeblas	55490d4	2016-10-29 14:22:03 +0200	[diff] [blame]	111	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
Jeremy Mordkoff	baaec06	2017-10-03 15:53:14 -0400	[diff] [blame]	112	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
garciadeblas	55490d4	2016-10-29 14:22:03 +0200	[diff] [blame]	113	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	114	#print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
				115	#print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
				116	print "#End autogeneration by nat_osm"
				117	osmpre=0;
				118	donepre=1;
				119	next;
				120	}
				121	osmpre==1 {next;}
				122	innatpre==1 && /\:INPUT/ {
				123	innatpre=0;
				124	if (donepre==0) {
				125	print "#Autogenerated by nat_osm"
				126	print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
				127	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	128	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
garciadeblas	55490d4	2016-10-29 14:22:03 +0200	[diff] [blame]	129	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
Jeremy Mordkoff	baaec06	2017-10-03 15:53:14 -0400	[diff] [blame]	130	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
garciadeblas	55490d4	2016-10-29 14:22:03 +0200	[diff] [blame]	131	print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	132	#print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
				133	#print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
				134	print "#End autogeneration by nat_osm"
				135	donepre=1;
				136	}
				137	print;
				138	next;
				139	}
				140
garciadeblas	6264e9b	2018-03-15 09:40:51 +0100	[diff] [blame]	141	innat==1 && /\:OUTPUT/ {
				142	innatoutput=1;
				143	print;
				144	next;
				145	}
				146	innatoutput==1 && /\#Autogenerated by nat_osm/ {
				147	osmoutput=1;
				148	next;
				149	}
				150	osmoutput==1 && /#End autogeneration by nat_osm/ {
				151	print "#Autogenerated by nat_osm"
				152	print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
				153	print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
				154	print "#End autogeneration by nat_osm"
				155	osmoutput=0;
				156	doneoutput=1;
				157	next;
				158	}
				159	osmoutput==1 {next;}
				160	innatoutput==1 && /\:POSTROUTING/ {
				161	innatoutput=0;
				162	if (doneoutput==0) {
				163	print "#Autogenerated by nat_osm"
				164	print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
				165	print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
				166	print "#End autogeneration by nat_osm"
				167	doneoutput=1;
				168	}
				169	innatpost=1;
				170	print;
				171	next;
				172	}
				173
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	174	innat==1 && /\:POSTROUTING/ {
				175	innatpost=1;
				176	print;
				177	next;
				178	}
				179	innatpost==1 && /\#Autogenerated by nat_osm/ {
				180	osmpost=1;
				181	next;
				182	}
				183	osmpost==1 && /#End autogeneration by nat_osm/ {
garciadeblas	bd8f9f3	2017-03-08 15:40:40 +0100	[diff] [blame]	184	print "#Autogenerated by nat_osm"
				185	print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
garciadeblas	6264e9b	2018-03-15 09:40:51 +0100	[diff] [blame]	186	print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
				187	print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	188	#print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
				189	#print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
garciadeblas	bd8f9f3	2017-03-08 15:40:40 +0100	[diff] [blame]	190	print "#End autogeneration by nat_osm"
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	191	osmpost=0;
				192	donepost=1;
				193	next;
				194	}
				195	osmpost==1 {next;}
				196	innatpost==1 && /COMMIT/ {
				197	innatpost=0;
				198	innat=0;
				199	if (donepost==0) {
garciadeblas	bd8f9f3	2017-03-08 15:40:40 +0100	[diff] [blame]	200	print "#Autogenerated by nat_osm"
				201	print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
garciadeblas	6264e9b	2018-03-15 09:40:51 +0100	[diff] [blame]	202	print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
				203	print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	204	#print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
				205	#print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
garciadeblas	bd8f9f3	2017-03-08 15:40:40 +0100	[diff] [blame]	206	print "#End autogeneration by nat_osm"
garciadeblas	93c6131	2016-09-28 15:12:48 +0200	[diff] [blame]	207	donepost=1;
				208	}
				209	print;
				210	next;
				211	}
				212	{
				213	print
				214	}
				215	' /etc/iptables/rules.v4 > testfile.tmp && mv testfile.tmp /etc/iptables/rules.v4
				216
				217	service netfilter-persistent restart
				218