+++ /dev/null
-# This file is meant to be SOURCED
-#
-# Copyright 2016 Telefónica Investigación y Desarrollo S.A.U.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# 23 Sept 2016 -- Gerardo Garcia -- Genesis
-
-#Get IP addresses
-DEFAULT_IF=`route -n |awk '$1~/^0.0.0.0/ {print $8}'`
-export DEFAULT_IP=`ip -o -4 a |grep ${DEFAULT_IF}|awk '{split($4,a,"/"); print a[1]}'`
-export VCA_CONTAINER_IP=`lxc list VCA -c 4|grep eth0 |awk '{print $2}'`
-export SO_CONTAINER_IP=`lxc list SO-ub -c 4|grep eth0 |awk '{print $2}'`
-export RO_CONTAINER_IP=`lxc list RO -c 4|grep eth0 |awk '{print $2}'`
-export MON_CONTAINER_IP=`lxc list MON -c 4|grep eth0|awk '{print $2}'`
+++ /dev/null
-#!/bin/bash
-# Copyright 2016 Telefónica Investigación y Desarrollo S.A.U.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-############
-# Functions
-############
-usage(){
- echo -e "usage: $0 [OPTIONS]"
- echo -e "Install NAT rules for OSM"
- echo -e " OPTIONS"
- echo -e " -u: UI/SO (rift) IP address"
- echo -e " -r: RO (openmano) IP address"
- echo -e " -v: VCA (juju) IP address"
- echo -e " -m: MON IP address"
- echo -e " -h: show this help"
-}
-
-###################
-# End of functions
-###################
-
-#Check root privileges
-[ "$USER" != "root" ] && echo "Needed root privileges (run with sudo)" >&2 && exit 1
-
-HERE=$(realpath $(dirname $0))
-OSM_DEVOPS=$(dirname $HERE)
-. $OSM_DEVOPS/common/all_funcs
-
-#Get default IP address
-. $OSM_DEVOPS/installers/export_ips
-
-UI_IP=$DEFAULT_IP
-RO_IP=$DEFAULT_IP
-VCA_IP=$DEFAULT_IP
-MON_IP=$DEFAULT_IP
-
-#read input options
-while getopts ":u:r:v:h-:" o; do
- case "${o}" in
- u)
- export UI_IP="$OPTARG"
- ;;
- r)
- export RO_IP="$OPTARG"
- ;;
- v)
- export VCA_IP="$OPTARG"
- ;;
- h)
- usage && exit 0
- ;;
- -)
- [ "${OPTARG}" == "help" ] && usage && exit 0
- echo -e "Invalid option: '--$OPTARG'\nTry $0 --help for more information" >&2
- exit 1
- ;;
- \?)
- echo -e "Invalid option: '-$OPTARG'\nTry $0 --help for more information" >&2
- exit 1
- ;;
- :)
- echo -e "Option '-$OPTARG' requires an argument\nTry $0 --help for more information" >&2
- exit 1
- ;;
- *)
- usage >&2
- exit -1
- ;;
- esac
-done
-
-#############
-# NAT port forwarding configuration
-#############
-echo
-echo "*** Configuring iptables rules ***"
-
-awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v MON_IP="$MON_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" '
-BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0}
-/^\*nat/ {
- innat=1;
- print;
- next
-}
-innat==1 && /\:PREROUTING/ {
- innatpre=1;
- print;
- next;
-}
-innatpre==1 && /\#Autogenerated by nat_osm/ {
- osmpre=1;
- next;
-}
-osmpre==1 && /#End autogeneration by nat_osm/ {
- print "#Autogenerated by nat_osm"
- print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
- print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
- print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
- print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
- print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
- print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
- #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
- #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
- print "#End autogeneration by nat_osm"
- osmpre=0;
- donepre=1;
- next;
-}
-osmpre==1 {next;}
-innatpre==1 && /\:INPUT/ {
- innatpre=0;
- if (donepre==0) {
- print "#Autogenerated by nat_osm"
- print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
- print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
- print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
- print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
- print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
- print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
- #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
- #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
- print "#End autogeneration by nat_osm"
- donepre=1;
- }
- print;
- next;
-}
-
-innat==1 && /\:OUTPUT/ {
- innatoutput=1;
- print;
- next;
-}
-innatoutput==1 && /\#Autogenerated by nat_osm/ {
- osmoutput=1;
- next;
-}
-osmoutput==1 && /#End autogeneration by nat_osm/ {
- print "#Autogenerated by nat_osm"
- print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
- print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
- print "#End autogeneration by nat_osm"
- osmoutput=0;
- doneoutput=1;
- next;
-}
-osmoutput==1 {next;}
-innatoutput==1 && /\:POSTROUTING/ {
- innatoutput=0;
- if (doneoutput==0) {
- print "#Autogenerated by nat_osm"
- print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
- print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
- print "#End autogeneration by nat_osm"
- doneoutput=1;
- }
- innatpost=1;
- print;
- next;
-}
-
-innat==1 && /\:POSTROUTING/ {
- innatpost=1;
- print;
- next;
-}
-innatpost==1 && /\#Autogenerated by nat_osm/ {
- osmpost=1;
- next;
-}
-osmpost==1 && /#End autogeneration by nat_osm/ {
- print "#Autogenerated by nat_osm"
- print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
- print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
- print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
- #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
- #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
- print "#End autogeneration by nat_osm"
- osmpost=0;
- donepost=1;
- next;
-}
-osmpost==1 {next;}
-innatpost==1 && /COMMIT/ {
- innatpost=0;
- innat=0;
- if (donepost==0) {
- print "#Autogenerated by nat_osm"
- print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
- print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
- print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
- #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
- #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
- print "#End autogeneration by nat_osm"
- donepost=1;
- }
- print;
- next;
-}
-{
- print
-}
-' /etc/iptables/rules.v4 > testfile.tmp && mv testfile.tmp /etc/iptables/rules.v4
-
-service netfilter-persistent restart
-
projects / osm / devops.git / commitdiff