From: khelifi Date: Tue, 17 Jun 2025 08:04:56 +0000 (+0200) Subject: Revert "Revert "Feature 11071: Modular OSM installation. Remove nat related files"" X-Git-Tag: v18.0.0~54 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F36%2F15236%2F2;p=osm%2Fdevops.git Revert "Revert "Feature 11071: Modular OSM installation. Remove nat related files"" This reverts commit e56b32065c96cc2751a674be946bc71c1ffaf207. Requested by TSC on 17/06/2025 Change-Id: I2e2e47ab94d832c35ec80294291a31f4c14ffa57 --- diff --git a/installers/export_ips b/installers/export_ips deleted file mode 100644 index a345a4b9..00000000 --- a/installers/export_ips +++ /dev/null @@ -1,25 +0,0 @@ -# This file is meant to be SOURCED -# -# Copyright 2016 Telefónica Investigación y Desarrollo S.A.U. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# 23 Sept 2016 -- Gerardo Garcia -- Genesis - -#Get IP addresses -DEFAULT_IF=`route -n |awk '$1~/^0.0.0.0/ {print $8}'` -export DEFAULT_IP=`ip -o -4 a |grep ${DEFAULT_IF}|awk '{split($4,a,"/"); print a[1]}'` -export VCA_CONTAINER_IP=`lxc list VCA -c 4|grep eth0 |awk '{print $2}'` -export SO_CONTAINER_IP=`lxc list SO-ub -c 4|grep eth0 |awk '{print $2}'` -export RO_CONTAINER_IP=`lxc list RO -c 4|grep eth0 |awk '{print $2}'` -export MON_CONTAINER_IP=`lxc list MON -c 4|grep eth0|awk '{print $2}'` diff --git a/installers/nat_osm b/installers/nat_osm deleted file mode 100755 index e12a123f..00000000 --- a/installers/nat_osm +++ /dev/null @@ -1,218 +0,0 @@ -#!/bin/bash -# Copyright 2016 Telefónica Investigación y Desarrollo S.A.U. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -############ -# Functions -############ -usage(){ - echo -e "usage: $0 [OPTIONS]" - echo -e "Install NAT rules for OSM" - echo -e " OPTIONS" - echo -e " -u: UI/SO (rift) IP address" - echo -e " -r: RO (openmano) IP address" - echo -e " -v: VCA (juju) IP address" - echo -e " -m: MON IP address" - echo -e " -h: show this help" -} - -################### -# End of functions -################### - -#Check root privileges -[ "$USER" != "root" ] && echo "Needed root privileges (run with sudo)" >&2 && exit 1 - -HERE=$(realpath $(dirname $0)) -OSM_DEVOPS=$(dirname $HERE) -. $OSM_DEVOPS/common/all_funcs - -#Get default IP address -. $OSM_DEVOPS/installers/export_ips - -UI_IP=$DEFAULT_IP -RO_IP=$DEFAULT_IP -VCA_IP=$DEFAULT_IP -MON_IP=$DEFAULT_IP - -#read input options -while getopts ":u:r:v:h-:" o; do - case "${o}" in - u) - export UI_IP="$OPTARG" - ;; - r) - export RO_IP="$OPTARG" - ;; - v) - export VCA_IP="$OPTARG" - ;; - h) - usage && exit 0 - ;; - -) - [ "${OPTARG}" == "help" ] && usage && exit 0 - echo -e "Invalid option: '--$OPTARG'\nTry $0 --help for more information" >&2 - exit 1 - ;; - \?) - echo -e "Invalid option: '-$OPTARG'\nTry $0 --help for more information" >&2 - exit 1 - ;; - :) - echo -e "Option '-$OPTARG' requires an argument\nTry $0 --help for more information" >&2 - exit 1 - ;; - *) - usage >&2 - exit -1 - ;; - esac -done - -############# -# NAT port forwarding configuration -############# -echo -echo "*** Configuring iptables rules ***" - -awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v MON_IP="$MON_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" ' -BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0} -/^\*nat/ { - innat=1; - print; - next -} -innat==1 && /\:PREROUTING/ { - innatpre=1; - print; - next; -} -innatpre==1 && /\#Autogenerated by nat_osm/ { - osmpre=1; - next; -} -osmpre==1 && /#End autogeneration by nat_osm/ { - print "#Autogenerated by nat_osm" - print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip - print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip - print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip - print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip - print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip - print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip - #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip - #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip - print "#End autogeneration by nat_osm" - osmpre=0; - donepre=1; - next; -} -osmpre==1 {next;} -innatpre==1 && /\:INPUT/ { - innatpre=0; - if (donepre==0) { - print "#Autogenerated by nat_osm" - print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip - print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip - print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip - print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip - print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip - print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip - #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip - #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip - print "#End autogeneration by nat_osm" - donepre=1; - } - print; - next; -} - -innat==1 && /\:OUTPUT/ { - innatoutput=1; - print; - next; -} -innatoutput==1 && /\#Autogenerated by nat_osm/ { - osmoutput=1; - next; -} -osmoutput==1 && /#End autogeneration by nat_osm/ { - print "#Autogenerated by nat_osm" - print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009" - print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443" - print "#End autogeneration by nat_osm" - osmoutput=0; - doneoutput=1; - next; -} -osmoutput==1 {next;} -innatoutput==1 && /\:POSTROUTING/ { - innatoutput=0; - if (doneoutput==0) { - print "#Autogenerated by nat_osm" - print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009" - print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443" - print "#End autogeneration by nat_osm" - doneoutput=1; - } - innatpost=1; - print; - next; -} - -innat==1 && /\:POSTROUTING/ { - innatpost=1; - print; - next; -} -innatpost==1 && /\#Autogenerated by nat_osm/ { - osmpost=1; - next; -} -osmpost==1 && /#End autogeneration by nat_osm/ { - print "#Autogenerated by nat_osm" - print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE" - print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE" - print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE" - #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP - #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP - print "#End autogeneration by nat_osm" - osmpost=0; - donepost=1; - next; -} -osmpost==1 {next;} -innatpost==1 && /COMMIT/ { - innatpost=0; - innat=0; - if (donepost==0) { - print "#Autogenerated by nat_osm" - print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE" - print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE" - print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE" - #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP - #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP - print "#End autogeneration by nat_osm" - donepost=1; - } - print; - next; -} -{ - print -} -' /etc/iptables/rules.v4 > testfile.tmp && mv testfile.tmp /etc/iptables/rules.v4 - -service netfilter-persistent restart -