108 lines
3.5 KiB
Plaintext
108 lines
3.5 KiB
Plaintext
#!/bin/bash
|
|
|
|
# Copyright 2016 Midokura SARL
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
set -e
|
|
set -x
|
|
|
|
FIP=<%= @fip %>
|
|
NIC=<%= @nic %>
|
|
EDGE_ROUTER=<%= @edge_router %>
|
|
VETH0_IP=<%= @veth0_ip %>
|
|
VETH1_IP=<%= @veth1_ip %>
|
|
VETH_NETWORK=<%= @veth_network %>
|
|
HOSTNAME=<%= @myhostname %>
|
|
MASQUERADE_ON=<%= @masquerade %>
|
|
|
|
HOST_ID=$(midonet-cli -A -e host list | grep ${HOSTNAME} | awk '{ print $2 }')
|
|
BINDING=$(midonet-cli -A -e host ${HOST_ID} list binding interface veth1)
|
|
|
|
# Create veth pair
|
|
if [ -z "$(ip l | /bin/grep -e veth0 -e veth1)" ]; then
|
|
ip link add type veth
|
|
echo "Succesfully created veth pair"
|
|
fi
|
|
|
|
ip link set dev veth0 up
|
|
ip link set dev veth1 up
|
|
|
|
# Create a bridge, set an IP address and attach veth0
|
|
if [ -z "$(ip l | /bin/grep -e uplinkbridge)" ]; then
|
|
brctl addbr uplinkbridge
|
|
fi
|
|
|
|
if [ -z "$(brctl show | /bin/grep uplinkbridge | head -n1 | grep veth0)" ]; then
|
|
brctl addif uplinkbridge veth0
|
|
echo "ZzZ..."
|
|
sleep 3
|
|
fi
|
|
|
|
IP_NETNL=$(echo ${VETH_NETWORK} | cut -d'/' -f2)
|
|
if [ -z "$(ip a | grep ${VETH0_IP})" ]; then
|
|
ip addr add ${VETH0_IP}/$(echo ${IP_NETNL} | cut -d'/' -f2) dev uplinkbridge
|
|
echo "ZzZ..."
|
|
sleep 3
|
|
fi
|
|
|
|
|
|
ip link set dev uplinkbridge up
|
|
|
|
echo "ZzZ..."
|
|
sleep 3
|
|
|
|
# Enable IPv4 forwarding
|
|
sysctl -w net.ipv4.ip_forward=1
|
|
|
|
# Route packets towards floating IP network through the bridge
|
|
if [ -z "$(ip route | /bin/grep "${FIP} via ${VETH1_IP}")" ]; then
|
|
ip route add ${FIP} via ${VETH1_IP}
|
|
echo "Succesfully added route to send packets on the bridge"
|
|
fi
|
|
|
|
# Create a port on the edge router and bind it to the veth pair
|
|
ROUTER_ID=$(midonet-cli -A -e router list | grep ${EDGE_ROUTER} | awk '{ print $2 }')
|
|
|
|
while [ -z $(midonet-cli -A -e host ${HOST_ID} binding list | grep veth1 | awk '{ print $6}') ]; do
|
|
echo "ZzZ..."
|
|
sleep 5
|
|
done
|
|
PORT_ID=$(midonet-cli -A -e host ${HOST_ID} binding list | grep veth1 | awk '{ print $6}')
|
|
|
|
if [ -z "$(midonet-cli -A -e router ${ROUTER_ID} route list | grep "src 0.0.0.0/0 dst 0.0.0.0/0 gw ${VETH0_IP} port ${PORT_ID}")" ]; then
|
|
midonet-cli -e router ${ROUTER_ID} add route src 0.0.0.0/0 dst 0.0.0.0/0 \
|
|
type normal port router ${ROUTER_ID} port ${PORT_ID} gw ${VETH0_IP}
|
|
echo "Successfully added default route on edge router"
|
|
fi
|
|
|
|
#midonet-cli -e host ${HOST_ID} add binding port router ${ROUTER_ID} \
|
|
#port ${PORT_ID} interface veth1
|
|
|
|
# Add masquerading to enable NATing
|
|
if [ "${MASQUERADE_ON}" == 'on' ] && [ -z "$(iptables -v -n -L -t nat | grep "MASQUERADE" | grep "${FIP}" | grep "${NIC}")" ]; then
|
|
iptables -t nat -I POSTROUTING -o ${NIC} -s ${FIP} -j MASQUERADE
|
|
iptables -I FORWARD -s ${FIP} -j ACCEPT
|
|
echo "Succesfully enabled masquerading"
|
|
fi
|
|
|
|
# Ensure there are no malicious iptables rules
|
|
if [ -f /etc/redhat-release ];
|
|
then
|
|
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited || true
|
|
if [[ $(cat /etc/sysconfig/iptables | grep -v -- '-A FORWARD -j REJECT --reject-with icmp-host-prohibited') ]];
|
|
then
|
|
cat /etc/sysconfig/iptables | grep -v -- '-A FORWARD -j REJECT --reject-with icmp-host-prohibited' > /etc/sysconfig/iptables
|
|
fi
|
|
fi
|