Changeset 13861 in genesis for tools

Timestamp:

May 9, 2017, 6:15:37 AM (8 years ago)

Author:

rick

Message:

Make rdr_rules global for multi-access use.

Allowing them to be used at all exit-nodes, which could be usefull if one
exit-node is down and service still need to continue working.

File:

• tools/gformat.py (modified) (6 diffs)

tools/gformat.py

@@ -175 +175 @@
 
     gfile = os.path.join(NODE_DIR,item,'wleiden.yaml')
+    global_rdr_file = os.path.join(NODE_DIR,'global_rdr_rules.yaml')
+    d = yaml.load(open(global_rdr_file, 'r'), Loader=Loader)
 
     # Default values
@@ -184 +186 @@
     f = open(gfile, 'r')
     datadump.update(yaml.load(f,Loader=Loader))
+    datadump['autogen_global_rdr_rules'] = d['global_rdr_rules']
     if datadump['nodetype'] == 'Hybrid':
       # Some values are defined implicitly
-      if datadump.has_key('rdr_rules') and datadump['rdr_rules'] and not datadump.has_key('service_incoming_rdr'):
+      if datadump.has_key('rdr_host') and datadump['rdr_host'] and not datadump.has_key('service_incoming_rdr'):
         datadump['service_incoming_rdr'] = True
       # Use some boring defaults
@@ -507 +510 @@
   """ Generate config file '/usr/local/etc/dhcpd.conf """
   # Redundency support, in cause local DNS server is not running/responding.
-  datadump['autogen_domain_name_servers'] = [datadump['masterip']] + [x[1] for x in get_neighbours(datadump)]
+  datadump['autogen_backup_dns_servers'] = [x[1] for x in get_neighbours(datadump)]
   output = generate_header(datadump)
   output += Template("""\
 # option definitions common to all supported networks...
 option domain-name "dhcp.{{ autogen_fqdn }}";
-
-option domain-name-servers {{ autogen_domain_name_servers|join(", ") }};
 
 default-lease-time 600;
@@ -569 +570 @@
     datadump[iface_key]['autogen_dhcp_start'] = dhcp_part + "." + dhcp_start
     datadump[iface_key]['autogen_dhcp_stop'] =  dhcp_part + "." + dhcp_stop
+    datadump[iface_key]['autogen_dns_servers'] = ','.join([datadump[iface_key]['autogen_addr']] + datadump['autogen_backup_dns_servers'])
 
     # Assume the first 10 IPs could be used for static entries
@@ -586 +588 @@
         range %(autogen_dhcp_start)s %(autogen_dhcp_stop)s;
         option routers %(autogen_addr)s;
+        option domain-name-servers %(autogen_dns_servers)s;
+
       }
       """ % datadump[iface_key]))
@@ -1168 +1172 @@
   """ Generate configuration file '/etc/pf.hybrid.conf.local' """
   datadump['autogen_header'] = generate_header(datadump, "#")
+  if datadump['service_incoming_rdr']:
+    datadump['global_rdr_rules'] = datadump['autogen_global_rdr_rules']
   return Template("""\
 {{ autogen_header }}
 
 # Redirect some internal facing services outside (7)
-# INFO: {{ rdr_rules|count }} rdr_rules (outside to internal redirect rules) defined.
+# INFO: {{ global_rdr_rules|count }} global_rdr_rules active on this node.
+{% for protocol, src_port,dest_ip,dest_port in global_rdr_rules -%}
+rdr on $ext_if inet proto {{ protocol }} from any to $ext_if port {{ src_port }} tag SRV -> {{ dest_ip }} port {{ dest_port }}
+{% endfor -%}
+# INFO: {{ rdr_rules|count }} node specific rdr_rules defined.
 {% for protocol, src_port,dest_ip,dest_port in rdr_rules -%}
 rdr on $ext_if inet proto {{ protocol }} from any to $ext_if port {{ src_port }} tag SRV -> {{ dest_ip }} port {{ dest_port }}