You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by an...@apache.org on 2012/07/28 01:04:16 UTC

[2/16] git commit: VPC : create/destroy static nat

VPC : create/destroy static nat


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/59937838
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/59937838
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/59937838

Branch: refs/heads/vpc
Commit: 59937838e5595f7c2eb0631a090a18ee4cd2640b
Parents: ae579c4
Author: anthony <an...@cloud.com>
Authored: Thu Jul 26 14:17:36 2012 -0700
Committer: anthony <an...@cloud.com>
Committed: Fri Jul 27 15:04:42 2012 -0700

----------------------------------------------------------------------
 .../debian/config/opt/cloud/bin/vpc_staticnat.sh   |  107 +++++++++++++++
 1 files changed, 107 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/59937838/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh
new file mode 100755
index 0000000..15ecc6c
--- /dev/null
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh
@@ -0,0 +1,107 @@
+#!/usr/bin/env bash
+# Copyright 2012 Citrix Systems, Inc. Licensed under the
+# Apache License, Version 2.0 (the "License"); you may not use this
+# file except in compliance with the License.  Citrix Systems, Inc.
+# reserves all rights not expressly granted by the License.
+# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# 
+# Automatically generated by addcopyright.py at 04/03/2012
+# @VERSION@
+
+source /root/func.sh
+source /opt/cloud/bin/vpc_func.sh
+lock="biglock"
+locked=$(getLockFile $lock)
+if [ "$locked" != "1" ]
+then
+    exit 1
+fi
+
+usage() {
+  printf "Usage: %s: (-A|-D)   -r <target-instance-ip>  -l <public ip address> -d < eth device>  \n" $(basename $0) >&2
+}
+
+#set -x
+
+static_nat() {
+  local op=$1
+  local publicIp=$2
+  local instIp=$3
+  local op2="-D"
+  local tableNo=${ethDev:3}
+
+  logger -t cloud "$(basename $0): static nat: public ip=$publicIp \
+  instance ip=$instIp  op=$op"
+  #if adding, this might be a duplicate, so delete the old one first
+  [ "$op" == "-A" ] && static_nat "-D" $publicIp $instIp 
+  # the delete operation may have errored out but the only possible reason is 
+  # that the rules didn't exist in the first place
+  [ "$op" == "-A" ] && rulenum=1
+  [ "$op" == "-A" ] && op2="-I"
+
+  # shortcircuit the process if error and it is an append operation
+  # continue if it is delete
+  (sudo iptables -t nat $op  PREROUTING -d $publicIp -j DNAT \
+           --to-destination $instIp &>>  $OUTFILE || [ "$op" == "-D" ]) &&
+  # add mark to force the package go out through the eth the public IP is on
+  #(sudo iptables -t mangle $op PREROUTING -s $instIp -j MARK \
+  #         --set-mark $tableNo &> $OUTFILE ||  [ "$op" == "-D" ]) &&
+  (sudo iptables -t nat $op2 POSTROUTING -o $ethDev -s $instIp -j SNAT \
+           --to-source $publicIp &>> $OUTFILE )
+  result=$?
+  logger -t cloud "$(basename $0): done static nat entry public ip=$publicIp op=$op result=$result"
+  if [ "$op" == "-D" ]
+  then
+    return 0
+  fi
+  return $result
+}
+
+
+
+rflag=
+lflag=
+dflag=
+op=""
+while getopts 'ADr:l:' OPTION
+
+do
+  case $OPTION in
+  A)    op="-A"
+        ;;
+  D)    op="-D"
+        ;;
+  r)    rflag=1
+        instanceIp="$OPTARG"
+        ;;
+  l)    lflag=1
+        publicIp="$OPTARG"
+        ;;
+  ?)    usage
+        unlock_exit 2 $lock $locked
+        ;;
+  esac
+done
+
+ethDev=$(getEthByIp $publicIp)
+result=$?
+if [ $result -gt 0 ]
+then
+  if [ "$op" == "-D" ]
+  then 
+    removeRulesForIp $publicIp
+    unlock_exit 0 $lock $locked
+  else
+    unlock_exit $result $lock $locked
+  fi
+fi
+OUTFILE=$(mktemp)
+
+static_nat $op $publicIp $instanceIp
+result=$?
+unlock_exit $result $lock $locked