You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by an...@apache.org on 2012/07/28 01:04:16 UTC
[2/16] git commit: VPC : create/destroy static nat
VPC : create/destroy static nat
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/59937838
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/59937838
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/59937838
Branch: refs/heads/vpc
Commit: 59937838e5595f7c2eb0631a090a18ee4cd2640b
Parents: ae579c4
Author: anthony <an...@cloud.com>
Authored: Thu Jul 26 14:17:36 2012 -0700
Committer: anthony <an...@cloud.com>
Committed: Fri Jul 27 15:04:42 2012 -0700
----------------------------------------------------------------------
.../debian/config/opt/cloud/bin/vpc_staticnat.sh | 107 +++++++++++++++
1 files changed, 107 insertions(+), 0 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/59937838/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh
new file mode 100755
index 0000000..15ecc6c
--- /dev/null
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh
@@ -0,0 +1,107 @@
+#!/usr/bin/env bash
+# Copyright 2012 Citrix Systems, Inc. Licensed under the
+# Apache License, Version 2.0 (the "License"); you may not use this
+# file except in compliance with the License. Citrix Systems, Inc.
+# reserves all rights not expressly granted by the License.
+# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Automatically generated by addcopyright.py at 04/03/2012
+# @VERSION@
+
+source /root/func.sh
+source /opt/cloud/bin/vpc_func.sh
+lock="biglock"
+locked=$(getLockFile $lock)
+if [ "$locked" != "1" ]
+then
+ exit 1
+fi
+
+usage() {
+ printf "Usage: %s: (-A|-D) -r <target-instance-ip> -l <public ip address> -d < eth device> \n" $(basename $0) >&2
+}
+
+#set -x
+
+static_nat() {
+ local op=$1
+ local publicIp=$2
+ local instIp=$3
+ local op2="-D"
+ local tableNo=${ethDev:3}
+
+ logger -t cloud "$(basename $0): static nat: public ip=$publicIp \
+ instance ip=$instIp op=$op"
+ #if adding, this might be a duplicate, so delete the old one first
+ [ "$op" == "-A" ] && static_nat "-D" $publicIp $instIp
+ # the delete operation may have errored out but the only possible reason is
+ # that the rules didn't exist in the first place
+ [ "$op" == "-A" ] && rulenum=1
+ [ "$op" == "-A" ] && op2="-I"
+
+ # shortcircuit the process if error and it is an append operation
+ # continue if it is delete
+ (sudo iptables -t nat $op PREROUTING -d $publicIp -j DNAT \
+ --to-destination $instIp &>> $OUTFILE || [ "$op" == "-D" ]) &&
+ # add mark to force the package go out through the eth the public IP is on
+ #(sudo iptables -t mangle $op PREROUTING -s $instIp -j MARK \
+ # --set-mark $tableNo &> $OUTFILE || [ "$op" == "-D" ]) &&
+ (sudo iptables -t nat $op2 POSTROUTING -o $ethDev -s $instIp -j SNAT \
+ --to-source $publicIp &>> $OUTFILE )
+ result=$?
+ logger -t cloud "$(basename $0): done static nat entry public ip=$publicIp op=$op result=$result"
+ if [ "$op" == "-D" ]
+ then
+ return 0
+ fi
+ return $result
+}
+
+
+
+rflag=
+lflag=
+dflag=
+op=""
+while getopts 'ADr:l:' OPTION
+
+do
+ case $OPTION in
+ A) op="-A"
+ ;;
+ D) op="-D"
+ ;;
+ r) rflag=1
+ instanceIp="$OPTARG"
+ ;;
+ l) lflag=1
+ publicIp="$OPTARG"
+ ;;
+ ?) usage
+ unlock_exit 2 $lock $locked
+ ;;
+ esac
+done
+
+ethDev=$(getEthByIp $publicIp)
+result=$?
+if [ $result -gt 0 ]
+then
+ if [ "$op" == "-D" ]
+ then
+ removeRulesForIp $publicIp
+ unlock_exit 0 $lock $locked
+ else
+ unlock_exit $result $lock $locked
+ fi
+fi
+OUTFILE=$(mktemp)
+
+static_nat $op $publicIp $instanceIp
+result=$?
+unlock_exit $result $lock $locked