2020-04-17 19:07:21 +02:00
|
|
|
#!/usr/bin/env python3
|
2013-12-12 22:16:03 +01:00
|
|
|
#
|
|
|
|
# Copyright © 2013 Zulip, Inc.
|
|
|
|
#
|
|
|
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
# of this software and associated documentation files (the "Software"), to deal
|
|
|
|
# in the Software without restriction, including without limitation the rights
|
|
|
|
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
# copies of the Software, and to permit persons to whom the Software is
|
|
|
|
# furnished to do so, subject to the following conditions:
|
|
|
|
#
|
|
|
|
# The above copyright notice and this permission notice shall be included in
|
|
|
|
# all copies or substantial portions of the Software.
|
|
|
|
#
|
|
|
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
# THE SOFTWARE.
|
|
|
|
|
|
|
|
# Original author: Luke Faraone
|
|
|
|
|
2021-02-12 08:20:45 +01:00
|
|
|
"""Configure a host for EC2-VPC dynamically assigned network interfaces
|
2013-07-12 19:53:09 +02:00
|
|
|
|
|
|
|
Amazon VPC gives us a good deal of flexibility compared to classic EC2.
|
|
|
|
However there are limitations; you can assign multiple IPs to a host
|
|
|
|
yet only the first IP per interface will be DHCP assigned, and you are
|
|
|
|
limited in the total number of interfaces you have, so doing one-IP-per-
|
|
|
|
interface is also untenable.
|
|
|
|
|
|
|
|
This script grabs the metadata provided by AWS and uses it to correctly
|
|
|
|
configure all available network interfaces.
|
|
|
|
|
|
|
|
It is suitable to be hooked in to system boot and network
|
|
|
|
reconfiguration scripts.
|
|
|
|
|
|
|
|
Note that it currently does not handle the deconfiguration of
|
|
|
|
interfaces.
|
|
|
|
|
2021-02-12 08:20:45 +01:00
|
|
|
"""
|
2013-07-14 04:34:40 +02:00
|
|
|
import logging
|
|
|
|
import logging.handlers
|
2013-07-12 19:53:09 +02:00
|
|
|
import subprocess
|
2020-06-11 00:54:34 +02:00
|
|
|
import sys
|
|
|
|
from typing import Optional
|
2013-07-12 19:53:09 +02:00
|
|
|
|
|
|
|
import boto.utils
|
|
|
|
import netifaces
|
2019-07-23 23:58:11 +02:00
|
|
|
|
2013-07-12 19:53:09 +02:00
|
|
|
|
2020-04-23 04:42:19 +02:00
|
|
|
def address_of(device_id: int) -> Optional[str]:
|
2013-07-12 19:53:09 +02:00
|
|
|
try:
|
2021-02-12 08:20:45 +01:00
|
|
|
return netifaces.ifaddresses(f"ens{device_id}")[netifaces.AF_INET][0]["addr"]
|
2013-07-12 19:53:09 +02:00
|
|
|
except KeyError:
|
|
|
|
return None
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2020-04-23 04:42:19 +02:00
|
|
|
def guess_gateway(device_id: int) -> Optional[str]:
|
2013-07-14 04:25:51 +02:00
|
|
|
# This will not work if the default gateway isn't n.n.n.1.
|
2017-07-09 21:17:49 +02:00
|
|
|
address = address_of(device_id)
|
|
|
|
if address is None:
|
|
|
|
return None
|
2021-02-12 08:20:45 +01:00
|
|
|
gateway = address.split(".")
|
|
|
|
gateway[3] = "1"
|
|
|
|
return ".".join(gateway)
|
2013-07-14 04:25:51 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2021-02-12 08:20:45 +01:00
|
|
|
log = logging.getLogger("configure-cloud-interfaces")
|
2013-07-14 04:34:40 +02:00
|
|
|
log.setLevel(logging.DEBUG)
|
|
|
|
|
|
|
|
log.addHandler(logging.handlers.SysLogHandler(facility=logging.handlers.SysLogHandler.LOG_DAEMON))
|
|
|
|
log.addHandler(logging.StreamHandler())
|
2013-12-12 22:16:03 +01:00
|
|
|
log.info("Starting.")
|
2013-07-14 04:34:40 +02:00
|
|
|
|
2018-03-23 16:51:12 +01:00
|
|
|
metadata = boto.utils.get_instance_metadata()
|
|
|
|
if metadata is None:
|
|
|
|
log.error("Could not get instance metadata!")
|
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
macs = metadata["network"]["interfaces"]["macs"]
|
2021-02-12 08:20:45 +01:00
|
|
|
ids = [int(macdata["device-number"]) for macdata in macs.values()]
|
2013-07-12 19:53:09 +02:00
|
|
|
ifaces = [iface for iface in netifaces.interfaces() if ":" not in iface and iface != "lo"]
|
|
|
|
|
|
|
|
# Number of IDs should equal number of interfaces
|
|
|
|
if len(ids) != len(ifaces):
|
2020-06-13 08:59:37 +02:00
|
|
|
log.error(f"Metadata indicated {len(ids)} interfaces but we have {len(ifaces)}!")
|
2013-07-12 19:53:09 +02:00
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
for device in macs.values():
|
|
|
|
# There's an annoying API inconsistency here:
|
|
|
|
# If you have multiple IPs, local-ipv4s is a list.
|
|
|
|
# If you only have one, local-ipv4s is a string.
|
|
|
|
# Who knew?
|
2021-02-12 08:20:45 +01:00
|
|
|
if isinstance(device["local-ipv4s"], str):
|
2013-07-12 19:53:09 +02:00
|
|
|
# Only do dhcp, don't try to assign addresses
|
2021-02-12 08:20:45 +01:00
|
|
|
to_configure = [device["local-ipv4s"]]
|
2013-07-12 19:53:09 +02:00
|
|
|
else:
|
2021-02-12 08:20:45 +01:00
|
|
|
to_configure = list(device["local-ipv4s"])
|
|
|
|
device_number = int(device["device-number"])
|
2017-07-09 23:05:48 +02:00
|
|
|
address = address_of(device_number)
|
|
|
|
|
|
|
|
if address is None:
|
2013-07-12 19:53:09 +02:00
|
|
|
# If the device was not autoconfigured, do so now.
|
2020-06-13 08:59:37 +02:00
|
|
|
log.info(f"Device ens{device_number} not configured, starting dhcpd")
|
2021-02-12 08:20:45 +01:00
|
|
|
subprocess.check_call(["/sbin/dhcpcd", f"ens{device_number}"])
|
2013-07-12 19:53:09 +02:00
|
|
|
|
2017-07-09 22:30:13 +02:00
|
|
|
dev_num = str(device_number)
|
|
|
|
address = address_of(device_number)
|
|
|
|
gateway = guess_gateway(device_number)
|
2021-02-12 08:19:30 +01:00
|
|
|
assert address is not None
|
|
|
|
assert gateway is not None
|
2017-07-09 22:30:13 +02:00
|
|
|
|
2013-07-14 04:25:51 +02:00
|
|
|
# Horrible hack to route return packets on the correct interface
|
2020-03-27 01:32:21 +01:00
|
|
|
# See https://unix.stackexchange.com/a/4421/933
|
2021-02-12 08:20:45 +01:00
|
|
|
subprocess.check_call(["/sbin/ip", "rule", "add", "fwmark", dev_num, "table", dev_num])
|
2013-07-14 04:25:51 +02:00
|
|
|
subprocess.check_call(
|
2021-02-12 08:19:30 +01:00
|
|
|
[
|
2021-02-12 08:20:45 +01:00
|
|
|
"/sbin/ip",
|
|
|
|
"route",
|
|
|
|
"add",
|
|
|
|
"0.0.0.0/0",
|
|
|
|
"table",
|
2021-02-12 08:19:30 +01:00
|
|
|
dev_num,
|
2021-02-12 08:20:45 +01:00
|
|
|
"dev",
|
|
|
|
f"ens{device_number}",
|
|
|
|
"via",
|
2021-02-12 08:19:30 +01:00
|
|
|
gateway,
|
|
|
|
]
|
|
|
|
)
|
2013-07-14 04:25:51 +02:00
|
|
|
subprocess.check_call(
|
2021-02-12 08:19:30 +01:00
|
|
|
[
|
2021-02-12 08:20:45 +01:00
|
|
|
"/sbin/iptables",
|
|
|
|
"-t",
|
|
|
|
"mangle",
|
|
|
|
"-A",
|
|
|
|
"OUTPUT",
|
|
|
|
"-m",
|
|
|
|
"conntrack",
|
|
|
|
"--ctorigdst",
|
2021-02-12 08:19:30 +01:00
|
|
|
address,
|
2021-02-12 08:20:45 +01:00
|
|
|
"-j",
|
|
|
|
"MARK",
|
|
|
|
"--set-mark",
|
2021-02-12 08:19:30 +01:00
|
|
|
dev_num,
|
|
|
|
]
|
|
|
|
)
|
2013-07-14 04:25:51 +02:00
|
|
|
|
2017-07-09 23:05:48 +02:00
|
|
|
to_configure.remove(address)
|
2013-07-12 19:53:09 +02:00
|
|
|
|
|
|
|
for (count, ip) in enumerate(to_configure):
|
|
|
|
# Configure the IP via a virtual interface
|
2020-06-13 08:59:37 +02:00
|
|
|
device = f"ens{device_number}:{count}"
|
2020-06-10 06:41:04 +02:00
|
|
|
log.info(f"Configuring {device} with IP {ip}")
|
2021-02-12 08:20:45 +01:00
|
|
|
subprocess.check_call(["/sbin/ifconfig", device, ip])
|
2013-12-12 22:15:19 +01:00
|
|
|
subprocess.check_call(
|
2021-02-12 08:19:30 +01:00
|
|
|
[
|
2021-02-12 08:20:45 +01:00
|
|
|
"/sbin/iptables",
|
|
|
|
"-t",
|
|
|
|
"mangle",
|
|
|
|
"-A",
|
|
|
|
"OUTPUT",
|
|
|
|
"-m",
|
|
|
|
"conntrack",
|
|
|
|
"--ctorigdst",
|
2021-02-12 08:19:30 +01:00
|
|
|
ip,
|
2021-02-12 08:20:45 +01:00
|
|
|
"-j",
|
|
|
|
"MARK",
|
|
|
|
"--set-mark",
|
2021-02-12 08:19:30 +01:00
|
|
|
str(device_number),
|
|
|
|
]
|
|
|
|
)
|
2013-08-19 20:48:54 +02:00
|
|
|
|
|
|
|
for throwaway in range(2):
|
2020-03-28 01:25:56 +01:00
|
|
|
# Don't freak out if this doesn't work.
|
2021-02-12 08:20:45 +01:00
|
|
|
subprocess.call(["/sbin/ip", "route", "del", "10.0.0.0/8"])
|
2013-12-12 22:16:03 +01:00
|
|
|
|
|
|
|
log.info("Finished.")
|