diff --git a/VirtualMachineService/VirtualMachineHandler.py b/VirtualMachineService/VirtualMachineHandler.py index 2487826e..cc487a10 100644 --- a/VirtualMachineService/VirtualMachineHandler.py +++ b/VirtualMachineService/VirtualMachineHandler.py @@ -7,6 +7,7 @@ import sys import zipfile from uuid import uuid4 +from typing import List try: from ancon.Playbook import ALL_TEMPLATES, Playbook @@ -47,7 +48,7 @@ Playbook, ALL_TEMPLATES, ) - +import time import datetime import glob import json @@ -287,8 +288,10 @@ def __init__(self, config): LOG.info(f"Gateway IP is {self.GATEWAY_IP}") self.update_playbooks() self.conn = self.create_connection() + self.validate_gateway_security_group() self.create_or_get_default_ssh_security_group() + @deprecated(version="1.0.0", reason="Not supported at the moment") def setUserPassword(self, user, password): """ @@ -962,7 +965,13 @@ def volume_ids( LOG.exception(f"Start Server {servername} error:{e}") return {} - def prepare_security_groups_new_server(self, resenv, servername, http, https): + def prepare_security_groups_new_server( + self, + resenv: List[str], + servername: str, + http: bool = False, + https: bool = False, + ): custom_security_groups = [] if http or https: @@ -1153,6 +1162,51 @@ def start_server( LOG.exception(f"Start Server {servername} error:{e}") return {} + def create_resenv_security_group_and_attach_to_server( + self, server_id: str, resenv_template: str + ): + LOG.info(f"Create {resenv_template} Security Group for Instance: {server_id}") + + server = self.conn.get_server(name_or_id=server_id) + + if server is None: + LOG.exception(f"Instance {server_id} not found") + raise serverNotFoundException + resenv_metadata = self.loaded_resenv_metadata[resenv_template] + resenv_security_group = self.conn.get_security_group( + name_or_id=server.name + resenv_metadata.security_group_name + ) + if not resenv_security_group: + self.prepare_security_groups_new_server( + resenv=[resenv_template], servername=server.name + ) + resenv_security_group = self.conn.get_security_group( + name_or_id=server.name + resenv_metadata.security_group_name + ) + if resenv_security_group: + server_security_groups = self.conn.list_server_security_groups(server) + for sg in server_security_groups: + if sg["name"] == resenv_security_group.name: + return + LOG.info( + f"Add {resenv_security_group} Security Groups to Instance: {server_id}" + ) + + self.conn.compute.add_security_group_to_server( + server=server_id, security_group=resenv_security_group + ) + + def create_resenv_security_group(self, resenv_template: str): + if resenv_template in self.loaded_resenv_metadata: + resenv_metadata = self.loaded_resenv_metadata[research_enviroment] + + return self.create_security_group( + name=servername + resenv_metadata.security_group_name, + resenv=resenv, + description=resenv_metadata.security_group_description, + ssh=resenv_metadata.security_group_ssh, + ) + def start_server_with_custom_key( self, flavor, @@ -1738,7 +1792,9 @@ def check_server_status(self, openstack_id: str) -> VM: if self.USE_GATEWAY: serv_cop = self.get_server(openstack_id) server_base = serv_cop.fixed_ip.split(".")[-1] + ip_base = serv_cop.fixed_ip.split(".")[-2] x = int(server_base) # noqa F841 + y = int(ip_base) # noqa F841 host = str(self.GATEWAY_IP) port = eval(self.SSH_FORMULAR) elif self.get_server(openstack_id).floating_ip is None: @@ -1885,17 +1941,15 @@ def add_udp_security_group(self, server_id): return True - ip_base = ( - list(self.conn.compute.server_ips(server=server_id))[0] - .to_dict()["address"] - .split(".")[-1] - ) - x = int(ip_base) # noqa F841 - udp_port_start = eval(self.UDP_FORMULAR) - + server = self.get_server(server_id) + server_base = server.fixed_ip.split(".")[-1] + ip_base = server.fixed_ip.split(".")[-2] + x = int(server_base) # noqa F841 + y = int(ip_base) # noqa F841 + udp_port = eval(self.UDP_FORMULAR) security_group = self.create_security_group( name=server.name + "_udp", - udp_port_start=udp_port_start, + udp_port=udp_port, udp=True, ssh=False, https=False, @@ -1953,10 +2007,12 @@ def get_vm_ports(self, openstack_id): LOG.info(f"Get IP and PORT for server {openstack_id}") server = self.get_server(openstack_id) server_base = server.fixed_ip.split(".")[-1] + ip_base = server.fixed_ip.split(".")[-2] x = int(server_base) # noqa F841 + y = int(ip_base) # noqa F841 port = eval(self.SSH_FORMULAR) - udp_port_start = eval(self.UDP_FORMULAR) - return {"port": str(port), "udp": str(udp_port_start)} + udp_port = eval(self.UDP_FORMULAR) + return {"port": str(port), "udp": str(udp_port)} def terminate_cluster(self, cluster_id): headers = {"content-Type": "application/json"} @@ -2061,7 +2117,9 @@ def add_cluster_machine( project_name, project_id, ): - LOG.info(f"Add machine to [{name}] {cluster_id} - [Image: {image}] - {key_name}") + LOG.info( + f"Add machine to [{name}] {cluster_id} - [Image: {image}] - {key_name}" + ) try: openstack_image = self.get_image(image=image) except imageNotFoundException: @@ -2071,7 +2129,9 @@ def add_cluster_machine( if version in image: version_to_check = version.replace(".", "") - LOG.info(f"Version {version} in {image}!\Checking for image {version_to_check}...") + LOG.info( + f"Version {version} in {image}!\Checking for image {version_to_check}..." + ) openstack_image = self.get_active_image_by_os_version( os_version=version_to_check, os_distro="ubuntu" ) @@ -2520,6 +2580,14 @@ def resume_server(self, openstack_id): LOG.exception(f"Resume Server {openstack_id} error:") return False + def validate_gateway_security_group(self): + LOG.info(f"Check if gateway security group exists {self.GATEWAY_SECURITY_GROUP_ID}") + gateway_security_id=self.conn.get_security_group(self.GATEWAY_SECURITY_GROUP_ID) + if not gateway_security_id: + LOG.error(f"Gateway Security Group ID {self.GATEWAY_SECURITY_GROUP_ID} does not exist!") + sys.exit(1) + else: + LOG.info(f"Gateway Security Group ID {self.GATEWAY_SECURITY_GROUP_ID} found") def create_or_get_default_ssh_security_group(self): LOG.info("Get default SimpleVM SSH Security Group") sec = self.conn.get_security_group(name_or_id=self.DEFAULT_SECURITY_GROUP_NAME) @@ -2535,7 +2603,7 @@ def create_or_get_default_ssh_security_group(self): def create_security_group( self, name, - udp_port_start=None, + udp_port=None, ssh=True, http=False, https=False, @@ -2551,6 +2619,7 @@ def create_security_group( new_security_group = self.conn.create_security_group( name=name, description=description ) + LOG.info(new_security_group) if http: LOG.info(f"Add http rule to security group {name}") self.conn.network.create_security_group_rule( @@ -2589,16 +2658,16 @@ def create_security_group( ) if udp: LOG.info( - "Add udp rule ports {} - {} to security group {}".format( - udp_port_start, udp_port_start + 9, name + "Add udp rule port {} to security group {} ({})".format( + udp_port, name,new_security_group["id"], ) ) self.conn.network.create_security_group_rule( direction="ingress", protocol="udp", - port_range_max=udp_port_start + 9, - port_range_min=udp_port_start, + port_range_max=udp_port, + port_range_min=udp_port, security_group_id=new_security_group["id"], remote_group_id=self.GATEWAY_SECURITY_GROUP_ID, ) @@ -2606,8 +2675,8 @@ def create_security_group( direction="ingress", ether_type="IPv6", protocol="udp", - port_range_max=udp_port_start + 9, - port_range_min=udp_port_start, + port_range_max=udp_port, + port_range_min=udp_port, security_group_id=new_security_group["id"], remote_group_id=self.GATEWAY_SECURITY_GROUP_ID, ) @@ -2722,7 +2791,7 @@ def update_playbooks(self): self.ALL_TEMPLATES = [ name for name in os.listdir(PLAYBOOKS_DIR) - if name not in ["optional", "packer", ".github"] + if name not in ["optional", "packer", ".github", "cluster"] and os.path.isdir(os.path.join(PLAYBOOKS_DIR, name)) ] LOG.info(self.ALL_TEMPLATES) diff --git a/VirtualMachineService/VirtualMachineService-remote b/VirtualMachineService/VirtualMachineService-remote index 56dd56c0..3eaf7708 100755 --- a/VirtualMachineService/VirtualMachineService-remote +++ b/VirtualMachineService/VirtualMachineService-remote @@ -74,6 +74,7 @@ if len(sys.argv) <= 1 or sys.argv[1] == '--help': print(' string check_server_task_state(string openstack_id)') print(' get_servers_by_bibigrid_id(string bibigrid_id)') print(' void add_server_metadata(string server_id, metadata)') + print(' void create_resenv_security_group_and_attach_to_server(string server_id, string resenv_template)') print(' string add_cluster_machine(string cluster_id, string cluster_user, string cluster_group_id, string image, string flavor, string name, string key_name, int batch_idx, int worker_idx, string pub_key, string project_name, string project_id)') print(' ClusterInfo get_cluster_info(string cluster_id)') print(' get_cluster_status(string cluster_id)') @@ -471,6 +472,12 @@ elif cmd == 'add_server_metadata': sys.exit(1) pp.pprint(client.add_server_metadata(args[0], eval(args[1]),)) +elif cmd == 'create_resenv_security_group_and_attach_to_server': + if len(args) != 2: + print('create_resenv_security_group_and_attach_to_server requires 2 args') + sys.exit(1) + pp.pprint(client.create_resenv_security_group_and_attach_to_server(args[0], args[1],)) + elif cmd == 'add_cluster_machine': if len(args) != 12: print('add_cluster_machine requires 12 args') diff --git a/VirtualMachineService/VirtualMachineService.py b/VirtualMachineService/VirtualMachineService.py index 2929961f..a89762e6 100644 --- a/VirtualMachineService/VirtualMachineService.py +++ b/VirtualMachineService/VirtualMachineService.py @@ -568,6 +568,17 @@ def add_server_metadata(self, server_id, metadata): """ pass + def create_resenv_security_group_and_attach_to_server( + self, server_id, resenv_template + ): + """ + Parameters: + - server_id + - resenv_template + + """ + pass + def add_cluster_machine( self, cluster_id, @@ -2949,6 +2960,50 @@ def recv_add_server_metadata(self): raise result.e return + def create_resenv_security_group_and_attach_to_server( + self, server_id, resenv_template + ): + """ + Parameters: + - server_id + - resenv_template + + """ + self.send_create_resenv_security_group_and_attach_to_server( + server_id, resenv_template + ) + self.recv_create_resenv_security_group_and_attach_to_server() + + def send_create_resenv_security_group_and_attach_to_server( + self, server_id, resenv_template + ): + self._oprot.writeMessageBegin( + "create_resenv_security_group_and_attach_to_server", + TMessageType.CALL, + self._seqid, + ) + args = create_resenv_security_group_and_attach_to_server_args() + args.server_id = server_id + args.resenv_template = resenv_template + args.write(self._oprot) + self._oprot.writeMessageEnd() + self._oprot.trans.flush() + + def recv_create_resenv_security_group_and_attach_to_server(self): + iprot = self._iprot + (fname, mtype, rseqid) = iprot.readMessageBegin() + if mtype == TMessageType.EXCEPTION: + x = TApplicationException() + x.read(iprot) + iprot.readMessageEnd() + raise x + result = create_resenv_security_group_and_attach_to_server_result() + result.read(iprot) + iprot.readMessageEnd() + if result.e is not None: + raise result.e + return + def add_cluster_machine( self, cluster_id, @@ -3844,6 +3899,9 @@ def __init__(self, handler): "get_servers_by_bibigrid_id" ] = Processor.process_get_servers_by_bibigrid_id self._processMap["add_server_metadata"] = Processor.process_add_server_metadata + self._processMap[ + "create_resenv_security_group_and_attach_to_server" + ] = Processor.process_create_resenv_security_group_and_attach_to_server self._processMap["add_cluster_machine"] = Processor.process_add_cluster_machine self._processMap["get_cluster_info"] = Processor.process_get_cluster_info self._processMap["get_cluster_status"] = Processor.process_get_cluster_status @@ -5322,6 +5380,40 @@ def process_add_server_metadata(self, seqid, iprot, oprot): oprot.writeMessageEnd() oprot.trans.flush() + def process_create_resenv_security_group_and_attach_to_server( + self, seqid, iprot, oprot + ): + args = create_resenv_security_group_and_attach_to_server_args() + args.read(iprot) + iprot.readMessageEnd() + result = create_resenv_security_group_and_attach_to_server_result() + try: + self._handler.create_resenv_security_group_and_attach_to_server( + args.server_id, args.resenv_template + ) + msg_type = TMessageType.REPLY + except TTransport.TTransportException: + raise + except serverNotFoundException as e: + msg_type = TMessageType.REPLY + result.e = e + except TApplicationException as ex: + logging.exception("TApplication exception in handler") + msg_type = TMessageType.EXCEPTION + result = ex + except Exception: + logging.exception("Unexpected exception in handler") + msg_type = TMessageType.EXCEPTION + result = TApplicationException( + TApplicationException.INTERNAL_ERROR, "Internal error" + ) + oprot.writeMessageBegin( + "create_resenv_security_group_and_attach_to_server", msg_type, seqid + ) + result.write(oprot) + oprot.writeMessageEnd() + oprot.trans.flush() + def process_add_cluster_machine(self, seqid, iprot, oprot): args = add_cluster_machine_args() args.read(iprot) @@ -16293,6 +16385,197 @@ def __ne__(self, other): ) +class create_resenv_security_group_and_attach_to_server_args(object): + """ + Attributes: + - server_id + - resenv_template + + """ + + def __init__( + self, + server_id=None, + resenv_template=None, + ): + self.server_id = server_id + self.resenv_template = resenv_template + + def read(self, iprot): + if ( + iprot._fast_decode is not None + and isinstance(iprot.trans, TTransport.CReadableTransport) + and self.thrift_spec is not None + ): + iprot._fast_decode(self, iprot, [self.__class__, self.thrift_spec]) + return + iprot.readStructBegin() + while True: + (fname, ftype, fid) = iprot.readFieldBegin() + if ftype == TType.STOP: + break + if fid == 1: + if ftype == TType.STRING: + self.server_id = ( + iprot.readString().decode("utf-8", errors="replace") + if sys.version_info[0] == 2 + else iprot.readString() + ) + else: + iprot.skip(ftype) + elif fid == 2: + if ftype == TType.STRING: + self.resenv_template = ( + iprot.readString().decode("utf-8", errors="replace") + if sys.version_info[0] == 2 + else iprot.readString() + ) + else: + iprot.skip(ftype) + else: + iprot.skip(ftype) + iprot.readFieldEnd() + iprot.readStructEnd() + + def write(self, oprot): + if oprot._fast_encode is not None and self.thrift_spec is not None: + oprot.trans.write( + oprot._fast_encode(self, [self.__class__, self.thrift_spec]) + ) + return + oprot.writeStructBegin("create_resenv_security_group_and_attach_to_server_args") + if self.server_id is not None: + oprot.writeFieldBegin("server_id", TType.STRING, 1) + oprot.writeString( + self.server_id.encode("utf-8") + if sys.version_info[0] == 2 + else self.server_id + ) + oprot.writeFieldEnd() + if self.resenv_template is not None: + oprot.writeFieldBegin("resenv_template", TType.STRING, 2) + oprot.writeString( + self.resenv_template.encode("utf-8") + if sys.version_info[0] == 2 + else self.resenv_template + ) + oprot.writeFieldEnd() + oprot.writeFieldStop() + oprot.writeStructEnd() + + def validate(self): + return + + def __repr__(self): + L = ["%s=%r" % (key, value) for key, value in self.__dict__.items()] + return "%s(%s)" % (self.__class__.__name__, ", ".join(L)) + + def __eq__(self, other): + return isinstance(other, self.__class__) and self.__dict__ == other.__dict__ + + def __ne__(self, other): + return not (self == other) + + +all_structs.append(create_resenv_security_group_and_attach_to_server_args) +create_resenv_security_group_and_attach_to_server_args.thrift_spec = ( + None, # 0 + ( + 1, + TType.STRING, + "server_id", + "UTF8", + None, + ), # 1 + ( + 2, + TType.STRING, + "resenv_template", + "UTF8", + None, + ), # 2 +) + + +class create_resenv_security_group_and_attach_to_server_result(object): + """ + Attributes: + - e + + """ + + def __init__( + self, + e=None, + ): + self.e = e + + def read(self, iprot): + if ( + iprot._fast_decode is not None + and isinstance(iprot.trans, TTransport.CReadableTransport) + and self.thrift_spec is not None + ): + iprot._fast_decode(self, iprot, [self.__class__, self.thrift_spec]) + return + iprot.readStructBegin() + while True: + (fname, ftype, fid) = iprot.readFieldBegin() + if ftype == TType.STOP: + break + if fid == 1: + if ftype == TType.STRUCT: + self.e = serverNotFoundException.read(iprot) + else: + iprot.skip(ftype) + else: + iprot.skip(ftype) + iprot.readFieldEnd() + iprot.readStructEnd() + + def write(self, oprot): + if oprot._fast_encode is not None and self.thrift_spec is not None: + oprot.trans.write( + oprot._fast_encode(self, [self.__class__, self.thrift_spec]) + ) + return + oprot.writeStructBegin( + "create_resenv_security_group_and_attach_to_server_result" + ) + if self.e is not None: + oprot.writeFieldBegin("e", TType.STRUCT, 1) + self.e.write(oprot) + oprot.writeFieldEnd() + oprot.writeFieldStop() + oprot.writeStructEnd() + + def validate(self): + return + + def __repr__(self): + L = ["%s=%r" % (key, value) for key, value in self.__dict__.items()] + return "%s(%s)" % (self.__class__.__name__, ", ".join(L)) + + def __eq__(self, other): + return isinstance(other, self.__class__) and self.__dict__ == other.__dict__ + + def __ne__(self, other): + return not (self == other) + + +all_structs.append(create_resenv_security_group_and_attach_to_server_result) +create_resenv_security_group_and_attach_to_server_result.thrift_spec = ( + None, # 0 + ( + 1, + TType.STRUCT, + "e", + [serverNotFoundException, None], + None, + ), # 1 +) + + class add_cluster_machine_args(object): """ Attributes: diff --git a/VirtualMachineService/config/config.yml b/VirtualMachineService/config/config.yml index b3df89e3..7756628f 100644 --- a/VirtualMachineService/config/config.yml +++ b/VirtualMachineService/config/config.yml @@ -34,8 +34,8 @@ openstack_connection: use_ssl: True # Used for gateway port calculation , x is always the last octet of the fixed ip (example : (x + 3) *3 ) ) - ssh_port_calc_formular: 30000 + x - udp_port_calc_formular: x * 10 + 30000 + ssh_port_calc_formular: 30000 + x + y * 256 + udp_port_calc_formular: 30000 + x + y * 256 bibigrid: # Url for Bibigrid API @@ -56,4 +56,5 @@ forc: github_playbooks_repo: forc_remote_id: + cloud_site: bielefeld diff --git a/docker-compose.bibigrid.yml b/docker-compose.bibigrid.yml index f271303c..f80dba17 100644 --- a/docker-compose.bibigrid.yml +++ b/docker-compose.bibigrid.yml @@ -40,7 +40,7 @@ services: # filebeat filebeat: - image: docker.elastic.co/beats/filebeat:8.5.0 + image: docker.elastic.co/beats/filebeat:8.5.1 env_file: - .env volumes: diff --git a/docker-compose.yml b/docker-compose.yml index 0d648a5d..27aa7279 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,7 +26,7 @@ services: # filebeat filebeat: container_name: client_filebeat - image: docker.elastic.co/beats/filebeat:8.5.0 + image: docker.elastic.co/beats/filebeat:8.5.1 env_file: - .env volumes: diff --git a/portal_client.thrift b/portal_client.thrift index c462a0b2..b1cdeb8e 100644 --- a/portal_client.thrift +++ b/portal_client.thrift @@ -611,6 +611,7 @@ service VirtualMachineService { void add_server_metadata(1:string server_id,2: map metadata) throws (1:serverNotFoundException e), + void create_resenv_security_group_and_attach_to_server(1:string server_id,2:string resenv_template) throws (1:serverNotFoundException e), string add_cluster_machine( 1:string cluster_id, @@ -750,6 +751,9 @@ service VirtualMachineService { throws (1:serverNotFoundException e,2:ressourceException r), + + + /** * Set Password of a User * Returns: the new password diff --git a/requirements.txt b/requirements.txt index bd08928f..e16488de 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,10 +3,10 @@ thrift==0.16.0 python-keystoneclient==5.0.1 openstacksdk ==0.102.0 deprecated == 1.2.13 -ansible==6.5.0 +ansible==6.6.0 Click==8.1.3 flake8==5.0.4 -paramiko==2.11.1 +paramiko==2.12.0 ruamel.yaml==0.17.21 pyvim==3.0.3 redis==4.3.4 diff --git a/scripts/gateway/gateway_TCP.sh b/scripts/gateway/gateway_TCP.sh index d2b2010a..0dd8e8ed 100644 --- a/scripts/gateway/gateway_TCP.sh +++ b/scripts/gateway/gateway_TCP.sh @@ -16,26 +16,28 @@ function check_service { # get local ip from meta data server LOCALIP=$(curl http://169.254.169.254/latest/meta-data/local-ipv4) - LOCALNET=$( echo ${LOCALIP} | cut -f 1-3 -d".") + LOCALNET=$( echo ${LOCALIP} | cut -f 1-2 -d".") #enable ip forwarding echo "1" > /proc/sys/net/ipv4/ip_forward - # Map port number to local ip-address - # 30000+x -> LOCALNET.0+x:22 - # 31000+x -> LOCALNET.0+x:80 - # 32000+x -> LOCALNET.0+x:443 - # x > 0 and x < 255 - - - #ip forwarding rules - for ((n=1; n <=254; n++)) + for ((base=0; base <=8; base++)) + { + for ((n=1; n <=254; n++)) { - SSH_PORT=$((30000+$n)) + SSH_PORT=$((30000+$n + base *256)) echo $n + echo $SSH_PORT - iptables -t nat -A PREROUTING -i ens3 -p tcp -m tcp --dport ${SSH_PORT} -j DNAT --to-destination ${LOCALNET}.${n}:22 - iptables -t nat -A POSTROUTING -d ${LOCALNET}.${n}/32 -p tcp -m tcp --dport 22 -j SNAT --to-source ${LOCALIP} + iptables -t nat -A PREROUTING -i ens3 -p tcp -m tcp --dport ${SSH_PORT} -j DNAT --to-destination ${LOCALNET}.${base}.${n}:22 + iptables -t nat -A POSTROUTING -d ${LOCALNET}.${base}.${n}/32 -p tcp -m tcp --dport 22 -j SNAT --to-source ${LOCALIP} } + + + } + + + #ip forwarding rules + diff --git a/scripts/gateway/gateway_UDP.sh b/scripts/gateway/gateway_UDP.sh index 0a42ebc5..35dc45c5 100644 --- a/scripts/gateway/gateway_UDP.sh +++ b/scripts/gateway/gateway_UDP.sh @@ -2,19 +2,21 @@ # get local ip from meta data server LOCALIP=$(curl http://169.254.169.254/latest/meta-data/local-ipv4) -LOCALNET=$( echo ${LOCALIP} | cut -f 1-3 -d".") +LOCALNET=$( echo ${LOCALIP} | cut -f 1-2 -d".") #ip forwarding rules + for ((base=0; base <=8; base++)) + { for ((n=1; n <=254; n++)) { - MOSH_BASE=$((30000+$n*10)) + MOSH_BASE=$((30000+$n + base *256)) + + + MOSH_PORT=$(($MOSH_BASE)) + echo ${MOSH_PORT} + iptables -t nat -A PREROUTING -i ens3 -p udp -m udp --dport ${MOSH_PORT} -j DNAT --to-destination ${LOCALNET}.${base}.${n}:${MOSH_PORT} + iptables -t nat -A POSTROUTING -d ${LOCALNET}.${base}.${n}/32 -p udp -m udp --dport ${MOSH_PORT} -j SNAT --to-source ${LOCALIP} - for ((m=0; m<=9; m++)) - { - MOSH_PORT=$(($MOSH_BASE+$m)) - #$echo ${MOSH_PORT} - iptables -t nat -A PREROUTING -i ens3 -p udp -m udp --dport ${MOSH_PORT} -j DNAT --to-destination ${LOCALNET}.${n}:${MOSH_PORT} - iptables -t nat -A POSTROUTING -d ${LOCALNET}.${n}/32 -p udp -m udp --dport ${MOSH_PORT} -j SNAT --to-source ${LOCALIP} - } } +} \ No newline at end of file diff --git a/scripts/generate_new_test_pems.sh b/scripts/generate_new_test_pems.sh index 8a1140ff..e68e28fb 100644 --- a/scripts/generate_new_test_pems.sh +++ b/scripts/generate_new_test_pems.sh @@ -2,8 +2,12 @@ echo Creating new dir "new_pem" mkdir $1 cd $1 -openssl req -new -x509 -nodes -days 3000 -out server.crt -keyout server.key -subj "/C=DE/ST=./L=./O=./CN=$1" +if [[ "$1" =~ ^(([1-9]?[0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))\.){3}([1-9]?[0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))$ ]]; then + openssl req -new -x509 -nodes -days 3000 -out server.crt -keyout server.key -subj "/C=DE/ST=./L=./O=./CN=$1" --addext "subjectAltName=IP:$1" +else + openssl req -new -x509 -nodes -days 3000 -out server.crt -keyout server.key -subj "/C=DE/ST=./L=./O=./CN=$1" +fi openssl x509 -in server.crt -text > CA.pem cat server.crt server.key > server.pem openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12 -passout pass:thrift