haproxy rules

09ed5cac · nanahira · dc1f12e9 · 09ed5cac · 09ed5cac · 09ed5cac
Commit 09ed5cac authored May 05, 2021 by nanahira
4 changed files
--- a/ansible/scripts/switch-rules-up.sh.j2
+++ b/ansible/scripts/switch-rules-up.sh.j2
@@ -14,12 +14,14 @@ restore_mark_switch -A {{plan.destMark}}

 ## local gateways
 {% for gw in gateways %}
+{% if not gw.hidden %}
 {% if gw.selectionMark > 0 %}
 interface_switch_china -A u_{{gw.isp}}_china {{gw.selectionMark}}
 interface_switch_oversea -A u_{{gw.isp}}_oversea {{gw.selectionMark}}
 restore_mark_switch -A {{gw.selectionMark}}
-{% if not gw.hidden %}
 interface_switch_tproxy -A {{gw.selectionMark}} {{gw.haproxyPort}}
+{% else %}
+interface_switch_tproxy_default -A {{gw.haproxyPort}}
 {% endif %}
 {% endif %}
 {% endfor %}

--- a/ansible/scripts/utility.sh.j2
+++ b/ansible/scripts/utility.sh.j2
@@ -74,3 +74,8 @@ interface_switch_tproxy() {
  HAPROXY_PORT=$3
  $IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark "$MARK" -m set ! --match-set mycard dst -p tcp -m multiport --dports 80,443 -j TPROXY --on-port "$HAPROXY_PORT" --tproxy-mark 999
 }
+interface_switch_tproxy_default() {
+  OPTION=$1
+  HAPROXY_PORT=$2
+  $IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark 0 -m set --match-set mycard src -m set ! --match-set mycard dst -p tcp -m multiport --dports 80,443 -j TPROXY --on-port "$HAPROXY_PORT" --tproxy-mark 999
+}
--- a/config.sh
+++ b/config.sh
@@ -7,5 +7,5 @@ cd data
 ( for sheet in $sheets
 do
    echo "https://docs.google.com/spreadsheets/d/${doc}/export?exportFormat=csv&gid=${sheet}"
-done ) | wget --content-disposition -i -
+done ) | wget -4 --content-disposition -i -
 cd ..
--- a/src/inventory.ts
+++ b/src/inventory.ts
@@ -80,11 +80,13 @@ class InventoryBuilder {
    const gateways = await this.load('gateways2');
    for (let gateway of gateways) {
      gateway.isCN = this.hosts[gateway.router] && this.hosts[gateway.router].location.startsWith('CN');
+      gateway.hidden = !!gateway.hidden;
      if (gateway.mark) {
        gateway.selectionMark = gateway.mark + 50;
+        gateway.haproxyPort = gateway.mark + 60000;
      } else {
-        gateway.mark = 0;
        gateway.selectionMark = 0;
+        gateway.haproxyPort = 60100;
      }
    }
    return gateways;
@@ -116,7 +118,7 @@ class InventoryBuilder {
      this.linksLimit = process.env.LIMIT_LINKS.split(",");
    }
    this.vars = await this.loadUtilities();
-    const inventoryValue = { wg: {hosts: Object.fromEntries(Object.values(this.hosts).map(host => [host.name, this.getHostConnectionInfo(host)]))} };
+    const inventoryValue = { wg: { hosts: Object.fromEntries(Object.values(this.hosts).map(host => [host.name, this.getHostConnectionInfo(host)])) } };
    await fs.promises.writeFile('result/inventory.yaml', YAML.stringify(inventoryValue));
    // console.log(Object.values(this.hosts));
    const hosts = await Promise.all(Object.values(this.hosts).map(async (h) => ({
@@ -278,8 +280,8 @@ class InventoryBuilder {
        });
      }
    }
-    
-    
+
+

    return {
      //ansible_ssh_host: host.host,