Merge branch 'gwgroup'

c0766b40 · nanahira · ce4c9b91 · 17364bd0 · c0766b40 · c0766b40
Commit c0766b40 authored Dec 29, 2020 by nanahira
6 changed files
--- a/ansible/bird.conf.j2
+++ b/ansible/bird.conf.j2
@@ -9,19 +9,22 @@ protocol device {}
 protocol kernel {
  learn;
  ipv4 {
-    import all;
+    import where net = 0.0.0.0/0;
+    export where net != 0.0.0.0/0;
  };
+  #ipv6 { export all; };
 }

+
 {% for plan in routePlans %}
 ipv4 table {{plan.name}};
-protocol static {
-  ipv4 {
-    table {{plan.name}};
-  };
-  igp table master4;
-  route 0.0.0.0/0 recursive {{plan.address}};
+{% if plan.addressesString %}
+protocol pipe {
+  table master4;
+  peer table {{plan.name}};
+  export where ospf_router_id ~ {{plan.addressesString}};
 }
+{% endif %}
 protocol kernel {
  ipv4 {
    table {{plan.name}};

--- a/ansible/configure.yaml
+++ b/ansible/configure.yaml
@@ -113,18 +113,24 @@
        content: '{{dockerServices | to_yaml}}'
        dest: '{{ansible_user_dir}}/nextgen-network/services/docker-compose.yml'
      when: not noBird
-    - name: bird conf
-      template:
-        src: bird.conf.j2
-        dest: '{{ansible_user_dir}}/nextgen-network/services/bird.conf'
-      notify: restart_bird
-      when: not noBird
+    #- name: bird conf
+    #  template:
+    #    src: bird.conf.j2
+    #    dest: '{{ansible_user_dir}}/nextgen-network/services/bird.conf'
+    #  notify: restart_bird
+    #  when: not noBird
    - name: babeld conf
      template:
        src: babeld.conf.j2
        dest: '{{ansible_user_dir}}/nextgen-network/services/babeld.conf'
      #notify: restart_babeld
      when: not noBird
+    - name: monitor route plans
+      template:
+        src: route-plans.j2
+        dest: '{{ansible_user_dir}}/nextgen-network/services/route-plans'
+      notify: restart_monitor
+      when: not noBird
    - name: babeld reload conf
      template:
        src: babeld-reload.conf.j2
@@ -142,56 +148,56 @@
        remove_orphans: true
        # pull: true
      when: not noBird
-    - name: systemd bird
-      become: true
-      template:
-        src: bird.conf.j2
-        dest: '/etc/bird/bird.conf'
-      notify: restart_bird_systemd
-      when: systemBird
-    - name: enable systemd bird
-      become: true
-      systemd:
-        name: bird
-        state: started
-        enabled: true
-        masked: false
-      when: systemBird
-    - name: systemd babeld conf
-      become: true
-      template:
-        src: babeld.conf.j2
-        dest: '/etc/babeld.conf'
-      #notify: restart_babeld_systemd
-      when: systemBird
-    - name: enable systemd babeld
-      become: true
-      systemd:
-        name: babeld
-        state: started
-        enabled: true
-        masked: false
-      when: systemBird
+    #- name: systemd bird
+    #  become: true
+    #  template:
+    #    src: bird.conf.j2
+    #    dest: '/etc/bird/bird.conf'
+    #  notify: restart_bird_systemd
+    #  when: systemBird
+    #- name: enable systemd bird
+    #  become: true
+    #  systemd:
+    #    name: bird
+    #    state: started
+    #    enabled: true
+    #    masked: false
+    #  when: systemBird
+    #- name: systemd babeld conf
+    #  become: true
+    #  template:
+    #    src: babeld.conf.j2
+    #    dest: '/etc/babeld.conf'
+    #  #notify: restart_babeld_systemd
+    #  when: systemBird
+    #- name: enable systemd babeld
+    #  become: true
+    #  systemd:
+    #    name: babeld
+    #    state: started
+    #    enabled: true
+    #    masked: false
+    #  when: systemBird
  handlers:
    - name: reload_switch_rules
      become: true
      shell: '{{ansible_user_dir}}/nextgen-network/scripts/switch-rules-down.sh ; {{ansible_user_dir}}/nextgen-network/scripts/switch-rules-up.sh'
-    - name: restart_bird
+    - name: restart_babeld # ocserv would be always restarted whenever key changes..
      docker_compose:
        project_src: '{{ansible_user_dir}}/nextgen-network/services'
        restarted: true
        services:
-          - bird
+          - babeld
      when: not noBird
-    - name: restart_babeld # ocserv would be always restarted whenever key changes..
+    - name: reload_babeld
+      shell: cat /tmp/babeld-reload.conf | timeout 1 nc ::1 33123 || true
+    - name: restart_monitor
      docker_compose:
        project_src: '{{ansible_user_dir}}/nextgen-network/services'
        restarted: true
        services:
-          - babeld
+          - gateways-monitor
      when: not noBird
-    - name: reload_babeld
-      shell: cat /tmp/babeld-reload.conf | timeout 1 nc ::1 33123 || true
    - name: restart_frps
      docker_compose:
        project_src: '{{ansible_user_dir}}/nextgen-network/services'
@@ -222,17 +228,17 @@
          - openconnect-{{item.name}}
      with_items: '{{connections}}'
      when: 'item.protocol == "oc" and item.ocType == "client" and not noBird and not item.noUpdate'
-    - name: restart_bird_systemd
-      become: true
-      systemd:
-        name: bird
-        state: restarted
-    - name: restart_babeld_systemd
-      become: true
-      systemd:
-        name: babeld
-        state: restarted
-      when: systemBird
+    #- name: restart_bird_systemd
+    #  become: true
+    #  systemd:
+    #    name: bird
+    #    state: restarted
+    #- name: restart_babeld_systemd
+    #  become: true
+    #  systemd:
+    #    name: babeld
+    #    state: restarted
+    #  when: systemBird
    - name: reload_chnroute
      become: true
      shell: |

--- a/ansible/install.yaml
+++ b/ansible/install.yaml
@@ -8,9 +8,9 @@
        name: '{{item}}'
        source: pull
      with_items:
-        - fatedier/frps:v0.34.2
-        - fatedier/frpc:v0.34.2
-        - git-registry.mycard.moe/nanahira/docker-bird
+        #- fatedier/frps:v0.34.2
+        #- fatedier/frpc:v0.34.2
+        - git-registry.mycard.moe/railgun/gateways-monitor
        - git-registry.mycard.moe/railgun/babeld
        - git-registry.mycard.moe/nanahira/docker-ocserv
        - git-registry.mycard.moe/railgun/openconnect

--- a/ansible/route-plans.j2
+++ b/ansible/route-plans.j2
+declare -A ROUTE_PLANS=(
+{% for plan in routePlans %}
+	[{{plan.destMark}}]="{{plan.addressesString}}"
+{% endfor %}
+);
--- a/ansible/scripts/global-postup.sh.j2
+++ b/ansible/scripts/global-postup.sh.j2
 #!/usr/bin/env bash
-# Forced update 12.24
+# Forced update 12.29
 source {{ansible_user_dir}}/nextgen-network/scripts/utility.sh

 echo "running" > /tmp/mycard_global_postup_done

--- a/src/inventory.ts
+++ b/src/inventory.ts
@@ -3,7 +3,7 @@ import util from 'util';
 import fs from 'fs';
 import path from 'path';
 import YAML from 'yaml';
-import _ from 'lodash';
+import _, { add } from 'lodash';
 import child_process from 'child_process';
 import assert from 'assert';
 import { promises as dns } from 'dns';
@@ -17,9 +17,20 @@ async function generateOcpasswdLine(username: string, password: string) {
  return res;
 }

+interface GatewayGroup {
+  id: number;
+  name: string;
+  locationPrefix: string;
+  includeRouters: string;
+  excludeRouters: string;
+  children: string;
+  destMark: number;
+}
+
 class InventoryBuilder {
  hosts: { [key: string]: any };
  gateways: any;
+  gatewayGroups: GatewayGroup[];
  connections: string[];
  routeLists: any;
  resolveCache: Map<string, string>;
@@ -81,6 +92,7 @@ class InventoryBuilder {
  async main() {
    this.hosts = _.keyBy(await this.load('nextgen2'), 'name');
    this.gateways = _.mapValues(_.groupBy(await this.loadGateways(), 'router'), g => _.keyBy(g, 'isp'));
+    this.gatewayGroups = await this.load('gateway groups');
    //console.log(this.gateways);
    this.connections = _.intersection(Object.keys(this.hosts), Object.keys(_.find(this.hosts)));

@@ -140,6 +152,51 @@ class InventoryBuilder {

    return vars;
  }
+  getRoutePlanAddressesString(addresses: string[]) {
+    if (!addresses.length) {
+      return null;
+    }
+    return addresses.join(" ");
+  }
+  isGatewayGroupContains(gatewayGroup: GatewayGroup, host: any) {
+    const locationPrefixes = gatewayGroup.locationPrefix.split(",");
+    const excludeRouters = gatewayGroup.excludeRouters.split(",");
+    const includeRouters = gatewayGroup.includeRouters.split(",");
+    const children = gatewayGroup.children.split(",");
+    if (excludeRouters.includes(host.name)) {
+      return false;
+    }
+    if (locationPrefixes.some(prefix => prefix !== "" && (host.location as string).startsWith(prefix)) || includeRouters.includes(host.name)) {
+      return true;
+    }
+    for (let childName of children) {
+      const targetGatewayGroup = this.gatewayGroups.find(g => g.name === childName);
+      if (!targetGatewayGroup) {
+        continue;
+      }
+      if (this.isGatewayGroupContains(targetGatewayGroup, host)) {
+        return true;
+      }
+    }
+    return false;
+  }
+  getAddressesFromGatewayGroup(gatewayGroup: GatewayGroup, hosts: any[]) {
+    const suitableHosts = hosts.filter(host => this.isGatewayGroupContains(gatewayGroup, host));
+    return suitableHosts.map(host => host.address);
+  }
+  getRoutePlansFromGatewayGroups(host: any) {
+    const allOtherHosts = this.connections.filter(h => h !== host.name).map(h => this.hosts[h]);
+    const routePlans = this.gatewayGroups.filter(group => !this.isGatewayGroupContains(group, host)).map(group => {
+      const addresses = this.getAddressesFromGatewayGroup(group, allOtherHosts);
+      return {
+        name: group.name.replace(/-/g, "_"),
+        destMark: group.destMark,
+        addresses,
+        addressesString: this.getRoutePlanAddressesString(addresses)
+      }
+    }).filter(plan => plan.addresses.length > 0);
+    return routePlans;
+  }

  getHostConnectionInfo(host) {
    return {
@@ -157,12 +214,13 @@ class InventoryBuilder {
    host.dockerServices = {
      version: '2.4',
      services: {
-        bird: {
+        'gateways-monitor': {
          restart: 'always',
-          image: 'git-registry.mycard.moe/nanahira/docker-bird',
+          image: 'git-registry.mycard.moe/railgun/gateways-monitor',
          network_mode: 'host',
          cap_add: ['NET_ADMIN'],
-          volumes: ['./bird.conf:/etc/bird/bird.conf:ro']
+          volumes: ['./route-plans:/usr/src/app/route-plans:ro'],
+          command: '/usr/src/app/gateway-monitor.sh'
        },
        babeld: {
          restart: 'always',
@@ -180,7 +238,7 @@ class InventoryBuilder {
    const localSubnets = host.subnets;
    //console.log(localSubnets);
    const masqInterfaces = host.masqInterfaces.length > 0 ? host.masqInterfaces.split(',') : [];
-    const routePlans = [];
+    const routePlans = this.getRoutePlansFromGatewayGroups(host);

    for (const h of this.connections) {
      if (h != host.name) {
@@ -200,14 +258,18 @@ class InventoryBuilder {
          connections.push(await this.parse_connection(host, this.hosts[h], null_connection, true, false, false));
          connections.push(await this.parse_connection(host, this.hosts[h], null_connection, false, true, false));
        }
+        const targetHost = this.hosts[h];
        routePlans.push({
-          name: h.replace(/-/g, '_'),
-          destMark: this.hosts[h].destMark,
-          address: this.hosts[h].address
+          name: h.replace(/-/g, "_"),
+          destMark: targetHost.destMark,
+          addresses: [targetHost.address],
+          addressesString: this.getRoutePlanAddressesString([targetHost.address])
        });
      }
    }
    
+    
+
    return {
      //ansible_ssh_host: host.host,
      //ansible_ssh_user: host.user,