Skip to content
Snippets Groups Projects
Commit b6943bba authored by David Schmitz's avatar David Schmitz
Browse files

install-*.sh: option for adding an initial test rule to DB;...

install-*.sh: option for adding an initial test rule to DB; feature/exabgp_with_docker-compose: use this new option for test rule to block traffic between host1 aand host2
parent e383d489
No related branches found
No related tags found
No related merge requests found
# doc: to build+run: docker build -f Dockerfile.fod.centos.new -t fod.centos . && docker run -ti fod.centos
# doc: to build+run: docker build -f Dockerfile.fod.centos.new -t fod.centos . && docker run -ti -p 8000:8000 fod.centos
#############################################################################
#############################################################################
......
......@@ -6,7 +6,11 @@ else
cd /opt/FOD
#./install-debian.sh --here --supervisord --setup_admin_user --setup_admin_user5 admin ${ADMIN_PASS} ${ADMIN_EMAIL} ${FOD_ORG} ${FOD_ORG_NET} --exabgp ${FOD_EXABGP_LOCAL_ID} ${FOD_EXABGP_LOCAL_IP} ${FOD_EXABGP_LOCAL_AS} ${FOD_EXABGP_REMOTE_ID} ${FOD_EXABGP_REMOTE_IP} ${FOD_EXABGP_REMOTE_AS}
#./install-debian.sh --here__with_venv_relative --supervisord --setup_admin_user --setup_admin_user5 admin ${ADMIN_PASS} ${ADMIN_EMAIL} ${FOD_ORG} ${FOD_ORG_NET} --exabgp ${FOD_EXABGP_LOCAL_ID} ${FOD_EXABGP_LOCAL_IP} ${FOD_EXABGP_LOCAL_AS} ${FOD_EXABGP_REMOTE_ID} ${FOD_EXABGP_REMOTE_IP} ${FOD_EXABGP_REMOTE_AS}
./install-debian.sh --fodproper1 --here__with_venv_relative --supervisord --setup_admin_user --setup_admin_user5 admin ${ADMIN_PASS} ${ADMIN_EMAIL} ${FOD_ORG} ${FOD_ORG_NET} --exabgp ${FOD_EXABGP_LOCAL_ID} ${FOD_EXABGP_LOCAL_IP} ${FOD_EXABGP_LOCAL_AS} ${FOD_EXABGP_REMOTE_ID} ${FOD_EXABGP_REMOTE_IP} ${FOD_EXABGP_REMOTE_AS}
./install-debian.sh --fodproper1 \
--here__with_venv_relative --supervisord \
--setup_admin_user --setup_admin_user5 admin ${ADMIN_PASS} ${ADMIN_EMAIL} ${FOD_ORG} ${FOD_ORG_NET} \
--setup_test_rule --setup_test_rule5 testrtr1 10.1.10.11/32 10.2.10.12/32 1 admin \
--exabgp ${FOD_EXABGP_LOCAL_ID} ${FOD_EXABGP_LOCAL_IP} ${FOD_EXABGP_LOCAL_AS} ${FOD_EXABGP_REMOTE_ID} ${FOD_EXABGP_REMOTE_IP} ${FOD_EXABGP_REMOTE_AS}
/opt/FOD/venv/bin/python -m pip install exabgp
touch /opt/setup_ok
fi
......@@ -5,7 +5,12 @@ if [ -e /opt/setup_ok ]; then
else
cd /opt/FOD
#./install-debian.sh --here --supervisord --setup_admin_user --setup_admin_user5 admin ${ADMIN_PASS} ${ADMIN_EMAIL} ${FOD_ORG} ${FOD_ORG_NET} --exabgp ${FOD_EXABGP_LOCAL_ID} ${FOD_EXABGP_LOCAL_IP} ${FOD_EXABGP_LOCAL_AS} ${FOD_EXABGP_REMOTE_ID} ${FOD_EXABGP_REMOTE_IP} ${FOD_EXABGP_REMOTE_AS}
./install-debian.sh --here__with_venv_relative --supervisord --setup_admin_user --setup_admin_user5 admin ${ADMIN_PASS} ${ADMIN_EMAIL} ${FOD_ORG} ${FOD_ORG_NET} --exabgp ${FOD_EXABGP_LOCAL_ID} ${FOD_EXABGP_LOCAL_IP} ${FOD_EXABGP_LOCAL_AS} ${FOD_EXABGP_REMOTE_ID} ${FOD_EXABGP_REMOTE_IP} ${FOD_EXABGP_REMOTE_AS}
#./install-debian.sh --here__with_venv_relative --supervisord --setup_admin_user --setup_admin_user5 admin ${ADMIN_PASS} ${ADMIN_EMAIL} ${FOD_ORG} ${FOD_ORG_NET} --exabgp ${FOD_EXABGP_LOCAL_ID} ${FOD_EXABGP_LOCAL_IP} ${FOD_EXABGP_LOCAL_AS} ${FOD_EXABGP_REMOTE_ID} ${FOD_EXABGP_REMOTE_IP} ${FOD_EXABGP_REMOTE_AS}
./install-debian.sh \
--here__with_venv_relative --supervisord \
--setup_admin_user --setup_admin_user5 admin ${ADMIN_PASS} ${ADMIN_EMAIL} ${FOD_ORG} ${FOD_ORG_NET} \
--setup_test_rule --setup_test_rule5 testrtr1 10.1.10.11/32 10.2.10.12/32 1 admin \
--exabgp ${FOD_EXABGP_LOCAL_ID} ${FOD_EXABGP_LOCAL_IP} ${FOD_EXABGP_LOCAL_AS} ${FOD_EXABGP_REMOTE_ID} ${FOD_EXABGP_REMOTE_IP} ${FOD_EXABGP_REMOTE_AS}
/opt/FOD/venv/bin/python -m pip install exabgp
touch /opt/setup_ok
fi
#!/bin/bash
source_prefix="$1"
shift 1
[ -n "$source_prefix" ] || source_prefix="127.0.0.1/32"
destination_prefix="$1"
shift 1
[ -n "$destination_prefix" ] || destination_prefix="0.0.0.0/0"
#
IPprotocolId="$1" #arg
shift 1
[ -n "$IPprotocolId" ] || IPprotocolId="1"
#
appliername="$1"
shift 1
[ -n "$appliername" ] || appliername="admin"
#
name_prefix="testrtr1"
#
{ cat /dev/fd/5 | ./pythonenv ./manage.py shell; } 5<<EOF
from flowspec.models import *
from django.contrib.auth.models import User;
applier1 = User.objects.get(username__exact='$appliername');
from django.db.models import Q
query = Q()
query |= Q(source='$source_prefix', destination='$destination_prefix', protocol__in=[$IPprotocolId])
matching_routes = Route.objects.filter(query)
if len(matching_routes)!=0:
print("test rule $name_prefix already exists")
print("matching_routes="+str(matching_routes))
else:
a = Route(name='$name_prefix', source='$source_prefix', destination='$destination_prefix', status='INACTIVE', applier=applier1)
a.save();
a.protocol.set([$IPprotocolId])
a.save();
EOF
#
echo "SELECT * from route;" | ./pythonenv ./manage.py dbshell | grep "$name_prefix.*$source_prefix.*$destination_prefix.*$IPprotocolId"
......@@ -92,6 +92,15 @@ setup_adminuser__peer_ip_prefix1="0.0.0.0/0"
#
setup_testrule=0
setup_testrule_appliername="$setup_adminuser__username"
setup_testrule_name_prefix="testrule1"
setup_testrule_source_prefix="0.0.0.0/0"
setup_testrule_destination_prefix="127.0.0.1/32"
setup_testrule_IPprotocolId=1 # ICMP
#
setup_netconf=0
setup_netconf__device=
......@@ -305,6 +314,22 @@ while [ $# -gt 0 ]; do
shift 1
setup_adminuser__peer_ip_prefix1="$1"
shift 1
elif [ $# -ge 1 -a "$1" = "--setup_test_rule" ]; then
shift 1
setup_test_rule=1
elif [ $# -ge 1 -a "$1" = "--setup_test_rule5" ]; then
shift 1
setup_testrule=1
setup_testrule_name_prefix="$1"
shift 1
setup_testrule_source_prefix="$1"
shift 1
setup_testrule_destination_prefix="$1"
shift 1
setup_testrule_IPprotocolId="$1"
shift 1
setup_testrule_appliername="$1"
shift 1
elif [ $# -ge 1 -a "$1" = "--netconf" ]; then
shift 1
setup_netconf=1
......@@ -813,6 +838,36 @@ if [ "$install_fodproper" = 1 ]; then
fi
echo "setup_testrule=$setup_testrule" 1>&2
if [ "$setup_testrule" = 1 ]; then
echo "$0: step 2.4.2.1: setup test rule" 1>&2
(
set +e # for now ignore potential errors, especially in case user already exists
source ./venv/bin/activate
{ cat /dev/fd/5 | ./pythonenv ./manage.py shell; } 5<<EOF
from flowspec.models import *
from django.contrib.auth.models import User;
applier1 = User.objects.get(username__exact='$setup_testrule_appliername');
from django.db.models import Q
query = Q()
query |= Q(source='$setup_testrule_source_prefix', destination='$setup_testrule_destination_prefix', protocol__in=[$setup_testrule_IPprotocolId])
matching_routes = Route.objects.filter(query)
if len(matching_routes)!=0:
print("test rule $setup_testrule_name_prefix already exists")
print("matching_routes="+str(matching_routes))
else:
a = Route(name='$setup_testrule_name_prefix', source='$setup_testrule_source_prefix', destination='$setup_testrule_destination_prefix', status='INACTIVE', applier=applier1)
a.save();
a.protocol.set([$setup_testrule_IPprotocolId])
a.save();
EOF
)
fi
##
# ./manage.py above may have created debug.log with root permissions:
......
......@@ -98,6 +98,15 @@ setup_adminuser__peer_ip_prefix1="0.0.0.0/0"
#
setup_testrule=0
setup_testrule_appliername="$setup_adminuser__username"
setup_testrule_name_prefix="testrule1"
setup_testrule_source_prefix="0.0.0.0/0"
setup_testrule_destination_prefix="127.0.0.1/32"
setup_testrule_IPprotocolId=1 # ICMP
#
setup_netconf=0
setup_netconf__device=
......@@ -408,6 +417,22 @@ while [ $# -gt 0 ]; do
shift 1
setup_adminuser__peer_ip_prefix1="$1"
shift 1
elif [ $# -ge 1 -a "$1" = "--setup_test_rule" ]; then
shift 1
setup_test_rule=1
elif [ $# -ge 1 -a "$1" = "--setup_test_rule5" ]; then
shift 1
setup_testrule=1
setup_testrule_name_prefix="$1"
shift 1
setup_testrule_source_prefix="$1"
shift 1
setup_testrule_destination_prefix="$1"
shift 1
setup_testrule_IPprotocolId="$1"
shift 1
setup_testrule_appliername="$1"
shift 1
elif [ $# -ge 1 -a "$1" = "--netconf" ]; then
shift 1
setup_netconf=1
......@@ -954,6 +979,36 @@ if [ "$install_fodproper" = 1 ]; then
fi
echo "setup_testrule=$setup_testrule" 1>&2
if [ "$setup_testrule" = 1 ]; then
echo "$0: step 2.4.2.1: setup test rule" 1>&2
(
set +e # for now ignore potential errors, especially in case user already exists
source ./venv/bin/activate
{ cat /dev/fd/5 | ./pythonenv ./manage.py shell; } 5<<EOF
from flowspec.models import *
from django.contrib.auth.models import User;
applier1 = User.objects.get(username__exact='$setup_testrule_appliername');
from django.db.models import Q
query = Q()
query |= Q(source='$setup_testrule_source_prefix', destination='$setup_testrule_destination_prefix', protocol__in=[$setup_testrule_IPprotocolId])
matching_routes = Route.objects.filter(query)
if len(matching_routes)!=0:
print("test rule $setup_testrule_name_prefix already exists")
print("matching_routes="+str(matching_routes))
else:
a = Route(name='$setup_testrule_name_prefix', source='$setup_testrule_source_prefix', destination='$setup_testrule_destination_prefix', status='INACTIVE', applier=applier1)
a.save();
a.protocol.set([$setup_testrule_IPprotocolId])
a.save();
EOF
)
fi
##
# ./manage.py above may have created debug.log with root permissions:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment