Last active
May 1, 2018 19:26
-
-
Save kmurudi/0951df45cc569758961c14e283fb89b3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import os | |
| import subprocess | |
| import sys | |
| vm_num=5 | |
| br_num=3 | |
| # list of IPs for subnets of tenant - VMs | |
| av_ips = [] | |
| for i in range(100,151): | |
| av_ips.append("192.168."+str(i)) | |
| # list of IPs to assign to PGW interfaces | |
| pg_ips = [] | |
| for i in range(170,191): | |
| pg_ips.append("192.168."+str(i)) | |
| def add_t(t_name,num_subnets): | |
| os.system("sudo docker run -itd --privileged --name="+t_name+" fw_ubuntu" ) | |
| global vm_num | |
| for i in range(vm_num,vm_num+num_subnets): | |
| os.system("sudo docker run -itd --privileged --name=VM"+str(i)+" fw_ubuntu") | |
| global br_num | |
| os.system("sudo brctl addbr br"+str(br_num)) | |
| os.system("sudo ip link set br"+str(br_num)+" up") | |
| for i in range(vm_num,vm_num+num_subnets): | |
| os.system("sudo ip link add v"+str(i)+t_name+" type veth peer name VM"+str(i)) | |
| #getting PID of new IGW | |
| output_ig = subprocess.Popen("sudo docker inspect -f '{{.State.Pid}}' "+t_name, stdout=subprocess.PIPE, shell=True) | |
| (out1, err) = output_ig.communicate() | |
| ig_pid = out1.strip() | |
| vm_pids=[] | |
| for i in range(vm_num,vm_num+num_subnets): | |
| output = subprocess.Popen("sudo docker inspect -f '{{.State.Pid}}' VM"+str(i), stdout=subprocess.PIPE, shell=True) | |
| (out, err) = output.communicate() | |
| vm_pids.append(out.strip()) | |
| print vm_pids | |
| for i in range(vm_num,vm_num+num_subnets): | |
| os.system("sudo ip link set v"+str(i)+t_name+" netns "+ig_pid) | |
| os.system("sudo ip link set VM"+str(i)+" netns "+vm_pids[i-vm_num]) | |
| #adding IGW3 to br1 | |
| os.system("sudo ip link add veth"+t_name+" type veth peer name veth"+t_name+"b") | |
| os.system("sudo brctl addif br"+str(br_num)+" veth"+t_name+"b") | |
| os.system("sudo ip link set veth"+t_name+"b up") | |
| os.system("sudo ip link set veth"+t_name+" netns "+ig_pid) | |
| # adding br3 to PGW1 & PGW2 | |
| os.system("sudo ip link add veth"+t_name+"P1 type veth peer name vethbr"+str(br_num)+"1") | |
| os.system("sudo ip link add veth"+t_name+"P2 type veth peer name vethbr"+str(br_num)+"2") | |
| os.system("sudo brctl addif br"+str(br_num)+" vethbr"+str(br_num)+"1") | |
| os.system("sudo brctl addif br"+str(br_num)+" vethbr"+str(br_num)+"2") | |
| os.system("sudo ip link set vethbr"+str(br_num)+"1 up") | |
| os.system("sudo ip link set vethbr"+str(br_num)+"2 up") | |
| pg_pids=[] | |
| for i in range(1,3): | |
| output = subprocess.Popen("sudo docker inspect -f '{{.State.Pid}}' PGW"+str(i), stdout=subprocess.PIPE, shell=True) | |
| (out, err) = output.communicate() | |
| pg_pids.append(out.strip()) | |
| os.system("sudo ip link set veth"+t_name+"P1 netns "+pg_pids[0]) | |
| os.system("sudo ip link set veth"+t_name+"P2 netns "+pg_pids[1]) | |
| # assigning rules in IGWs | |
| global pg_ips | |
| pg_ip = pg_ips[0] | |
| pg_ig = pg_ips[0]+".10" | |
| pg_pg = pg_ips[0]+".1" | |
| ig_subnet = pg_ips[0]+".0/24" | |
| os.system("sudo docker exec -it "+t_name+" ip link set veth"+t_name+" up") | |
| os.system("sudo docker exec -it "+t_name+" ip addr add "+pg_ig+"/24 dev veth"+t_name) | |
| os.system("sudo docker exec -it PGW1 ip link set veth"+t_name+"P1 up") | |
| os.system("sudo docker exec -it PGW1 ip addr add "+pg_pg+"/24 dev veth"+t_name+"P1") | |
| os.system("sudo docker exec -it PGW2 ip link set veth"+t_name+"P2 up") | |
| os.system("sudo docker exec -it PGW2 ip addr add "+pg_pg+"/24 dev veth"+t_name+"P2") | |
| # enable ip forwarding inside IGW | |
| os.system("sudo docker exec "+t_name+" sysctl -w net.ipv4.ip_forward=1") | |
| os.system("sudo docker exec "+t_name+" ip route del default ") | |
| os.system("sudo docker exec "+t_name+" ip route add default via "+pg_pg) | |
| # assigning rules in PGW1 and PGW2 postrouting rules | |
| os.system("sudo docker exec PGW1 iptables -t nat -A POSTROUTING -s "+ig_subnet+" ! -d "+ig_subnet+" -j MASQUERADE") | |
| os.system("sudo docker exec PGW2 iptables -t nat -A POSTROUTING -s "+ig_subnet+" ! -d "+ig_subnet+" -j MASQUERADE") | |
| #assigning IPs to VM-IGW veth pairs | |
| global av_ips | |
| for i in range(vm_num,vm_num+num_subnets): | |
| # docker exec assign ip now | |
| # docker exec VM - up the link veth interface | |
| ip_chosen = av_ips[0] | |
| subnet_ip = av_ips[0]+".0/24" | |
| ip_str = av_ips[0]+".10" | |
| ig_ip = av_ips[0]+".1" | |
| os.system("sudo docker exec -it VM"+str(i)+" ip link set VM"+str(i)+" up") | |
| os.system("sudo docker exec -it VM"+str(i)+" ip addr add "+ip_str+"/24 dev VM"+str(i)) | |
| os.system("sudo docker exec -it "+t_name+" ip link set v"+str(i)+t_name+" up") | |
| os.system("sudo docker exec -it "+t_name+" ip addr add "+ig_ip+"/24 dev v"+str(i)+t_name) | |
| # adding post routing rules in IGW for its subnets | |
| os.system("sudo docker exec "+t_name+" iptables -t nat -A POSTROUTING -s "+subnet_ip+" ! -d "+subnet_ip+" -j MASQUERADE") | |
| # removing default rule and adding new next hop default route in VM | |
| os.system("sudo docker exec VM"+str(i)+" ip route del default") | |
| os.system("sudo docker exec VM"+str(i)+" ip route add default via "+ig_ip) | |
| # adding rules in PGW1 AND PGW2 for VMs for TCP pre routing rules - found in vmNSconfig.sh | |
| os.system("sudo docker exec PGW1 iptables -t nat -A PREROUTING -p tcp -i vethPG --dport 5000 -j DNAT --to-destination "+ip_str+":5000") | |
| os.system("sudo docker exec PGW2 iptables -t nat -A PREROUTING -p tcp -i vethPG --dport 5000 -j DNAT --to-destination "+ip_str+":5000") | |
| # adding routes in PGW1 and PGW2 for VM subnet | |
| os.system("sudo docker exec PGW1 ip route add "+subnet_ip+" via "+pg_ig) | |
| os.system("sudo docker exec PGW2 ip route add "+subnet_ip+" via "+pg_ig) | |
| # when all assignments done for this subnet ip - remove from list | |
| av_ips.remove(ip_chosen) | |
| # when all assignments done for PG-IG IP subnet - remove from list | |
| pg_ips.remove(pg_ip) | |
| # update global variables | |
| vm_num = vm_num+num_subnets | |
| br_num=br_num+1 | |
| def main(): | |
| while True: | |
| t_name = raw_input("Enter the name of new Tenant: ") | |
| num_subnets = int(raw_input("Enter the number of subnets you want in this Tenant: ")) | |
| add_t(t_name,num_subnets) | |
| exit=raw_input("Do you want to exit?\n Yes \n No\n") | |
| if exit == "Yes": | |
| sys.exit() | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment