netconf

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2020 License: MIT Imports: 16 Imported by: 0

Documentation

Overview

Package netconf groups functionality to configure networking related resources.

Index

Constants

View Source 
const (
	// FileModeSystemd represents a file mode that allows systemd to read e.g. /etc/systemd/network files.
	FileModeSystemd = 0644
	// FileModeSixFourFour represents file mode 0644
	FileModeSixFourFour = 0644
	// FileModeDefault represents the default file mode sufficient e.g. to /etc/network/interfaces or /etc/frr.conf.
	FileModeDefault = 0600
	// Firewall defines the bare metal server to function as firewall.
	Firewall BareMetalType = iota
	// Machine defines the bare metal server to function as machine.
	Machine
	// SystemdUnitPath is the path where systemd units will be generated.
	SystemdUnitPath = "/etc/systemd/system/"
	// SystemdNetworkPath is the path where systemd-networkd expects its configuration files.
	SystemdNetworkPath = "/etc/systemd/network"
)
View Source 
const (
	// FRRVersion holds a string that is used in the frr.conf to define the FRR version.
	FRRVersion = "7.0"
	// TplFirewallFRR defines the name of the template to render FRR configuration to a 'firewall'.
	TplFirewallFRR = "frr.firewall.tpl"
	// TplMachineFRR defines the name of the template to render FRR configuration to a 'machine'.
	TplMachineFRR = "frr.machine.tpl"
	// IPPrefixListSeqSeed specifies the initial value for prefix lists sequence number.
	IPPrefixListSeqSeed = 100
	// IPPrefixListNoExportSuffix defines the suffix to use for private IP ranges that must not be exported.
	IPPrefixListNoExportSuffix = "-no-export"
	// RouteMapOrderSeed defines the initial value for route-map order.
	RouteMapOrderSeed = 10
)
View Source 
const (
	// TplFirewallIfaces defines the name of the template to render interfaces configuration for firewalls.
	TplFirewallIfaces = "interfaces.firewall.tpl"
	// TplMachineIfaces defines the name of the template to render interfaces configuration for machines.
	TplMachineIfaces = "lo.network.machine.tpl"
)
View Source 
const (
	TplNftablesV4 = "rules.v4.tpl"
	TplNftablesV6 = "rules.v6.tpl"
)

TplNftablesV4 defines the name of the template to render nftables configuration.

View Source 
const (
	// TplSystemdLink defines the name of the template to render system.link file.
	TplSystemdLink = "systemd.link.tpl"
	// TplSystemdNetwork defines the name of the template to render system.network file.
	TplSystemdNetwork = "systemd.network.tpl"
	// MTUFirewall defines the value for MTU specific to the needs of a firewall. VXLAN requires higher MTU.
	MTUFirewall = 9216
	// MTUMachine defines the value for MTU specific to the needs of a machine.
	MTUMachine = 9000
)
View Source 
const SystemdUnitDroptailer = "droptailer.service"

SystemdUnitDroptailer is the name of the systemd unit for the droptailer.

View Source 
const SystemdUnitFirewallController = "firewall-controller.service"

SystemdUnitFirewallController is the name of the systemd unit for the firewall policy controller,

View Source 
const SystemdUnitNodeExporter = "node-exporter.service"

SystemdUnitNodeExporter is the name of the systemd unit for the node_exporter.

View Source 
const SystemdUnitSuricataUpdate = "suricata-update.service"

SystemdUnitSuricataUpdate is the name of the systemd unit for the suricata-update.

View Source 
const TplDroptailer = "droptailer.service.tpl"

TplDroptailer is the name of the template for the droptailer service.

View Source 
const TplFirewallController = "firewall_controller.service.tpl"

TplFirewallController is the name of the template for the firewall-policy-controller service.

View Source 
const TplHostname = "hostname.tpl"

TplHostname defines the name of the template to render /etc/hostname.

View Source 
const TplHosts = "hosts.tpl"

TplHosts defines the name of the template to render hosts file.

View Source 
const TplNodeExporter = "node_exporter.service.tpl"

TplNodeExporter is the name of the template for the node_exporter service.

View Source 
const TplSuricataConfig = "suricata_config.yaml.tpl"

TplSuricataConfig is the name of the template for the suricata configuration.

View Source 
const TplSuricataDefaults = "suricata_defaults.tpl"

TplSuricataDefaults is the name of the template for the suricata defaults.

View Source 
const TplSuricataUpdate = "suricata_update.service.tpl"

TplSuricataUpdate is the name of the template for the suricata-update service.

Variables

This section is empty.

Functions

func NewDroptailerServiceApplier 

func NewDroptailerServiceApplier(kb KnowledgeBase, v net.Validator) (net.Applier, error)

NewDroptailerServiceApplier constructs a new instance of this type.

func NewFirewallControllerServiceApplier added in v0.2.0 

func NewFirewallControllerServiceApplier(kb KnowledgeBase, v net.Validator) (net.Applier, error)

NewFirewallControllerServiceApplier constructs a new instance of this type.

func NewFrrConfigApplier 

func NewFrrConfigApplier(kind BareMetalType, kb KnowledgeBase, tmpFile string) net.Applier

NewFrrConfigApplier constructs a new Applier of the given type of Bare Metal.

func NewHostnameApplier 

func NewHostnameApplier(kb KnowledgeBase, tmpFile string) net.Applier

NewHostnameApplier creates a new Applier to render hostname.

func NewHostsApplier 

func NewHostsApplier(kb KnowledgeBase, tmpFile string) net.Applier

NewHostsApplier creates a new hosts applier.

func NewIfacesConfigApplier 

func NewIfacesConfigApplier(kind BareMetalType, kb KnowledgeBase, tmpFile string) net.Applier

NewIfacesConfigApplier constructs a new instance of this type.

func NewNftablesConfigApplier 

func NewNftablesConfigApplier(kb KnowledgeBase, validator net.Validator) net.Applier

NewNftablesConfigApplier constructs a new instance of this type.

func NewNodeExporterServiceApplier 

func NewNodeExporterServiceApplier(kb KnowledgeBase, v net.Validator) (net.Applier, error)

NewNodeExporterServiceApplier constructs a new instance of this type.

func NewSuricataConfigApplier added in v0.1.4 

func NewSuricataConfigApplier(kb KnowledgeBase, tmpFile string) (net.Applier, error)

NewSuricataConfigApplier constructs a new instance of this type.

func NewSuricataDefaultsApplier added in v0.1.4 

func NewSuricataDefaultsApplier(kb KnowledgeBase, tmpFile string) (net.Applier, error)

NewSuricataDefaultsApplier constructs a new instance of this type.

func NewSuricataUpdateServiceApplier added in v0.1.4 

func NewSuricataUpdateServiceApplier(kb KnowledgeBase, v net.Validator) (net.Applier, error)

NewSuricataUpdateServiceApplier constructs a new instance of this type.

func NewSystemdLinkApplier 

func NewSystemdLinkApplier(kind BareMetalType, machineUUID string, nicIndex int, nic NIC,
	tmpFile string) net.Applier

NewSystemdLinkApplier creates a new Applier to configure systemd.link.

func NewSystemdNetworkApplier 

func NewSystemdNetworkApplier(uuid string, nicIndex int, tmpFile string) net.Applier

NewSystemdNetworkApplier creates a new Applier to configure systemd.network.

Types

type AccessPolicy 

type AccessPolicy int

AccessPolicy is a type that represents a policy to manage access roles. 

const (
	// AllZerosCIDR represents a CIDR notation that matches all addresses in the IPv4 address space.
	AllZerosCIDR = "0.0.0.0/0"
	// Permit defines an access policy that allows access.
	Permit AccessPolicy = iota
	// Deny defines an access policy that forbids access.
	Deny
)

func (AccessPolicy) String 

func (p AccessPolicy) String() string

type BareMetalType 

type BareMetalType int

BareMetalType defines the type of configuration to apply.

type Bridge 

type Bridge struct {
	Ports string
	Vids  string
}

Bridge represents a network bridge.

type ChronyServiceEnabler 

type ChronyServiceEnabler struct {
	VRF string
}

ChronyServiceEnabler can enable chrony systemd service for the given VRF.

func NewChronyServiceEnabler 

func NewChronyServiceEnabler(kb KnowledgeBase) (ChronyServiceEnabler, error)

NewChronyServiceEnabler constructs a new instance of this type.

func (ChronyServiceEnabler) Enable 

func (c ChronyServiceEnabler) Enable() error

Enable enables chrony systemd service for the given VRF to be started after boot.

type CommonConfigurator 

type CommonConfigurator struct {
	Kb KnowledgeBase
}

CommonConfigurator contains information that is common to all configurators.

type CommonFRRData 

type CommonFRRData struct {
	ASN        int64
	Comment    string
	FRRVersion string
	Hostname   string
	RouterID   string
}

CommonFRRData contains attributes that are common to FRR configuration of all kind of bare metal servers.

type CommonIfacesData 

type CommonIfacesData struct {
	Comment  string
	Loopback Loopback
}

CommonIfacesData contains attributes required to render common network interfaces configuration of a bare metal server.

type Configurator 

type Configurator interface {
	Configure()
}

Configurator is an interface to configure bare metal servers.

func NewConfigurator 

func NewConfigurator(kind BareMetalType, kb KnowledgeBase) Configurator

NewConfigurator creates a new configurator.

type DroptailerData 

type DroptailerData struct {
	Comment   string
	TenantVrf string
}

DroptailerData contains the data to render the droptailer service template.

type EVPNIface 

type EVPNIface struct {
	VRF   VRF
	SVI   SVI
	VXLAN VXLAN
}

EVPNIface represents the information required to render EVPN interfaces configuration.

type FRRValidator 

type FRRValidator struct {
	// contains filtered or unexported fields
}

FRRValidator validates the frr.conf to apply.

func (FRRValidator) Validate 

func (v FRRValidator) Validate() error

Validate can be used to run validation on FRR configuration using vtysh.

type FirewallConfigurator 

type FirewallConfigurator struct {
	CommonConfigurator
}

FirewallConfigurator is a configurator that configures a bare metal server as 'firewall'.

func (FirewallConfigurator) Configure 

func (configurator FirewallConfigurator) Configure()

Configure applies configuration to a bare metal server to function as 'firewall'.

type FirewallControllerData added in v0.1.8 

type FirewallControllerData struct {
	Comment         string
	DefaultRouteVrf string
}

FirewallControllerData contains the data to render the firewall-controller service template.

type FirewallFRRData 

type FirewallFRRData struct {
	CommonFRRData
	VRFs []VRF
}

FirewallFRRData contains attributes required to render frr.conf of bare metal servers that function as 'firewall'.

type FirewallIfacesData 

type FirewallIfacesData struct {
	CommonIfacesData
	Bridge         Bridge
	EVPNInterfaces []EVPNIface
}

FirewallIfacesData contains attributes required to render network interfaces configuration of a bare metal server that functions as 'firewall'.

type HostnameData 

type HostnameData struct {
	Comment, Hostname string
}

HostnameData contains attributes to render hostname file.

type HostnameValidator 

type HostnameValidator struct {
	// contains filtered or unexported fields
}

HostnameValidator validates hostname changes.

func (HostnameValidator) Validate 

func (v HostnameValidator) Validate() error

Validate validates hostname rendering.

type HostsData 

type HostsData struct {
	Comment  string
	Hostname string
	IP       string
}

HostsData contains data to render hosts file.

type HostsValidator 

type HostsValidator struct {
	// contains filtered or unexported fields
}

HostsValidator validates hosts file.

func (HostsValidator) Validate 

func (v HostsValidator) Validate() error

Validate validates hosts file.

type IPPrefixList 

type IPPrefixList struct {
	Name string
	Spec string
}

IPPrefixList represents 'ip prefix-list' filtering mechanism to be used in combination with route-maps.

type Identity 

type Identity struct {
	Comment string
	ID      int
}

Identity represents an object's identity.

type IfacesValidator 

type IfacesValidator struct {
	// contains filtered or unexported fields
}

IfacesValidator defines the base type of an interfaces validator.

func (IfacesValidator) Validate 

func (v IfacesValidator) Validate() error

Validate network interfaces configuration. Assumes ifupdown2 is available.

type KnowledgeBase 

type KnowledgeBase struct {
	Hostname     string    `yaml:"hostname"`
	Ipaddress    string    `yaml:"ipaddress"`
	Asn          string    `yaml:"asn"`
	Networks     []Network `yaml:"networks"`
	Machineuuid  string    `yaml:"machineuuid"`
	Sshpublickey string    `yaml:"sshpublickey"`
	Password     string    `yaml:"password"`
	Devmode      bool      `yaml:"devmode"`
	Console      string    `yaml:"console"`
	Nics         []NIC     `yaml:"nics"`
}

KnowledgeBase was generated with: https://mengzhuo.github.io/yaml-to-go/. It represents the input yaml that is needed to render network configuration files.

func NewKnowledgeBase 

func NewKnowledgeBase(path string) KnowledgeBase

NewKnowledgeBase creates a new instance of this type.

func (KnowledgeBase) CollectIPs 

func (kb KnowledgeBase) CollectIPs(types ...NetworkType) []string

CollectIPs collects IPs of the given networks.

func (KnowledgeBase) GetNetworks 

func (kb KnowledgeBase) GetNetworks(types ...NetworkType) []Network

GetNetworks returns all networks present.

func (KnowledgeBase) Validate 

func (kb KnowledgeBase) Validate(kind BareMetalType) error

Validate validates the containing information depending on the demands of the bare metal type.

type Loopback 

type Loopback struct {
	Comment string
	IPs     []string
}

Loopback represents a loopback interface (lo).

type MachineConfigurator 

type MachineConfigurator struct {
	CommonConfigurator
}

MachineConfigurator is a configurator that configures a bare metal server as 'machine'.

func (MachineConfigurator) Configure 

func (configurator MachineConfigurator) Configure()

Configure applies configuration to a bare metal server to function as 'machine'.

type MachineFRRData 

type MachineFRRData struct {
	CommonFRRData
}

MachineFRRData contains attributes required to render frr.conf of bare metal servers that function as 'machine'.

type MachineIfacesData 

type MachineIfacesData struct {
	CommonIfacesData
}

MachineIfacesData contains attributes required to render network interfaces configuration of a bare metal server that functions as 'machine'.

type NIC 

type NIC struct {
	Mac       string `yaml:"mac"`
	Name      string `yaml:"name"`
	Neighbors []struct {
		Mac       string        `yaml:"mac"`
		Name      interface{}   `yaml:"name"`
		Neighbors []interface{} `yaml:"neighbors"`
	} `yaml:"neighbors"`
}

NIC is a representation of network interfaces attributes.

type Network 

type Network struct {
	Asn                 int64    `yaml:"asn"`
	Destinationprefixes []string `yaml:"destinationprefixes"`
	Ips                 []string `yaml:"ips"`
	Nat                 bool     `yaml:"nat"`
	Networkid           string   `yaml:"networkid"`
	Prefixes            []string `yaml:"prefixes"`
	Private             bool     `yaml:"private"`
	Underlay            bool     `yaml:"underlay"`
	Vrf                 int      `yaml:"vrf"`
	Vlan                int      `yaml:"vlan,omitempty"`
}

Network is a representation of a tenant network.

type NetworkType 

type NetworkType int

NetworkType represents the functional type of a network. 

const (
	// VLANOffset defines a number to start with when creating new VLAN IDs.
	VLANOffset = 1000
	// Underlay represents the fabric network where infrastructure switches and routers are placed in.
	Underlay NetworkType = iota
	// Private represents the local machine network where all machines of a project are placed in.
	Private
	// Public represents an external network a machine has access to.
	Public
)

type NftablesData 

type NftablesData struct {
	Comment string
	SNAT    []SNAT
}

NftablesData represents the information required to render nftables configuration.

type NftablesV4Validator 

type NftablesV4Validator struct {
	NftablesValidator
}

NftablesV4Validator can validate configuration for ipv4 nftables rules.

func (NftablesV4Validator) Validate 

func (v NftablesV4Validator) Validate() error

Validate validates network interfaces configuration.

type NftablesV6Validator 

type NftablesV6Validator struct {
	NftablesValidator
}

NftablesV6Validator can validate configuration for ipv6 nftables rules.

func (NftablesV6Validator) Validate 

func (v NftablesV6Validator) Validate() error

Validate validates network interfaces configuration.

type NftablesValidator 

type NftablesValidator struct {
	// contains filtered or unexported fields
}

NftablesValidator can validate configuration for nftables rules.

type NodeExporterData 

type NodeExporterData struct {
	Comment   string
	TenantVrf string
}

NodeExporterData contains the data to render the node_exporter service template.

type RouteMap 

type RouteMap struct {
	Name    string
	Entries []string
	Policy  string
	Order   int
}

RouteMap represents a route-map to permit or deny routes.

type SNAT 

type SNAT struct {
	Comment      string
	OutInterface string
	SourceSpecs  []string
}

SNAT holds the information required to configure Source NAT.

type SVI 

type SVI struct {
	VlanID    int
	Comment   string
	Addresses []string
}

SVI represents a switched virtual interface.

type ServiceValidator 

type ServiceValidator struct {
	// contains filtered or unexported fields
}

ServiceValidator holds information for systemd service validation.

func (ServiceValidator) Validate 

func (v ServiceValidator) Validate() error

Validate validates the service file.

type SuricataConfigData added in v0.1.4 

type SuricataConfigData struct {
	Comment         string
	DefaultRouteVrf string
}

SuricataConfigData represents the information required to render suricata configuration.

type SuricataConfigValidator added in v0.1.4 

type SuricataConfigValidator struct {
	// contains filtered or unexported fields
}

SuricataConfigValidator can validate configuration for suricata.

func (SuricataConfigValidator) Validate added in v0.1.4 

func (v SuricataConfigValidator) Validate() error

Validate validates suricata configuration.

type SuricataDefaultsData added in v0.1.4 

type SuricataDefaultsData struct {
	Comment         string
	DefaultRouteVrf string
}

SuricataDefaultsData represents the information required to render suricata defaults.

type SuricataDefaultsValidator added in v0.1.4 

type SuricataDefaultsValidator struct {
	// contains filtered or unexported fields
}

SuricataDefaultsValidator can validate defaults for suricata.

func (SuricataDefaultsValidator) Validate added in v0.1.4 

func (v SuricataDefaultsValidator) Validate() error

Validate validates suricata defaults.

type SuricataUpdateData added in v0.1.4 

type SuricataUpdateData struct {
	Comment         string
	DefaultRouteVrf string
}

SuricataUpdateData contains the data to render the suricata-update service template.

type SystemdCommonData 

type SystemdCommonData struct {
	Comment string
	Index   int
}

SystemdCommonData contains attributes common to systemd.network and systemd.link files.

type SystemdLinkData 

type SystemdLinkData struct {
	SystemdCommonData
	MAC string
	MTU int
}

SystemdLinkData contains attributes required to render systemd.link files.

type SystemdNetworkData 

type SystemdNetworkData struct {
	SystemdCommonData
}

SystemdNetworkData contains attributes required to render systemd.network files.

type SystemdNetworkdValidator added in v0.1.10 

type SystemdNetworkdValidator struct {
	// contains filtered or unexported fields
}

SystemdNetworkdValidator defines the base type of an systemd-networkd validator.

func (SystemdNetworkdValidator) Validate added in v0.1.10 

func (v SystemdNetworkdValidator) Validate() error

Validate network interfaces configuration done with systemd-networkd. Assumes systemd-networkd is installed.

type SystemdValidator 

type SystemdValidator struct {
	// contains filtered or unexported fields
}

SystemdValidator validates systemd.network and system.link files.

func (SystemdValidator) Validate 

func (v SystemdValidator) Validate() error

Validate validates systemd.network and systemd.link files.

type VRF 

type VRF struct {
	Identity
	VNI            int
	ImportVRFNames []string
	IPPrefixLists  []IPPrefixList
	RouteMaps      []RouteMap
}

VRF represents data required to render VRF information into frr.conf.

type VXLAN 

type VXLAN struct {
	Identity
	TunnelIP string
}

VXLAN represents a VXLAN interface.

Source Files

View all Source files

Directories

Path Synopsis
tpl
statik
Package statik provides vfs access to static content content here is generated with the statik command from the make process.
 Package statik provides vfs access to static content content here is generated with the statik command from the make process.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.