clore
/
hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

proper networking configuration

This commit is contained in:
clore 2024-03-26 00:39:51 +00:00
parent 7397de8a5b
commit ea6403258b
3 changed files with 52 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
clore_hosting/main.py
View File

@ -115,7 +115,8 @@ class CloreClient:
unique_monitoring = list(set(monitoring_data))
for service_name in unique_monitoring:
self.last_service_heartbeat[service_name]=utils.unix_timestamp()
log.success(self.last_service_heartbeat)
if config.debug:
log.success(self.last_service_heartbeat)
for service_name in self.last_service_heartbeat.keys():
last_hearthbeat = self.last_service_heartbeat[service_name]
if last_hearthbeat < utils.unix_timestamp()-config.maximum_pull_service_loop_time and service_name=="handle_container_cache":

66
lib/docker_interface.py
View File

@ -213,7 +213,7 @@ def validate_and_secure_networks():
this_ipv4_range = ''
for if_name in network_interfaces_with_subnet.keys():
can_be_docker = True
if if_name[:3] in ["eth", "enp", "eno", "ens", "wlp"]:
if if_name[:3] in ["eth", "enp", "eno", "ens", "wlp", "vet"]:
can_be_docker = False
ipv4_range = network_interfaces_with_subnet[if_name]
if ipv4_range==docker_network.IPAM[0].Subnet and can_be_docker:
@ -223,27 +223,55 @@ def validate_and_secure_networks():
if this_if_name:
#print(this_if_name)
#print(this_ipv4_range)
outside_ranges_ip_network = networking.exclude_network(this_ipv4_range)
outside_ranges = []
for outside_range_ip_network in outside_ranges_ip_network:
outside_ranges.append(str(outside_range_ip_network))
#print(docker_network)
for rule_template in config.clore_iptables_rules:
needed_iptables_rule = rule_template.replace("<subnet>",this_ipv4_range).replace("<interface>",this_if_name)
for_comparison_rule = "-A"+needed_iptables_rule[2:] if needed_iptables_rule[:2]=="-I" else needed_iptables_rule
for_comparison_rule_normalized = utils.normalize_rule(utils.parse_rule_to_dict(for_comparison_rule))
if rule_template[:2]=='-I':
for outside_range in outside_ranges:
needed_iptables_rule = rule_template.replace("<subnet>",outside_range).replace("<interface>",this_if_name)
for_comparison_rule = "-A"+needed_iptables_rule[2:] if needed_iptables_rule[:2]=="-I" else needed_iptables_rule
for_comparison_rule_normalized = utils.normalize_rule(utils.parse_rule_to_dict(for_comparison_rule))
is_rule_active = False
# Iterate in reverse to safely remove items while iterating
for i in range(len(normalized_iptables_rules) - 1, -1, -1):
if normalized_iptables_rules[i] == for_comparison_rule_normalized:
is_rule_active = True
# Remove the matched rule
normalized_iptables_rules.pop(i)
not_normalized_iptables_rules.pop(i)
#print(for_comparison_rule, '|', is_rule_active)
is_rule_active = False
# Iterate in reverse to safely remove items while iterating
for i in range(len(normalized_iptables_rules) - 1, -1, -1):
if normalized_iptables_rules[i] == for_comparison_rule_normalized:
is_rule_active = True
# Remove the matched rule
normalized_iptables_rules.pop(i)
not_normalized_iptables_rules.pop(i)
if not is_rule_active:
succesfully_appended = networking.add_iptables_rule(needed_iptables_rule)
if not succesfully_appended:
failed_appending_iptables_rule = True
#print(for_comparison_rule, '|', is_rule_active)
if not is_rule_active:
succesfully_appended = networking.add_iptables_rule(needed_iptables_rule)
if not succesfully_appended:
failed_appending_iptables_rule = True
else:
needed_iptables_rule = rule_template.replace("<subnet>",this_ipv4_range).replace("<interface>",this_if_name)
for_comparison_rule = "-A"+needed_iptables_rule[2:] if needed_iptables_rule[:2]=="-I" else needed_iptables_rule
for_comparison_rule_normalized = utils.normalize_rule(utils.parse_rule_to_dict(for_comparison_rule))
is_rule_active = False
# Iterate in reverse to safely remove items while iterating
for i in range(len(normalized_iptables_rules) - 1, -1, -1):
if normalized_iptables_rules[i] == for_comparison_rule_normalized:
is_rule_active = True
# Remove the matched rule
normalized_iptables_rules.pop(i)
not_normalized_iptables_rules.pop(i)
#print(for_comparison_rule, '|', is_rule_active)
if not is_rule_active:
succesfully_appended = networking.add_iptables_rule(needed_iptables_rule)
if not succesfully_appended:
failed_appending_iptables_rule = True
else:
remove_docker_network(docker_network.Name)
except Exception as e2:
@ -287,7 +315,7 @@ def validate_and_secure_networks():
if key=="-s" and not_matched_rule[key][:len(config.clore_br_first_allowed_octet)] != config.clore_br_first_allowed_octet:
any_unmatching_values=True
break
elif key=="-i" and not_matched_rule[key][:3] in ["eth", "enp", "eno", "ens", "wlp"]:
elif key=="-i" and not_matched_rule[key][:3] in ["eth", "enp", "eno", "ens", "wlp", "vet"]:
any_unmatching_values=True
break
elif key=="-d" and not_matched_rule[key][:len(config.clore_br_first_allowed_octet)] != config.clore_br_first_allowed_octet:

6
lib/networking.py
View File

@ -27,16 +27,16 @@ def get_network_interfaces_with_subnet():
def exclude_network(excluded_network):
# Convert exclude_network to ip_network object
exclude_network = ip_network(exclude_network)
excluded_network = ip_network(excluded_network)
# Remove the excluded network from the local_ranges list
local_ranges = [ip_network(range_) for range_ in config.local_ipv4_ranges if ip_network(range_) != exclude_network]
ranges_outside_exclude = []
for local_range in local_ranges:
if local_range.overlaps(exclude_network):
if local_range.overlaps(excluded_network):
# If there's an overlap, split the range into parts excluding the excluded network
for subnet in local_range.address_exclude(exclude_network):
for subnet in local_range.address_exclude(excluded_network):
ranges_outside_exclude.append(subnet)
else:
ranges_outside_exclude.append(local_range)