feat: ssh config builder & fetcher

helper_scripts/build_ssh_config_on_workstation.py

@@ -0,0 +1,45 @@
+#!/usr/bin/python
+
+import sys
+import subprocess
+import os
+import paramiko
+
+HOSTS = [
+    "root@atlantishq.de",
+    "root@katzencluster.atlantishq.de",
+    "root@atlantis-helsinki.atlantishq.de"
+]
+
+BASE_FILE = "~/.ssh/base_config"
+MAIN_CONFIG = "~/.ssh/config"
+
+if __name__ == "__main__":
+
+    contents = ""
+    for target in HOSTS:
+
+        RUN_CMD = ["ssh", "-t", target , "cd /root/athq-vm-management/; python3 main.py"]
+        COPY_CMD = ["ssh", "-t", target, "cat /root/athq-vm-management/ssh_config_for_clients"]
+
+        print("Doing", target, file=sys.stderr)
+        out = subprocess.run(RUN_CMD, capture_output=True, universal_newlines=True)
+        if out.returncode != 0:
+            print("failed (run command)!")
+            print(out.stderr)
+            sys.exit(1)
+
+        out = subprocess.run(COPY_CMD, capture_output=True, universal_newlines=True)
+        if out.returncode != 0:
+            print("failed (cat command)!")
+            print(out.stderr)
+            sys.exit(1)
+        
+        contents += out.stdout
+        contents += "\n"
+
+    with open(os.path.expanduser(BASE_FILE)) as f:
+        with open(os.path.expanduser(MAIN_CONFIG), "w") as fout:
+            fout.write(f.read())
+            fout.write("\n")
+            fout.write(contents)

nginx.py

@@ -32,7 +32,7 @@ def dump_config(vmList, masterAddress):
         for vmo in vmList:
             relevant_subdomains = filter(lambda x: x.get("no-terminate-ssl"), vmo.subdomains)
             for s in relevant_subdomains:
-                print(s, "ssl_target_port", s.get("ssl_target_port"))
+                # print(s, "ssl_target_port", s.get("ssl_target_port"))
                 # build the map contents #
                 if s.get("include-subdomains"):
                     match = "~.*{}".format(s.get("name"))
@@ -66,7 +66,7 @@ def dump_config(vmList, masterAddress):
         for vmo in vmList:
             for subdomain in vmo.subdomains:
                 if vmo.noTerminateACME:
-                    print("Not terminating ACME for: {}".format(subdomain))
+                    print("Not terminating ACME for: {}".format(subdomain.get("name")))
                     continue
                 if type(subdomain) == dict:
                     domains.append(subdomain["name"])
@@ -95,10 +95,10 @@ def dump_config(vmList, masterAddress):
             f.write(content)
 
 def check_transparent_proxy_loader():
-    retcode = os.system("systemctl is-enabled nginx-iptables.service")
+    retcode = os.system("systemctl -q is-enabled nginx-iptables.service")
     if retcode != 0:
         print("############################ WARNING ###############################")
         print("+++ You may have transparent proxy rules but the service to load +++")
         print("+++ them is not enabled or missing, a restart WILL break your    +++")
-        print("+++ setup! Add see nginx-iptables.service in the project root    +++")
+        print("+++ setup! Look at nginx-iptables.service in the project root    +++")
         print("############################ WARNING ###############################")

vm.py

@@ -1,4 +1,5 @@
 import libvirt
+import json
 import jinja2
 
 class VM:
@@ -36,6 +37,8 @@ class VM:
             network = con.networkLookupByName(self.network)
             leases = network.DHCPLeases()
             for l in leases:
+                if not l.get("type") == 0: # FIXME: only ipv4 for now
+                    continue
                 if l.get("hostname") == self.hostname:
                     return l
         
@@ -91,7 +94,14 @@ class VM:
         components = []
         template = self.environment.get_template("nginx_stream_block.conf.j2")
         if not self.isExternal:
-            self.sshOutsidePort = 7000 + int(self.ip.split(".")[-1])
+
+            try:
+                self.sshOutsidePort = 7000 + int(self.ip.split(".")[-1])
+            except ValueError as e:
+                print(f"Warning: {self.hostname} Invalid IP (IPv6 is not supported) {e}",
+                        file=sys.stderr)
+                return []
+
             component = template.render(targetip=self.ip, udp=False,
                                             portstring=self.sshOutsidePort,
                                             targetportoverwrite=7000,
@@ -136,7 +146,7 @@ class VM:
         for subdomain in self.subdomains:
 
             if subdomain.get("no-terminate-ssl"):
-                print("Not terminating TLS for: {}".format(subdomain))
+                print("Not terminating TLS for: {}".format(subdomain.get("name")))
 
             if type(subdomain) != dict:
                 raise ValueError("Subdomain must be object containing 'name' ")
@@ -158,6 +168,10 @@ class VM:
             if subdomain.get("include-subdomains") and not subdomain.get("no-terminate-ssl"):
                 raise ValueError("Wildcard Subdomain not supported with SSL Termination")
 
+            if "port" in subdomain and "no-terminate-ssl" in subdomain:
+                print(json.dumps(subdomain, indent=2))
+                raise ValueError("'port' is not allowed with no-terminate-ssl subdomain, use http_target_port and ssl_target_port")
+
             component = template.render(targetip=self.ip, targetport=targetport, 
                             servernames=[subdomain["name"]], comment=compositeName,
                             proxy_pass_blob=self.proxy_pass_blob,