Skip to content

Commit 6659615

Browse files
JonasProgrammerJonasProgrammer
committed
Add option to disable public network
1 parent 62af3e4 commit 6659615

File tree

2 files changed

+79
-23
lines changed

2 files changed

+79
-23
lines changed

README.md

Lines changed: 31 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -128,28 +128,37 @@ was used during creation.
128128

129129
#### Environment variables and default values
130130

131-
| CLI option | Environment variable | Default |
132-
| ----------------------------------- | --------------------------------- | -------------------------- |
133-
| **`--hetzner-api-token`** | `HETZNER_API_TOKEN` | |
134-
| `--hetzner-image` | `HETZNER_IMAGE` | `ubuntu-18.04` |
135-
| `--hetzner-image-id` | `HETZNER_IMAGE_ID` | |
136-
| `--hetzner-server-type` | `HETZNER_TYPE` | `cx11` |
137-
| `--hetzner-server-location` | `HETZNER_LOCATION` | *(let Hetzner choose)* |
138-
| `--hetzner-existing-key-path` | `HETZNER_EXISTING_KEY_PATH` | *(generate new keypair)* |
139-
| `--hetzner-existing-key-id` | `HETZNER_EXISTING_KEY_ID` | 0 *(upload new key)* |
140-
| `--hetzner-additional-key` | `HETZNER_ADDITIONAL_KEYS` | |
141-
| `--hetzner-user-data` | `HETZNER_USER_DATA` | |
142-
| `--hetzner-networks` | `HETZNER_NETWORKS` | |
143-
| `--hetzner-firewalls` | `HETZNER_FIREWALLS` | |
144-
| `--hetzner-volumes` | `HETZNER_VOLUMES` | |
145-
| `--hetzner-use-private-network` | `HETZNER_USE_PRIVATE_NETWORK` | false |
146-
| `--hetzner-server-label` | (inoperative) | `[]` |
147-
| `--hetzner-key-label` | (inoperative) | `[]` |
148-
| `--hetzner-placement-group` | `HETZNER_PLACEMENT_GROUP` | |
149-
| `--hetzner-auto-spread` | `HETZNER_AUTO_SPREAD` | false |
150-
| `--hetzner-ssh-user` | `HETZNER_SSH_USER` | root |
151-
| `--hetzner-ssh-port` | `HETZNER_SSH_PORT` | 22 |
152-
131+
| CLI option | Environment variable | Default |
132+
|---------------------------------|-------------------------------| -------------------------- |
133+
| **`--hetzner-api-token`** | `HETZNER_API_TOKEN` | |
134+
| `--hetzner-image` | `HETZNER_IMAGE` | `ubuntu-18.04` |
135+
| `--hetzner-image-id` | `HETZNER_IMAGE_ID` | |
136+
| `--hetzner-server-type` | `HETZNER_TYPE` | `cx11` |
137+
| `--hetzner-server-location` | `HETZNER_LOCATION` | *(let Hetzner choose)* |
138+
| `--hetzner-existing-key-path` | `HETZNER_EXISTING_KEY_PATH` | *(generate new keypair)* |
139+
| `--hetzner-existing-key-id` | `HETZNER_EXISTING_KEY_ID` | 0 *(upload new key)* |
140+
| `--hetzner-additional-key` | `HETZNER_ADDITIONAL_KEYS` | |
141+
| `--hetzner-user-data` | `HETZNER_USER_DATA` | |
142+
| `--hetzner-networks` | `HETZNER_NETWORKS` | |
143+
| `--hetzner-firewalls` | `HETZNER_FIREWALLS` | |
144+
| `--hetzner-volumes` | `HETZNER_VOLUMES` | |
145+
| `--hetzner-use-private-network` | `HETZNER_USE_PRIVATE_NETWORK` | false |
146+
| `--hetzner-disable-public-4` | `HETZNER_DISABLE_PUBLIC_4` | false |
147+
| `--hetzner-disable-public-6` | `HETZNER_DISABLE_PUBLIC_6` | false |
148+
| `--hetzner-disable-public` | `HETZNER_DISABLE_PUBLIC` | false |
149+
| `--hetzner-server-label` | (inoperative) | `[]` |
150+
| `--hetzner-key-label` | (inoperative) | `[]` |
151+
| `--hetzner-placement-group` | `HETZNER_PLACEMENT_GROUP` | |
152+
| `--hetzner-auto-spread` | `HETZNER_AUTO_SPREAD` | false |
153+
| `--hetzner-ssh-user` | `HETZNER_SSH_USER` | root |
154+
| `--hetzner-ssh-port` | `HETZNER_SSH_PORT` | 22 |
155+
156+
**Networking hint:** When disabling all public IPs, `--hetzner-use-private-network` must be given.
157+
`--hetzner-disable-public` will take care of that, and behaves as if
158+
`--hetzner-disable-public-4 --hetzner-disable-public-6 --hetzner-use-private-network`
159+
were given.
160+
Using `--hetzner-use-private-network` implicitly or explicitly requires at least one `--hetzner-network`
161+
to be given.
153162

154163
## Building from source
155164

driver.go

Lines changed: 48 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,8 @@ type Driver struct {
4343
Volumes []string
4444
Networks []string
4545
UsePrivateNetwork bool
46+
DisablePublic4 bool
47+
DisablePublic6 bool
4648
Firewalls []string
4749
ServerLabels map[string]string
4850
keyLabels map[string]string
@@ -69,6 +71,9 @@ const (
6971
flagVolumes = "hetzner-volumes"
7072
flagNetworks = "hetzner-networks"
7173
flagUsePrivateNetwork = "hetzner-use-private-network"
74+
flagDisablePublic4 = "hetzner-disable-public-4"
75+
flagDisablePublic6 = "hetzner-disable-public-6"
76+
flagDisablePublic = "hetzner-disable-public"
7277
flagFirewalls = "hetzner-firewalls"
7378
flagAdditionalKeys = "hetzner-additional-key"
7479
flagServerLabel = "hetzner-server-label"
@@ -171,6 +176,21 @@ func (d *Driver) GetCreateFlags() []mcnflag.Flag {
171176
Name: flagUsePrivateNetwork,
172177
Usage: "Use private network",
173178
},
179+
mcnflag.BoolFlag{
180+
EnvVar: "HETZNER_DISABLE_PUBLIC_4",
181+
Name: flagDisablePublic4,
182+
Usage: "Disable public ipv4",
183+
},
184+
mcnflag.BoolFlag{
185+
EnvVar: "HETZNER_DISABLE_PUBLIC_6",
186+
Name: flagDisablePublic6,
187+
Usage: "Disable public ipv6",
188+
},
189+
mcnflag.BoolFlag{
190+
EnvVar: "HETZNER_DISABLE_PUBLIC",
191+
Name: flagDisablePublic,
192+
Usage: "Disable public ip (v4 & v6)",
193+
},
174194
mcnflag.StringSliceFlag{
175195
EnvVar: "HETZNER_FIREWALLS",
176196
Name: flagFirewalls,
@@ -235,7 +255,10 @@ func (d *Driver) SetConfigFromFlags(opts drivers.DriverOptions) error {
235255
d.userData = opts.String(flagUserData)
236256
d.Volumes = opts.StringSlice(flagVolumes)
237257
d.Networks = opts.StringSlice(flagNetworks)
238-
d.UsePrivateNetwork = opts.Bool(flagUsePrivateNetwork)
258+
disablePublic := opts.Bool(flagDisablePublic)
259+
d.UsePrivateNetwork = opts.Bool(flagUsePrivateNetwork) || disablePublic
260+
d.DisablePublic4 = opts.Bool(flagDisablePublic4) || disablePublic
261+
d.DisablePublic6 = opts.Bool(flagDisablePublic6) || disablePublic
239262
d.Firewalls = opts.StringSlice(flagFirewalls)
240263
d.AdditionalKeys = opts.StringSlice(flagAdditionalKeys)
241264

@@ -265,6 +288,11 @@ func (d *Driver) SetConfigFromFlags(opts drivers.DriverOptions) error {
265288
return errors.Errorf("--%v and --%v are mutually exclusive", flagImage, flagImageID)
266289
}
267290

291+
if d.DisablePublic4 && d.DisablePublic6 && !d.UsePrivateNetwork {
292+
return errors.Errorf("--%v must be used if public networking is disabled (hint: implicitly set by --%v)",
293+
flagUsePrivateNetwork, flagDisablePublic)
294+
}
295+
268296
return nil
269297
}
270298

@@ -415,6 +443,18 @@ func (d *Driver) configureNetworkAccess(srv hcloud.ServerCreateResult) error {
415443
}
416444
time.Sleep(1 * time.Second)
417445
}
446+
} else if d.DisablePublic4 {
447+
log.Infof("Using public IPv6 network ...")
448+
449+
pv6 := srv.Server.PublicNet.IPv6
450+
ip := pv6.IP
451+
if ip.Mask(pv6.Network.Mask).Equal(pv6.Network.IP) { // no host given
452+
ip[net.IPv6len-1] |= 0x01 // TODO make this configurable
453+
}
454+
455+
ips := ip.String()
456+
log.Infof(" -> resolved %v ...", ips)
457+
d.IPAddress = ips
418458
} else {
419459
log.Infof("Using public network ...")
420460
d.IPAddress = srv.Server.PublicNet.IPv4.IP.String()
@@ -451,6 +491,13 @@ func (d *Driver) makeCreateServerOptions() (*hcloud.ServerCreateOpts, error) {
451491
PlacementGroup: pgrp,
452492
}
453493

494+
if d.DisablePublic4 || d.DisablePublic6 {
495+
srvopts.PublicNet = &hcloud.ServerCreatePublicNet{
496+
EnableIPv4: !d.DisablePublic4,
497+
EnableIPv6: !d.DisablePublic6,
498+
}
499+
}
500+
454501
networks, err := d.createNetworks()
455502
if err != nil {
456503
return nil, err

0 commit comments

Comments
 (0)