Merge pull request #23 from hamzy/add-bootstrap-sshd-port

Add a sshd port for the bootstrap node

Author: hamzy

install-ci.sh

@@ -201,11 +201,16 @@ then
 	exit 1
 fi
 
+if [[ ! -v BRANCH ]]
+then
+	BRANCH="master"
+fi
+
 git reset --hard HEAD
 git clean -fxd .
-git checkout master
+git checkout ${BRANCH}
 git fetch
-git checkout -m origin/master install-ci.sh
+git checkout -m origin/${BRANCH} install-ci.sh
 
 NEW_INSTALL_CI_SHA1SUM=$(my_sha ${SCRIPT_DIR}/install-ci.sh)
 RC=$?
@@ -242,3 +247,12 @@ if ! sudo diff ./libvirt/haproxy/haproxy_$(hostname).cfg /etc/haproxy/haproxy.cf
 then
 	restart_haproxy
 fi
+
+FILENAME="./libvirt/tunnel/profile_$(hostname).yaml"
+CLUSTER_ID=$(yq eval '.profile.cluster_id' ${FILENAME})
+declare -a BASTION_SSH_PORTS=( 1023 1033 1043 1053 1063 1073 )
+for I in ${BASTION_SSH_PORTS[*]}
+do
+	sudo firewall-cmd --permanent --zone=libvirt --add-port=$(( ${I} + ${CLUSTER_ID} ))/tcp || true
+done
+sudo firewall-cmd --reload || true

libvirt/haproxy/haproxy_C155F2U31.cfg

@@ -145,6 +145,42 @@ frontend https-all
     acl 03-https-ci req_ssl_sni -m end .libvirt-ppc64le-1-3.ci
     use_backend https-workers-03 if 03-https-ci
 
+##---------------------------------------------------------------------
+## SSH frontend which proxys to the created bootstrap nodes
+##---------------------------------------------------------------------
+#frontend ssh-all
+#    mode        tcp
+#    option      tcplog
+#
+#    bind        *:1023
+#
+#    tcp-request inspect-delay 5s
+#    tcp-request content accept if { req_ssl_hello_type 1 }
+#
+#    acl 00-ssh req_ssl_sni -m end .libvirt-ppc64le-1-0
+#    use_backend ssh-bootstrap-00 if 00-ssh
+#
+#    acl 00-ssh-ci req_ssl_sni -m end .libvirt-ppc64le-1-0.ci
+#    use_backend ssh-bootstrap-00 if 00-ssh-ci
+#
+#    acl 01-ssh req_ssl_sni -m end .libvirt-ppc64le-1-1
+#    use_backend ssh-bootstrap-01 if 01-ssh
+#
+#    acl 01-ssh-ci req_ssl_sni -m end .libvirt-ppc64le-1-1.ci
+#    use_backend ssh-bootstrap-01 if 01-ssh-ci
+#
+#    acl 02-ssh req_ssl_sni -m end .libvirt-ppc64le-1-2
+#    use_backend ssh-bootstrap-02 if 02-ssh
+#
+#    acl 02-ssh-ci req_ssl_sni -m end .libvirt-ppc64le-1-2.ci
+#    use_backend ssh-bootstrap-02 if 02-ssh-ci
+#
+#    acl 03-ssh req_ssl_sni -m end .libvirt-ppc64le-1-3
+#    use_backend ssh-bootstrap-03 if 03-ssh
+#
+#    acl 03-ssh-ci req_ssl_sni -m end .libvirt-ppc64le-1-3.ci
+#    use_backend ssh-bootstrap-03 if 03-ssh-ci
+
 #---------------------------------------------------------------------
 # Master node backends for serving API traffic
 #---------------------------------------------------------------------
@@ -260,3 +296,23 @@ backend https-workers-03
 #backend node-https
 #    mode        tcp
 #    server      node 127.0.0.1:8443 check
+
+##---------------------------------------------------------------------
+## Bootstrap node backends for serving SSH service endpoints
+##---------------------------------------------------------------------
+#backend ssh-bootstrap-00
+#    mode        tcp
+#    balance     roundrobin
+#    server      bootstrap 192.168.126.10:22 check
+#backend ssh-bootstrap-01
+#    mode        tcp
+#    balance     roundrobin
+#    server      bootstrap 192.168.1.10:22 check
+#backend ssh-bootstrap-02
+#    mode        tcp
+#    balance     roundrobin
+#    server      bootstrap 192.168.2.10:22 check
+#backend ssh-bootstrap-03
+#    mode        tcp
+#    balance     roundrobin
+#    server      bootstrap 192.168.3.10:22 check

libvirt/tunnel/generate-ports.sh

@@ -9,24 +9,34 @@ API_PORT=6443
 HTTP_PORT=80
 HTTPS_PORT=443
 
-for f in profile_*.yaml ; do filename=${f};
- if [[ ! -f ${filename} ]]; then
- 	echo "${filename} file missing"
-   exit 0
- fi
-ARCH=$(yq eval '.profile.arch' ${filename})
-CLUSTER_CAPACITY=$(yq eval '.profile.cluster_capacity' ${filename})
-CLUSTER_ID=$(yq eval '.profile.cluster_id' ${filename})
+#set -x
+declare -a BASTION_SSH_PORTS=( 1023 1033 1043 1053 1063 1073 )
 
-# libvirt ports
-yq eval -i '.libvirt.bastion-port='$(( $LIBVIRT_PORT + $CLUSTER_ID ))'' ${filename}
-yq eval -i '.libvirt.target-port='$LIBVIRT_PORT'' ${filename}
+for FILENAME in profile_*.yaml
+do
+	if [[ ! -f ${FILENAME} ]]
+	then
+		echo "${FILENAME} file missing"
+		exit 0
+	fi
 
-yq eval -i '.api.bastion-port='$(($API_PORT + $CLUSTER_ID))'' ${filename}
-yq eval -i '.api.target-port='$(($API_PORT))'' ${filename}
-yq eval -i '.http.bastion-port='$(($HTTP_PORT + $CLUSTER_ID + 8000 ))'' ${filename}
-yq eval -i '.http.target-port='$(($HTTP_PORT))'' ${filename}
-yq eval -i '.https.bastion-port='$(($HTTPS_PORT + $CLUSTER_ID + 8000 ))'' ${filename}
-yq eval -i '.https.target-port='$(($HTTPS_PORT))'' ${filename}
+	ARCH=$(yq eval '.profile.arch' ${FILENAME})
+	CLUSTER_CAPACITY=$(yq eval '.profile.cluster_capacity' ${FILENAME})
+	CLUSTER_ID=$(yq eval '.profile.cluster_id' ${FILENAME})
 
-done
+	# libvirt ports
+	yq eval -i '.libvirt.bastion-port='$((${LIBVIRT_PORT} + ${CLUSTER_ID})) ${FILENAME}
+	yq eval -i '.libvirt.target-port='${LIBVIRT_PORT} ${FILENAME}
+	yq eval -i '.api.bastion-port='$((${API_PORT} + ${CLUSTER_ID})) ${FILENAME}
+	yq eval -i '.api.target-port='${API_PORT} ${FILENAME}
+	yq eval -i '.http.bastion-port='$((${HTTP_PORT} + ${CLUSTER_ID} + 8000)) ${FILENAME}
+	yq eval -i '.http.target-port='${HTTP_PORT} ${FILENAME}
+	yq eval -i '.https.bastion-port='$((${HTTPS_PORT} + ${CLUSTER_ID} + 8000)) ${FILENAME}
+	yq eval -i '.https.target-port='${HTTPS_PORT} ${FILENAME}
+	for CLUSTER_NUM in $(seq 0 ${CLUSTER_CAPACITY})
+	do
+		SSH_PORT=${BASTION_SSH_PORTS[${CLUSTER_NUM}]}
+		yq eval -i '.bastion'${CLUSTER_NUM}'ssh.bastion-port='$((${SSH_PORT} + ${CLUSTER_ID})) ${FILENAME}
+		yq eval -i '.bastion'${CLUSTER_NUM}'ssh.target-port=22' ${FILENAME}
+	done
+done

libvirt/tunnel/profile_C155F2U31.yaml

@@ -15,3 +15,18 @@ http:
 https:
   bastion-port: 8444
   target-port: 443
+bastion0ssh:
+  bastion-port: 1024
+  target-port: 22
+bastion1ssh:
+  bastion-port: 1034
+  target-port: 22
+bastion2ssh:
+  bastion-port: 1044
+  target-port: 22
+bastion3ssh:
+  bastion-port: 1054
+  target-port: 22
+bastion4ssh:
+  bastion-port: 1064
+  target-port: 22

libvirt/tunnel/profile_C155F2U33.yaml

@@ -15,3 +15,18 @@ http:
 https:
   bastion-port: 8443
   target-port: 443
+bastion0ssh:
+  bastion-port: 1023
+  target-port: 22
+bastion1ssh:
+  bastion-port: 1033
+  target-port: 22
+bastion2ssh:
+  bastion-port: 1043
+  target-port: 22
+bastion3ssh:
+  bastion-port: 1053
+  target-port: 22
+bastion4ssh:
+  bastion-port: 1063
+  target-port: 22

libvirt/tunnel/profile_C155F2U35.yaml

@@ -15,3 +15,18 @@ http:
 https:
   bastion-port: 8445
   target-port: 443
+bastion0ssh:
+  bastion-port: 1025
+  target-port: 22
+bastion1ssh:
+  bastion-port: 1035
+  target-port: 22
+bastion2ssh:
+  bastion-port: 1045
+  target-port: 22
+bastion3ssh:
+  bastion-port: 1055
+  target-port: 22
+bastion4ssh:
+  bastion-port: 1065
+  target-port: 22

libvirt/tunnel/profile_lnxocp01.yaml

@@ -15,3 +15,21 @@ http:
 https:
   bastion-port: 8443
   target-port: 443
+bastion0ssh:
+  bastion-port: 1023
+  target-port: 22
+bastion1ssh:
+  bastion-port: 1033
+  target-port: 22
+bastion2ssh:
+  bastion-port: 1043
+  target-port: 22
+bastion3ssh:
+  bastion-port: 1053
+  target-port: 22
+bastion4ssh:
+  bastion-port: 1063
+  target-port: 22
+bastion5ssh:
+  bastion-port: 1073
+  target-port: 22

libvirt/tunnel/profile_lnxocp02.yaml

@@ -15,3 +15,21 @@ http:
 https:
   bastion-port: 8444
   target-port: 443
+bastion0ssh:
+  bastion-port: 1024
+  target-port: 22
+bastion1ssh:
+  bastion-port: 1034
+  target-port: 22
+bastion2ssh:
+  bastion-port: 1044
+  target-port: 22
+bastion3ssh:
+  bastion-port: 1054
+  target-port: 22
+bastion4ssh:
+  bastion-port: 1064
+  target-port: 22
+bastion5ssh:
+  bastion-port: 1074
+  target-port: 22

libvirt/tunnel/tunnel.sh

@@ -40,10 +40,19 @@ elif [[ -z "${PORT_FRWD:-}" ]]; then
 fi
 
 # Declaring and setting Bastion and Local ports
-PORTS="-R $(yq eval '.libvirt.bastion-port' ${filename}):127.0.0.1:$(yq eval '.libvirt.target-port' ${filename}) 
-	-R $(yq eval '.api.bastion-port' ${filename}):127.0.0.1:$(yq eval '.api.target-port' ${filename}) 
-	-R $(yq eval '.http.bastion-port' ${filename}):127.0.0.1:$(yq eval '.http.target-port' ${filename}) 
-	-R $(yq eval '.https.bastion-port' ${filename}):127.0.0.1:$(yq eval '.https.target-port' ${filename}) "
+PORTS="-R $(yq eval '.libvirt.bastion-port' ${filename}):127.0.0.1:$(yq eval '.libvirt.target-port' ${filename})"
+PORTS+=" -R $(yq eval '.api.bastion-port' ${filename}):127.0.0.1:$(yq eval '.api.target-port' ${filename})"
+PORTS+=" -R $(yq eval '.http.bastion-port' ${filename}):127.0.0.1:$(yq eval '.http.target-port' ${filename})"
+PORTS+=" -R $(yq eval '.https.bastion-port' ${filename}):127.0.0.1:$(yq eval '.https.target-port' ${filename})"
+
+declare -a BASTION_ADDRS=( "192.168.126.10" "192.168.1.10" "192.168.2.10" "192.168.3.10" "192.168.4.10" "192.168.6.10" )
+
+for CLUSTER_NUM in $(seq 0 ${CLUSTER_CAPACITY})
+do
+	BASTION_SSH=".bastion${CLUSTER_NUM}ssh"
+	BASTION_ADDR=${BASTION_ADDRS[${CLUSTER_NUM}]}
+	PORTS+=" -R $(yq eval ${BASTION_SSH}'.bastion-port' ${filename}):${BASTION_ADDR}:$(yq eval ${BASTION_SSH}'.target-port' ${filename})"
+done
 
 if echo "${PORTS}" | grep null 2> /dev/null; then
 	echo "Error: yq returned null in PORTS variable creation"
@@ -117,6 +126,8 @@ function pid-exists() {
 	return $?
 }
 
+echo "$(timestamp) [INFO] PORTS: ${PORTS}"
+
 trap "kill 0" SIGINT
 
 PID_PORT=-1