kmurudi/add_tenant.py

## add_tenant.py
#!/usr/bin/python

import os
import subprocess
import sys

vm_num=5
br_num=3
# list of IPs for subnets of tenant - VMs
av_ips = []
for i in range(100,151):
    av_ips.append("192.168."+str(i))
# list of IPs to assign to PGW interfaces
pg_ips = []
for i in range(170,191):
    pg_ips.append("192.168."+str(i))


def add_t(t_name,num_subnets):
    os.system("sudo docker run -itd --privileged --name="+t_name+" fw_ubuntu" )
    global vm_num
    for i in range(vm_num,vm_num+num_subnets):
        os.system("sudo docker run -itd --privileged --name=VM"+str(i)+" fw_ubuntu")
    global br_num
    os.system("sudo brctl addbr br"+str(br_num))
    os.system("sudo ip link set br"+str(br_num)+" up")
    for i in range(vm_num,vm_num+num_subnets):
        os.system("sudo ip link add v"+str(i)+t_name+" type veth peer name VM"+str(i))
     #getting PID of new IGW
    output_ig = subprocess.Popen("sudo docker inspect -f '{{.State.Pid}}' "+t_name, stdout=subprocess.PIPE, shell=True)
    (out1, err) = output_ig.communicate()
    ig_pid = out1.strip()

    vm_pids=[]
    for i in range(vm_num,vm_num+num_subnets):
        output = subprocess.Popen("sudo docker inspect -f '{{.State.Pid}}' VM"+str(i), stdout=subprocess.PIPE, shell=True)
        (out, err) = output.communicate()
        vm_pids.append(out.strip())
    print vm_pids
    for i in range(vm_num,vm_num+num_subnets):
        os.system("sudo ip link set v"+str(i)+t_name+" netns "+ig_pid)
        os.system("sudo ip link set VM"+str(i)+" netns "+vm_pids[i-vm_num])

    #adding IGW3 to br1
    os.system("sudo ip link add veth"+t_name+" type veth peer name veth"+t_name+"b")
    os.system("sudo brctl addif br"+str(br_num)+" veth"+t_name+"b")
    os.system("sudo ip link set veth"+t_name+"b up")
    os.system("sudo ip link set veth"+t_name+" netns "+ig_pid)
    # adding br3 to PGW1 & PGW2
    os.system("sudo ip link add veth"+t_name+"P1 type veth peer name vethbr"+str(br_num)+"1")
    os.system("sudo ip link add veth"+t_name+"P2 type veth peer name vethbr"+str(br_num)+"2")

    os.system("sudo brctl addif br"+str(br_num)+" vethbr"+str(br_num)+"1")
    os.system("sudo brctl addif br"+str(br_num)+" vethbr"+str(br_num)+"2")
    os.system("sudo ip link set vethbr"+str(br_num)+"1 up")
    os.system("sudo ip link set vethbr"+str(br_num)+"2 up")

    pg_pids=[]
    for i in range(1,3):
        output = subprocess.Popen("sudo docker inspect -f '{{.State.Pid}}' PGW"+str(i), stdout=subprocess.PIPE, shell=True)
        (out, err) = output.communicate()
        pg_pids.append(out.strip())

    os.system("sudo ip link set veth"+t_name+"P1 netns "+pg_pids[0])
    os.system("sudo ip link set veth"+t_name+"P2 netns "+pg_pids[1])

    # assigning rules in IGWs
    global pg_ips
    pg_ip = pg_ips[0]
    pg_ig = pg_ips[0]+".10"
    pg_pg = pg_ips[0]+".1"
    ig_subnet = pg_ips[0]+".0/24"
    os.system("sudo docker exec -it "+t_name+" ip link set veth"+t_name+" up")
    os.system("sudo docker exec -it "+t_name+" ip addr add "+pg_ig+"/24 dev veth"+t_name)
    os.system("sudo docker exec -it PGW1 ip link set veth"+t_name+"P1 up")
    os.system("sudo docker exec -it PGW1 ip addr add "+pg_pg+"/24 dev veth"+t_name+"P1")
    os.system("sudo docker exec -it PGW2 ip link set veth"+t_name+"P2 up")
    os.system("sudo docker exec -it PGW2 ip addr add "+pg_pg+"/24 dev veth"+t_name+"P2")
    # enable ip forwarding inside IGW
    os.system("sudo docker exec "+t_name+" sysctl -w net.ipv4.ip_forward=1")
    os.system("sudo docker exec "+t_name+" ip route del default ")
    os.system("sudo docker exec "+t_name+" ip route add default via "+pg_pg)
    # assigning rules in PGW1 and PGW2 postrouting rules
    os.system("sudo docker exec PGW1 iptables -t nat -A POSTROUTING -s "+ig_subnet+" ! -d "+ig_subnet+" -j MASQUERADE")
    os.system("sudo docker exec PGW2 iptables -t nat -A POSTROUTING -s "+ig_subnet+" ! -d "+ig_subnet+" -j MASQUERADE")
     #assigning IPs to VM-IGW veth pairs
    global av_ips
    for i in range(vm_num,vm_num+num_subnets):

        # docker exec assign ip now
        # docker exec VM - up the link veth interface
        ip_chosen = av_ips[0]
        subnet_ip = av_ips[0]+".0/24"
        ip_str = av_ips[0]+".10"
        ig_ip = av_ips[0]+".1"
        os.system("sudo docker exec -it VM"+str(i)+" ip link set VM"+str(i)+" up")
        os.system("sudo docker exec -it VM"+str(i)+" ip addr add "+ip_str+"/24 dev VM"+str(i))
        os.system("sudo docker exec -it "+t_name+" ip link set v"+str(i)+t_name+" up")
        os.system("sudo docker exec -it "+t_name+" ip addr add "+ig_ip+"/24 dev v"+str(i)+t_name)
        # adding post routing rules in IGW for its subnets
        os.system("sudo docker exec "+t_name+" iptables -t nat -A POSTROUTING -s "+subnet_ip+" ! -d "+subnet_ip+" -j MASQUERADE")
        # removing default rule and adding new next hop default route in VM
        os.system("sudo docker exec VM"+str(i)+" ip route del default")
        os.system("sudo docker exec VM"+str(i)+" ip route add default via "+ig_ip)
        # adding rules in PGW1 AND PGW2 for VMs for TCP pre routing rules - found in vmNSconfig.sh
        os.system("sudo docker exec PGW1 iptables -t nat -A PREROUTING -p tcp -i vethPG --dport 5000 -j DNAT --to-destination "+ip_str+":5000")
        os.system("sudo docker exec PGW2 iptables -t nat -A PREROUTING -p tcp -i vethPG --dport 5000 -j DNAT --to-destination "+ip_str+":5000")
        # adding routes in PGW1 and PGW2 for VM subnet
        os.system("sudo docker exec PGW1 ip route add "+subnet_ip+" via "+pg_ig)
        os.system("sudo docker exec PGW2 ip route add "+subnet_ip+" via "+pg_ig)

        # when all assignments done for this subnet ip - remove from list
        av_ips.remove(ip_chosen)

     # when all assignments done for PG-IG IP subnet - remove from list
    pg_ips.remove(pg_ip)
    # update global variables
    vm_num = vm_num+num_subnets
    br_num=br_num+1


def main():
    while True:
        t_name = raw_input("Enter the name of new Tenant: ")
        num_subnets = int(raw_input("Enter the number of subnets you want in this Tenant: "))

        add_t(t_name,num_subnets)
        exit=raw_input("Do you want to exit?\n Yes \n No\n")
        if exit == "Yes":
           sys.exit()


if __name__ == "__main__":
    main()
	#!/usr/bin/python

	import os
	import subprocess
	import sys

	vm_num=5
	br_num=3
	# list of IPs for subnets of tenant - VMs
	av_ips = []
	for i in range(100,151):
	av_ips.append("192.168."+str(i))
	# list of IPs to assign to PGW interfaces
	pg_ips = []
	for i in range(170,191):
	pg_ips.append("192.168."+str(i))



	def add_t(t_name,num_subnets):
	os.system("sudo docker run -itd --privileged --name="+t_name+" fw_ubuntu" )
	global vm_num
	for i in range(vm_num,vm_num+num_subnets):
	os.system("sudo docker run -itd --privileged --name=VM"+str(i)+" fw_ubuntu")
	global br_num
	os.system("sudo brctl addbr br"+str(br_num))
	os.system("sudo ip link set br"+str(br_num)+" up")
	for i in range(vm_num,vm_num+num_subnets):
	os.system("sudo ip link add v"+str(i)+t_name+" type veth peer name VM"+str(i))
	#getting PID of new IGW
	output_ig = subprocess.Popen("sudo docker inspect -f '{{.State.Pid}}' "+t_name, stdout=subprocess.PIPE, shell=True)
	(out1, err) = output_ig.communicate()
	ig_pid = out1.strip()

	vm_pids=[]
	for i in range(vm_num,vm_num+num_subnets):
	output = subprocess.Popen("sudo docker inspect -f '{{.State.Pid}}' VM"+str(i), stdout=subprocess.PIPE, shell=True)
	(out, err) = output.communicate()
	vm_pids.append(out.strip())
	print vm_pids
	for i in range(vm_num,vm_num+num_subnets):
	os.system("sudo ip link set v"+str(i)+t_name+" netns "+ig_pid)
	os.system("sudo ip link set VM"+str(i)+" netns "+vm_pids[i-vm_num])

	#adding IGW3 to br1
	os.system("sudo ip link add veth"+t_name+" type veth peer name veth"+t_name+"b")
	os.system("sudo brctl addif br"+str(br_num)+" veth"+t_name+"b")
	os.system("sudo ip link set veth"+t_name+"b up")
	os.system("sudo ip link set veth"+t_name+" netns "+ig_pid)
	# adding br3 to PGW1 & PGW2
	os.system("sudo ip link add veth"+t_name+"P1 type veth peer name vethbr"+str(br_num)+"1")
	os.system("sudo ip link add veth"+t_name+"P2 type veth peer name vethbr"+str(br_num)+"2")

	os.system("sudo brctl addif br"+str(br_num)+" vethbr"+str(br_num)+"1")
	os.system("sudo brctl addif br"+str(br_num)+" vethbr"+str(br_num)+"2")
	os.system("sudo ip link set vethbr"+str(br_num)+"1 up")
	os.system("sudo ip link set vethbr"+str(br_num)+"2 up")

	pg_pids=[]
	for i in range(1,3):
	output = subprocess.Popen("sudo docker inspect -f '{{.State.Pid}}' PGW"+str(i), stdout=subprocess.PIPE, shell=True)
	(out, err) = output.communicate()
	pg_pids.append(out.strip())

	os.system("sudo ip link set veth"+t_name+"P1 netns "+pg_pids[0])
	os.system("sudo ip link set veth"+t_name+"P2 netns "+pg_pids[1])

	# assigning rules in IGWs
	global pg_ips
	pg_ip = pg_ips[0]
	pg_ig = pg_ips[0]+".10"
	pg_pg = pg_ips[0]+".1"
	ig_subnet = pg_ips[0]+".0/24"
	os.system("sudo docker exec -it "+t_name+" ip link set veth"+t_name+" up")
	os.system("sudo docker exec -it "+t_name+" ip addr add "+pg_ig+"/24 dev veth"+t_name)
	os.system("sudo docker exec -it PGW1 ip link set veth"+t_name+"P1 up")
	os.system("sudo docker exec -it PGW1 ip addr add "+pg_pg+"/24 dev veth"+t_name+"P1")
	os.system("sudo docker exec -it PGW2 ip link set veth"+t_name+"P2 up")
	os.system("sudo docker exec -it PGW2 ip addr add "+pg_pg+"/24 dev veth"+t_name+"P2")
	# enable ip forwarding inside IGW
	os.system("sudo docker exec "+t_name+" sysctl -w net.ipv4.ip_forward=1")
	os.system("sudo docker exec "+t_name+" ip route del default ")
	os.system("sudo docker exec "+t_name+" ip route add default via "+pg_pg)
	# assigning rules in PGW1 and PGW2 postrouting rules
	os.system("sudo docker exec PGW1 iptables -t nat -A POSTROUTING -s "+ig_subnet+" ! -d "+ig_subnet+" -j MASQUERADE")
	os.system("sudo docker exec PGW2 iptables -t nat -A POSTROUTING -s "+ig_subnet+" ! -d "+ig_subnet+" -j MASQUERADE")
	#assigning IPs to VM-IGW veth pairs
	global av_ips
	for i in range(vm_num,vm_num+num_subnets):

	# docker exec assign ip now
	# docker exec VM - up the link veth interface
	ip_chosen = av_ips[0]
	subnet_ip = av_ips[0]+".0/24"
	ip_str = av_ips[0]+".10"
	ig_ip = av_ips[0]+".1"
	os.system("sudo docker exec -it VM"+str(i)+" ip link set VM"+str(i)+" up")
	os.system("sudo docker exec -it VM"+str(i)+" ip addr add "+ip_str+"/24 dev VM"+str(i))
	os.system("sudo docker exec -it "+t_name+" ip link set v"+str(i)+t_name+" up")
	os.system("sudo docker exec -it "+t_name+" ip addr add "+ig_ip+"/24 dev v"+str(i)+t_name)
	# adding post routing rules in IGW for its subnets
	os.system("sudo docker exec "+t_name+" iptables -t nat -A POSTROUTING -s "+subnet_ip+" ! -d "+subnet_ip+" -j MASQUERADE")
	# removing default rule and adding new next hop default route in VM
	os.system("sudo docker exec VM"+str(i)+" ip route del default")
	os.system("sudo docker exec VM"+str(i)+" ip route add default via "+ig_ip)
	# adding rules in PGW1 AND PGW2 for VMs for TCP pre routing rules - found in vmNSconfig.sh
	os.system("sudo docker exec PGW1 iptables -t nat -A PREROUTING -p tcp -i vethPG --dport 5000 -j DNAT --to-destination "+ip_str+":5000")
	os.system("sudo docker exec PGW2 iptables -t nat -A PREROUTING -p tcp -i vethPG --dport 5000 -j DNAT --to-destination "+ip_str+":5000")
	# adding routes in PGW1 and PGW2 for VM subnet
	os.system("sudo docker exec PGW1 ip route add "+subnet_ip+" via "+pg_ig)
	os.system("sudo docker exec PGW2 ip route add "+subnet_ip+" via "+pg_ig)

	# when all assignments done for this subnet ip - remove from list
	av_ips.remove(ip_chosen)

	# when all assignments done for PG-IG IP subnet - remove from list
	pg_ips.remove(pg_ip)
	# update global variables
	vm_num = vm_num+num_subnets
	br_num=br_num+1


	def main():
	while True:
	t_name = raw_input("Enter the name of new Tenant: ")
	num_subnets = int(raw_input("Enter the number of subnets you want in this Tenant: "))

	add_t(t_name,num_subnets)
	exit=raw_input("Do you want to exit?\n Yes \n No\n")
	if exit == "Yes":
	sys.exit()


	if __name__ == "__main__":
	main()