-
Notifications
You must be signed in to change notification settings - Fork 0
/
edge_gateway_service_configuration.rb
243 lines (225 loc) · 10.4 KB
/
edge_gateway_service_configuration.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
module Fog
module Generators
module Compute
module VcloudDirector
class EdgeGatewayServiceConfiguration
def initialize(configuration={})
@configuration = configuration
end
def generate_xml
Nokogiri::XML::Builder.new do |xml|
xml.EdgeGatewayServiceConfiguration('xmlns' => "http://www.vmware.com/vcloud/v1.5"){
build_firewall_service(xml)
build_nat_service(xml)
build_load_balancer_service(xml)
build_vpn(xml)
build_dhcp(xml)
build_static_routing_service(xml)
}
end.to_xml
end
private
def build_dhcp(xml)
dhcp_config = @configuration[:GatewayDhcpService]
return unless dhcp_config
xml.GatewayDhcpService {
xml.IsEnabled dhcp_config[:IsEnabled] if dhcp_config.key?(:IsEnabled)
dhcp_config[:pools].each do |pool|
xml.Pool {
xml.IsEnabled pool[:IsEnabled]
xml.Network pool[:Network]
xml.DefaultLeaseTime pool[:DefaultLeaseTime]
xml.MaxLeaseTime pool[:MaxLeaseTime]
xml.LowIpAddress pool[:LowIpAddress]
xml.HighIpAddress pool[:HighIpAddress]
}
end
}
end
def build_vpn(xml)
vpn_config = @configuration[:GatewayIpsecVpnService]
return unless vpn_config
xml.GatewayIpsecVpnService {
xml.IsEnabled vpn_config[:IsEnabled] if vpn_config.key?(:IsEnabled)
vpn_config[:Tunnel].each do |tunnel_config|
xml.Tunnel {
xml.Name tunnel_config[:Name]
xml.Description tunnel_config[:Description]
xml.IpsecVpnLocalPeer {
xml.Id tunnel_config[:IpsecVpnLocalPeerId]
xml.Name tunnel_config[:IpsecVpnLocalPeerName]
}
xml.PeerIpAddress tunnel_config[:PeerIpAddress]
xml.PeerId tunnel_config[:PeerId]
xml.LocalIpAddress tunnel_config[:LocalIpAddress]
xml.LocalId tunnel_config[:LocalId]
tunnel_config[:LocalSubnet].each do |subnet|
xml.LocalSubnet {
xml.Name subnet[:Name]
xml.Gateway subnet[:Gateway]
xml.Netmask subnet[:Netmask]
}
end
tunnel_config[:PeerSubnet].each do |subnet|
xml.PeerSubnet {
xml.Name subnet[:Name]
xml.Gateway subnet[:Gateway]
xml.Netmask subnet[:Netmask]
}
end
xml.SharedSecret tunnel_config[:SharedSecret]
xml.SharedSecretEncrypted tunnel_config[:SharedSecretEncrypted] if tunnel_config.key?(:SharedSecretEncrypted)
xml.EncryptionProtocol tunnel_config[:EncryptionProtocol]
xml.Mtu tunnel_config[:Mtu]
xml.IsEnabled tunnel_config[:IsEnabled]
}
end
}
end
def build_load_balancer_service(xml)
lb_config = @configuration[:LoadBalancerService]
return unless lb_config
xml.LoadBalancerService {
xml.IsEnabled lb_config[:IsEnabled] if lb_config.key?(:IsEnabled)
lb_config[:Pool].each do |pool|
xml.Pool {
xml.Name pool[:Name]
xml.Description pool[:Description] if pool.key?(:Description)
pool[:ServicePort].each do |service_port|
xml.ServicePort {
xml.IsEnabled service_port[:IsEnabled]
xml.Protocol service_port[:Protocol]
xml.Algorithm service_port[:Algorithm]
xml.Port service_port[:Port]
xml.HealthCheckPort service_port[:HealthCheckPort]
xml.HealthCheck {
xml.Mode service_port[:HealthCheck][:Mode]
xml.Uri service_port[:HealthCheck][:Uri]
xml.HealthThreshold service_port[:HealthCheck][:HealthThreshold]
xml.UnhealthThreshold service_port[:HealthCheck][:UnhealthThreshold]
xml.Interval service_port[:HealthCheck][:Interval]
xml.Timeout service_port[:HealthCheck][:Timeout]
}
}
end
pool[:Member].each do |member|
xml.Member {
xml.IpAddress member[:IpAddress]
xml.Weight member[:Weight]
member[:ServicePort].each do |member_service_port|
xml.ServicePort {
xml.Protocol member_service_port[:Protocol]
xml.Port member_service_port[:Port]
xml.HealthCheckPort member_service_port[:HealthCheckPort]
}
end
}
end
}
end
lb_config[:VirtualServer].each do |virtual_server|
xml.VirtualServer {
xml.IsEnabled virtual_server[:IsEnabled]
xml.Name virtual_server[:Name]
xml.Description virtual_server[:Description]
xml.Interface(:href => virtual_server[:Interface][:href], :name => virtual_server[:Interface][:name])
xml.IpAddress virtual_server[:IpAddress]
virtual_server[:ServiceProfile].each do |service_profile|
xml.ServiceProfile {
xml.IsEnabled service_profile[:IsEnabled]
xml.Protocol service_profile[:Protocol]
xml.Port service_profile[:Port]
xml.Persistence {
xml.Method service_profile[:Persistence][:Method]
if service_profile[:Persistence][:Method] == 'COOKIE'
xml.CookieName service_profile[:Persistence][:CookieName]
xml.CookieMode service_profile[:Persistence][:CookieMode]
end
}
}
end
xml.Logging virtual_server[:Logging]
xml.Pool virtual_server[:Pool]
}
end
}
end
def build_nat_service(xml)
nat_config = @configuration[:NatService]
return unless nat_config
xml.NatService {
xml.IsEnabled nat_config[:IsEnabled]
nat_config[:NatRule].each do |rule|
xml.NatRule {
xml.RuleType rule[:RuleType]
xml.IsEnabled rule[:IsEnabled]
xml.Id rule[:Id] if rule[:Id]
gateway_nat_rule = rule[:GatewayNatRule]
xml.GatewayNatRule {
xml.Interface(:name => gateway_nat_rule[:Interface][:name], :href => gateway_nat_rule[:Interface][:href])
xml.OriginalIp gateway_nat_rule[:OriginalIp]
xml.OriginalPort gateway_nat_rule[:OriginalPort] if gateway_nat_rule.key?(:OriginalPort)
xml.TranslatedIp gateway_nat_rule[:TranslatedIp]
xml.TranslatedPort gateway_nat_rule[:TranslatedPort] if gateway_nat_rule.key?(:TranslatedPort)
xml.Protocol gateway_nat_rule[:Protocol] if rule[:RuleType] == "DNAT"
}
}
end
}
end
def build_static_routing_service(xml)
routing_config = @configuration[:StaticRoutingService]
return unless routing_config
xml.StaticRoutingService {
xml.IsEnabled routing_config[:IsEnabled]
routing_config[:StaticRoute].each do |rule|
xml.StaticRoute{
xml.Name rule[:Name]
xml.Network rule[:Network]
xml.NextHopIp rule[:NextHopIp]
xml.GatewayInterface(
:type => rule[:GatewayInterface][:type],
:name => rule[:GatewayInterface][:name],
:href => rule[:GatewayInterface][:href]
)
}
end
}
end
def build_firewall_service(xml)
firewall_config = @configuration[:FirewallService]
return unless firewall_config
xml.FirewallService {
xml.IsEnabled firewall_config[:IsEnabled]
xml.DefaultAction firewall_config[:DefaultAction] if firewall_config.key?(:DefaultAction)
xml.LogDefaultAction firewall_config[:LogDefaultAction] if firewall_config.key?(:LogDefaultAction)
firewall_config[:FirewallRule].each do |rule|
xml.FirewallRule {
xml.Id rule[:Id] if rule[:Id]
xml.IsEnabled rule[:IsEnabled] if rule.key?(:IsEnabled)
xml.MatchOnTranslate rule[:MatchOnTranslate] if rule.key?(:MatchOnTranslate)
xml.Description rule[:Description] if rule.key?(:Description)
xml.Policy rule[:Policy] if rule.key?(:Policy)
xml.Protocols {
rule[:Protocols].each do |key, value|
xml.send(key.to_s.capitalize, value)
end
}
xml.IcmpSubType rule[:IcmpSubType] if rule.key?(:IcmpSubType)
xml.Port rule[:Port] if rule.key?(:Port)
xml.DestinationPortRange rule[:DestinationPortRange]
xml.DestinationIp rule[:DestinationIp]
xml.SourcePort rule[:SourcePort] if rule.key?(:SourcePort)
xml.SourcePortRange rule[:SourcePortRange]
xml.SourceIp rule[:SourceIp]
xml.Direction rule[:Direction] if rule.key?(:Direction) #Firewall rule direction is allowed only in backward compatibility mode.
xml.EnableLogging rule[:EnableLogging] if rule.key?(:EnableLogging)
}
end
}
end
end
end
end
end
end