summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2021-01-11 15:26:06 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2021-01-11 15:26:06 +0100
commitf2fc5a193743e2a66f748c8baefee949a747ea7f (patch)
tree987968bf8d3c3dbf732d4b21106909e6db4d6051
parent26769b6059e299103e2ee5427ac71b30533c204f (diff)
downloadrules-sandbox-f2fc5a193743e2a66f748c8baefee949a747ea7f.tar.gz
rules-sandbox-f2fc5a193743e2a66f748c8baefee949a747ea7f.tar.bz2
rules-sandbox-f2fc5a193743e2a66f748c8baefee949a747ea7f.tar.xz
rules-sandbox-f2fc5a193743e2a66f748c8baefee949a747ea7f.zip
Figured out a way to not need WgNetworkAllocation.
-rw-r--r--acme-wireguard/host_vars/acme-1/wireguard.yml4
-rw-r--r--acme-wireguard/host_vars/acme-2/wireguard.yml4
-rw-r--r--acme-wireguard/host_vars/acme-3/wireguard.yml2
-rw-r--r--acme-wireguard/host_vars/ws-1/wireguard.yml4
-rw-r--r--acme-wireguard/host_vars/ws-2/wireguard.yml4
-rw-r--r--j2/wireguard/ansible-host.j24
-rw-r--r--module/acme/src/main/resources/io/trygvis/acme/acme.drl2
-rw-r--r--module/ri-engine/src/main/java/io/trygvis/rules/network/Ipv4Cidr.java2
-rw-r--r--module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl42
-rw-r--r--out/acme/wireguard.yaml90
10 files changed, 41 insertions, 117 deletions
diff --git a/acme-wireguard/host_vars/acme-1/wireguard.yml b/acme-wireguard/host_vars/acme-1/wireguard.yml
index ed768e2..af0f3a7 100644
--- a/acme-wireguard/host_vars/acme-1/wireguard.yml
+++ b/acme-wireguard/host_vars/acme-1/wireguard.yml
@@ -1,6 +1,6 @@
# Generated
-link_address: 192.168.10.4
-network_cidr: 10.55.251.0/24
+link_address: 192.168.10.3
+network_cidr: 10.55.255.0/24
wireguard_peers:
acme-1:
- acme-3.machine.acme.com
diff --git a/acme-wireguard/host_vars/acme-2/wireguard.yml b/acme-wireguard/host_vars/acme-2/wireguard.yml
index 363c50b..4228d87 100644
--- a/acme-wireguard/host_vars/acme-2/wireguard.yml
+++ b/acme-wireguard/host_vars/acme-2/wireguard.yml
@@ -1,6 +1,6 @@
# Generated
-link_address: 192.168.10.3
-network_cidr: 10.55.252.0/24
+link_address: 192.168.10.4
+network_cidr: 10.55.254.0/24
wireguard_peers:
acme-2:
- acme-3.machine.acme.com
diff --git a/acme-wireguard/host_vars/acme-3/wireguard.yml b/acme-wireguard/host_vars/acme-3/wireguard.yml
index e032cac..f42f50c 100644
--- a/acme-wireguard/host_vars/acme-3/wireguard.yml
+++ b/acme-wireguard/host_vars/acme-3/wireguard.yml
@@ -1,5 +1,5 @@
# Generated
-link_address: 192.168.10.2
+link_address: 192.168.10.5
network_cidr: 10.55.253.0/24
wireguard_peers:
acme-3:
diff --git a/acme-wireguard/host_vars/ws-1/wireguard.yml b/acme-wireguard/host_vars/ws-1/wireguard.yml
index 2e4a54f..3cafb0b 100644
--- a/acme-wireguard/host_vars/ws-1/wireguard.yml
+++ b/acme-wireguard/host_vars/ws-1/wireguard.yml
@@ -1,6 +1,6 @@
# Generated
-link_address: 192.168.10.1
-network_cidr: 10.55.254.0/24
+link_address: 192.168.10.6
+network_cidr: 10.55.252.0/24
wireguard_peers:
ws-1:
- acme-3.machine.acme.com
diff --git a/acme-wireguard/host_vars/ws-2/wireguard.yml b/acme-wireguard/host_vars/ws-2/wireguard.yml
index d3e1eb1..a727689 100644
--- a/acme-wireguard/host_vars/ws-2/wireguard.yml
+++ b/acme-wireguard/host_vars/ws-2/wireguard.yml
@@ -1,6 +1,6 @@
# Generated
-link_address: 192.168.10.0
-network_cidr: 10.55.255.0/24
+link_address: 192.168.10.7
+network_cidr: 10.55.251.0/24
wireguard_peers:
ws-2:
- acme-3.machine.acme.com
diff --git a/j2/wireguard/ansible-host.j2 b/j2/wireguard/ansible-host.j2
index 72273ef..9d684ef 100644
--- a/j2/wireguard/ansible-host.j2
+++ b/j2/wireguard/ansible-host.j2
@@ -1,6 +1,6 @@
# Generated
-link_address: {{ link }}
-network_cidr: {{ network }}
+link_address: {{ host.ip }}
+network_cidr: {{ host.networkCidr }}
wireguard_peers:
{{ host.name }}:
{%- for peer in peers %}
diff --git a/module/acme/src/main/resources/io/trygvis/acme/acme.drl b/module/acme/src/main/resources/io/trygvis/acme/acme.drl
index cb04b09..66623c3 100644
--- a/module/acme/src/main/resources/io/trygvis/acme/acme.drl
+++ b/module/acme/src/main/resources/io/trygvis/acme/acme.drl
@@ -27,6 +27,6 @@ when
$m : Machine(fqdn == null)
$s : AcmeServer(machine == $m)
then
- $s.machine.fqdn = "%s.machine.acme.com.".formatted($s.machine.name);
+ $s.machine.fqdn = "%s.machine.acme.com".formatted($s.machine.name);
update($s.machine)
end
diff --git a/module/ri-engine/src/main/java/io/trygvis/rules/network/Ipv4Cidr.java b/module/ri-engine/src/main/java/io/trygvis/rules/network/Ipv4Cidr.java
index 8e812ef..6362107 100644
--- a/module/ri-engine/src/main/java/io/trygvis/rules/network/Ipv4Cidr.java
+++ b/module/ri-engine/src/main/java/io/trygvis/rules/network/Ipv4Cidr.java
@@ -85,7 +85,7 @@ public class Ipv4Cidr implements Comparable<Ipv4Cidr> {
}
var ret = network - o.network;
- if (ret == 0) {
+ if (ret != 0) {
return ret;
}
diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl
index 2e4498f..261374a 100644
--- a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl
+++ b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl
@@ -27,11 +27,11 @@ declare WgIpPool
end
declare WgHost
- name : String
- net : String
- publicName : String
- netToNetIp : String
- networkIp : String
+ name : String // TODO: rename to machine
+ net : String
+ publicName : String
+ ip : String // This host's IP
+ networkCidr : String
end
declare WgConnection
@@ -45,12 +45,6 @@ declare WgIpAllocation
ip : Ipv4Address
end
-declare WgNetworkAllocation
- host : String
- role : String
- cidr : Ipv4Cidr
-end
-
rule "Create IP pools" when
$net : WgNet()
// not(Ipv4Cidr(network == Ipv4Cidr.parseCidr($net.linkCidr).network))
@@ -103,29 +97,33 @@ then
insert(new WgConnection($h.name, $other.name))
end
-rule "Assign link IP"
+// This and the next rule needs to use .toString(), the specific objects might be generated multiple times,
+// but Drools use identityHashCode() to find equal objects, not equals().
+rule "Assign IP"
when
$net : WgNet()
- $host : WgHost(net == $net.name)
$pool : WgIpPool(net == $net.name, role == "link")
- not(WgIpAllocation(host == $host.name, role == $pool.role))
$ip : Ipv4Address() from $pool.cidr.addresses()
- not(WgIpAllocation(ip == $ip))
+ not(WgHost(net == $net.name, ip == $ip.toString()))
+ $host : WgHost(net == $net.name, ip == null)
then
System.out.printf("IP: net=%s, pool.role=%s, host=%s, ip=%s%n", $net.name, $pool.role, $host.name, $ip);
- insert(new WgIpAllocation($host.name, $pool.role, $ip))
+ modify($host) {
+ ip = $ip.toString()
+ }
end
rule "Assign network CIDR"
when
$net : WgNet()
- $host : WgHost(net == $net.name)
$network : Ipv4Cidr() from Ipv4Cidr.parseCidr($net.networkCidr).partition($net.networkBits)
- not(WgNetworkAllocation(host == $host.name, role == "network"))
- not(WgNetworkAllocation(cidr == $network))
+ $host : WgHost(net == $net.name, networkCidr == null)
+ not(WgHost(net == $net.name, networkCidr == $network.toString()))
then
System.out.printf("Network CIDR: net=%s, host=%s, network=%s%n", $net.name, $host.name, $network);
- insert(new WgNetworkAllocation($host.name, "network", $network))
+ modify($host) {
+ networkCidr = $network.toString()
+ }
end
rule "Generate per-net files"
@@ -151,8 +149,6 @@ rule "Generate per-net, per-host files"
when
$net : WgNet()
$host : WgHost(net == $net.name)
- $link : WgIpAllocation(host == $host.name, role == "link")
- $network : WgNetworkAllocation(host == $host.name, role == "network")
$peerMachines : ArrayList() from accumulate(WgConnection(host == $host.name, $to: to), collectList($to))
$peers : ArrayList() from accumulate(Machine($peerMachines contains name, $fqdn: fqdn), collectList($fqdn))
then
@@ -163,8 +159,6 @@ then
te.template("wireguard/ansible-host", output, Map.of(
"net", $net,
"host", $host,
- "link", $link.ip,
- "network", $network.cidr,
"peers", $peers
));
end
diff --git a/out/acme/wireguard.yaml b/out/acme/wireguard.yaml
index 2a3ff80..de882c3 100644
--- a/out/acme/wireguard.yaml
+++ b/out/acme/wireguard.yaml
@@ -114,75 +114,40 @@ data:
name: "acme-1"
net: "vpn0"
publicName: "acme-1.machine.acme.com"
- netToNetIp: null
- networkIp: null
+ ip: "192.168.10.3"
+ networkCidr: "10.55.255.0/24"
---
type: "io.trygvis.rules.wireguard.WgHost"
data:
name: "acme-2"
net: "vpn0"
publicName: "acme-2.machine.acme.com"
- netToNetIp: null
- networkIp: null
+ ip: "192.168.10.4"
+ networkCidr: "10.55.254.0/24"
---
type: "io.trygvis.rules.wireguard.WgHost"
data:
name: "acme-3"
net: "vpn0"
publicName: "acme-3.machine.acme.com"
- netToNetIp: null
- networkIp: null
+ ip: "192.168.10.5"
+ networkCidr: "10.55.253.0/24"
---
type: "io.trygvis.rules.wireguard.WgHost"
data:
name: "ws-1"
net: "vpn0"
publicName: null
- netToNetIp: null
- networkIp: null
+ ip: "192.168.10.6"
+ networkCidr: "10.55.252.0/24"
---
type: "io.trygvis.rules.wireguard.WgHost"
data:
name: "ws-2"
net: "vpn0"
publicName: null
- netToNetIp: null
- networkIp: null
----
-type: "io.trygvis.rules.wireguard.WgIpAllocation"
-data:
- host: "acme-1"
- role: "link"
- ip:
- value: "192.168.10.4"
----
-type: "io.trygvis.rules.wireguard.WgIpAllocation"
-data:
- host: "acme-2"
- role: "link"
- ip:
- value: "192.168.10.3"
----
-type: "io.trygvis.rules.wireguard.WgIpAllocation"
-data:
- host: "acme-3"
- role: "link"
- ip:
- value: "192.168.10.2"
----
-type: "io.trygvis.rules.wireguard.WgIpAllocation"
-data:
- host: "ws-1"
- role: "link"
- ip:
- value: "192.168.10.1"
----
-type: "io.trygvis.rules.wireguard.WgIpAllocation"
-data:
- host: "ws-2"
- role: "link"
- ip:
- value: "192.168.10.0"
+ ip: "192.168.10.7"
+ networkCidr: "10.55.251.0/24"
---
type: "io.trygvis.rules.wireguard.WgIpPool"
data:
@@ -205,38 +170,3 @@ data:
linkCidr: "192.168.10.0/29"
networkCidr: "10.55.0.0/16"
networkBits: 24
----
-type: "io.trygvis.rules.wireguard.WgNetworkAllocation"
-data:
- host: "acme-1"
- role: "network"
- cidr:
- value: "10.55.251.0/24"
----
-type: "io.trygvis.rules.wireguard.WgNetworkAllocation"
-data:
- host: "acme-2"
- role: "network"
- cidr:
- value: "10.55.252.0/24"
----
-type: "io.trygvis.rules.wireguard.WgNetworkAllocation"
-data:
- host: "acme-3"
- role: "network"
- cidr:
- value: "10.55.253.0/24"
----
-type: "io.trygvis.rules.wireguard.WgNetworkAllocation"
-data:
- host: "ws-1"
- role: "network"
- cidr:
- value: "10.55.254.0/24"
----
-type: "io.trygvis.rules.wireguard.WgNetworkAllocation"
-data:
- host: "ws-2"
- role: "network"
- cidr:
- value: "10.55.255.0/24"