From f2fc5a193743e2a66f748c8baefee949a747ea7f Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Mon, 11 Jan 2021 15:26:06 +0100 Subject: Figured out a way to not need WgNetworkAllocation. --- acme-wireguard/host_vars/acme-1/wireguard.yml | 4 +- acme-wireguard/host_vars/acme-2/wireguard.yml | 4 +- acme-wireguard/host_vars/acme-3/wireguard.yml | 2 +- acme-wireguard/host_vars/ws-1/wireguard.yml | 4 +- acme-wireguard/host_vars/ws-2/wireguard.yml | 4 +- j2/wireguard/ansible-host.j2 | 4 +- .../src/main/resources/io/trygvis/acme/acme.drl | 2 +- .../java/io/trygvis/rules/network/Ipv4Cidr.java | 2 +- .../io/trygvis/rules/wireguard/wireguard.drl | 42 +++++----- out/acme/wireguard.yaml | 90 +++------------------- 10 files changed, 41 insertions(+), 117 deletions(-) diff --git a/acme-wireguard/host_vars/acme-1/wireguard.yml b/acme-wireguard/host_vars/acme-1/wireguard.yml index ed768e2..af0f3a7 100644 --- a/acme-wireguard/host_vars/acme-1/wireguard.yml +++ b/acme-wireguard/host_vars/acme-1/wireguard.yml @@ -1,6 +1,6 @@ # Generated -link_address: 192.168.10.4 -network_cidr: 10.55.251.0/24 +link_address: 192.168.10.3 +network_cidr: 10.55.255.0/24 wireguard_peers: acme-1: - acme-3.machine.acme.com diff --git a/acme-wireguard/host_vars/acme-2/wireguard.yml b/acme-wireguard/host_vars/acme-2/wireguard.yml index 363c50b..4228d87 100644 --- a/acme-wireguard/host_vars/acme-2/wireguard.yml +++ b/acme-wireguard/host_vars/acme-2/wireguard.yml @@ -1,6 +1,6 @@ # Generated -link_address: 192.168.10.3 -network_cidr: 10.55.252.0/24 +link_address: 192.168.10.4 +network_cidr: 10.55.254.0/24 wireguard_peers: acme-2: - acme-3.machine.acme.com diff --git a/acme-wireguard/host_vars/acme-3/wireguard.yml b/acme-wireguard/host_vars/acme-3/wireguard.yml index e032cac..f42f50c 100644 --- a/acme-wireguard/host_vars/acme-3/wireguard.yml +++ b/acme-wireguard/host_vars/acme-3/wireguard.yml @@ -1,5 +1,5 @@ # Generated -link_address: 192.168.10.2 +link_address: 192.168.10.5 network_cidr: 10.55.253.0/24 wireguard_peers: acme-3: diff --git a/acme-wireguard/host_vars/ws-1/wireguard.yml b/acme-wireguard/host_vars/ws-1/wireguard.yml index 2e4a54f..3cafb0b 100644 --- a/acme-wireguard/host_vars/ws-1/wireguard.yml +++ b/acme-wireguard/host_vars/ws-1/wireguard.yml @@ -1,6 +1,6 @@ # Generated -link_address: 192.168.10.1 -network_cidr: 10.55.254.0/24 +link_address: 192.168.10.6 +network_cidr: 10.55.252.0/24 wireguard_peers: ws-1: - acme-3.machine.acme.com diff --git a/acme-wireguard/host_vars/ws-2/wireguard.yml b/acme-wireguard/host_vars/ws-2/wireguard.yml index d3e1eb1..a727689 100644 --- a/acme-wireguard/host_vars/ws-2/wireguard.yml +++ b/acme-wireguard/host_vars/ws-2/wireguard.yml @@ -1,6 +1,6 @@ # Generated -link_address: 192.168.10.0 -network_cidr: 10.55.255.0/24 +link_address: 192.168.10.7 +network_cidr: 10.55.251.0/24 wireguard_peers: ws-2: - acme-3.machine.acme.com diff --git a/j2/wireguard/ansible-host.j2 b/j2/wireguard/ansible-host.j2 index 72273ef..9d684ef 100644 --- a/j2/wireguard/ansible-host.j2 +++ b/j2/wireguard/ansible-host.j2 @@ -1,6 +1,6 @@ # Generated -link_address: {{ link }} -network_cidr: {{ network }} +link_address: {{ host.ip }} +network_cidr: {{ host.networkCidr }} wireguard_peers: {{ host.name }}: {%- for peer in peers %} diff --git a/module/acme/src/main/resources/io/trygvis/acme/acme.drl b/module/acme/src/main/resources/io/trygvis/acme/acme.drl index cb04b09..66623c3 100644 --- a/module/acme/src/main/resources/io/trygvis/acme/acme.drl +++ b/module/acme/src/main/resources/io/trygvis/acme/acme.drl @@ -27,6 +27,6 @@ when $m : Machine(fqdn == null) $s : AcmeServer(machine == $m) then - $s.machine.fqdn = "%s.machine.acme.com.".formatted($s.machine.name); + $s.machine.fqdn = "%s.machine.acme.com".formatted($s.machine.name); update($s.machine) end diff --git a/module/ri-engine/src/main/java/io/trygvis/rules/network/Ipv4Cidr.java b/module/ri-engine/src/main/java/io/trygvis/rules/network/Ipv4Cidr.java index 8e812ef..6362107 100644 --- a/module/ri-engine/src/main/java/io/trygvis/rules/network/Ipv4Cidr.java +++ b/module/ri-engine/src/main/java/io/trygvis/rules/network/Ipv4Cidr.java @@ -85,7 +85,7 @@ public class Ipv4Cidr implements Comparable { } var ret = network - o.network; - if (ret == 0) { + if (ret != 0) { return ret; } diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl index 2e4498f..261374a 100644 --- a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl +++ b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl @@ -27,11 +27,11 @@ declare WgIpPool end declare WgHost - name : String - net : String - publicName : String - netToNetIp : String - networkIp : String + name : String // TODO: rename to machine + net : String + publicName : String + ip : String // This host's IP + networkCidr : String end declare WgConnection @@ -45,12 +45,6 @@ declare WgIpAllocation ip : Ipv4Address end -declare WgNetworkAllocation - host : String - role : String - cidr : Ipv4Cidr -end - rule "Create IP pools" when $net : WgNet() // not(Ipv4Cidr(network == Ipv4Cidr.parseCidr($net.linkCidr).network)) @@ -103,29 +97,33 @@ then insert(new WgConnection($h.name, $other.name)) end -rule "Assign link IP" +// This and the next rule needs to use .toString(), the specific objects might be generated multiple times, +// but Drools use identityHashCode() to find equal objects, not equals(). +rule "Assign IP" when $net : WgNet() - $host : WgHost(net == $net.name) $pool : WgIpPool(net == $net.name, role == "link") - not(WgIpAllocation(host == $host.name, role == $pool.role)) $ip : Ipv4Address() from $pool.cidr.addresses() - not(WgIpAllocation(ip == $ip)) + not(WgHost(net == $net.name, ip == $ip.toString())) + $host : WgHost(net == $net.name, ip == null) then System.out.printf("IP: net=%s, pool.role=%s, host=%s, ip=%s%n", $net.name, $pool.role, $host.name, $ip); - insert(new WgIpAllocation($host.name, $pool.role, $ip)) + modify($host) { + ip = $ip.toString() + } end rule "Assign network CIDR" when $net : WgNet() - $host : WgHost(net == $net.name) $network : Ipv4Cidr() from Ipv4Cidr.parseCidr($net.networkCidr).partition($net.networkBits) - not(WgNetworkAllocation(host == $host.name, role == "network")) - not(WgNetworkAllocation(cidr == $network)) + $host : WgHost(net == $net.name, networkCidr == null) + not(WgHost(net == $net.name, networkCidr == $network.toString())) then System.out.printf("Network CIDR: net=%s, host=%s, network=%s%n", $net.name, $host.name, $network); - insert(new WgNetworkAllocation($host.name, "network", $network)) + modify($host) { + networkCidr = $network.toString() + } end rule "Generate per-net files" @@ -151,8 +149,6 @@ rule "Generate per-net, per-host files" when $net : WgNet() $host : WgHost(net == $net.name) - $link : WgIpAllocation(host == $host.name, role == "link") - $network : WgNetworkAllocation(host == $host.name, role == "network") $peerMachines : ArrayList() from accumulate(WgConnection(host == $host.name, $to: to), collectList($to)) $peers : ArrayList() from accumulate(Machine($peerMachines contains name, $fqdn: fqdn), collectList($fqdn)) then @@ -163,8 +159,6 @@ then te.template("wireguard/ansible-host", output, Map.of( "net", $net, "host", $host, - "link", $link.ip, - "network", $network.cidr, "peers", $peers )); end diff --git a/out/acme/wireguard.yaml b/out/acme/wireguard.yaml index 2a3ff80..de882c3 100644 --- a/out/acme/wireguard.yaml +++ b/out/acme/wireguard.yaml @@ -114,75 +114,40 @@ data: name: "acme-1" net: "vpn0" publicName: "acme-1.machine.acme.com" - netToNetIp: null - networkIp: null + ip: "192.168.10.3" + networkCidr: "10.55.255.0/24" --- type: "io.trygvis.rules.wireguard.WgHost" data: name: "acme-2" net: "vpn0" publicName: "acme-2.machine.acme.com" - netToNetIp: null - networkIp: null + ip: "192.168.10.4" + networkCidr: "10.55.254.0/24" --- type: "io.trygvis.rules.wireguard.WgHost" data: name: "acme-3" net: "vpn0" publicName: "acme-3.machine.acme.com" - netToNetIp: null - networkIp: null + ip: "192.168.10.5" + networkCidr: "10.55.253.0/24" --- type: "io.trygvis.rules.wireguard.WgHost" data: name: "ws-1" net: "vpn0" publicName: null - netToNetIp: null - networkIp: null + ip: "192.168.10.6" + networkCidr: "10.55.252.0/24" --- type: "io.trygvis.rules.wireguard.WgHost" data: name: "ws-2" net: "vpn0" publicName: null - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.wireguard.WgIpAllocation" -data: - host: "acme-1" - role: "link" - ip: - value: "192.168.10.4" ---- -type: "io.trygvis.rules.wireguard.WgIpAllocation" -data: - host: "acme-2" - role: "link" - ip: - value: "192.168.10.3" ---- -type: "io.trygvis.rules.wireguard.WgIpAllocation" -data: - host: "acme-3" - role: "link" - ip: - value: "192.168.10.2" ---- -type: "io.trygvis.rules.wireguard.WgIpAllocation" -data: - host: "ws-1" - role: "link" - ip: - value: "192.168.10.1" ---- -type: "io.trygvis.rules.wireguard.WgIpAllocation" -data: - host: "ws-2" - role: "link" - ip: - value: "192.168.10.0" + ip: "192.168.10.7" + networkCidr: "10.55.251.0/24" --- type: "io.trygvis.rules.wireguard.WgIpPool" data: @@ -205,38 +170,3 @@ data: linkCidr: "192.168.10.0/29" networkCidr: "10.55.0.0/16" networkBits: 24 ---- -type: "io.trygvis.rules.wireguard.WgNetworkAllocation" -data: - host: "acme-1" - role: "network" - cidr: - value: "10.55.251.0/24" ---- -type: "io.trygvis.rules.wireguard.WgNetworkAllocation" -data: - host: "acme-2" - role: "network" - cidr: - value: "10.55.252.0/24" ---- -type: "io.trygvis.rules.wireguard.WgNetworkAllocation" -data: - host: "acme-3" - role: "network" - cidr: - value: "10.55.253.0/24" ---- -type: "io.trygvis.rules.wireguard.WgNetworkAllocation" -data: - host: "ws-1" - role: "network" - cidr: - value: "10.55.254.0/24" ---- -type: "io.trygvis.rules.wireguard.WgNetworkAllocation" -data: - host: "ws-2" - role: "network" - cidr: - value: "10.55.255.0/24" -- cgit v1.2.3