VMmanager: Administrator guide

How to set up an IP check before allocation?

You can configure IP address check before the platform allocates them to virtual machines (VMs). If the IP address fails the test, VMmanager will not allocate it to the VM. For example, you can prohibit allocation of IP addresses assigned to any devices on the network.

To enable IP address check:

  1. Create a script for the check.
  2. Configure the script to run from the platform.

Requirements to the script

As an input parameter, the script should use a JSON array with IP addresses to be checked:

Example of an input parameter
[{"name":"192.168.0.1"}, {"name": "192.168.0.2"}, {"name": "192.168.0.3"}]
Comments

If all IP addresses pass the test, the script should return an empty response or a response in the format below:

{"bad_ips": []}

If certain IP addresses fail the check, the script should return a response in the format below:

Example of JSON response
{"bad_ips": [{"name": "192.168.0.2"}, {"name": "192.168.0.3"}]}
Comments
Note
  1. The script will run from the docker container vm_ipmgr_1, so only commands available in this container can be used in the script.
  2. The script file should not be placed in the VMmanager docker container, as the file will be deleted after the container is updated.
  3. The script should be completed within one minute. Otherwise, the timeout for allocating an IP address will be exceeded and the platform will not be able to allocate an IP address.

Script run configuration

  1. Connect to the server with VMmanager via SSH.
  2. Add a command to run the script to the VMmanager database:

    docker exec -it mysql bash -c 'mysql -p$MYSQL_ROOT_PASSWORD isp'
    INSERT INTO ip_settings (name, value) VALUES ("ip_check_script", "<script_running>");
    Comments to the command

Example of script

This example illustrates creating a web service in Python using the aiohttp framework. The web service runs on the server with VMmanager and uses port 5000/TCP. VMmanager sends a request to this service using the curl utility.

  1. Create the /root/checkip.py with the following contents on the server with VMmanager:

    #!/usr/bin/python3.6
    
    import json
    import os
    import sys
    import logging
    import asyncio
    
    from aiohttp import web
    
    log = logging.getLogger(__name__)
    
    def get_error(ip, err):
        log.error(f'{err}')
        return web.json_response(data={'bad_ips':[ip]}, status=200)
    
    
    async def ckeckip(req):
        if "application/json" in req.headers["Content-Type"]:
            body = await req.json()
        else:
            return web.json_response(status=400)
    
    
        ips = []
        for ip in body:
            ip = ip['name']
    
            #IPv6-stub
            if ":" in ip:
                log.info(f'Skipping IPv6 {ip}')
                continue
    
            if "/" in ip and '/32' not in ip:
                log.info(f'Skipping {ip}')
                continue
    
            log.info(f'Checking {ip}')
    		if ip in ['192.168.0.2', '192.168.0.3']:   // insert the list of banned IP addresses or the code to check the IP address here
                ips.append(ip)
                log.error('FAIL')
    
        return web.json_response(data={'bad_ips':ips}, status=200)
    
    
    app = web.Application()
    app.add_routes([web.post('/checkip', ckeckip)])
    
    async def shutdown(this_app):
        asyncio.create_task(stop())
    
    async def stop():
        await app.shutdown()
        await app.cleanup()
    
    if __name__ == '__main__':
        os.chdir(os.path.dirname(os.path.abspath(__file__)))
        if len(sys.argv) == 2:
            if 'start' == sys.argv[1]:
                web.run_app(app, host='0.0.0.0', port=5000)
            elif 'stop' == sys.argv[1]:
                app.on_shutdown.append(shutdown)
            elif 'restart' == sys.argv[1]:
                app.on_shutdown.append(shutdown)
                app.on_startup(web.run_app(app))
            else:
                print ("Unknown command")
                sys.exit(2)
            sys.exit(0)
        else:
            print ("usage: %s start|stop|restart" % sys.argv[0])
            sys.exit(2)
  2. Run the web service:

    python3 /root/checkip.py start
    Note

    You can use the command below to stop the web service:

    python3 /root/checkip.py stop

    You can use the command below to restart the web service:

    python3 /root/checkip.py restart
  3. Add the command to run the script to the VMmanager database:

    docker exec -it mysql bash -c 'mysql -p$MYSQL_ROOT_PASSWORD isp'
    INSERT INTO ip_settings (name, value) VALUES ("ip_check_script", "/usr/bin/curl -X POST -k 192.168.2.1:5000/checkip -H "Content-Type: application/json" -d");
    Comments to the command