You can configure IP address check before the platform allocates them to virtual machines (VMs). If the IP address fails the test, VMmanager will not allocate it to the VM. For example, you can prohibit allocation of IP addresses assigned to any devices on the network.
To enable IP address check:
- Create a script for the check.
- Configure the script to run from the platform.
Requirements to the script
As an input parameter, the script should use a JSON array with IP addresses to be checked:
[{"name":"192.168.0.1"}, {"name": "192.168.0.2"}, {"name": "192.168.0.3"}]
If all IP addresses pass the test, the script should return an empty response or a response in the format below:
{"bad_ips": []}
If certain IP addresses fail the check, the script should return a response in the format below:
{"bad_ips": [{"name": "192.168.0.2"}, {"name": "192.168.0.3"}]}
- The script will run from the docker container vm_ipmgr_1, so only commands available in this container can be used in the script.
- The script file should not be placed in the VMmanager docker container, as the file will be deleted after the container is updated.
- The script should be completed within one minute. Otherwise, the timeout for allocating an IP address will be exceeded and the platform will not be able to allocate an IP address.
Script run configuration
- Connect to the server with VMmanager via SSH.
-
Add a command to run the script to the VMmanager database:
docker exec -it mysql bash -c 'mysql -p$MYSQL_ROOT_PASSWORD isp'
INSERT INTO ip_settings (name, value) VALUES ("ip_check_script", "<script_running>");
Comments to the command
Example of script
This example illustrates creating a web service in Python using the aiohttp framework. The web service runs on the server with VMmanager and uses port 5000/TCP. VMmanager sends a request to this service using the curl utility.
-
Create the /root/checkip.py with the following contents on the server with VMmanager:
#!/usr/bin/python3.6 import json import os import sys import logging import asyncio from aiohttp import web log = logging.getLogger(__name__) def get_error(ip, err): log.error(f'{err}') return web.json_response(data={'bad_ips':[ip]}, status=200) async def ckeckip(req): if "application/json" in req.headers["Content-Type"]: body = await req.json() else: return web.json_response(status=400) ips = [] for ip in body: ip = ip['name'] #IPv6-stub if ":" in ip: log.info(f'Skipping IPv6 {ip}') continue if "/" in ip and '/32' not in ip: log.info(f'Skipping {ip}') continue log.info(f'Checking {ip}') if ip in ['192.168.0.2', '192.168.0.3']: // insert the list of banned IP addresses or the code to check the IP address here ips.append(ip) log.error('FAIL') return web.json_response(data={'bad_ips':ips}, status=200) app = web.Application() app.add_routes([web.post('/checkip', ckeckip)]) async def shutdown(this_app): asyncio.create_task(stop()) async def stop(): await app.shutdown() await app.cleanup() if __name__ == '__main__': os.chdir(os.path.dirname(os.path.abspath(__file__))) if len(sys.argv) == 2: if 'start' == sys.argv[1]: web.run_app(app, host='0.0.0.0', port=5000) elif 'stop' == sys.argv[1]: app.on_shutdown.append(shutdown) elif 'restart' == sys.argv[1]: app.on_shutdown.append(shutdown) app.on_startup(web.run_app(app)) else: print ("Unknown command") sys.exit(2) sys.exit(0) else: print ("usage: %s start|stop|restart" % sys.argv[0]) sys.exit(2)
-
Run the web service:
python3 /root/checkip.py start
NoteYou can use the command below to stop the web service:
python3 /root/checkip.py stop
You can use the command below to restart the web service:
python3 /root/checkip.py restart
-
Add the command to run the script to the VMmanager database:
docker exec -it mysql bash -c 'mysql -p$MYSQL_ROOT_PASSWORD isp'
INSERT INTO ip_settings (name, value) VALUES ("ip_check_script", "/usr/bin/curl -X POST -k 192.168.2.1:5000/checkip -H "Content-Type: application/json" -d");
Comments to the command