advanced routing #0

Supports: bionic focal
Add to new model

Description

This charm can be deployed alongside principal charms to enable custom network routes management.


About this personal namespace charm

This version of https://jaas.ai/advanced-routing provides an extra route key, allow-main-table-default-gateway, which can be set to true to override the protection against changing the default route of the main table. There is a high chance for unexpected breakages to occur by changing the main table's default gateway, thus this flag must be set as a sort of "I Really Mean It" flag.

Overview

This subordinate charm allows for the configuration of policy routing rules on the deployed host, as well as routes to configured services. A list of hash maps, in JSON format, is expected.

Charm supports IPv4 addressing.

Warning: if configured incorrectly, this has the potential to disrupt your units networking setup. Be sure to test your configuration before rolling it out to production. Note the charm provides an apply-changes action, which allows you to apply routing changes per unit as a way to mitigate risk

Build

cd charm-advanced-routing
make build

Usage

Add to an existing application using juju-info relation.

Example:

juju deploy cs:advanced-routing
juju add-relation ubuntu advanced-routing

Configuration

The user can configure the following parameters: * enable-advanced-routing: Enable routing. This requires for the charm to have routing information configured in JSON format: juju config advanced-routing --file path/to/your/config

  • advanced-routing-config parameter contains 3 types of entities: 'table', 'route', 'rule'. The 'type' parameter is always required.

table: routing table to put the rules in (used in rules)

route: defines a static route with the following params: - default_route: should this be a default route or not (boolean: true|false) (optional, requires gateway and table) - net: IPv4 CIDR for a destination network (string) (mutually exclusive with default_route, and requires gateway or device) - gateway: IPv4 gateway address (string) (either device or gateway is required) - table: routing table name (string) (optional, except if default_route is used) - metric: metric for the route (int) (optional) - device: device (interface) (string) (either device or gateway is required)

rule: - from-net: IPv4 CIDR source network or "all" (string) (required) - to-net: IPv4 CIDR destination network or "all" (string) (optional) - table: routing table name (string) (optional, default is main) - priority: priority (int) (optional)

An example yaml config file below:

settings:
  advanced-routing-config:
    value: |-
      [ {
          "type": "table",
          "table": "SF1"
      }, {
          "type": "route",
          "default_route": true,  
          "gateway": "10.191.86.2",      
          "table": "SF1",
          "metric": 101,
          "device": "eth0"
      }, {
          "type": "route",
          "net": "6.6.6.0/24",
          "gateway": "10.191.86.2"
      }, {
          "type": "rule",
          "from-net": "192.170.2.0/24",
          "to-net": "192.170.2.0/24",
          "table": "SF1",
          "priority": 101
      } ]
  enable-advanced-routing:
    value: true

The example_config.yaml file is also provided with the codebase.

Migration steps from the policy-routing charm

Initial deployment:

The following steps assume that an ubuntu unit with a subordinate policy-routing charm with the following config has been deployed:

application: policy-routing
application-config:
  trust:
    default: false
    description: Does this application have access to trusted credentials
    source: default
    type: bool
    value: false
charm: policy-routing
settings:
  cidr:
    description: |
      CIDR of the network interface to setup a policy routing.
      e.g. 192.168.0.0/24
    source: user
    type: string
    value: 10.10.51.0/24
  gateway:
    description: |
      The gateway to be used from the network interface specified with
      the CIDR. e.g. 192.168.0.254
    source: user
    type: string
    value: 10.10.51.1

juju status looks like:

$ juju status 
Model        Controller  Cloud/Region         Version  SLA          Timestamp
model1  lxd         localhost/localhost  2.7.2    unsupported  11:52:19Z

App                       Version     Status   Scale  Charm                     Store       Rev  OS      Notes  
policy-routing                        waiting      0  policy-routing            jujucharms    3  ubuntu  
ubuntu                    18.04       active       1  ubuntu                    jujucharms   15  ubuntu  


Unit                   Workload  Agent      Machine  Public address  Ports               Message
ubuntu/0*              active    idle       127      10.0.8.155                          ready
  policy-routing/0*    active    idle                10.0.8.155                          Unit ready

Deploy advanced-routing charm :

  • juju deploy cs:advanced-routing
  • juju add-relation ubuntu advanced-routing

Advanced-routing is in status blocked with message: "Please disable charm-policy-routing"

Apply the following config:

$ cat ./advanced_routing_config 
advanced-routing:
  enable-advanced-routing: true
  advanced-routing-config: |
      [ {
          "type": "table",
          "table": "SF1"
      }, {
          "type": "route",
          "default_route": true,
          "gateway": "10.10.51.1",
          "table": "SF1"
      }, {
          "type": "rule",
          "from-net": "10.10.51.0/24",
          "to-net": "10.10.51.0/24",
          "priority": 100
      }, {
          "type": "rule",
          "from-net": "10.10.51.0/24",
          "table": "SF1",
          "priority": 101
      } ]

with the command:

juju config advanced-routing --file ./advanced_routing_config

Disable the old config

juju run -u ubuntu/0 "sudo systemctl stop charm-pre-install-policy-routing ; sudo systemctl disable charm-pre-install-policy-routing ; sudo rm -f /etc/systemd/system/charm-pre-install-policy-routing.service; "

Apply the routing configuration with the new charm

Using the action apply-changes, add the routes using the advance-routing charm

juju run-action advanced-routing/0 apply-changes --wait

Testing

To run lint tests:

tox -e lint

To run unit tests:

tox -e unit

Functional tests have been developed using python-libjuju, deploying a simple ubuntu charm and adding the charm as a subordinate.

To run tests using python-libjuju:

tox -e functional

Contact Information


Configuration

action-managed-update
(boolean) Changes need to be applied by running the 'apply-changes' action.
True
advanced-routing-config
(string) A json array consisting of objects, e.g. [ { "type": "route", "net": "192.170.1.0/24", "device": "eth5" }, { ... } ] @ see example_config.yaml for more examples
[]
enable-advanced-routing
(boolean) Whether to use the custom routing configuration provided by the charm.