The project separated into two part, including Proxy CLI and Proxy as a Service (PRaaS) and the part here is for PraaS. PRaaS is a service which is integrated in OpenStack. It use Port Address Translation (PAT) technique, also as port forwarding. For details, it enables the connection from external to virtual machines in a tenant network through only the gateway and specified port of router which is associated betwwen the provider and tenant networks.
- Manage PAT information on project routers in OpenStack
- Receive request from Proxy CLI and handles PAT operations such as creating, removing and modifying.
- Monitor the status of virtual machines which were establised connection by PraaS every 30s and update the PAT connection of deleted or ip-changed virtual machines in OpenStack.
- Python virtual environment such as virtualenv or anaconda. (optional)
- Python >= 2.7
PRaaS use python interpreter in the current environment. Use virtual environment is a safe and low-risk aprroach for not conflicting and the virtual python interpreter will be choosen. The guide using tool python virtualenv for creating environment.
Install virtualenv
$ pip install virtualenv
Create virtual python env
$ virtualenv myenv
Activate env
$ source myenv/bin/activate
Deactivate env
$ deactivate
Clone the project
$ git clone https://github.com/LamNguy/praas
Install packages
$ cd praas
$ pip install -e .
If the install fail due to missing package "pbr", install it and re-run install packages
$ pip install pbr
Install service (required in the folder project)
$ praas-install
Uninstall service (required in the folder project)
$ praas-uninstall
PRaaS is installed on system including:
- Log file: /var/log/praas
- Library: /usr/local/lib/praas
- Config file: /usr/local/etc/praas
- Service file: /etc/systemd/system
Edit config file Config PRaaS if needs customizing
# praas.conf
[praas]
port_app = 3000 #RESTful API default run on port 3000
router_port_range = 4000:4100 #Specific router port range using for pat agent
second_monitoring = 30 #Specific period working of monitor agent.
Config to auto login OpenStack for PRaaS
# clouds.yaml
clouds:
openstack:
auth:
auth_url: http://controller:5000/v3/ #specific ip or hostname of controller
username: "admin"
password: "xxx"
project_name: "admin"
project_domain_name: 'Default'
user_domain_name: "Default"
region_name: "RegionOne"
interface: "public"
identity_api_version: 3
PRaaS include PAT agent service and Monitor agent service
$ systemctl start praas-pat-agent.service
$ systemctl status praas-pat-agent.service
$ systemctl start praas-monitor-agent.service
$ systemctl status praas-monitor-agent.service
# create user define-chain which referenced to postrouting and prerouting to avoid conflicting
sudo iptables -t nat -N custom-PREROUTING
sudo iptables -t nat -N custom-POSTROUTING
sudo iptables -t nat -I PREROUTING -j custom-PREROUTING
sudo iptables -t nat -I POSTROUTING -j custom-POSTROUTING
# commandline to create rules in examples
iptables -t nat -A custom-PREROUTING -p tcp -m tcp --dport 4022 -j DNAT --to 192.168.21.227:22
iptables -t nat -A custom-POSTROUTING -p tcp -m tcp --dport 22 -d 192.168.21.227 -j MASQUERADE