Skip to content

Commit

Permalink
Add option to disable public network
Browse files Browse the repository at this point in the history
  • Loading branch information
@JonasProgrammer
JonasProgrammer committed Jul 15, 2022
1 parent 62af3e4 commit 6659615
Show file tree
Hide file tree
Showing 2 changed files with 79 additions and 23 deletions.
53 changes: 31 additions & 22 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,28 +128,37 @@ was used during creation.

#### Environment variables and default values

| CLI option | Environment variable | Default |
| ----------------------------------- | --------------------------------- | -------------------------- |
| **`--hetzner-api-token`** | `HETZNER_API_TOKEN` | |
| `--hetzner-image` | `HETZNER_IMAGE` | `ubuntu-18.04` |
| `--hetzner-image-id` | `HETZNER_IMAGE_ID` | |
| `--hetzner-server-type` | `HETZNER_TYPE` | `cx11` |
| `--hetzner-server-location` | `HETZNER_LOCATION` | *(let Hetzner choose)* |
| `--hetzner-existing-key-path` | `HETZNER_EXISTING_KEY_PATH` | *(generate new keypair)* |
| `--hetzner-existing-key-id` | `HETZNER_EXISTING_KEY_ID` | 0 *(upload new key)* |
| `--hetzner-additional-key` | `HETZNER_ADDITIONAL_KEYS` | |
| `--hetzner-user-data` | `HETZNER_USER_DATA` | |
| `--hetzner-networks` | `HETZNER_NETWORKS` | |
| `--hetzner-firewalls` | `HETZNER_FIREWALLS` | |
| `--hetzner-volumes` | `HETZNER_VOLUMES` | |
| `--hetzner-use-private-network` | `HETZNER_USE_PRIVATE_NETWORK` | false |
| `--hetzner-server-label` | (inoperative) | `[]` |
| `--hetzner-key-label` | (inoperative) | `[]` |
| `--hetzner-placement-group` | `HETZNER_PLACEMENT_GROUP` | |
| `--hetzner-auto-spread` | `HETZNER_AUTO_SPREAD` | false |
| `--hetzner-ssh-user` | `HETZNER_SSH_USER` | root |
| `--hetzner-ssh-port` | `HETZNER_SSH_PORT` | 22 |

| CLI option | Environment variable | Default |
|---------------------------------|-------------------------------| -------------------------- |
| **`--hetzner-api-token`** | `HETZNER_API_TOKEN` | |
| `--hetzner-image` | `HETZNER_IMAGE` | `ubuntu-18.04` |
| `--hetzner-image-id` | `HETZNER_IMAGE_ID` | |
| `--hetzner-server-type` | `HETZNER_TYPE` | `cx11` |
| `--hetzner-server-location` | `HETZNER_LOCATION` | *(let Hetzner choose)* |
| `--hetzner-existing-key-path` | `HETZNER_EXISTING_KEY_PATH` | *(generate new keypair)* |
| `--hetzner-existing-key-id` | `HETZNER_EXISTING_KEY_ID` | 0 *(upload new key)* |
| `--hetzner-additional-key` | `HETZNER_ADDITIONAL_KEYS` | |
| `--hetzner-user-data` | `HETZNER_USER_DATA` | |
| `--hetzner-networks` | `HETZNER_NETWORKS` | |
| `--hetzner-firewalls` | `HETZNER_FIREWALLS` | |
| `--hetzner-volumes` | `HETZNER_VOLUMES` | |
| `--hetzner-use-private-network` | `HETZNER_USE_PRIVATE_NETWORK` | false |
| `--hetzner-disable-public-4` | `HETZNER_DISABLE_PUBLIC_4` | false |
| `--hetzner-disable-public-6` | `HETZNER_DISABLE_PUBLIC_6` | false |
| `--hetzner-disable-public` | `HETZNER_DISABLE_PUBLIC` | false |
| `--hetzner-server-label` | (inoperative) | `[]` |
| `--hetzner-key-label` | (inoperative) | `[]` |
| `--hetzner-placement-group` | `HETZNER_PLACEMENT_GROUP` | |
| `--hetzner-auto-spread` | `HETZNER_AUTO_SPREAD` | false |
| `--hetzner-ssh-user` | `HETZNER_SSH_USER` | root |
| `--hetzner-ssh-port` | `HETZNER_SSH_PORT` | 22 |

**Networking hint:** When disabling all public IPs, `--hetzner-use-private-network` must be given.
`--hetzner-disable-public` will take care of that, and behaves as if
`--hetzner-disable-public-4 --hetzner-disable-public-6 --hetzner-use-private-network`
were given.
Using `--hetzner-use-private-network` implicitly or explicitly requires at least one `--hetzner-network`
to be given.

## Building from source

Expand Down
49 changes: 48 additions & 1 deletion driver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ type Driver struct {
Volumes []string
Networks []string
UsePrivateNetwork bool
DisablePublic4 bool
DisablePublic6 bool
Firewalls []string
ServerLabels map[string]string
keyLabels map[string]string
Expand All @@ -69,6 +71,9 @@ const (
flagVolumes = "hetzner-volumes"
flagNetworks = "hetzner-networks"
flagUsePrivateNetwork = "hetzner-use-private-network"
flagDisablePublic4 = "hetzner-disable-public-4"
flagDisablePublic6 = "hetzner-disable-public-6"
flagDisablePublic = "hetzner-disable-public"
flagFirewalls = "hetzner-firewalls"
flagAdditionalKeys = "hetzner-additional-key"
flagServerLabel = "hetzner-server-label"
Expand Down Expand Up @@ -171,6 +176,21 @@ func (d *Driver) GetCreateFlags() []mcnflag.Flag {
Name: flagUsePrivateNetwork,
Usage: "Use private network",
},
mcnflag.BoolFlag{
EnvVar: "HETZNER_DISABLE_PUBLIC_4",
Name: flagDisablePublic4,
Usage: "Disable public ipv4",
},
mcnflag.BoolFlag{
EnvVar: "HETZNER_DISABLE_PUBLIC_6",
Name: flagDisablePublic6,
Usage: "Disable public ipv6",
},
mcnflag.BoolFlag{
EnvVar: "HETZNER_DISABLE_PUBLIC",
Name: flagDisablePublic,
Usage: "Disable public ip (v4 & v6)",
},
mcnflag.StringSliceFlag{
EnvVar: "HETZNER_FIREWALLS",
Name: flagFirewalls,
Expand Down Expand Up @@ -235,7 +255,10 @@ func (d *Driver) SetConfigFromFlags(opts drivers.DriverOptions) error {
d.userData = opts.String(flagUserData)
d.Volumes = opts.StringSlice(flagVolumes)
d.Networks = opts.StringSlice(flagNetworks)
d.UsePrivateNetwork = opts.Bool(flagUsePrivateNetwork)
disablePublic := opts.Bool(flagDisablePublic)
d.UsePrivateNetwork = opts.Bool(flagUsePrivateNetwork) || disablePublic
d.DisablePublic4 = opts.Bool(flagDisablePublic4) || disablePublic
d.DisablePublic6 = opts.Bool(flagDisablePublic6) || disablePublic
d.Firewalls = opts.StringSlice(flagFirewalls)
d.AdditionalKeys = opts.StringSlice(flagAdditionalKeys)

Expand Down Expand Up @@ -265,6 +288,11 @@ func (d *Driver) SetConfigFromFlags(opts drivers.DriverOptions) error {
return errors.Errorf("--%v and --%v are mutually exclusive", flagImage, flagImageID)
}

if d.DisablePublic4 && d.DisablePublic6 && !d.UsePrivateNetwork {
return errors.Errorf("--%v must be used if public networking is disabled (hint: implicitly set by --%v)",
flagUsePrivateNetwork, flagDisablePublic)
}

return nil
}

Expand Down Expand Up @@ -415,6 +443,18 @@ func (d *Driver) configureNetworkAccess(srv hcloud.ServerCreateResult) error {
}
time.Sleep(1 * time.Second)
}
} else if d.DisablePublic4 {
log.Infof("Using public IPv6 network ...")

pv6 := srv.Server.PublicNet.IPv6
ip := pv6.IP
if ip.Mask(pv6.Network.Mask).Equal(pv6.Network.IP) { // no host given
ip[net.IPv6len-1] |= 0x01 // TODO make this configurable
}

ips := ip.String()
log.Infof(" -> resolved %v ...", ips)
d.IPAddress = ips
} else {
log.Infof("Using public network ...")
d.IPAddress = srv.Server.PublicNet.IPv4.IP.String()
Expand Down Expand Up @@ -451,6 +491,13 @@ func (d *Driver) makeCreateServerOptions() (*hcloud.ServerCreateOpts, error) {
PlacementGroup: pgrp,
}

if d.DisablePublic4 || d.DisablePublic6 {
srvopts.PublicNet = &hcloud.ServerCreatePublicNet{
EnableIPv4: !d.DisablePublic4,
EnableIPv6: !d.DisablePublic6,
}
}

networks, err := d.createNetworks()
if err != nil {
return nil, err
Expand Down

0 comments on commit 6659615

Please sign in to comment.