From 66596150069fec35e56b609a21c1eb9626d31174 Mon Sep 17 00:00:00 2001 From: JonasS Date: Fri, 15 Jul 2022 19:27:45 +0200 Subject: [PATCH] Add option to disable public network --- README.md | 53 +++++++++++++++++++++++++++++++---------------------- driver.go | 49 ++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 79 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 8312974..2f0b0df 100644 --- a/README.md +++ b/README.md @@ -128,28 +128,37 @@ was used during creation. #### Environment variables and default values -| CLI option | Environment variable | Default | -| ----------------------------------- | --------------------------------- | -------------------------- | -| **`--hetzner-api-token`** | `HETZNER_API_TOKEN` | | -| `--hetzner-image` | `HETZNER_IMAGE` | `ubuntu-18.04` | -| `--hetzner-image-id` | `HETZNER_IMAGE_ID` | | -| `--hetzner-server-type` | `HETZNER_TYPE` | `cx11` | -| `--hetzner-server-location` | `HETZNER_LOCATION` | *(let Hetzner choose)* | -| `--hetzner-existing-key-path` | `HETZNER_EXISTING_KEY_PATH` | *(generate new keypair)* | -| `--hetzner-existing-key-id` | `HETZNER_EXISTING_KEY_ID` | 0 *(upload new key)* | -| `--hetzner-additional-key` | `HETZNER_ADDITIONAL_KEYS` | | -| `--hetzner-user-data` | `HETZNER_USER_DATA` | | -| `--hetzner-networks` | `HETZNER_NETWORKS` | | -| `--hetzner-firewalls` | `HETZNER_FIREWALLS` | | -| `--hetzner-volumes` | `HETZNER_VOLUMES` | | -| `--hetzner-use-private-network` | `HETZNER_USE_PRIVATE_NETWORK` | false | -| `--hetzner-server-label` | (inoperative) | `[]` | -| `--hetzner-key-label` | (inoperative) | `[]` | -| `--hetzner-placement-group` | `HETZNER_PLACEMENT_GROUP` | | -| `--hetzner-auto-spread` | `HETZNER_AUTO_SPREAD` | false | -| `--hetzner-ssh-user` | `HETZNER_SSH_USER` | root | -| `--hetzner-ssh-port` | `HETZNER_SSH_PORT` | 22 | - +| CLI option | Environment variable | Default | +|---------------------------------|-------------------------------| -------------------------- | +| **`--hetzner-api-token`** | `HETZNER_API_TOKEN` | | +| `--hetzner-image` | `HETZNER_IMAGE` | `ubuntu-18.04` | +| `--hetzner-image-id` | `HETZNER_IMAGE_ID` | | +| `--hetzner-server-type` | `HETZNER_TYPE` | `cx11` | +| `--hetzner-server-location` | `HETZNER_LOCATION` | *(let Hetzner choose)* | +| `--hetzner-existing-key-path` | `HETZNER_EXISTING_KEY_PATH` | *(generate new keypair)* | +| `--hetzner-existing-key-id` | `HETZNER_EXISTING_KEY_ID` | 0 *(upload new key)* | +| `--hetzner-additional-key` | `HETZNER_ADDITIONAL_KEYS` | | +| `--hetzner-user-data` | `HETZNER_USER_DATA` | | +| `--hetzner-networks` | `HETZNER_NETWORKS` | | +| `--hetzner-firewalls` | `HETZNER_FIREWALLS` | | +| `--hetzner-volumes` | `HETZNER_VOLUMES` | | +| `--hetzner-use-private-network` | `HETZNER_USE_PRIVATE_NETWORK` | false | +| `--hetzner-disable-public-4` | `HETZNER_DISABLE_PUBLIC_4` | false | +| `--hetzner-disable-public-6` | `HETZNER_DISABLE_PUBLIC_6` | false | +| `--hetzner-disable-public` | `HETZNER_DISABLE_PUBLIC` | false | +| `--hetzner-server-label` | (inoperative) | `[]` | +| `--hetzner-key-label` | (inoperative) | `[]` | +| `--hetzner-placement-group` | `HETZNER_PLACEMENT_GROUP` | | +| `--hetzner-auto-spread` | `HETZNER_AUTO_SPREAD` | false | +| `--hetzner-ssh-user` | `HETZNER_SSH_USER` | root | +| `--hetzner-ssh-port` | `HETZNER_SSH_PORT` | 22 | + +**Networking hint:** When disabling all public IPs, `--hetzner-use-private-network` must be given. +`--hetzner-disable-public` will take care of that, and behaves as if +`--hetzner-disable-public-4 --hetzner-disable-public-6 --hetzner-use-private-network` +were given. +Using `--hetzner-use-private-network` implicitly or explicitly requires at least one `--hetzner-network` +to be given. ## Building from source diff --git a/driver.go b/driver.go index 4ab430c..37e04d0 100644 --- a/driver.go +++ b/driver.go @@ -43,6 +43,8 @@ type Driver struct { Volumes []string Networks []string UsePrivateNetwork bool + DisablePublic4 bool + DisablePublic6 bool Firewalls []string ServerLabels map[string]string keyLabels map[string]string @@ -69,6 +71,9 @@ const ( flagVolumes = "hetzner-volumes" flagNetworks = "hetzner-networks" flagUsePrivateNetwork = "hetzner-use-private-network" + flagDisablePublic4 = "hetzner-disable-public-4" + flagDisablePublic6 = "hetzner-disable-public-6" + flagDisablePublic = "hetzner-disable-public" flagFirewalls = "hetzner-firewalls" flagAdditionalKeys = "hetzner-additional-key" flagServerLabel = "hetzner-server-label" @@ -171,6 +176,21 @@ func (d *Driver) GetCreateFlags() []mcnflag.Flag { Name: flagUsePrivateNetwork, Usage: "Use private network", }, + mcnflag.BoolFlag{ + EnvVar: "HETZNER_DISABLE_PUBLIC_4", + Name: flagDisablePublic4, + Usage: "Disable public ipv4", + }, + mcnflag.BoolFlag{ + EnvVar: "HETZNER_DISABLE_PUBLIC_6", + Name: flagDisablePublic6, + Usage: "Disable public ipv6", + }, + mcnflag.BoolFlag{ + EnvVar: "HETZNER_DISABLE_PUBLIC", + Name: flagDisablePublic, + Usage: "Disable public ip (v4 & v6)", + }, mcnflag.StringSliceFlag{ EnvVar: "HETZNER_FIREWALLS", Name: flagFirewalls, @@ -235,7 +255,10 @@ func (d *Driver) SetConfigFromFlags(opts drivers.DriverOptions) error { d.userData = opts.String(flagUserData) d.Volumes = opts.StringSlice(flagVolumes) d.Networks = opts.StringSlice(flagNetworks) - d.UsePrivateNetwork = opts.Bool(flagUsePrivateNetwork) + disablePublic := opts.Bool(flagDisablePublic) + d.UsePrivateNetwork = opts.Bool(flagUsePrivateNetwork) || disablePublic + d.DisablePublic4 = opts.Bool(flagDisablePublic4) || disablePublic + d.DisablePublic6 = opts.Bool(flagDisablePublic6) || disablePublic d.Firewalls = opts.StringSlice(flagFirewalls) d.AdditionalKeys = opts.StringSlice(flagAdditionalKeys) @@ -265,6 +288,11 @@ func (d *Driver) SetConfigFromFlags(opts drivers.DriverOptions) error { return errors.Errorf("--%v and --%v are mutually exclusive", flagImage, flagImageID) } + if d.DisablePublic4 && d.DisablePublic6 && !d.UsePrivateNetwork { + return errors.Errorf("--%v must be used if public networking is disabled (hint: implicitly set by --%v)", + flagUsePrivateNetwork, flagDisablePublic) + } + return nil } @@ -415,6 +443,18 @@ func (d *Driver) configureNetworkAccess(srv hcloud.ServerCreateResult) error { } time.Sleep(1 * time.Second) } + } else if d.DisablePublic4 { + log.Infof("Using public IPv6 network ...") + + pv6 := srv.Server.PublicNet.IPv6 + ip := pv6.IP + if ip.Mask(pv6.Network.Mask).Equal(pv6.Network.IP) { // no host given + ip[net.IPv6len-1] |= 0x01 // TODO make this configurable + } + + ips := ip.String() + log.Infof(" -> resolved %v ...", ips) + d.IPAddress = ips } else { log.Infof("Using public network ...") d.IPAddress = srv.Server.PublicNet.IPv4.IP.String() @@ -451,6 +491,13 @@ func (d *Driver) makeCreateServerOptions() (*hcloud.ServerCreateOpts, error) { PlacementGroup: pgrp, } + if d.DisablePublic4 || d.DisablePublic6 { + srvopts.PublicNet = &hcloud.ServerCreatePublicNet{ + EnableIPv4: !d.DisablePublic4, + EnableIPv6: !d.DisablePublic6, + } + } + networks, err := d.createNetworks() if err != nil { return nil, err