libs.tools.resolve_identifier(): add option to filter out linklocal ips and only physical interfaces

2023-09-09 15:37:37 +02:00 · 2023-09-09 15:37:37 +02:00 · 2b51812118
commit 2b51812118
parent 6539923644
3 changed files with 19 additions and 27 deletions
--- a/bundles/nftables/metadata.py
+++ b/bundles/nftables/metadata.py
@ -78,7 +78,7 @@ def port_rules_to_nftables(metadata):
            if target in ('*', 'ipv4', 'ipv6'):
                ruleset.add(f'inet filter input {version_str} {port_str} accept {comment}')
            else:
-                resolved = repo.libs.tools.resolve_identifier(repo, target)
+                resolved = repo.libs.tools.resolve_identifier(repo, target, linklocal=True)

                for address in resolved['ipv4']:
                    ruleset.add(f'inet filter input meta nfproto ipv4 {port_str} ip saddr {address} accept {comment}')
--- a/bundles/powerdns/metadata.py
+++ b/bundles/powerdns/metadata.py
@ -134,7 +134,7 @@ def generate_dns_entries_for_nodes(metadata):
        ip4 = None
        ip6 = None

-        found_ips = repo.libs.tools.resolve_identifier(repo, rnode.name)
+        found_ips = repo.libs.tools.resolve_identifier(repo, rnode.name, only_physical=True)
        for ip in sorted(found_ips['ipv4']):
            if not ip4 and not ip.is_private:
                ip4 = ip
@ -144,30 +144,10 @@ def generate_dns_entries_for_nodes(metadata):
                ip6 = ip

        if not ip4 and found_ips['ipv4']:
-            # This node apparently does not have a public IPv4 address.
-            # We now manually iterate over that nodes interfaces to get
-            # a IPv4 address which is tied to a physical interface.
-            # Note we can't use resolve_identifier() here, because we
-            # only want physical interfaces.
-            for interface, config in rnode.metadata.get('interfaces', {}).items():
-                if not (
-                    interface.startswith('bond') or
-                    interface.startswith('br') or
-                    interface.startswith('eno') or
-                    interface.startswith('enp') or
-                    interface.startswith('eth') or
-                    interface == 'default' # dummy nodes use these
-                ):
-                    continue
-
-                for ip in sorted(config.get('ips', set())):
-                    if '/' in ip:
-                        addr = ip_address(ip.split('/')[0])
-                    else:
-                        addr = ip_address(ip)
-
-                    if not ip4 and isinstance(addr, IPv4Address):
-                        ip4 = addr
+            # do it again, but do not filter out private addresses
+            for ip in sorted(found_ips['ipv4']):
+                if not ip4:
+                    ip4 = ip

        if ip4:
            results.add('{} IN A {}'.format(dns_name, ip4))