From a4cd5bce4d2ff638e1f3e88cffce3908c3b216e5 Mon Sep 17 00:00:00 2001
From: GnomeZworc <nicolas.boufidjeline@g3e.fr>
Date: Mon, 19 May 2025 18:47:13 +0200
Subject: [PATCH] make public ip infra

Signed-off-by: GnomeZworc <nicolas.boufidjeline@g3e.fr>
---
 README.md         | 44 +++++++-------------------------------------
 lib/prime/init.sh | 16 ++++++++++++++++
 lib/public_ip.sh  | 28 ++++++++++++++++++++++++++++
 lib/vpc.sh        | 14 ++++++++++++++
 4 files changed, 65 insertions(+), 37 deletions(-)
 create mode 100644 lib/public_ip.sh

diff --git a/README.md b/README.md
index 7dabe9e..a75e2ff 100644
--- a/README.md
+++ b/README.md
@@ -5,20 +5,13 @@ this project is Two with bash on first move
 
 ## Prepare kvm
 
-```
-apt-get install -y \
-  vim \
-  htop \
-  socat \
-  ebtables \                          # filtre arp
-  qemu-system qemu-utils qemu-kvm \   # qemu install
-  genisoimage \                       # cloud-init file
-  curl \
-  whois \
-  tcpdump \
-  bridge-utils                        # bridge add
-```
-
+package usage:
+- ebtables / filtre arp
+- socat / socket interaction
+- qemu-system qemu-utils qemu-kvm / qemu install
+- curl / use lib
+- tcpdump / debug network
+- bridge-utils / bridge add
 
 ## Command et info utile
 
@@ -104,27 +97,4 @@ qemu-system-x86_64 -enable-kvm -cpu host -m 512 \
   -netdev tap,id=net0,ifname=tap9102959250,script=no,downscript=no -device virtio-net-pci,netdev=net0,mac=00:22:33:00:00:0A \
   -display none -daemonize \
   -drive file=./seed/seed.iso,media=cdrom,if=ide
-```
-
-add public ip:
-```
-brctl addbr br-public
-brctl stp   "br-public" off
-ip link add "veth-public-ext" type veth peer name "veth-public-int" netns "vpc-00003"
-ip netns exec "vpc-00003" brctl addbr "br-public"
-ip netns exec "vpc-00003" brctl stp   "br-public" off
-
-brctl addif "br-public" "veth-public-ext"
-ip netns exec "vpc-00003" brctl addif "br-public" "veth-public-int"
-
-
-ip                link set up dev "veth-public-ext"
-ip                link set up dev "br-public"
-ip -n "vpc-00003" link set up dev "veth-public-int"
-ip -n "vpc-00003" link set up dev "br-public"
-
-ip link add link eno1 name macvlan0 type macvlan mode bridge
-
--A PREROUTING -d 192.168.15.2/32 -j DNAT --to-destination 192.168.20.10
--A POSTROUTING -s 192.168.20.10/32 -o br-public -j MASQUERADE
 ```
\ No newline at end of file
diff --git a/lib/prime/init.sh b/lib/prime/init.sh
index c224ff5..5739719 100644
--- a/lib/prime/init.sh
+++ b/lib/prime/init.sh
@@ -3,6 +3,18 @@
 . ./lib/metadata.sh
 
 function config_kvm {
+    apt-get install -y \
+        vim \
+        htop \
+        socat \
+        ebtables \
+        qemu-system qemu-utils qemu-kvm \
+        genisoimage \
+        curl \
+        whois \
+        tcpdump \
+        bridge-utils
+
     sysctl -w net.ipv4.ip_forward=1
     iptables -A OUTPUT -p icmp --icmp-type time-exceeded -j DROP
 
@@ -25,6 +37,10 @@ function config_kvm {
     iptables -A INPUT -j ACCEPT_BOGON
 
 
+    brctl addbr br-public
+    brctl stp   "br-public" off
+    ip link set up dev "br-public"
+
     metadata_service
     systemctl daemon-reload
 }
\ No newline at end of file
diff --git a/lib/public_ip.sh b/lib/public_ip.sh
new file mode 100644
index 0000000..0c2a596
--- /dev/null
+++ b/lib/public_ip.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+function add_public_ip {
+    local vpc_name="${1}"
+    local public_ip="${2}"
+    local private_ip="${3}"
+    local host_ip="${4}"
+    
+    ip -n "${vpc_name}" a add "${public_ip}/32" dev br-public
+    ip                  r add "${public_ip}" dev br-public scope link
+    ip -n "${vpc_name}" r add "${host_ip}" dev br-public scope link
+    ip -n "${vpc_name}" r add default via "${host_ip}"
+
+    ip netns exec "${vpc_name}" iptables -t nat -A PREROUTING -d "${public_ip}/32" -j DNAT --to-destination "${private_ip}"
+    ip netns exec "${vpc_name}" iptables -t nat -A POSTROUTING -s "${private_ip}/32" -o br-public --to-source "${public_ip}" -j SNAT
+}
+
+function delete_public_ip {
+    local vpc_name="${1}"
+    local public_ip="${2}"
+    local private_ip="${3}"
+
+    ip -n "${vpc_name}" a del "${public_ip}/32" dev br-public
+    ip                  r del "${public_ip}" dev br-public
+
+    ip netns exec "${vpc_name}" iptables -t nat -D PREROUTING -d "${public_ip}/32" -j DNAT --to-destination "${private_ip}"
+    ip netns exec "${vpc_name}" iptables -t nat -D POSTROUTING -s "${private_ip}/32" -o br-public --to-source "${public_ip}" -j SNAT
+}
\ No newline at end of file
diff --git a/lib/vpc.sh b/lib/vpc.sh
index 498fe65..8dfc5e3 100644
--- a/lib/vpc.sh
+++ b/lib/vpc.sh
@@ -27,6 +27,20 @@ function create_vpc {
     {
         add_in_db "vpc" "${vpc_name}"
         create_netns "${vpc_name}"
+
+        ip link add "${vpc_name}-ext" type veth peer name "veth-public-int" netns "${vpc_name}"
+        ip netns exec "${vpc_name}" brctl addbr "br-public"
+        ip netns exec "${vpc_name}" brctl stp   "br-public" off
+
+
+        brctl addif "br-public" "${vpc_name}-ext"
+        ip netns exec "${vpc_name}" brctl addif "br-public" "veth-public-int"
+
+
+        ip                  link set up dev "${vpc_name}-ext"
+        ip -n "${vpc_name}" link set up dev "veth-public-int"
+        ip -n "${vpc_name}" link set up dev "br-public"
+
         print_in_color "${COLOR_GREEN}" "Create ${vpc_name}"
     }