├── src └── .gitkeep ├── jobs ├── set_mtu │ ├── monit │ ├── spec │ └── templates │ │ └── pre-start.sh.erb ├── multi_home │ ├── monit │ ├── templates │ │ └── pre-start.sh.erb │ └── spec ├── port_forwarding │ ├── templates │ │ └── bin │ │ │ ├── unforward_ports.sh.erb │ │ │ ├── ctl │ │ │ └── forward_ports.sh.erb │ ├── monit │ └── spec ├── nat │ ├── monit │ ├── spec │ └── templates │ │ └── bin │ │ └── nat_ctl.erb ├── gateway │ ├── spec │ ├── monit │ └── templates │ │ └── bin │ │ └── gateway_ctl.erb ├── iptables │ ├── monit │ ├── templates │ │ └── bin │ │ │ ├── disable.sh │ │ │ ├── ctl │ │ │ └── enable.sh │ └── spec └── routes │ ├── monit │ ├── spec │ └── templates │ └── bin │ └── routes_ctl.erb ├── packages └── .gitkeep ├── config ├── blobs.yml └── final.yml ├── .gitattributes ├── .gitignore ├── .final_builds ├── jobs │ ├── iptables │ │ └── index.yml │ ├── gateway │ │ └── index.yml │ ├── nat │ │ └── index.yml │ ├── routes │ │ └── index.yml │ ├── set_mtu │ │ └── index.yml │ ├── multi_home │ │ └── index.yml │ └── port_forwarding │ │ └── index.yml └── license │ └── index.yml ├── releases └── networking │ ├── index.yml │ ├── networking-6.yml │ ├── networking-7.yml │ ├── networking-8.yml │ └── networking-9.yml ├── NOTICE ├── CONTRIBUTING.md ├── README.md └── LICENSE /src/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /jobs/set_mtu/monit: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /packages/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /jobs/multi_home/monit: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /config/blobs.yml: -------------------------------------------------------------------------------- 1 | --- {} 2 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | config/*.yml -whitespace 2 | releases/*.yml -whitespace 3 | -------------------------------------------------------------------------------- /jobs/port_forwarding/templates/bin/unforward_ports.sh.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | iptables -t nat -F portforwarding-release 4 | -------------------------------------------------------------------------------- /config/final.yml: -------------------------------------------------------------------------------- 1 | --- 2 | final_name: networking 3 | blobstore: 4 | provider: s3 5 | options: 6 | bucket_name: networking-release-blobs 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | config/dev.yml 2 | config/private.yml 3 | releases/*.tgz 4 | dev_releases 5 | blobs 6 | .blobs 7 | .dev_builds 8 | .idea 9 | .final_builds/jobs/**/*.tgz 10 | .final_builds/packages/**/*.tgz 11 | -------------------------------------------------------------------------------- /jobs/nat/monit: -------------------------------------------------------------------------------- 1 | check file nat 2 | with path /var/vcap/sys/run/nat/nat.check 3 | start program "/var/vcap/jobs/nat/bin/nat_ctl start" 4 | stop program "/var/vcap/jobs/nat/bin/nat_ctl stop" 5 | group vcap 6 | -------------------------------------------------------------------------------- /jobs/gateway/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: gateway 3 | 4 | packages: [] 5 | 6 | templates: 7 | bin/gateway_ctl.erb: bin/gateway_ctl 8 | 9 | properties: 10 | networking.gateway.default: 11 | description: "Default gateway" 12 | -------------------------------------------------------------------------------- /jobs/iptables/monit: -------------------------------------------------------------------------------- 1 | check file iptables 2 | with path /var/vcap/sys/run/iptables/iptables.check 3 | start program "/var/vcap/jobs/iptables/bin/ctl start" 4 | stop program "/var/vcap/jobs/iptables/bin/ctl stop" 5 | group vcap 6 | -------------------------------------------------------------------------------- /jobs/routes/monit: -------------------------------------------------------------------------------- 1 | check file routes 2 | with path /var/vcap/sys/run/routes/routes.check 3 | start program "/var/vcap/jobs/routes/bin/routes_ctl start" 4 | stop program "/var/vcap/jobs/routes/bin/routes_ctl stop" 5 | group vcap 6 | -------------------------------------------------------------------------------- /jobs/gateway/monit: -------------------------------------------------------------------------------- 1 | check file gateway 2 | with path /var/vcap/sys/run/gateway/gateway.check 3 | start program "/var/vcap/jobs/gateway/bin/gateway_ctl start" 4 | stop program "/var/vcap/jobs/gateway/bin/gateway_ctl stop" 5 | group vcap 6 | -------------------------------------------------------------------------------- /jobs/iptables/templates/bin/disable.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | <% p("iptables").each do |table, chains| 4 | chains.each do |chain, rules| %> 5 | 6 | iptables -t "<%= table %>" -F "pfbr-custom-<%= chain %>" 7 | 8 | <% end %> 9 | <% end %> 10 | -------------------------------------------------------------------------------- /jobs/port_forwarding/monit: -------------------------------------------------------------------------------- 1 | check file port_forwarding 2 | with path /var/vcap/sys/run/port_forwarding/port_forwarding.check 3 | start program "/var/vcap/jobs/port_forwarding/bin/ctl start" 4 | stop program "/var/vcap/jobs/port_forwarding/bin/ctl stop" 5 | group vcap 6 | -------------------------------------------------------------------------------- /.final_builds/jobs/iptables/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | fa4165f10ad596327915f64de5587649fa68ba71: 3 | version: fa4165f10ad596327915f64de5587649fa68ba71 4 | blobstore_id: d7fbfe5e-81c6-4c35-4222-436d8d467253 5 | sha1: 275aeef7218679794663cf9eba8db1f773b2b6fc 6 | format-version: "2" 7 | -------------------------------------------------------------------------------- /.final_builds/license/index.yml: -------------------------------------------------------------------------------- 1 | --- 2 | builds: 3 | b05c781702eb7beb67f8590ba3b577efb5c5a575: 4 | version: b05c781702eb7beb67f8590ba3b577efb5c5a575 5 | sha1: 66c47e39720a8527bee9289e78d8c998fb193a87 6 | blobstore_id: 9a03da20-9f8d-415a-8daa-717ba6ae44ee 7 | format-version: '2' 8 | -------------------------------------------------------------------------------- /jobs/multi_home/templates/pre-start.sh.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -ex 4 | 5 | sysctl net.ipv4.conf.all.rp_filter=<%= p('multi_home.rp_filter') %> 6 | 7 | # In case VM is restarted 8 | cat > /etc/sysctl.d/70-bosh-multi-home.conf < 10 | EOF 11 | -------------------------------------------------------------------------------- /releases/networking/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 3fbf9849-f9a2-4127-bd87-bdf9a20b0dcf: 3 | version: "8" 4 | 9238988d-fbb5-450a-6b0d-7ec484ed8757: 5 | version: "9" 6 | bad286e9-a650-4368-9eae-f75330b59300: 7 | version: "7" 8 | f1e48903-0495-41f3-985c-a07b040eabcf: 9 | version: "6" 10 | format-version: "2" 11 | -------------------------------------------------------------------------------- /jobs/multi_home/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: multi_home 3 | 4 | templates: 5 | pre-start.sh.erb: bin/pre-start 6 | 7 | properties: 8 | multi_home.rp_filter: 9 | description: Enable kernel to accept asymmetrically routed packets. See http://engineering.pivotal.io/post/multi-homed-bosh-director for more details. 10 | default: 2 11 | -------------------------------------------------------------------------------- /jobs/set_mtu/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: set_mtu 3 | 4 | templates: 5 | pre-start.sh.erb: bin/pre-start 6 | 7 | properties: 8 | networking.set_mtu.interface: 9 | description: Network interface name. 10 | default: eth0 11 | 12 | networking.set_mtu.mtu: 13 | description: MTU (Maximum Transmission Unit) value in bytes 14 | default: 1500 15 | -------------------------------------------------------------------------------- /jobs/nat/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: nat 3 | 4 | packages: [] 5 | 6 | templates: 7 | bin/nat_ctl.erb: bin/nat_ctl 8 | 9 | properties: 10 | networking.nat.in_interface: 11 | description: "Input interface to forward packets" 12 | default: "eth0" 13 | networking.nat.out_interface: 14 | description: "Output interface to forward packets" 15 | default: "eth1" 16 | -------------------------------------------------------------------------------- /jobs/iptables/templates/bin/ctl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e -u 4 | 5 | mkdir -p /var/vcap/sys/run/iptables 6 | 7 | case $1 in 8 | 9 | start) 10 | /var/vcap/jobs/iptables/bin/enable.sh 11 | touch /var/vcap/sys/run/iptables/iptables.check 12 | ;; 13 | 14 | stop) 15 | /var/vcap/jobs/iptables/bin/disable.sh 16 | rm /var/vcap/sys/run/iptables/iptables.check 17 | ;; 18 | *) 19 | 20 | esac 21 | 22 | exit 0 23 | -------------------------------------------------------------------------------- /jobs/set_mtu/templates/pre-start.sh.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | INTERFACE=<%= p('networking.set_mtu.interface') %> 6 | MTU=<%= p('networking.set_mtu.mtu') %> 7 | 8 | DHCP_HOOK=/etc/dhcp/dhclient-exit-hooks.d/set_mtu 9 | 10 | # Override MTU setting when DHCP lease is renewed 11 | cat < ${DHCP_HOOK} 12 | #!/bin/sh 13 | ifconfig ${INTERFACE} mtu ${MTU} 14 | EOF 15 | chmod +x ${DHCP_HOOK} 16 | 17 | # Enable new MTU setting now 18 | ${DHCP_HOOK} 19 | -------------------------------------------------------------------------------- /jobs/iptables/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: iptables 3 | 4 | templates: 5 | bin/ctl: bin/ctl 6 | bin/enable.sh: bin/enable.sh 7 | bin/disable.sh: bin/disable.sh 8 | 9 | properties: 10 | iptables: 11 | description: "Map of rules per chain per table to apply in iptables" 12 | default: {} 13 | example: 14 | nat: # one of: nat, filter, raw, mangle, security 15 | POSTROUTING: # a valid chain 16 | - -s 10.244.0.0/24 -j MASQUERADE 17 | -------------------------------------------------------------------------------- /.final_builds/jobs/gateway/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 4c017076625ffc4b0ec9b61996b46f9086e800a7: 3 | version: 4c017076625ffc4b0ec9b61996b46f9086e800a7 4 | blobstore_id: 176bd6bc-1ee3-4311-50ea-55ac296dc9d8 5 | sha1: 0803d1d085b7f7aac7b7a7de52f9b30095d11aff 6 | f3485630b99f1e00b311e861c97a1ac3d18dc44e: 7 | version: f3485630b99f1e00b311e861c97a1ac3d18dc44e 8 | blobstore_id: 12251c46-83f5-4799-ae4d-964b1679e99a 9 | sha1: 59ed18f91c72507cde393f90b78b4f73e3e37df5 10 | format-version: "2" 11 | -------------------------------------------------------------------------------- /.final_builds/jobs/nat/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 46475809128ee30cf7c3829bbbc15906ea9a1f9f: 3 | version: 46475809128ee30cf7c3829bbbc15906ea9a1f9f 4 | blobstore_id: c5e0ab52-6fcf-4516-95e4-2737c31a339f 5 | sha1: 32d635e44f6725688c4b5e81747456364ee1e394 6 | 94c903dc14a0950c1299dffe416a7b5efe513b2c: 7 | version: 94c903dc14a0950c1299dffe416a7b5efe513b2c 8 | blobstore_id: 07034dbc-67ba-4b15-4b7b-b46b33e11962 9 | sha1: 05056e445c534ab4b8c425d698ca1d1e6f8716e6 10 | format-version: "2" 11 | -------------------------------------------------------------------------------- /.final_builds/jobs/routes/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 3f8003146a2773658f4a1574d2fba9c9f8f85372: 3 | version: 3f8003146a2773658f4a1574d2fba9c9f8f85372 4 | blobstore_id: 2a20a158-b3cd-4f4c-acb1-60bc21df3285 5 | sha1: 88525363b2e608fd1cbf4d92726e93cd4bce3e2a 6 | 95bd9711265f97087bb4becb819a000b36d2a925: 7 | version: 95bd9711265f97087bb4becb819a000b36d2a925 8 | blobstore_id: eab77495-1587-4ed1-4c70-75455d0015d6 9 | sha1: 2c327987ce7ad83f9a4238653034ae5fb2f2127e 10 | format-version: "2" 11 | -------------------------------------------------------------------------------- /.final_builds/jobs/set_mtu/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 1cb4695d5ae56239858120a10e7ed379e85a376b: 3 | version: 1cb4695d5ae56239858120a10e7ed379e85a376b 4 | blobstore_id: 3a3be4bc-26d3-45ea-5998-8d86e502e764 5 | sha1: b37e45cda51c24afaf9ef5ca1bb852d32a122165 6 | 88924042e741282f43925fe0101aa6909b4d6226: 7 | version: 88924042e741282f43925fe0101aa6909b4d6226 8 | blobstore_id: 840b1972-fe91-4284-bf28-8596c1190d26 9 | sha1: bd54e0e0e661b0bd42e2e26ba6726971c41d2eb5 10 | format-version: "2" 11 | -------------------------------------------------------------------------------- /.final_builds/jobs/multi_home/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 2cf9f7ffcbff85ea9ca4b2b3618b046e0a6c6021: 3 | version: 2cf9f7ffcbff85ea9ca4b2b3618b046e0a6c6021 4 | blobstore_id: 3d83d7a9-03fb-4c39-75e0-089c6e790b24 5 | sha1: 618d11bef93c14ba10f0a3d1f24fd8b3601bb992 6 | 32b7a39c61295c7e090b25e51bdf0a0231937cc2: 7 | version: 32b7a39c61295c7e090b25e51bdf0a0231937cc2 8 | blobstore_id: 1e099776-ee95-4489-8f71-1386b793ef90 9 | sha1: 0d31287642021d4ff80027ef7be355c94fc0353d 10 | format-version: "2" 11 | -------------------------------------------------------------------------------- /.final_builds/jobs/port_forwarding/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 1b107f3f2648c62682b421502a7373858ed59b26: 3 | version: 1b107f3f2648c62682b421502a7373858ed59b26 4 | blobstore_id: 32241789-f2ba-4a8d-716a-2dde3380ba07 5 | sha1: f2968788dac496ec642863111280327c837633fa 6 | 5aabd177721a3e8b31008cc80644f1d1c8c16667: 7 | version: 5aabd177721a3e8b31008cc80644f1d1c8c16667 8 | blobstore_id: 0dff7847-1c75-404a-a72a-16bc3961ea93 9 | sha1: c0d537ac87e378349db33ea447a1ace472d39ca5 10 | format-version: "2" 11 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015-Present CloudFoundry.org Foundation, Inc. All Rights Reserved. 2 | 3 | This project contains software that is Copyright (c) 2014-2015 Pivotal Software, Inc. 4 | 5 | This project is licensed to you under the Apache License, Version 2.0 (the "License"). 6 | You may not use this project except in compliance with the License. 7 | 8 | This project may include a number of subcomponents with separate copyright notices 9 | and license terms. Your use of these subcomponents is subject to the terms and 10 | conditions of the subcomponent's license, as noted in the LICENSE file. 11 | -------------------------------------------------------------------------------- /jobs/port_forwarding/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: port_forwarding 3 | 4 | packages: [] 5 | 6 | templates: 7 | bin/ctl: bin/ctl 8 | bin/forward_ports.sh.erb: bin/forward_ports.sh 9 | bin/unforward_ports.sh.erb: bin/unforward_ports.sh 10 | 11 | properties: 12 | networking.port_forwarding: 13 | description: "List of rules that describes the ports to be forwarded. Defaults `internal_ip` to '127.0.0.1'." 14 | default: [] 15 | example: 16 | - external_port: 80 17 | internal_ip: 10.10.0.34 18 | internal_port: 8080 19 | - external_port: 443 20 | internal_ip: 10.10.0.34 21 | internal_port: 4443 22 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Pull requests are welcome! 4 | 5 | ## Contributor License Agreement 6 | 7 | Follow these steps to make a contribution to any of CF open source repositories: 8 | 9 | 1. Ensure that you have completed our CLA Agreement for 10 | [individuals](http://cloudfoundry.org/pdfs/CFF_Individual_CLA.pdf) or 11 | [corporations](http://cloudfoundry.org/pdfs/CFF_Corporate_CLA.pdf). 12 | 13 | 1. Set your name and email (these should match the information on your submitted CLA) 14 | 15 | git config --global user.name "Firstname Lastname" 16 | git config --global user.email "your_email@example.com" 17 | -------------------------------------------------------------------------------- /jobs/port_forwarding/templates/bin/ctl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e -u 4 | 5 | LOG_DIR=/var/vcap/sys/log/port_forwarding 6 | RUN_DIR=/var/vcap/sys/run/port_forwarding 7 | 8 | mkdir -p $RUN_DIR $LOG_DIR 9 | 10 | exec >>$LOG_DIR/stdout.log 2>&1 11 | 12 | case $1 in 13 | 14 | start) 15 | echo -n "Applying iptables rules for port forwarding" 16 | /var/vcap/jobs/port_forwarding/bin/forward_ports.sh 17 | touch $RUN_DIR/port_forwarding.check 18 | ;; 19 | 20 | stop) 21 | echo -n "Removing iptables rules for port forwarding" 22 | /var/vcap/jobs/port_forwarding/bin/unforward_ports.sh 23 | rm -f $RUN_DIR/port_forwarding.check 24 | ;; 25 | *) 26 | 27 | esac 28 | 29 | exit 0 30 | -------------------------------------------------------------------------------- /jobs/iptables/templates/bin/enable.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | function setup_chain { 6 | table=$1 7 | orig_chain=$2 8 | target_chain=$3 9 | 10 | if ! iptables -t "${table}" -L "${target_chain}" >/dev/null 2>&1; then 11 | iptables -t "${table}" -N "${target_chain}" 12 | fi 13 | 14 | if ! iptables -t "${table}" -C "${orig_chain}" -j "${target_chain}" 2>/dev/null; then 15 | iptables -t "${table}" -A "${orig_chain}" -j "${target_chain}" 16 | fi 17 | } 18 | 19 | <% p("iptables").each do |table, chains| 20 | chains.each do |chain, rules| %> 21 | 22 | setup_chain "<%= table %>" "<%= chain %>" "pfbr-custom-<%= chain %>" 23 | 24 | <% rules.each do |rule| %> 25 | iptables -t "${table}" -A "pfbr-custom-<%= chain %>" <%= rule %> 26 | <% end %> 27 | 28 | <% end %> 29 | <% end %> 30 | -------------------------------------------------------------------------------- /releases/networking/networking-6.yml: -------------------------------------------------------------------------------- 1 | --- 2 | packages: [] 3 | jobs: 4 | - name: gateway 5 | version: f3485630b99f1e00b311e861c97a1ac3d18dc44e 6 | fingerprint: f3485630b99f1e00b311e861c97a1ac3d18dc44e 7 | sha1: 59ed18f91c72507cde393f90b78b4f73e3e37df5 8 | - name: nat 9 | version: 46475809128ee30cf7c3829bbbc15906ea9a1f9f 10 | fingerprint: 46475809128ee30cf7c3829bbbc15906ea9a1f9f 11 | sha1: 32d635e44f6725688c4b5e81747456364ee1e394 12 | - name: routes 13 | version: 3f8003146a2773658f4a1574d2fba9c9f8f85372 14 | fingerprint: 3f8003146a2773658f4a1574d2fba9c9f8f85372 15 | sha1: 88525363b2e608fd1cbf4d92726e93cd4bce3e2a 16 | license: 17 | version: b05c781702eb7beb67f8590ba3b577efb5c5a575 18 | fingerprint: b05c781702eb7beb67f8590ba3b577efb5c5a575 19 | sha1: 66c47e39720a8527bee9289e78d8c998fb193a87 20 | commit_hash: 11b4e4e2 21 | uncommitted_changes: true 22 | name: networking 23 | version: '6' 24 | -------------------------------------------------------------------------------- /jobs/routes/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: routes 3 | 4 | packages: [] 5 | 6 | templates: 7 | bin/routes_ctl.erb: bin/routes_ctl 8 | 9 | properties: 10 | networking.routes: 11 | description: "List of routes to be added" 12 | example: 13 | - net: 10.9.9.0 # the destination network 14 | host: # the destination host 15 | netmask: 255.255.255.0 # when adding a network route, the netmask to be used 16 | gateway: 10.10.0.2 # route packets via a gateway. 17 | metric: # the metric field in the routing table to M. 18 | mss: # the TCP Maximum Segment Size (MSS) for connections over this route to M bytes 19 | window: # the TCP window size for connections over this route to W bytes 20 | irtt: # the initial round trip time (irtt) for TCP connections over this route to I milliseconds (1-12000) 21 | interface: eth1 # force the route to be associated with the specified device 22 | -------------------------------------------------------------------------------- /releases/networking/networking-7.yml: -------------------------------------------------------------------------------- 1 | --- 2 | packages: [] 3 | jobs: 4 | - name: gateway 5 | version: f3485630b99f1e00b311e861c97a1ac3d18dc44e 6 | fingerprint: f3485630b99f1e00b311e861c97a1ac3d18dc44e 7 | sha1: 59ed18f91c72507cde393f90b78b4f73e3e37df5 8 | - name: nat 9 | version: 46475809128ee30cf7c3829bbbc15906ea9a1f9f 10 | fingerprint: 46475809128ee30cf7c3829bbbc15906ea9a1f9f 11 | sha1: 32d635e44f6725688c4b5e81747456364ee1e394 12 | - name: routes 13 | version: 3f8003146a2773658f4a1574d2fba9c9f8f85372 14 | fingerprint: 3f8003146a2773658f4a1574d2fba9c9f8f85372 15 | sha1: 88525363b2e608fd1cbf4d92726e93cd4bce3e2a 16 | - name: set_mtu 17 | version: 88924042e741282f43925fe0101aa6909b4d6226 18 | fingerprint: 88924042e741282f43925fe0101aa6909b4d6226 19 | sha1: bd54e0e0e661b0bd42e2e26ba6726971c41d2eb5 20 | license: 21 | version: b05c781702eb7beb67f8590ba3b577efb5c5a575 22 | fingerprint: b05c781702eb7beb67f8590ba3b577efb5c5a575 23 | sha1: 66c47e39720a8527bee9289e78d8c998fb193a87 24 | commit_hash: 0327ad55 25 | uncommitted_changes: true 26 | name: networking 27 | version: '7' 28 | -------------------------------------------------------------------------------- /jobs/port_forwarding/templates/bin/forward_ports.sh.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | CHAIN="portforwarding-release" 4 | 5 | function forward_exists { 6 | set -e 7 | chain=$1 8 | iptables -t nat -C ${chain} -j ${CHAIN} 2>/dev/null 9 | } 10 | 11 | if ! iptables -t nat -L ${CHAIN} >/dev/null 2>&1; then 12 | iptables -t nat -N ${CHAIN} 13 | fi 14 | 15 | if ! forward_exists PREROUTING; then 16 | iptables -t nat -A PREROUTING -j ${CHAIN} 17 | fi 18 | 19 | if ! forward_exists OUTPUT; then 20 | iptables -t nat -A OUTPUT -j ${CHAIN} 21 | fi 22 | 23 | iptables -F ${CHAIN} || true 24 | 25 | # Reset in case when there is no localhost routing 26 | sysctl net.ipv4.conf.all.route_localnet=0 27 | 28 | <% p("networking.port_forwarding").each do |rule| %> 29 | <% external_port = rule['external_port'] || raise("Expected non-empty 'external_port' on '#{rule.inspect}' rule") %> 30 | <% internal_ip = rule['internal_ip'] || "127.0.0.1" %> 31 | <% internal_port = rule['internal_port'] || raise("Expected non-empty 'internal_port' on '#{rule.inspect}' rule") %> 32 | 33 | sudo iptables -t nat -A portforwarding-release -p tcp --dport <%= external_port %> -j DNAT --to <%= internal_ip %>:<%= internal_port %> 34 | 35 | <% if internal_ip == "127.0.0.1" %> 36 | sysctl net.ipv4.conf.all.route_localnet=1 37 | <% end %> 38 | <% end %> 39 | -------------------------------------------------------------------------------- /releases/networking/networking-8.yml: -------------------------------------------------------------------------------- 1 | --- 2 | packages: [] 3 | jobs: 4 | - name: gateway 5 | version: f3485630b99f1e00b311e861c97a1ac3d18dc44e 6 | fingerprint: f3485630b99f1e00b311e861c97a1ac3d18dc44e 7 | sha1: 59ed18f91c72507cde393f90b78b4f73e3e37df5 8 | - name: multi_home 9 | version: 32b7a39c61295c7e090b25e51bdf0a0231937cc2 10 | fingerprint: 32b7a39c61295c7e090b25e51bdf0a0231937cc2 11 | sha1: 0d31287642021d4ff80027ef7be355c94fc0353d 12 | - name: nat 13 | version: 46475809128ee30cf7c3829bbbc15906ea9a1f9f 14 | fingerprint: 46475809128ee30cf7c3829bbbc15906ea9a1f9f 15 | sha1: 32d635e44f6725688c4b5e81747456364ee1e394 16 | - name: port_forwarding 17 | version: 5aabd177721a3e8b31008cc80644f1d1c8c16667 18 | fingerprint: 5aabd177721a3e8b31008cc80644f1d1c8c16667 19 | sha1: c0d537ac87e378349db33ea447a1ace472d39ca5 20 | - name: routes 21 | version: 3f8003146a2773658f4a1574d2fba9c9f8f85372 22 | fingerprint: 3f8003146a2773658f4a1574d2fba9c9f8f85372 23 | sha1: 88525363b2e608fd1cbf4d92726e93cd4bce3e2a 24 | - name: set_mtu 25 | version: 88924042e741282f43925fe0101aa6909b4d6226 26 | fingerprint: 88924042e741282f43925fe0101aa6909b4d6226 27 | sha1: bd54e0e0e661b0bd42e2e26ba6726971c41d2eb5 28 | license: 29 | version: b05c781702eb7beb67f8590ba3b577efb5c5a575 30 | fingerprint: b05c781702eb7beb67f8590ba3b577efb5c5a575 31 | sha1: 66c47e39720a8527bee9289e78d8c998fb193a87 32 | commit_hash: 2d9b32f1 33 | uncommitted_changes: true 34 | name: networking 35 | version: '8' 36 | -------------------------------------------------------------------------------- /releases/networking/networking-9.yml: -------------------------------------------------------------------------------- 1 | name: networking 2 | version: "9" 3 | commit_hash: 373b61e 4 | uncommitted_changes: false 5 | packages: [] 6 | jobs: 7 | - name: gateway 8 | version: 4c017076625ffc4b0ec9b61996b46f9086e800a7 9 | fingerprint: 4c017076625ffc4b0ec9b61996b46f9086e800a7 10 | sha1: 0803d1d085b7f7aac7b7a7de52f9b30095d11aff 11 | - name: iptables 12 | version: fa4165f10ad596327915f64de5587649fa68ba71 13 | fingerprint: fa4165f10ad596327915f64de5587649fa68ba71 14 | sha1: 275aeef7218679794663cf9eba8db1f773b2b6fc 15 | - name: multi_home 16 | version: 2cf9f7ffcbff85ea9ca4b2b3618b046e0a6c6021 17 | fingerprint: 2cf9f7ffcbff85ea9ca4b2b3618b046e0a6c6021 18 | sha1: 618d11bef93c14ba10f0a3d1f24fd8b3601bb992 19 | - name: nat 20 | version: 94c903dc14a0950c1299dffe416a7b5efe513b2c 21 | fingerprint: 94c903dc14a0950c1299dffe416a7b5efe513b2c 22 | sha1: 05056e445c534ab4b8c425d698ca1d1e6f8716e6 23 | - name: port_forwarding 24 | version: 1b107f3f2648c62682b421502a7373858ed59b26 25 | fingerprint: 1b107f3f2648c62682b421502a7373858ed59b26 26 | sha1: f2968788dac496ec642863111280327c837633fa 27 | - name: routes 28 | version: 95bd9711265f97087bb4becb819a000b36d2a925 29 | fingerprint: 95bd9711265f97087bb4becb819a000b36d2a925 30 | sha1: 2c327987ce7ad83f9a4238653034ae5fb2f2127e 31 | - name: set_mtu 32 | version: 1cb4695d5ae56239858120a10e7ed379e85a376b 33 | fingerprint: 1cb4695d5ae56239858120a10e7ed379e85a376b 34 | sha1: b37e45cda51c24afaf9ef5ca1bb852d32a122165 35 | license: 36 | version: b05c781702eb7beb67f8590ba3b577efb5c5a575 37 | fingerprint: b05c781702eb7beb67f8590ba3b577efb5c5a575 38 | sha1: 66c47e39720a8527bee9289e78d8c998fb193a87 39 | -------------------------------------------------------------------------------- /jobs/gateway/templates/bin/gateway_ctl.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e # exit immediately if a simple command exits with a non-zero status 4 | mkdir -p /var/vcap/sys/{log,run}/gateway 5 | exec 1>> /var/vcap/sys/log/gateway/gateway.out.log 6 | exec 2>> /var/vcap/sys/log/gateway/gateway.err.log 7 | 8 | lookup_hostname() { 9 | if [[ ${1} =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then 10 | echo ${1} 11 | else 12 | ip=$(dig +short ${1}) 13 | if [ -n "${ip}" ]; then 14 | echo ${ip} 15 | fi 16 | fi 17 | } 18 | 19 | list_default_gateway() { 20 | echo "*** $(date) Current default gateways:" 21 | set +e 22 | /sbin/ip route show | grep default 23 | set -e 24 | } 25 | 26 | update_default_gateway() { 27 | list_default_gateway 28 | 29 | echo "*** $(date) ${1} default gateway:" 30 | gateway=$(lookup_hostname ${2}) 31 | if [ -n "${gateway}" ];then 32 | set +e 33 | /sbin/route --verbose ${1} default gw ${gateway} 34 | set -e 35 | else 36 | echo "Could not resolve hostname ${2}" 37 | return 1 38 | fi 39 | 40 | list_default_gateway 41 | } 42 | 43 | case $1 in 44 | 45 | start) 46 | echo "****** $(date) ${0} start" 47 | 48 | # Update default gateway 49 | update_default_gateway add <%= p('networking.gateway.default') %> 50 | 51 | # Create check file 52 | touch /var/vcap/sys/run/gateway/gateway.check 53 | ;; 54 | 55 | stop) 56 | echo "****** $(date) ${0} stop" 57 | 58 | # Update default gateway 59 | update_default_gateway del <%= p('networking.gateway.default') %> 60 | 61 | # Remove check file 62 | rm /var/vcap/sys/run/gateway/gateway.check 63 | ;; 64 | 65 | status) 66 | echo "****** $(date) ${0} status" 67 | 68 | # List default gateway 69 | list_default_gateway 70 | ;; 71 | 72 | *) 73 | echo "Usage: $0 {start|stop|status}" 74 | exit 1 75 | ;; 76 | 77 | esac 78 | exit 0 79 | -------------------------------------------------------------------------------- /jobs/nat/templates/bin/nat_ctl.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e # exit immediately if a simple command exits with a non-zero status 4 | mkdir -p /var/vcap/sys/{log,run}/nat 5 | exec 1>> /var/vcap/sys/log/nat/nat.out.log 6 | exec 2>> /var/vcap/sys/log/nat/nat.err.log 7 | 8 | list_ip_forwarding() { 9 | ip_forwarding=$(cat /proc/sys/net/ipv4/ip_forward) 10 | echo "*** $(date) Current ip forwarding status: ${ip_forwarding}" 11 | } 12 | 13 | update_ip_forwarding() { 14 | list_ip_forwarding 15 | 16 | echo "*** $(date) Updating ip forwarding with: ${1}" 17 | echo ${1} > /proc/sys/net/ipv4/ip_forward 18 | 19 | list_ip_forwarding 20 | } 21 | 22 | list_iptable_rules() { 23 | echo "*** $(date) Current iptable rules:" 24 | /sbin/iptables --verbose --list 25 | /sbin/iptables --verbose --list --table nat 26 | } 27 | 28 | update_iptable_rules() { 29 | list_iptable_rules 30 | 31 | echo "*** $(date) ${1} iptable rules:" 32 | set +e 33 | /sbin/iptables --verbose \ 34 | --${1} POSTROUTING \ 35 | --table nat \ 36 | --out-interface <%= p('networking.nat.out_interface') %> \ 37 | --jump MASQUERADE 38 | /sbin/iptables --verbose \ 39 | --${1} FORWARD \ 40 | --in-interface <%= p('networking.nat.out_interface') %> \ 41 | --out-interface <%= p('networking.nat.in_interface') %> \ 42 | --match state --state RELATED,ESTABLISHED \ 43 | --jump ACCEPT 44 | /sbin/iptables --verbose \ 45 | --${1} FORWARD \ 46 | --in-interface <%= p('networking.nat.in_interface') %> \ 47 | --out-interface <%= p('networking.nat.out_interface') %> \ 48 | --jump ACCEPT 49 | set -e 50 | 51 | list_iptable_rules 52 | } 53 | 54 | case $1 in 55 | 56 | start) 57 | echo "****** $(date) ${0} start" 58 | 59 | # Enable IP forwarding 60 | update_ip_forwarding 1 61 | 62 | # Enable iptable rules 63 | update_iptable_rules 'append' 64 | 65 | # Create check file 66 | touch /var/vcap/sys/run/nat/nat.check 67 | ;; 68 | 69 | stop) 70 | echo "****** $(date) ${0} stop" 71 | 72 | # Disable iptable rules 73 | update_iptable_rules 'delete' 74 | 75 | # Disable IP forwarding 76 | update_ip_forwarding 0 77 | 78 | # Remove check file 79 | rm /var/vcap/sys/run/nat/nat.check 80 | ;; 81 | 82 | status) 83 | echo "****** $(date) ${0} status" 84 | 85 | # List ip forwarding status 86 | list_ip_forwarding 87 | 88 | # List iptable rules 89 | list_iptable_rules 90 | ;; 91 | 92 | *) 93 | echo "Usage: ${0} {start|stop|status}" 94 | exit 1 95 | ;; 96 | 97 | esac 98 | exit 0 99 | -------------------------------------------------------------------------------- /jobs/routes/templates/bin/routes_ctl.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e # exit immediately if a simple command exits with a non-zero status 4 | mkdir -p /var/vcap/sys/{log,run}/routes 5 | exec 1>> /var/vcap/sys/log/routes/routes.out.log 6 | exec 2>> /var/vcap/sys/log/routes/routes.err.log 7 | 8 | list_routes() { 9 | echo "*** $(date) Current routes:" 10 | /sbin/route --verbose --numeric 11 | } 12 | 13 | update_routes() { 14 | list_routes 15 | 16 | echo "*** $(date) ${1} route:" 17 | set +e 18 | /sbin/route --verbose ${1} ${2} 19 | set -e 20 | 21 | list_routes 22 | } 23 | 24 | case $1 in 25 | 26 | start) 27 | echo "****** $(date) ${0} start" 28 | 29 | <% p('networking.routes', []).each do |route| 30 | route_command = "" 31 | route_command += " -net #{route['net']}" if route['net'] 32 | route_command += " -host #{route['host']}" if route['host'] 33 | route_command += " netmask #{route['netmask']}" if route['netmask'] 34 | route_command += " gw #{route['gateway']}" if route['gateway'] 35 | route_command += " metric #{route['metric']}" if route['metric'] 36 | route_command += " mss #{route['mss']}" if route['mss'] 37 | route_command += " window #{route['window']}" if route['window'] 38 | route_command += " irtt #{route['irtt']}" if route['irtt'] 39 | route_command += " dev #{route['interface']}" if route['interface'] 40 | %> 41 | # Add route 42 | update_routes add "<%= route_command %>" 43 | <% end %> 44 | 45 | # Create check file 46 | touch /var/vcap/sys/run/routes/routes.check 47 | ;; 48 | 49 | stop) 50 | echo "****** $(date) ${0} stop" 51 | 52 | <% p('networking.routes', []).each do |route| 53 | route_command = "" 54 | route_command += " -net #{route['net']}" if route['net'] 55 | route_command += " -host #{route['host']}" if route['host'] 56 | route_command += " netmask #{route['netmask']}" if route['netmask'] 57 | route_command += " gw #{route['gateway']}" if route['gateway'] 58 | route_command += " metric #{route['metric']}" if route['metric'] 59 | route_command += " mss #{route['mss']}" if route['mss'] 60 | route_command += " window #{route['window']}" if route['window'] 61 | route_command += " irtt #{route['irtt']}" if route['irtt'] 62 | route_command += " dev #{route['interface']}" if route['interface'] 63 | %> 64 | # Delete route 65 | update_routes del "<%= route_command %>" 66 | <% end %> 67 | 68 | # Remove check file 69 | rm /var/vcap/sys/run/routes/routes.check 70 | ;; 71 | 72 | status) 73 | echo "****** $(date) ${0} status" 74 | 75 | # List routes 76 | list_routes 77 | ;; 78 | 79 | *) 80 | echo "Usage: $0 {start|stop|status}" 81 | exit 1 82 | ;; 83 | 84 | esac 85 | exit 0 86 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CF-BOSH Release containing several jobs to configure VM networking 2 | 3 | This [BOSH](http://bosh.io/) release contains several jobs to help you configure VMs with 4 | special networking properties: 5 | 6 | * [Gateway](jobs/gateway): allows to add a [default gateway](http://en.wikipedia.org/wiki/Default_gateway) to your vms 7 | * [NAT](jobs/nat): allows to create a [NAT](http://en.wikipedia.org/wiki/Network_address_translation) vm using [iptables](http://en.wikipedia.org/wiki/Iptables) 8 | * [Routes](jobs/routes): allows to add [IP routes](http://en.wikipedia.org/wiki/Routing_table) to your vms 9 | * [MTU](jobs/set_mtu): allows to override [MTU](https://en.wikipedia.org/wiki/Maximum_transmission_unit) on your vms 10 | 11 | ## Usage 12 | 13 | ### Add the release to your BOSH deployment manifest 14 | 15 | Add the networking release jobs and properties to your BOSH deployment manifest: 16 | 17 | ```yaml 18 | releases: 19 | - name: cf 20 | version: latest 21 | - name: networking # + 22 | version: latest # + 23 | ... 24 | instance_groups: 25 | - name: haproxy 26 | jobs: 27 | - name: nat # + 28 | release: networking # + 29 | properties: # + 30 | networking.nat: # + 31 | in_interface: eth0 # + 32 | out_interface: eth1 # + 33 | - name: haproxy 34 | release: cf 35 | networks: 36 | - name: default 37 | default: [dns, gateway] 38 | - name: public 39 | static_ips: 40 | - 1.2.3.4 41 | - name: router 42 | jobs: 43 | - name: gateway # + 44 | release: networking # + 45 | properties: # + 46 | networking.gateway: # + 47 | default: 0.haproxy.default.cf.microbosh # + 48 | - name: routes # + 49 | release: networking # + 50 | properties: # + 51 | networking.routes: # + 52 | - net: 192.168.1.0 # + 53 | netmask: 255.255.255.224 # + 54 | interface: eth0 # + 55 | gateway: 10.9.9.1 # + 56 | - name: port_forwarding # + 57 | release: networking # + 58 | properties: # + 59 | networking: 60 | port_forwarding: # + 61 | - external_port: 9200 # + 62 | internal_ip: 1.2.3.10 # + 63 | internal_port: 9200 # + 64 | - external_port: 9292 # + 65 | internal_ip: 1.2.3.11 # + 66 | internal_port: 9292 # + 67 | - name: gorouter 68 | release: cf 69 | ``` 70 | 71 | ## References 72 | 73 | Based on the [Rakuten BOSH routing release](https://github.com/rakutentech/bosh-routing-release). 74 | 75 | ## License 76 | 77 | Apache License Version 2.0 - see [LICENSE](LICENSE) for details. 78 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [2014] [Pivotal Software, Inc] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | --------------------------------------------------------------------------------