From: Dimitris Aragiorgis <dimara@grnet.gr>
Date: Thu, 10 May 2012 14:31:06 +0000 (+0300)
Subject: Automate config via hooks
X-Git-Tag: 0.14.1~60
X-Git-Url: https://code.grnet.gr/git/snf-network/commitdiff_plain/6e257ba885e94d1285f4f4fb42f2a94c3761197c

Automate config via hooks

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
---

diff --git a/conf/infra.conf b/conf/infra.conf
index 3cd5aee..b7228cb 100644
--- a/conf/infra.conf
+++ b/conf/infra.conf
@@ -1,7 +1,16 @@
-ROUTER=dev88
-MAC_MASK=ff:ff:ff:0:0:0
-
-PUBLIC_VLAN=eth0.201
+# Generic case
+# iface where all tap will be bridged
 PUBLIC_BRIDGE=
-PRIVATE_VLAN=eth0.2990
+
+# GRNET specific configuration 
+# one vlan for IP less/proxy ARP routing of public IPs 
+PUBLIC_VLAN_ID=201
+# one vlan for private lans
+PRIVATE_VLAN_ID=2990
 PRIVATE_BRIDGE=br2990
+
+# in case of private lans mac prefix is used for isolation
+MAC_MASK=ff:ff:ff:0:0:0
+
+# whether ganeti nodes will do masquerading for private networks
+ENABLE_MASQ=false
diff --git a/hooks/cluster-init-post.d/snf-network b/hooks/cluster-init-post.d/snf-network
new file mode 100755
index 0000000..c7b72dc
--- /dev/null
+++ b/hooks/cluster-init-post.d/snf-network
@@ -0,0 +1,30 @@
+#!/bin/bash
+# This script run in master-node after cluster init
+# Propably should run after master failover
+
+source /etc/default/snf-network
+
+source $CONF
+source $INFRA
+
+MASTERNODE=$(hostname)
+
+CLUSTERINFRA=$SHAREDDIR/infra/cluster
+
+#build subdirs in shared dir
+snf-network-enable
+
+
+cp $INFRA $CLUSTERINFRA
+
+if $ENABLE_MASQ; then
+  PUBLIC_IFACE=$(ip route | grep default | awk '{print $5}')
+  PUBLIC_MAC=$(ip link show $PUBLIC_IFACE | grep link/ether | awk '{print $2}')
+
+  echo ROUTER=$MASTERNODE >> $CLUSTERINFRA
+  echo ROUTER_MAC=$PUBLIC_MAC >> $CLUSTERINFRA
+fi
+
+snf-network-build-node-infra
+
+snf-network-configure-interfaces
diff --git a/hooks/group-modify-post.d/snf-network b/hooks/group-modify-post.d/snf-network
deleted file mode 100755
index 9ada1db..0000000
--- a/hooks/group-modify-post.d/snf-network
+++ /dev/null
@@ -1,117 +0,0 @@
-#!/bin/bash
-
-source /etc/default/snf-network
-
-source $CONF
-
-GROUP=$GANETI_GROUP_NAME
-ACTION=$GANETI_GROUP_NETWORK_ACTION
-NETWORK=$GANETI_GROUP_NETWORK_NAME
-MODE=$GANETI_GROUP_NETWORK_MODE
-LINK=$GANETI_GROUP_NETWORK_LINK
-
-HOSTNAME=$(hostname)
-
-NETFILE=$SHAREDDIR/networks/$NETWORK
-GROUPMAPFILE=$SHAREDDIR/mappings/$NETWORK-$GROUP
-NODEMAPFILE=$SHAREDDIR/mappings/$NETWORK-$HOSTNAME
-NODEINFRAFILE=$SHAREDDIR/infra/$HOSTNAME
-
-RT_TABLES=/etc/iproute2/rt_tables
-
-source $NODEINFRAFILE
-source $NETFILE
-
-if [ -z "$ACTION" ]; then
-  exit 0
-fi
-
-
-if [ "$ACTION" == "add" ]; then
-  if [ "$MODE" == "routed" ]; then 
-    VLAN=$LINK
-    TABLE=rt_$NETWORK
-    if [ "$TYPE" == "public" ]; then
-      ARP_IP=$(ipcalc $SUBNET | grep HostMax | awk '{print $2}')
-      
-      ip link set $VLAN up
-
-      echo 1 > "/proc/sys/net/ipv4/conf/$VLAN/proxy_arp"
-
-      ID=$(wc -l < $RT_TABLES)
-      echo $((ID+1)) $TABLE >> $RT_TABLES
-
-      ip rule add iif $VLAN table $TABLE
-
-      ip route add $SUBNET dev $VLAN table main 
-
-      ip route add $SUBNET dev $VLAN table $TABLE
-      ip route add default via $GATEWAY dev $VLAN table $TABLE
-      
-      echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
-
-      arptables -A OUTPUT -o $VLAN --opcode request -j mangle --mangle-ip-s  $ARP_IP 
-    fi
-  fi
-
-
-
-  if [ "$MODE" == "bridged" ]; then
-    BRIDGE=$LINK
-    if [ ! -z "$GATEWAY" ]; then
-      if [ "$TYPE" == "private" ]; then 
-        if [ "$HOSTNAME" == "$ROUTER" ]; then
-          NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}')
-          ip addr add $GATEWAY/$NETMASK dev $BRIDGE
-          iptables -t nat -A POSTROUTING -s $SUBNET \! -d 192.168.0.0/16 -j MASQUERADE
-        fi  
-      fi
-    fi
-  fi
-  
-  ln -sf $GROUPMAPFILE $NODEMAPFILE
-
-elif [ "$ACTION" == "remove" ]; then
-  if [ ! -e "$NODEMAPFILE" ]; then
-    exit 0;
-  fi
-
-  source $NODEMAPFILE
-
-  if [ "$MODE" == "routed" ]; then 
-    VLAN=$LINK
-    TABLE=rt_$NETWORK
-    if [ "$TYPE" == "public" ]; then
-      ARP_IP=$(ipcalc $SUBNET | grep HostMax | awk '{print $2}')
-    
-      arptables -D OUTPUT -o $VLAN --opcode request -j mangle --mangle-ip-s  $ARP_IP 
-
-      ip route del default via $GATEWAY dev $VLAN table $TABLE
-      ip route del $SUBNET dev $VLAN table $TABLE
-
-      ip route del $SUBNET dev $VLAN table main 
-
-      ip rule del iif $VLAN table $TABLE
-      
-      sed -i 's/.*'"$TABLE"'$//' $RT_TABLES
-    fi
-  fi
-
-
-
-  if [ "$MODE" == "bridged" ]; then
-    BRIDGE=$LINK
-    if [ ! -z "$GATEWAY" ]; then
-      if [ "$TYPE" == "private" ]; then 
-        if [ "$HOSTNAME" == "$ROUTER" ]; then
-          NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}')
-          ip addr del $GATEWAY/$NETMASK dev $BRIDGE
-          iptables -t nat -D POSTROUTING -s $SUBNET \! -d 192.168.0.0/16 -j MASQUERADE
-        fi  
-      fi
-    fi
-  fi
-  
-  rm $NODEMAPFILE
-
-fi
diff --git a/hooks/group-modify-pre.d/snf-network b/hooks/group-modify-pre.d/snf-network
deleted file mode 100755
index d45dc4c..0000000
--- a/hooks/group-modify-pre.d/snf-network
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-
-source /etc/default/snf-network
-
-source $CONF
-
-GROUP=$GANETI_GROUP_NAME
-ACTION=$GANETI_GROUP_NETWORK_ACTION
-NETWORK=$GANETI_GROUP_NETWORK_NAME
-MODE=$GANETI_GROUP_NETWORK_MODE
-LINK=$GANETI_GROUP_NETWORK_LINK
-
-GROUPMAPFILE=$SHAREDDIR/mappings/$NETWORK-$GROUP
-
-
-if [ -z "$ACTION" ]; then
-  exit 0
-fi
-
-if [ "$ACTION" == "add" ]; then
-  cat > $GROUPMAPFILE <<EOF
-MODE=$MODE
-LINK=$LINK
-EOF
-fi
diff --git a/hooks/network-connect-post.d/snf-network b/hooks/network-connect-post.d/snf-network
new file mode 100755
index 0000000..631690e
--- /dev/null
+++ b/hooks/network-connect-post.d/snf-network
@@ -0,0 +1,69 @@
+#!/bin/bash
+
+source /etc/default/snf-network
+
+source $CONF
+
+GROUP=$GANETI_GROUP_NAME
+NETWORK=$GANETI_GROUP_NETWORK_NAME
+MODE=$GANETI_GROUP_NETWORK_MODE
+LINK=$GANETI_GROUP_NETWORK_LINK
+
+HOSTNAME=$(hostname)
+
+NETFILE=$SHAREDDIR/networks/$NETWORK
+NODEMAPFILE=$SHAREDDIR/mappings/$NETWORK-$HOSTNAME
+NODEINFRAFILE=$SHAREDDIR/infra/$HOSTNAME
+
+RT_TABLES=/etc/iproute2/rt_tables
+
+cat > $NODEMAPFILE <<EOF
+MODE=$MODE
+LINK=$LINK
+EOF
+
+
+source $NODEINFRAFILE
+source $NETFILE
+
+if [ "$MODE" == "routed" ]; then 
+  VLAN=$LINK
+  TABLE=rt_$NETWORK
+  if [ "$TYPE" == "public" ]; then
+    ARP_IP=$(ipcalc $SUBNET | grep HostMax | awk '{print $2}')
+    
+    ip link set $VLAN up
+
+    echo 1 > "/proc/sys/net/ipv4/conf/$VLAN/proxy_arp"
+
+    ID=$(wc -l < $RT_TABLES)
+    echo $((ID+1)) $TABLE >> $RT_TABLES
+
+    ip rule add iif $VLAN table $TABLE
+
+    ip route add $SUBNET dev $VLAN table main 
+
+    ip route add $SUBNET dev $VLAN table $TABLE
+    ip route add default via $GATEWAY dev $VLAN table $TABLE
+    
+    echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
+
+    arptables -A OUTPUT -o $VLAN --opcode request -j mangle --mangle-ip-s  $ARP_IP 
+  fi
+fi
+
+
+
+if [ "$MODE" == "bridged" ]; then
+  BRIDGE=$LINK
+  if [ ! -z "$GATEWAY" -a $ENABLE_MASQ ]; then
+    if [ "$TYPE" == "private" ]; then 
+      if [ "$HOSTNAME" == "$ROUTER" ]; then
+        NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}')
+        ip addr add $GATEWAY/$NETMASK dev $BRIDGE
+        iptables -t nat -A POSTROUTING -s $SUBNET \! -d 192.168.0.0/16 -j MASQUERADE
+      fi  
+    fi
+  fi
+fi
+
diff --git a/hooks/network-disconnect-post.d/snf-network b/hooks/network-disconnect-post.d/snf-network
new file mode 100755
index 0000000..6c121e8
--- /dev/null
+++ b/hooks/network-disconnect-post.d/snf-network
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+source /etc/default/snf-network
+
+source $CONF
+
+NETWORK=$GANETI_GROUP_NETWORK_NAME
+MODE=$GANETI_GROUP_NETWORK_MODE
+LINK=$GANETI_GROUP_NETWORK_LINK
+
+HOSTNAME=$(hostname)
+
+NETFILE=$SHAREDDIR/networks/$NETWORK
+NODEMAPFILE=$SHAREDDIR/mappings/$NETWORK-$HOSTNAME
+NODEINFRAFILE=$SHAREDDIR/infra/$HOSTNAME
+CLUSTERINFRAFILE=$SHAREDDIR/infra/cluster
+
+RT_TABLES=/etc/iproute2/rt_tables
+
+source $NODEINFRAFILE
+source $CLUSTERINFRAFILE
+source $NETFILE
+source $NODEMAPFILE
+
+if [ "$MODE" == "routed" ]; then 
+  VLAN=$LINK
+  TABLE=rt_$NETWORK
+  if [ "$TYPE" == "public" ]; then
+    ARP_IP=$(ipcalc $SUBNET | grep HostMax | awk '{print $2}')
+  
+    arptables -D OUTPUT -o $VLAN --opcode request -j mangle --mangle-ip-s  $ARP_IP 
+
+    ip route del default via $GATEWAY dev $VLAN table $TABLE
+    ip route del $SUBNET dev $VLAN table $TABLE
+
+    ip route del $SUBNET dev $VLAN table main 
+
+    ip rule del iif $VLAN table $TABLE
+    
+    sed -i 's/.*'"$TABLE"'$//' $RT_TABLES
+  fi
+fi
+
+
+
+if [ "$MODE" == "bridged" ]; then
+  BRIDGE=$LINK
+  if [ ! -z "$GATEWAY" -a $ENABLE_MASQ]; then
+    if [ "$TYPE" == "private" ]; then 
+      if [ "$HOSTNAME" == "$ROUTER" ]; then
+        NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}')
+        ip addr del $GATEWAY/$NETMASK dev $BRIDGE
+        iptables -t nat -D POSTROUTING -s $SUBNET \! -d 192.168.0.0/16 -j MASQUERADE
+      fi  
+    fi
+  fi
+fi
+
+rm $NODEMAPFILE
diff --git a/hooks/node-add-post.d/snf-network b/hooks/node-add-post.d/snf-network
index 5c69029..7306152 100755
--- a/hooks/node-add-post.d/snf-network
+++ b/hooks/node-add-post.d/snf-network
@@ -6,9 +6,6 @@ source $CONF
 
 
 NODE=$GANETI_NODE_NAME
-GROUP=$GANETI_GROUP_NAME
-
-GROUPINFRA=$SHAREDDIR/infra/$GROUP
 
 HOSTNAME=$(hostname)
 
@@ -16,12 +13,8 @@ if [ "$HOSTNAME" != "$NODE" ]; then
   exit 0
 fi
 
-snf-network-enable
-
-cd $SHAREDDIR/infra
 
-unconfigure-interfaces
+snf-network-build-node-infra
 
-ln -sf $GROUP $NODE
+snf-network-configure-interfaces
 
-configure-interfaces
diff --git a/kvm-vif-bridge b/kvm-vif-bridge
index c8b8575..2c398cb 100755
--- a/kvm-vif-bridge
+++ b/kvm-vif-bridge
@@ -141,7 +141,7 @@ function setup_ebtables {
   #accept dhcp responses from host (nfdhcpd)
   ebtables -A $TO -p ipv4 --ip-protocol=udp  --ip-destination-port=68 -j ACCEPT
   if [ "$TYPE" == "private" ]; then
-    if [ ! -z "$GATEWAY" ]; then
+    if [ ! -z "$GATEWAY" -a $ENABLE_MASQ ]; then
       # allow packets from/to router (for masquerading
       ebtables -A $TO -s $ROUTER_MAC -j ACCEPT
       ebtables -A INPUT -i $TAP -j $FROM
@@ -164,8 +164,14 @@ if [ -e "$NODEINFRAFILE" ]; then
   source $NODEINFRAFILE
 fi
 
+CLUSTERINFRAFILE=$SHAREDDIR/infra/cluster
+
+if [ -e "$CLUSTERINFRAFILE" ]; then
+  source $CLUSTERINFRAFILE
+fi
 
 NETFILE=$SHAREDDIR/networks/$NETWORK
+
 if [ -e "$NETFILE" ]; then
   source $NETFILE
 fi
diff --git a/snf-network-add-group b/snf-network-add-group
deleted file mode 100755
index 75f2c21..0000000
--- a/snf-network-add-group
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/bash
-
-function get_value {
-  
-  eval def=\$$1
-  read -p "$1? [$def/none] " x
-  if [ "$x" == "none" ]; then
-    eval $1="";
-  elif [ -n "$x" ]; then 
-    eval $1="$x"; 
-  fi
-
-}
-
-
-DEFAULT=/etc/default/snf-network
-
-source $DEFAULT
-source $CONF
-source $INFRA
-
-NODEGROUP=$1
-
-
-if [ $# -ne 2 ]; then
-  echo Usage: snf-network-add-group group_name
-  exit 1
-fi
-
-FILE=$SHAREDDIR/infra/$NODEGROUP
-
-snf-network-enable
-
-source $INFRA
-echo Group: $NODEGROUP
-get_value ROUTER
-get_value PUBLIC_INTERFACE
-get_value PUBLIC_BRIDGE
-get_value PUBLIC_VLAN
-get_value PRIVATE_VLAN
-get_value PRIVATE_BRIDGE
-cat > $FILE <<EOF
-ROUTER=$ROUTER
-MAC_MASK=$MAC_MASK
-PUBLIC_INTERFACE=$PUBLIC_INTERFACE
-PUBLIC_BRIDGE=$PUBLIC_BRIDGE
-PUBLIC_VLAN=$PUBLIC_VLAN
-PRIVATE_VLAN=$PRIVATE_VLAN
-PRIVATE_BRIDGE=$PRIVATE_BRIDGE
-EOF
diff --git a/snf-network-build-infra b/snf-network-build-infra
deleted file mode 100755
index cf1272e..0000000
--- a/snf-network-build-infra
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/bin/bash
-
-function get_value {
-  
-  eval def=\$$1
-  read -p "$1? [$def/none] " x
-  if [ "$x" == "none" ]; then
-    eval $1="";
-  elif [ -n "$x" ]; then 
-    eval $1="$x"; 
-  fi
-
-}
-
-
-DEFAULT=/etc/default/snf-network
-
-source $DEFAULT
-source $CONF
-source $INFRA
-source $CLUSTER
-
-if [ ! -e "$SHAREDDIR/infra/" ]; then 
-  exit 1
-fi
-
-cd  $SHAREDDIR/infra/
-
-
-for nodegroup in $NODEGROUPS; do
-  source $INFRA
-  echo Group: $nodegroup
-  get_value ROUTER
-  get_value MAC_MASK
-  get_value PUBLIC_INTERFACE
-  get_value PUBLIC_BRIDGE
-  get_value PUBLIC_VLAN
-  get_value PRIVATE_VLAN
-  get_value PRIVATE_BRIDGE
-  cat > $nodegroup <<EOF
-ROUTER=$ROUTER
-MAC_MASK=$MAC_MASK
-PUBLIC_INTERFACE=$PUBLIC_INTERFACE
-PUBLIC_BRIDGE=$PUBLIC_BRIDGE
-PUBLIC_VLAN=$PUBLIC_VLAN
-PRIVATE_VLAN=$PRIVATE_VLAN
-PRIVATE_BRIDGE=$PRIVATE_BRIDGE
-EOF
-done
-
-
-for node in $NODES; do
-  echo Node: $node
-  NODEGROUP=default
-  get_value NODEGROUP
-  ln -sf $NODEGROUP $node  
-done
diff --git a/snf-network-build-node-infra b/snf-network-build-node-infra
new file mode 100755
index 0000000..f82d81e
--- /dev/null
+++ b/snf-network-build-node-infra
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+DEFAULT=/etc/default/snf-network
+
+source $DEFAULT
+source $CONF
+source $INFRA
+
+HOSTNAME=$(hostname)
+
+HOSTINFRA=$SHAREDDIR/infra/$HOSTNAME
+CLUSTERINFRA=$SHAREDDIR/infra/cluster
+
+PUBLIC_IFACE=$(ip route | grep default | awk '{print $5}')
+PUBLIC_MAC=$(ip link show $PUBLIC_IFACE | grep link/ether | awk '{print $2}')
+
+echo PUBLIC_IFACE=$PUBLIC_IFACE > $HOSTINFRA
+echo PUBLIC_MAC=$PUBLIC_MAC >> $HOSTINFRA
+
+source $CLUSTERINFRA
+
+if [ -n "$PUBLIC_VLAN_ID" ]; then
+  PUBLIC_VLAN=$PUBLIC_IFACE.$PUBLIC_VLAN_ID
+  echo PUBLIC_VLAN=$PUBLIC_VLAN >> $HOSTINFRA
+fi
+
+if [ -n "$PRIVATE_VLAN_ID" ]; then
+  PRIVATE_VLAN=$PUBLIC_IFACE.$PRIVATE_VLAN_ID
+  echo PRIVATE_VLAN=$PRIVATE_VLAN >> $HOSTINFRA
+fi
+
diff --git a/snf-network-configure-interfaces b/snf-network-configure-interfaces
index ad00d51..680822a 100755
--- a/snf-network-configure-interfaces
+++ b/snf-network-configure-interfaces
@@ -11,15 +11,21 @@ HOSTNAME=$(hostname)
 
 INTERFACES=$SHAREDDIR/interfaces/$HOSTNAME
 HOSTINFRA=$SHAREDDIR/infra/$HOSTNAME
+CLUSTERINFRA=$SHAREDDIR/infra/cluster
 
 if [ -e "$HOSTINFRA" ]; then
   source $HOSTINFRA
 fi
 
-if [ -e /proc/sys/net/ipv4/conf/$PUBLIC_BRIDGE -o \
-     -e /proc/sys/net/ipv4/conf/$PUBLIC_VLAN  -o \ 
-     -e /proc/sys/net/ipv4/conf/$PRIVATE_VLAN -o \
-     -e /proc/sys/net/ipv4/conf/$PRIVATE_BRIDGE ]; then 
+source $CLUSTERINFRA
+
+if [ -n "$PUBLIC_BRIDGE" -a -e /proc/sys/net/ipv4/conf/$PUBLIC_BRIDGE ]; then 
+  echo Interfaces already exist! Please check: 
+  echo $PUBLIC_BRIDGE for bridging TAPs with public IPs
+  exit 1
+elif [ -n "$PUBLIC_VLAN" -a -e /proc/sys/net/ipv4/conf/$PUBLIC_VLAN -o \
+       -n "$PRIVATE_BRIDGE" -a -e /proc/sys/net/ipv4/conf/$PRIVATE_BRIDGE -o \
+       -n "$PRIVATE_VLAN" -a -e /proc/sys/net/ipv4/conf/$PRIVATE_VLAN ]; then
   echo Interfaces already exist! Please check: 
   echo $PUBLIC_BRIDGE for bridging TAPs with public IPs
   echo $PUBLIC_VLAN for routing TAPs with public IPs
@@ -28,15 +34,12 @@ if [ -e /proc/sys/net/ipv4/conf/$PUBLIC_BRIDGE -o \
 fi
 
 
-PUBLIC_INTERFACE=$(ip route | grep default | awk '{print $5}')
-PUBLIC_MAC=$(ip link show $PUBLIC_INTERFACE | grep link/ether | awk '{print $2}')
-
 
-if [ -n "$PUBLIC_BRIDGE" -a -n "$PUBLIC_INTERFACE" ]; then
+if [ -n "$PUBLIC_BRIDGE" -a -n "$PUBLIC_IFACE" ]; then
   cat > $INTERFACES<<EOF
 auto $PUBLIC_BRIDGE
 iface $PUBLIC_BRIDGE inet manual
-  bridge_ports $PUBLIC_INTERFACE
+  bridge_ports $PUBLIC_IFACE
   bridge_stp off
   bridge_fd 2
   post-up ip link set $PUBLIC_BRIDGE address $PUBLIC_MAC 
@@ -45,13 +48,16 @@ EOF
 
 else
   if [ -n "$PUBLIC_VLAN" ]; then
+    echo PUBLIC_VLAN=$PUBLIC_VLAN >> $HOSTINFRA
     cat >> $INTERFACES<<EOF
 auto $PUBLIC_VLAN
 iface $PUBLIC_VLAN inet manual
 
 EOF
+  fi
 
   if [ -n "$PRIVATE_VLAN" -a -n "$PRIVATE_BRIDGE" ]; then
+    echo PRIVATE_VLAN=$PRIVATE_VLAN >> $HOSTINFRA
     cat >> $INTERFACES<<EOF
 auto $PRIVATE_VLAN
 iface $PRIVATE_VLAN inet manual
diff --git a/snf-network-enable b/snf-network-enable
index 46b7335..4818234 100755
--- a/snf-network-enable
+++ b/snf-network-enable
@@ -14,8 +14,3 @@ if [ ! -e "$SHAREDDIR" ]; then
   mkdir $SHAREDDIR/mappings
 fi
 
-if [ -z "$(grep nfdhcpd.ferm /etc/ferm/ferm.conf)" ]; then 
-  echo @include 'nfdhcpd.ferm'; >> /etc/ferm/ferm.conf
-  /etc/init.d/ferm restart
-fi
-
diff --git a/snf-network-get-iface-mac b/snf-network-get-iface-mac
deleted file mode 100755
index cba9659..0000000
--- a/snf-network-get-iface-mac
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-if [ $# -ne 1 ]; then
-  echo "Usage: $0 interface"
-  exit 1
-fi
-
-IFACE=$1
-
-MAC=$(ip link show $IFACE | grep link/ether | awk '{print $2}')
-
-echo $MAC
diff --git a/snf-network-get-mac b/snf-network-get-mac
deleted file mode 100755
index edf010e..0000000
--- a/snf-network-get-mac
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-
-if [ $# -ne 1 ]; then
-  echo "Usage: $0 <target_node>"
-  exit 1
-fi
-
-TARGET=$1
-
-ping -c1 $TARGET > /dev/null
-
-MAC=$(arp -a | grep "$TARGET" | awk '{print $4}')
-
-echo $MAC
diff --git a/snf-network-get-public-iface b/snf-network-get-public-iface
deleted file mode 100755
index 74797d0..0000000
--- a/snf-network-get-public-iface
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-PUBLIC=$(ip route | grep default | awk '{print $5}')
-
-echo $PUBLIC
diff --git a/snf-network-reconfigure b/snf-network-reconfigure
index a6ac670..f36486a 100755
--- a/snf-network-reconfigure
+++ b/snf-network-reconfigure
@@ -4,36 +4,27 @@ source /etc/default/snf-network
 
 source $CONF
 
-if [ $# -ne 1 ]; then 
-  echo Usage: $0 add/remove
-  exit 1
-fi
-
-
-ACTION=$1
 NETWORKS="$(ls $SHAREDDIR/networks/)"
 
 HOSTNAME=$(hostname)
 
-if [ "$ACTION" == "add" ]; then
-  snf-network-configure-interfaces
-fi
+INTERFACES=$SHAREDDIR/interfaces/$HOSTNAME
 
-for NETWORK in $NETWORKS; do
+ifup -i $INTERFACES -a
 
-NETFILE=$SHAREDDIR/networks/$NETWORK
-NODEMAPFILE=$SHAREDDIR/mappings/$NETWORK-$HOSTNAME
-NODEINFRAFILE=$SHAREDDIR/infra/$HOSTNAME
-
-RT_TABLES=/etc/iproute2/rt_tables
+for NETWORK in $NETWORKS; do
 
-source $NODEINFRAFILE
-source $NETFILE
-source $NODEMAPFILE
+  NETFILE=$SHAREDDIR/networks/$NETWORK
+  NODEMAPFILE=$SHAREDDIR/mappings/$NETWORK-$HOSTNAME
+  NODEINFRAFILE=$SHAREDDIR/infra/$HOSTNAME
+  CLUSTERINFRAFILE=$SHAREDDIR/infra/cluster
 
+  RT_TABLES=/etc/iproute2/rt_tables
 
+  source $NODEINFRAFILE
+  source $CLUSTERINFRAFILE
+  source $NETFILE
 
-if [ "$ACTION" == "add" ]; then
   if [ "$MODE" == "routed" ]; then 
     VLAN=$LINK
     TABLE=rt_$NETWORK
@@ -64,7 +55,7 @@ if [ "$ACTION" == "add" ]; then
 
   if [ "$MODE" == "bridged" ]; then
     BRIDGE=$LINK
-    if [ ! -z "$GATEWAY" ]; then
+    if [ ! -z "$GATEWAY" -a $ENABLE_MASQ ]; then
       if [ "$TYPE" == "private" ]; then 
         if [ "$HOSTNAME" == "$ROUTER" ]; then
           NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}')
@@ -74,53 +65,5 @@ if [ "$ACTION" == "add" ]; then
       fi
     fi
   fi
-  
-elif [ "$ACTION" == "remove" ]; then
-  if [ ! -e "$NODEMAPFILE" ]; then
-    exit 0;
-  fi
-
-  source $NODEMAPFILE
-
-  if [ "$MODE" == "routed" ]; then 
-    VLAN=$LINK
-    TABLE=rt_$NETWORK
-    if [ "$TYPE" == "public" ]; then
-      ARP_IP=$(ipcalc $SUBNET | grep HostMax | awk '{print $2}')
-    
-      arptables -D OUTPUT -o $VLAN --opcode request -j mangle --mangle-ip-s  $ARP_IP 
-
-      ip route del default via $GATEWAY dev $VLAN table $TABLE
-      ip route del $SUBNET dev $VLAN table $TABLE
-
-      ip route del $SUBNET dev $VLAN table main 
-
-      ip rule del iif $VLAN table $TABLE
-      
-      sed -i 's/.*'"$TABLE"'$//' $RT_TABLES
-    fi
-  fi
-
-
-
-  if [ "$MODE" == "bridged" ]; then
-    BRIDGE=$LINK
-    if [ ! -z "$GATEWAY" ]; then
-      if [ "$TYPE" == "private" ]; then 
-        if [ "$HOSTNAME" == "$ROUTER" ]; then
-          NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}')
-          ip addr del $GATEWAY/$NETMASK dev $BRIDGE
-          iptables -t nat -D POSTROUTING -s $SUBNET \! -d 192.168.0.0/16 -j MASQUERADE
-        fi  
-      fi
-    fi
-  fi
-  
-
-fi
 
 done
-
-if [ "$ACTION" == "remove" ]; then
-  snf-network-unconfigure-interfaces
-fi 
diff --git a/snf-network-unconfigure b/snf-network-unconfigure
new file mode 100755
index 0000000..4626a89
--- /dev/null
+++ b/snf-network-unconfigure
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+source /etc/default/snf-network
+
+source $CONF
+
+NETWORKS="$(ls $SHAREDDIR/networks/)"
+
+HOSTNAME=$(hostname)
+
+for NETWORK in $NETWORKS; do
+
+  NETFILE=$SHAREDDIR/networks/$NETWORK
+  NODEMAPFILE=$SHAREDDIR/mappings/$NETWORK-$HOSTNAME
+  NODEINFRAFILE=$SHAREDDIR/infra/$HOSTNAME
+
+  RT_TABLES=/etc/iproute2/rt_tables
+
+  source $NODEINFRAFILE
+  source $NETFILE
+  source $NODEMAPFILE
+
+
+  if [ "$MODE" == "routed" ]; then 
+    VLAN=$LINK
+    TABLE=rt_$NETWORK
+    if [ "$TYPE" == "public" ]; then
+      ARP_IP=$(ipcalc $SUBNET | grep HostMax | awk '{print $2}')
+    
+      arptables -D OUTPUT -o $VLAN --opcode request -j mangle --mangle-ip-s  $ARP_IP 
+
+      ip route del default via $GATEWAY dev $VLAN table $TABLE
+      ip route del $SUBNET dev $VLAN table $TABLE
+
+      ip route del $SUBNET dev $VLAN table main 
+
+      ip rule del iif $VLAN table $TABLE
+      
+      sed -i 's/.*'"$TABLE"'$//' $RT_TABLES
+    fi
+  fi
+
+
+
+  if [ "$MODE" == "bridged" ]; then
+    BRIDGE=$LINK
+    if [ ! -z "$GATEWAY" -a $ENABLE_MASQ ]; then
+      if [ "$TYPE" == "private" ]; then 
+        if [ "$HOSTNAME" == "$ROUTER" ]; then
+          NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}')
+          ip addr del $GATEWAY/$NETMASK dev $BRIDGE
+          iptables -t nat -D POSTROUTING -s $SUBNET \! -d 192.168.0.0/16 -j MASQUERADE
+        fi  
+      fi
+    fi
+  fi
+
+done
+
+INTERFACES=$SHAREDDIR/interfaces/$HOSTNAME
+
+ifdown -i $INTERFACES -a --force
+