root / common.sh @ 8ba80517
History | View | Annotate | Download (9.8 kB)
| 1 | 38305e4c | Dimitris Aragiorgis | #!/bin/bash |
|---|---|---|---|
| 2 | 38305e4c | Dimitris Aragiorgis | |
| 3 | 6afbe696 | Dimitris Aragiorgis | source /etc/default/snf-network |
| 4 | 6afbe696 | Dimitris Aragiorgis | |
| 5 | 38305e4c | Dimitris Aragiorgis | function try {
|
| 6 | 38305e4c | Dimitris Aragiorgis | |
| 7 | 77ce5a39 | Dimitris Aragiorgis | $1 &>/dev/null || true |
| 8 | 38305e4c | Dimitris Aragiorgis | |
| 9 | 38305e4c | Dimitris Aragiorgis | } |
| 10 | 38305e4c | Dimitris Aragiorgis | |
| 11 | 38305e4c | Dimitris Aragiorgis | function clear_routed_setup_ipv4 {
|
| 12 | 38305e4c | Dimitris Aragiorgis | |
| 13 | 38305e4c | Dimitris Aragiorgis | arptables -D OUTPUT -o $INTERFACE --opcode request -j mangle |
| 14 | 38305e4c | Dimitris Aragiorgis | while ip rule del dev $INTERFACE; do :; done |
| 15 | 38305e4c | Dimitris Aragiorgis | iptables -D FORWARD -i $INTERFACE -p udp --dport 67 -j DROP |
| 16 | 38305e4c | Dimitris Aragiorgis | |
| 17 | 38305e4c | Dimitris Aragiorgis | } |
| 18 | 38305e4c | Dimitris Aragiorgis | |
| 19 | 38305e4c | Dimitris Aragiorgis | function clear_routed_setup_ipv6 {
|
| 20 | 38305e4c | Dimitris Aragiorgis | |
| 21 | 38305e4c | Dimitris Aragiorgis | while ip -6 rule del dev $INTERFACE; do :; done |
| 22 | 38305e4c | Dimitris Aragiorgis | |
| 23 | 38305e4c | Dimitris Aragiorgis | } |
| 24 | 38305e4c | Dimitris Aragiorgis | |
| 25 | 77ce5a39 | Dimitris Aragiorgis | function delete_neighbor_proxy {
|
| 26 | 77ce5a39 | Dimitris Aragiorgis | |
| 27 | 63f1d9e7 | Dimitris Aragiorgis | if [ -z "$EUI64" -z -o "$UPLINK6" ]; then |
| 28 | 6afbe696 | Dimitris Aragiorgis | return |
| 29 | 6afbe696 | Dimitris Aragiorgis | fi |
| 30 | 6afbe696 | Dimitris Aragiorgis | |
| 31 | 63f1d9e7 | Dimitris Aragiorgis | $SNF_NETWORK_LOG $0 "ip -6 neigh del proxy $EUI64 dev $UPLINK6" |
| 32 | 63f1d9e7 | Dimitris Aragiorgis | ip -6 neigh del proxy $EUI64 dev $UPLINK6 |
| 33 | 77ce5a39 | Dimitris Aragiorgis | |
| 34 | 77ce5a39 | Dimitris Aragiorgis | } |
| 35 | 38305e4c | Dimitris Aragiorgis | |
| 36 | 38305e4c | Dimitris Aragiorgis | function clear_routed_setup_firewall {
|
| 37 | 38305e4c | Dimitris Aragiorgis | |
| 38 | 38305e4c | Dimitris Aragiorgis | for oldchain in protected unprotected limited; do |
| 39 | 38305e4c | Dimitris Aragiorgis | iptables -D FORWARD -o $INTERFACE -j $oldchain |
| 40 | 38305e4c | Dimitris Aragiorgis | ip6tables -D FORWARD -o $INTERFACE -j $oldchain |
| 41 | 38305e4c | Dimitris Aragiorgis | done |
| 42 | 38305e4c | Dimitris Aragiorgis | |
| 43 | 38305e4c | Dimitris Aragiorgis | } |
| 44 | 38305e4c | Dimitris Aragiorgis | |
| 45 | 38305e4c | Dimitris Aragiorgis | function clear_ebtables {
|
| 46 | 38305e4c | Dimitris Aragiorgis | |
| 47 | 1409faba | Stratos Psomadakis | runlocked $RUNLOCKED_OPTS ebtables -D FORWARD -i $INTERFACE -j $FROM |
| 48 | a57b3c64 | Dimitris Aragiorgis | runlocked $RUNLOCKED_OPTS ebtables -D INPUT -i $INTERFACE -j $FROM |
| 49 | 1409faba | Stratos Psomadakis | runlocked $RUNLOCKED_OPTS ebtables -D FORWARD -o $INTERFACE -j $TO |
| 50 | a57b3c64 | Dimitris Aragiorgis | runlocked $RUNLOCKED_OPTS ebtables -D OUTPUT -o $INTERFACE -j $TO |
| 51 | 38305e4c | Dimitris Aragiorgis | |
| 52 | 1409faba | Stratos Psomadakis | runlocked $RUNLOCKED_OPTS ebtables -X $FROM |
| 53 | 1409faba | Stratos Psomadakis | runlocked $RUNLOCKED_OPTS ebtables -X $TO |
| 54 | 38305e4c | Dimitris Aragiorgis | } |
| 55 | 38305e4c | Dimitris Aragiorgis | |
| 56 | 38305e4c | Dimitris Aragiorgis | |
| 57 | 38305e4c | Dimitris Aragiorgis | function clear_nfdhcpd {
|
| 58 | 38305e4c | Dimitris Aragiorgis | |
| 59 | 38305e4c | Dimitris Aragiorgis | rm $NFDHCPD_STATE_DIR/$INTERFACE |
| 60 | 38305e4c | Dimitris Aragiorgis | |
| 61 | 38305e4c | Dimitris Aragiorgis | } |
| 62 | 38305e4c | Dimitris Aragiorgis | |
| 63 | 38305e4c | Dimitris Aragiorgis | |
| 64 | 38305e4c | Dimitris Aragiorgis | function routed_setup_ipv4 {
|
| 65 | 38305e4c | Dimitris Aragiorgis | |
| 66 | 0363b080 | Dimitris Aragiorgis | if [ -z "$INTERFACE" -o -z "$NETWORK_GATEWAY" -o -z "$IP" -o -z "$TABLE" ] |
| 67 | 0363b080 | Dimitris Aragiorgis | then |
| 68 | 0363b080 | Dimitris Aragiorgis | return |
| 69 | 0363b080 | Dimitris Aragiorgis | fi |
| 70 | 0363b080 | Dimitris Aragiorgis | |
| 71 | 38305e4c | Dimitris Aragiorgis | # mangle ARPs to come from the gw's IP |
| 72 | 38305e4c | Dimitris Aragiorgis | arptables -A OUTPUT -o $INTERFACE --opcode request -j mangle --mangle-ip-s "$NETWORK_GATEWAY" |
| 73 | 38305e4c | Dimitris Aragiorgis | |
| 74 | 38305e4c | Dimitris Aragiorgis | # route interface to the proper routing table |
| 75 | 38305e4c | Dimitris Aragiorgis | ip rule add dev $INTERFACE table $TABLE |
| 76 | 38305e4c | Dimitris Aragiorgis | |
| 77 | 38305e4c | Dimitris Aragiorgis | # static route mapping IP -> INTERFACE |
| 78 | 38305e4c | Dimitris Aragiorgis | ip route replace $IP proto static dev $INTERFACE table $TABLE |
| 79 | 38305e4c | Dimitris Aragiorgis | |
| 80 | 38305e4c | Dimitris Aragiorgis | # Enable proxy ARP |
| 81 | 38305e4c | Dimitris Aragiorgis | echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/proxy_arp |
| 82 | 1bdc9427 | Dimitris Aragiorgis | |
| 83 | 77ce5a39 | Dimitris Aragiorgis | } |
| 84 | 77ce5a39 | Dimitris Aragiorgis | |
| 85 | 77ce5a39 | Dimitris Aragiorgis | function send_garp {
|
| 86 | 77ce5a39 | Dimitris Aragiorgis | |
| 87 | 6afbe696 | Dimitris Aragiorgis | if [ -z "$IP" -o -z "$UPLINK" ]; then |
| 88 | 6afbe696 | Dimitris Aragiorgis | return |
| 89 | 6afbe696 | Dimitris Aragiorgis | fi |
| 90 | 6afbe696 | Dimitris Aragiorgis | |
| 91 | 6afbe696 | Dimitris Aragiorgis | # Send GARP from host to upstream router |
| 92 | 1bdc9427 | Dimitris Aragiorgis | echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind |
| 93 | cc56d684 | Dimitris Aragiorgis | $SNF_NETWORK_LOG $0 "arpsend -U -i $IP -c1 $UPLINK" |
| 94 | cc56d684 | Dimitris Aragiorgis | arpsend -U -i $IP -c1 $UPLINK |
| 95 | 1bdc9427 | Dimitris Aragiorgis | echo 0 > /proc/sys/net/ipv4/ip_nonlocal_bind |
| 96 | 1bdc9427 | Dimitris Aragiorgis | |
| 97 | 38305e4c | Dimitris Aragiorgis | } |
| 98 | 38305e4c | Dimitris Aragiorgis | |
| 99 | 38305e4c | Dimitris Aragiorgis | function routed_setup_ipv6 {
|
| 100 | 38305e4c | Dimitris Aragiorgis | |
| 101 | 63f1d9e7 | Dimitris Aragiorgis | if [ -z "$EUI64" -o -z "$TABLE" -o -z "$INTERFACE" -o -z "$UPLINK6" ] |
| 102 | 0363b080 | Dimitris Aragiorgis | then |
| 103 | 0363b080 | Dimitris Aragiorgis | return |
| 104 | 0363b080 | Dimitris Aragiorgis | fi |
| 105 | 63f1d9e7 | Dimitris Aragiorgis | # Add a routing entry for the eui-64 |
| 106 | 38305e4c | Dimitris Aragiorgis | ip -6 rule add dev $INTERFACE table $TABLE |
| 107 | 1bdc9427 | Dimitris Aragiorgis | ip -6 ro replace $EUI64/128 dev $INTERFACE table $TABLE |
| 108 | 63f1d9e7 | Dimitris Aragiorgis | ip -6 neigh add proxy $EUI64 dev $UPLINK6 |
| 109 | 38305e4c | Dimitris Aragiorgis | |
| 110 | 38305e4c | Dimitris Aragiorgis | # disable proxy NDP since we're handling this on userspace |
| 111 | 38305e4c | Dimitris Aragiorgis | # this should be the default, but better safe than sorry |
| 112 | 38305e4c | Dimitris Aragiorgis | echo 0 > /proc/sys/net/ipv6/conf/$INTERFACE/proxy_ndp |
| 113 | 1bdc9427 | Dimitris Aragiorgis | |
| 114 | 1bdc9427 | Dimitris Aragiorgis | # Send Unsolicited Neighbor Advertisement |
| 115 | 63f1d9e7 | Dimitris Aragiorgis | $SNF_NETWORK_LOG $0 "ndsend $EUI64 $UPLINK6" |
| 116 | 63f1d9e7 | Dimitris Aragiorgis | ndsend $EUI64 $UPLINK6 |
| 117 | 1bdc9427 | Dimitris Aragiorgis | |
| 118 | 38305e4c | Dimitris Aragiorgis | } |
| 119 | 38305e4c | Dimitris Aragiorgis | |
| 120 | 38305e4c | Dimitris Aragiorgis | # pick a firewall profile per NIC, based on tags (and apply it) |
| 121 | 38305e4c | Dimitris Aragiorgis | function routed_setup_firewall {
|
| 122 | a336b166 | Dimitris Aragiorgis | # for latest ganeti there is no need to check other but uuid |
| 123 | a336b166 | Dimitris Aragiorgis | ifprefixindex="synnefo:network:$INTERFACE_INDEX:" |
| 124 | a336b166 | Dimitris Aragiorgis | ifprefixname="synnefo:network:$INTERFACE_NAME:" |
| 125 | a336b166 | Dimitris Aragiorgis | ifprefixuuid="synnefo:network:$INTERFACE_UUID:" |
| 126 | 38305e4c | Dimitris Aragiorgis | for tag in $TAGS; do |
| 127 | a336b166 | Dimitris Aragiorgis | tag=${tag#$ifprefixindex}
|
| 128 | a336b166 | Dimitris Aragiorgis | tag=${tag#$ifprefixname}
|
| 129 | a336b166 | Dimitris Aragiorgis | tag=${tag#$ifprefixuuid}
|
| 130 | a336b166 | Dimitris Aragiorgis | case $tag in |
| 131 | 38305e4c | Dimitris Aragiorgis | protected) |
| 132 | 38305e4c | Dimitris Aragiorgis | chain=protected |
| 133 | 38305e4c | Dimitris Aragiorgis | ;; |
| 134 | 38305e4c | Dimitris Aragiorgis | unprotected) |
| 135 | 38305e4c | Dimitris Aragiorgis | chain=unprotected |
| 136 | 38305e4c | Dimitris Aragiorgis | ;; |
| 137 | 38305e4c | Dimitris Aragiorgis | limited) |
| 138 | 38305e4c | Dimitris Aragiorgis | chain=limited |
| 139 | 38305e4c | Dimitris Aragiorgis | ;; |
| 140 | 38305e4c | Dimitris Aragiorgis | esac |
| 141 | 38305e4c | Dimitris Aragiorgis | done |
| 142 | 38305e4c | Dimitris Aragiorgis | |
| 143 | 38305e4c | Dimitris Aragiorgis | if [ "x$chain" != "x" ]; then |
| 144 | 38305e4c | Dimitris Aragiorgis | iptables -A FORWARD -o $INTERFACE -j $chain |
| 145 | 38305e4c | Dimitris Aragiorgis | ip6tables -A FORWARD -o $INTERFACE -j $chain |
| 146 | 38305e4c | Dimitris Aragiorgis | fi |
| 147 | 38305e4c | Dimitris Aragiorgis | } |
| 148 | 38305e4c | Dimitris Aragiorgis | |
| 149 | 38305e4c | Dimitris Aragiorgis | function init_ebtables {
|
| 150 | 38305e4c | Dimitris Aragiorgis | |
| 151 | 184370fd | Dimitris Aragiorgis | runlocked $RUNLOCKED_OPTS ebtables -N $FROM -P RETURN |
| 152 | 1409faba | Stratos Psomadakis | runlocked $RUNLOCKED_OPTS ebtables -A FORWARD -i $INTERFACE -j $FROM |
| 153 | a57b3c64 | Dimitris Aragiorgis | # This is needed for multicast packets |
| 154 | a57b3c64 | Dimitris Aragiorgis | runlocked $RUNLOCKED_OPTS ebtables -A INPUT -i $INTERFACE -j $FROM |
| 155 | a57b3c64 | Dimitris Aragiorgis | |
| 156 | 184370fd | Dimitris Aragiorgis | runlocked $RUNLOCKED_OPTS ebtables -N $TO -P RETURN |
| 157 | 1409faba | Stratos Psomadakis | runlocked $RUNLOCKED_OPTS ebtables -A FORWARD -o $INTERFACE -j $TO |
| 158 | a57b3c64 | Dimitris Aragiorgis | # This is needed for multicast packets |
| 159 | a57b3c64 | Dimitris Aragiorgis | runlocked $RUNLOCKED_OPTS ebtables -A OUTPUT -o $INTERFACE -j $TO |
| 160 | 38305e4c | Dimitris Aragiorgis | |
| 161 | 38305e4c | Dimitris Aragiorgis | } |
| 162 | 38305e4c | Dimitris Aragiorgis | |
| 163 | 38305e4c | Dimitris Aragiorgis | |
| 164 | 38305e4c | Dimitris Aragiorgis | function setup_ebtables {
|
| 165 | 38305e4c | Dimitris Aragiorgis | |
| 166 | 38305e4c | Dimitris Aragiorgis | # do not allow changes in ip-mac pair |
| 167 | e5171922 | Dimitris Aragiorgis | if [ -n "$IP" ]; then |
| 168 | e5171922 | Dimitris Aragiorgis | :; # runlocked $RUNLOCKED_OPTS ebtables -A $FROM --ip-source \! $IP -p ipv4 -j DROP |
| 169 | 38305e4c | Dimitris Aragiorgis | fi |
| 170 | 1409faba | Stratos Psomadakis | runlocked $RUNLOCKED_OPTS ebtables -A $FROM -s \! $MAC -j DROP |
| 171 | fd80d055 | Dimitris Aragiorgis | # accept dhcp responses from host (nfdhcpd) |
| 172 | fd80d055 | Dimitris Aragiorgis | # this is actually not needed because nfdhcpd opens a socket and binds is with |
| 173 | fd80d055 | Dimitris Aragiorgis | # tap interface so dhcp response does not go through bridge |
| 174 | b0a87613 | Dimitris Aragiorgis | # INDEV_MAC=$(cat /sys/class/net/$INDEV/address) |
| 175 | fd80d055 | Dimitris Aragiorgis | # runlocked $RUNLOCKED_OPTS ebtables -A $TO -s $INDEV_MAC -p ipv4 --ip-protocol=udp --ip-destination-port=68 -j ACCEPT |
| 176 | 38305e4c | Dimitris Aragiorgis | # allow only packets from the same mac prefix |
| 177 | 1409faba | Stratos Psomadakis | runlocked $RUNLOCKED_OPTS ebtables -A $TO -s \! $MAC/$MAC_MASK -j DROP |
| 178 | 38305e4c | Dimitris Aragiorgis | } |
| 179 | 38305e4c | Dimitris Aragiorgis | |
| 180 | 38305e4c | Dimitris Aragiorgis | function setup_masq {
|
| 181 | 38305e4c | Dimitris Aragiorgis | |
| 182 | 38305e4c | Dimitris Aragiorgis | # allow packets from/to router (for masquerading) |
| 183 | 1409faba | Stratos Psomadakis | # runlocked $RUNLOCKED_OPTS ebtables -A $TO -s $NODE_MAC -j ACCEPT |
| 184 | 1409faba | Stratos Psomadakis | # runlocked $RUNLOCKED_OPTS ebtables -A INPUT -i $INTERFACE -j $FROM |
| 185 | 1409faba | Stratos Psomadakis | # runlocked $RUNLOCKED_OPTS ebtables -A OUTPUT -o $INTERFACE -j $TO |
| 186 | 38305e4c | Dimitris Aragiorgis | return |
| 187 | 38305e4c | Dimitris Aragiorgis | |
| 188 | 38305e4c | Dimitris Aragiorgis | } |
| 189 | 38305e4c | Dimitris Aragiorgis | |
| 190 | 38305e4c | Dimitris Aragiorgis | function setup_nfdhcpd {
|
| 191 | 38305e4c | Dimitris Aragiorgis | umask 022 |
| 192 | 38305e4c | Dimitris Aragiorgis | FILE=$NFDHCPD_STATE_DIR/$INTERFACE |
| 193 | 38305e4c | Dimitris Aragiorgis | #IFACE is the interface from which the packet seems to arrive |
| 194 | 38305e4c | Dimitris Aragiorgis | #needed in bridged mode where the packets seems to arrive from the |
| 195 | 38305e4c | Dimitris Aragiorgis | #bridge and not from the tap |
| 196 | 38305e4c | Dimitris Aragiorgis | cat >$FILE <<EOF |
| 197 | 38305e4c | Dimitris Aragiorgis | INDEV=$INDEV |
| 198 | 38305e4c | Dimitris Aragiorgis | IP=$IP |
| 199 | 38305e4c | Dimitris Aragiorgis | MAC=$MAC |
| 200 | 38305e4c | Dimitris Aragiorgis | HOSTNAME=$INSTANCE |
| 201 | 38305e4c | Dimitris Aragiorgis | TAGS="$TAGS" |
| 202 | 38305e4c | Dimitris Aragiorgis | GATEWAY=$NETWORK_GATEWAY |
| 203 | 38305e4c | Dimitris Aragiorgis | SUBNET=$NETWORK_SUBNET |
| 204 | 38305e4c | Dimitris Aragiorgis | GATEWAY6=$NETWORK_GATEWAY6 |
| 205 | 38305e4c | Dimitris Aragiorgis | SUBNET6=$NETWORK_SUBNET6 |
| 206 | 63f1d9e7 | Dimitris Aragiorgis | EUI64=$EUI64 |
| 207 | 38305e4c | Dimitris Aragiorgis | EOF |
| 208 | 38305e4c | Dimitris Aragiorgis | |
| 209 | 38305e4c | Dimitris Aragiorgis | } |
| 210 | 38305e4c | Dimitris Aragiorgis | |
| 211 | 1bdc9427 | Dimitris Aragiorgis | function get_uplink {
|
| 212 | 1bdc9427 | Dimitris Aragiorgis | |
| 213 | 1bdc9427 | Dimitris Aragiorgis | local table=$1 |
| 214 | 63f1d9e7 | Dimitris Aragiorgis | UPLINK=$(ip route list table $table | grep "default via" | awk '{print $5}')
|
| 215 | 63f1d9e7 | Dimitris Aragiorgis | UPLINK6=$(ip -6 route list table $table | grep "default via" | awk '{print $5}')
|
| 216 | 63f1d9e7 | Dimitris Aragiorgis | $SNF_NETWORK_LOG $0 "* Table $table: uplink -> $UPLINK, uplink6 -> $UPLINK6" |
| 217 | 1bdc9427 | Dimitris Aragiorgis | |
| 218 | 1bdc9427 | Dimitris Aragiorgis | } |
| 219 | 1bdc9427 | Dimitris Aragiorgis | |
| 220 | 1bdc9427 | Dimitris Aragiorgis | # Because we do not have IPv6 value in our environment |
| 221 | 1bdc9427 | Dimitris Aragiorgis | # we caclulate it based on the NIC's MAC and the IPv6 subnet (if any) |
| 222 | 1bdc9427 | Dimitris Aragiorgis | # first argument MAC second IPv6 subnet |
| 223 | 1bdc9427 | Dimitris Aragiorgis | # Changes global value EUI64 |
| 224 | 1bdc9427 | Dimitris Aragiorgis | get_eui64 () {
|
| 225 | 1bdc9427 | Dimitris Aragiorgis | |
| 226 | 1bdc9427 | Dimitris Aragiorgis | local mac=$1 |
| 227 | 1bdc9427 | Dimitris Aragiorgis | local prefix=$2 |
| 228 | 1bdc9427 | Dimitris Aragiorgis | |
| 229 | 1bdc9427 | Dimitris Aragiorgis | if [ -z "$prefix" ]; then |
| 230 | 1bdc9427 | Dimitris Aragiorgis | EUI64= |
| 231 | 1bdc9427 | Dimitris Aragiorgis | else |
| 232 | 1bdc9427 | Dimitris Aragiorgis | EUI64=$($MAC2EUI64 $mac $prefix) |
| 233 | 63f1d9e7 | Dimitris Aragiorgis | $SNF_NETWORK_LOG $0 "* $mac + $prefix -> $EUI64" |
| 234 | 1bdc9427 | Dimitris Aragiorgis | fi |
| 235 | 1bdc9427 | Dimitris Aragiorgis | |
| 236 | 1bdc9427 | Dimitris Aragiorgis | } |
| 237 | fa5bd914 | Dimitris Aragiorgis | |
| 238 | fa5bd914 | Dimitris Aragiorgis | |
| 239 | fa5bd914 | Dimitris Aragiorgis | # DDNS related functions |
| 240 | fa5bd914 | Dimitris Aragiorgis | |
| 241 | fa5bd914 | Dimitris Aragiorgis | # ommit zone statement |
| 242 | fa5bd914 | Dimitris Aragiorgis | # nsupdate will attempt determine the correct zone to update based on the rest of the input |
| 243 | fa5bd914 | Dimitris Aragiorgis | send_command () {
|
| 244 | fa5bd914 | Dimitris Aragiorgis | |
| 245 | fa5bd914 | Dimitris Aragiorgis | local command="$1" |
| 246 | 6afbe696 | Dimitris Aragiorgis | $SNF_NETWORK_LOG $0 "* $command" |
| 247 | fa5bd914 | Dimitris Aragiorgis | nsupdate -k $KEYFILE > /dev/null << EOF |
| 248 | fa5bd914 | Dimitris Aragiorgis | server $SERVER |
| 249 | fa5bd914 | Dimitris Aragiorgis | $command |
| 250 | fa5bd914 | Dimitris Aragiorgis | send |
| 251 | fa5bd914 | Dimitris Aragiorgis | EOF |
| 252 | fa5bd914 | Dimitris Aragiorgis | |
| 253 | fa5bd914 | Dimitris Aragiorgis | } |
| 254 | fa5bd914 | Dimitris Aragiorgis | |
| 255 | fa5bd914 | Dimitris Aragiorgis | |
| 256 | fa5bd914 | Dimitris Aragiorgis | update_arecord () {
|
| 257 | fa5bd914 | Dimitris Aragiorgis | |
| 258 | fa5bd914 | Dimitris Aragiorgis | local action=$1 |
| 259 | fa5bd914 | Dimitris Aragiorgis | local command= |
| 260 | fa5bd914 | Dimitris Aragiorgis | if [ -n "$IP" ]; then |
| 261 | fa5bd914 | Dimitris Aragiorgis | command="update $action $GANETI_INSTANCE_NAME.$FZONE $TTL A $IP" |
| 262 | fa5bd914 | Dimitris Aragiorgis | send_command "$command" |
| 263 | fa5bd914 | Dimitris Aragiorgis | fi |
| 264 | fa5bd914 | Dimitris Aragiorgis | |
| 265 | fa5bd914 | Dimitris Aragiorgis | } |
| 266 | fa5bd914 | Dimitris Aragiorgis | |
| 267 | fa5bd914 | Dimitris Aragiorgis | |
| 268 | fa5bd914 | Dimitris Aragiorgis | update_aaaarecord () {
|
| 269 | fa5bd914 | Dimitris Aragiorgis | |
| 270 | fa5bd914 | Dimitris Aragiorgis | local action=$1 |
| 271 | fa5bd914 | Dimitris Aragiorgis | local command= |
| 272 | fa5bd914 | Dimitris Aragiorgis | if [ -n "$EUI64" ]; then |
| 273 | fa5bd914 | Dimitris Aragiorgis | command="update $action $GANETI_INSTANCE_NAME.$FZONE $TTL AAAA $EUI64" |
| 274 | fa5bd914 | Dimitris Aragiorgis | send_command "$command" |
| 275 | fa5bd914 | Dimitris Aragiorgis | fi |
| 276 | fa5bd914 | Dimitris Aragiorgis | |
| 277 | fa5bd914 | Dimitris Aragiorgis | } |
| 278 | fa5bd914 | Dimitris Aragiorgis | |
| 279 | fa5bd914 | Dimitris Aragiorgis | |
| 280 | fa5bd914 | Dimitris Aragiorgis | update_ptrrecord () {
|
| 281 | fa5bd914 | Dimitris Aragiorgis | |
| 282 | fa5bd914 | Dimitris Aragiorgis | local action=$1 |
| 283 | fa5bd914 | Dimitris Aragiorgis | local command= |
| 284 | fa5bd914 | Dimitris Aragiorgis | if [ -n "$IP" ]; then |
| 285 | fa5bd914 | Dimitris Aragiorgis | command="update $action $RLPART.$RZONE. $TTL PTR $GANETI_INSTANCE_NAME.$FZONE" |
| 286 | fa5bd914 | Dimitris Aragiorgis | send_command "$command" |
| 287 | fa5bd914 | Dimitris Aragiorgis | fi |
| 288 | fa5bd914 | Dimitris Aragiorgis | |
| 289 | fa5bd914 | Dimitris Aragiorgis | } |
| 290 | fa5bd914 | Dimitris Aragiorgis | |
| 291 | fa5bd914 | Dimitris Aragiorgis | update_ptr6record () {
|
| 292 | fa5bd914 | Dimitris Aragiorgis | |
| 293 | fa5bd914 | Dimitris Aragiorgis | local action=$1 |
| 294 | fa5bd914 | Dimitris Aragiorgis | local command= |
| 295 | fa5bd914 | Dimitris Aragiorgis | if [ -n "$EUI64" ]; then |
| 296 | fa5bd914 | Dimitris Aragiorgis | command="update $action $R6LPART$R6ZONE. $TTL PTR $GANETI_INSTANCE_NAME.$FZONE" |
| 297 | fa5bd914 | Dimitris Aragiorgis | send_command "$command" |
| 298 | fa5bd914 | Dimitris Aragiorgis | fi |
| 299 | fa5bd914 | Dimitris Aragiorgis | |
| 300 | fa5bd914 | Dimitris Aragiorgis | } |
| 301 | fa5bd914 | Dimitris Aragiorgis | |
| 302 | fa5bd914 | Dimitris Aragiorgis | update_all () {
|
| 303 | fa5bd914 | Dimitris Aragiorgis | |
| 304 | fa5bd914 | Dimitris Aragiorgis | local action=$1 |
| 305 | 63f1d9e7 | Dimitris Aragiorgis | $SNF_NETWORK_LOG $0 "Update ($action) dns for $GANETI_INSTANCE_NAME $IP $EUI64" |
| 306 | fa5bd914 | Dimitris Aragiorgis | update_arecord $action |
| 307 | fa5bd914 | Dimitris Aragiorgis | update_aaaarecord $action |
| 308 | fa5bd914 | Dimitris Aragiorgis | update_ptrrecord $action |
| 309 | fa5bd914 | Dimitris Aragiorgis | update_ptr6record $action |
| 310 | fa5bd914 | Dimitris Aragiorgis | |
| 311 | fa5bd914 | Dimitris Aragiorgis | } |
| 312 | fa5bd914 | Dimitris Aragiorgis | |
| 313 | fa5bd914 | Dimitris Aragiorgis | |
| 314 | fa5bd914 | Dimitris Aragiorgis | # first argument is an eui64 (IPv6) |
| 315 | fa5bd914 | Dimitris Aragiorgis | # sets GLOBAL args R6REC, R6ZONE, R6LPART |
| 316 | fa5bd914 | Dimitris Aragiorgis | # lets assume eui64=2001:648:2ffc:1::1 |
| 317 | fa5bd914 | Dimitris Aragiorgis | # the following commands produce: |
| 318 | fa5bd914 | Dimitris Aragiorgis | # R6REC=1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.c.f.f.2.8.4.6.0.1.0.0.2.ip6.arpa |
| 319 | fa5bd914 | Dimitris Aragiorgis | # R6ZONE=1.0.0.0.c.f.f.2.8.4.6.0.1.0.0.2.ip6.arpa |
| 320 | fa5bd914 | Dimitris Aragiorgis | # R6LPART=1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. |
| 321 | fa5bd914 | Dimitris Aragiorgis | get_rev6_info () {
|
| 322 | fa5bd914 | Dimitris Aragiorgis | |
| 323 | fa5bd914 | Dimitris Aragiorgis | local eui64=$1 |
| 324 | fa5bd914 | Dimitris Aragiorgis | if [ -z "$eui64" ]; then |
| 325 | fa5bd914 | Dimitris Aragiorgis | R6REC= ; R6ZONE= ; R6LPART= ; |
| 326 | fa5bd914 | Dimitris Aragiorgis | else |
| 327 | fa5bd914 | Dimitris Aragiorgis | R6REC=$(host $eui64 | egrep -o '([[:alnum:]]\.){32}ip6.arpa' )
|
| 328 | fa5bd914 | Dimitris Aragiorgis | R6ZONE=$(echo $R6REC | awk -F. 'BEGIN{rpart="";} { for (i=32;i>16;i=i-1) rpart=$i "." rpart; } END{print rpart "ip6.arpa";}')
|
| 329 | fa5bd914 | Dimitris Aragiorgis | R6LPART=$(echo $R6REC | awk -F. 'BEGIN{lpart="";} { for (i=16;i>0;i=i-1) lpart=$i "." lpart; } END{print lpart;}')
|
| 330 | fa5bd914 | Dimitris Aragiorgis | fi |
| 331 | fa5bd914 | Dimitris Aragiorgis | |
| 332 | fa5bd914 | Dimitris Aragiorgis | } |
| 333 | fa5bd914 | Dimitris Aragiorgis | |
| 334 | fa5bd914 | Dimitris Aragiorgis | |
| 335 | fa5bd914 | Dimitris Aragiorgis | # first argument is an ipv4 |
| 336 | fa5bd914 | Dimitris Aragiorgis | # sets args RZONE, RLPART |
| 337 | fa5bd914 | Dimitris Aragiorgis | # lets assume IP=203.0.113.1 |
| 338 | fa5bd914 | Dimitris Aragiorgis | # RZONE="113.0.203.in-add.arpa" |
| 339 | fa5bd914 | Dimitris Aragiorgis | # RLPART="1" |
| 340 | fa5bd914 | Dimitris Aragiorgis | get_rev4_info () {
|
| 341 | fa5bd914 | Dimitris Aragiorgis | |
| 342 | fa5bd914 | Dimitris Aragiorgis | local ip=$1 |
| 343 | fa5bd914 | Dimitris Aragiorgis | if [ -z "$ip" ]; then |
| 344 | fa5bd914 | Dimitris Aragiorgis | RZONE= ; RLPART= ; |
| 345 | fa5bd914 | Dimitris Aragiorgis | else |
| 346 | fa5bd914 | Dimitris Aragiorgis | OLDIFS=$IFS |
| 347 | fa5bd914 | Dimitris Aragiorgis | IFS=". " |
| 348 | fa5bd914 | Dimitris Aragiorgis | set -- $ip |
| 349 | fa5bd914 | Dimitris Aragiorgis | a=$1 ; b=$2; c=$3; d=$4; |
| 350 | fa5bd914 | Dimitris Aragiorgis | IFS=$OLDIFS |
| 351 | fa5bd914 | Dimitris Aragiorgis | RZONE="$c.$b.$a.in-addr.arpa" |
| 352 | fa5bd914 | Dimitris Aragiorgis | RLPART="$d" |
| 353 | fa5bd914 | Dimitris Aragiorgis | fi |
| 354 | fa5bd914 | Dimitris Aragiorgis | |
| 355 | fa5bd914 | Dimitris Aragiorgis | } |
| 356 | fa5bd914 | Dimitris Aragiorgis | |
| 357 | bd59aebc | Dimitris Aragiorgis | get_ebtables_chains () {
|
| 358 | bd59aebc | Dimitris Aragiorgis | |
| 359 | bd59aebc | Dimitris Aragiorgis | local iface=$1 |
| 360 | bd59aebc | Dimitris Aragiorgis | FROM=FROM${iface^^}
|
| 361 | bd59aebc | Dimitris Aragiorgis | TO=TO${iface^^}
|
| 362 | bd59aebc | Dimitris Aragiorgis | |
| 363 | bd59aebc | Dimitris Aragiorgis | } |
| 364 | bd59aebc | Dimitris Aragiorgis | |
| 365 | 8ba80517 | Dimitris Aragiorgis | get_instance_info () {
|
| 366 | 8ba80517 | Dimitris Aragiorgis | |
| 367 | 8ba80517 | Dimitris Aragiorgis | if [ -z "$GANETI_INSTANCE_NAME" -a -n "$INSTANCE" ]; then |
| 368 | 8ba80517 | Dimitris Aragiorgis | GANETI_INSTANCE_NAME=$INSTANCE |
| 369 | 8ba80517 | Dimitris Aragiorgis | fi |
| 370 | 8ba80517 | Dimitris Aragiorgis | |
| 371 | 8ba80517 | Dimitris Aragiorgis | } |
| 372 | 8ba80517 | Dimitris Aragiorgis | |
| 373 | 8ba80517 | Dimitris Aragiorgis | get_mode_info () {
|
| 374 | 8ba80517 | Dimitris Aragiorgis | |
| 375 | 8ba80517 | Dimitris Aragiorgis | local iface=$1 |
| 376 | 8ba80517 | Dimitris Aragiorgis | local mode=$2 |
| 377 | 8ba80517 | Dimitris Aragiorgis | local link=$3 |
| 378 | 8ba80517 | Dimitris Aragiorgis | |
| 379 | 8ba80517 | Dimitris Aragiorgis | TABLE= |
| 380 | 8ba80517 | Dimitris Aragiorgis | INDEV= |
| 381 | 8ba80517 | Dimitris Aragiorgis | |
| 382 | 8ba80517 | Dimitris Aragiorgis | if [ "$mode" = "routed" ]; then |
| 383 | 8ba80517 | Dimitris Aragiorgis | TABLE=$link |
| 384 | 8ba80517 | Dimitris Aragiorgis | INDEV=$iface |
| 385 | 8ba80517 | Dimitris Aragiorgis | elif [ "$mode" = "bridged" ]; then |
| 386 | 8ba80517 | Dimitris Aragiorgis | INDEV=$link |
| 387 | 8ba80517 | Dimitris Aragiorgis | fi |
| 388 | 8ba80517 | Dimitris Aragiorgis | |
| 389 | 8ba80517 | Dimitris Aragiorgis | } |
| 390 | 8ba80517 | Dimitris Aragiorgis | |
| 391 | fa5bd914 | Dimitris Aragiorgis | |
| 392 | 63f1d9e7 | Dimitris Aragiorgis | # Use environment variables to calculate desired info |
| 393 | 63f1d9e7 | Dimitris Aragiorgis | # IP, MAC, LINK, TABLE, BRIDGE, |
| 394 | 63f1d9e7 | Dimitris Aragiorgis | # NETWORK_SUBNET, NETWORK_GATEWAY, NETWORK_SUBNET6, NETWORK_GATEWAY6 |
| 395 | 63f1d9e7 | Dimitris Aragiorgis | function get_info {
|
| 396 | 63f1d9e7 | Dimitris Aragiorgis | |
| 397 | 63f1d9e7 | Dimitris Aragiorgis | $SNF_NETWORK_LOG $0 "Getting info for $INTERFACE of $GANETI_INSTANCE_NAME" |
| 398 | 8ba80517 | Dimitris Aragiorgis | get_instance_info |
| 399 | 8ba80517 | Dimitris Aragiorgis | get_mode_info $INTERFACE $MODE $LINK |
| 400 | bd59aebc | Dimitris Aragiorgis | get_ebtables_chains $INTERFACE |
| 401 | 63f1d9e7 | Dimitris Aragiorgis | get_rev4_info $IP |
| 402 | 63f1d9e7 | Dimitris Aragiorgis | get_eui64 $MAC $NETWORK_SUBNET6 |
| 403 | 63f1d9e7 | Dimitris Aragiorgis | get_rev6_info $EUI64 |
| 404 | 63f1d9e7 | Dimitris Aragiorgis | get_uplink $TABLE |
| 405 | 63f1d9e7 | Dimitris Aragiorgis | |
| 406 | 63f1d9e7 | Dimitris Aragiorgis | } |
| 407 | 63f1d9e7 | Dimitris Aragiorgis | |
| 408 | 63f1d9e7 | Dimitris Aragiorgis | |
| 409 | fa5bd914 | Dimitris Aragiorgis | # Query nameserver for entries related to the specific instance |
| 410 | fa5bd914 | Dimitris Aragiorgis | # An example output is the following: |
| 411 | fa5bd914 | Dimitris Aragiorgis | # www.google.com has address 173.194.113.114 |
| 412 | fa5bd914 | Dimitris Aragiorgis | # www.google.com has address 173.194.113.115 |
| 413 | fa5bd914 | Dimitris Aragiorgis | # www.google.com has address 173.194.113.116 |
| 414 | fa5bd914 | Dimitris Aragiorgis | # www.google.com has address 173.194.113.112 |
| 415 | fa5bd914 | Dimitris Aragiorgis | # www.google.com has address 173.194.113.113 |
| 416 | fa5bd914 | Dimitris Aragiorgis | # www.google.com has IPv6 address 2a00:1450:4001:80b::1012 |
| 417 | fa5bd914 | Dimitris Aragiorgis | query_dns () {
|
| 418 | fa5bd914 | Dimitris Aragiorgis | |
| 419 | fa5bd914 | Dimitris Aragiorgis | HOSTQ="host -s -R 3 -W 3" |
| 420 | fa5bd914 | Dimitris Aragiorgis | HOST_IP_ALL=$($HOSTQ $GANETI_INSTANCE_NAME.$FZONE $SERVER | sed -n 's/.*has address //p') |
| 421 | fa5bd914 | Dimitris Aragiorgis | HOST_IP6_ALL=$($HOSTQ $GANETI_INSTANCE_NAME.$FZONE $SERVER | sed -n 's/.*has IPv6 address //p') |
| 422 | fa5bd914 | Dimitris Aragiorgis | |
| 423 | fa5bd914 | Dimitris Aragiorgis | } |