root / hooks / group-modify-post.d / snf-network @ ed7f0f2a
History | View | Annotate | Download (2.7 kB)
1 | 7d163a24 | Dimitris Aragiorgis | #!/bin/bash |
---|---|---|---|
2 | 7d163a24 | Dimitris Aragiorgis | |
3 | 7d163a24 | Dimitris Aragiorgis | source /etc/default/snf-network |
4 | 7d163a24 | Dimitris Aragiorgis | |
5 | 7d163a24 | Dimitris Aragiorgis | GROUP=$GANETI_GROUP_NAME |
6 | 7d163a24 | Dimitris Aragiorgis | |
7 | 7d163a24 | Dimitris Aragiorgis | ACTION=$GANETI_GROUP_NETWORK_ACTION |
8 | 7d163a24 | Dimitris Aragiorgis | NETWORK=$GANETI_GROUP_NETWORK_NAME |
9 | 7d163a24 | Dimitris Aragiorgis | MODE=$GANETI_GROUP_NETWORK_MODE |
10 | 7d163a24 | Dimitris Aragiorgis | LINK=$GANETI_GROUP_NETWORK_LINK |
11 | 7d163a24 | Dimitris Aragiorgis | |
12 | 7d163a24 | Dimitris Aragiorgis | |
13 | 7d163a24 | Dimitris Aragiorgis | |
14 | 7d163a24 | Dimitris Aragiorgis | if [ -z $ACTION ]; then |
15 | 7d163a24 | Dimitris Aragiorgis | exit 0 |
16 | 7d163a24 | Dimitris Aragiorgis | fi |
17 | 7d163a24 | Dimitris Aragiorgis | |
18 | 7d163a24 | Dimitris Aragiorgis | NETFILE=$SHAREDDIR/networks/$NETWORK |
19 | 7d163a24 | Dimitris Aragiorgis | |
20 | 7d163a24 | Dimitris Aragiorgis | MAPFILE=$SHAREDDIR/mappings/$NETWORK-$GROUP |
21 | 7d163a24 | Dimitris Aragiorgis | |
22 | 7d163a24 | Dimitris Aragiorgis | function set_rt_table { |
23 | 7d163a24 | Dimitris Aragiorgis | ID=$(sed -n '/^$/ { =; q}' /etc/iproute2/rt_tables) |
24 | 7d163a24 | Dimitris Aragiorgis | if [ -z $ID ]; then |
25 | 7d163a24 | Dimitris Aragiorgis | ID=$(wc -l /etc/iproute2/rt_tables) |
26 | 7d163a24 | Dimitris Aragiorgis | echo $((ID+1)) rt_$NETWORK > /etc/iproute2/rt_tables |
27 | 7d163a24 | Dimitris Aragiorgis | else |
28 | 7d163a24 | Dimitris Aragiorgis | sed -i '1,/^$/ s/^$/'"$ID"' rt_'"$NETWORK"'/' /etc/iproute2/rt_tables |
29 | 7d163a24 | Dimitris Aragiorgis | fi |
30 | 7d163a24 | Dimitris Aragiorgis | } |
31 | 7d163a24 | Dimitris Aragiorgis | |
32 | 7d163a24 | Dimitris Aragiorgis | |
33 | 7d163a24 | Dimitris Aragiorgis | |
34 | 7d163a24 | Dimitris Aragiorgis | if [ $ACTION == "add" ]; then |
35 | 7d163a24 | Dimitris Aragiorgis | if [ $MODE == "routed" ]; then |
36 | 7d163a24 | Dimitris Aragiorgis | VLAN=$LINK |
37 | 7d163a24 | Dimitris Aragiorgis | if [ $TYPE == "public" ]; then |
38 | 7d163a24 | Dimitris Aragiorgis | ARP_IP=$(ipcalc $SUBNET | grep HostMax | awk '{print $2}') |
39 | 7d163a24 | Dimitris Aragiorgis | |
40 | 7d163a24 | Dimitris Aragiorgis | ip link set $VLAN up |
41 | 7d163a24 | Dimitris Aragiorgis | |
42 | 7d163a24 | Dimitris Aragiorgis | echo 1 > "/proc/sys/net/ipv4/conf/$VLAN/proxy_arp" |
43 | 7d163a24 | Dimitris Aragiorgis | |
44 | 7d163a24 | Dimitris Aragiorgis | set_rt_table |
45 | 7d163a24 | Dimitris Aragiorgis | |
46 | 7d163a24 | Dimitris Aragiorgis | ip rule add iif $VLAN table rt_$NETWORK |
47 | 7d163a24 | Dimitris Aragiorgis | |
48 | 7d163a24 | Dimitris Aragiorgis | ip route add $SUBNET dev $VLAN table main |
49 | 7d163a24 | Dimitris Aragiorgis | |
50 | 7d163a24 | Dimitris Aragiorgis | ip route add $SUBNET dev $VLAN table rt_$NETWORK |
51 | 7d163a24 | Dimitris Aragiorgis | ip route add default via $GATEWAY dev $VLAN table rt_$NETWORK |
52 | 7d163a24 | Dimitris Aragiorgis | |
53 | 7d163a24 | Dimitris Aragiorgis | echo 1 > /proc/sys/net/ipv4/conf/all/forwarding |
54 | 7d163a24 | Dimitris Aragiorgis | |
55 | 7d163a24 | Dimitris Aragiorgis | arptables -A OUTPUT -o $VLAN --opcode request -j mangle --mangle-ip-s $ARP_IP |
56 | 7d163a24 | Dimitris Aragiorgis | fi |
57 | 7d163a24 | Dimitris Aragiorgis | fi |
58 | 7d163a24 | Dimitris Aragiorgis | |
59 | 7d163a24 | Dimitris Aragiorgis | |
60 | 7d163a24 | Dimitris Aragiorgis | |
61 | 7d163a24 | Dimitris Aragiorgis | if [ $MODE == "bridged" ]; then |
62 | 7d163a24 | Dimitris Aragiorgis | BRIDGE=$LINK |
63 | 7d163a24 | Dimitris Aragiorgis | if [ ! -z $GATEWAY ]; then |
64 | 7d163a24 | Dimitris Aragiorgis | if [ $TYPE == "private" ]; then |
65 | 7d163a24 | Dimitris Aragiorgis | if [ $(hostname) == $ROUTER ]; then |
66 | 7d163a24 | Dimitris Aragiorgis | NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}') |
67 | 7d163a24 | Dimitris Aragiorgis | ip addr add $GATEWAY/$NETMASK dev $BRIDGE |
68 | 7d163a24 | Dimitris Aragiorgis | iptables -t nat -A POSTROUTING -s $SUBNET \! -d 192.168.0.0/16 -j MASQUERADE |
69 | 7d163a24 | Dimitris Aragiorgis | fi |
70 | 7d163a24 | Dimitris Aragiorgis | fi |
71 | 7d163a24 | Dimitris Aragiorgis | fi |
72 | 7d163a24 | Dimitris Aragiorgis | fi |
73 | 7d163a24 | Dimitris Aragiorgis | |
74 | 7d163a24 | Dimitris Aragiorgis | cat > $MAPFILE <<EOF |
75 | 7d163a24 | Dimitris Aragiorgis | MODE=$MODE |
76 | 7d163a24 | Dimitris Aragiorgis | LINK=$LINK |
77 | 7d163a24 | Dimitris Aragiorgis | EOF |
78 | 7d163a24 | Dimitris Aragiorgis | |
79 | 7d163a24 | Dimitris Aragiorgis | else |
80 | 7d163a24 | Dimitris Aragiorgis | |
81 | 7d163a24 | Dimitris Aragiorgis | source $MAPFILE |
82 | 7d163a24 | Dimitris Aragiorgis | |
83 | 7d163a24 | Dimitris Aragiorgis | if [ "$MODE" == "routed" ]; then |
84 | 7d163a24 | Dimitris Aragiorgis | VLAN=$LINK |
85 | 7d163a24 | Dimitris Aragiorgis | TABLE=rt_$NETWORK |
86 | 7d163a24 | Dimitris Aragiorgis | if [ $TYPE == "public" ]; then |
87 | 7d163a24 | Dimitris Aragiorgis | ARP_IP=$(ipcalc $SUBNET | grep HostMax | awk '{print $2}') |
88 | 7d163a24 | Dimitris Aragiorgis | |
89 | 7d163a24 | Dimitris Aragiorgis | arptables -D OUTPUT -o $VLAN --opcode request -j mangle --mangle-ip-s $ARP_IP |
90 | 7d163a24 | Dimitris Aragiorgis | |
91 | 7d163a24 | Dimitris Aragiorgis | ip route del default via $GATEWAY dev $VLAN table $TABLE |
92 | 7d163a24 | Dimitris Aragiorgis | ip route del $SUBNET dev $VLAN table $TABLE |
93 | 7d163a24 | Dimitris Aragiorgis | |
94 | 7d163a24 | Dimitris Aragiorgis | ip route del $SUBNET dev $VLAN table main |
95 | 7d163a24 | Dimitris Aragiorgis | |
96 | 7d163a24 | Dimitris Aragiorgis | ip rule del iif $VLAN table $TABLE |
97 | 7d163a24 | Dimitris Aragiorgis | sed -i 's/.*'"$TABLE"'$//' /etc/iproute2/rt_tables |
98 | 7d163a24 | Dimitris Aragiorgis | fi |
99 | 7d163a24 | Dimitris Aragiorgis | fi |
100 | 7d163a24 | Dimitris Aragiorgis | |
101 | 7d163a24 | Dimitris Aragiorgis | |
102 | 7d163a24 | Dimitris Aragiorgis | |
103 | 7d163a24 | Dimitris Aragiorgis | if [ "$MODE" == "bridged" ]; then |
104 | 7d163a24 | Dimitris Aragiorgis | BRIDGE=$LINK |
105 | 7d163a24 | Dimitris Aragiorgis | if [ ! -z $GATEWAY ]; then |
106 | 7d163a24 | Dimitris Aragiorgis | if [ $TYPE == "private" ]; then |
107 | 7d163a24 | Dimitris Aragiorgis | if [ $(hostname) == $ROUTER ]; then |
108 | 7d163a24 | Dimitris Aragiorgis | NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}') |
109 | 7d163a24 | Dimitris Aragiorgis | ip addr del $GATEWAY/$NETMASK dev $BRIDGE |
110 | 7d163a24 | Dimitris Aragiorgis | iptables -t nat -D POSTROUTING -s $SUBNET \! -d 192.168.0.0/16 -j MASQUERADE |
111 | 7d163a24 | Dimitris Aragiorgis | fi |
112 | 7d163a24 | Dimitris Aragiorgis | fi |
113 | 7d163a24 | Dimitris Aragiorgis | fi |
114 | 7d163a24 | Dimitris Aragiorgis | fi |
115 | 7d163a24 | Dimitris Aragiorgis | |
116 | 7d163a24 | Dimitris Aragiorgis | rm $MAPFILE |
117 | 7d163a24 | Dimitris Aragiorgis | |
118 | 7d163a24 | Dimitris Aragiorgis | fi |