/ - Diff - snf-network - Greek Research and Technology Network's projects

     # Defaults for nfdhcpd initscript
     # sourced by /etc/init.d/nfdhcpd
     # installed at /etc/default/nfdhcpd by the maintainer scripts
+    #
     # This is a POSIX shell fragment
+    #
     RUN="yes"
     # Additional options that are passed to the Daemon.
     DAEMON_OPTS=""

     #!/bin/sh
+    #
     # This is free software; you may redistribute it and/or modify
     # it under the terms of the GNU General Public License as
     # published by the Free Software Foundation; either version 2,
     # or (at your option) any later version.
+    #
     # This is distributed in the hope that it will be useful, but
     # WITHOUT ANY WARRANTY; without even the implied warranty of
     # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     # GNU General Public License for more details.
+    #
     # You should have received a copy of the GNU General Public License with
     # the Debian operating system, in /usr/share/common-licenses/GPL;  if
     # not, write to the Free Software Foundation, Inc., 59 Temple Place,
     # Suite 330, Boston, MA 02111-1307 USA
+    #
     ### BEGIN INIT INFO
     # Provides:          nfdhcpd
     # Required-Start:    $network $local_fs $remote_fs
     # Required-Stop:     $remote_fs
     # Should-Start:
     # Should-Stop:
     # Default-Start:     2 3 4 5
     # Default-Stop:      0 1 6
     # Short-Description: NFQueue DHCP/RA server
     ### END INIT INFO
     PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
     DAEMON=/usr/sbin/nfdhcpd
     NAME=nfdhcpd
     DESC="NFQUEUE-based DHCP/RA server"
     LOGDIR=/var/log/nfdhcpd
     PIDFILE=/var/run/$NAME.pid
     test -x $DAEMON || exit 0
     . /lib/lsb/init-functions
     # Default options, these can be overriden by the information
     # at /etc/default/$NAME
     DAEMON_OPTS=""          # Additional options given to the server
     DIETIME=2              # Time to wait for the server to die, in seconds
                             # If this value is set too low you might not
                             # let some servers to die gracefully and
                             # 'restart' will not work
     STARTTIME=1             # Time to wait for the server to start, in seconds
                             # If this value is set each time the server is
                             # started (on start or restart) the script will
                             # stall to try to determine if it is running
                             # If it is not set and the server takes time
                             # to setup a pid file the log message might
                             # be a false positive (says it did not start
                             # when it actually did)
     LOGFILE=$LOGDIR/$NAME.log  # Server logfile
     #DAEMONUSER=nfdhcp   # Users to run the daemons as. If this value
                             # is set start-stop-daemon will chuid the server
     # Include defaults if available
     if [ -f /etc/default/$NAME ] ; then
     	. /etc/default/$NAME
     fi
     # Use this if you want the user to explicitly set 'RUN' in
     # /etc/default/
     if [ "x$RUN" != "xyes" ] ; then
         log_failure_msg "$NAME disabled, please adjust the configuration to your needs "
         log_failure_msg "and then set RUN to 'yes' in /etc/default/$NAME to enable it."
         exit 1
     fi
     # Check that the user exists (if we set a user)
     # Does the user exist?
     set -e
     running_pid() {
     # Check if a given process pid's cmdline matches a given name
         pid=$1
         name=$2
         [ -z "$pid" ] && return 1
         [ ! -d /proc/$pid ] &&  return 1
         cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
         # Is this the expected server
         [ "$cmd" != "$name" ] &&  return 1
         return 0
+    }
     running() {
     # Check if the process is running looking at /proc
     # (works for all users)
         # No pidfile, probably no daemon present
         [ ! -f "$PIDFILE" ] && return 1
         pid=`cat $PIDFILE`
         running_pid $pid python || return 1
         return 0
+    }
     start_server() {
     	start_daemon -p $PIDFILE $DAEMON $DAEMON_OPTS
     	errcode=$?
     	return $errcode
+    }
     stop_server() {
     	killproc -p $PIDFILE $DAEMON
     	rrcode=$?
     	return $errcode
+    }
     reload_server() {
         [ ! -f "$PIDFILE" ] && return 1
         pid=pidofproc $PIDFILE # This is the daemon's pid
         # Send a SIGHUP
         kill -1 $pid
         return $?
+    }
     force_stop() {
     # Force the process to die killing it manually
     	[ ! -e "$PIDFILE" ] && return
     	if running ; then
     		kill -15 $pid
     	# Is it really dead?
     		sleep "$DIETIME"s
     		if running ; then
     			kill -9 $pid
     			sleep "$DIETIME"s
     			if running ; then
     				echo "Cannot kill $NAME (pid=$pid)!"
     				exit 1
     			fi
     		fi
     	fi
     	rm -f $PIDFILE
+    }
     case "$1" in
       start)
     	log_daemon_msg "Starting $DESC " "$NAME"
             # Check if it's running first
             if running ;  then
                 log_progress_msg "apparently already running"
                 log_end_msg 0
                 exit 0
             fi
             if start_server ; then
                 # NOTE: Some servers might die some time after they start,
                 # this code will detect this issue if STARTTIME is set
                 # to a reasonable value
                 [ -n "$STARTTIME" ] && sleep $STARTTIME # Wait some time
                 if  running ;  then
                     # It's ok, the server started and is running
                     log_end_msg 0
                 else
                     # It is not running after we did start
                     log_end_msg 1
                 fi
             else
                 # Either we could not start it
                 log_end_msg 1
             fi
     	;;
       stop)
             log_daemon_msg "Stopping $DESC" "$NAME"
             if running ; then
                 # Only stop the server if we see it running
     			errcode=0
                 stop_server || errcode=$?
                 log_end_msg $errcode
             else
                 # If it's not running don't do anything
                 log_progress_msg "apparently not running"
                 log_end_msg 0
                 exit 0
             fi
             ;;
       force-stop)
             # First try to stop gracefully the program
             $0 stop
             if running; then
                 # If it's still running try to kill it more forcefully
                 log_daemon_msg "Stopping (force) $DESC" "$NAME"
     			errcode=0
                 force_stop || errcode=$?
                 log_end_msg $errcode
             fi
     	;;
       restart|force-reload)
             log_daemon_msg "Restarting $DESC" "$NAME"
     		errcode=0
             stop_server || errcode=$?
             # Wait some sensible amount, some server need this
             [ -n "$DIETIME" ] && sleep $DIETIME
             start_server || errcode=$?
             [ -n "$STARTTIME" ] && sleep $STARTTIME
             running || errcode=$?
             log_end_msg $errcode
     	;;
       status)
             log_daemon_msg "Checking status of $DESC" "$NAME"
             if running ;  then
                 log_progress_msg "running"
                 log_end_msg 0
             else
                 log_progress_msg "apparently not running"
                 log_end_msg 1
                 exit 1
             fi
             ;;
       reload)
             log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon"
             log_warning_msg "cannot re-read the config file (use restart)."
     	;;
       *)
     	N=/etc/init.d/$NAME
     	echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2
     	exit 1
     	;;
     esac
     exit 0

     #!/bin/bash
     source /etc/default/snf-network
     NETFILE=$SHAREDDIR/networks/$NETWORK
     rm $NETFILE

     # IP-less inteface, used to route public IPv4
     # for Synnefo VMs
     auto eth0.101
     iface eth0.101 inet manual
         ip-routing-table rt_public
         ip-routes 62.217.123.128/27
         ip-gateway 62.217.123.129
         ip-forwarding 1
         ip-proxy-arp 1
         arp-ip 62.217.123.158
     #auto eth0.100
     iface eth0.100 inet manual
       up ip link set eth0.100 up
     #auto br100
     iface br100 inet static
       # needed for being the rooter for the VMs
       address 192.168.100.1
       netmask 255.255.255.240
       bridge_ports eth0.100
       # needed by nfdhcpd to make DHCP responses
       up ip route add 192.168.100.0/28 dev br100 table rt_net100
       up ip route add default via 192.168.100.1 dev br100 table rt_net100
       # needed for the VMs to connect to the world
       up iptables -t nat -A POSTROUTING -s 192.168.100.0/28 \! -d 192.168.100.0/28 -j MASQUERADE
       down iptables -t nat -D POSTROUTING -s 192.168.100.0/28 \! -d 192.168.100.0/28 -j MASQUERADE
       bridge_stp off
       bridge_fd 2
     #auto br100:1
     iface br100:1 inet static
       # needed for being the rooter for the VMs
       address 192.168.101.1
       netmask 255.255.255.240
       up ip route add 192.168.101.0/28 dev br100 table rt_net101
       up ip route add default via 192.168.101.1 dev br100 table rt_net101
       # needed for the VMs to connect to the world
       up iptables -t nat -A POSTROUTING -s 192.168.101.0/28 \! -d 192.168.101.0/28 -j MASQUERADE
       down iptables -t nat -D POSTROUTING -s 192.168.101.0/28 \! -d 192.168.101.0/28 -j MASQUERADE

     function routed_setup_ipv4 {
     	# get the link's default gateway
     	gw=$(ip route list table $TABLE | sed -n 's/default via \([^ ]\+\).*/\1/p' | head -1)
     	gw=$GATEWAY
     	# mangle ARPs to come from the gw's IP
     	arptables -A OUTPUT -o $INTERFACE --opcode request -j mangle --mangle-ip-s "$gw"
-...
     function routed_setup_ipv6 {
     	# Add a routing entry for the eui-64
     	prefix=$(ip -6 route list table $TABLE | awk '/\/64/ {print $1; exit}')
     	uplink=$(ip -6 route list table $TABLE | sed -n 's/default via .* dev \([^ ]\+\).*/\1/p' | head -1)
     	prefix=$SUBNET6
     	uplink=$GATEWAY6
     	eui64=$($MAC2EUI64 $MAC $prefix)
     	while ip -6 rule del dev $INTERFACE; do :; done
-...
     function setup_nfdhcpd {
     	umask 022
     	cat >$NFDHCPD_STATE_DIR/$INTERFACE <<EOF
       FILE=$NFDHCPD_STATE_DIR/$INTERFACE
     	cat >$FILE <<EOF
     IFACE=$1
     IP=$IP
     MAC=$MAC
-...
     HOSTNAME=$INSTANCE
     TAGS="$TAGS"
     EOF
     if [ -n $GATEWAY ]; then
      echo GATEWAY=$GATEWAY >> $FILE
     fi
     if [ -n $SUBNET ]; then
      echo SUBNET=$SUBNET >> $FILE
     fi
     if [ -n $GATEWAY6 ]; then
      echo GATEWAY6=$GATEWAY6 >> $FILE
     fi
     if [ -n $SUBNET6 ]; then
      echo SUBNET6=$SUBNET6 >> $FILE
     fi
+    }
     function clear_ebtables {
-...
       fi
+    }
     #FIXME: import router mac from the config files
     #       must know node group!! how???
     ROUTER_MAC=e4:11:5b:b2:8d:ca
     MAC_MASK=ff:ff:ff:0:0:0
     TABLE=rt_$NETWORK
-...
     	iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP
     	routed_setup_ipv4
     #	routed_setup_ipv6
     #	routed_setup_firewall
     	routed_setup_ipv6
     	routed_setup_firewall
     	setup_nfdhcpd $INTERFACE
       clear_ebtables >/dev/null 2>&1
     elif [ "$MODE" = "bridged" ]; then

     #!/bin/bash
     DIR=/var/lib/snf-network
     NEW_GATEWAY=$1
     NEW_TYPE=$2
     NETWORK=$3
     RT_TABLES=/etc/iproute2/rt_tables
     if [ $# -ne 3 ]; then
       echo "$0 <gateway> <private/public> <name>"
       exit 1
     fi
     source /etc/default/snf-network
     NETWORK_FILE=$DIR/networks/$NETWORK
     source $NETWORK_FILE
     OLD_GATEWAY=$GATEWAY
     OLD_TYPE=$TYPE
     INTERFACES=$(ls $DIR/interfaces/$NETWORK-*)
     for IFACES in $INTERFACES ; do
       NODEGROUP=$(echo $IFACES | sed 's/.*interfaces.*-//')
       source $DIR/nodegroups/$NODEGROUP
       read x VLAN MODE BRIDGE < $INTERFACES
       if [ $MODE == "routed" ]; then
         if [ $TYPE == "public" ]; then
           ip route replace default via $GATEWAY dev $VLAN table rt_$NETWORK
         fi
       fi
       if [ $MODE == "bridged" ]; then
         if [ ! -z $GATEWAY ]; then
           ip route replace default via $GATEWAY dev $BRIDGE table rt_$NETWORK
           if [ $TYPE == "private" ]; then
             if [ ! -z $ROUTER ]; then
               if [ $(hostname) == $ROUTER ]; then
                 NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}')
                 ip addr del $GATEWAY/$NETMASK dev $BRIDGE
                 ip addr add $NEW_GATEWAY/$NETMASK dev $BRIDGE
               fi
             fi
           fi
         fi
       fi
       if [ ! -z $NEW_GATEWAY ]; then
         sed -i '/^GATEWAY/ s/=.*/='"$NEW_GATEWAY"'/' $NETWORK_FILE
       fi
       if [ ! -z $NEW_TYPE ]; then
         sed -i '/^TYPE/ s/=.*/='"$NEW_TYPE"'/' $NETWORK_FILE
       fi
     done

+        }
     def parse_routing_table(table="main", family=4):
         """ Parse the given routing table to get connected route, gateway and
         default device.
         """
         ipro = subprocess.Popen(["ip", "-%d" % family, "ro", "ls",
                                  "table", table], stdout=subprocess.PIPE)
         routes = ipro.stdout.readlines()
         def_gw = None
         def_dev = None
         def_net = None
         for route in routes:
             # Find the least-specific connected route
             m = re.match("^([\S]+/[\S]+) dev ([\S]+)", route)
             if not m:
                 continue
             if family == 6 and m.group(1).startswith("fe80:"):
                 # Skip link-local declarations in "main" table
                 continue
             def_net, def_dev = m.groups()
             try:
                 def_net = IPy.IP(def_net)
             except ValueError, e:
                 logging.warn("Unable to parse default route entry %s: %s",
                              def_net, str(e))
         for route in routes:
             match = re.match(r'^default.*via ([\S]+).*dev ([\S]+)', route)
             if match:
                 def_gw, def_dev = match.groups()
                 break
         return Subnet(net=def_net, gw=def_gw, dev=def_dev)
     def parse_binding_file(path):
         """ Read a client configuration from a tap file
-...
         ips = None
         link = None
         hostname = None
         subnet = None
         gateway = None
         subnet6 = None
         gateway6 = None
         for line in iffile:
             if line.startswith("IP="):
-...
                 hostname = line.strip().split("=")[1]
             elif line.startswith("IFACE="):
                 iface = line.strip().split("=")[1]
         return Client(ifname=ifname, mac=mac, ips=ips, link=link, hostname=hostname, iface=iface)
             elif line.startswith("SUBNET="):
                 subnet = line.strip().split("=")[1]
             elif line.startswith("GATEWAY="):
                 gateway = line.strip().split("=")[1]
             elif line.startswith("SUBNET6="):
                 subnet6 = line.strip().split("=")[1]
             elif line.startswith("GATEWAY6="):
                 gatewa6 = line.strip().split("=")[1]
         return Client(ifname=ifname, mac=mac, ips=ips, link=link,
                       hostname=hostname,iface=iface, subnet=subnet,
                       gateway=gateway, subnet6=subnet6, gateway6=gateway6 )
     class ClientFileHandler(pyinotify.ProcessEvent):
         def __init__(self, server):
-...
     class Client(object):
         def __init__(self, ifname=None, mac=None, ips=None, link=None, hostname=None, iface=None):
         def __init__(self, ifname=None, mac=None, ips=None, link=None,
                      hostname=None, iface=None, subnet=None, gateway=None,
                      subnet6=None, gateway6=None ):
             self.mac = mac
             self.ips = ips
             self.hostname = hostname
             self.link = link
             self.iface = iface
             self.ifname = ifname
             self.subnet = subnet
             self.gateway = gateway
             self.net = Subnet(net=subnet, gw=gateway, dev=ifname)
             self.subnet6 = subnet6
             self.gateway6 = gateway6
             self.net6 = Subnet(net=subnet6, gw=gateway6, dev=ifname)
         @property
         def ip(self):
-...
             self.ipv6_enabled = False
             self.clients = {}
             self.subnets = {}
             #self.subnets = {}
             self.ifaces = {}
             self.v6nets = {}
             #self.v6nets = {}
             self.nfq = {}
             self.l2socket = socket.socket(socket.AF_PACKET,
                                           socket.SOCK_RAW, ETH_P_ALL)
-...
         def build_config(self):
             self.clients.clear()
             self.subnets.clear()
             for path in glob.glob(os.path.join(self.data_path, "*")):
                 self.add_iface(path)
-...
             else:
                 if binding.is_valid():
                     self.clients[binding.mac] = binding
                     self.subnets[binding.link] = parse_routing_table(binding.link)
                     logging.debug("Added client %s on %s", binding.hostname, iface)
                     self.ifaces[ifindex] = binding.iface
                     self.v6nets[iface] = parse_routing_table(binding.link, 6)
         def remove_iface(self, ifname):
             """ Cleanup clients on a removed interface
             """
             if ifname in self.v6nets:
                 del self.v6nets[ifname]
             for mac in self.clients.keys():
                 if self.clients[mac].ifname == ifname:
                     iface = self.client[mac].iface
-...
             resp = Ether(dst=mac, src=self.get_iface_hw_addr(iface))/\
                    IP(src=DHCP_DUMMY_SERVER_IP, dst=binding.ip)/\
                    UDP(sport=pkt.dport, dport=pkt.sport)/resp
             subnet = self.subnets[binding.link]
             subnet = binding.net
             if not DHCP in pkt:
                 logging.warn("Invalid request from %s on %s, no DHCP"
-...
                 return
             ifmac = self.get_iface_hw_addr(iface)
             subnet = self.v6nets[iface]
             binding = self.clients[ifmac]
             subnet = binding.net6
             ifll = subnet.make_ll64(ifmac)
             # Signal the kernel that it shouldn't further process the packet
-...
                 return
             ifmac = self.get_iface_hw_addr(iface)
             subnet = self.v6nets[iface]
             binding = self.clients[ifmac]
             subnet = binding.net6
             ifll = subnet.make_ll64(ifmac)
             ns = IPv6(payload.get_data())
-...
                 if not ifmac:
                     continue
                 subnet = self.v6nets[iface]
                 binding = self.clients[ifmac]
                 subnet = binding.net6
                 if subnet.net is None:
                     logging.debug("Skipping periodic RA on interface %s,"
                                   " as it is not IPv6-connected", iface)

     ## nfdhcpd sample configuration file
     ## General options
     [general]
     pidfile = /var/run/nfdhcpd.pid
     pidfile = /var/run/nfdhcpd/nfdhcpd.pid
     datapath = /var/lib/nfdhcpd # Where the client configuration will be read from
     logdir = /var/log/nfdhcpd   # Where to write our logs
     user = nobody # An unprivileged user to run as
-...
     server_ip = 192.0.2.1
     dhcp_queue = 42 # NFQUEUE number to listen on for DHCP requests
     # IPv4 nameservers to include in DHCP responses
     nameservers = 192.0.2.2, 192.0.2.3
     nameservers = 194.177.210.210, 194.177.210.10
     ## IPv6-related functionality
     [ipv6]

     #!/bin/bash
     DIR=/var/lib/snf-network
     NAME=$1
     RT_TABLES=/etc/iproute2/rt_tables
     if [ $# -ne 1 ]; then
       echo "$0 <name>"
       exit 1
     fi
     # remove old entry
     sed -i '/rt_'"$NAME"'$/ d' $RT_TABLES
     rm $DIR/networks/$NAME

     #!/bin/bash
     function get_value {
       eval def=\$$1
       read -p "$1? [$def] " x
       if [ -n "$x" ]; then eval $1="$x"; fi
+    }
     DEFAULT=/etc/default/snf-network
     CONF=/etc/snf-network/snf-network.conf
     source $CONF
     source $DEFAULT
     if [ ! -e $SHAREDDIR ]; then
       mkdir $SHAREDDIR
       mkdir $SHAREDDIR/networks
       mkdir $SHAREDDIR/infra
       mkdir $SHAREDDIR/interfaces
       mkdir $SHAREDDIR/mappings
     fi
     #if [ -z "$(grep nfdhcpd.ferm /etc/ferm/ferm.conf)" ]; then
     #  echo @include 'nfdhcpd.ferm'; >> /etc/ferm/ferm.conf
     #  /etc/init.d/ferm restart
     #fi
     cd  $SHAREDDIR/infra/
     for nodegroup in $NODEGROUPS; do
       source $DEFAULT
       echo Group: $nodegroup
       get_value ROUTER
       get_value ROUTER_MAC
       get_value MAC_MASK
       get_value PUBLIC_INTERFACE
       get_value PUBLIC_BRIDGE
       get_value PUBLIC_VLAN
       get_value PRIVATE_VLAN
       get_value PRIVATE_BRIDGE
       get_value MASQ_VLAN
       get_value MASQ_BRIDGE
       cat > $nodegroup <<EOF
     ROUTER=$ROUTER
     ROUTER_MAC=$ROUTER_MAC
     MAC_MASK=$MAC_MASK
     PUBLIC_INTERFACE=$PUBLIC_INTERFACE
     PUBLIC_BRIDGE=$PUBLIC_BRIDGE
     PUBLIC_VLAN=$PUBLIC_VLAN
     PRIVATE_VLAN=$PRIVATE_VLAN
     PRIVATE_BRIDGE=$PRIVATE_BRIDGE
     MASQ_VLAN=$MASQ_VLAN
     MASQ_BRIDGE=$MASQ_BRIDGE
     EOF
     done
     for node in $NODES; do
       echo Node: $node
       NODEGROUP=default
       get_value NODEGROUP
       ln -s $NODEGROUP $node
     done

b/snf-network.conf
	1	NODEGROUPS="default"
	2
	3	NODES="dev88 dev89"

     #!/bin/sh
+    #
     add_vlan() {
     	if [ -n "`echo -n "$1" | tr -d '[0-9]'`" ]; then
     		echo "Invalid vlan tag $1"
     		exit 1
     	fi
     	vlan=$1
     	ifce=$2
     	if [ -d "/sys/class/net/vlan${vlan}/bridge" ]; then
     		echo "Vlan $vlan already configured"
     		exit 0
     	fi
     	if ( grep -q "iface vlan${vlan}$" /etc/network/interfaces ); then
     		echo "Vlan $vlan configured but down, bringing up"
     	else
     		echo "Adding vlan $vlan to /etc/network/interfaces"
     		cat >>/etc/network/interfaces <<EOF
     auto vlan${vlan}
     iface vlan${vlan} inet manual
     	bridge_ports	${ifce}.${vlan}
     	bridge_stp	off
     	bridge_maxwait	0
     	bridge_fd	0
     EOF
     	fi
     	/sbin/ifup "vlan${vlan}" >/dev/null 2>&1
     	exit 0
+    }
     list_vlans() {
     	for iface in /sys/class/net/vlan*; do
     		if [ -d "$iface/bridge" ]; then
     			vlan=`basename "$iface"`
     			( grep -q "iface $vlan$" /etc/network/interfaces )
     			if [ $? == 0 ]; then
     				echo "${vlan##vlan}"
     			else
     				echo "${vlan##vlan} (unconfigured)"
     			fi
     		fi
     	done
+    }
     case "$1" in
     	add)
     	if [ x"$3" != x"" ]; then
     		ifce=$3
     	else
     		ifce="bond0"
     	fi
     	add_vlan "$2" "$ifce"
     	;;
     	remove)
     	remove_vlan "$2"
     	;;
     	list)
     	list_vlans
     	;;
     	*)
     	echo "Usage: vlan (add number [ifce="bond0"]|remove number|list)"
     	;;
     esac;

Synnefo » snf-network

Revision ed7f0f2a