mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
242 lines
8.4 KiB
Bash
Executable File
242 lines
8.4 KiB
Bash
Executable File
#!/bin/sh
|
|
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
# prepare dnsmasq on external dhcp server
|
|
# Usage:
|
|
# sh prepare_dnsmasq gateway dns self_ip
|
|
|
|
gateway=$1
|
|
dns=$2
|
|
self_ip=$3
|
|
|
|
exit_with_error() {
|
|
echo $1
|
|
exit 1
|
|
}
|
|
|
|
config_dnsmasq() {
|
|
echo "$*" >> /etc/dnsmasq.conf
|
|
[ $? -ne 0 ] && exit_with_error "echo $* failed"
|
|
}
|
|
|
|
[ $# -ne 3 ] && exit_with_error "Usage: prepare_dnsmasq gateway dns self_ip"
|
|
|
|
[ -f /etc/dnsmasq.conf ] || exit_with_error "Can not found /etc/dnsmasq.conf"
|
|
|
|
touch /var/log/dnsmasq.log
|
|
[ $? -ne 0 ] && exit_with_error "touch /var/log/dnsmasq.log failed"
|
|
touch /etc/dnsmasq-resolv.conf
|
|
[ $? -ne 0 ] && exit_with_error "touch /etc/dnsmasq-resolv.conf failed"
|
|
echo "nameserver $dns">/etc/dnsmasq-resolv.conf
|
|
[ $? -ne 0 ] && exit_with_error "echo \"nameserver $dns\">/etc/dnsmasq-resolv.conf failed"
|
|
touch /var/lib/dnsmasq.trace
|
|
[ $? -ne 0 ] && exit_with_error "touch /var/lib/dnsmasq.trace failed"
|
|
|
|
|
|
#produce echoer.sh
|
|
cat > /usr/bin/echoer.sh<<'EOF'
|
|
#!/bin/sh
|
|
|
|
sed -i /"$*"/d /var/lib/dnsmasq.trace
|
|
echo "$*" >> /var/lib/dnsmasq.trace
|
|
EOF
|
|
[ $? -ne 0 ] && exit_with_error "can't produce /usr/bin/echoer.sh"
|
|
|
|
#produce lease_checker.sh
|
|
cat > /usr/bin/lease_checker.sh<<'EOF'
|
|
#!/bin/sh
|
|
# Usage: lease_checker dhcp_entry_state(add/old/del) mac ip
|
|
state=$1
|
|
mac=$2
|
|
ip=$3
|
|
|
|
exit_with_error() {
|
|
echo $1
|
|
exit $2
|
|
}
|
|
|
|
[ $# -ne 3 ] && exit_with_error "Wrong arguments.Usage: lease_checker dhcp_entry_state(add/old/del) mac ip" -3
|
|
|
|
[ -f /var/lib/dnsmasq.trace ] || exit_with_error "Cannot find /var/lib/dnsmasq" -1
|
|
pidof dnsmasq &>/dev/null
|
|
[ $? -ne 0 ] && exit_with_error "Dnsmasq is not running" -2
|
|
|
|
grep "$state $mac $ip" /var/lib/dnsmasq.trace
|
|
if [ $? -ne 0 ]; then
|
|
exit $?
|
|
else
|
|
sed -i /"$state $mac $ip"/d /var/lib/dnsmasq.trace
|
|
exit 0
|
|
fi
|
|
|
|
EOF
|
|
|
|
chmod +x /usr/bin/echoer.sh
|
|
[ $? -ne 0 ] && exit_with_error "chmod +x /usr/bin/echoer.sh failed"
|
|
|
|
# Configure dnsmasq with comments
|
|
echo "# This is produced by CloudStack" > /etc/dnsmasq.conf
|
|
config_dnsmasq "# Never forward plain names (without a dot or domain part)"
|
|
config_dnsmasq domain-needed
|
|
config_dnsmasq "# Never forward addresses in the non-routed address spaces."
|
|
config_dnsmasq bogus-priv
|
|
config_dnsmasq "
|
|
# Change this line if you want dns to get its upstream servers from
|
|
# somewhere other that /etc/resolv.conf"
|
|
config_dnsmasq resolv-file=/etc/dnsmasq-resolv.conf
|
|
config_dnsmasq "
|
|
# Add local-only domains here, queries in these domains are answered
|
|
# from /etc/hosts or DHCP only."
|
|
config_dnsmasq local=/cloudnine.internal/
|
|
config_dnsmasq "
|
|
# On systems which support it, dnsmasq binds the wildcard address,
|
|
# even when it is listening on only some interfaces. It then discards
|
|
# requests that it shouldn't reply to. This has the advantage of
|
|
# working even when interfaces come and go and change address. If you
|
|
# want dnsmasq to really bind only the interfaces it is listening on,
|
|
# uncomment this option. About the only time you may need this is when
|
|
# running another nameserver on the same machine."
|
|
config_dnsmasq bind-interfaces
|
|
config_dnsmasq "
|
|
# Set this (and domain: see below) if you want to have a domain
|
|
# automatically added to simple names in a hosts-file."
|
|
config_dnsmasq expand-hosts
|
|
config_dnsmasq "
|
|
# does the following things.
|
|
# 1) Allows DHCP hosts to have fully qualified domain names, as long
|
|
# as the domain part matches this setting.
|
|
# 2) Sets the \"domain\" DHCP option thereby potentially setting the
|
|
# domain of all systems configured by DHCP
|
|
# 3) Provides the domain part for \"expand-hosts\"
|
|
"
|
|
config_dnsmasq domain=cloudnine.internal
|
|
config_dnsmasq "
|
|
# Send options to hosts which ask for a DHCP lease.
|
|
# See RFC 2132 for details of available options.
|
|
# Common options can be given to dnsmasq by name:
|
|
# run \"dnsmasq --help dhcp\" to get a list.
|
|
# Note that all the common settings, such as netmask and
|
|
# broadcast address, DNS server and default route, are given
|
|
# sane defaults by dnsmasq. You very likely will not need
|
|
# any dhcp-options. If you use Windows clients and Samba, there
|
|
# are some options which are recommended, they are detailed at the
|
|
# end of this section.
|
|
|
|
# Override the default route supplied by dnsmasq, which assumes the
|
|
# router is the same machine as the one running dnsmasq."
|
|
config_dnsmasq dhcp-option=option:router,$gateway
|
|
config_dnsmasq "
|
|
# Uncomment this to enable the integrated DHCP server, you need
|
|
# to supply the range of addresses available for lease and optionally
|
|
# a lease time. If you have more than one network, you will need to
|
|
# repeat this for each network on which you want to supply DHCP
|
|
# service."
|
|
config_dnsmasq dhcp-range=$self_ip,static
|
|
config_dnsmasq dhcp-hostsfile=/etc/dhcphosts.txt
|
|
config_dnsmasq "# Set the domain"
|
|
config_dnsmasq dhcp-option=15,"cloudnine.internal"
|
|
config_dnsmasq "
|
|
# Send microsoft-specific option to tell windows to release the DHCP lease
|
|
# when it shuts down. Note the \"i\" flag, to tell dnsmasq to send the
|
|
# value as a four-byte integer - that's what microsoft wants. See
|
|
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true"
|
|
config_dnsmasq dhcp-option=vendor:MSFT,2,1i
|
|
config_dnsmasq "
|
|
# The DHCP server needs somewhere on disk to keep its lease database.
|
|
# This defaults to a sane location, but if you want to change it, use
|
|
# the line below.
|
|
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases"
|
|
config_dnsmasq leasefile-ro
|
|
config_dnsmasq "
|
|
# For debugging purposes, log each DNS query as it passes through
|
|
# dnsmasq."
|
|
config_dnsmasq log-queries
|
|
config_dnsmasq log-facility=/var/log/dnsmasq.log
|
|
config_dnsmasq "
|
|
# Run an executable when a DHCP lease is created or destroyed.
|
|
# The arguments sent to the script are \"add\" or \"del\",
|
|
# then the MAC address, the IP address and finally the hostname
|
|
# if there is one."
|
|
config_dnsmasq dhcp-script=/usr/bin/echoer.sh
|
|
config_dnsmasq dhcp-scriptuser=root
|
|
config_dnsmasq dhcp-authoritative
|
|
config_dnsmasq "
|
|
# Ignore any bootp and pxe boot request
|
|
"
|
|
config_dnsmasq dhcp-ignore=bootp
|
|
config_dnsmasq dhcp-vendorclass=pxestuff,PXEClient
|
|
config_dnsmasq dhcp-ignore=pxestuff
|
|
|
|
[ -f /usr/sbin/setenforce ] && /usr/sbin/setenforce 0
|
|
[ $? -ne 0 ] && exit_with_error "Can not set seLinux to passive mode"
|
|
|
|
# Open DHCP ports in iptable
|
|
chkconfig --list iptables | grep "on"
|
|
if [ $? -eq 0 ]; then
|
|
iptables-save | grep 'A INPUT -p udp -m udp --dport 67 -j ACCEPT' >/dev/null
|
|
if [ $? -ne 0 ]; then
|
|
iptables -I INPUT 1 -p udp --dport 67 -j ACCEPT
|
|
if [ $? -ne 0 ]; then
|
|
exit_with_error "iptables -I INPUT 1 -p udp --dport 67 -j ACCEPT failed"
|
|
fi
|
|
echo "iptables:Open udp port 67 for DHCP"
|
|
fi
|
|
|
|
iptables-save | grep 'A INPUT -p tcp -m tcp --dport 67 -j ACCEPT' >/dev/null
|
|
if [ $? -ne 0 ]; then
|
|
iptables -I INPUT 1 -p tcp --dport 67 -j ACCEPT
|
|
if [ $? -ne 0 ]; then
|
|
exit_with_error "iptables -I INPUT 1 -p tcp --dport 67 -j ACCEPT failed"
|
|
fi
|
|
echo "iptables:Open tcp port 67 for DHCP"
|
|
fi
|
|
|
|
iptables-save | grep 'A INPUT -p udp -m udp --dport 53 -j ACCEPT' >/dev/null
|
|
if [ $? -ne 0 ]; then
|
|
iptables -I INPUT 1 -p udp --dport 53 -j ACCEPT
|
|
if [ $? -ne 0 ]; then
|
|
exit_with_error "iptables -I INPUT 1 -p udp --dport 53 -j ACCEPT failed"
|
|
fi
|
|
echo "iptables:Open udp port 53 for DHCP"
|
|
fi
|
|
|
|
iptables-save | grep 'A INPUT -p tcp -m tcp --dport 53 -j ACCEPT' >/dev/null
|
|
if [ $? -ne 0 ]; then
|
|
iptables -I INPUT 1 -p tcp --dport 53 -j ACCEPT
|
|
if [ $? -ne 0 ]; then
|
|
exit_with_error "iptables -I INPUT 1 -p tcp --dport 53 -j ACCEPT failed"
|
|
fi
|
|
echo "iptables:Open tcp port 53 for DHCP"
|
|
fi
|
|
|
|
service iptables save
|
|
if [ $? -ne 0 ]; then
|
|
exit_with_error "service iptables save failed"
|
|
fi
|
|
fi
|
|
|
|
# Set up upstream DNS
|
|
[ -f /etc/dnsmasq-resolv.conf ] || echo nameserver $dns > /etc/dnsmasq-resolv.conf
|
|
[ $? -ne 0 ] && exit_with_error "cannot create /etc/dnsmasq-resolv.conf"
|
|
|
|
service dnsmasq restart
|
|
[ $? -ne 0 ] && exit_with_error "service dnsmasq restart failed"
|
|
|
|
exit 0
|