apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
cloudstack/patches/systemvm/debian/config/etc/init.d/cloud-early-config

1186 lines
34 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
### BEGIN INIT INFO
# Provides: cloud-early-config
# Required-Start: mountkernfs $local_fs
# Required-Stop: $local_fs
# Should-Start:
# Should-Stop:
# Default-Start: S
# Default-Stop: 0 6
# Short-Description: configure according to cmdline
### END INIT INFO
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
#set -x
#exec 3>&0 4>&1 > /var/log/test.log 2>&1
# Fix haproxy directory issue
mkdir -p /var/lib/haproxy
[ -x /sbin/ifup ] || exit 0
. /lib/lsb/init-functions
log_it() {
echo "$(date) $@" >> /var/log/cloud.log
log_action_begin_msg "$@"
}
init_interfaces_orderby_macs() {
macs=( $(echo $1 | sed "s/|/ /g") )
total_nics=${#macs[@]}
interface_file=${2:-"/etc/network/interfaces"}
rule_file=${3:-"/etc/udev/rules.d/70-persistent-net.rules"}
echo -n "auto lo" > $interface_file
for((i=0; i<total_nics; i++))
do
if [[ $i < 3 ]]
then
echo -n " eth$i" >> $interface_file
fi
done
cat >> $interface_file << EOF
iface lo inet loopback
EOF
echo "" > $rule_file
for((i=0; i < ${#macs[@]}; i++))
do
echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file
done
}
init_interfaces() {
if [ "$NIC_MACS" == "" ]
then
cat > /etc/network/interfaces << EOF
auto lo $1 $2 $3
iface lo inet loopback
EOF
else
init_interfaces_orderby_macs "$NIC_MACS"
fi
}
hypervisor() {
[ -d /proc/xen ] && mount -t xenfs none /proc/xen
local try=$([ -x /usr/sbin/virt-what ] && virt-what | tail -1)
[ "$try" != "" ] && echo $try && return 0
vmware-checkvm &> /dev/null && echo "vmware" && return 0
[ -d /proc/xen ] && echo "xen-domU" && return 0
grep -q QEMU /proc/cpuinfo && echo "kvm" && return 0
grep -q QEMU /var/log/messages && echo "kvm" && return 0
echo "unknown" && return 1
}
get_boot_params() {
local EXTRA_MOUNT=/media/extra
local hyp=$(hypervisor)
[ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10
case $hyp in
xen-domU|xen-hvm)
cat /proc/cmdline > /var/cache/cloud/cmdline
sed -i "s/%/ /g" /var/cache/cloud/cmdline
;;
kvm)
while read line; do
if [[ $line == cmdline:* ]]; then
cmd=${line//cmdline:/}
echo $cmd > /var/cache/cloud/cmdline
elif [[ $line == pubkey:* ]]; then
pubkey=${line//pubkey:/}
echo $pubkey > /var/cache/cloud/authorized_keys
echo $pubkey > /root/.ssh/authorized_keys
fi
done < /dev/vport0p1
chmod go-rwx /root/.ssh/authorized_keys
;;
vmware)
vmtoolsd --cmd 'machine.id.get' > /var/cache/cloud/cmdline
;;
virtualpc)
# Hyper-V is recognized as virtualpc hypervisor type. Boot args are passed in the NTFS data-disk
mkdir -p $EXTRA_MOUNT
mount -t ntfs /dev/sdb1 $EXTRA_MOUNT
cp -f $EXTRA_MOUNT/cmdline /var/cache/cloud/cmdline
umount $EXTRA_MOUNT
;;
esac
}
patch() {
local PATCH_MOUNT=/media/cdrom
local patchfile=$PATCH_MOUNT/cloud-scripts.tgz
local md5file=/var/cache/cloud/cloud-scripts-signature
local privkey=$PATCH_MOUNT/authorized_keys
local shouldpatch=false
local cdrom_dev=
mkdir -p $PATCH_MOUNT
if [ -e /dev/xvdd ]; then
cdrom_dev=/dev/xvdd
elif [ -e /dev/cdrom ]; then
cdrom_dev=/dev/cdrom
elif [ -e /dev/cdrom1 ]; then
cdrom_dev=/dev/cdrom1
fi
[ -f /var/cache/cloud/authorized_keys ] && privkey=/var/cache/cloud/authorized_keys
if [ -n "$cdrom_dev" ]; then
mount -o ro $cdrom_dev $PATCH_MOUNT
[ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys
local oldmd5=
[ -f ${md5file} ] && oldmd5=$(cat ${md5file})
local newmd5=
[ -f ${patchfile} ] && newmd5=$(md5sum ${patchfile} | awk '{print $1}')
if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ]
then
shouldpatch=true
log_it "Patching scripts oldmd5=$oldmd5 newmd5=$newmd5"
tar xzf $patchfile -C /
echo ${newmd5} > ${md5file}
fi
log_it "Patching cloud service"
hyperVisor=$(hypervisor)
/opt/cloud/bin/patchsystemvm.sh $PATCH_MOUNT $hyperVisor
umount $PATCH_MOUNT
if [ "$shouldpatch" == "true" ]
then
log_it "Rebooting system since we patched init scripts"
sync
sleep 2
reboot
fi
fi
if [ -f /mnt/cmdline ]; then
cat /mnt/cmdline > /var/cache/cloud/cmdline
fi
return 0
}
setup_interface() {
local intfnum=$1
local ip=$2
local mask=$3
local gw=$4
local force=$5
local intf=eth${intfnum}
local bootproto="static"
if [ "$BOOTPROTO" == "dhcp" ]
then
if [ "$intfnum" != "0" ]
then
bootproto="dhcp"
fi
fi
if [ "$ip" != "0.0.0.0" -a "$ip" != "" -o "$force" == "force" ]
then
echo "iface $intf inet $bootproto" >> /etc/network/interfaces
if [ "$bootproto" == "static" ]
then
echo " address $ip " >> /etc/network/interfaces
echo " netmask $mask" >> /etc/network/interfaces
fi
fi
if [ "$ip" == "0.0.0.0" -o "$ip" == "" ]
then
ifconfig $intf down
fi
if [ "$force" == "force" ]
then
ifdown $intf
else
ifdown $intf
if [ "$RROUTER" != "1" -o "$1" != "2" ]
then
ifup $intf
timer=0
log_it "checking that $intf has IP "
while true
do
ip=$(ifconfig $intf | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}')
if [ -z $ip ]
then
sleep 1;
#waiting for the interface to setup with ip
log_it "waiting for $intf interface setup with ip timer=$timer"
else
break
fi
if [ $timer -gt 15 ]
then
log_it "interface $intf is not set up with ip... exiting";
break
fi
timer=`expr $timer + 1`
done
fi
fi
}
setup_interface_ipv6() {
sysctl net.ipv6.conf.all.disable_ipv6=0
sysctl net.ipv6.conf.all.accept_ra=1
local intfnum=$1
local ipv6="$2"
local prelen="$3"
local intf=eth${intfnum}
echo "iface $intf inet6 static" >> /etc/network/interfaces
echo " address $ipv6 " >> /etc/network/interfaces
echo " netmask $prelen" >> /etc/network/interfaces
echo " accept_ra 1" >> /etc/network/interfaces
ifdown $intf
ifup $intf
}
enable_fwding() {
local enabled=$1
log_it "cloud: enable_fwding = $1"
log_it "enable_fwding = $1"
echo "$1" > /proc/sys/net/ipv4/ip_forward
[ -f /etc/iptables/iptables.conf ] && sed -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return
}
disable_rpfilter() {
log_it "cloud: disable rp_filter"
log_it "disable rpfilter"
sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf
}
get_public_vif_list() {
local vif_list=""
for i in /sys/class/net/eth*; do
vif=$(basename $i);
if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
then
vif_list="$vif_list $vif";
fi
done
echo $vif_list
}
disable_rpfilter_domR() {
log_it "cloud: Tuning rp_filter on public interfaces"
VIF_LIST=$(get_public_vif_list)
log_it "rpfilter public interfaces : $VIF_LIST"
if [ "$DISABLE_RP_FILTER" == "true" ]
then
log_it "cloud: disable rp_filter on public interfaces"
sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf
echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter
for vif in $VIF_LIST; do
log_it "cloud: disable rp_filter on public interface: $vif"
sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf
echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter
done
else
log_it "cloud: enable rp_filter on public interfaces"
sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf
echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter
for vif in $VIF_LIST; do
log_it "cloud: enable rp_filter on public interface: $vif"
sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf
echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter
done
fi
log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1,lo)"
echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter
}
enable_svc() {
local svc=$1
local enabled=$2
log_it "Enable service ${svc} = $enabled"
local cfg=/etc/default/${svc}
[ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return
}
disable_hvc() {
[ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q
[ -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q
}
setup_common() {
init_interfaces $1 $2 $3
if [ -n "$ETH0_IP" ]
then
setup_interface "0" $ETH0_IP $ETH0_MASK $GW
fi
if [ -n "$ETH0_IP6" ]
then
setup_interface_ipv6 "0" $ETH0_IP6 $ETH0_IP6_PRELEN
fi
setup_interface "1" $ETH1_IP $ETH1_MASK $GW
if [ -n "$ETH2_IP" ]
then
setup_interface "2" $ETH2_IP $ETH2_MASK $GW
fi
echo $NAME > /etc/hostname
echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
hostname $NAME
#Nameserver
sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
if [ -n "$internalNS1" ]
then
echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
echo "nameserver $internalNS1" > /etc/resolv.conf
fi
if [ -n "$internalNS2" ]
then
echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
echo "nameserver $internalNS2" >> /etc/resolv.conf
fi
if [ -n "$NS1" ]
then
echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
echo "nameserver $NS1" >> /etc/resolv.conf
fi
if [ -n "$NS2" ]
then
echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
echo "nameserver $NS2" >> /etc/resolv.conf
fi
if [ -n "$IP6_NS1" ]
then
echo "nameserver $IP6_NS1" >> /etc/dnsmasq-resolv.conf
echo "nameserver $IP6_NS1" >> /etc/resolv.conf
fi
if [ -n "$IP6_NS2" ]
then
echo "nameserver $IP6_NS2" >> /etc/dnsmasq-resolv.conf
echo "nameserver $IP6_NS2" >> /etc/resolv.conf
fi
if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
then
ip route add $MGMTNET via $LOCAL_GW dev eth1
fi
ip route delete default
if [ "$RROUTER" != "1" ]
then
gwdev=$3
if [ -z "$gwdev" ]
then
gwdev="eth0"
fi
ip route add default via $GW dev $gwdev
fi
# a hacking way to activate vSwitch under VMware
ping -n -c 3 $GW &
sleep 3
pkill ping
if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
then
ping -n -c 3 $LOCAL_GW &
sleep 3
pkill ping
#This code is added to address ARP issue by pinging MGMT_GW
MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}')
ping -n -c 3 $MGMT_GW &
sleep 3
pkill ping
fi
local hyp=$(hypervisor)
if [ "$hyp" == "vmware" ]; then
ntpq -p &> /dev/null || vmware-toolbox-cmd timesync enable
fi
}
setup_dnsmasq() {
log_it "Setting up dnsmasq"
[ -z $DHCP_RANGE ] && [ $ETH0_IP ] && DHCP_RANGE=$ETH0_IP
[ $ETH0_IP6 ] && DHCP_RANGE_IP6=$ETH0_IP6
[ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
#get the template
cp /etc/dnsmasq.conf.tmpl /etc/dnsmasq.conf
if [ -n "$DOMAIN" ]
then
#send domain name to dhcp clients
sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf
#DNS server will append $DOMAIN to local queries
sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
#answer all local domain queries
sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
fi
if [ -n "$DNS_SEARCH_ORDER" ]
then
sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf
echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf
# set the domain search order as a space seprated list for option 15
DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g')
#send domain name to dhcp clients
sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf
fi
if [ $DHCP_RANGE ]
then
sed -i -e "s/^dhcp-range_ip4=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf
else
sed -i -e "s/^dhcp-range_ip4=.*$//" /etc/dnsmasq.conf
fi
if [ $DHCP_RANGE_IP6 ]
then
sed -i -e "s/^dhcp-range_ip6=.*$/dhcp-range=$DHCP_RANGE_IP6,static/" /etc/dnsmasq.conf
# For nondefault6 tagged host, don't send dns-server information
sed -i /nondefault6/d /etc/dnsmasq.conf
echo "dhcp-option=nondefault6,option6:dns-server" >> /etc/dnsmasq.conf
else
sed -i -e "s/^dhcp-range_ip6=.*$//" /etc/dnsmasq.conf
fi
sed -i -e "s/^[#]*listen-address=.*$/listen-address=$LOCAL_ADDRS/" /etc/dnsmasq.conf
if [ "$RROUTER" == "1" ]
then
DEFAULT_GW=$GUEST_GW
INTERNAL_DNS=$GUEST_GW
else
if [ "$TYPE" == "dhcpsrvr" ]
then
DEFAULT_GW=$GW
else
DEFAULT_GW=$ETH0_IP
fi
INTERNAL_DNS=$ETH0_IP
fi
sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf
[ $DEFAULT_GW ] && echo "dhcp-option=option:router,$DEFAULT_GW" >> /etc/dnsmasq.conf
[ $ETH0_IP ] && [ $NS1 ] && NS="$NS1,"
[ $ETH0_IP ] && [ $NS2 ] && NS="$NS$NS2,"
[ $ETH0_IP6 ] && [ $IP6_NS1 ] && NS6="[$IP6_NS1],"
[ $ETH0_IP6 ] && [ $IP6_NS2 ] && NS6="$NS6[$IP6_NS2],"
#for now set up ourself as the dns server as well
sed -i -e "/^[#]*dhcp-option=6,.*$/d" /etc/dnsmasq.conf
sed -i -e "/^[#]*dhcp-option=option6:dns-server,.*$/d" /etc/dnsmasq.conf
if [ "$USE_EXTERNAL_DNS" != "true" ]
then
[ $ETH0_IP ] && NS="$INTERNAL_DNS,$NS"
[ $ETH0_IP6 ] && NS6="[::],$NS6"
fi
NS=${NS%?}
NS6=${NS6%?}
[ $ETH0_IP ] && echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf
[ $ETH0_IP6 ] && echo "dhcp-option=option6:dns-server,$NS6" >> /etc/dnsmasq.conf
}
setup_sshd(){
local ip=$1
local eth=$2
[ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config
sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4
sed -i "/3922/s/eth./$eth/" /etc/iptables/rules
}
setup_vpc_apache2() {
log_it "Setting up apache web server for VPC"
chkconfig apache2 off
rm -f /etc/apache2/conf.d/vhost*.conf
[ -f /etc/apache2/sites-available/default ] && echo "" >/etc/apache2/sites-available/default
[ -f /etc/apache2/sites-available/default-ssl ] && echo "">/etc/apache2/sites-available/default-ssl
[ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
[ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
[ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
[ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security
[ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security
# Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
[ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf
echo "Options -Indexes" > /var/www/html/.htaccess
}
setup_apache2() {
log_it "Setting up apache web server"
local ip=$1
[ -f /etc/apache2/sites-available/default ] && sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:80>/" /etc/apache2/sites-available/default
[ -f /etc/apache2/sites-available/default-ssl ] && sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>/" /etc/apache2/sites-available/default-ssl
[ -f /etc/apache2/ports.conf ] && sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf
[ -f /etc/apache2/ports.conf ] && sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf
[ -f /etc/apache2/ports.conf ] && sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf
[ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security
[ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security
# Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
[ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf
echo "Options -Indexes" > /var/www/html/.htaccess
}
setup_redundant_router() {
rrouter_bin_path="/ramdisk/rrouter"
rrouter_log="/ramdisk/rrouter/keepalived.log"
rrouter_bin_path_str="\/ramdisk\/rrouter"
rrouter_log_str="\/ramdisk\/rrouter\/keepalived.log"
mkdir -p /ramdisk
mount tmpfs /ramdisk -t tmpfs
mkdir -p /ramdisk/rrouter
ip route delete default
cp /root/redundant_router/keepalived.conf.templ /etc/keepalived/keepalived.conf
cp /root/redundant_router/conntrackd.conf.templ /etc/conntrackd/conntrackd.conf
cp /root/redundant_router/enable_pubip.sh.templ $rrouter_bin_path/enable_pubip.sh
cp /root/redundant_router/master.sh.templ $rrouter_bin_path/master.sh
cp /root/redundant_router/backup.sh.templ $rrouter_bin_path/backup.sh
cp /root/redundant_router/fault.sh.templ $rrouter_bin_path/fault.sh
cp /root/redundant_router/primary-backup.sh.templ $rrouter_bin_path/primary-backup.sh
cp /root/redundant_router/heartbeat.sh.templ $rrouter_bin_path/heartbeat.sh
cp /root/redundant_router/check_heartbeat.sh.templ $rrouter_bin_path/check_heartbeat.sh
cp /root/redundant_router/arping_gateways.sh.templ $rrouter_bin_path/arping_gateways.sh
cp /root/redundant_router/check_bumpup.sh $rrouter_bin_path/
cp /root/redundant_router/disable_pubip.sh $rrouter_bin_path/
cp /root/redundant_router/checkrouter.sh.templ /opt/cloud/bin/checkrouter.sh
cp /root/redundant_router/services.sh $rrouter_bin_path/
sed -i "s/\[ROUTER_ID\]/$NAME/g" /etc/keepalived/keepalived.conf
sed -i "s/\[ROUTER_IP\]/$GUEST_GW\/$GUEST_CIDR_SIZE/g" /etc/keepalived/keepalived.conf
sed -i "s/\[BOARDCAST\]/$GUEST_BRD/g" /etc/keepalived/keepalived.conf
sed -i "s/\[PRIORITY\]/$ROUTER_PR/g" /etc/keepalived/keepalived.conf
sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" /etc/keepalived/keepalived.conf
sed -i "s/\[DELTA\]/2/g" /etc/keepalived/keepalived.conf
sed -i "s/\[LINK_IF\]/eth0/g" /etc/conntrackd/conntrackd.conf
sed -i "s/\[LINK_IP\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf
sed -i "s/\[IGNORE_IP1\]/$GUEST_GW/g" /etc/conntrackd/conntrackd.conf
sed -i "s/\[IGNORE_IP2\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf
sed -i "s/\[IGNORE_IP3\]/$ETH1_IP/g" /etc/conntrackd/conntrackd.conf
sed -i "s/\[ETH2IP\]/$ETH2_IP/g" $rrouter_bin_path/enable_pubip.sh
sed -i "s/\[ETH2MASK\]/$ETH2_MASK/g" $rrouter_bin_path/enable_pubip.sh
sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/enable_pubip.sh
sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/master.sh
sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/master.sh
sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/backup.sh
sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/fault.sh
sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/heartbeat.sh
sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/check_heartbeat.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/master.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/backup.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/fault.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/primary-backup.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/check_heartbeat.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/arping_gateways.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" /opt/cloud/bin/checkrouter.sh
chmod a+x $rrouter_bin_path/*.sh
sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived
crontab -l|grep "check_heartbeat.sh"
if [ $? -ne 0 ]
then
(crontab -l; echo "*/1 * * * * $rrouter_bin_path/check_heartbeat.sh 2>&1 > /dev/null") | crontab
fi
}
setup_aesni() {
if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ]
then
modprobe aesni_intel
fi
}
setup_router() {
log_it "Setting up virtual router system vm"
oldmd5=
[ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
if [ -n "$ETH2_IP" ]
then
setup_common eth0 eth1 eth2
if [ -n "$EXTRA_PUBNICS" ]
then
for((i = 3; i < 3 + $EXTRA_PUBNICS; i++))
do
setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
done
fi
else
setup_common eth0 eth1
if [ -n "$EXTRA_PUBNICS" ]
then
for((i = 2; i < 2 + $EXTRA_PUBNICS; i++))
do
setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
done
fi
fi
if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ]
then
setup_redundant_router
fi
log_it "Checking udev NIC assignment order changes"
if [ "$NIC_MACS" != "" ]
then
init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules"
newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}')
rm /tmp/interfaces
rm /tmp/udev-rules
if [ "$oldmd5" != "$newmd5" ]
then
log_it "udev NIC assignment requires reboot to take effect"
sync
sleep 2
reboot
fi
fi
setup_aesni
setup_dnsmasq
setup_apache2 $ETH0_IP
sed -i /gateway/d /etc/hosts
echo "$ETH0_IP $NAME" >> /etc/hosts
enable_svc dnsmasq 1
enable_svc haproxy 1
enable_svc cloud-passwd-srvr 1
enable_svc cloud 0
disable_rpfilter_domR
enable_fwding 1
chkconfig nfs-common off
cp /etc/iptables/iptables-router /etc/iptables/rules.v4
#for old templates
cp /etc/iptables/iptables-router /etc/iptables/rules
setup_sshd $ETH1_IP "eth1"
}
setup_vpcrouter() {
log_it "Setting up VPC virtual router system vm"
if [ "$hyp" == "vmware" ]; then
setup_vmware_extra_nics
fi
if [ -f /etc/hosts ]; then
grep -q $NAME /etc/hosts || echo "127.0.0.1 $NAME" >> /etc/hosts;
fi
cat > /etc/network/interfaces << EOF
auto lo eth0
iface lo inet loopback
EOF
setup_interface "0" $ETH0_IP $ETH0_MASK $GW
echo $NAME > /etc/hostname
echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
hostname $NAME
#Nameserver
sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
if [ -n "$internalNS1" ]
then
echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
echo "nameserver $internalNS1" > /etc/resolv.conf
fi
if [ -n "$internalNS2" ]
then
echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
echo "nameserver $internalNS2" >> /etc/resolv.conf
fi
if [ -n "$NS1" ]
then
echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
echo "nameserver $NS1" >> /etc/resolv.conf
fi
if [ -n "$NS2" ]
then
echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
echo "nameserver $NS2" >> /etc/resolv.conf
fi
if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
then
ip route add $MGMTNET via $LOCAL_GW dev eth1
fi
ip route delete default
# create route table for static route
sudo echo "252 static_route" >> /etc/iproute2/rt_tables 2>/dev/null
sudo echo "251 static_route_back" >> /etc/iproute2/rt_tables 2>/dev/null
sudo ip rule add from $VPCCIDR table static_route 2>/dev/null
sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null
setup_vpc_apache2
enable_svc dnsmasq 1
enable_svc haproxy 1
enable_svc cloud 0
disable_rpfilter
enable_fwding 1
cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4
cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules
setup_sshd $ETH0_IP "eth0"
cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf
cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules
echo "" > /etc/dnsmasq.d/dhcphosts.txt
echo "dhcp-hostsfile=/etc/dhcphosts.txt" > /etc/dnsmasq.d/cloud.conf
}
setup_dhcpsrvr() {
log_it "Setting up dhcp server system vm"
setup_common eth0 eth1
setup_dnsmasq
setup_apache2 $ETH0_IP
sed -i /gateway/d /etc/hosts
[ $ETH0_IP ] && echo "$ETH0_IP $NAME" >> /etc/hosts
[ $ETH0_IP6 ] && echo "$ETH0_IP6 $NAME" >> /etc/hosts
enable_svc dnsmasq 1
enable_svc haproxy 0
enable_svc cloud-passwd-srvr 1
enable_svc cloud 0
enable_fwding 0
chkconfig nfs-common off
cp /etc/iptables/iptables-router /etc/iptables/rules.v4
cp /etc/iptables/iptables-router /etc/iptables/rules
if [ "$SSHONGUEST" == "true" ]
then
setup_sshd $ETH0_IP "eth0"
else
setup_sshd $ETH1_IP "eth1"
fi
}
setup_storage_network() {
if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ]
then
log_it "Incompleted parameters STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR. Cannot setup storage network"
return
fi
echo "" >> /etc/network/interfaces
echo "auto eth3" >> /etc/network/interfaces
setup_interface "3" "$STORAGE_IP" "$STORAGE_NETMASK"
#ip route add "$STORAGE_CIDR" via "$STORAGE_IP"
log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR"
}
setup_secstorage() {
log_it "Setting up secondary storage system vm"
local hyp=$1
setup_common eth0 eth1 eth2
setup_storage_network
[ -n "$MTU" ] && ifconfig eth1 mtu $MTU
sed -i /gateway/d /etc/hosts
public_ip=$ETH2_IP
[ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
echo "$public_ip $NAME" >> /etc/hosts
cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4
cp /etc/iptables/iptables-secstorage /etc/iptables/rules
if [ "$hyp" == "vmware" ]; then
setup_sshd $ETH1_IP "eth1"
else
setup_sshd $ETH0_IP "eth0"
fi
setup_apache2 $ETH2_IP
disable_rpfilter
enable_fwding 0
enable_svc haproxy 0
enable_svc dnsmasq 0
enable_svc cloud-passwd-srvr 0
enable_svc cloud 1
}
setup_console_proxy() {
log_it "Setting up console proxy system vm"
local hyp=$1
setup_common eth0 eth1 eth2
public_ip=$ETH2_IP
[ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
sed -i /gateway/d /etc/hosts
echo "$public_ip $NAME" >> /etc/hosts
cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4
cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules
if [ "$hyp" == "vmware" ]; then
setup_sshd $ETH1_IP "eth1"
else
setup_sshd $ETH0_IP "eth0"
fi
disable_rpfilter
enable_fwding 0
enable_svc haproxy 0
enable_svc dnsmasq 0
enable_svc cloud-passwd-srvr 0
enable_svc cloud 1
chkconfig nfs-common off
}
setup_elbvm() {
log_it "Setting up Elastic Load Balancer system vm"
local hyp=$1
setup_common eth0 eth1
sed -i /gateway/d /etc/hosts
public_ip=$ETH2_IP
[ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP
echo "$public_ip $NAME" >> /etc/hosts
cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4
cp /etc/iptables/iptables-elbvm /etc/iptables/rules
if [ "$SSHONGUEST" == "true" ]
then
setup_sshd $ETH0_IP "eth0"
else
setup_sshd $ETH1_IP "eth1"
fi
enable_fwding 0
enable_svc haproxy 0
enable_svc dnsmasq 0
enable_svc cloud-passwd-srvr 0
enable_svc cloud 0
chkconfig nfs-common off
chkconfig portmap off
}
setup_ilbvm() {
log_it "Setting up Internal Load Balancer system vm"
local hyp=$1
setup_common eth0 eth1
#eth0 = guest network, eth1=control network
sed -i /$NAME/d /etc/hosts
echo "$ETH0_IP $NAME" >> /etc/hosts
cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4
cp /etc/iptables/iptables-ilbvm /etc/iptables/rules
setup_sshd $ETH1_IP "eth1"
enable_fwding 0
enable_svc haproxy 1
enable_svc dnsmasq 0
enable_svc cloud-passwd-srvr 0
enable_svc cloud 0
chkconfig nfs-common off
chkconfig portmap off
}
setup_default() {
cat > /etc/network/interfaces << EOF
auto lo
iface lo inet loopback
EOF
cp -f /etc/iptables/rt_tables_init /etc/iproute2/rt_tables
}
change_password() {
if [ x"$VM_PASSWORD" != x"" ]
then
echo "root:$VM_PASSWORD" | chpasswd
fi
}
start() {
# Clear /tmp for file lock
rm -f /tmp/*.lock
local hyp=$(hypervisor)
[ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10
log_it "Detected that we are running inside $hyp guest"
get_boot_params
patch
parse_cmd_line
change_password
case $TYPE in
router)
[ "$NAME" == "" ] && NAME=router
setup_router
;;
vpcrouter)
[ "$NAME" == "" ] && NAME=vpcrouter
setup_vpcrouter
;;
dhcpsrvr)
[ "$NAME" == "" ] && NAME=dhcpsrvr
setup_dhcpsrvr
;;
secstorage)
[ "$NAME" == "" ] && NAME=secstorage
setup_secstorage $hyp;
;;
consoleproxy)
[ "$NAME" == "" ] && NAME=consoleproxy
setup_console_proxy $hyp;
;;
elbvm)
[ "$NAME" == "" ] && NAME=elb
setup_elbvm
;;
ilbvm)
[ "$NAME" == "" ] && NAME=ilb
setup_ilbvm
;;
unknown)
[ "$NAME" == "" ] && NAME=systemvm
setup_default;
;;
esac
return 0
}
disable_hvc
parse_cmd_line() {
CMDLINE=$(cat /var/cache/cloud/cmdline)
TYPE="unknown"
BOOTPROTO="static"
DISABLE_RP_FILTER="false"
STORAGE_IP=""
STORAGE_NETMASK=""
STORAGE_CIDR=""
VM_PASSWORD=""
for i in $CMDLINE
do
# search for foo=bar pattern and cut out foo
KEY=$(echo $i | cut -d= -f1)
VALUE=$(echo $i | cut -d= -f2)
case $KEY in
disable_rp_filter)
DISABLE_RP_FILTER=$VALUE
;;
eth0ip)
ETH0_IP=$VALUE
;;
eth1ip)
ETH1_IP=$VALUE
;;
eth2ip)
ETH2_IP=$VALUE
;;
host)
MGMT_HOST=$VALUE
;;
gateway)
GW=$VALUE
;;
ip6gateway)
IP6GW=$VALUE
;;
eth0mask)
ETH0_MASK=$VALUE
;;
eth1mask)
ETH1_MASK=$VALUE
;;
eth2mask)
ETH2_MASK=$VALUE
;;
eth0ip6)
ETH0_IP6=$VALUE
;;
eth0ip6prelen)
ETH0_IP6_PRELEN=$VALUE
;;
internaldns1)
internalNS1=$VALUE
;;
internaldns2)
internalNS2=$VALUE
;;
dns1)
NS1=$VALUE
;;
dns2)
NS2=$VALUE
;;
ip6dns1)
IP6_NS1=$VALUE
;;
ip6dns2)
IP6_NS2=$VALUE
;;
domain)
DOMAIN=$VALUE
;;
dnssearchorder)
DNS_SEARCH_ORDER=$VALUE
;;
useextdns)
USE_EXTERNAL_DNS=$VALUE
;;
mgmtcidr)
MGMTNET=$VALUE
;;
localgw)
LOCAL_GW=$VALUE
;;
template)
TEMPLATE=$VALUE
;;
sshonguest)
SSHONGUEST=$VALUE
;;
name)
NAME=$VALUE
;;
dhcprange)
DHCP_RANGE=$(echo $VALUE | tr ':' ',')
;;
bootproto)
BOOTPROTO=$VALUE
;;
type)
TYPE=$VALUE
;;
defaultroute)
DEFAULTROUTE=$VALUE
;;
redundant_router)
RROUTER=$VALUE
;;
guestgw)
GUEST_GW=$VALUE
;;
guestbrd)
GUEST_BRD=$VALUE
;;
guestcidrsize)
GUEST_CIDR_SIZE=$VALUE
;;
router_pr)
ROUTER_PR=$VALUE
;;
extra_pubnics)
EXTRA_PUBNICS=$VALUE
;;
nic_macs)
NIC_MACS=$VALUE
;;
mtu)
MTU=$VALUE
;;
storageip)
STORAGE_IP=$VALUE
;;
storagenetmask)
STORAGE_NETMASK=$VALUE
;;
storagecidr)
STORAGE_CIDR=$VALUE
;;
vmpassword)
VM_PASSWORD=$VALUE
;;
vpccidr)
VPCCIDR=$VALUE
;;
esac
done
[ $ETH0_IP ] && LOCAL_ADDRS=$ETH0_IP
[ $ETH0_IP6 ] && LOCAL_ADDRS=$ETH0_IP6
[ $ETH0_IP ] && [ $ETH0_IP6 ] && LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6"
}
case "$1" in
start)
log_action_begin_msg "Executing cloud-early-config"
log_it "Executing cloud-early-config"
if start; then
log_action_end_msg $?
else
log_action_end_msg $?
fi
;;
stop)
log_action_begin_msg "Stopping cloud-early-config"
#Override old system's interface setting
setup_default;
log_action_end_msg 0
;;
force-reload|restart)
log_warning_msg "Running $0 is deprecated because it may not enable again some interfaces"
log_action_begin_msg "Executing cloud-early-config"
if start; then
log_action_end_msg $?
else
log_action_end_msg $?
fi
;;
*)
echo "Usage: /etc/init.d/cloud-early-config {start|stop}"
exit 1
;;
esac
exit 0
Reference in New Issue View Git Blame Copy Permalink