You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by an...@apache.org on 2012/07/28 01:04:17 UTC
[12/16] git commit: VPC : add vpc_guestnw.sh
VPC : add vpc_guestnw.sh
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/7fd73fc5
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/7fd73fc5
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/7fd73fc5
Branch: refs/heads/vpc
Commit: 7fd73fc5abdf6b857008237edd5675bce2980b98
Parents: fe2681f
Author: anthony <an...@cloud.com>
Authored: Thu Jul 26 14:02:43 2012 -0700
Committer: anthony <an...@cloud.com>
Committed: Fri Jul 27 15:04:40 2012 -0700
----------------------------------------------------------------------
.../debian/config/opt/cloud/bin/guestnw.sh | 186 ------------
.../debian/config/opt/cloud/bin/vpc_guestnw.sh | 226 +++++++++++++++
2 files changed, 226 insertions(+), 186 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7fd73fc5/patches/systemvm/debian/config/opt/cloud/bin/guestnw.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/guestnw.sh b/patches/systemvm/debian/config/opt/cloud/bin/guestnw.sh
deleted file mode 100755
index c2e3592..0000000
--- a/patches/systemvm/debian/config/opt/cloud/bin/guestnw.sh
+++ /dev/null
@@ -1,186 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 2012 Citrix Systems, Inc. Licensed under the
-# Apache License, Version 2.0 (the "License"); you may not use this
-# file except in compliance with the License. Citrix Systems, Inc.
-# reserves all rights not expressly granted by the License.
-# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Automatically generated by addcopyright.py at 04/03/2012
-
-# guestnw.sh -- create/destroy guest network
-# @VERSION@
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
- exit 1
-fi
-
-usage() {
- printf "Usage:\n %s -A -c <dev> -g <gateway> -m <network mask> -d <dns ip> -r <dhcp ip range> [-f] \n" $(basename $0) >&2
- printf " %s -D -c <dev> \n" $(basename $0) >&2
-}
-
-
-setup_dnsmasq() {
- logger -t cloud "Setting up dnsmasq for network $ip/$mask "
- # setup static
- sed -i -e "/^[#]*dhcp-range=interface:$dev/d" /etc/dnsmasq.d/cloud.conf
- echo "dhcp-range=interface:$dev,set:interface-$dev,$ip,static" >> /etc/dnsmasq.d/cloud.conf
- # setup gateway
- sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,option:router.*$/d" /etc/dnsmasq.d/cloud.conf
- if [ -n "$gw" ]
- then
- echo "dhcp-option=tag:interface-$dev,option:router,$gw" >> /etc/dnsmasq.d/cloud.conf
- fi
- # setup DNS
- sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,6.*$/d" /etc/dnsmasq.d/cloud.conf
- if [ -n "$DNS" ]
- then
- echo "dhcp-option=tag:interface-$dev,6,$DNS" >> /etc/dnsmasq.d/cloud.conf
- fi
- # setup DOMAIN
- sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,15.*$/d" /etc/dnsmasq.d/cloud.conf
- if [ -n "$DOMAIN" ]
- then
- echo "dhcp-option=tag:interface-$dev,15,$DOMAIN" >> /etc/dnsmasq.d/cloud.conf
- fi
- service dnsmasq restart
- sleep 1
-}
-
-desetup_dnsmasq() {
- logger -t cloud "Setting up dnsmasq for network $ip/$mask "
-
- sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,option:router.*$/d" /etc/dnsmasq.d/cloud.conf
- sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,6.*$/d" /etc/dnsmasq.d/cloud.conf
- sed -i -e "/^[#]*dhcp-range=interface:$dev/d" /etc/dnsmasq.d/cloud.conf
- service dnsmasq restart
- sleep 1
-}
-
-
-create_guest_network() {
- logger -t cloud " $(basename $0): Create network on interface $dev, gateway $gw, network $ip/$mask "
- # setup ip configuration
- sudo ip addr add dev $dev $ip/$mask
- sudo ip link set $dev up
- sudo arping -c 3 -I $dev -A -U -s $ip $ip;
- # setup rules to allow dhcp/dns request
- sudo iptables -A INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
- sudo iptables -A INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
-
- # create inbound acl chain
- if sudo iptables -N ACL_INBOUND_$ip 2>/dev/null
- then
- logger -t cloud "$(basename $0): create VPC inbound acl chain for network $ip/$mask"
- # policy drop
- sudo iptables -A ACL_INBOUND_$ip -j DROP >/dev/null
- sudo iptables -A FORWARD -o $dev -d $ip/$mask -j ACL_INBOUND_$ip
- fi
- # create outbound acl chain
- if sudo iptables -N ACL_OUTBOUND_$ip 2>/dev/null
- then
- logger -t cloud "$(basename $0): create VPC outbound acl chain for network $ip/$mask"
- sudo iptables -A ACL_OUTBOUND_$ip -j DROP >/dev/null
- sudo iptables -A FORWARD -i $dev -s $ip/$mask -j ACL_OUTBOUND_$ip
- fi
-
- setup_dnsmasq
-}
-
-destroy_guest_network() {
- logger -t cloud " $(basename $0): Create network on interface $dev, gateway $gw, network $ip/$mask "
- # destroy inbound acl chain
- sudo iptables -F ACL_INBOUND_$ip 2>/dev/null
- sudo iptables -D FORWARD -o $dev -d $ip/$mask -j ACL_INBOUND_$ip 2>/dev/null
- sudo iptables -X ACL_INBOUND_$ip 2>/dev/null
- # destroy outbound acl chain
- sudo iptables -F ACL_OUTBOUND_$ip 2>/dev/null
- sudo iptables -D FORWARD -i $dev -s $ip/$mask -j ACL_OUTBOUND_$ip 2>/dev/null
- sudo iptables -X ACL_OUTBOUND_$ip 2>/dev/null
-
- desetup_dnsmasq
-}
-
-#set -x
-nflag=0
-dflag=
-cflag=
-gflag=
-Cflag=
-Dflag=
-
-op=""
-
-
-while getopts 'CDn:m:d:i:g:s:e:' OPTION
-do
- case $OPTION in
- C) Cflag=1
- op="-C"
- ;;
- D) Dflag=1
- op="-D"
- ;;
- n) nflag=1
- network="$OPTAGR"
- ;;
- m) mflag=1
- mask="$OPTARG"
- ;;
- d) dflag=1
- dev="$OPTARG"
- ;;
- i) iflag=1
- ip="$OPTARG"
- ;;
- g) gflag=1
- gw="$OPTARG"
- ;;
- s) sflag=1
- DNS="$OPTARG"
- ;;
- e) eflag=1
- DOMAIN="$OPTARG"
- ;;
- ?) usage
- unlock_exit 2 $lock $locked
- ;;
- esac
-done
-
-
-if [ "$Cflag$Dflag$dflag" != "11" ]
-then
- usage
- unlock_exit 2 $lock $locked
-fi
-
-if [ "$Cflag" == "1" ] && ["$iflag$gflag$mflag" != "111" ]
-then
- usage
- unlock_exit 2 $lock $locked
-fi
-
-
-if [ "$Cflag" == "1" ]
-then
- create_guest_network
-fi
-
-
-if [ "$Dflag" == "1" ]
-then
- destroy_guest_network
-fi
-
-unlock_exit 0 $lock $locked
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7fd73fc5/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
new file mode 100755
index 0000000..3539464
--- /dev/null
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
@@ -0,0 +1,226 @@
+#!/usr/bin/env bash
+# Copyright 2012 Citrix Systems, Inc. Licensed under the
+# Apache License, Version 2.0 (the "License"); you may not use this
+# file except in compliance with the License. Citrix Systems, Inc.
+# reserves all rights not expressly granted by the License.
+# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Automatically generated by addcopyright.py at 04/03/2012
+
+# guestnw.sh -- create/destroy guest network
+# @VERSION@
+
+source /root/func.sh
+source /opt/cloud/bin/vpc_func.sh
+
+lock="biglock"
+locked=$(getLockFile $lock)
+if [ "$locked" != "1" ]
+then
+ exit 1
+fi
+
+usage() {
+ printf "Usage:\n %s -A -d <dev> -i <ip address> -g <gateway> -m <network mask> -s <dns ip> -e < domain> [-f] \n" $(basename $0) >&2
+ printf " %s -D -d <dev> -i <ip address> \n" $(basename $0) >&2
+}
+
+
+destroy_acl_chain() {
+ sudo iptables -t mangle -F ACL_OUTBOUND_$dev 2>/dev/null
+ sudo iptables -t mangle -D PREROUTING -m state --state NEW -i $dev -s $subnet/$mask ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null
+ sudo iptables -t mangle -X ACL_OUTBOUND_$dev 2>/dev/null
+ sudo iptables -F ACL_INBOUND_$dev 2>/dev/null
+ sudo iptables -D FORWARD -o $dev -d $subnet/$mask -j ACL_INBOUND_$dev 2>/dev/null
+ sudo iptables -X ACL_INBOUND_$dev 2>/dev/null
+
+}
+
+create_acl_chain() {
+ destroy_acl_chain
+ sudo iptables -t mangle -N ACL_OUTBOUND_$dev 2>/dev/null
+ sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j DROP 2>/dev/null
+ sudo iptables -t mangle -A PREROUTING -m state --state NEW -i $dev -s $subnet/$mask ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null
+ sudo iptables -N ACL_INBOUND_$dev 2>/dev/null
+ # drop if no rules match (this will be the last rule in the chain)
+ sudo iptables -A ACL_INBOUND_$dev -j DROP 2>/dev/null
+ sudo iptables -A FORWARD -o $dev -d $subnet/$mask -j ACL_INBOUND_$dev 2>/dev/null
+}
+
+
+setup_apache2() {
+ logger_it "Setting up apache web server for $dev"
+ cp /etc/apache2/vhostexample.conf /etc/apache2/conf.d/vhost$dev.conf
+ sed -i -e "s/<VirtualHost.*:80>/<VirtualHost $ip:80>/" /etc/apache2/conf.d/vhost$dev.conf
+ sed -i -e "s/<VirtualHost.*:443>/<VirtualHost $ip:443>/" /etc/apache2/conf.d/vhost$dev.conf
+ sed -i -e "s/\tServerName.*/\tServerName vhost$dev.cloudinternal.com/" /etc/apache2/conf.d/vhost$dev.conf
+ sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/conf.d/vhost$dev.conf
+ sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/conf.d/vhost$dev.conf
+ service apache2 restart
+ sudo iptables -A INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 80 -j ACCEPT
+}
+
+desetup_apache2() {
+ logger_it "Desetting up apache web server for $dev"
+ rm -f /etc/apache2/conf.d/vhost$dev.conf
+ service apache2 restart
+ sudo iptables -D INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 80 -j ACCEPT
+}
+
+
+setup_dnsmasq() {
+ logger -t cloud "Setting up dnsmasq for network $ip/$mask "
+ # setup static
+ sed -i -e "/^[#]*dhcp-range=interface:$dev/d" /etc/dnsmasq.d/cloud.conf
+ echo "dhcp-range=interface:$dev,set:interface-$dev,$ip,static" >> /etc/dnsmasq.d/cloud.conf
+ # setup DOMAIN
+ [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
+
+ sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,15.*$/d" /etc/dnsmasq.d/cloud.conf
+ echo "dhcp-option=tag:interface-$dev,15,$DOMAIN" >> /etc/dnsmasq.d/cloud.conf
+ service dnsmasq restart
+ sleep 1
+}
+
+desetup_dnsmasq() {
+ logger -t cloud "Setting up dnsmasq for network $ip/$mask "
+
+ sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,option:router.*$/d" /etc/dnsmasq.d/cloud.conf
+ sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,6.*$/d" /etc/dnsmasq.d/cloud.conf
+ sed -i -e "/^[#]*dhcp-range=interface:$dev/d" /etc/dnsmasq.d/cloud.conf
+ service dnsmasq restart
+ sleep 1
+}
+
+setup_usage() {
+ sudo iptables -t mangle -N NETWORK_STATS_$dev
+ sudo iptables -t mangle -A NETWORK_STATS_$dev -s $subnet/$mask ! -d $vpccidr
+ sudo iptables -t mangle -A NETWORK_STATS_$dev -o $dev ! -s $vpccidr
+ sudo iptables -t mangle -A POSTROUTING -s $subnet/$mask -j NETWORK_STATS_$dev
+ sudo iptables -t mangle -A POSTROUTING -o $dev -j NETWORK_STATS_$dev
+}
+
+desetup_usage() {
+ sudo iptables -t mangle -F NETWORK_STATS_$dev
+ sudo iptables -t mangle -D POSTROUTING -s $subnet/$mask -j NETWORK_STATS_$dev
+ sudo iptables -t mangle -D POSTROUTING -o $dev -j NETWORK_STATS_$dev
+ sudo iptables -t mangle -X NETWORK_STATS_$dev
+}
+
+create_guest_network() {
+ logger -t cloud " $(basename $0): Create network on interface $dev, gateway $gw, network $ip/$mask "
+ # setup ip configuration
+ sudo ip addr add dev $dev $ip/$mask
+ sudo ip link set $dev up
+ sudo arping -c 3 -I $dev -A -U -s $ip $ip
+ # setup rules to allow dhcp/dns request
+ sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
+ sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
+ sudo iptables -A INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
+ sudo iptables -A INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
+ # restore mark from connection mark
+ local tableName="Table_$dev"
+ sudo ip route add $subnet/$mask dev $dev table $tableName proto static
+ sudo iptables -t mangle -A PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
+ # set up hairpin
+ sudo iptables -t nat -A POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
+ create_acl_chain
+ setup_usage
+ setup_dnsmasq
+ setup_apache2
+}
+
+destroy_guest_network() {
+ logger -t cloud " $(basename $0): Create network on interface $dev, gateway $gw, network $ip/$mask "
+
+ sudo ip addr del dev $dev $ip/$mask
+ sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
+ sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
+ sudo iptables -t mangle -D PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
+ sudo iptables -t nat -A POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
+ destroy_acl_outbound_chain
+ desetup_usage
+ desetup_dnsmasq
+ desetup_apache2
+}
+
+#set -x
+iflag=0
+mflag=0
+nflag=0
+dflag=
+gflag=
+Cflag=
+Dflag=
+
+op=""
+
+
+while getopts 'CDn:m:d:i:g:s:e:' OPTION
+do
+ case $OPTION in
+ C) Cflag=1
+ op="-C"
+ ;;
+ D) Dflag=1
+ op="-D"
+ ;;
+ n) nflag=1
+ subnet="$OPTARG"
+ ;;
+ m) mflag=1
+ mask="$OPTARG"
+ ;;
+ d) dflag=1
+ dev="$OPTARG"
+ ;;
+ i) iflag=1
+ ip="$OPTARG"
+ ;;
+ g) gflag=1
+ gw="$OPTARG"
+ ;;
+ s) sflag=1
+ DNS="$OPTARG"
+ ;;
+ e) eflag=1
+ DOMAIN="$OPTARG"
+ ;;
+ ?) usage
+ unlock_exit 2 $lock $locked
+ ;;
+ esac
+done
+
+vpccidr=$(getVPCcidr)
+
+if [ "$Cflag$Dflag$dflag" != "11" ]
+then
+ usage
+ unlock_exit 2 $lock $locked
+fi
+
+if [ "$Cflag" == "1" ] && [ "$iflag$gflag$mflag" != "111" ]
+then
+ usage
+ unlock_exit 2 $lock $locked
+fi
+
+
+if [ "$Cflag" == "1" ]
+then
+ create_guest_network
+fi
+
+
+if [ "$Dflag" == "1" ]
+then
+ destroy_guest_network
+fi
+
+unlock_exit 0 $lock $locked