From c854cb04e581bf63ddda05ac6f452b5229d2b3d7 Mon Sep 17 00:00:00 2001 From: anthony Date: Mon, 11 Jun 2012 18:00:06 -0700 Subject: [PATCH] VPC : add new type vpcrouter in cloud-early-config --- .../config/etc/init.d/cloud-early-config | 73 +++++++++++++++++++ .../config/etc/iptables/iptables-vpcrouter | 25 +++++++ 2 files changed, 98 insertions(+) create mode 100644 patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index 9c0d189046f..96fe6b88a89 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -550,6 +550,75 @@ setup_router() { cp /etc/iptables/iptables-router /etc/iptables/rules } + + +setup_vpcrouter() { + log_it "Setting up VPC virtual router system vm" + + if [ "$hyp" == "vmware" ]; then + setup_vmware_extra_nics + fi + + cat > /etc/network/interfaces << EOF +auto lo $1 +iface lo inet loopback +EOF + setup_interface "0" $ETH0_IP $ETH0_MASK $GW + + echo $NAME > /etc/hostname + echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon + hostname $NAME + + #Nameserver + sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries + sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries + if [ -n "$internalNS1" ] + then + echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf + echo "nameserver $internalNS1" > /etc/resolv.conf + fi + + if [ -n "$internalNS2" ] + then + echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $internalNS2" >> /etc/resolv.conf + fi + if [ -n "$NS1" ] + then + echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf + echo "nameserver $NS1" >> /etc/resolv.conf + fi + + if [ -n "$NS2" ] + then + echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $NS2" >> /etc/resolv.conf + fi + if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] + then + ip route add $MGMTNET via $LOCAL_GW dev eth1 + fi + + ip route delete default + + + sed -i /gateway/d /etc/hosts + + echo "$ETH0_IP $NAME" >> /etc/hosts + setup_sshd $ETH0_IP + + enable_svc dnsmasq 1 + enable_svc haproxy 1 + enable_svc cloud-passwd-srvr 1 + enable_svc cloud 0 + disable_rpfilter_domR + enable_fwding 1 + chkconfig nfs-common off + cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules +} + + + setup_dhcpsrvr() { log_it "Setting up dhcp server system vm" setup_common eth0 eth1 @@ -724,6 +793,10 @@ start() { [ "$NAME" == "" ] && NAME=router setup_router ;; + vpcrouter) + [ "$NAME" == "" ] && NAME=vpcrouter + setup_vpcrouter + ;; dhcpsrvr) [ "$NAME" == "" ] && NAME=dhcpsrvr setup_dhcpsrvr diff --git a/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter b/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter new file mode 100644 index 00000000000..c1d0c158cc2 --- /dev/null +++ b/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter @@ -0,0 +1,25 @@ +*nat +:PREROUTING ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -d 224.0.0.18/32 -j ACCEPT +-A INPUT -d 225.0.0.50/32 -j ACCEPT +-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT +COMMIT +*mangle +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +-A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark +-A OUTPUT -p udp --dport bootpc -j CHECKSUM --checksum-fill +COMMIT