#!/bin/bash ### BEGIN INIT INFO # Provides: cloud-early-config # Required-Start: mountkernfs $local_fs # Required-Stop: $local_fs # Should-Start: # Should-Stop: # Default-Start: S # Default-Stop: 0 6 # Short-Description: configure according to cmdline ### END INIT INFO PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" # Fix haproxy directory issue mkdir -p /var/lib/haproxy [ -x /sbin/ifup ] || exit 0 . /lib/lsb/init-functions log_it() { echo "$(date) $@" >> /var/log/cloud.log log_action_begin_msg "$@" } init_interfaces_orderby_macs() { macs=( $(echo $1 | sed "s/|/ /g") ) total_nics=${#macs[@]} interface_file=${2:-"/etc/network/interfaces"} rule_file=${3:-"/etc/udev/rules.d/70-persistent-net.rules"} echo -n "auto lo" > $interface_file for((i=0; i> $interface_file fi done cat >> $interface_file << EOF iface lo inet loopback EOF echo "" > $rule_file for((i=0; i < ${#macs[@]}; i++)) do echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file done } init_interfaces() { if [ "$NIC_MACS" == "" ] then cat > /etc/network/interfaces << EOF auto lo $1 $2 $3 iface lo inet loopback EOF else init_interfaces_orderby_macs "$NIC_MACS" fi } hypervisor() { [ -d /proc/xen ] && mount -t xenfs none /proc/xen local try=$([ -x /usr/sbin/virt-what ] && virt-what | tail -1) [ "$try" != "" ] && echo $try && return 0 vmware-checkvm &> /dev/null && echo "vmware" && return 0 [ -d /proc/xen ] && echo "xen-domU" && return 0 grep -q QEMU /proc/cpuinfo && echo "kvm" && return 0 grep -q QEMU /var/log/messages && echo "kvm" && return 0 echo "unknown" && return 1 } get_boot_params() { local EXTRA_MOUNT=/media/extra local hyp=$(hypervisor) [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10 case $hyp in xen-domU) cat /proc/cmdline > /var/cache/cloud/cmdline ;; kvm) # KVM needs to mount another disk, to get cmdline mkdir -p $EXTRA_MOUNT mount /dev/vdb $EXTRA_MOUNT cp -f $EXTRA_MOUNT/cmdline /var/cache/cloud/cmdline cp -f $EXTRA_MOUNT/authorized_keys /var/cache/cloud/authorized_keys privkey=/var/cache/cloud/authorized_keys umount $EXTRA_MOUNT ;; vmware) vmtoolsd --cmd 'machine.id.get' > /var/cache/cloud/cmdline ;; virtualpc) # Hyper-V is recognized as virtualpc hypervisor type. Boot args are passed in the NTFS data-disk mkdir -p $EXTRA_MOUNT mount -t ntfs /dev/sdb1 $EXTRA_MOUNT cp -f $EXTRA_MOUNT/cmdline /var/cache/cloud/cmdline umount $EXTRA_MOUNT ;; esac } patch() { local PATCH_MOUNT=/media/cdrom local patchfile=$PATCH_MOUNT/cloud-scripts.tgz local md5file=/var/cache/cloud/cloud-scripts-signature local privkey=$PATCH_MOUNT/authorized_keys local shouldpatch=false local cdrom_dev= mkdir -p $PATCH_MOUNT if [ -e /dev/xvdd ]; then cdrom_dev=/dev/xvdd elif [ -e /dev/cdrom ]; then cdrom_dev=/dev/cdrom elif [ -e /dev/cdrom1 ]; then cdrom_dev=/dev/cdrom1 fi [ -f /var/cache/cloud/authorized_keys ] && privkey=/var/cache/cloud/authorized_keys if [ -n "$cdrom_dev" ]; then mount -o ro $cdrom_dev $PATCH_MOUNT [ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys local oldmd5= [ -f ${md5file} ] && oldmd5=$(cat ${md5file}) local newmd5= [ -f ${patchfile} ] && newmd5=$(md5sum ${patchfile} | awk '{print $1}') if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ] then shouldpatch=true log_it "Patching scripts oldmd5=$oldmd5 newmd5=$newmd5" tar xzf $patchfile -C / echo ${newmd5} > ${md5file} fi log_it "Patching cloud service" hyperVisor=$(hypervisor) /opt/cloud/bin/patchsystemvm.sh $PATCH_MOUNT $hyperVisor umount $PATCH_MOUNT if [ "$shouldpatch" == "true" ] then log_it "Rebooting system since we patched init scripts" sync sleep 2 reboot fi fi if [ -f /mnt/cmdline ]; then cat /mnt/cmdline > /var/cache/cloud/cmdline fi return 0 } setup_interface() { local intfnum=$1 local ip=$2 local mask=$3 local gw=$4 local force=$5 local intf=eth${intfnum} local bootproto="static" if [ "$BOOTPROTO" == "dhcp" ] then if [ "$intfnum" != "0" ] then bootproto="dhcp" fi fi if [ "$ip" != "0.0.0.0" -a "$ip" != "" -o "$force" == "force" ] then echo "iface $intf inet $bootproto" >> /etc/network/interfaces if [ "$bootproto" == "static" ] then echo " address $ip " >> /etc/network/interfaces echo " netmask $mask" >> /etc/network/interfaces fi fi if [ "$ip" == "0.0.0.0" -o "$ip" == "" ] then ifconfig $intf down fi if [ "$force" == "force" ] then ifdown $intf else ifdown $intf ifup $intf if [ "$RROUTER" == "1" -a "$1" == "2" ] then ifdown $intf fi fi } enable_fwding() { local enabled=$1 log_it "cloud: enable_fwding = $1" log_it "enable_fwding = $1" echo "$1" > /proc/sys/net/ipv4/ip_forward [ -f /etc/iptables/iptables.conf ] && sed -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return } disable_rpfilter() { log_it "cloud: disable rp_filter" log_it "disable rpfilter" sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf } get_public_vif_list() { local vif_list="" for i in /sys/class/net/eth*; do vif=$(basename $i); if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ] then vif_list="$vif_list $vif"; fi done echo $vif_list } disable_rpfilter_domR() { log_it "cloud: Tuning rp_filter on public interfaces" VIF_LIST=$(get_public_vif_list) log_it "rpfilter public interfaces : $VIF_LIST" if [ "$DISABLE_RP_FILTER" == "true" ] then log_it "cloud: disable rp_filter on public interfaces" sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter for vif in $VIF_LIST; do log_it "cloud: disable rp_filter on public interface: $vif" sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter done else log_it "cloud: enable rp_filter on public interfaces" sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter for vif in $VIF_LIST; do log_it "cloud: enable rp_filter on public interface: $vif" sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter done fi log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1,lo)" echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter } enable_svc() { local svc=$1 local enabled=$2 log_it "Enable service ${svc} = $enabled" local cfg=/etc/default/${svc} [ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return } disable_hvc() { [ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q [ -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q } setup_common() { init_interfaces $1 $2 $3 setup_interface "0" $ETH0_IP $ETH0_MASK $GW setup_interface "1" $ETH1_IP $ETH1_MASK $GW if [ -n "$ETH2_IP" ] then setup_interface "2" $ETH2_IP $ETH2_MASK $GW fi echo $NAME > /etc/hostname echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon hostname $NAME #Nameserver sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries if [ -n "$internalNS1" ] then echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf echo "nameserver $internalNS1" > /etc/resolv.conf fi if [ -n "$internalNS2" ] then echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf echo "nameserver $internalNS2" >> /etc/resolv.conf fi if [ -n "$NS1" ] then echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf echo "nameserver $NS1" >> /etc/resolv.conf fi if [ -n "$NS2" ] then echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf echo "nameserver $NS2" >> /etc/resolv.conf fi if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] then ip route add $MGMTNET via $LOCAL_GW dev eth1 fi ip route delete default if [ "$RROUTER" != "1" ] then if [ -z "$3" ] then ip route add default via $GW dev eth0 else ip route add default via $GW dev $3 fi fi # a hacking way to activate vSwitch under VMware ping -n -c 3 $GW & sleep 3 pkill ping if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] then ping -n -c 3 $LOCAL_GW & sleep 3 pkill ping fi } setup_dnsmasq() { log_it "Setting up dnsmasq" [ -z $DHCP_RANGE ] && DHCP_RANGE=$ETH0_IP [ -z $DOMAIN ] && DOMAIN="cloudnine.internal" if [ -n "$DOMAIN" ] then #send domain name to dhcp clients sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf #DNS server will append $DOMAIN to local queries sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf #answer all local domain queries sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf fi if [ -n "$DNS_SEARCH_ORDER" ] then sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf # set the domain search order as a space seprated list for option 15 DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g') #send domain name to dhcp clients sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf fi sed -i -e "s/^dhcp-range=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf sed -i -e "s/^[#]*listen-address=.*$/listen-address=$ETH0_IP/" /etc/dnsmasq.conf if [ "$RROUTER" == "1" ] then sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf echo "dhcp-option=option:router,$GUEST_GW" >> /etc/dnsmasq.conf sed -i -e "/^[#]*dhcp-option=6.*$/d" /etc/dnsmasq.conf echo "dhcp-option=6,$GUEST_GW" >> /etc/dnsmasq.conf fi } setup_sshd(){ local ip=$1 [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config } setup_apache2() { log_it "Setting up apache web server" local ip=$1 [ -f /etc/apache2/sites-available/default ] && sed -i -e "s///" /etc/apache2/sites-available/default [ -f /etc/apache2/sites-available/default-ssl ] && sed -i -e "s///" /etc/apache2/sites-available/default-ssl [ -f /etc/apache2/ports.conf ] && sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf [ -f /etc/apache2/ports.conf ] && sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf [ -f /etc/apache2/ports.conf ] && sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security echo "Options -Indexes" > /var/www/html/.htaccess } setup_redundant_router() { rrouter_bin_path="/ramdisk/rrouter" rrouter_log="/ramdisk/rrouter/keepalived.log" rrouter_bin_path_str="\/ramdisk\/rrouter" rrouter_log_str="\/ramdisk\/rrouter\/keepalived.log" mkdir -p /ramdisk mount tmpfs /ramdisk -t tmpfs mkdir -p /ramdisk/rrouter rm /tmp/rrouter.lock ip route delete default cp /root/redundant_router/keepalived.conf.templ /etc/keepalived/keepalived.conf cp /root/redundant_router/conntrackd.conf.templ /etc/conntrackd/conntrackd.conf cp /root/redundant_router/enable_pubip.sh.templ $rrouter_bin_path/enable_pubip.sh cp /root/redundant_router/master.sh.templ $rrouter_bin_path/master.sh cp /root/redundant_router/backup.sh.templ $rrouter_bin_path/backup.sh cp /root/redundant_router/fault.sh.templ $rrouter_bin_path/fault.sh cp /root/redundant_router/primary-backup.sh.templ $rrouter_bin_path/primary-backup.sh cp /root/redundant_router/heartbeat.sh.templ $rrouter_bin_path/heartbeat.sh cp /root/redundant_router/check_heartbeat.sh.templ $rrouter_bin_path/check_heartbeat.sh cp /root/redundant_router/arping_gateways.sh.templ $rrouter_bin_path/arping_gateways.sh cp /root/redundant_router/check_bumpup.sh $rrouter_bin_path/ cp /root/redundant_router/disable_pubip.sh $rrouter_bin_path/ cp /root/redundant_router/checkrouter.sh.templ /root/checkrouter.sh sed -i "s/\[ROUTER_ID\]/$NAME/g" /etc/keepalived/keepalived.conf sed -i "s/\[ROUTER_IP\]/$GUEST_GW\/$GUEST_CIDR_SIZE/g" /etc/keepalived/keepalived.conf sed -i "s/\[BOARDCAST\]/$GUEST_BRD/g" /etc/keepalived/keepalived.conf sed -i "s/\[PRIORITY\]/$ROUTER_PR/g" /etc/keepalived/keepalived.conf sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" /etc/keepalived/keepalived.conf sed -i "s/\[DELTA\]/2/g" /etc/keepalived/keepalived.conf sed -i "s/\[LINK_IF\]/eth0/g" /etc/conntrackd/conntrackd.conf sed -i "s/\[LINK_IP\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf sed -i "s/\[IGNORE_IP1\]/$GUEST_GW/g" /etc/conntrackd/conntrackd.conf sed -i "s/\[IGNORE_IP2\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf sed -i "s/\[IGNORE_IP3\]/$ETH1_IP/g" /etc/conntrackd/conntrackd.conf sed -i "s/\[ETH2IP\]/$ETH2_IP/g" $rrouter_bin_path/enable_pubip.sh sed -i "s/\[ETH2MASK\]/$ETH2_MASK/g" $rrouter_bin_path/enable_pubip.sh sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/enable_pubip.sh sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/master.sh sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/master.sh sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/backup.sh sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/fault.sh sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/heartbeat.sh sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/check_heartbeat.sh sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/master.sh sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/backup.sh sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/fault.sh sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/primary-backup.sh sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/check_heartbeat.sh sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/arping_gateways.sh sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" /root/checkrouter.sh chmod a+x $rrouter_bin_path/*.sh sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived crontab -l|grep "check_heartbeat.sh" if [ $? -ne 0 ] then (crontab -l; echo "*/1 * * * * $rrouter_bin_path/check_heartbeat.sh 2>&1 > /dev/null") | crontab fi } setup_router() { log_it "Setting up virtual router system vm" oldmd5= [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}') if [ -n "$ETH2_IP" ] then setup_common eth0 eth1 eth2 if [ -n "$EXTRA_PUBNICS" ] then for((i = 3; i < 3 + $EXTRA_PUBNICS; i++)) do setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force" done fi else setup_common eth0 eth1 if [ -n "$EXTRA_PUBNICS" ] then for((i = 2; i < 2 + $EXTRA_PUBNICS; i++)) do setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force" done fi fi if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ] then setup_redundant_router fi log_it "Checking udev NIC assignment order changes" if [ "$NIC_MACS" != "" ] then init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules" newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}') rm /tmp/interfaces rm /tmp/udev-rules if [ "$oldmd5" != "$newmd5" ] then log_it "udev NIC assignment requires reboot to take effect" sync sleep 2 reboot fi fi setup_dnsmasq NS=$NS1 [ -n "$NS2" ] && NS=$NS1,$NS2 if [ "$USE_EXTERNAL_DNS" == "true" ] then sed -i -e "/^[#]*dhcp-option=6.*$/d" /etc/dnsmasq.conf echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf fi setup_apache2 $ETH0_IP sed -i /gateway/d /etc/hosts echo "$ETH0_IP $NAME" >> /etc/hosts setup_sshd $ETH1_IP enable_svc dnsmasq 1 enable_svc haproxy 1 enable_svc cloud-passwd-srvr 1 enable_svc cloud 0 disable_rpfilter_domR enable_fwding 1 chkconfig nfs-common off cp /etc/iptables/iptables-router /etc/iptables/rules } setup_dhcpsrvr() { log_it "Setting up dhcp server system vm" setup_common eth0 eth1 setup_dnsmasq setup_apache2 $ETH0_IP NS=$NS1 [ -n "$NS2" ] && NS=$NS1,$NS2 if [ "$DEFAULTROUTE" != "false" ] then sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf echo "dhcp-option=option:router,$GW" >> /etc/dnsmasq.conf #for now set up ourself as the dns server as well sed -i -e "/^[#]*dhcp-option=6.*$/d" /etc/dnsmasq.conf if [ "$USE_EXTERNAL_DNS" == "true" ] then echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf else echo "dhcp-option=6,$ETH0_IP,$NS" >> /etc/dnsmasq.conf fi else sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf echo "dhcp-option=option:router" >> /etc/dnsmasq.conf sed -i -e "/^[#]*dhcp-option=6.*$/d" /etc/dnsmasq.conf echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf fi sed -i /gateway/d /etc/hosts echo "$ETH0_IP $NAME" >> /etc/hosts if [ "$SSHONGUEST" == "true" ] then setup_sshd $ETH0_IP else setup_sshd $ETH1_IP fi enable_svc dnsmasq 1 enable_svc haproxy 0 enable_svc cloud-passwd-srvr 1 enable_svc cloud 0 enable_fwding 0 chkconfig nfs-common off if [ "$SSHONGUEST" == "true" ] then sed '/3922/i -A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT' /etc/iptables/iptables-router > /etc/iptables/rules else cp /etc/iptables/iptables-router /etc/iptables/rules fi } setup_storage_network() { if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ] then log_it "Incompleted parameters STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR. Cannot setup storage network" return fi echo "" >> /etc/network/interfaces echo "auto eth3" >> /etc/network/interfaces setup_interface "3" "$STORAGE_IP" "$STORAGE_NETMASK" #ip route add "$STORAGE_CIDR" via "$STORAGE_IP" log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR" } setup_secstorage() { log_it "Setting up secondary storage system vm" local hyp=$1 setup_common eth0 eth1 eth2 setup_storage_network [ -n "$MTU" ] && ifconfig eth1 mtu $MTU sed -i /gateway/d /etc/hosts public_ip=$ETH2_IP [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP echo "$public_ip $NAME" >> /etc/hosts cp /etc/iptables/iptables-secstorage /etc/iptables/rules if [ "$hyp" == "vmware" ]; then setup_sshd $ETH1_IP else setup_sshd $ETH0_IP fi setup_apache2 $ETH2_IP disable_rpfilter enable_fwding 0 enable_svc haproxy 0 enable_svc dnsmasq 0 enable_svc cloud-passwd-srvr 0 enable_svc cloud 1 } setup_console_proxy() { log_it "Setting up console proxy system vm" local hyp=$1 setup_common eth0 eth1 eth2 public_ip=$ETH2_IP [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP sed -i /gateway/d /etc/hosts echo "$public_ip $NAME" >> /etc/hosts cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules if [ "$hyp" == "vmware" ]; then setup_sshd $ETH1_IP else setup_sshd $ETH0_IP fi disable_rpfilter enable_fwding 0 enable_svc haproxy 0 enable_svc dnsmasq 0 enable_svc cloud-passwd-srvr 0 enable_svc cloud 1 chkconfig nfs-common off } setup_elbvm() { log_it "Setting up Elastic Load Balancer system vm" local hyp=$1 setup_common eth0 eth1 sed -i /gateway/d /etc/hosts public_ip=$ETH2_IP [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP echo "$public_ip $NAME" >> /etc/hosts if [ "$SSHONGUEST" == "true" ] then sed '/3922/s/eth1/eth0/' setup_sshd $ETH0_IP else cp /etc/iptables/iptables-elbvm /etc/iptables/rules setup_sshd $ETH1_IP fi enable_fwding 0 enable_svc haproxy 0 enable_svc dnsmasq 0 enable_svc cloud-passwd-srvr 0 enable_svc cloud 0 chkconfig nfs-common off chkconfig portmap off } setup_default() { cat > /etc/network/interfaces << EOF auto lo eth0 iface lo inet loopback iface eth0 inet dhcp EOF } change_password() { if [ x"$VM_PASSWORD" != x"" ] then echo "root:$VM_PASSWORD" | chpasswd fi } start() { local hyp=$(hypervisor) [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10 log_it "Detected that we are running inside $hyp guest" get_boot_params patch parse_cmd_line change_password case $TYPE in router) [ "$NAME" == "" ] && NAME=router setup_router ;; dhcpsrvr) [ "$NAME" == "" ] && NAME=dhcpsrvr setup_dhcpsrvr ;; secstorage) [ "$NAME" == "" ] && NAME=secstorage setup_secstorage $hyp; ;; consoleproxy) [ "$NAME" == "" ] && NAME=consoleproxy setup_console_proxy $hyp; ;; elbvm) [ "$NAME" == "" ] && NAME=elb setup_elbvm ;; unknown) [ "$NAME" == "" ] && NAME=systemvm setup_default; ;; esac return 0 } disable_hvc parse_cmd_line() { CMDLINE=$(cat /var/cache/cloud/cmdline) TYPE="unknown" BOOTPROTO="static" DISABLE_RP_FILTER="false" STORAGE_IP="" STORAGE_NETMASK="" STORAGE_CIDR="" VM_PASSWORD="" for i in $CMDLINE do # search for foo=bar pattern and cut out foo KEY=$(echo $i | cut -d= -f1) VALUE=$(echo $i | cut -d= -f2) case $KEY in disable_rp_filter) DISABLE_RP_FILTER=$VALUE ;; eth0ip) ETH0_IP=$VALUE ;; eth1ip) ETH1_IP=$VALUE ;; eth2ip) ETH2_IP=$VALUE ;; host) MGMT_HOST=$VALUE ;; gateway) GW=$VALUE ;; eth0mask) ETH0_MASK=$VALUE ;; eth1mask) ETH1_MASK=$VALUE ;; eth2mask) ETH2_MASK=$VALUE ;; internaldns1) internalNS1=$VALUE ;; internaldns2) internalNS2=$VALUE ;; dns1) NS1=$VALUE ;; dns2) NS2=$VALUE ;; domain) DOMAIN=$VALUE ;; dnssearchorder) DNS_SEARCH_ORDER=$VALUE ;; useextdns) USE_EXTERNAL_DNS=$VALUE ;; mgmtcidr) MGMTNET=$VALUE ;; localgw) LOCAL_GW=$VALUE ;; template) TEMPLATE=$VALUE ;; sshonguest) SSHONGUEST=$VALUE ;; name) NAME=$VALUE ;; dhcprange) DHCP_RANGE=$(echo $VALUE | tr ':' ',') ;; bootproto) BOOTPROTO=$VALUE ;; type) TYPE=$VALUE ;; defaultroute) DEFAULTROUTE=$VALUE ;; redundant_router) RROUTER=$VALUE ;; guestgw) GUEST_GW=$VALUE ;; guestbrd) GUEST_BRD=$VALUE ;; guestcidrsize) GUEST_CIDR_SIZE=$VALUE ;; router_pr) ROUTER_PR=$VALUE ;; extra_pubnics) EXTRA_PUBNICS=$VALUE ;; nic_macs) NIC_MACS=$VALUE ;; mtu) MTU=$VALUE ;; storageip) STORAGE_IP=$VALUE ;; storagenetmask) STORAGE_NETMASK=$VALUE ;; storagecidr) STORAGE_CIDR=$VALUE ;; vmpassword) VM_PASSWORD=$VALUE ;; esac done } case "$1" in start) log_action_begin_msg "Executing cloud-early-config" log_it "Executing cloud-early-config" if start; then log_action_end_msg $? else log_action_end_msg $? fi ;; stop) log_action_begin_msg "Stopping cloud-early-config (noop)" log_action_end_msg 0 ;; force-reload|restart) log_warning_msg "Running $0 is deprecated because it may not enable again some interfaces" log_action_begin_msg "Executing cloud-early-config" if start; then log_action_end_msg $? else log_action_end_msg $? fi ;; *) echo "Usage: /etc/init.d/cloud-early-config {start|stop}" exit 1 ;; esac exit 0