From: Andy Witter Date: Wed, 19 Feb 2014 05:53:56 +0000 (-0500) Subject: Add changes for preliminary DMZ support X-Git-Tag: GenaSYS-2.6.0~9 X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=ef542e5a931a4eca108ee612121194b0327cc1d3;p=contrib%2Fpines%2Fgenasys.git Add changes for preliminary DMZ support --- diff --git a/GenaSYS.sh b/GenaSYS.sh index a15d3b6..face50f 100755 --- a/GenaSYS.sh +++ b/GenaSYS.sh @@ -26,7 +26,7 @@ SYNOPSIS_="$NAME_" REQUIRES_="standard GNU commands, apt, dpkg" VERSION_="1.31" - DATE_="2010-09-23; last update: 2014-01-24" + DATE_="2010-09-23; last update: 2014-02-17" AUTHOR_="Andy Witter " URL_="http://evergreen-ils.org" CATEGORY_="devel" @@ -59,6 +59,7 @@ LICENSE="$WD/License.txt" TEMPLATEDIR="$WD/templates" DEFAULT_PRIVATE_NET="10.0.1" PRIVATENET="$DEFAULT_PRIVATE_NET" +ORIGIN_PRIVATENET="$PRIVATENET" OSRF_USERNAME="opensrf" DB_USERNAME="evergreen" #DRONECOUNT="2" @@ -66,6 +67,7 @@ TMPFOLDER="/tmp/GenaSYS" TMPHOSTS="${TMPFOLDER}/tmphost.txt" TMPZONEFILE="${TMPFOLDER}/tmpzonefile.txt" TMPREVZONEFILE="${TMPFOLDER}/tmprevzonefile.txt" +TMPREVZONEFILE_DMZ="${TMPFOLDER}/tmprevzonefile_dmz.txt" TMPOSRFNODES="${TMPFOLDER}/tmposrfnodes" TMPOPENSRF_XML="${TMPFOLDER}/tmpopensrf.xml" TMPNAGIHOSTS="${TMPFOLDER}/hosts.cfg" @@ -646,6 +648,51 @@ Mask2CIDR() { ### Convert Netmask to CIDR unset IFS } +### DMZ Configuration +Choose_Use_DMZ () { ### Are we using a DMZ? +echo;echo;echo;echo +TitleBar "DMZ Configuration." +echo +echo -e "If you are using a DMZ then the LVS servers and bricks will be" +echo -e "configured on the DMZ subnet and all other servers in the cluster" +echo -e "including the database server will be configured on a private subnet." +echo +while true; do + read -n 1 -p "Do you want to use a DMZ as part of your network configuration [y/n] : " USE_DMZ + case $USE_DMZ in + [Yy]* ) echo ; break;; + [Nn]* ) echo ; break;; + * ) echo " Please answer yes or no.";; + esac +done +} + +## DMZ subnet +Get_DMZ_Subnet () { ### Prompt for DMZ network IP. +echo "Enter the first 3 octets of the DMZ network ip address for the cluster : " + echo -en $COL_BR_CYAN + read -p "eg. 172.16.1 DMZ Network IP: " DMZ_NET + echo -e $COL_RESET + echo + echo -e "The network IP" $COL_BR_YELLOW "${DMZ_NET}.0/24" $COL_RESET "will be used for the DMZ network." + echo +} + +## Gateway if using a DMZ +Get_Gateways () { +echo +echo "Since you are using a DMZ it is expected that you have a" +echo "firwall/router between the private network and the DMZ" +echo "The gateways on both sides of the router will need to" +echo "be configured for the hosts in the cluster." +echo +echo -e "Enter the gateway address for the" ${COL_BR_RED}"DMZ"${COL_RESET} "network" "(${COL_BR_RED}${DMZ_NET}${COL_RESET}): " +read -p ">> " DMZ_GATEWAY +echo +echo -e "Enter the gateway address for the" ${COL_BR_GREEN}"private network"${COL_RESET} "network" "(${COL_BR_GREEN}${PRIVATENET}${COL_RESET}): " +read -p ">> " PRIVATENET_GATEWAY +} + Choose_Private_Net () { ### Default Private Network Configuration. echo;echo;echo;echo #echo -e $COL_BR_BLUE"________Private network configuration________"$COL_RESET @@ -669,6 +716,7 @@ if [ "$USE_STANDARD_PRIVATE_NETWORK" != "y" ] echo "Enter the first 3 octets of the private network ip address for the cluster : " echo -en $COL_BR_CYAN read -p "eg. 192.168.1 Private Network IP: " PRIVATENET + ORIGIN_PRIVATENET="$PRIVATENET" echo -e $COL_RESET echo echo -e "The network IP" $COL_BR_YELLOW "${PRIVATENET}.0/24" $COL_RESET "will be used for the private network." @@ -875,6 +923,15 @@ Write_Config_File () { ### Add to new config file. eval echo $@=\\\"\$$@\\\" >> $NEW_CONFIG_FILE } +Set_DMZ_Net () { ### Set the private network to the DMZ network address temporarily. +PRIVATENET="$DMZ_NET" +} + +Unset_DMZ_Net () { ### Set the private network back to the original network address. +PRIVATENET="$ORIGIN_PRIVATENET" +} + + Run_Functions_For_Input () { ################### Run functions to get info (input) ###################### @@ -1048,6 +1105,21 @@ then fi Write_Config_File EG_ADMIN_PASSWORD +if [ -z $USE_DMZ ] || [ "$USE_CONFIG_FILE" == "0" ] +then + Choose_Use_DMZ +fi +Write_Config_File USE_DMZ + +if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] +then + Get_DMZ_Subnet + Get_Gateways +fi +Write_Config_File DMZ_NET +write_Config_File DMZ_GATEWAY +Write_Config_File PRIVATENET_GATEWAY + if [ -z $USE_STANDARD_PRIVATE_NETWORK ] || [ "$USE_CONFIG_FILE" == "0" ] then Choose_Private_Net @@ -1250,9 +1322,20 @@ fi HOSTNAMES_NO_BRICKS="lvs01 lvs02 db01 db02 db03 logger01 utility01 sip01 sip02 reporter01 memcache01 memcache02 monitor01 monitor02 backup01 admin01" ### Setup Privatenet IP for all hosts except bricks. -LVS01_PRIVATE_SHARED_IP="${PRIVATENET}.1" -LVS01_PRIVATE_IP="${PRIVATENET}.2" -LVS02_PRIVATE_IP="${PRIVATENET}.3" +if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] +then + Set_DMZ_Net + echo PRIVATENET SET to $PRIVATENET + LVS01_PRIVATE_SHARED_IP="${PRIVATENET}.1" + LVS01_PRIVATE_IP="${PRIVATENET}.2" + LVS02_PRIVATE_IP="${PRIVATENET}.3" + Unset_DMZ_Net + echo PRIVATENET UNSET to $PRIVATENET +else + LVS01_PRIVATE_SHARED_IP="${PRIVATENET}.1" + LVS01_PRIVATE_IP="${PRIVATENET}.2" + LVS02_PRIVATE_IP="${PRIVATENET}.3" +fi DB01_IP="${PRIVATENET}.101" DB02_IP="${PRIVATENET}.102" DB03_IP="${PRIVATENET}.103" @@ -1316,7 +1399,6 @@ do fi done -## Generate authkeys file for ha for LVS in $MACHINES_LVS_ONLY do @@ -1349,7 +1431,13 @@ for LVS in $MACHINES_LVS_ONLY sed -i "s^ClusterPublic_CIDR^${CLUSTER_CIDR}^g" "$OUTDIR/$LVS/etc/ha.d/haresources" sed -i "s^ClusterPublic_Bcast^${PUB_BCAST}^g" "$OUTDIR/$LVS/etc/ha.d/haresources" sed -i "s^Lvs01Private_Shared_IP^${LVS01_PRIVATE_SHARED_IP}^g" "$OUTDIR/$LVS/etc/ha.d/haresources" - sed -i "s^lvs01Private_Net^${PRIVATENET}^g" "$OUTDIR/$LVS/etc/ha.d/haresources" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + sed -i "s^lvs01Private_Net^${DMZ_NET}^g" "$OUTDIR/$LVS/etc/ha.d/haresources" + else + sed -i "s^lvs01Private_Net^${PRIVATENET}^g" "$OUTDIR/$LVS/etc/ha.d/haresources" + fi + ### Configure the maintenance page on LVS servers mkdir -p "$OUTDIR/$LVS/var/www" @@ -1465,6 +1553,7 @@ CLUSTER_TLD="$(echo $CLUSTERDOMAINNAME |awk -F"." '{ print $NF }')" [ -e "$TMPHOSTS" ] && rm -f "$TMPHOSTS" [ -e "$TMPZONEFILE" ] && rm -f "$TMPZONEFILE" [ -e "$TMPREVZONEFILE" ] && rm -f "$TMPREVZONEFILE" +[ -e "$TMPREVZONEFILE_DMZ" ] && rm -f "$TMPREVZONEFILE_DMZ" [ -e "$TMPOSRFNODES" ] && rm -f "$TMPOSRFNODES" if [ "$USE_HOSTNAME_PREFIX" = "y" ] || [ "$USE_HOSTNAME_PREFIX" = "Y" ] then @@ -1485,8 +1574,26 @@ PRIVATENET_3RD=$(echo $PRIVATENET | awk -F"." '{ print $3 }') ### Reverse the private net for DNS reverse zone. REV_PRIVATENET="${PRIVATENET_3RD}.${PRIVATENET_2ND}.${PRIVATENET_1ST}" + sed -i "s^_REV_PRIVATE_NET^$REV_PRIVATENET^g" "$TMPREVZONEFILE" +if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] +then + +cat "$TEMPLATEDIR/lvs/bind/revzonefile-header" > "$TMPREVZONEFILE_DMZ" + + +### Split the DMZ network into 3 separate octects. +DMZ_NET_1ST="$(echo $DMZ_NET | awk -F"." '{ print $1 }')" +DMZ_NET_2ND="$(echo $DMZ_NET | awk -F"." '{ print $2 }')" +DMZ_NET_3RD="$(echo $DMZ_NET | awk -F"." '{ print $3 }')" + +### Reverse the DMZ net for DNS reverse zone. +REV_DMZ_NET="${DMZ_NET_3RD}.${DMZ_NET_2ND}.${DMZ_NET_1ST}" + +sed -i "s^_REV_DMZ_NET^$REV_DMZ_NET^g" "$TMPREVZONEFILE_DMZ" +fi + ### Add lvs servers entry to the global hosts file and DNS zone file. NUM=0 for LVS_SERVERS in $MACHINES_LVS_ONLY @@ -1495,7 +1602,12 @@ for LVS_SERVERS in $MACHINES_LVS_ONLY #echo "$LVS01_PRIVATE_IP $LVS_SERVERS.${CLUSTERDOMAINNAME} $LVS_SERVERS " >> "$TMPHOSTS" eval echo "\$LVS0${NUM}_PRIVATE_IP $LVS_SERVERS.${CLUSTERDOMAINNAME} $LVS_SERVERS " >> "$TMPHOSTS" eval printf "$LVS_SERVERS\\\tA\\\t\$LVS0${NUM}_PRIVATE_IP\\\n" >> "$TMPZONEFILE" - printf "0${NUM}\tIN\tPTR\t$LVS_SERVERS.${CLUSTERDOMAINNAME}.\n" >> "$TMPREVZONEFILE" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + printf "0${NUM}\tIN\tPTR\t$LVS_SERVERS.${CLUSTERDOMAINNAME}.\n" >> "$TMPREVZONEFILE_DMZ" + else + printf "0${NUM}\tIN\tPTR\t$LVS_SERVERS.${CLUSTERDOMAINNAME}.\n" >> "$TMPREVZONEFILE" + fi done @@ -1537,6 +1649,10 @@ cp -f ${TEMPLATEDIR}/monitor/munin.conf $TMPMUNINCONF ### And create the configuration files as needed. CreateBricks () { ### Create config for Bricks without separate drones. DRONELESS +if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] +then + Set_DMZ_Net +fi for BRICK in $(seq $BRICKCOUNT) do if [ -z "$HOSTNAME_PREFIX" ] ; then @@ -1625,9 +1741,16 @@ for BRICK in $(seq $BRICKCOUNT) eval printf "\$BRICKHOSTNAME${BRICK}-head\\\tA\\\t\$BRICKHOSTNAME${BRICK}_HEAD_IP\\\n" >> $TMPZONEFILE eval printf "public.\$BRICKHOSTNAME${BRICK}-head\\\tA\\\t\$BRICKHOSTNAME${BRICK}_HEAD_IP\\\n" >> $TMPZONEFILE eval printf "private.\$BRICKHOSTNAME${BRICK}-head\\\tA\\\t\$BRICKHOSTNAME${BRICK}_HEAD_IP\\\n" >> $TMPZONEFILE - eval printf "${BRICK}0\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE - eval printf "${BRICK}0\\\tIN\\\tPTR\\\tpublic.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE - eval printf "${BRICK}0\\\tIN\\\tPTR\\\tprivate.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + eval printf "${BRICK}0\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tpublic.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tprivate.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + else + eval printf "${BRICK}0\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tpublic.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tprivate.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + fi eval echo "/openils/var/data/offline \$BRICKHOSTNAME${BRICK}_HEAD_IP\(rw,sync,no_subtree_check\)" >> $TMPFOLDER/exports eval echo "/openils/var/data/vandelay \$BRICKHOSTNAME${BRICK}_HEAD_IP\(rw,sync,no_subtree_check\)" >> $TMPFOLDER/exports eval echo "/storage/reports-output \$BRICKHOSTNAME${BRICK}_HEAD_IP\(ro,sync,no_subtree_check\)" >> $TMPFOLDER/exports_reporter @@ -1657,6 +1780,7 @@ for BRICK in $(seq $BRICKCOUNT) echo >>$TMPMUNINCONF done +Unset_DMZ_Net ### Setup hosts file for bricks. @@ -1672,6 +1796,10 @@ for BRICK in $(seq $BRICKCOUNT) } CreateBricksAndDrones () { ### Create config for bricks with seperate drones +if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] +then + Set_DMZ_Net +fi for BRICK in $(seq $BRICKCOUNT) do if [ -z "$HOSTNAME_PREFIX" ] ; then @@ -1763,9 +1891,16 @@ for BRICK in $(seq $BRICKCOUNT) eval printf "\$BRICKHOSTNAME${BRICK}-head\\\tA\\\t\$BRICKHOSTNAME${BRICK}_HEAD_IP\\\n" >> $TMPZONEFILE eval printf "public.\$BRICKHOSTNAME${BRICK}-head\\\tA\\\t\$BRICKHOSTNAME${BRICK}_HEAD_IP\\\n" >> $TMPZONEFILE eval printf "private.\$BRICKHOSTNAME${BRICK}-head\\\tA\\\t\$BRICKHOSTNAME${BRICK}_HEAD_IP\\\n" >> $TMPZONEFILE - eval printf "${BRICK}0\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE - eval printf "${BRICK}0\\\tIN\\\tPTR\\\tpublic.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE - eval printf "${BRICK}0\\\tIN\\\tPTR\\\tprivate.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + eval printf "${BRICK}0\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tpublic.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tprivate.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + else + eval printf "${BRICK}0\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tpublic.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tprivate.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + fi BRICK_HEAD_LIST="$BRICK_HEAD_LIST$(eval printf "\$BRICKHOSTNAME${BRICK}-head\ ")" ### Monitoring printf 'define host {\n' >>$TMPNAGIHOSTS;eval printf "\\\thost_name\\\t\$BRICKHOSTNAME${BRICK}-head\\\n" >>$TMPNAGIHOSTS @@ -1858,7 +1993,12 @@ for BRICK in $(seq $BRICKCOUNT) eval echo -e "\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}_IP \$BRICKHOSTNAME${BRICK}_DRONE${DRONE}.${CLUSTERDOMAINNAME} \$BRICKHOSTNAME${BRICK}_DRONE${DRONE}" \ >> $TMPHOSTS eval printf "\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}\\\tA\\\t\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}_IP\\\n" >> $TMPZONEFILE - eval printf "${BRICK}${DRONE}\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + eval printf "${BRICK}${DRONE}\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + else + eval printf "${BRICK}${DRONE}\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + fi DRONE_LIST="$DRONE_LIST$(eval printf "\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}\ ")" ### Monitoring printf 'define host {\n' >>$TMPNAGIHOSTS;eval printf "\\\thost_name\\\t\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}\\\n" >>$TMPNAGIHOSTS @@ -1889,6 +2029,7 @@ for BRICK in $(seq $BRICKCOUNT) eval cat $TEMPLATEDIR/oils_brick.cfg-footer >> ${OUTDIR}/$(eval echo \$BRICKHOSTNAME${BRICK})/$(eval echo \$BRICKHOSTNAME${BRICK})-head/openils/conf/.oils_brick.cfg done +Unset_DMZ_Net ### Add list of bricks and drones BRICK_DRONE_LIST="$BRICK_HEAD_LIST $DRONE_LIST" @@ -1943,6 +2084,7 @@ cat $TMPFOLDER/zonefile-footer >> "$TMPZONEFILE" cat $TMPFOLDER/revzonefile-footer >> "$TMPREVZONEFILE" sed -i "s^domain.org^$CLUSTERDOMAINNAME^g" "$TMPZONEFILE" sed -i "s^domain.org^$CLUSTERDOMAINNAME^g" "$TMPREVZONEFILE" +sed -i "s^domain.org^$CLUSTERDOMAINNAME^g" "$TMPREVZONEFILE_DMZ" sed -i "s^Priv_NET^$PRIVATENET^g" "$TMPZONEFILE" @@ -1987,6 +2129,7 @@ for LVS_SERVER in $MACHINES_LVS_ONLY mkdir -p "$OUTDIR/$LVS_SERVER/etc/bind" cp -f "$TMPZONEFILE" "$OUTDIR/$LVS_SERVER/etc/bind/${CLUSTERDOMAINNAME}-zone" cp -f "$TMPREVZONEFILE" "$OUTDIR/$LVS_SERVER/etc/bind/${PRIVATENET}-zone" + cp -f "$TMPREVZONEFILE_DMZ" "$OUTDIR/$LVS_SERVER/etc/bind/${DMZ_NET}-zone" sed -i "s^_MY_HOSTNAME^$LVS_SERVER^g" "$OUTDIR/$LVS_SERVER/etc/bind/${CLUSTERDOMAINNAME}-zone" sed -i "s^_MY_HOSTNAME^$LVS_SERVER^g" "$OUTDIR/$LVS_SERVER/etc/bind/${PRIVATENET}-zone" done @@ -2000,10 +2143,24 @@ for LVS_SERVERS in $MACHINES_LVS_ONLY ((NUM++)) if ! echo "$LVS_SERVERS" | grep -q "lvs01" then - cp -f "$TEMPLATEDIR/lvs/bind/named.conf.local-slave" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + cp -f "$TEMPLATEDIR/lvs/bind/named.conf.local-slave_DMZ" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + sed -i "s^_REV_DMZ_NET^$REV_DMZ_NET^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + sed -i "s^DMZ_NET^$DMZ_NET^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + else + cp -f "$TEMPLATEDIR/lvs/bind/named.conf.local-slave" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + fi sed -i "s^_LVS01_PRIVATE_IP^$LVS01_PRIVATE_IP^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" else - cp -f "$TEMPLATEDIR/lvs/bind/named.conf.local-master" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + cp -f "$TEMPLATEDIR/lvs/bind/named.conf.local-master_DMZ" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + sed -i "s^_REV_DMZ_NET^$REV_DMZ_NET^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + sed -i "s^DMZ_NET^$DMZ_NET^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + else + cp -f "$TEMPLATEDIR/lvs/bind/named.conf.local-master" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + fi sed -i "s^_LVS02_PRIVATE_IP^$LVS02_PRIVATE_IP^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" fi eval sed -i "s^_MY_IP^\$LVS0${NUM}_PRIVATE_IP^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" @@ -2041,7 +2198,12 @@ for LVS in $MACHINES_LVS_ONLY cp -f "$TEMPLATEDIR/lvs/interfaces" "$OUTDIR/$LVS/etc/network" sed -i "s^Pub_NETMASK^$CLUSTERNETMASK^g" "$OUTDIR/$LVS/etc/network/interfaces" sed -i "s^Pub_GATEWAY^$CLUSTERGATEWAY^g" "$OUTDIR/$LVS/etc/network/interfaces" - sed -i "s^Priv_NET^$PRIVATENET^g" "$OUTDIR/$LVS/etc/network/interfaces" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + sed -i "s^Priv_NET^$DMZ_NET^g" "$OUTDIR/$LVS/etc/network/interfaces" + else + sed -i "s^Priv_NET^$PRIVATENET^g" "$OUTDIR/$LVS/etc/network/interfaces" + fi sed -i "s^Cluster_Public_IP^$CLUSTERIPADDRESS^g" "$OUTDIR/$LVS/etc/network/interfaces" eval sed -i "s^Pub_IP^\$LVS0${NUM}_PHYSICAL_PUBLIC_IP^g" "$OUTDIR/$LVS/etc/network/interfaces" @@ -2080,6 +2242,10 @@ for NET_NODE in $MACHINES_NO_BRICKS_LVS fi cp -f "$TEMPLATEDIR/interfaces" "$OUTDIR/$NET_NODE/etc/network" && \ # eval sed -i "s^Priv_IP^\$${NET_NODE^^*}_IP^g" "$OUTDIR/$NET_NODE/etc/network/interfaces" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + sed -i "s^Priv_NET.1^$PRIVATENET_GATEWAY^g" "$OUTDIR/$NET_NODE/etc/network/interfaces" + fi eval sed -i "s^Priv_IP^\$${NODE_NO_PREFIX^^*}_IP^g" "$OUTDIR/$NET_NODE/etc/network/interfaces" sed -i "s^LVS01_Private_IP^$LVS01_PRIVATE_IP^g" "$OUTDIR/$NET_NODE/etc/network/interfaces" sed -i "s^LVS02_Private_IP^$LVS02_PRIVATE_IP^g" "$OUTDIR/$NET_NODE/etc/network/interfaces" diff --git a/templates/lvs/bind/named.conf.local-master_DMZ b/templates/lvs/bind/named.conf.local-master_DMZ new file mode 100644 index 0000000..de9f74c --- /dev/null +++ b/templates/lvs/bind/named.conf.local-master_DMZ @@ -0,0 +1,43 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + +zone "domain.org" { + type master; + file "/etc/bind/domain.org-zone"; + // allow-update { key "rndc-key"; Priv_NET.0/24; }; + allow-transfer { + 127.0.0.1; + _MY_IP; + _LVS02_PRIVATE_IP; + }; + notify yes; +}; + +zone "_REV_PRIVATE_NET.in-addr.arpa" { + type master; + file "/etc/bind/Priv_NET-zone"; + // allow-update { key "rndc-key"; Priv_NET.0/24; }; + allow-transfer { + 127.0.0.1; + _MY_IP; + _LVS02_PRIVATE_IP; + }; + notify yes; +}; + +zone "_REV_DMZ_NET.in-addr.arpa" { + type master; + file "/etc/bind/DMZ_NET-zone"; + // allow-update { key "rndc-key"; DMZ_NET.0/24; }; + allow-transfer { + 127.0.0.1; + _MY_IP; + _LVS02_PRIVATE_IP; + }; + notify yes; +}; diff --git a/templates/lvs/bind/named.conf.local-slave_DMZ b/templates/lvs/bind/named.conf.local-slave_DMZ new file mode 100644 index 0000000..3fa23f8 --- /dev/null +++ b/templates/lvs/bind/named.conf.local-slave_DMZ @@ -0,0 +1,43 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + +zone "domain.org" { + type slave; + masters { _LVS01_PRIVATE_IP; }; + file "/etc/bind/domain.org-zone"; + // allow-update { key "rndc-key"; Priv_NET.0/24; }; + allow-transfer { + 127.0.0.1; + _MY_IP; + }; + notify yes; +}; + +zone "_REV_PRIVATE_NET.in-addr.arpa" { + type slave; + masters { _LVS01_PRIVATE_IP; }; + file "/etc/bind/Priv_NET-zone"; + //allow-update { key "rndc-key"; Priv_NET.0/24; }; + allow-transfer { + 127.0.0.1; + _MY_IP; + }; + notify yes; +}; + +zone "_REV_DMZ_NET.in-addr.arpa" { + type slave; + masters { _LVS01_PRIVATE_IP; }; + file "/etc/bind/Priv_NET-zone"; + //allow-update { key "rndc-key"; DMZ_NET.0/24; }; + allow-transfer { + 127.0.0.1; + _MY_IP; + }; + notify yes; +};