From ce0368471ac90611d86c573850c4f28493e073e2 Mon Sep 17 00:00:00 2001 From: Andy Witter Date: Wed, 19 Feb 2014 09:00:45 -0500 Subject: [PATCH] Add Preliminary DMZ support --- GenaSYS.sh | 220 +++++++++++++++++++++++-- templates/lvs/bind/named.conf.local-master_DMZ | 43 +++++ templates/lvs/bind/named.conf.local-slave_DMZ | 43 +++++ 3 files changed, 289 insertions(+), 17 deletions(-) create mode 100644 templates/lvs/bind/named.conf.local-master_DMZ create mode 100644 templates/lvs/bind/named.conf.local-slave_DMZ diff --git a/GenaSYS.sh b/GenaSYS.sh index a15d3b6..693a34b 100755 --- a/GenaSYS.sh +++ b/GenaSYS.sh @@ -26,7 +26,7 @@ SYNOPSIS_="$NAME_" REQUIRES_="standard GNU commands, apt, dpkg" VERSION_="1.31" - DATE_="2010-09-23; last update: 2014-01-24" + DATE_="2010-09-23; last update: 2014-02-19" AUTHOR_="Andy Witter " URL_="http://evergreen-ils.org" CATEGORY_="devel" @@ -59,6 +59,7 @@ LICENSE="$WD/License.txt" TEMPLATEDIR="$WD/templates" DEFAULT_PRIVATE_NET="10.0.1" PRIVATENET="$DEFAULT_PRIVATE_NET" +ORIGIN_PRIVATENET="$PRIVATENET" OSRF_USERNAME="opensrf" DB_USERNAME="evergreen" #DRONECOUNT="2" @@ -66,6 +67,7 @@ TMPFOLDER="/tmp/GenaSYS" TMPHOSTS="${TMPFOLDER}/tmphost.txt" TMPZONEFILE="${TMPFOLDER}/tmpzonefile.txt" TMPREVZONEFILE="${TMPFOLDER}/tmprevzonefile.txt" +TMPREVZONEFILE_DMZ="${TMPFOLDER}/tmprevzonefile_dmz.txt" TMPOSRFNODES="${TMPFOLDER}/tmposrfnodes" TMPOPENSRF_XML="${TMPFOLDER}/tmpopensrf.xml" TMPNAGIHOSTS="${TMPFOLDER}/hosts.cfg" @@ -646,6 +648,66 @@ Mask2CIDR() { ### Convert Netmask to CIDR unset IFS } +### DMZ Configuration +Choose_Use_DMZ () { ### Are we using a DMZ? +echo;echo;echo;echo +TitleBar "DMZ Configuration." +echo +echo -e "If you are using a DMZ then the LVS servers and bricks will be" +echo -e "configured on the DMZ subnet and all other servers in the cluster" +echo -e "including the database server will be configured on a private subnet." +echo +while true; do + read -n 1 -p "Do you want to use a DMZ as part of your network configuration [y/n] : " USE_DMZ + case $USE_DMZ in + [Yy]* ) echo ; break;; + [Nn]* ) echo ; break;; + * ) echo " Please answer yes or no.";; + esac +done +} + +## DMZ subnet +Get_DMZ_Subnet () { ### Prompt for DMZ network IP. +echo "Enter the first 3 octets of the DMZ network ip address for the cluster : " + echo -en $COL_BR_CYAN + read -p "eg. 172.16.1 DMZ Network IP: " DMZ_NET + echo -e $COL_RESET + echo + echo -e "The network IP" $COL_BR_YELLOW "${DMZ_NET}.0/24" $COL_RESET "will be used for the DMZ network." + echo +} + +## Gateway if using a DMZ +Get_Gateways () { +echo +echo "Since you are using a DMZ it is expected that you have a" +echo "firwall/router between the private network and the DMZ" +echo "The gateways on both sides of the router will need to" +echo "be configured for the hosts in the cluster." +echo +echo -e "Enter the gateway address for the" ${COL_BR_RED}"DMZ"${COL_RESET} "network" "(${COL_BR_RED}${DMZ_NET}${COL_RESET}): " +echo -e $COL_BR_CYAN +read -p "eg. ${DMZ_NET}.1 >> " DMZ_GATEWAY +[ -z "$DMZ_GATEWAY" ] && DMZ_GATEWAY="${DMZ_NET}.1" +echo "Using $DMZ_GATEWAY" +echo -e $COL_RESET +sleep 1 +echo +if [ "$USE_STANDARD_PRIVATE_NETWORK" = "y" ] || [ "$USE_STANDARD_PRIVATE_NETWORK" = "Y" ] +then + PRIVATENET_GATEWAY="${PRIVATENET}.1" +else + echo -e "Enter the gateway address for the" ${COL_BR_GREEN}"private network"${COL_RESET} "network" "(${COL_BR_GREEN}${PRIVATENET}${COL_RESET}): " + echo -e $COL_BR_CYAN + read -p "eg. ${PRIVATENET}.1 >> " PRIVATENET_GATEWAY + [ -z "$PRIVATENET_GATEWAY" ] && PRIVATENET_GATEWAY="${PRIVATENET}.1" + echo "Using $PRIVATENET_GATEWAY" + echo -e $COL_RESET + sleep 1 +fi +} + Choose_Private_Net () { ### Default Private Network Configuration. echo;echo;echo;echo #echo -e $COL_BR_BLUE"________Private network configuration________"$COL_RESET @@ -669,6 +731,7 @@ if [ "$USE_STANDARD_PRIVATE_NETWORK" != "y" ] echo "Enter the first 3 octets of the private network ip address for the cluster : " echo -en $COL_BR_CYAN read -p "eg. 192.168.1 Private Network IP: " PRIVATENET + ORIGIN_PRIVATENET="$PRIVATENET" echo -e $COL_RESET echo echo -e "The network IP" $COL_BR_YELLOW "${PRIVATENET}.0/24" $COL_RESET "will be used for the private network." @@ -875,6 +938,15 @@ Write_Config_File () { ### Add to new config file. eval echo $@=\\\"\$$@\\\" >> $NEW_CONFIG_FILE } +Set_DMZ_Net () { ### Set the private network to the DMZ network address temporarily. +PRIVATENET="$DMZ_NET" +} + +Unset_DMZ_Net () { ### Set the private network back to the original network address. +PRIVATENET="$ORIGIN_PRIVATENET" +} + + Run_Functions_For_Input () { ################### Run functions to get info (input) ###################### @@ -1048,6 +1120,21 @@ then fi Write_Config_File EG_ADMIN_PASSWORD +if [ -z $USE_DMZ ] || [ "$USE_CONFIG_FILE" == "0" ] +then + Choose_Use_DMZ +fi +Write_Config_File USE_DMZ + +if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] +then + Get_DMZ_Subnet + Get_Gateways +fi +Write_Config_File DMZ_NET +Write_Config_File DMZ_GATEWAY +Write_Config_File PRIVATENET_GATEWAY + if [ -z $USE_STANDARD_PRIVATE_NETWORK ] || [ "$USE_CONFIG_FILE" == "0" ] then Choose_Private_Net @@ -1250,9 +1337,20 @@ fi HOSTNAMES_NO_BRICKS="lvs01 lvs02 db01 db02 db03 logger01 utility01 sip01 sip02 reporter01 memcache01 memcache02 monitor01 monitor02 backup01 admin01" ### Setup Privatenet IP for all hosts except bricks. -LVS01_PRIVATE_SHARED_IP="${PRIVATENET}.1" -LVS01_PRIVATE_IP="${PRIVATENET}.2" -LVS02_PRIVATE_IP="${PRIVATENET}.3" +if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] +then + Set_DMZ_Net + echo PRIVATENET SET to $PRIVATENET + LVS01_PRIVATE_SHARED_IP="${PRIVATENET}.1" + LVS01_PRIVATE_IP="${PRIVATENET}.2" + LVS02_PRIVATE_IP="${PRIVATENET}.3" + Unset_DMZ_Net + echo PRIVATENET UNSET to $PRIVATENET +else + LVS01_PRIVATE_SHARED_IP="${PRIVATENET}.1" + LVS01_PRIVATE_IP="${PRIVATENET}.2" + LVS02_PRIVATE_IP="${PRIVATENET}.3" +fi DB01_IP="${PRIVATENET}.101" DB02_IP="${PRIVATENET}.102" DB03_IP="${PRIVATENET}.103" @@ -1316,7 +1414,6 @@ do fi done -## Generate authkeys file for ha for LVS in $MACHINES_LVS_ONLY do @@ -1349,7 +1446,13 @@ for LVS in $MACHINES_LVS_ONLY sed -i "s^ClusterPublic_CIDR^${CLUSTER_CIDR}^g" "$OUTDIR/$LVS/etc/ha.d/haresources" sed -i "s^ClusterPublic_Bcast^${PUB_BCAST}^g" "$OUTDIR/$LVS/etc/ha.d/haresources" sed -i "s^Lvs01Private_Shared_IP^${LVS01_PRIVATE_SHARED_IP}^g" "$OUTDIR/$LVS/etc/ha.d/haresources" - sed -i "s^lvs01Private_Net^${PRIVATENET}^g" "$OUTDIR/$LVS/etc/ha.d/haresources" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + sed -i "s^lvs01Private_Net^${DMZ_NET}^g" "$OUTDIR/$LVS/etc/ha.d/haresources" + else + sed -i "s^lvs01Private_Net^${PRIVATENET}^g" "$OUTDIR/$LVS/etc/ha.d/haresources" + fi + ### Configure the maintenance page on LVS servers mkdir -p "$OUTDIR/$LVS/var/www" @@ -1465,6 +1568,7 @@ CLUSTER_TLD="$(echo $CLUSTERDOMAINNAME |awk -F"." '{ print $NF }')" [ -e "$TMPHOSTS" ] && rm -f "$TMPHOSTS" [ -e "$TMPZONEFILE" ] && rm -f "$TMPZONEFILE" [ -e "$TMPREVZONEFILE" ] && rm -f "$TMPREVZONEFILE" +[ -e "$TMPREVZONEFILE_DMZ" ] && rm -f "$TMPREVZONEFILE_DMZ" [ -e "$TMPOSRFNODES" ] && rm -f "$TMPOSRFNODES" if [ "$USE_HOSTNAME_PREFIX" = "y" ] || [ "$USE_HOSTNAME_PREFIX" = "Y" ] then @@ -1485,8 +1589,25 @@ PRIVATENET_3RD=$(echo $PRIVATENET | awk -F"." '{ print $3 }') ### Reverse the private net for DNS reverse zone. REV_PRIVATENET="${PRIVATENET_3RD}.${PRIVATENET_2ND}.${PRIVATENET_1ST}" + sed -i "s^_REV_PRIVATE_NET^$REV_PRIVATENET^g" "$TMPREVZONEFILE" +if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] +then + cat "$TEMPLATEDIR/lvs/bind/revzonefile-header" > "$TMPREVZONEFILE_DMZ" + + + ### Split the DMZ network into 3 separate octects. + DMZ_NET_1ST="$(echo $DMZ_NET | awk -F"." '{ print $1 }')" + DMZ_NET_2ND="$(echo $DMZ_NET | awk -F"." '{ print $2 }')" + DMZ_NET_3RD="$(echo $DMZ_NET | awk -F"." '{ print $3 }')" + + ### Reverse the DMZ net for DNS reverse zone. + REV_DMZ_NET="${DMZ_NET_3RD}.${DMZ_NET_2ND}.${DMZ_NET_1ST}" + + sed -i "s^_REV_DMZ_NET^$REV_DMZ_NET^g" "$TMPREVZONEFILE_DMZ" +fi + ### Add lvs servers entry to the global hosts file and DNS zone file. NUM=0 for LVS_SERVERS in $MACHINES_LVS_ONLY @@ -1495,7 +1616,12 @@ for LVS_SERVERS in $MACHINES_LVS_ONLY #echo "$LVS01_PRIVATE_IP $LVS_SERVERS.${CLUSTERDOMAINNAME} $LVS_SERVERS " >> "$TMPHOSTS" eval echo "\$LVS0${NUM}_PRIVATE_IP $LVS_SERVERS.${CLUSTERDOMAINNAME} $LVS_SERVERS " >> "$TMPHOSTS" eval printf "$LVS_SERVERS\\\tA\\\t\$LVS0${NUM}_PRIVATE_IP\\\n" >> "$TMPZONEFILE" - printf "0${NUM}\tIN\tPTR\t$LVS_SERVERS.${CLUSTERDOMAINNAME}.\n" >> "$TMPREVZONEFILE" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + printf "0${NUM}\tIN\tPTR\t$LVS_SERVERS.${CLUSTERDOMAINNAME}.\n" >> "$TMPREVZONEFILE_DMZ" + else + printf "0${NUM}\tIN\tPTR\t$LVS_SERVERS.${CLUSTERDOMAINNAME}.\n" >> "$TMPREVZONEFILE" + fi done @@ -1537,6 +1663,10 @@ cp -f ${TEMPLATEDIR}/monitor/munin.conf $TMPMUNINCONF ### And create the configuration files as needed. CreateBricks () { ### Create config for Bricks without separate drones. DRONELESS +if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] +then + Set_DMZ_Net +fi for BRICK in $(seq $BRICKCOUNT) do if [ -z "$HOSTNAME_PREFIX" ] ; then @@ -1625,9 +1755,16 @@ for BRICK in $(seq $BRICKCOUNT) eval printf "\$BRICKHOSTNAME${BRICK}-head\\\tA\\\t\$BRICKHOSTNAME${BRICK}_HEAD_IP\\\n" >> $TMPZONEFILE eval printf "public.\$BRICKHOSTNAME${BRICK}-head\\\tA\\\t\$BRICKHOSTNAME${BRICK}_HEAD_IP\\\n" >> $TMPZONEFILE eval printf "private.\$BRICKHOSTNAME${BRICK}-head\\\tA\\\t\$BRICKHOSTNAME${BRICK}_HEAD_IP\\\n" >> $TMPZONEFILE - eval printf "${BRICK}0\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE - eval printf "${BRICK}0\\\tIN\\\tPTR\\\tpublic.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE - eval printf "${BRICK}0\\\tIN\\\tPTR\\\tprivate.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + eval printf "${BRICK}0\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tpublic.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tprivate.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + else + eval printf "${BRICK}0\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tpublic.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tprivate.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + fi eval echo "/openils/var/data/offline \$BRICKHOSTNAME${BRICK}_HEAD_IP\(rw,sync,no_subtree_check\)" >> $TMPFOLDER/exports eval echo "/openils/var/data/vandelay \$BRICKHOSTNAME${BRICK}_HEAD_IP\(rw,sync,no_subtree_check\)" >> $TMPFOLDER/exports eval echo "/storage/reports-output \$BRICKHOSTNAME${BRICK}_HEAD_IP\(ro,sync,no_subtree_check\)" >> $TMPFOLDER/exports_reporter @@ -1657,6 +1794,7 @@ for BRICK in $(seq $BRICKCOUNT) echo >>$TMPMUNINCONF done +Unset_DMZ_Net ### Setup hosts file for bricks. @@ -1672,6 +1810,10 @@ for BRICK in $(seq $BRICKCOUNT) } CreateBricksAndDrones () { ### Create config for bricks with seperate drones +if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] +then + Set_DMZ_Net +fi for BRICK in $(seq $BRICKCOUNT) do if [ -z "$HOSTNAME_PREFIX" ] ; then @@ -1763,9 +1905,16 @@ for BRICK in $(seq $BRICKCOUNT) eval printf "\$BRICKHOSTNAME${BRICK}-head\\\tA\\\t\$BRICKHOSTNAME${BRICK}_HEAD_IP\\\n" >> $TMPZONEFILE eval printf "public.\$BRICKHOSTNAME${BRICK}-head\\\tA\\\t\$BRICKHOSTNAME${BRICK}_HEAD_IP\\\n" >> $TMPZONEFILE eval printf "private.\$BRICKHOSTNAME${BRICK}-head\\\tA\\\t\$BRICKHOSTNAME${BRICK}_HEAD_IP\\\n" >> $TMPZONEFILE - eval printf "${BRICK}0\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE - eval printf "${BRICK}0\\\tIN\\\tPTR\\\tpublic.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE - eval printf "${BRICK}0\\\tIN\\\tPTR\\\tprivate.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + eval printf "${BRICK}0\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tpublic.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tprivate.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + else + eval printf "${BRICK}0\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tpublic.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + eval printf "${BRICK}0\\\tIN\\\tPTR\\\tprivate.\$BRICKHOSTNAME${BRICK}-head.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + fi BRICK_HEAD_LIST="$BRICK_HEAD_LIST$(eval printf "\$BRICKHOSTNAME${BRICK}-head\ ")" ### Monitoring printf 'define host {\n' >>$TMPNAGIHOSTS;eval printf "\\\thost_name\\\t\$BRICKHOSTNAME${BRICK}-head\\\n" >>$TMPNAGIHOSTS @@ -1858,7 +2007,12 @@ for BRICK in $(seq $BRICKCOUNT) eval echo -e "\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}_IP \$BRICKHOSTNAME${BRICK}_DRONE${DRONE}.${CLUSTERDOMAINNAME} \$BRICKHOSTNAME${BRICK}_DRONE${DRONE}" \ >> $TMPHOSTS eval printf "\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}\\\tA\\\t\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}_IP\\\n" >> $TMPZONEFILE - eval printf "${BRICK}${DRONE}\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + eval printf "${BRICK}${DRONE}\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE_DMZ + else + eval printf "${BRICK}${DRONE}\\\tIN\\\tPTR\\\t\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}.${CLUSTERDOMAINNAME}.\\\n" >> $TMPREVZONEFILE + fi DRONE_LIST="$DRONE_LIST$(eval printf "\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}\ ")" ### Monitoring printf 'define host {\n' >>$TMPNAGIHOSTS;eval printf "\\\thost_name\\\t\$BRICKHOSTNAME${BRICK}_DRONE${DRONE}\\\n" >>$TMPNAGIHOSTS @@ -1889,6 +2043,7 @@ for BRICK in $(seq $BRICKCOUNT) eval cat $TEMPLATEDIR/oils_brick.cfg-footer >> ${OUTDIR}/$(eval echo \$BRICKHOSTNAME${BRICK})/$(eval echo \$BRICKHOSTNAME${BRICK})-head/openils/conf/.oils_brick.cfg done +Unset_DMZ_Net ### Add list of bricks and drones BRICK_DRONE_LIST="$BRICK_HEAD_LIST $DRONE_LIST" @@ -1943,6 +2098,10 @@ cat $TMPFOLDER/zonefile-footer >> "$TMPZONEFILE" cat $TMPFOLDER/revzonefile-footer >> "$TMPREVZONEFILE" sed -i "s^domain.org^$CLUSTERDOMAINNAME^g" "$TMPZONEFILE" sed -i "s^domain.org^$CLUSTERDOMAINNAME^g" "$TMPREVZONEFILE" +if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] +then + sed -i "s^domain.org^$CLUSTERDOMAINNAME^g" "$TMPREVZONEFILE_DMZ" +fi sed -i "s^Priv_NET^$PRIVATENET^g" "$TMPZONEFILE" @@ -1987,6 +2146,10 @@ for LVS_SERVER in $MACHINES_LVS_ONLY mkdir -p "$OUTDIR/$LVS_SERVER/etc/bind" cp -f "$TMPZONEFILE" "$OUTDIR/$LVS_SERVER/etc/bind/${CLUSTERDOMAINNAME}-zone" cp -f "$TMPREVZONEFILE" "$OUTDIR/$LVS_SERVER/etc/bind/${PRIVATENET}-zone" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + cp -f "$TMPREVZONEFILE_DMZ" "$OUTDIR/$LVS_SERVER/etc/bind/${DMZ_NET}-zone" + fi sed -i "s^_MY_HOSTNAME^$LVS_SERVER^g" "$OUTDIR/$LVS_SERVER/etc/bind/${CLUSTERDOMAINNAME}-zone" sed -i "s^_MY_HOSTNAME^$LVS_SERVER^g" "$OUTDIR/$LVS_SERVER/etc/bind/${PRIVATENET}-zone" done @@ -2000,10 +2163,24 @@ for LVS_SERVERS in $MACHINES_LVS_ONLY ((NUM++)) if ! echo "$LVS_SERVERS" | grep -q "lvs01" then - cp -f "$TEMPLATEDIR/lvs/bind/named.conf.local-slave" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + cp -f "$TEMPLATEDIR/lvs/bind/named.conf.local-slave_DMZ" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + sed -i "s^_REV_DMZ_NET^$REV_DMZ_NET^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + sed -i "s^DMZ_NET^$DMZ_NET^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + else + cp -f "$TEMPLATEDIR/lvs/bind/named.conf.local-slave" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + fi sed -i "s^_LVS01_PRIVATE_IP^$LVS01_PRIVATE_IP^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" else - cp -f "$TEMPLATEDIR/lvs/bind/named.conf.local-master" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + cp -f "$TEMPLATEDIR/lvs/bind/named.conf.local-master_DMZ" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + sed -i "s^_REV_DMZ_NET^$REV_DMZ_NET^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + sed -i "s^DMZ_NET^$DMZ_NET^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + else + cp -f "$TEMPLATEDIR/lvs/bind/named.conf.local-master" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" + fi sed -i "s^_LVS02_PRIVATE_IP^$LVS02_PRIVATE_IP^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" fi eval sed -i "s^_MY_IP^\$LVS0${NUM}_PRIVATE_IP^g" "$OUTDIR/$LVS_SERVERS/etc/bind/named.conf.local" @@ -2041,7 +2218,12 @@ for LVS in $MACHINES_LVS_ONLY cp -f "$TEMPLATEDIR/lvs/interfaces" "$OUTDIR/$LVS/etc/network" sed -i "s^Pub_NETMASK^$CLUSTERNETMASK^g" "$OUTDIR/$LVS/etc/network/interfaces" sed -i "s^Pub_GATEWAY^$CLUSTERGATEWAY^g" "$OUTDIR/$LVS/etc/network/interfaces" - sed -i "s^Priv_NET^$PRIVATENET^g" "$OUTDIR/$LVS/etc/network/interfaces" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + sed -i "s^Priv_NET^$DMZ_NET^g" "$OUTDIR/$LVS/etc/network/interfaces" + else + sed -i "s^Priv_NET^$PRIVATENET^g" "$OUTDIR/$LVS/etc/network/interfaces" + fi sed -i "s^Cluster_Public_IP^$CLUSTERIPADDRESS^g" "$OUTDIR/$LVS/etc/network/interfaces" eval sed -i "s^Pub_IP^\$LVS0${NUM}_PHYSICAL_PUBLIC_IP^g" "$OUTDIR/$LVS/etc/network/interfaces" @@ -2080,6 +2262,10 @@ for NET_NODE in $MACHINES_NO_BRICKS_LVS fi cp -f "$TEMPLATEDIR/interfaces" "$OUTDIR/$NET_NODE/etc/network" && \ # eval sed -i "s^Priv_IP^\$${NET_NODE^^*}_IP^g" "$OUTDIR/$NET_NODE/etc/network/interfaces" + if [ "$USE_DMZ" = "y" ] || [ "$USE_DMZ" = "Y" ] + then + sed -i "s^Priv_NET.1^$PRIVATENET_GATEWAY^g" "$OUTDIR/$NET_NODE/etc/network/interfaces" + fi eval sed -i "s^Priv_IP^\$${NODE_NO_PREFIX^^*}_IP^g" "$OUTDIR/$NET_NODE/etc/network/interfaces" sed -i "s^LVS01_Private_IP^$LVS01_PRIVATE_IP^g" "$OUTDIR/$NET_NODE/etc/network/interfaces" sed -i "s^LVS02_Private_IP^$LVS02_PRIVATE_IP^g" "$OUTDIR/$NET_NODE/etc/network/interfaces" diff --git a/templates/lvs/bind/named.conf.local-master_DMZ b/templates/lvs/bind/named.conf.local-master_DMZ new file mode 100644 index 0000000..de9f74c --- /dev/null +++ b/templates/lvs/bind/named.conf.local-master_DMZ @@ -0,0 +1,43 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + +zone "domain.org" { + type master; + file "/etc/bind/domain.org-zone"; + // allow-update { key "rndc-key"; Priv_NET.0/24; }; + allow-transfer { + 127.0.0.1; + _MY_IP; + _LVS02_PRIVATE_IP; + }; + notify yes; +}; + +zone "_REV_PRIVATE_NET.in-addr.arpa" { + type master; + file "/etc/bind/Priv_NET-zone"; + // allow-update { key "rndc-key"; Priv_NET.0/24; }; + allow-transfer { + 127.0.0.1; + _MY_IP; + _LVS02_PRIVATE_IP; + }; + notify yes; +}; + +zone "_REV_DMZ_NET.in-addr.arpa" { + type master; + file "/etc/bind/DMZ_NET-zone"; + // allow-update { key "rndc-key"; DMZ_NET.0/24; }; + allow-transfer { + 127.0.0.1; + _MY_IP; + _LVS02_PRIVATE_IP; + }; + notify yes; +}; diff --git a/templates/lvs/bind/named.conf.local-slave_DMZ b/templates/lvs/bind/named.conf.local-slave_DMZ new file mode 100644 index 0000000..3fa23f8 --- /dev/null +++ b/templates/lvs/bind/named.conf.local-slave_DMZ @@ -0,0 +1,43 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + +zone "domain.org" { + type slave; + masters { _LVS01_PRIVATE_IP; }; + file "/etc/bind/domain.org-zone"; + // allow-update { key "rndc-key"; Priv_NET.0/24; }; + allow-transfer { + 127.0.0.1; + _MY_IP; + }; + notify yes; +}; + +zone "_REV_PRIVATE_NET.in-addr.arpa" { + type slave; + masters { _LVS01_PRIVATE_IP; }; + file "/etc/bind/Priv_NET-zone"; + //allow-update { key "rndc-key"; Priv_NET.0/24; }; + allow-transfer { + 127.0.0.1; + _MY_IP; + }; + notify yes; +}; + +zone "_REV_DMZ_NET.in-addr.arpa" { + type slave; + masters { _LVS01_PRIVATE_IP; }; + file "/etc/bind/Priv_NET-zone"; + //allow-update { key "rndc-key"; DMZ_NET.0/24; }; + allow-transfer { + 127.0.0.1; + _MY_IP; + }; + notify yes; +}; -- 2.11.0