diff options
| author | Joachim Tingvold <joachim@tingvold.com> | 2015-03-21 18:21:18 +0100 |
|---|---|---|
| committer | Joachim Tingvold <joachim@tingvold.com> | 2015-03-21 18:21:18 +0100 |
| commit | 6bf0be13c4ac46f612251eb13cf2b23f94441cc5 (patch) | |
| tree | 5e19ce59095e3a9def48822f888da8a739486130 | |
| parent | 4184848fa3e4f776da1b959c9ba48f4282e82108 (diff) | |
TG15 Spring cleanup.
| -rwxr-xr-x | include/config.pm.dist | 52 | ||||
| -rwxr-xr-x[-rw-r--r--] | include/nms.pm | 4 | ||||
| -rwxr-xr-x | tools/create-shellconf.pl | 37 | ||||
| -rwxr-xr-x | tools/generate-dnsrr.pl | 3 | ||||
| -rwxr-xr-x | tools/make-dhcpd.pl | 59 | ||||
| -rwxr-xr-x | tools/make-first-zones.pl | 60 | ||||
| -rwxr-xr-x | tools/make-missing-conf.pl | 17 | ||||
| -rwxr-xr-x | tools/make-named.pl | 73 | ||||
| -rwxr-xr-x | tools/make-pxeboot.sh | 4 | ||||
| -rwxr-xr-x | tools/make-reverse4-files.pl | 17 |
10 files changed, 120 insertions, 206 deletions
diff --git a/include/config.pm.dist b/include/config.pm.dist index cefb5a0..fdf68a1 100755 --- a/include/config.pm.dist +++ b/include/config.pm.dist @@ -4,62 +4,60 @@ use warnings; use DBI; package nms::config; +# DB our $db_name = "nms"; our $db_host = "frank.tg14.gathering.org"; our $db_username = "nms"; our $db_password = "<removed>"; -our $dhcp_server1 = "151.216.254.2"; -our $dhcp_server2 = "151.216.253.19"; # Cisco ISE profiling +# DHCP-servers +our $dhcp_server1 = "151.216.254.2"; # primary +our $dhcp_server2 = "151.216.253.19"; # secondary -our $ios_user = "dlinkng"; # used by dlink-ng +++ -our $ios_pass = "<removed>"; +# TACACS-login for NMS +our $tacacs_user = "nms"; +our $tacacs_pass = "<removed>"; -# Tech:Net sets up at least a read-community for SNMP for use -# with dlink1g, nms and sosuch. This is the one: +# SNMP read-only for NMS, etc our $snmp_community = "<removed>"; -our $dlink1g_user = 'dlinkng'; # used by nms.pm to connect to D-Link-switches -our $dlink1g_passwd = '<removed>'; - # Telnet-timeout for smanagrun our $telnet_timeout = 30; -# No longer in use as of '12 ? -# our $telegw_ip = "12.34.56.78"; -# our @telegw_wanlinks = ("gig1/1", "gig1/2"); - +# IP/IPv6/DNS-info our $tgname = "tg14"; - our $pri_hostname = "brad"; our $pri_v4 = "151.216.254.2"; our $pri_v6 = "2a02:ed02:254::2"; -our $pri_net = "151.216.254.0/24"; +our $pri_net = "151.216.254.0/24"; # network that primary server is in + our $sec_hostname = "janet"; our $sec_v4 = "151.216.253.2"; our $sec_v6 = "2a02:ed02:253::2"; +our $sec_net = "151.216.253.0/24"; # network that secondary server is in # for RIPE to get reverse zones via DNS AXFR -our $ext_xfer = "193.0.0.0/22"; -our $ext_ns = "194.19.3.20"; +# https://www.ripe.net/data-tools/dns/reverse-dns/how-to-set-up-reverse-delegation +our $ext_xfer = "193.0.0.0/22; 2001:610:240::/48; 2001:67c:2e8::/48"; + +# allow XFR from NOC +our $noc_nett = "151.216.252.0/24; 2a02:ed02:252::/64"; # To generate new dnssec-key for ddns: # dnssec-keygen -a HMAC-MD5 -b 128 -n HOST DHCP_UPDATER our $ddns_key = "<removed>"; our $ddns_to = "127.0.0.1"; -# Used by make-named.pl -our $noc_nett = "151.216.252.0/24"; -our $noc_nett_v6 = "2a02:ed02:252::/64"; - -our $base_ipv4net = "151.216.128.0"; -our $base_ipv4prefix = 17; - -our $base_ipv6net = "2a02:ed02:"; -our $base_ipv6prefix = 32; +# Base networks +our $base_ipv4net = "151.216.128.0/17"; +our $base_ipv6net = "2a02:ed02::/32"; our $ipv6zone = "2.0.d.e.2.0.a.2.ip6.arpa"; -our $ciscowlc_a = "151.216.253.21"; +# extra networks that are outside the normal ranges +our $extra_net = "185.12.59.0/24"; + +# add WLC's +our $wlc1 = "151.216.253.21"; # Change from tg14: PXE-server is set to Secondary/SMTP/TFTP box, # and the toolchain assumes this fact. Variable kept for clarity: diff --git a/include/nms.pm b/include/nms.pm index e93f7d0..8926648 100644..100755 --- a/include/nms.pm +++ b/include/nms.pm @@ -71,10 +71,10 @@ sub switch_connect($) { if ($match eq 'Password:') { $conn->print('gurbagurba'); # Dette passordet skal feile $conn->waitfor('/User ?Name:/'); - $conn->print($nms::config::dlink1g_user); + $conn->print($nms::config::tacacs_user); my (undef, $match) = $conn->waitfor('/DGS-3100#|Password:/'); if ($match eq 'Password:') { - $conn->cmd($nms::config::dlink1g_passwd); + $conn->cmd($nms::config::tacacs_pass); } } return ($conn); diff --git a/tools/create-shellconf.pl b/tools/create-shellconf.pl index be7fb93..9c4b500 100755 --- a/tools/create-shellconf.pl +++ b/tools/create-shellconf.pl @@ -13,24 +13,6 @@ my $dhcpd_base = "/etc/dhcp/"; my $shellconf_file = "include/tgmanage.cfg.sh"; -my $tgname = $nms::config::tgname; - -my $pri_hostname = $nms::config::pri_hostname; -my $pri_v4 = $nms::config::pri_v4; -my $pri_v6 = $nms::config::pri_v6; - -my $sec_hostname = $nms::config::sec_hostname; -my $sec_v4 = $nms::config::sec_v4; -my $sec_v6 = $nms::config::sec_v6; - -my $ddns_key = $nms::config::ddns_key; - -my $base_ipv4net = $nms::config::base_ipv4net; -my $base_ipv4prefix = $nms::config::base_ipv4prefix; - -my $base_ipv6net = $nms::config::base_ipv6net; -my $base_ipv6prefix = $nms::config::base_ipv6prefix; - open CFG, ">" . $shellconf_file or die ($! . " " . $shellconf_file ); print CFG "# This file is autogenerated by tools/create-shellconf.pl,\n"; @@ -38,16 +20,11 @@ print CFG "# using data from nms::config.\n"; print CFG "#\n"; print CFG "# Do you need new common/configuration variables?\n"; print CFG "# Add/update include/config.local.pm and tools/create-shellconf.pl\n\n"; -print CFG "PRIMARY=\"$pri_hostname.$tgname.gathering.org\"\n"; -print CFG "SECONDARY=\"$sec_hostname.$tgname.gathering.org\"\n"; -print CFG "TGNAME=\"$tgname\"\n\n"; -print CFG "PRI_V4=\"$pri_v4\"\n"; -print CFG "PRI_V6=\"$pri_v6\"\n"; -print CFG "SEC_V4=\"$sec_v4\"\n\n"; -print CFG "SEC_V6=\"$sec_v6\"\n\n"; -print CFG "DDNS_KEY=\"$ddns_key\"\n\n"; -print CFG "BASEV4=\"$base_ipv4net\"\n"; -print CFG "PREFIXV4=\"$base_ipv4prefix\"\n"; -print CFG "BASEV6=\"$base_ipv6net\"\n"; -print CFG "PREFIXV6=\"$base_ipv6prefix\"\n"; +print CFG "PRIMARY=\"$nms::config::pri_hostname.$nms::config::tgname.gathering.org\"\n"; +print CFG "SECONDARY=\"$nms::config::sec_hostname.$nms::config::tgname.gathering.org\"\n"; +print CFG "TGNAME=\"$nms::config::tgname\"\n\n"; +print CFG "PRI_V4=\"$nms::config::pri_v4\"\n"; +print CFG "PRI_V6=\"$nms::config::pri_v6\"\n"; +print CFG "SEC_V4=\"$nms::config::sec_v4\"\n\n"; +print CFG "SEC_V6=\"$nms::config::sec_v6\"\n\n"; close CFG; diff --git a/tools/generate-dnsrr.pl b/tools/generate-dnsrr.pl index e9c5afd..ad9230c 100755 --- a/tools/generate-dnsrr.pl +++ b/tools/generate-dnsrr.pl @@ -78,7 +78,8 @@ while (<STDIN>) { # Get IPv6-address based on IPv4-address my ($first, $second, $third, $fourth) = split('\.', $ipv4); - $ipv6 = $nms::config::base_ipv6net . $third . "::" . $fourth; + # TODO: Need to do some more logic, since base_ipv6net looks like '2a02:ed02::/32' + #$ipv6 = $nms::config::base_ipv6net . $third . "::" . $fourth; } } diff --git a/tools/make-dhcpd.pl b/tools/make-dhcpd.pl index 3a5db21..d734c1d 100755 --- a/tools/make-dhcpd.pl +++ b/tools/make-dhcpd.pl @@ -2,7 +2,6 @@ use strict; use Net::IP; -use Net::IP qw(:PROC); BEGIN { require "include/config.pm"; @@ -17,21 +16,18 @@ $base .= "/" if not $base =~ m/\/$/ and not $base eq ""; my $dhcpd_base = $base . "dhcp/"; my $dhcpd_conf = $dhcpd_base . "dhcpd.conf"; -my $dhcp_pxeconf = $dhcpd_base . "pxe-boot.conf"; -my $dhcp_ciscoapconf = $dhcpd_base . "ciscowlc.conf"; +my $dhcpd_pxeconf = $dhcpd_base . "pxe-boot.conf"; +my $dhcpd_wlc_conf= $dhcpd_base . "wlc-conf.conf"; -my $tgname = $nms::config::tgname; -my $pri_v4 = $nms::config::pri_v4; -my $pri_net = $nms::config::pri_net; -my $sec_v4 = $nms::config::sec_v4; -my $pxe_server = $nms::config::pxe_server; -my $ddns_key = $nms::config::ddns_key; -my $ciscowlc_a = $nms::config::ciscowlc_a; - -my $range = new Net::IP( $pri_net ) or die ("oopxos"); -my $mask = $range->mask(); -my ($net, undef) = split "/", $pri_net; +# primary +my $pri_range = Net::IP->new($nms::config::pri_net) or die ("oopxos"); +my $pri_mask = $pri_range->mask(); +my $pri_net = $pri_range->ip(); +# secondary +my $sec_range = Net::IP->new($nms::config::sec_net) or die ("oopxos"); +my $sec_mask = $sec_range->mask(); +my $sec_net = $sec_range->ip(); # Create PXE-boot configuration file for DHCP on master. if ( not -f $dhcpd_conf ) @@ -46,8 +42,8 @@ if ( not -f $dhcpd_conf ) # include almost everything from separate files.. # # log-facility local7; -option domain-name "$tgname.gathering.org"; -option domain-name-servers $pri_v4, $sec_v4; +option domain-name "$nms::config::tgname.gathering.org"; +option domain-name-servers $nms::config::pri_v4, $nms::config::sec_v4; default-lease-time 3600; max-lease-time 7200; authoritative; @@ -55,40 +51,41 @@ authoritative; ddns-update-style interim; key DHCP_UPDATER { algorithm HMAC-MD5.SIG-ALG.REG.INT; - secret $ddns_key; + secret $nms::config::ddns_key; } -subnet $net netmask $mask {} +subnet $pri_net netmask $pri_mask {} +subnet $sec_net netmask $sec_mask {} include "/etc/dhcp/revzones.conf"; include "/etc/dhcp/generated-include.conf"; -include "/etc/dhcp/pxe-boot.conf"; -include "/etc/dhcp/ciscowlc.conf"; +include "$dhcpd_pxeconf"; +include "$dhcpd_wlc_conf"; EOF close DHCPDFILE; } # Create PXE-boot configuration file for DHCP on master. -if ( not -f $dhcp_pxeconf ) +if ( not -f $dhcpd_pxeconf ) { - print STDERR "Creating file " . $dhcp_pxeconf . "\n"; - open PXEFILE, ">" . $dhcp_pxeconf or die ( $! . " " . $dhcp_pxeconf); + print STDERR "Creating file " . $dhcpd_pxeconf . "\n"; + open PXEFILE, ">" . $dhcpd_pxeconf or die ( $! . " " . $dhcpd_pxeconf); - print PXEFILE "next-server " . $pxe_server . ";\n"; + print PXEFILE "next-server " . $nms::config::pxe_server . ";\n"; print PXEFILE "filename \"pxelinux.0\";\n"; close PXEFILE; } -# Create PXE-boot configuration file for DHCP on master. -if ( not -f $dhcp_ciscoapconf ) +# Create WLC configuration file +if ( not -f $dhcpd_wlc_conf ) { - print STDERR "Creating file " . $dhcp_ciscoapconf . "\n"; - open CISCOFILE, ">" . $dhcp_ciscoapconf or die ( $! . " " . $dhcp_pxeconf); + print STDERR "Creating file " . $dhcpd_wlc_conf . "\n"; + open WLCFILE, ">" . $dhcpd_wlc_conf or die ( $! . " " . $dhcpd_wlc_conf); - print CISCOFILE <<"EOF"; + print WLCFILE <<"EOF"; option space CiscoAP; option CiscoAP.server-address code 241 = array of ip-address; set vendor-string = option vendor-class-identifier; @@ -96,9 +93,9 @@ set vendor-string = option vendor-class-identifier; class "cisco-aps" { match if substring (option vendor-class-identifier, 0, 8) = "Cisco AP"; vendor-option-space CiscoAP; - option CiscoAP.server-address $ciscowlc_a; + option CiscoAP.server-address $nms::config::wlc1; } EOF - close CISCOFILE; + close WLCFILE; } diff --git a/tools/make-first-zones.pl b/tools/make-first-zones.pl index b869115..7d6d9f4 100755 --- a/tools/make-first-zones.pl +++ b/tools/make-first-zones.pl @@ -14,46 +14,34 @@ my $base = "/etc"; $base = $ARGV[0] if $#ARGV > -1; $base .= "/" if not $base =~ m/\/$/ and not $base eq ""; -my $tgname = $nms::config::tgname; -my $pri_hostname = $nms::config::pri_hostname; -my $pri_v4 = $nms::config::pri_v4; -my $pri_v6 = $nms::config::pri_v6; -my $sec_hostname = $nms::config::sec_hostname; -my $sec_v4 = $nms::config::sec_v4; -my $sec_v6 = $nms::config::sec_v6; -my $ipv6zone = $nms::config::ipv6zone; - -# FIXME: THIS IS NOT APPRORPIATE! -my $serial = `date +%Y%m%d01`; -chomp $serial; -# FIXME +my $serial = strftime("%Y%m%d", localtime(time())) . "01"; my $zonefile; +$zonefile = $base . "bind/" . $nms::config::tgname . ".gathering.org.zone"; -$zonefile = $base . "bind/" . $tgname . ".gathering.org.zone"; -if ( not -f $zonefile ) +if ( not -f $zonefile ) { print $zonefile . "\n"; open MAINZONE, ">" . $zonefile or die $! . " " . $zonefile; print MAINZONE <<"EOF"; \$TTL 3600 -@ IN SOA $pri_hostname.$tgname.gathering.org. abuse.gathering.org. ( +@ IN SOA $nms::config::pri_hostname.$nms::config::tgname.gathering.org. abuse.gathering.org. ( $serial; serial 3600 ; refresh 1800 ; retry 608400 ; expire 3600 ) ; minimum and default TTL - IN NS $pri_hostname.$tgname.gathering.org. - IN NS $sec_hostname.$tgname.gathering.org. + IN NS $nms::config::pri_hostname.$nms::config::tgname.gathering.org. + IN NS $nms::config::sec_hostname.$nms::config::tgname.gathering.org. -$pri_hostname IN A $pri_v4 -$pri_hostname IN AAAA $pri_v6 -$sec_hostname IN A $sec_v4 -$sec_hostname IN AAAA $sec_v6 -ns1 IN CNAME $pri_hostname.$tgname.gathering.org. -ns2 IN CNAME $sec_hostname.$tgname.gathering.org. +$nms::config::pri_hostname IN A $nms::config::pri_v4 +$nms::config::pri_hostname IN AAAA $nms::config::pri_v6 +$nms::config::sec_hostname IN A $nms::config::sec_v4 +$nms::config::sec_hostname IN AAAA $nms::config::sec_v6 +ns1 IN CNAME $nms::config::pri_hostname.$nms::config::tgname.gathering.org. +ns2 IN CNAME $nms::config::sec_hostname.$nms::config::tgname.gathering.org. ; Generated by make-all-config.sh on the bootstrapping/nms server. ; Will not be overwritten unless it is missing ;) @@ -63,7 +51,7 @@ EOF } else { print "Skipped TG-zone, file exists.\n"; } -$zonefile = $base . "bind/infra." . $tgname . ".gathering.org.zone"; +$zonefile = $base . "bind/infra." . $nms::config::tgname . ".gathering.org.zone"; if ( not -f $zonefile ) { print $zonefile . "\n"; @@ -71,15 +59,15 @@ if ( not -f $zonefile ) print MAINZONE <<"EOF"; \$TTL 3600 -@ IN SOA $pri_hostname.$tgname.gathering.org. abuse.gathering.org. ( +@ IN SOA $nms::config::pri_hostname.$nms::config::tgname.gathering.org. abuse.gathering.org. ( $serial; serial 3600 ; refresh 1800 ; retry 608400 ; expire 3600 ) ; minimum and default TTL - IN NS $pri_hostname.$tgname.gathering.org. - IN NS $sec_hostname.$tgname.gathering.org. + IN NS $nms::config::pri_hostname.$nms::config::tgname.gathering.org. + IN NS $nms::config::sec_hostname.$nms::config::tgname.gathering.org. ; Generated by make-all-config.sh on the bootstrapping/nms server. ; Will not be overwritten unless it is missing ;) @@ -88,7 +76,7 @@ EOF } else { print "Skipped infra-zone, file exists.\n"; } -$zonefile = $base . "bind/" . $ipv6zone . ".zone"; +$zonefile = $base . "bind/" . $nms::config::ipv6zone . ".zone"; if ( not -f $zonefile ) { print $zonefile . "\n"; @@ -97,24 +85,24 @@ if ( not -f $zonefile ) print IPV6ZONE <<"EOF"; ; autogenerated, and updated from dhcpd -- DO NOT TOUCH! \$TTL 3600 -@ IN SOA $pri_hostname.$tgname.gathering.org. abuse.gathering.org. ( +@ IN SOA $nms::config::pri_hostname.$nms::config::tgname.gathering.org. abuse.gathering.org. ( $serial; serial 3600 ; refresh 1800 ; retry 608400 ; expire 3600 ) ; minimum and default TTL - IN NS $pri_hostname.$tgname.gathering.org. - IN NS $sec_hostname.$tgname.gathering.org. + IN NS $nms::config::pri_hostname.$nms::config::tgname.gathering.org. + IN NS $nms::config::sec_hostname.$nms::config::tgname.gathering.org. ; WARNING! Do not edit this file directly! ; on the bootstrapping/nms server! EOF - my $ip_pri = new Net::IP( $pri_v6 ) or die ( "Error, new Net::IP for " . $pri_v6 ); - my $ip_sec = new Net::IP( $sec_v6 ) or die ( "Error, new Net::IP for " . $sec_v6 ); - print IPV6ZONE $ip_pri->reverse_ip() . " IN PTR $pri_hostname.$tgname.gathering.org.\n"; - print IPV6ZONE $ip_sec->reverse_ip() . " IN PTR $sec_hostname.$tgname.gathering.org.\n"; + my $ip_pri = new Net::IP( $nms::config::pri_v6 ) or die ( "Error, new Net::IP for " . $nms::config::pri_v6 ); + my $ip_sec = new Net::IP( $nms::config::sec_v6 ) or die ( "Error, new Net::IP for " . $nms::config::sec_v6 ); + print IPV6ZONE $ip_pri->reverse_ip() . " IN PTR $nms::config::pri_hostname.$nms::config::tgname.gathering.org.\n"; + print IPV6ZONE $ip_sec->reverse_ip() . " IN PTR $nms::config::sec_hostname.$nms::config::tgname.gathering.org.\n"; close IPV6ZONE; } else { print "Skipped v6-reverse-zone, file exists.\n"; } diff --git a/tools/make-missing-conf.pl b/tools/make-missing-conf.pl index 345f29a..598964f 100755 --- a/tools/make-missing-conf.pl +++ b/tools/make-missing-conf.pl @@ -12,10 +12,7 @@ BEGIN { use Net::IP; use Net::IP qw(:PROC); -# FIXME: THIS IS NOT APPRORPIATE! -my $serial = `date +%Y%m%d01`; -chomp $serial; -# FIXME +my $serial = strftime("%Y%m%d", localtime(time())) . "01"; unless ( (($#ARGV == 0 ) || ( $#ARGV == 1)) && (( $ARGV[0] eq "master" ) || ( $ARGV[0] eq "slave" )) ) @@ -51,20 +48,12 @@ my $sec_hostname = $nms::config::sec_hostname; my $sec_v4 = $nms::config::sec_v4; my $sec_v6 = $nms::config::sec_v6; -my $ext_xfer = $nms::config::ext_xfer; -my $ext_ns = $nms::config::ext_ns; - my $ddns_key = $nms::config::ddns_key; -my $base_ipv4net = $nms::config::base_ipv4net; -my $base_ipv4prefix = $nms::config::base_ipv4prefix; - my $ddns_to = $nms::config::ddns_to; -my $base_ipv4 = new Net::IP( $base_ipv4net . "/" . $base_ipv4prefix ); - -$base_ipv4net =~ m/^(\d+)\.(\d+)\.(\d+)\..*/; -my ( $cp_oct, $cs_oct, $ct_oct ) = ( $1, $2, $3 ); +my $base_ipv4 = new Net::IP( $nms::config::base_ipv4net ); +my ($cp_oct, $cs_oct, $ct_oct) = ($nms::config::base_ipv4net =~ m/^(\d+)\.(\d+)\.(\d+)\..*/); while ( <STDIN> ) { diff --git a/tools/make-named.pl b/tools/make-named.pl index 575d584..a9ea02d 100755 --- a/tools/make-named.pl +++ b/tools/make-named.pl @@ -30,37 +30,10 @@ my $named_file = $bind_base . "named.conf"; if ( -f $named_file ) { - print STDERR $named_file . " already exists. Cowardly refusing to continue\n"; + print STDERR $named_file . " already exists. Cowardly refusing to continue.\n"; exit; } -my $tgname = $nms::config::tgname; - -my $pri_hostname = $nms::config::pri_hostname; -my $pri_v4 = $nms::config::pri_v4; -my $pri_v6 = $nms::config::pri_v6; - -my $sec_hostname = $nms::config::sec_hostname; -my $sec_v4 = $nms::config::sec_v4; -my $sec_v6 = $nms::config::sec_v6; -my $ipv6zone = $nms::config::ipv6zone; -my $ext_xfer = $nms::config::ext_xfer; -my $ext_ns = $nms::config::ext_ns; - -my $ddns_key = $nms::config::ddns_key; - -my $base_ipv4net = $nms::config::base_ipv4net; -my $base_ipv4prefix = $nms::config::base_ipv4prefix; - -my $base_ipv6net = $nms::config::base_ipv6net; -my $base_ipv6prefix = $nms::config::base_ipv6prefix; - -my $noc_nett = $nms::config::noc_nett; - -my $ddns_to = $nms::config::ddns_to; - -my $pxe_server = $nms::config::ddns_to; - my $run = `date +%Y%m%d-%H%M`; open NFILE, ">" . $named_file or die ( $! . " " . $named_file ); @@ -69,9 +42,9 @@ chomp $run; print NFILE <<EOF; // This named.conf was generated by make-named.pl at $run // The current version of make-named.pl should not overwrite this file. -acl tg-nett { $base_ipv4net/$base_ipv4prefix; $base_ipv6net:/$base_ipv6prefix; 127.0.0.0/8; ::1; }; -acl ns-xfr { $ext_ns; $sec_v4; $sec_v6; $pri_v4; $pri_v6; $noc_nett; }; -acl ripe-xfr { $ext_ns; $sec_v4; $sec_v6; $pri_v4; $pri_v6; $ext_xfer; }; +acl tg-nett { $nms::config::base_ipv4net; $nms::config::base_ipv6net; $nms::config::extra_net; 127.0.0.0/8; ::1; }; +acl ns-xfr { $nms::config::sec_v4; $nms::config::sec_v6; $nms::config::pri_v4; $nms::config::pri_v6; $nms::config::noc_nett; }; +acl ext-xfr { $nms::config::ext_xfer; }; options { directory "/etc/bind"; @@ -85,7 +58,7 @@ options { key DHCP_UPDATER { algorithm HMAC-MD5.SIG-ALG.REG.INT; - secret $ddns_key; + secret $nms::config::ddns_key; }; EOF @@ -93,26 +66,26 @@ if ( $role eq "master" ) { print NFILE <<EOF; -zone "$tgname.gathering.org" { +zone "$nms::config::tgname.gathering.org" { type master; - file "$tgname.gathering.org.zone"; + file "$nms::config::tgname.gathering.org.zone"; notify yes; allow-transfer { ns-xfr; }; }; -zone "infra.$tgname.gathering.org" { +zone "infra.$nms::config::tgname.gathering.org" { type master; - file "infra.$tgname.gathering.org.zone"; + file "infra.$nms::config::tgname.gathering.org.zone"; notify yes; allow-transfer { ns-xfr; }; }; -zone "$ipv6zone" { +zone "$nms::config::ipv6zone" { type master; allow-update { key DHCP_UPDATER; }; notify yes; - file "$ipv6zone.zone"; - allow-transfer { ns-xfr; ripe-xfr; }; + file "$nms::config::ipv6zone.zone"; + allow-transfer { ns-xfr; ext-xfr; }; }; include "/etc/bind/named.conf.default-zones"; @@ -125,28 +98,28 @@ if ( $role eq "slave" ) { print NFILE <<EOF; -masters bootstrap { $pri_v4; }; +masters master_ns { $nms::config::pri_v6; $nms::config::pri_v4; }; -zone "$tgname.gathering.org" { +zone "$nms::config::tgname.gathering.org" { type slave; - file "slave/$tgname.gathering.org"; + file "slave/$nms::config::tgname.gathering.org"; notify no; - masters { bootstrap; }; + masters { master_ns; }; }; -zone "infra.$tgname.gathering.org" { +zone "infra.$nms::config::tgname.gathering.org" { type slave; - file "slave/infra.$tgname.gathering.org"; + file "slave/infra.$nms::config::tgname.gathering.org"; notify no; - masters { bootstrap; }; + masters { master_ns; }; }; -zone "$ipv6zone" { +zone "$nms::config::ipv6zone" { type slave; notify no; - masters { bootstrap; }; - file "slave/$ipv6zone:"; - allow-transfer { ns-xfr; ripe-xfr; }; + masters { master_ns; }; + file "slave/$nms::config::ipv6zone:"; + allow-transfer { ns-xfr; ext-xfr; }; }; include "named.conf.default-zones"; diff --git a/tools/make-pxeboot.sh b/tools/make-pxeboot.sh index 25fe305..86a2a4a 100755 --- a/tools/make-pxeboot.sh +++ b/tools/make-pxeboot.sh @@ -7,8 +7,8 @@ # TODO: Either rewrite this to be run at/from the bootstrapper, # and/or add support for ${BASE} redirection.. -apt-get install tftpd-hpa -apt-get install nfs-kernel-server +apt-get -y install tftpd-hpa +apt-get -y install nfs-kernel-server cat << END > /etc/default/tftpd-hpa TFTP_USERNAME="tftp" diff --git a/tools/make-reverse4-files.pl b/tools/make-reverse4-files.pl index db4a1bf..bbb2d7c 100755 --- a/tools/make-reverse4-files.pl +++ b/tools/make-reverse4-files.pl @@ -49,22 +49,13 @@ my $sec_v4 = $nms::config::sec_v4; my $sec_v6 = $nms::config::sec_v6; my $ext_xfer = $nms::config::ext_xfer; -my $ext_ns = $nms::config::ext_ns; my $ddns_key = $nms::config::ddns_key; -my $base_ipv4net = $nms::config::base_ipv4net; -my $base_ipv4prefix = $nms::config::base_ipv4prefix; - -my $noc_nett = $nms::config::noc_nett; -my $noc_nett_v6 = $nms::config::noc_nett_v6; - my $ddns_to = $nms::config::ddns_to; -my $base_ipv4 = new Net::IP( $base_ipv4net . "/" . $base_ipv4prefix ); - -$base_ipv4net =~ m/^(\d+)\.(\d+)\.(\d+)\..*/; -my ( $p_oct, $s_oct, $t_oct ) = ( $1, $2, $3 ); +my $base_ipv4 = new Net::IP( $nms::config::base_ipv4net ); +my ($p_oct, $s_oct, $t_oct) = ($nms::config::base_ipv4net =~ m/^(\d+)\.(\d+)\.(\d+)\..*/); $pri_v4 =~ m/^(\d+)\.(\d+)\.(\d+)\.(\d+).*/; my ( $pp_oct, $ps_oct, $pt_oct, $pf_oct) = ( $1, $2, $3, $4 ); @@ -104,7 +95,7 @@ while (1) print NFILE " type master;\n"; print NFILE " allow-update { key DHCP_UPDATER; };\n"; print NFILE " notify yes;\n"; - print NFILE " allow-transfer { $sec_v4; $ext_xfer; $noc_nett; $noc_nett_v6; };\n"; + print NFILE " allow-transfer { $sec_v4; $ext_xfer; $nms::config::noc_nett; };\n"; print NFILE " file \"reverse/". $rev_zone .".zone\";\n"; print NFILE "};\n\n"; @@ -145,7 +136,7 @@ EOF print SFILE " notify no;\n"; print SFILE " file \"slave/". $rev_zone .".cache\";\n"; print SFILE " masters { bootstrap; };\n"; - print SFILE " allow-transfer { $ext_xfer; $noc_nett; $noc_nett_v6; };\n"; + print SFILE " allow-transfer { $ext_xfer; $nms::config::noc_nett; };\n"; print SFILE "};\n\n"; } |