diff options
| -rw-r--r-- | bootstrap/README.md | 15 | ||||
| -rwxr-xr-x | bootstrap/make-base-requires.sh | 2 | ||||
| -rwxr-xr-x | bootstrap/make-bind-include.pl | 3 | ||||
| -rwxr-xr-x | bootstrap/make-dhcpd.pl | 4 | ||||
| -rwxr-xr-x | bootstrap/make-named.pl | 4 | ||||
| -rwxr-xr-x | bootstrap/make-pxeboot.sh | 7 | ||||
| -rwxr-xr-x | bootstrap/make-reverse4-files.pl | 40 | ||||
| -rwxr-xr-x | bootstrap/update-tools.sh | 3 | ||||
| -rwxr-xr-x | include/config.pm.dist | 7 |
9 files changed, 28 insertions, 57 deletions
diff --git a/bootstrap/README.md b/bootstrap/README.md index 8301d51..1363223 100644 --- a/bootstrap/README.md +++ b/bootstrap/README.md @@ -11,7 +11,7 @@ Outline: * Bootstrap the primary and secondary (make-base-requires.sh) 3. Create new networks/scopes/zones Update during the party using update-baseservice.sh from bootstrap - 4. Apply changes usling tools/apply-baseupdate.sh (reloads bind, restarts dhcpd) + 4. Apply changes usling bootstrap/apply-baseupdate.sh (reloads bind, restarts dhcpd) 5. Changes to generated scopes, pools, zones are done on the primary, in the files 6. If tools need patching, patch on boot and push with update-tools.sh 7. Before wednesday evening, the infra.tgXX.gathering.org zone should be updated! @@ -110,7 +110,7 @@ To do DNS changes to the main DNS zone or the infra-zone, make the changes in the appropriate zone file on the primary DNS server. To add DNS records to any other DNS zone (forward or reverse), you have -to use 'nsupdate'. To simplify the process, use bootstrap/generate-dnsrr.pl +to use 'nsupdate'. To simplify the process, use tools/generate-dnsrr.pl Usage on this tool is documented in the "header" of the script... @@ -137,14 +137,3 @@ Output from this shuld go in infra.tgXX.gathering.org.zone on primary: Output from this should go as input to nsupdate, see doc in generate-dnsrr.pl: > cat linknet.txt | tools/make-linknet-hosts.pl | tools/generate-dnsrr.pl --domain infra.tgXX.gathering.org -ns -rev - - -Other stuff.... ------------------------------------------------------------------- -Files that are not used? Need to revisit these files... - - * tools/make-switch-placements.pl - * Updates positions for switches in NMS map (png)? - * tools/make-switches.pl - * tools/fetch-portlist.sh - diff --git a/bootstrap/make-base-requires.sh b/bootstrap/make-base-requires.sh index ad40e73..2de7a2d 100755 --- a/bootstrap/make-base-requires.sh +++ b/bootstrap/make-base-requires.sh @@ -67,7 +67,7 @@ ssh -l root ${PRIMARY} "echo THIS COPY OF TGMANAGE IS MANAGED FROM BOOTSTRAP S ssh -l root ${SECONDARY} "echo THIS COPY OF TGMANAGE IS MANAGED FROM BOOTSTRAP SERVER > ~/tgmanage/NOTICE" # No point in _not_ running update-baseservice at this point.... -tools/update-baseservice.sh ${BASE} +bootstrap/update-baseservice.sh ${BASE} # Set up PXE environment. NOTE that we assume that TFTP-server is the ${SECONDARY} (changed from older behaviour) ssh -l root ${SECONDARY} "~/tgmanage/bootstrap/make-pxeboot.sh" diff --git a/bootstrap/make-bind-include.pl b/bootstrap/make-bind-include.pl index d688dec..880280e 100755 --- a/bootstrap/make-bind-include.pl +++ b/bootstrap/make-bind-include.pl @@ -1,7 +1,4 @@ #!/usr/bin/perl -I /root/tgmanage - -# TODO: Port this to the "master|slave base" parameter syntax! - use strict; unless ( (($#ARGV == 0 ) || ( $#ARGV == 1)) diff --git a/bootstrap/make-dhcpd.pl b/bootstrap/make-dhcpd.pl index d734c1d..f263ae7 100755 --- a/bootstrap/make-dhcpd.pl +++ b/bootstrap/make-dhcpd.pl @@ -20,12 +20,12 @@ my $dhcpd_pxeconf = $dhcpd_base . "pxe-boot.conf"; my $dhcpd_wlc_conf= $dhcpd_base . "wlc-conf.conf"; # primary -my $pri_range = Net::IP->new($nms::config::pri_net) or die ("oopxos"); +my $pri_range = Net::IP->new($nms::config::pri_net) or die ("pri_range fail"); my $pri_mask = $pri_range->mask(); my $pri_net = $pri_range->ip(); # secondary -my $sec_range = Net::IP->new($nms::config::sec_net) or die ("oopxos"); +my $sec_range = Net::IP->new($nms::config::sec_net) or die ("sec_range fail"); my $sec_mask = $sec_range->mask(); my $sec_net = $sec_range->ip(); diff --git a/bootstrap/make-named.pl b/bootstrap/make-named.pl index a9ea02d..4812d81 100755 --- a/bootstrap/make-named.pl +++ b/bootstrap/make-named.pl @@ -42,8 +42,8 @@ chomp $run; print NFILE <<EOF; // This named.conf was generated by make-named.pl at $run // The current version of make-named.pl should not overwrite this file. -acl tg-nett { $nms::config::base_ipv4net; $nms::config::base_ipv6net; $nms::config::extra_net; 127.0.0.0/8; ::1; }; -acl ns-xfr { $nms::config::sec_v4; $nms::config::sec_v6; $nms::config::pri_v4; $nms::config::pri_v6; $nms::config::noc_nett; }; +acl tg-nett { $nms::config::base_ipv4net; $nms::config::base_ipv6net; $nms::config::rec_net; 127.0.0.0/8; ::1; }; +acl ns-xfr { $nms::config::sec_v4; $nms::config::sec_v6; $nms::config::pri_v4; $nms::config::pri_v6; $nms::config::noc_net; }; acl ext-xfr { $nms::config::ext_xfer; }; options { diff --git a/bootstrap/make-pxeboot.sh b/bootstrap/make-pxeboot.sh index e9ad8a6..f5e603f 100755 --- a/bootstrap/make-pxeboot.sh +++ b/bootstrap/make-pxeboot.sh @@ -21,12 +21,13 @@ END mkdir -p /var/lib/tftpboot +cd ~/tgmanage # NOTE, this step depends on an SCP of basic content from the bootstrap... # This should be done by bootstrap/update-tools ... -cp -R ~/tgmanage/pxe/* /var/lib/tftpboot +cp -R pxe/* /var/lib/tftpboot -~/tgmanage/bootstrap/fetch-debinstall.sh /var/lib/tftpboot/debian -# tools/fetch-ubuntulive.sh <- this tool does not exist xD +bootstrap/fetch-debinstall.sh /var/lib/tftpboot/debian +# bootstrap/fetch-ubuntulive.sh <- this tool does not exist xD # NOTE! The pxe/ directory contains an 'ubuntu' menu... # The files required to booting Ubuntu installer or live # must be fetched manually (for now) diff --git a/bootstrap/make-reverse4-files.pl b/bootstrap/make-reverse4-files.pl index bbb2d7c..be4ad99 100755 --- a/bootstrap/make-reverse4-files.pl +++ b/bootstrap/make-reverse4-files.pl @@ -1,5 +1,6 @@ #!/usr/bin/perl -I /root/tgmanage use strict; +use Net::IP; BEGIN { require "include/config.pm"; @@ -8,14 +9,7 @@ BEGIN { }; } - -use Net::IP; -use Net::IP qw(:PROC); - -# FIXME: THIS IS NOT APPRORPIATE! -my $serial = `date +%Y%m%d01`; -chomp $serial; -# FIXME +my $serial = strftime("%Y%m%d", localtime(time())) . "01"; unless ( (($#ARGV == 0 ) || ( $#ARGV == 1)) && (( $ARGV[0] eq "master" ) || ( $ARGV[0] eq "slave" )) ) @@ -30,31 +24,19 @@ my $base = "/etc"; $base = $ARGV[1] if $#ARGV == 1; $base .= "/" if not $base =~ m/\/$/ and not $base eq ""; - my $bind_base = $base . "bind/"; my $dhcpd_base = $base . "dhcp/"; - my $dhcp_revzones_file = $dhcpd_base . "revzones.conf"; my $bind_pri_revzones_file = $bind_base . "named.reverse4.conf"; my $bind_sec_revzones_file = $bind_base . "named.slave-reverse4.conf"; -my $tgname = $nms::config::tgname; - -my $pri_hostname = $nms::config::pri_hostname; my $pri_v4 = $nms::config::pri_v4; my $pri_v6 = $nms::config::pri_v6; -my $sec_hostname = $nms::config::sec_hostname; my $sec_v4 = $nms::config::sec_v4; my $sec_v6 = $nms::config::sec_v6; -my $ext_xfer = $nms::config::ext_xfer; - -my $ddns_key = $nms::config::ddns_key; - -my $ddns_to = $nms::config::ddns_to; - -my $base_ipv4 = new Net::IP( $nms::config::base_ipv4net ); +my $base_ipv4 = Net::IP->new($nms::config::base_ipv4net) or die ("base_v4 fail"); my ($p_oct, $s_oct, $t_oct) = ($nms::config::base_ipv4net =~ m/^(\d+)\.(\d+)\.(\d+)\..*/); $pri_v4 =~ m/^(\d+)\.(\d+)\.(\d+)\.(\d+).*/; @@ -89,13 +71,13 @@ while (1) # Generating IPv4-related reverse-stuff for # both bind9 and dhcp on master. - print DFILE "zone " . $rev_zone . " { primary " . $ddns_to . "; key DHCP_UPDATER; }\n"; + print DFILE "zone " . $rev_zone . " { primary " . $nms::config::ddns_to . "; key DHCP_UPDATER; }\n"; print NFILE "zone \"". $rev_zone ."\" {\n"; print NFILE " type master;\n"; print NFILE " allow-update { key DHCP_UPDATER; };\n"; print NFILE " notify yes;\n"; - print NFILE " allow-transfer { $sec_v4; $ext_xfer; $nms::config::noc_nett; };\n"; + print NFILE " allow-transfer { ns-xfr; ext-xfr; };\n"; print NFILE " file \"reverse/". $rev_zone .".zone\";\n"; print NFILE "};\n\n"; @@ -106,25 +88,25 @@ while (1) print ZFILE <<"EOF"; ; Base reverse zones are updated from dhcpd -- DO NOT TOUCH! \$TTL 3600 -@ IN SOA $pri_hostname.$tgname.gathering.org. abuse.gathering.org. ( +@ IN SOA $nms::config::pri_hostname.$nms::config::tgname.gathering.org. abuse.gathering.org. ( $serial ; serial 3600 ; refresh 1800 ; retry 608400 ; expire 3600 ) ; minimum and default TTL - IN NS $pri_hostname.$tgname.gathering.org. - IN NS $sec_hostname.$tgname.gathering.org. + IN NS $nms::config::pri_hostname.$nms::config::tgname.gathering.org. + IN NS $nms::config::sec_hostname.$nms::config::tgname.gathering.org. \$ORIGIN $rev_zone. EOF if ( ($pt_oct == $t_oct) && ($ps_oct == $s_oct) ) { - print ZFILE $pf_oct . " IN PTR $pri_hostname.$tgname.gathering.org.\n"; + print ZFILE $pf_oct . " IN PTR $nms::config::pri_hostname.$nms::config::tgname.gathering.org.\n"; } if ( ($st_oct == $t_oct) && ($ss_oct == $s_oct) ) { - print ZFILE $sf_oct . " IN PTR $sec_hostname.$tgname.gathering.org.\n"; + print ZFILE $sf_oct . " IN PTR $nms::config::sec_hostname.$nms::config::tgname.gathering.org.\n"; } } else @@ -136,7 +118,7 @@ EOF print SFILE " notify no;\n"; print SFILE " file \"slave/". $rev_zone .".cache\";\n"; print SFILE " masters { bootstrap; };\n"; - print SFILE " allow-transfer { $ext_xfer; $nms::config::noc_nett; };\n"; + print SFILE " allow-transfer { ns-xfr; ext-xfr; };\n"; print SFILE "};\n\n"; } diff --git a/bootstrap/update-tools.sh b/bootstrap/update-tools.sh index 9878f8f..2b931ff 100755 --- a/bootstrap/update-tools.sh +++ b/bootstrap/update-tools.sh @@ -20,6 +20,7 @@ scp -r tools root@${SECONDARY}:tgmanage/ scp -r include root@${PRIMARY}:tgmanage/ scp -r include root@${SECONDARY}:tgmanage/ -export $TGNAME +# use last years example files +export TGNAME last_year=`perl -e '($y)=($ENV{TGNAME} =~ m/^tg(\d\d)$/); $y--; print "tg$y"'` scp -r examples/$last_year/pxe root@${SECONDARY}:tgmanage/ diff --git a/include/config.pm.dist b/include/config.pm.dist index fdf68a1..6539c92 100755 --- a/include/config.pm.dist +++ b/include/config.pm.dist @@ -41,12 +41,12 @@ our $sec_net = "151.216.253.0/24"; # network that secondary server is in our $ext_xfer = "193.0.0.0/22; 2001:610:240::/48; 2001:67c:2e8::/48"; # allow XFR from NOC -our $noc_nett = "151.216.252.0/24; 2a02:ed02:252::/64"; +our $noc_net = "151.216.252.0/24; 2a02:ed02:252::/64"; # To generate new dnssec-key for ddns: # dnssec-keygen -a HMAC-MD5 -b 128 -n HOST DHCP_UPDATER our $ddns_key = "<removed>"; -our $ddns_to = "127.0.0.1"; +our $ddns_to = "127.0.0.1"; # just use localhost # Base networks our $base_ipv4net = "151.216.128.0/17"; @@ -54,7 +54,8 @@ our $base_ipv6net = "2a02:ed02::/32"; our $ipv6zone = "2.0.d.e.2.0.a.2.ip6.arpa"; # extra networks that are outside the normal ranges -our $extra_net = "185.12.59.0/24"; +# that should have recursive DNS access +our $rec_net = "185.12.59.0/24"; # add WLC's our $wlc1 = "151.216.253.21"; |