diff options
| -rwxr-xr-x | bootstrap/install-dependencies.sh | 3 | ||||
| -rwxr-xr-x | bootstrap/make-dhcpd.pl | 66 | ||||
| -rwxr-xr-x | bootstrap/make-dhcpd6.pl | 79 | ||||
| -rwxr-xr-x | bootstrap/make-missing-conf.pl | 154 | ||||
| -rwxr-xr-x | include/config.pm.dist | 22 | ||||
| -rw-r--r-- | netlist.txt | 2 | ||||
| -rwxr-xr-x | tools/generate-rowdns.pl | 5 |
7 files changed, 190 insertions, 141 deletions
diff --git a/bootstrap/install-dependencies.sh b/bootstrap/install-dependencies.sh index 4edb01f..3941858 100755 --- a/bootstrap/install-dependencies.sh +++ b/bootstrap/install-dependencies.sh @@ -25,7 +25,8 @@ apt-get -y install \ perl-modules \ libdbi-perl \ libdbd-pg-perl \ - libnet-telnet-perl + libnet-telnet-perl \ + libnetaddr-ip-perl if [ "${ROLE}" == "boot" ]; then # Install-tasks specific for the _bootstrab box_ here diff --git a/bootstrap/make-dhcpd.pl b/bootstrap/make-dhcpd.pl index 802c2ad..d5f49cc 100755 --- a/bootstrap/make-dhcpd.pl +++ b/bootstrap/make-dhcpd.pl @@ -21,42 +21,86 @@ my $dhcpd_wlc_conf = $dhcpd_base . "v4-wlc.conf"; my $dhcpd_voip_conf = $dhcpd_base . "v4-voip.conf"; # primary -my $pri_range = Net::IP->new($nms::config::pri_net) or die ("pri_range fail"); +my $pri_range = Net::IP->new($nms::config::pri_net_v4) or die ("pri_range fail"); my $pri_mask = $pri_range->mask(); my $pri_net = $pri_range->ip(); # secondary -my $sec_range = Net::IP->new($nms::config::sec_net) or die ("sec_range fail"); +my $sec_range = Net::IP->new($nms::config::sec_net_v4) or die ("sec_range fail"); my $sec_mask = $sec_range->mask(); my $sec_net = $sec_range->ip(); +(my $sec_last = NetAddr::IP->new($v4_net)->last()) =~ s/\/[0-9]{1,2}//; +(my $sec_gw = NetAddr::IP->new($v4_net)->first()) =~ s/\/[0-9]{1,2}//; +my $sec_num = NetAddr::IP->new($v4_net)->num(); +my $sec_n = $sec_num - int($sec_num / 4); # don't use more than 1/4 of the net for DHCP +(my $sec_first = NetAddr::IP->new($v4_net)->nth($sec_n)) =~ s/\/[0-9]{1,2}//; -# Create PXE-boot configuration file for DHCP +# Create main configuration file for DHCP if ( not -f $dhcpd_conf ) { print STDERR "Creating file " . $dhcpd_conf . "\n"; open DHCPDFILE, ">" . $dhcpd_conf or die ( $! . " " . $dhcpd_conf); + my $network = Net::IP->new($v4_net)->ip(); + my $netmask = Net::IP->new($v4_net)->mask(); + (my $first = NetAddr::IP->new($v4_net)->nth(3)) =~ s/\/[0-9]{1,2}//; # we reserve the three first addresses + (my $last = NetAddr::IP->new($v4_net)->last()) =~ s/\/[0-9]{1,2}//; + (my $gw = NetAddr::IP->new($v4_net)->first()) =~ s/\/[0-9]{1,2}//; + print DHCPDFILE <<"EOF"; # GENERATED BY make-dhcpd.pl -# -# Central concept: as little config in the main .conf, -# include almost everything from separate files.. -# -# log-facility local7; -option domain-name "$nms::config::tgname.gathering.org"; -option domain-name-servers $nms::config::pri_v4, $nms::config::sec_v4; + +# 60 min leasetime, 120 min max default-lease-time 3600; max-lease-time 7200; + +# make server authorative authoritative; +# Don't let clients set their own FQDN +ignore client-updates; + +# enable DDNS ddns-update-style interim; + +# set ddns-hostname +if exists host-name { + ddns-hostname = lcase(option host-name); +} elsif exists fqdn.hostname { + ddns-hostname = lcase(option fqdn.hostname); +} else { + ddns-hostname = binary-to-ascii(10, 8, "-", leased-address); +} + +# Domain name (unless overriden elsewhere) +option domain-name "$nms::config::tgname.gathering.org"; +option domain-name-servers $nms::config::pri_v4, $nms::config::sec_v4; + key DHCP_UPDATER { algorithm HMAC-MD5.SIG-ALG.REG.INT; secret $nms::config::ddns_key; } +# Servernetwork, Tele subnet $pri_net netmask $pri_mask {} -subnet $sec_net netmask $sec_mask {} + +# Servernetwork, NOC +# Add small range at the end for PXE +subnet $sec_net netmask $sec_mask { + option subnet-mask $sec_mask; + option routers $sec_gw; + + # No DDNS + ddns-updates off; + ddns-hostname = none; + ddns-domainname = none; + + # supershort leasetime + default-lease-time 300; + max-lease-time 600; + + range $sec_first $sec_last; +} include "/etc/dhcp/v4-revzones.conf"; include "/etc/dhcp/v4-generated-include.conf"; diff --git a/bootstrap/make-dhcpd6.pl b/bootstrap/make-dhcpd6.pl index e27e0f4..328190a 100755 --- a/bootstrap/make-dhcpd6.pl +++ b/bootstrap/make-dhcpd6.pl @@ -15,20 +15,13 @@ $base = $ARGV[0] if $#ARGV > -1; $base .= "/" if not $base =~ m/\/$/ and not $base eq ""; my $dhcpd_base = $base . "dhcp/"; -my $dhcpd_conf = $dhcpd_base . "dhcpd.conf"; +my $dhcpd_conf = $dhcpd_base . "dhcpd6.conf"; my $dhcpd_pxeconf = $dhcpd_base . "v6-pxe-boot.conf"; my $dhcpd_wlc_conf = $dhcpd_base . "v6-wlc.conf"; my $dhcpd_voip_conf = $dhcpd_base . "v6-voip.conf"; -# primary -my $pri_range = Net::IP->new($nms::config::pri_net) or die ("pri_range fail"); -my $pri_mask = $pri_range->mask(); -my $pri_net = $pri_range->ip(); - -# secondary -my $sec_range = Net::IP->new($nms::config::sec_net) or die ("sec_range fail"); -my $sec_mask = $sec_range->mask(); -my $sec_net = $sec_range->ip(); +my $sec_net = Net::IP->new($nms::config::sec_net_v6)->short(); +my ($sec_first, $sec_last) = ("5000", "9999"); # Create PXE-boot configuration file for DHCP if ( not -f $dhcpd_conf ) @@ -37,26 +30,66 @@ if ( not -f $dhcpd_conf ) open DHCPDFILE, ">" . $dhcpd_conf or die ( $! . " " . $dhcpd_conf); print DHCPDFILE <<"EOF"; -# GENERATED BY make-dhcpd.pl -# -# Central concept: as little config in the main .conf, -# include almost everything from separate files.. -# -# log-facility local7; -option domain-name "$nms::config::tgname.gathering.org"; -option domain-name-servers $nms::config::pri_v4, $nms::config::sec_v4; -default-lease-time 3600; -max-lease-time 7200; +# GENERATED BY make-dhcpd6.pl + +# IPv6 address valid lifetime +# (at the end the address is no longer usable by the client) +# (set to 30 days, the usual IPv6 default) +default-lease-time 2592000; + +# IPv6 address preferred lifetime +# (at the end the address is deprecated, i.e., the client should use +# other addresses for new connections) +# (set to 7 days, the usual IPv6 default) +preferred-lifetime 604800; + +# T1, the delay before Renew +# (default is 1/2 preferred lifetime) +# (set to 1 hour) +option dhcp-renewal-time 3600; + +# T2, the delay before Rebind (if Renews failed) +# (default is 3/4 preferred lifetime) +# (set to 2 hours) +option dhcp-rebinding-time 7200; + +# Enable RFC 5007 support +allow leasequery; + +# Set preference to 255 (maximum) in order to avoid waiting for +# additional servers when there is only one +option dhcp6.preference 255; + +# Server side command to enable rapid-commit (2 packet exchange) +option dhcp6.rapid-commit; + +# The delay before information-request refresh +# (minimum is 10 minutes, maximum one day, default is to not refresh) +# (set to 6 hours) +option dhcp6.info-refresh-time 21600; + +# Don't let clients set their own FQDN +ignore client-updates; + +# disable ddns +ddns-update-style none; + +# make server authorative authoritative; -ddns-update-style interim; +# Global definitions for name server address(es) and domain search list +option domain-name "$nms::config::tgname.gathering.org"; +option domain-name-servers $nms::config::pri_v6, $nms::config::sec_v6; + key DHCP_UPDATER { algorithm HMAC-MD5.SIG-ALG.REG.INT; secret $nms::config::ddns_key; } -subnet $pri_net netmask $pri_mask {} -subnet $sec_net netmask $sec_mask {} +subnet6 $nms::config::pri_net_v6 {} +subnet6 $nms::config::sec_net_v6 { + range6 ${sec_net}${sec_first} ${sec_net}${sec_last}; +} include "/etc/dhcp/v6-generated-include.conf"; include "$dhcpd_pxeconf"; diff --git a/bootstrap/make-missing-conf.pl b/bootstrap/make-missing-conf.pl index e45a473..ae28d73 100755 --- a/bootstrap/make-missing-conf.pl +++ b/bootstrap/make-missing-conf.pl @@ -1,6 +1,7 @@ #!/usr/bin/perl -I /root/tgmanage use strict; use Net::IP; +use NetAddr::IP; BEGIN { require "include/config.pm"; @@ -44,62 +45,42 @@ while ( <STDIN> ){ # <v4 net> <v6 net> <network-name> # 151.216.129.0/26 2a02:ed02:129a::/64 noc # we assume not smaller than /64 on v6 - die ("Invalid format on input") if not $line =~ m/^((\d+\.){3}\d+\/\d+)\s+(([a-fA-F0-9]+\:){1,4}\:\/\d+)\s+([\w|-]+).*/; + die ("Invalid format on input.\n") if not $line =~ m/^((\d+\.){3}\d+\/\d+)\s+(([a-fA-F0-9]+\:){1,4}\:\/\d+)\s+([\w|-]+).*/; my ( $v4_net, $v6_net, $name ) = ( $1, $3, $5 ); my $master_config = $bind_conf_master . $name . ".conf"; my $slave_config = $bind_conf_slave . $name . ".conf"; my $zone_file = $bind_base . "dynamic/$name.$nms::config::tgname.gathering.org.zone"; - - my $v4_range = Net::IP->new( $v4_net ) or die ("v4_net fail"); - my $v6_range = Net::IP->new( $v6_net ) or die ("v6_net fail"); # DHCP4 my $dhcp_dynconf_dir = $dhcpd_base . "conf-v4/"; my $dhconfig = $dhcp_dynconf_dir . $name . ".conf"; - if ( not -f $dhconfig ) - { + if ( not -f $dhconfig ){ print STDERR "Creating file " . $dhconfig . "\n"; - my $numhosts = $range->size(); - my $mask = $range->mask(); - my $router = $net_base . "." . ($f_oct+1); - my $first = $net_base . "." . ( $f_oct + 5 ); - - my $last = $first; - if ( $size < 24 ) - { - # Net::IP iteration is crazyslow. So, we stopped using iterations. - my $last_ip = $range->last_ip(); - $last_ip =~ m/(\d+)\.(\d+)\.(\d+)\.(\d+)/; - $last = sprintf("%d.%d.%d.%d", $1, $2, $3, $4-2); - } - else { $last = $net_base . "." . ( $f_oct + $numhosts - 2 ); } - - #print STDERR "Name : " . $name . "\n"; - #print STDERR "Net : " . $net . "\n"; - #print STDERR "Mask : " . $mask . "\n"; - #print STDERR "Router : " . $router . "\n"; - #print STDERR "Size : " . $size . "\n"; - #print STDERR "Numhosts : " . $numhosts . "\n"; - #print STDERR "First : " . $first . "\n"; - #print STDERR "Last : " . $last . "\n"; + + my $network = Net::IP->new($v4_net)->ip(); + my $netmask = Net::IP->new($v4_net)->mask(); + (my $first = NetAddr::IP->new($v4_net)->nth(3)) =~ s/\/[0-9]{1,2}//; # we reserve the three first addresses + (my $last = NetAddr::IP->new($v4_net)->last()) =~ s/\/[0-9]{1,2}//; + (my $gw = NetAddr::IP->new($v4_net)->first()) =~ s/\/[0-9]{1,2}//; open DFILE, ">" . $dhconfig or die ( $! . " " . $dhconfig); - print DFILE "zone $name.$nms::config::tgname.gathering.org {\n"; - print DFILE " primary $nms::config::ddns_to;\n"; - print DFILE " key DHCP_UPDATER;\n"; - print DFILE "}\n\n"; + print DFILE <<"EOF"; +zone $name.$nms::config::tgname.gathering.org { + primary $nms::config::ddns_to; + key DHCP_UPDATER; +} +subnet $network netmask $netmask { + option subnet-mask $netmask; + option routers $gw; + option domain-name "$name.$nms::config::tgname.gathering.org"; + ddns-domainname "$name.$nms::config::tgname.gathering.org"; + range $first $last; +} - print DFILE "subnet $net netmask $mask {\n"; - print DFILE " authoritative;\n"; - print DFILE " option routers $router;\n"; - print DFILE " option domain-name \"$name.$nms::config::tgname.gathering.org\";\n"; - print DFILE " ddns-domainname \"$name.$nms::config::tgname.gathering.org\";\n"; - print DFILE " range $first $last;\n"; - print DFILE " ignore client-updates;\n"; - print DFILE "}\n\n"; +EOF close DFILE; } @@ -108,48 +89,24 @@ while ( <STDIN> ){ my $dhcp_dynconf_dir = $dhcpd_base . "conf-v6/"; my $dhconfig = $dhcp_dynconf_dir . $name . ".conf"; - if ( not -f $dhconfig ) - { + if ( not -f $dhconfig ){ print STDERR "Creating file " . $dhconfig . "\n"; - my $numhosts = $range->size(); - my $mask = $range->mask(); - my $router = $net_base . "." . ($f_oct+1); - my $first = $net_base . "." . ( $f_oct + 5 ); - - my $last = $first; - if ( $size < 24 ) - { - # Net::IP iteration is crazyslow. So, we stopped using iterations. - my $last_ip = $range->last_ip(); - $last_ip =~ m/(\d+)\.(\d+)\.(\d+)\.(\d+)/; - $last = sprintf("%d.%d.%d.%d", $1, $2, $3, $4-2); - } - else { $last = $net_base . "." . ( $f_oct + $numhosts - 2 ); } - - #print STDERR "Name : " . $name . "\n"; - #print STDERR "Net : " . $net . "\n"; - #print STDERR "Mask : " . $mask . "\n"; - #print STDERR "Router : " . $router . "\n"; - #print STDERR "Size : " . $size . "\n"; - #print STDERR "Numhosts : " . $numhosts . "\n"; - #print STDERR "First : " . $first . "\n"; - #print STDERR "Last : " . $last . "\n"; - - open DFILE, ">" . $dhconfig or die ( $! . " " . $dhconfig); + + my $network = Net::IP->new($v6_net)->short(); + my ($first, $last) = ("1000", "9999"); + + print DFILE <<"EOF"; +zone $name.$nms::config::tgname.gathering.org { + primary $nms::config::ddns_to; + key DHCP_UPDATER; +} +subnet6 $v6_net { + option domain-name "$name.$nms::config::tgname.gathering.org"; - print DFILE "zone $name.$nms::config::tgname.gathering.org {\n"; - print DFILE " primary $nms::config::ddns_to;\n"; - print DFILE " key DHCP_UPDATER;\n"; - print DFILE "}\n\n"; + range6 ${network}${first} ${network}${last}; +} - print DFILE "subnet $net netmask $mask {\n"; - print DFILE " authoritative;\n"; - print DFILE " option routers $router;\n"; - print DFILE " option domain-name \"$name.$nms::config::tgname.gathering.org\";\n"; - print DFILE " ddns-domainname \"$name.$nms::config::tgname.gathering.org\";\n"; - print DFILE " range $first $last;\n"; - print DFILE " ignore client-updates;\n"; - print DFILE "}\n\n"; +EOF close DFILE; } @@ -182,27 +139,32 @@ EOF $bind_file = $slave_config if ( $role eq "slave"); die ("WTF, role does not match 'master' or 'slave'" ) if ( $bind_file eq ""); - if ( not -f $bind_file ) - { + if ( not -f $bind_file ){ print STDERR "Creating file " . $bind_file . "\n"; open NFILE, ">" . $bind_file or die ( $! . " " . $bind_file); - print NFILE "zone \"$name.$nms::config::tgname.gathering.org\" {\n"; + print NFILE <<"EOF"; +zone "$name.$nms::config::tgname.gathering.org" { + allow-transfer { ns-xfr; }; +EOF + if ( $role eq "master" ) { - print NFILE " type master;\n"; - print NFILE " notify yes;\n"; - print NFILE " allow-update { key DHCP_UPDATER; };\n"; - print NFILE " file \"dynamic/$name.$nms::config::tgname.gathering.org.zone\";\n"; - } - else - { - print NFILE " type slave;\n"; - print NFILE " notify no;\n"; - print NFILE " masters { bootstrap; };\n"; - print NFILE " file \"slave/$name.$nms::config::tgname.gathering.org.zone\";\n"; + print NFILE <<"EOF"; + type master; + notify yes; + allow-update { key DHCP_UPDATER; }; + file "dynamic/$name.$nms::config::tgname.gathering.org.zone"; +}; +EOF + } else { + print NFILE <<"EOF"; + type slave; + notify no; + masters { master_ns; }; + file "slave/$name.$nms::config::tgname.gathering.org.zone"; +}; +EOF } - print NFILE " allow-transfer { ns-xfr; };\n"; - print NFILE "};\n"; close NFILE; } diff --git a/include/config.pm.dist b/include/config.pm.dist index 041a7da..65e5650 100755 --- a/include/config.pm.dist +++ b/include/config.pm.dist @@ -25,16 +25,18 @@ our $snmp_community = "<removed>"; our $telnet_timeout = 30; # IP/IPv6/DNS-info -our $tgname = "tg14"; -our $pri_hostname = "brad"; -our $pri_v4 = "151.216.254.2"; -our $pri_v6 = "2a02:ed02:254::2"; -our $pri_net = "151.216.254.0/24"; # network that primary server is in - -our $sec_hostname = "janet"; -our $sec_v4 = "151.216.253.2"; -our $sec_v6 = "2a02:ed02:253::2"; -our $sec_net = "151.216.253.0/24"; # network that secondary server is in +our $tgname = "tg14"; +our $pri_hostname = "brad"; +our $pri_v4 = "151.216.254.2"; +our $pri_v6 = "2a02:ed02:254::2"; +our $pri_net_v4 = "151.216.254.0/24"; +our $pri_net_v6 = "2a02:ed02:1ee7::/64"; + +our $sec_hostname = "janet"; +our $sec_v4 = "151.216.253.2"; +our $sec_v6 = "2a02:ed02:253::2"; +our $sec_net_v4 = "151.216.253.0/24"; +our $sec_net_v6 = "2a02:ed02:1337::/64"; # for RIPE to get reverse zones via DNS AXFR # https://www.ripe.net/data-tools/dns/reverse-dns/how-to-set-up-reverse-delegation diff --git a/netlist.txt b/netlist.txt index 62fc8b8..00651c7 100644 --- a/netlist.txt +++ b/netlist.txt @@ -1,3 +1,5 @@ +# make netlist.txt from switches.txt; +# cat switches.txt | perl -lne '($n,$v4,$v6)=split;print "$v4 $v6 $n";' 151.216.177.0 25 komplett 151.216.183.0 24 lounge 151.216.185.0 25 flanke diff --git a/tools/generate-rowdns.pl b/tools/generate-rowdns.pl index 157d43b..d58991f 100755 --- a/tools/generate-rowdns.pl +++ b/tools/generate-rowdns.pl @@ -19,6 +19,11 @@ if (@ARGV > 0) { ) } +# Use this to generate nsupdate for all edge switches +# Expects input from switches.txt (run multiple times if several switches.txt) + +# TODO: Needs to be rewritten to use new switches.txt + print "server $nms::config::pri_v4\n"; while (<STDIN>) |