2018-07-27 15:51:10 -05:00
|
|
|
#!/bin/bash
|
2018-07-26 03:57:41 -05:00
|
|
|
# postinst script for #PACKAGE#
|
|
|
|
#
|
|
|
|
# see: dh_installdeb(1)
|
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
set -xe
|
2018-07-26 03:57:41 -05:00
|
|
|
|
|
|
|
# summary of how this script can be called:
|
|
|
|
# * <postinst> `configure' <most-recently-configured-version>
|
|
|
|
# * <old-postinst> `abort-upgrade' <new version>
|
|
|
|
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
|
|
|
|
# <new-version>
|
|
|
|
# * <postinst> `abort-remove'
|
|
|
|
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
|
|
|
|
# <failed-install-package> <version> `removing'
|
|
|
|
# <conflicting-package> <version>
|
|
|
|
# for details, see https://www.debian.org/doc/debian-policy/ or
|
|
|
|
# the debian-policy package
|
|
|
|
|
|
|
|
case "$1" in
|
|
|
|
configure)
|
|
|
|
|
2018-07-28 15:52:38 -05:00
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
IFCONFIG="/etc/network/interfaces"
|
|
|
|
UDEVCONFIG="/etc/udev/rules.d/70-persistent-net.rules"
|
|
|
|
FRRCONFIG="/etc/frr/frr.conf.wit"
|
|
|
|
|
2018-10-18 15:12:43 -05:00
|
|
|
|
|
|
|
HOSTNAME=edge2.usw2.admin.wit.com
|
2018-10-16 15:44:57 -05:00
|
|
|
IFCONFIG="/tmp/interfaces"
|
|
|
|
UDEVCONFIG="/tmp/70-persistent-net.rules"
|
|
|
|
FRRCONFIG="/tmp/frr.conf.wit"
|
|
|
|
cp files/frr.conf.wit /tmp
|
|
|
|
|
|
|
|
|
2018-10-09 13:06:28 -05:00
|
|
|
## START gather all the info from the box and generate the variabels
|
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
dig_txt() {
|
2018-10-18 15:12:43 -05:00
|
|
|
TMPDIG=$(dig txt +short $1)
|
2018-10-16 15:44:57 -05:00
|
|
|
[ -z $TMPDIG ] && exit 2
|
2018-10-18 15:12:43 -05:00
|
|
|
TMPDIG=${TMPDIG//\//\\\/}
|
|
|
|
TMPDIG=${TMPDIG//\"/} #" fix the god damn syntax highlighter
|
|
|
|
echo ${TMPDIG}
|
2018-10-16 15:44:57 -05:00
|
|
|
}
|
|
|
|
|
2018-10-09 13:06:28 -05:00
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
LOOPBACKv4=$(dig a +short ${HOSTNAME})
|
|
|
|
LOOPBACKv6=$(dig aaaa +short ${HOSTNAME})
|
2018-10-18 15:12:43 -05:00
|
|
|
NODEASN=$(dig_txt asn.${HOSTNAME})
|
2018-10-09 11:23:52 -05:00
|
|
|
|
|
|
|
if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ] || [ -z $NODEASN ]; then
|
|
|
|
echo "unable to find my LOOPBACK IP and/or ASN: $LOOPBACKv4/$LOOPBACKv6/$NODEASN"
|
|
|
|
exit 2
|
2018-09-09 05:58:45 -05:00
|
|
|
fi
|
2018-08-09 07:42:42 -05:00
|
|
|
|
2018-08-09 05:18:19 -05:00
|
|
|
|
2018-07-28 15:52:38 -05:00
|
|
|
## END variables
|
|
|
|
|
|
|
|
|
2018-10-09 13:06:28 -05:00
|
|
|
## START nic config compile
|
2018-07-27 15:34:21 -05:00
|
|
|
|
2018-08-02 10:45:52 -05:00
|
|
|
|
2018-10-09 13:06:28 -05:00
|
|
|
# wiping existing config in prep for de-deploying it
|
|
|
|
mv -f ${IFCONFIG} ${IFCONFIG}.dpkg-old || true
|
|
|
|
mv -f ${UDEVCONFIG} ${UDEVCONFIG}.dpkg-old || true
|
2018-07-27 05:39:47 -05:00
|
|
|
|
2018-09-25 16:24:42 -05:00
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
|
|
|
|
|
|
|
|
|
2018-10-09 13:06:28 -05:00
|
|
|
# write loopback config
|
2018-10-16 15:44:57 -05:00
|
|
|
cat <<-EOF >>$IFCONFIG
|
2018-09-09 05:58:45 -05:00
|
|
|
auto lo
|
|
|
|
iface lo inet loopback
|
|
|
|
|
|
|
|
iface lo inet static
|
|
|
|
address ${LOOPBACKv4}/32
|
2018-10-08 11:20:48 -05:00
|
|
|
|
2018-09-09 05:58:45 -05:00
|
|
|
iface lo inet6 static
|
|
|
|
address ${LOOPBACKv6}/128
|
2018-10-09 13:46:35 -05:00
|
|
|
|
|
|
|
|
2018-09-09 05:58:45 -05:00
|
|
|
EOF
|
|
|
|
|
|
|
|
|
2018-10-09 13:06:28 -05:00
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
# gathering defined interfaces
|
|
|
|
FRR_IFS="!"
|
|
|
|
for if in mgmt feth up ibgp gre; do
|
|
|
|
for i in {1..2}; do #### for now we support/cound only to 2 interfaces of each type, we can just raise this to whatever number we want (exeption mgmt)
|
|
|
|
ifname=${if}${i}
|
2018-10-18 15:12:43 -05:00
|
|
|
ifalias=$(dig_txt name.${ifname}.${HOSTNAME}) || true ## still thinking how to do this cleaner
|
2018-10-16 15:44:57 -05:00
|
|
|
|
|
|
|
if [[ $ifname = gre? ]] && [[ ! -z $ifalias ]]; then
|
2018-10-18 15:12:43 -05:00
|
|
|
ifmtu=$(dig_txt mtu.${ifname}.${HOSTNAME})
|
|
|
|
local=$(dig_txt local.${ifname}.${HOSTNAME})
|
|
|
|
remote=$(dig_txt remote.${ifname}.${HOSTNAME})
|
2018-10-16 15:44:57 -05:00
|
|
|
|
|
|
|
## build FRR interface config to enable ND adv for ipv6 unmanaged
|
|
|
|
FRR_IFS="$FRR_IFS\ninterface $ifname"
|
|
|
|
FRR_IFS="$FRR_IFS\n description $ifalias"
|
|
|
|
FRR_IFS="$FRR_IFS\n ipv6 nd ra-interval 10"
|
|
|
|
FRR_IFS="$FRR_IFS\n no ipv6 nd suppress-ra\n!"
|
2018-10-09 13:06:28 -05:00
|
|
|
|
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
## build FRR neightbor interfaces
|
2018-10-18 15:12:43 -05:00
|
|
|
FRR_NEIGH=" !!! neighbor $ifname interface peer-group GRE\n$FRR_NEIGH"
|
2018-10-16 15:44:57 -05:00
|
|
|
|
|
|
|
|
|
|
|
## build regular linux network interface config
|
2018-10-09 13:06:28 -05:00
|
|
|
cat <<-EOF >>$IFCONFIG
|
2018-10-16 15:44:57 -05:00
|
|
|
auto $ifname
|
|
|
|
iface $ifname inet manual
|
|
|
|
## $ifalias
|
|
|
|
pre-up ip tunnel add $ifname mode gre local $local remote $remote
|
|
|
|
down ip tunnel del $ifname
|
|
|
|
mtu $ifmtu
|
|
|
|
|
|
|
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
## physical interfaces
|
2018-10-18 15:12:43 -05:00
|
|
|
ifmac=$(dig_txt mac.${ifname/mgmt1/mgmt}.${HOSTNAME}) || continue ## skip undefined interfaces
|
2018-10-16 15:44:57 -05:00
|
|
|
|
|
|
|
|
|
|
|
echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=='${ifmac}', ATTR{type}=="1", NAME="'${ifname}'"' >>$UDEVCONFIG
|
|
|
|
|
|
|
|
|
|
|
|
if [[ $ifname = up? ]]; then
|
|
|
|
|
2018-10-18 15:12:43 -05:00
|
|
|
ipv4=$(dig_txt ipv4.$ifname.${HOSTNAME})
|
|
|
|
ipv6=$(dig_txt ipv6.$ifname.${HOSTNAME})
|
|
|
|
peerv4=$(dig_txt peerv4.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available
|
|
|
|
peerv6=$(dig_txt peerv6.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available
|
2018-10-16 15:44:57 -05:00
|
|
|
|
|
|
|
|
2018-10-18 15:12:43 -05:00
|
|
|
## if this code gets executed even once we have a upX interface, meaning were dealing with an edge box
|
2018-10-16 15:44:57 -05:00
|
|
|
|
|
|
|
|
|
|
|
|
2018-10-18 15:12:43 -05:00
|
|
|
[ -z $peerv4 ] || FRR_NEIGH=" !!! neighbor $peerv4 peer-group eBGPv4\n$FRR_NEIGH"
|
|
|
|
[ -z $peerv6 ] || FRR_NEIGH=" !!! neighbor $peerv6 peer-group eBGPv6\n$FRR_NEIGH"
|
2018-10-16 15:44:57 -05:00
|
|
|
|
|
|
|
|
|
|
|
cat <<-EOF >>$IFCONFIG
|
|
|
|
auto $ifname
|
|
|
|
iface $ifname inet static
|
|
|
|
address $ipv4
|
2018-10-09 13:06:28 -05:00
|
|
|
mtu 9000
|
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
iface $ifname inet6 static
|
|
|
|
address $ipv6
|
|
|
|
|
2018-10-09 13:06:28 -05:00
|
|
|
|
|
|
|
EOF
|
2018-10-16 15:44:57 -05:00
|
|
|
|
2018-10-09 13:06:28 -05:00
|
|
|
fi
|
2018-09-09 05:58:45 -05:00
|
|
|
|
2018-07-27 15:34:21 -05:00
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
if [[ $ifname = ibgp? ]]; then
|
2018-10-09 13:06:28 -05:00
|
|
|
cat <<-EOF >>$IFCONFIG
|
2018-10-16 15:44:57 -05:00
|
|
|
auto $ifname
|
|
|
|
iface $ifname inet manual
|
|
|
|
mtu 9000
|
2018-07-28 13:47:08 -05:00
|
|
|
|
2018-09-09 05:58:45 -05:00
|
|
|
|
2018-10-09 13:06:28 -05:00
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
if [[ $ifname = feth? ]]; then
|
2018-10-09 13:06:28 -05:00
|
|
|
cat <<-EOF >>$IFCONFIG
|
2018-10-16 15:44:57 -05:00
|
|
|
auto $ifname
|
|
|
|
iface $ifname inet manual
|
2018-10-09 13:06:28 -05:00
|
|
|
mtu 9000
|
|
|
|
|
|
|
|
|
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
if [[ $ifname = mgmt? ]]; then
|
2018-10-09 13:06:28 -05:00
|
|
|
cat <<-EOF >>$IFCONFIG
|
2018-10-16 15:44:57 -05:00
|
|
|
auto $ifname
|
|
|
|
iface $ifname inet6 auto
|
|
|
|
iface $ifname inet dhcp
|
|
|
|
pre-up /bin/ip link add mgmt type vrf table mgmt
|
|
|
|
pre-up /bin/ip link set up dev mgmt
|
|
|
|
pre-up /bin/ip link set master mgmt dev $ifname
|
|
|
|
post-down /bin/ip link del dev mgmt
|
2018-10-09 13:06:28 -05:00
|
|
|
|
|
|
|
|
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
done
|
2018-10-09 13:06:28 -05:00
|
|
|
done
|
|
|
|
|
2018-10-16 15:44:57 -05:00
|
|
|
## STOP nic config compile
|
2018-10-09 13:06:28 -05:00
|
|
|
|
|
|
|
|
2018-10-18 15:12:43 -05:00
|
|
|
## START compiling frr config
|
|
|
|
|
|
|
|
i=1
|
|
|
|
while true; do
|
|
|
|
TEMP="$(dig_txt $i.ipv4.public.prefixlist.usw2.admin.wit.com)" || break
|
|
|
|
TEMPAGGS="\n !!! aggregate-address ${TEMP}"
|
|
|
|
FRR_IPV4_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV4_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
|
|
|
|
TEMPSUM="\n!!! ip prefix-list WITv4-SUMMARIES seq $((i*5)) permit ${TEMP}"
|
|
|
|
FRR_IPV4_EDGE_SUMMARIES_PFLIST="${FRR_IPV4_EDGE_SUMMARIES_PFLIST}${TEMPSUM}"
|
|
|
|
let i+=1
|
|
|
|
done
|
|
|
|
|
|
|
|
i=1
|
|
|
|
while true; do
|
|
|
|
TEMP="$(dig_txt $i.ipv6.public.prefixlist.usw2.admin.wit.com)" || break
|
|
|
|
TEMPAGGS="\n !!! aggregate-address ${TEMP}"
|
|
|
|
FRR_IPV6_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV6_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
|
|
|
|
TEMPSUM="\n!!! ipv6 prefix-list WITv6-SUMMARIES seq $((i*5)) permit ${TEMP}"
|
|
|
|
FRR_IPV6_EDGE_SUMMARIES_PFLIST="${FRR_IPV6_EDGE_SUMMARIES_PFLIST}${TEMPSUM}"
|
|
|
|
let i+=1
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
|
|
## STOP compiling frr config
|
2018-10-09 13:06:28 -05:00
|
|
|
|
|
|
|
|
|
|
|
## START writing config files
|
|
|
|
|
2018-09-09 05:58:45 -05:00
|
|
|
|
|
|
|
# set frr config
|
2018-10-16 15:44:57 -05:00
|
|
|
sed -i \
|
|
|
|
-e "s/^!!! FRR_IFS/$FRR_IFS/" \
|
2018-10-18 15:12:43 -05:00
|
|
|
-e "s/^ !!! FRR_NEIGH/$FRR_NEIGH/" \
|
|
|
|
-e "s/^ !!! FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/" \
|
|
|
|
-e "s/^ !!! FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/" \
|
|
|
|
-e "s/^!!! FRR_IPV4_EDGE_SUMMARIES_PFLIST/$FRR_IPV4_EDGE_SUMMARIES_PFLIST/" \
|
|
|
|
-e "s/^!!! FRR_IPV6_EDGE_SUMMARIES_PFLIST/$FRR_IPV6_EDGE_SUMMARIES_PFLIST/" \
|
2018-10-16 15:44:57 -05:00
|
|
|
-e "s/^!!! FRR_IPV6_EDGE_EXTRA/$FRR_IPV6_EDGE_EXTRA/" \
|
|
|
|
-e "s/FRRROUTERID/${LOOPBACKv4}/" \
|
|
|
|
-e "s/NODEASN/${NODEASN}/" \
|
|
|
|
$FRRCONFIG
|
|
|
|
exit 2
|
|
|
|
chown frr.frr $FRRCONFIG /etc/frr/daemons.wit
|
2018-07-27 15:34:21 -05:00
|
|
|
|
|
|
|
|
2018-09-09 05:58:45 -05:00
|
|
|
|
|
|
|
# set ipsec config
|
2018-09-12 13:01:52 -05:00
|
|
|
sed -i -e "s/FQHOSTNAME/${HOSTNAME}/" /etc/ipsec.conf.wit
|
2018-08-02 16:35:37 -05:00
|
|
|
echo ": RSA ${HOSTNAME}.key" >/etc/ipsec.secrets
|
2018-07-27 05:39:47 -05:00
|
|
|
|
|
|
|
|
2018-07-28 13:47:08 -05:00
|
|
|
|
2018-09-09 05:58:45 -05:00
|
|
|
# wite grub rules for serial terminal
|
2018-10-09 11:23:52 -05:00
|
|
|
sed -i -e '/GRUB_CMDLINE_LINUX_DEFAULT=/d' -e '/GRUB_CMDLINE_LINUX=/d' -e '/GRUB_SERIAL_COMMAND=/d' -e '/GRUB_TERMINAL=/d' /etc/default/grub
|
2018-09-09 05:58:45 -05:00
|
|
|
cat <<-EOF >>/etc/default/grub
|
|
|
|
GRUB_CMDLINE_LINUX_DEFAULT=""
|
|
|
|
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS1,115200n8"
|
|
|
|
GRUB_TERMINAL=serial
|
2018-09-09 06:30:43 -05:00
|
|
|
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1"
|
2018-09-09 05:58:45 -05:00
|
|
|
EOF
|
2018-07-28 15:52:38 -05:00
|
|
|
|
|
|
|
|
2018-10-09 11:25:45 -05:00
|
|
|
# disable password logins on ssh
|
|
|
|
sed -i -e '/#*\s*PasswordAuthentication /d' /etc/ssh/sshd_config
|
|
|
|
echo "PasswordAuthentication no" >>/etc/ssh/sshd_config
|
|
|
|
|
|
|
|
|
2018-07-28 15:52:38 -05:00
|
|
|
## END config file section
|
|
|
|
|
|
|
|
|
|
|
|
## START configuring services as we need it
|
|
|
|
|
2018-10-10 11:59:23 -05:00
|
|
|
systemctl disable strongswan # disable ipsec till we have the certs and all
|
2018-07-26 03:57:41 -05:00
|
|
|
systemctl enable firewall
|
|
|
|
systemctl restart systemd-timesyncd
|
2018-08-02 10:45:52 -05:00
|
|
|
systemctl restart ssh
|
2018-07-26 03:57:41 -05:00
|
|
|
|
|
|
|
update-grub
|
|
|
|
|
|
|
|
sysctl -p /etc/sysctl.d/10-frr.conf
|
|
|
|
|
2018-07-28 15:52:38 -05:00
|
|
|
## END services section
|
|
|
|
|
|
|
|
|
2018-07-26 03:57:41 -05:00
|
|
|
;;
|
|
|
|
|
|
|
|
abort-upgrade|abort-remove|abort-deconfigure)
|
|
|
|
;;
|
|
|
|
|
|
|
|
*)
|
|
|
|
echo "postinst called with unknown argument \`$1'" >&2
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
# dh_installdeb will replace this with shell code automatically
|
|
|
|
# generated by other debhelper scripts.
|
|
|
|
|
|
|
|
#DEBHELPER#
|
|
|
|
|
|
|
|
exit 0
|