diff --git a/debian/wit-network-config.install b/debian/wit-network-config.install index c3e0ef5..f9f05b3 100644 --- a/debian/wit-network-config.install +++ b/debian/wit-network-config.install @@ -1,8 +1,6 @@ files/vrf.conf etc/iproute2/rt_tables.d files/vrf-dhcp-enter etc/dhcp/dhclient-enter-hooks.d files/vrf-dhcp-exit etc/dhcp/dhclient-exit-hooks.d -files/dhcp-sethostname etc/dhcp/dhclient-exit-hooks.d -files/dhcp-loopback etc/dhcp/dhclient-exit-hooks.d files/rc.local etc files/10-frr.conf etc/sysctl.d files/11-mgmt1.conf etc/sysctl.d diff --git a/debian/wit-network-config.postinst b/debian/wit-network-config.postinst index 75184f2..8eb2a00 100755 --- a/debian/wit-network-config.postinst +++ b/debian/wit-network-config.postinst @@ -24,29 +24,19 @@ case "$1" in ### START gather all the info from the box and generate the variabels - #source /etc/wit-net.conf - export DOMAINNAME=${HOSTNAME#*.} - export LOOPBACKv4=$(dig a +short ${HOSTNAME%%.*}.loopback.${HOSTNAME#*.}) - export LOOPBACKv6=$(dig aaaa +short ${HOSTNAME%%.*}.loopback.${HOSTNAME#*.}) - export TIER_ID=$(echo $LOOPBACKv4 | cut -d . -f 3) - export NODE_ID=$(echo $LOOPBACKv4 | cut -d . -f 4) + export LOOPBACKv4=$(dig a +short ${HOSTNAME}) + export LOOPBACKv6=$(dig aaaa +short ${HOSTNAME}) + NODEASN=$(dig txt +short asn.${HOSTNAME}) + NODEASN="${NODEASN%\"}" + NODEASN="${NODEASN#\"}" + export NODEASN - if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ]; then - echo "unable to find my LOOPBACK IP: $LOOPBACKv4/$LOOPBACKv6" + if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ] || [ -z $NODEASN ]; then + echo "unable to find my LOOPBACK IP and/or ASN: $LOOPBACKv4/$LOOPBACKv6/$NODEASN" exit 2 fi - if [ -z "$TIER_ID" ] || [ -z "$NODE_ID" ]; then - echo "Unable to autodetect TIER/NODE_ID: $TIER_ID/$NODE_ID" - exit 2 - fi - if [ -z "$DOMAINNAME" ]; then - echo "Unable to autodetect DOMAINNAME, looks like we deal with a special case, please set in environment and/or update the code" - exit 2 - fi - export NODE_ASN="4200$(printf "%03d" $TIER_ID)$(printf "%03d" $NODE_ID)" - MGMT_MAC=$(ip -br link show dev $(ip -4 -br addr | grep 10.0. | awk '{ print $1 }') | awk '{ print $3 }') ## END variables @@ -54,11 +44,6 @@ case "$1" in ## START writing config files - # write hosts file - sed -i -e "/debcore1/d" -e "/${HOSTNAME%%.*}/d" -e "/${LOOPBACKv4}/d" /etc/hosts - echo -e "${LOOPBACKv4}\t${HOSTNAME}\t${HOSTNAME%%.*}" >>/etc/hosts - - # disable password logins on ssh sed -i -e '/#*\s*PasswordAuthentication /d' /etc/ssh/sshd_config @@ -101,14 +86,14 @@ case "$1" in # set frr config - sed -i -e "s/FRRROUTERID/${LOOPBACKv4}/" -e "s/NODEASN/${NODE_ASN}/" /etc/frr/frr.conf.wit + sed -i -e "s/FRRROUTERID/${LOOPBACKv4}/" -e "s/NODEASN/${NODEASN}/" /etc/frr/frr.conf.wit chown frr.frr /etc/frr/frr.conf.wit /etc/frr/daemons.wit # set ipsec config - sed -i -e "s/HOSTNAME\.DOMAINNAME/${HOSTNAME}/" /etc/ipsec.conf.wit + sed -i -e "s/FQHOSTNAME/${HOSTNAME}/" /etc/ipsec.conf.wit echo ": RSA ${HOSTNAME}.key" >/etc/ipsec.secrets diff --git a/debian/wit-network-config.preinst b/debian/wit-network-config.preinst index 077c832..595a29d 100755 --- a/debian/wit-network-config.preinst +++ b/debian/wit-network-config.preinst @@ -16,15 +16,18 @@ set -e case "$1" in install|upgrade) - export DOMAINNAME=${HOSTNAME#*.} - export LOOPBACKv4=$(dig +short ${HOSTNAME%%.*}.loopback.${HOSTNAME#*.}) - export TIER_ID=$(echo $LOOPBACKv4 | cut -d . -f 3) - export NODE_ID=$(echo $LOOPBACKv4 | cut -d . -f 4) + export LOOPBACKv4=$(dig a +short ${HOSTNAME}) + export LOOPBACKv6=$(dig aaaa +short ${HOSTNAME}) + NODEASN=$(dig txt +short asn.${HOSTNAME}) + NODEASN="${NODEASN%\"}" + NODEASN="${NODEASN#\"}" + export NODEASN + + if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ] || [ -z $NODEASN ]; then + echo "unable to find my LOOPBACK IP and/or ASN: $LOOPBACKv4/$LOOPBACKv6/$NODEASN" + exit 2 + fi - if [ -z $LOOPBACKv4 ]; then - echo "LOOPBACK NOT CONFIGURED, aborting..." - exit 2 - fi systemctl stop systemd-networkd.socket systemctl stop systemd-networkd.service systemctl stop systemd-networkd-wait-online diff --git a/debian/wit-network-config.transform b/debian/wit-network-config.transform index cf8f115..70f0b54 100644 --- a/debian/wit-network-config.transform +++ b/debian/wit-network-config.transform @@ -1,4 +1,3 @@ /etc/systemd/timesyncd.conf.wit sed -e 's/#NTP=.*/NTP=ipv6.ntp.ubuntu.com/g' /etc/frr/daemons.wit sed -e 's/bgpd=no/bgpd=yes/' -e 's/zebra=no/zebra=yes/' /etc/bash.bashrc.wit sed -e 's/.*witaddon/source \/etc\/bashrc-witaddon/; t; $ s/$/\nsource \/etc\/bashrc-witaddon/' -/etc/dhcp/dhclient.conf.wit sed -e 's/^option.*loopbackv4.*/option loopbackv4 code 225 = ip-address;/; t; 1s/^/option loopbackv4 code 225 = ip-address;\n/' diff --git a/files/dhcp-loopback b/files/dhcp-loopback deleted file mode 100755 index 7bb8f33..0000000 --- a/files/dhcp-loopback +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -sed -ie '/^LOOPBACKv4/d' /etc/wit-net.conf - -if [ ! -z $new_loopbackv4 ]; then - echo "LOOPBACKv4=$new_loopbackv4" >>/etc/wit-net.conf -fi diff --git a/files/dhcp-sethostname b/files/dhcp-sethostname deleted file mode 100755 index 5277b6c..0000000 --- a/files/dhcp-sethostname +++ /dev/null @@ -1,5 +0,0 @@ -if [ ! -z $new_host_name ]; then - hostname $new_host_name.${new_domain_name:-local} - hostname >/etc/hostname - sed -i "s/\([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\).*$old_host_name\.$old_domain_name.*/\1 $new_host_name.${new_domain_name:-local} $new_host_name/" /etc/hosts -fi diff --git a/files/ipsec.conf.wit b/files/ipsec.conf.wit index 94b2e5b..46ee260 100644 --- a/files/ipsec.conf.wit +++ b/files/ipsec.conf.wit @@ -23,10 +23,10 @@ conn %default conn loopbacks auto=route - leftsubnet=10.1.2.0/24,10.1.18.0/24,10.1.20.0/24 - rightsubnet=10.1.2.0/24,10.1.18.0/24,10.1.20.0/24 + leftsubnet=10.1.0.0/16 + rightsubnet=10.1.0.0/16 right=%any - leftcert=HOSTNAME.DOMAINNAME.crt - leftid="C=US, O=Wit, CN=HOSTNAME.DOMAINNAME" + leftcert=FQHOSTNAME.crt + leftid="C=US, O=Wit, CN=FQHOSTNAME" rightid="C=US, O=Wit, CN=*"