removing legacy dhcp stuff and starting to rely on DNS for loopback v4/v6 and asn

2018-09-12 20:01:52 +02:00 · 2018-09-12 20:01:52 +02:00 · 4a69025703
parent 4a24a5a513
commit 4a69025703
7 changed files with 25 additions and 51 deletions
--- a/debian/wit-network-config.install
+++ b/debian/wit-network-config.install
@ -1,8 +1,6 @@
 files/vrf.conf etc/iproute2/rt_tables.d
 files/vrf-dhcp-enter etc/dhcp/dhclient-enter-hooks.d
 files/vrf-dhcp-exit etc/dhcp/dhclient-exit-hooks.d
 files/dhcp-sethostname etc/dhcp/dhclient-exit-hooks.d
 files/dhcp-loopback etc/dhcp/dhclient-exit-hooks.d
 files/rc.local etc
 files/10-frr.conf etc/sysctl.d
 files/11-mgmt1.conf etc/sysctl.d
--- a/debian/wit-network-config.postinst
+++ b/debian/wit-network-config.postinst
@ -24,29 +24,19 @@ case "$1" in
     ### START gather all the info from the box and generate the variabels
-        #source /etc/wit-net.conf
+	export LOOPBACKv4=$(dig a +short ${HOSTNAME})
- 	export DOMAINNAME=${HOSTNAME#*.}
+	export LOOPBACKv6=$(dig aaaa +short ${HOSTNAME})
-	export LOOPBACKv4=$(dig a +short ${HOSTNAME%%.*}.loopback.${HOSTNAME#*.})
+	NODEASN=$(dig txt +short asn.${HOSTNAME})
-	export LOOPBACKv6=$(dig aaaa +short ${HOSTNAME%%.*}.loopback.${HOSTNAME#*.})
+	NODEASN="${NODEASN%\"}"
-	export TIER_ID=$(echo $LOOPBACKv4 | cut -d . -f 3)
+	NODEASN="${NODEASN#\"}"
-	export NODE_ID=$(echo $LOOPBACKv4 | cut -d . -f 4)
+	export NODEASN
-	if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ]; then
+	if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ] || [ -z $NODEASN ]; then
-	    echo "unable to find my LOOPBACK IP: $LOOPBACKv4/$LOOPBACKv6"
+	    echo "unable to find my LOOPBACK IP and/or ASN: $LOOPBACKv4/$LOOPBACKv6/$NODEASN"
 	    exit 2
        fi
        if [ -z "$TIER_ID" ] || [ -z "$NODE_ID" ]; then
            echo "Unable to autodetect TIER/NODE_ID: $TIER_ID/$NODE_ID"
            exit 2
        fi
        if [ -z "$DOMAINNAME" ]; then
            echo "Unable to autodetect DOMAINNAME, looks like we deal with a special case, please set in environment and/or update the code"
 	    exit 2
        fi
        export NODE_ASN="4200$(printf "%03d" $TIER_ID)$(printf "%03d" $NODE_ID)"
        MGMT_MAC=$(ip -br link show dev $(ip -4 -br addr | grep 10.0. | awk '{ print $1 }') | awk '{ print $3 }')
     ## END variables
@ -54,11 +44,6 @@ case "$1" in
     ## START writing config files
      # write hosts file
 	sed -i -e "/debcore1/d" -e "/${HOSTNAME%%.*}/d" -e "/${LOOPBACKv4}/d" /etc/hosts
 	echo -e "${LOOPBACKv4}\t${HOSTNAME}\t${HOSTNAME%%.*}" >>/etc/hosts
      # disable password logins on ssh
        sed -i -e '/#*\s*PasswordAuthentication /d' /etc/ssh/sshd_config
@ -101,14 +86,14 @@ case "$1" in
      # set frr config
-        sed -i -e "s/FRRROUTERID/${LOOPBACKv4}/" -e "s/NODEASN/${NODE_ASN}/" /etc/frr/frr.conf.wit 
+        sed -i -e "s/FRRROUTERID/${LOOPBACKv4}/" -e "s/NODEASN/${NODEASN}/" /etc/frr/frr.conf.wit 
        chown frr.frr /etc/frr/frr.conf.wit /etc/frr/daemons.wit
      # set ipsec config
-        sed -i -e "s/HOSTNAME\.DOMAINNAME/${HOSTNAME}/" /etc/ipsec.conf.wit
+        sed -i -e "s/FQHOSTNAME/${HOSTNAME}/" /etc/ipsec.conf.wit
        echo ": RSA ${HOSTNAME}.key" >/etc/ipsec.secrets
--- a/debian/wit-network-config.preinst
+++ b/debian/wit-network-config.preinst
@ -16,15 +16,18 @@ set -e
 case "$1" in
    install|upgrade)
- 	export DOMAINNAME=${HOSTNAME#*.}
+        export LOOPBACKv4=$(dig a +short ${HOSTNAME})
-	export LOOPBACKv4=$(dig +short ${HOSTNAME%%.*}.loopback.${HOSTNAME#*.})
+        export LOOPBACKv6=$(dig aaaa +short ${HOSTNAME})
-	export TIER_ID=$(echo $LOOPBACKv4 | cut -d . -f 3)
+        NODEASN=$(dig txt +short asn.${HOSTNAME})
-	export NODE_ID=$(echo $LOOPBACKv4 | cut -d . -f 4)
+        NODEASN="${NODEASN%\"}"
        NODEASN="${NODEASN#\"}"
        export NODEASN
-	if [ -z $LOOPBACKv4 ]; then
+        if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ] || [ -z $NODEASN ]; then
-	    echo "LOOPBACK NOT CONFIGURED, aborting..."
+            echo "unable to find my LOOPBACK IP and/or ASN: $LOOPBACKv4/$LOOPBACKv6/$NODEASN"
            exit 2
        fi
        systemctl stop systemd-networkd.socket
        systemctl stop systemd-networkd.service
        systemctl stop systemd-networkd-wait-online
--- a/debian/wit-network-config.transform
+++ b/debian/wit-network-config.transform
@ -1,4 +1,3 @@
 /etc/systemd/timesyncd.conf.wit sed -e 's/#NTP=.*/NTP=ipv6.ntp.ubuntu.com/g'
 /etc/frr/daemons.wit sed -e 's/bgpd=no/bgpd=yes/' -e 's/zebra=no/zebra=yes/'
 /etc/bash.bashrc.wit sed -e 's/.*witaddon/source \/etc\/bashrc-witaddon/; t; $ s/$/\nsource \/etc\/bashrc-witaddon/'
 /etc/dhcp/dhclient.conf.wit sed -e 's/^option.*loopbackv4.*/option loopbackv4 code 225 = ip-address;/; t; 1s/^/option loopbackv4 code 225 = ip-address;\n/'
--- a/files/dhcp-loopback
+++ b/files/dhcp-loopback
@ -1,6 +0,0 @@
 #!/bin/bash
 sed -ie '/^LOOPBACKv4/d' /etc/wit-net.conf
 if [ ! -z $new_loopbackv4 ]; then
   echo "LOOPBACKv4=$new_loopbackv4" >>/etc/wit-net.conf
 fi
--- a/files/dhcp-sethostname
+++ b/files/dhcp-sethostname
@ -1,5 +0,0 @@
 if [ ! -z $new_host_name ]; then
    hostname $new_host_name.${new_domain_name:-local}
    hostname >/etc/hostname
    sed -i "s/\([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\).*$old_host_name\.$old_domain_name.*/\1    $new_host_name.${new_domain_name:-local}     $new_host_name/" /etc/hosts
 fi
--- a/files/ipsec.conf.wit
+++ b/files/ipsec.conf.wit
@ -23,10 +23,10 @@ conn %default
 conn loopbacks
    auto=route
-    leftsubnet=10.1.2.0/24,10.1.18.0/24,10.1.20.0/24
+    leftsubnet=10.1.0.0/16
-    rightsubnet=10.1.2.0/24,10.1.18.0/24,10.1.20.0/24
+    rightsubnet=10.1.0.0/16
    right=%any
-    leftcert=HOSTNAME.DOMAINNAME.crt
+    leftcert=FQHOSTNAME.crt
-    leftid="C=US, O=Wit, CN=HOSTNAME.DOMAINNAME"
+    leftid="C=US, O=Wit, CN=FQHOSTNAME"
    rightid="C=US, O=Wit, CN=*"