VPC : add new type vpcrouter in cloud-early-config
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/d49210e4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/d49210e4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/d49210e4 Branch: refs/heads/vpc Commit: d49210e42ba1261a3751275687ddaadfbf929b12 Parents: c7e440a Author: anthony <[email protected]> Authored: Mon Jun 11 18:00:06 2012 -0700 Committer: Alena Prokharchyk <[email protected]> Committed: Fri Jun 15 14:30:31 2012 -0700 ---------------------------------------------------------------------- .../debian/config/etc/init.d/cloud-early-config | 73 +++++++++++++++ .../debian/config/etc/iptables/iptables-vpcrouter | 25 +++++ 2 files changed, 98 insertions(+), 0 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/d49210e4/patches/systemvm/debian/config/etc/init.d/cloud-early-config ---------------------------------------------------------------------- diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index 19f87c2..f7b33ce 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -550,6 +550,75 @@ setup_router() { cp /etc/iptables/iptables-router /etc/iptables/rules } + + +setup_vpcrouter() { + log_it "Setting up VPC virtual router system vm" + + if [ "$hyp" == "vmware" ]; then + setup_vmware_extra_nics + fi + + cat > /etc/network/interfaces << EOF +auto lo $1 +iface lo inet loopback +EOF + setup_interface "0" $ETH0_IP $ETH0_MASK $GW + + echo $NAME > /etc/hostname + echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon + hostname $NAME + + #Nameserver + sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries + sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries + if [ -n "$internalNS1" ] + then + echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf + echo "nameserver $internalNS1" > /etc/resolv.conf + fi + + if [ -n "$internalNS2" ] + then + echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $internalNS2" >> /etc/resolv.conf + fi + if [ -n "$NS1" ] + then + echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf + echo "nameserver $NS1" >> /etc/resolv.conf + fi + + if [ -n "$NS2" ] + then + echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $NS2" >> /etc/resolv.conf + fi + if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] + then + ip route add $MGMTNET via $LOCAL_GW dev eth1 + fi + + ip route delete default + + + sed -i /gateway/d /etc/hosts + + echo "$ETH0_IP $NAME" >> /etc/hosts + setup_sshd $ETH0_IP + + enable_svc dnsmasq 1 + enable_svc haproxy 1 + enable_svc cloud-passwd-srvr 1 + enable_svc cloud 0 + disable_rpfilter_domR + enable_fwding 1 + chkconfig nfs-common off + cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules +} + + + setup_dhcpsrvr() { log_it "Setting up dhcp server system vm" setup_common eth0 eth1 @@ -721,6 +790,10 @@ start() { [ "$NAME" == "" ] && NAME=router setup_router ;; + vpcrouter) + [ "$NAME" == "" ] && NAME=vpcrouter + setup_vpcrouter + ;; dhcpsrvr) [ "$NAME" == "" ] && NAME=dhcpsrvr setup_dhcpsrvr http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/d49210e4/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter ---------------------------------------------------------------------- diff --git a/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter b/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter new file mode 100644 index 0000000..c1d0c15 --- /dev/null +++ b/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter @@ -0,0 +1,25 @@ +*nat +:PREROUTING ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -d 224.0.0.18/32 -j ACCEPT +-A INPUT -d 225.0.0.50/32 -j ACCEPT +-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT +COMMIT +*mangle +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +-A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark +-A OUTPUT -p udp --dport bootpc -j CHECKSUM --checksum-fill +COMMIT
