scripts/network/exdhcp/prepare_dnsmasq.sh - cloudstack - Git at Google

 #!/bin/sh
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.


 # prepare dnsmasq on external dhcp server
 # Usage:
 # 	sh prepare_dnsmasq gateway dns self_ip

 gateway=$1
 dns=$2
 self_ip=$3

 exit_with_error() {
 	echo $1
 	exit 1
 }

 config_dnsmasq() {
 	echo "$*" >> /etc/dnsmasq.conf
 	[ $? -ne 0 ] && exit_with_error "echo $* failed"
 }

 [ $# -ne 3 ] && exit_with_error "Usage: prepare_dnsmasq gateway dns self_ip"

 [ -f /etc/dnsmasq.conf ] || exit_with_error "Can not found /etc/dnsmasq.conf"

 touch /var/log/dnsmasq.log
 [ $? -ne 0 ] && exit_with_error "touch /var/log/dnsmasq.log failed"
 touch /etc/dnsmasq-resolv.conf
 [ $? -ne 0 ] && exit_with_error "touch /etc/dnsmasq-resolv.conf failed"
 echo "nameserver $dns">/etc/dnsmasq-resolv.conf
 [ $? -ne 0 ] && exit_with_error "echo \"nameserver $dns\">/etc/dnsmasq-resolv.conf failed"
 touch /var/lib/dnsmasq.trace
 [ $? -ne 0 ] && exit_with_error "touch /var/lib/dnsmasq.trace failed"


 #produce echoer.sh
 cat > /usr/bin/echoer.sh<<'EOF'
 #!/bin/sh

 sed -i /"$*"/d /var/lib/dnsmasq.trace
 echo "$*" >> /var/lib/dnsmasq.trace
 EOF
 [ $? -ne 0 ] && exit_with_error "can't produce /usr/bin/echoer.sh"

 #produce lease_checker.sh
 cat > /usr/bin/lease_checker.sh<<'EOF'
 #!/bin/sh
 # Usage: lease_checker dhcp_entry_state(add/old/del) mac ip
 state=$1
 mac=$2
 ip=$3

 exit_with_error() {
 	echo $1
 	exit $2
 }

 [ $# -ne 3 ] && exit_with_error "Wrong arguments.Usage: lease_checker dhcp_entry_state(add/old/del) mac ip" -3

 [ -f /var/lib/dnsmasq.trace ] || exit_with_error "Cannot find /var/lib/dnsmasq" -1
 pidof dnsmasq &>/dev/null
 [ $? -ne 0 ] && exit_with_error "Dnsmasq is not running" -2

 grep "$state $mac $ip" /var/lib/dnsmasq.trace
 if [ $? -ne 0 ]; then
 	exit $?
 else
 	sed -i /"$state $mac $ip"/d /var/lib/dnsmasq.trace
 	exit 0
 fi

 EOF

 chmod +x /usr/bin/echoer.sh
 [ $? -ne 0 ] && exit_with_error "chmod +x /usr/bin/echoer.sh failed"

 # Configure dnsmasq with comments
 echo "# This is produced by CloudStack" > /etc/dnsmasq.conf
 config_dnsmasq "# Never forward plain names (without a dot or domain part)"
 config_dnsmasq domain-needed
 config_dnsmasq "# Never forward addresses in the non-routed address spaces."
 config_dnsmasq bogus-priv
 config_dnsmasq "
 # Change this line if you want dns to get its upstream servers from
 # somewhere other that /etc/resolv.conf"
 config_dnsmasq resolv-file=/etc/dnsmasq-resolv.conf
 config_dnsmasq "
 # Add local-only domains here, queries in these domains are answered
 # from /etc/hosts or DHCP only."
 config_dnsmasq local=/cloudnine.internal/
 config_dnsmasq "
 # On systems which support it, dnsmasq binds the wildcard address,
 # even when it is listening on only some interfaces. It then discards
 # requests that it shouldn't reply to. This has the advantage of
 # working even when interfaces come and go and change address. If you
 # want dnsmasq to really bind only the interfaces it is listening on,
 # uncomment this option. About the only time you may need this is when
 # running another nameserver on the same machine."
 config_dnsmasq bind-interfaces
 config_dnsmasq "
 # Set this (and domain: see below) if you want to have a domain
 # automatically added to simple names in a hosts-file."
 config_dnsmasq expand-hosts
 config_dnsmasq "
 # does the following things.
 # 1) Allows DHCP hosts to have fully qualified domain names, as long
 #     as the domain part matches this setting.
 # 2) Sets the \"domain\" DHCP option thereby potentially setting the
 #    domain of all systems configured by DHCP
 # 3) Provides the domain part for \"expand-hosts\"
 "
 config_dnsmasq domain=cloudnine.internal
 config_dnsmasq "
 # Send options to hosts which ask for a DHCP lease.
 # See RFC 2132 for details of available options.
 # Common options can be given to dnsmasq by name:
 # run \"dnsmasq --help dhcp\" to get a list.
 # Note that all the common settings, such as netmask and
 # broadcast address, DNS server and default route, are given
 # sane defaults by dnsmasq. You very likely will not need
 # any dhcp-options. If you use Windows clients and Samba, there
 # are some options which are recommended, they are detailed at the
 # end of this section.

 # Override the default route supplied by dnsmasq, which assumes the
 # router is the same machine as the one running dnsmasq."
 config_dnsmasq dhcp-option=option:router,$gateway
 config_dnsmasq "
 # Uncomment this to enable the integrated DHCP server, you need
 # to supply the range of addresses available for lease and optionally
 # a lease time. If you have more than one network, you will need to
 # repeat this for each network on which you want to supply DHCP
 # service."
 config_dnsmasq dhcp-range=$self_ip,static
 config_dnsmasq dhcp-hostsfile=/etc/dhcphosts.txt
 config_dnsmasq "# Set the domain"
 config_dnsmasq dhcp-option=15,"cloudnine.internal"
 config_dnsmasq "
 # Send microsoft-specific option to tell windows to release the DHCP lease
 # when it shuts down. Note the \"i\" flag, to tell dnsmasq to send the
 # value as a four-byte integer - that's what microsoft wants. See
 # http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true"
 config_dnsmasq dhcp-option=vendor:MSFT,2,1i
 config_dnsmasq "
 # The DHCP server needs somewhere on disk to keep its lease database.
 # This defaults to a sane location, but if you want to change it, use
 # the line below.
 #dhcp-leasefile=/var/lib/misc/dnsmasq.leases"
 config_dnsmasq leasefile-ro
 config_dnsmasq "
 # For debugging purposes, log each DNS query as it passes through
 # dnsmasq."
 config_dnsmasq log-queries
 config_dnsmasq log-facility=/var/log/dnsmasq.log
 config_dnsmasq "
 # Run an executable when a DHCP lease is created or destroyed.
 # The arguments sent to the script are \"add\" or \"del\",
 # then the MAC address, the IP address and finally the hostname
 # if there is one."
 config_dnsmasq dhcp-script=/usr/bin/echoer.sh
 config_dnsmasq dhcp-scriptuser=root
 config_dnsmasq dhcp-authoritative
 config_dnsmasq "
 # Ignore any bootp and pxe boot request
 "
 config_dnsmasq dhcp-ignore=bootp
 config_dnsmasq dhcp-vendorclass=pxestuff,PXEClient
 config_dnsmasq dhcp-ignore=pxestuff

 [ -f /usr/sbin/setenforce ] && /usr/sbin/setenforce 0
 [ $? -ne 0 ] && exit_with_error "Can not set seLinux to passive mode"

 # Open DHCP ports in iptable
 chkconfig --list iptables | grep "on"
 if [ $? -eq 0 ]; then
 	iptables-save | grep 'A INPUT -p udp -m udp --dport 67 -j ACCEPT' >/dev/null
 	if [ $? -ne 0 ]; then
 		iptables -I INPUT 1 -p udp --dport 67 -j ACCEPT
 		if [ $? -ne 0 ]; then
 			exit_with_error "iptables -I INPUT 1 -p udp --dport 67 -j ACCEPT failed"
 		fi
 		echo "iptables:Open udp port 67 for DHCP"
 	fi

 	iptables-save | grep 'A INPUT -p tcp -m tcp --dport 67 -j ACCEPT' >/dev/null
 	if [ $? -ne 0 ]; then
 		iptables -I INPUT 1 -p tcp --dport 67 -j ACCEPT
 		if [ $? -ne 0 ]; then
 			exit_with_error "iptables -I INPUT 1 -p tcp --dport 67 -j ACCEPT failed"
 		fi
 		echo "iptables:Open tcp port 67 for DHCP"
 	fi

 	iptables-save | grep 'A INPUT -p udp -m udp --dport 53 -j ACCEPT' >/dev/null
 	if [ $? -ne 0 ]; then
 		iptables -I INPUT 1 -p udp --dport 53 -j ACCEPT
 		if [ $? -ne 0 ]; then
 			exit_with_error "iptables -I INPUT 1 -p udp --dport 53 -j ACCEPT failed"
 		fi
 		echo "iptables:Open udp port 53 for DHCP"
 	fi

 	iptables-save | grep 'A INPUT -p tcp -m tcp --dport 53 -j ACCEPT' >/dev/null
 	if [ $? -ne 0 ]; then
 		iptables -I INPUT 1 -p tcp --dport 53 -j ACCEPT
 		if [ $? -ne 0 ]; then
 			exit_with_error "iptables -I INPUT 1 -p tcp --dport 53 -j ACCEPT failed"
 		fi
 		echo "iptables:Open tcp port 53 for DHCP"
 	fi

 	service iptables save
 	if [ $? -ne 0 ]; then
 		exit_with_error "service iptables save failed"
 	fi
 fi

 # Set up upstream DNS
 [ -f /etc/dnsmasq-resolv.conf ] || echo nameserver $dns > /etc/dnsmasq-resolv.conf
 [ $? -ne 0 ] && exit_with_error "cannot create /etc/dnsmasq-resolv.conf"

 service dnsmasq restart
 [ $? -ne 0 ] && exit_with_error "service dnsmasq restart failed"

 exit 0
	#!/bin/sh
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.


	# prepare dnsmasq on external dhcp server
	# Usage:
	# sh prepare_dnsmasq gateway dns self_ip

	gateway=$1
	dns=$2
	self_ip=$3

	exit_with_error() {
	echo $1
	exit 1
	}

	config_dnsmasq() {
	echo "$*" >> /etc/dnsmasq.conf
	[ $? -ne 0 ] && exit_with_error "echo $* failed"
	}

	[ $# -ne 3 ] && exit_with_error "Usage: prepare_dnsmasq gateway dns self_ip"

	[ -f /etc/dnsmasq.conf ] \|\| exit_with_error "Can not found /etc/dnsmasq.conf"

	touch /var/log/dnsmasq.log
	[ $? -ne 0 ] && exit_with_error "touch /var/log/dnsmasq.log failed"
	touch /etc/dnsmasq-resolv.conf
	[ $? -ne 0 ] && exit_with_error "touch /etc/dnsmasq-resolv.conf failed"
	echo "nameserver $dns">/etc/dnsmasq-resolv.conf
	[ $? -ne 0 ] && exit_with_error "echo \"nameserver $dns\">/etc/dnsmasq-resolv.conf failed"
	touch /var/lib/dnsmasq.trace
	[ $? -ne 0 ] && exit_with_error "touch /var/lib/dnsmasq.trace failed"


	#produce echoer.sh
	cat > /usr/bin/echoer.sh<<'EOF'
	#!/bin/sh

	sed -i /"$*"/d /var/lib/dnsmasq.trace
	echo "$*" >> /var/lib/dnsmasq.trace
	EOF
	[ $? -ne 0 ] && exit_with_error "can't produce /usr/bin/echoer.sh"

	#produce lease_checker.sh
	cat > /usr/bin/lease_checker.sh<<'EOF'
	#!/bin/sh
	# Usage: lease_checker dhcp_entry_state(add/old/del) mac ip
	state=$1
	mac=$2
	ip=$3

	exit_with_error() {
	echo $1
	exit $2
	}

	[ $# -ne 3 ] && exit_with_error "Wrong arguments.Usage: lease_checker dhcp_entry_state(add/old/del) mac ip" -3

	[ -f /var/lib/dnsmasq.trace ] \|\| exit_with_error "Cannot find /var/lib/dnsmasq" -1
	pidof dnsmasq &>/dev/null
	[ $? -ne 0 ] && exit_with_error "Dnsmasq is not running" -2

	grep "$state $mac $ip" /var/lib/dnsmasq.trace
	if [ $? -ne 0 ]; then
	exit $?
	else
	sed -i /"$state $mac $ip"/d /var/lib/dnsmasq.trace
	exit 0
	fi

	EOF

	chmod +x /usr/bin/echoer.sh
	[ $? -ne 0 ] && exit_with_error "chmod +x /usr/bin/echoer.sh failed"

	# Configure dnsmasq with comments
	echo "# This is produced by CloudStack" > /etc/dnsmasq.conf
	config_dnsmasq "# Never forward plain names (without a dot or domain part)"
	config_dnsmasq domain-needed
	config_dnsmasq "# Never forward addresses in the non-routed address spaces."
	config_dnsmasq bogus-priv
	config_dnsmasq "
	# Change this line if you want dns to get its upstream servers from
	# somewhere other that /etc/resolv.conf"
	config_dnsmasq resolv-file=/etc/dnsmasq-resolv.conf
	config_dnsmasq "
	# Add local-only domains here, queries in these domains are answered
	# from /etc/hosts or DHCP only."
	config_dnsmasq local=/cloudnine.internal/
	config_dnsmasq "
	# On systems which support it, dnsmasq binds the wildcard address,
	# even when it is listening on only some interfaces. It then discards
	# requests that it shouldn't reply to. This has the advantage of
	# working even when interfaces come and go and change address. If you
	# want dnsmasq to really bind only the interfaces it is listening on,
	# uncomment this option. About the only time you may need this is when
	# running another nameserver on the same machine."
	config_dnsmasq bind-interfaces
	config_dnsmasq "
	# Set this (and domain: see below) if you want to have a domain
	# automatically added to simple names in a hosts-file."
	config_dnsmasq expand-hosts
	config_dnsmasq "
	# does the following things.
	# 1) Allows DHCP hosts to have fully qualified domain names, as long
	# as the domain part matches this setting.
	# 2) Sets the \"domain\" DHCP option thereby potentially setting the
	# domain of all systems configured by DHCP
	# 3) Provides the domain part for \"expand-hosts\"
	"
	config_dnsmasq domain=cloudnine.internal
	config_dnsmasq "
	# Send options to hosts which ask for a DHCP lease.
	# See RFC 2132 for details of available options.
	# Common options can be given to dnsmasq by name:
	# run \"dnsmasq --help dhcp\" to get a list.
	# Note that all the common settings, such as netmask and
	# broadcast address, DNS server and default route, are given
	# sane defaults by dnsmasq. You very likely will not need
	# any dhcp-options. If you use Windows clients and Samba, there
	# are some options which are recommended, they are detailed at the
	# end of this section.

	# Override the default route supplied by dnsmasq, which assumes the
	# router is the same machine as the one running dnsmasq."
	config_dnsmasq dhcp-option=option:router,$gateway
	config_dnsmasq "
	# Uncomment this to enable the integrated DHCP server, you need
	# to supply the range of addresses available for lease and optionally
	# a lease time. If you have more than one network, you will need to
	# repeat this for each network on which you want to supply DHCP
	# service."
	config_dnsmasq dhcp-range=$self_ip,static
	config_dnsmasq dhcp-hostsfile=/etc/dhcphosts.txt
	config_dnsmasq "# Set the domain"
	config_dnsmasq dhcp-option=15,"cloudnine.internal"
	config_dnsmasq "
	# Send microsoft-specific option to tell windows to release the DHCP lease
	# when it shuts down. Note the \"i\" flag, to tell dnsmasq to send the
	# value as a four-byte integer - that's what microsoft wants. See
	# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true"
	config_dnsmasq dhcp-option=vendor:MSFT,2,1i
	config_dnsmasq "
	# The DHCP server needs somewhere on disk to keep its lease database.
	# This defaults to a sane location, but if you want to change it, use
	# the line below.
	#dhcp-leasefile=/var/lib/misc/dnsmasq.leases"
	config_dnsmasq leasefile-ro
	config_dnsmasq "
	# For debugging purposes, log each DNS query as it passes through
	# dnsmasq."
	config_dnsmasq log-queries
	config_dnsmasq log-facility=/var/log/dnsmasq.log
	config_dnsmasq "
	# Run an executable when a DHCP lease is created or destroyed.
	# The arguments sent to the script are \"add\" or \"del\",
	# then the MAC address, the IP address and finally the hostname
	# if there is one."
	config_dnsmasq dhcp-script=/usr/bin/echoer.sh
	config_dnsmasq dhcp-scriptuser=root
	config_dnsmasq dhcp-authoritative
	config_dnsmasq "
	# Ignore any bootp and pxe boot request
	"
	config_dnsmasq dhcp-ignore=bootp
	config_dnsmasq dhcp-vendorclass=pxestuff,PXEClient
	config_dnsmasq dhcp-ignore=pxestuff

	[ -f /usr/sbin/setenforce ] && /usr/sbin/setenforce 0
	[ $? -ne 0 ] && exit_with_error "Can not set seLinux to passive mode"

	# Open DHCP ports in iptable
	chkconfig --list iptables \| grep "on"
	if [ $? -eq 0 ]; then
	iptables-save \| grep 'A INPUT -p udp -m udp --dport 67 -j ACCEPT' >/dev/null
	if [ $? -ne 0 ]; then
	iptables -I INPUT 1 -p udp --dport 67 -j ACCEPT
	if [ $? -ne 0 ]; then
	exit_with_error "iptables -I INPUT 1 -p udp --dport 67 -j ACCEPT failed"
	fi
	echo "iptables:Open udp port 67 for DHCP"
	fi

	iptables-save \| grep 'A INPUT -p tcp -m tcp --dport 67 -j ACCEPT' >/dev/null
	if [ $? -ne 0 ]; then
	iptables -I INPUT 1 -p tcp --dport 67 -j ACCEPT
	if [ $? -ne 0 ]; then
	exit_with_error "iptables -I INPUT 1 -p tcp --dport 67 -j ACCEPT failed"
	fi
	echo "iptables:Open tcp port 67 for DHCP"
	fi

	iptables-save \| grep 'A INPUT -p udp -m udp --dport 53 -j ACCEPT' >/dev/null
	if [ $? -ne 0 ]; then
	iptables -I INPUT 1 -p udp --dport 53 -j ACCEPT
	if [ $? -ne 0 ]; then
	exit_with_error "iptables -I INPUT 1 -p udp --dport 53 -j ACCEPT failed"
	fi
	echo "iptables:Open udp port 53 for DHCP"
	fi

	iptables-save \| grep 'A INPUT -p tcp -m tcp --dport 53 -j ACCEPT' >/dev/null
	if [ $? -ne 0 ]; then
	iptables -I INPUT 1 -p tcp --dport 53 -j ACCEPT
	if [ $? -ne 0 ]; then
	exit_with_error "iptables -I INPUT 1 -p tcp --dport 53 -j ACCEPT failed"
	fi
	echo "iptables:Open tcp port 53 for DHCP"
	fi

	service iptables save
	if [ $? -ne 0 ]; then
	exit_with_error "service iptables save failed"
	fi
	fi

	# Set up upstream DNS
	[ -f /etc/dnsmasq-resolv.conf ] \|\| echo nameserver $dns > /etc/dnsmasq-resolv.conf
	[ $? -ne 0 ] && exit_with_error "cannot create /etc/dnsmasq-resolv.conf"

	service dnsmasq restart
	[ $? -ne 0 ] && exit_with_error "service dnsmasq restart failed"

	exit 0