[Ovirt-devel] [PATCH server] Force ovirt ssl conf to listen on both Admin and Guest net interfaces (revised)
Joey Boggs
jboggs at redhat.com
Tue Mar 17 21:25:45 UTC 2009
Steve Linabery wrote:
> Variable name change in ovirt-installer and associated .pp (et al) files for
> consistency with current documented architecture diagrams.
> ---
> conf/ovirt-server.conf | 5 +-
> .../appliances/ovirt-appliance/ovirt-appliance.pp | 12 ++--
> installer/bin/ovirt-installer | 61 +++++++++++---------
> installer/modules/ovirt/manifests/cobbler.pp | 4 +-
> installer/modules/ovirt/manifests/dns.pp | 18 +++---
> installer/modules/ovirt/manifests/freeipa.pp | 2 +-
> installer/modules/ovirt/manifests/ovirt.pp | 13 +++-
> .../modules/ovirt/templates/ovirt-dhcp.conf.erb | 4 +-
> 8 files changed, 66 insertions(+), 53 deletions(-)
>
> diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf
> index ab192ae..e414f07 100644
> --- a/conf/ovirt-server.conf
> +++ b/conf/ovirt-server.conf
> @@ -6,8 +6,9 @@ NameVirtualHost *:80
> </Location>
> </VirtualHost>
>
> -NameVirtualHost 192.168.50.2:443
> -<VirtualHost 192.168.50.2:443>
> +NameVirtualHost GuestNetIpAddress:443
> +NameVirtualHost AdminNetIpAddress:443
> +<VirtualHost GuestNetIpAddress:443 AdminNetIpAddress:443>
>
> RequestHeader set X_FORWARDED_PROTO 'https'
>
> diff --git a/installer/appliances/ovirt-appliance/ovirt-appliance.pp b/installer/appliances/ovirt-appliance/ovirt-appliance.pp
> index ffeceba..1c4e0b7 100644
> --- a/installer/appliances/ovirt-appliance/ovirt-appliance.pp
> +++ b/installer/appliances/ovirt-appliance/ovirt-appliance.pp
> @@ -6,12 +6,12 @@ firewall::setup{'setup': status => 'enabled'}
> firewall_rule{"ssh": destination_port => "22"}
>
> # dns configuration
> -$mgmt_ipaddr = '192.168.50.2'
> -$prov_ipaddr = '192.168.50.2'
> +$guest_ipaddr = '192.168.50.2'
> +$admin_ipaddr = '192.168.50.2'
> $ovirt_host = 'management.priv.ovirt.org'
> $ipa_host = 'management.priv.ovirt.org'
>
> -dns::bundled{setup: mgmt_ipaddr=> $mgmt_ipaddr, prov_ipaddr=> $prov_ipaddr, mgmt_dev => 'eth0', prov_dev => 'eth0'}
> +dns::bundled{setup: guest_ipaddr=> $guest_ipaddr, admin_ipaddr=> $admin_ipaddr, guest_dev => 'eth0', admin_dev => 'eth0'}
>
> # dhcp configuration
> $dhcp_interface = 'eth0'
> @@ -19,10 +19,10 @@ $dhcp_network = '192.168.50'
> $dhcp_start = '3'
> $dhcp_stop = '50'
> $dhcp_domain = 'priv.ovirt.org'
> -$ntp_server = $mgmt_ipaddr
> +$ntp_server = $guest_ipaddr
>
> -$prov_dns_server = '192.168.50.2'
> -$prov_network_gateway = '192.168.50.1'
> +$admin_dns_server = '192.168.50.2'
> +$admin_network_gateway = '192.168.50.1'
> # cobbler configuration
> $cobbler_hostname = 'localhost'
> $cobbler_user_name = 'cobbler'
> diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer
> index 1c5f992..b42912c 100755
> --- a/installer/bin/ovirt-installer
> +++ b/installer/bin/ovirt-installer
> @@ -127,11 +127,13 @@ else
> end
> end
>
> -mgmt_dev = prompt_for_answer("Enter your management interface:", :default => "eth0")
> -# For now only supporting one network interface
> -#prov_dev = prompt_for_answer("Enter your provisioning interface, this may also be your management interface:", :default => mgmt_dev)
> -prov_dev = mgmt_dev
> -#sep_networks = (mgmt_dev == prov_dev) ? "n" : "y"
> +guest_httpd_dev = prompt_for_answer("Enter the interface for the Guest network:", :default => "eth0")
> +admin_dev = prompt_for_answer("Enter the interface for the Admin network (this may be the same as the Guest network interface):", :default => "eth0")
> +
> +#FIXME: correctly configure separate networks.
> +#For now, define admin and guest networks to be the same
> +guest_dev = admin_dev
> +#sep_networks = (guest_dev == admin_dev) ? "n" : "y"
>
> ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management server (example: management.example.com):", :regex => IP_OR_FQDN)
> ipa_host = ovirt_host
> @@ -144,22 +146,24 @@ File.open('/etc/resolv.conf').each_line{ |line|
> }
> dns_servers = prompt_yes_no("Use this systems's dns servers?")
>
> -mgmt_ip = `ifconfig #{mgmt_dev}`
> -mgmt_ipaddr= mgmt_ip.scan(/\s*inet addr:([\d.]+)/)
> -prov_ip = `ifconfig #{prov_dev}`
> -prov_ipaddr= prov_ip.scan(/\s*inet addr:([\d.]+)/)
> +guest_httpd_ip = `ifconfig #{guest_httpd_dev}`
> +guest_httpd_ipaddr = guest_httpd_ip.scan(/\s*inet addr:([\d.]+)/)
> +guest_ip = `ifconfig #{guest_dev}`
> +guest_ipaddr = guest_ip.scan(/\s*inet addr:([\d.]+)/)
> +admin_ip = `ifconfig #{admin_dev}`
> +admin_ipaddr = admin_ip.scan(/\s*inet addr:([\d.]+)/)
>
> if dns_servers == "y"
> - mgmt_ipaddr_lookup = Socket.getaddrinfo(mgmt_ipaddr.to_s,nil)
> - mgmt_hostname = mgmt_ipaddr_lookup[1][2]
> - if mgmt_hostname.to_s != ipa_host.to_s
> - @cli.say("Reverse dns lookup for #{mgmt_ipaddr} failed, exiting")
> + guest_ipaddr_lookup = Socket.getaddrinfo(guest_ipaddr.to_s,nil)
> + guest_hostname = guest_ipaddr_lookup[1][2]
> + if guest_hostname.to_s != ipa_host.to_s
> + @cli.say("Reverse dns lookup for #{guest_ipaddr} failed, exiting")
> exit(0)
> end
>
> ipa_host_lookup = Socket.getaddrinfo(ipa_host,nil)
> ipa_hostip = ipa_host_lookup[1][3]
> - if ipa_hostip.to_s != mgmt_ipaddr.to_s
> + if ipa_hostip.to_s != guest_ipaddr.to_s
> @cli.say("Forward dns lookup for #{ipa_host} failed, exiting")
> exit(0)
> end
> @@ -170,13 +174,13 @@ dhcp_setup = prompt_yes_no("Does your provisioning network already have dhcp?")
> if dhcp_setup == "n"
> dnsdomainname = `/bin/dnsdomainname`
> default_gw = `route -n | grep 'UG'|awk {'print $2'}`
> - dhcp_interface = prov_dev
> + dhcp_interface = admin_dev
> dhcp_network = prompt_for_answer("Enter the first 3 octets of the dhcp network you wish to use (example: 192.168.50):", :regex => THREE_OCTETS)
> dhcp_start = prompt_for_answer("Enter the dhcp pool start address (example: 3):", :regex => OCTET)
> dhcp_stop = prompt_for_answer("Enter the dhcp pool end addess (example: 100):", :regex => OCTET)
> dhcp_domain = prompt_for_answer("Enter the dhcp domain you wish to use (example: example.com):", :default => dnsdomainname.chomp, :regex => IP_OR_FQDN)
> - prov_dns_server = prov_ip.scan(/\s*inet addr:([\d.]+)/)
> - prov_network_gateway = prompt_for_answer("Enter the network gateway for your provisioning network (example: 192.168.50.254):", :default => default_gw.chomp, :regex => IP_OR_FQDN)
> + admin_dns_server = admin_ip.scan(/\s*inet addr:([\d.]+)/)
> + admin_network_gateway = prompt_for_answer("Enter the network gateway for your provisioning network (example: 192.168.50.254):", :default => default_gw.chomp, :regex => IP_OR_FQDN)
> tftp_setup = prompt_yes_no("Provide pxe/tftp capability?")
> end
>
> @@ -229,8 +233,9 @@ firewall::setup{'setup':
> firewall_rule{"ssh": destination_port => "22"}
>
> #DNS Configuration
> -$mgmt_ipaddr = '<%= mgmt_ipaddr %>'
> -$prov_ipaddr = '<%= prov_ipaddr %>'
> +$guest_httpd_ipaddr = '<%= guest_httpd_ipaddr %>'
> +$guest_ipaddr = '<%= guest_ipaddr %>'
> +$admin_ipaddr = '<%= admin_ipaddr %>'
> $ovirt_host = '<%= ovirt_host %>'
> $ipa_host = '<%= ipa_host %>'
>
> @@ -239,10 +244,10 @@ dns::bundled{setup:
> <% else %>
> dns::remote{setup:
> <% end %>
> - mgmt_ipaddr=> $mgmt_ipaddr,
> - prov_ipaddr=> $prov_ipaddr,
> - mgmt_dev => '<%= mgmt_dev %>',
> - prov_dev => '<%= prov_dev %>'
> + guest_ipaddr=> $guest_ipaddr,
> + admin_ipaddr=> $admin_ipaddr,
> + guest_dev => '<%= guest_dev %>',
> + admin_dev => '<%= admin_dev %>'
> }
>
> # DHCP Configuration
> @@ -252,9 +257,9 @@ $dhcp_network = '<%= dhcp_network %>'
> $dhcp_start = '<%= dhcp_start %>'
> $dhcp_stop = '<%= dhcp_stop %>'
> $dhcp_domain = '<%= dhcp_domain %>'
> -$ntp_server = '<%= mgmt_ipaddr %>'
> -$prov_network_gateway = '<%= prov_network_gateway %>'
> -$prov_dns_server = '<%= prov_dns_server %>'
> +$ntp_server = '<%= guest_ipaddr %>'
> +$admin_network_gateway = '<%= admin_network_gateway %>'
> +$admin_dns_server = '<%= admin_dns_server %>'
> <% if tftp_setup == "y" %>
> include tftp::bundled
> <% end %>
> @@ -283,8 +288,8 @@ include cobbler::remote
> <% end %>
> <% if dhcp_setup == "n" %>
> include dhcp::bundled
> -firewall_rule{"nat-forward": chain => "FORWARD", in_interface => "<%= prov_dev %>", out_interface => "<%= mgmt_dev %>", protocol => ""}
> -firewall_rule{"nat-postrouting": table => "nat", chain => "POSTROUTING", out_interface => "<%= mgmt_dev %>", protocol => "", action => "MASQUERADE"}
> +firewall_rule{"nat-forward": chain => "FORWARD", in_interface => "<%= admin_dev %>", out_interface => "<%= guest_dev %>", protocol => ""}
> +firewall_rule{"nat-postrouting": table => "nat", chain => "POSTROUTING", out_interface => "<%= guest_dev %>", protocol => "", action => "MASQUERADE"}
> <% end %>
> include postgres::bundled
> include freeipa::bundled
> diff --git a/installer/modules/ovirt/manifests/cobbler.pp b/installer/modules/ovirt/manifests/cobbler.pp
> index 89b22b1..44e368b 100644
> --- a/installer/modules/ovirt/manifests/cobbler.pp
> +++ b/installer/modules/ovirt/manifests/cobbler.pp
> @@ -132,7 +132,7 @@ class cobbler::bundled {
> file_replacement{"settings_server":
> file => "/etc/cobbler/settings",
> pattern => "server: 127.0.0.1",
> - replacement => "server: $mgmt_ipaddr",
> + replacement => "server: $guest_ipaddr",
> require => Package[cobbler],
> notify => Service[cobblerd]
> }
> @@ -140,7 +140,7 @@ class cobbler::bundled {
> file_replacement{"settings_next_server":
> file => "/etc/cobbler/settings",
> pattern => "next_server: 127.0.0.1",
> - replacement => "next_server: $mgmt_ipaddr",
> + replacement => "next_server: $guest_ipaddr",
> require => Package[cobbler],
> notify => Service[cobblerd]
> }
> diff --git a/installer/modules/ovirt/manifests/dns.pp b/installer/modules/ovirt/manifests/dns.pp
> index 98d9942..57c128b 100644
> --- a/installer/modules/ovirt/manifests/dns.pp
> +++ b/installer/modules/ovirt/manifests/dns.pp
> @@ -22,7 +22,7 @@
>
> import "augeas"
>
> -define dns::common($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
> +define dns::common($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev="") {
>
> package {"dnsmasq":
> ensure => installed,
> @@ -43,7 +43,7 @@ define dns::common($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
> }
>
> single_exec {"add_dns_server_to_resolv.conf":
> - command => "/bin/sed -e '1i nameserver $prov_ipaddr' -i /etc/resolv.conf",
> + command => "/bin/sed -e '1i nameserver $admin_ipaddr' -i /etc/resolv.conf",
> require => [Single_exec["set_hostname"]]
> }
>
> @@ -61,18 +61,18 @@ define dns::common($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
>
> file_append {"dhclient_config":
> file => "/etc/dhclient.conf",
> - line => "prepend domain-name-servers $prov_ipaddr;",
> + line => "prepend domain-name-servers $admin_ipaddr;",
> require => [Single_exec["set_hostname"], Package["dnsmasq"], File["/etc/dhclient.conf"]] ,
> notify => Service[dnsmasq],
> }
> }
>
> -define dns::bundled($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
> +define dns::bundled($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev="") {
>
> - dns::common{"setup": mgmt_ipaddr=>$mgmt_ipaddr, prov_ipaddr=>$prov_ipaddr, mgmt_dev=>$mgmt_dev, prov_dev=>$prov_dev}
> + dns::common{"setup": guest_ipaddr=>$guest_ipaddr, admin_ipaddr=>$admin_ipaddr, guest_dev=>$guest_dev, admin_dev=>$admin_dev}
>
> - single_exec {"add_mgmt_server_to_etc_hosts":
> - command => "/bin/echo $mgmt_ipaddr $ipa_host >> /etc/hosts",
> + single_exec {"add_guest_server_to_etc_hosts":
> + command => "/bin/echo $guest_ipaddr $ipa_host >> /etc/hosts",
> notify => [Service[dnsmasq], Single_exec["add_dns_server_to_resolv.conf"]]
> }
>
> @@ -88,7 +88,7 @@ define dns::bundled($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="")
>
> }
>
> -define dns::remote($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
> +define dns::remote($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev="") {
>
> # On the pxe server you will need to ensure that the
> # next server option points to the ip address of the tftp server
> @@ -106,6 +106,6 @@ define dns::remote($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
> # Also A records must be present for each oVirt node. Without this they are unable
> # to determine their hostname and locate the management server.
>
> - dns::common{"setup": mgmt_ipaddr=>$mgmt_ipaddr, prov_ipaddr=>$prov_ipaddr, mgmt_dev=>$mgmt_dev, prov_dev=>$prov_dev}
> + dns::common{"setup": guest_ipaddr=>$guest_ipaddr, admin_ipaddr=>$admin_ipaddr, guest_dev=>$guest_dev, admin_dev=>$admin_dev}
>
> }
> diff --git a/installer/modules/ovirt/manifests/freeipa.pp b/installer/modules/ovirt/manifests/freeipa.pp
> index 09f77ed..aa806fe 100644
> --- a/installer/modules/ovirt/manifests/freeipa.pp
> +++ b/installer/modules/ovirt/manifests/freeipa.pp
> @@ -56,7 +56,7 @@ class freeipa::bundled{
>
> single_exec {"dnsmasq_restart":
> command => "/usr/bin/pkill dnsmasq;/etc/init.d/dnsmasq start",
> - require => [Single_exec[add_mgmt_server_to_etc_hosts],Package[dnsmasq]]
> + require => [Single_exec[add_guest_server_to_etc_hosts],Package[dnsmasq]]
> }
>
> single_exec {"ipa_server_install":
> diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp
> index 4df3cc7..723d758 100644
> --- a/installer/modules/ovirt/manifests/ovirt.pp
> +++ b/installer/modules/ovirt/manifests/ovirt.pp
> @@ -20,10 +20,17 @@
>
> class ovirt::setup {
>
> - file_replacement{"ovirt_httpd_config_change":
> + file_replacement{"ovirt_httpd_config_change_guest_net":
> file => "/etc/httpd/conf.d/ovirt-server.conf",
> - pattern => "192\.168\.50\.2",
> - replacement => "$mgmt_ipaddr",
> + pattern => "GuestNetIpAddress",
> + replacement => "$guest_httpd_ipaddr",
> + require => Package[ovirt-server]
> + }
> +
> + file_replacement{"ovirt_httpd_config_change_admin_net":
> + file => "/etc/httpd/conf.d/ovirt-server.conf",
> + pattern => "AdminNetIpAddress",
> + replacement => "$admin_ipaddr",
> require => Package[ovirt-server]
> }
>
> diff --git a/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb b/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb
> index acbdb39..dda7976 100644
> --- a/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb
> +++ b/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb
> @@ -3,8 +3,8 @@ bind-interfaces
> except-interface=lo
> dhcp-range=<%= dhcp_network %>.<%= dhcp_start %>,<%= dhcp_network%>.<%= dhcp_stop %>
> domain=<%= dhcp_domain %>
> -dhcp-option=option:router,<%= prov_network_gateway %>
> +dhcp-option=option:router,<%= admin_network_gateway %>
> dhcp-option=option:ntp-server,<%= ntp_server %>
> dhcp-option=12
> local=/<%= dhcp_domain %>/
> -server=<%= prov_dns_server %>
> +server=<%= admin_dns_server %>
>
ACK
More information about the ovirt-devel
mailing list