[debian-lan-devel] [SCM] Debian-LAN development and packaging branch, master, updated. debian/0.11-5-gbddd2b0
Andreas B. Mundt
andi at debian.org
Sat May 25 09:55:00 UTC 2013
The following commit has been merged in the master branch:
commit bddd2b0492ba83b9e2bb5964a92e9b471e9d066e
Author: Andreas B. Mundt <andi at debian.org>
Date: Fri May 24 20:02:13 2013 +0200
Switch to dynamic DNS updates. Improve DHCPd configuration.
All client related data is available in '/etc/dhcp/dhcpd.conf', no
need to modify the DNS setup if machines are added or modified.
diff --git a/fai/config/class/SERVER_A.var b/fai/config/class/SERVER_A.var
index 39128f2..349e223 100644
--- a/fai/config/class/SERVER_A.var
+++ b/fai/config/class/SERVER_A.var
@@ -70,7 +70,7 @@ SUBNETMASK="10.0.0.0/16"
FAINETMASK=${FAINETMASK:-'10.0.0.0/16'}
## DHCP range for unknown clients (cf. dhcpd.conf):
-RANGE="10.0.1.10 10.0.1.200"
+RANGE="10.0.1.100 10.0.1.199"
## IP address-endings for workstations and diskless machines (the list
## is generated using 'seq $WS_RANGE' respectively 'seq $DL_RANGE'):
diff --git a/fai/config/files/etc/rc.local/FAISERVER b/fai/config/files/etc/rc.local/FAISERVER
index 05c4926..eb83f9f 100755
--- a/fai/config/files/etc/rc.local/FAISERVER
+++ b/fai/config/files/etc/rc.local/FAISERVER
@@ -33,9 +33,8 @@ setup_nfsroot () {
## when fcopy'd:
echo -n "Creating pxelinux boot configurations: "
NUM=0
- for i in `seq WS_RANGE` ; do
- NUMSTR=`printf "%02d" $NUM`
- fai-chboot -IFvu $FAI_CONFIG_SRC workstation$NUMSTR &>> /var/log/fai/fai-chboot.log
+ for IPADDR in `seq WS_RANGE` ; do
+ fai-chboot -IFvu $FAI_CONFIG_SRC PREFIX.$IPADDR &>> /var/log/fai/fai-chboot.log
echo -n "."
NUM=$(($NUM+1))
done
@@ -46,6 +45,7 @@ setup_nfsroot () {
else
## create default configuration (sysinfo):
fai-chboot -Svu $FAI_CONFIG_SRC default &>> /var/log/fai/fai-chboot.log
+ sed -i "s/fai-generated/FAI System Information/g" $TFTPROOT/pxelinux.cfg/default
fi
}
@@ -79,9 +79,8 @@ EOF
## when fcopy'd:
echo -n "Creating pxelinux boot configurations: "
NUM=0
- for i in `seq DL_RANGE` ; do
- NUMSTR=`printf "%02d" $NUM`
- fai-chboot -vc diskless.tmpl diskless$NUMSTR &>> /var/log/fai/fai-chboot.log
+ for IPADDR in `seq DL_RANGE` ; do
+ fai-chboot -vc diskless.tmpl PREFIX.$IPADDR &>> /var/log/fai/fai-chboot.log
echo -n "."
NUM=$(($NUM+1))
done
diff --git a/fai/config/hooks/install.DEFAULT.source b/fai/config/hooks/install.DEFAULT.source
index 0a46e17..fb80ac1 100755
--- a/fai/config/hooks/install.DEFAULT.source
+++ b/fai/config/hooks/install.DEFAULT.source
@@ -28,9 +28,8 @@ fi
ValidHostnameRegex="^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$"
-if [ -n "$HOSTNAME" ] ; then
- echo "Hostname is '$HOSTNAME'."
-else
+if [ -z "$HOSTNAME" ] || ifclass ROAMING ; then
+ HOSTNAME=''
while [ -z "$HOSTNAME" ] ; do
if ! { inp=$(dialog --insecure --stdout --backtitle " Hostname " --inputbox \
"There is no hostname available. \nPlease enter a hostname:" 10 36); } ; then
diff --git a/fai/config/scripts/DNS_SERVER/10-zones b/fai/config/scripts/DNS_SERVER/10-zones
index d0c45e2..d69853c 100755
--- a/fai/config/scripts/DNS_SERVER/10-zones
+++ b/fai/config/scripts/DNS_SERVER/10-zones
@@ -10,6 +10,7 @@ set -e
PREFIX1=`echo $SUBNET | cut -d "." --fields=1`
PREFIX2=`echo $SUBNET | cut -d "." --fields=2`
FILE="/etc/bind/db.${PREFIX1}.${PREFIX2}"
+JOURNAL="/var/lib/bind/db.${PREFIX1}.${PREFIX2}.jnl"
if [ -e $target$FILE ]; then
exit 0
@@ -18,16 +19,22 @@ fi
ainsl /etc/bind/named.conf.local "include \"/etc/bind/localzones\";"
cat > $target/etc/bind/localzones <<EOF
+include "/etc/bind/ddns.key";
+
zone "${PREFIX2}.${PREFIX1}.in-addr.arpa" {
type master;
- notify yes;
+ notify no;
file "$FILE";
+ allow-update { key DHCP_UPDATER; };
+ journal "$JOURNAL";
};
zone "intern" {
type master;
- notify yes;
+ notify no;
file "/etc/bind/db.intern";
+ allow-update { key DHCP_UPDATER; };
+ journal "/var/lib/bind/db.intern.jnl";
};
EOF
@@ -47,20 +54,21 @@ cat > $target$FILE <<EOF
MX 10 mainserver.intern.
$REV.0 PTR mainserver.intern.
EOF
-NUM=0
-for IPADDR in `seq $WS_RANGE` ; do
- NUMSTR=`printf "%02d" $NUM`
- echo "${IPADDR}.0 PTR workstation${NUMSTR}.intern." \
- >> $target$FILE
- NUM=$(($NUM+1))
-done
-NUM=0
-for IPADDR in `seq $DL_RANGE` ; do
- NUMSTR=`printf "%02d" $NUM`
- echo "${IPADDR}.0 PTR diskless${NUMSTR}.intern." \
- >> $target$FILE
- NUM=$(($NUM+1))
-done
+## Uncomment if you prefere hardcoded DNS entries:
+# NUM=0
+# for IPADDR in `seq $WS_RANGE` ; do
+# NUMSTR=`printf "%02d" $NUM`
+# echo "${IPADDR}.0 PTR workstation${NUMSTR}.intern." \
+# >> $target$FILE
+# NUM=$(($NUM+1))
+# done
+# NUM=0
+# for IPADDR in `seq $DL_RANGE` ; do
+# NUMSTR=`printf "%02d" $NUM`
+# echo "${IPADDR}.0 PTR diskless${NUMSTR}.intern." \
+# >> $target$FILE
+# NUM=$(($NUM+1))
+# done
###################
@@ -81,6 +89,7 @@ _kerberos._udp SRV 100 0 88 mainserver.intern.
_kerberos-adm._tcp SRV 100 0 749 mainserver.intern.
_kpasswd._udp SRV 100 0 464 mainserver.intern.
ns CNAME mainserver.intern.
+dns CNAME mainserver.intern.
www CNAME mainserver.intern.
ntp CNAME mainserver.intern.
aptcache CNAME mainserver.intern.
@@ -102,19 +111,20 @@ faiserver CNAME mainserver.intern.
swapserver CNAME mainserver.intern.
EOF
-PREFIX=`echo $SUBNET | cut -d "." --fields=1,2,3`
-
-NUM=0
-for IPADDR in `seq $WS_RANGE` ; do
- NUMSTR=`printf "%02d" $NUM`
- echo "workstation${NUMSTR} A $PREFIX.$IPADDR" \
- >> $target/etc/bind/db.intern
- NUM=$(($NUM+1))
-done
-NUM=0
-for IPADDR in `seq $DL_RANGE` ; do
- NUMSTR=`printf "%02d" $NUM`
- echo "diskless${NUMSTR} A $PREFIX.$IPADDR" \
- >> $target/etc/bind/db.intern
- NUM=$(($NUM+1))
-done
+## Uncomment if you prefere hardcoded DNS entries:
+# PREFIX=`echo $SUBNET | cut -d "." --fields=1,2,3`
+#
+# NUM=0
+# for IPADDR in `seq $WS_RANGE` ; do
+# NUMSTR=`printf "%02d" $NUM`
+# echo "workstation${NUMSTR} A $PREFIX.$IPADDR" \
+# >> $target/etc/bind/db.intern
+# NUM=$(($NUM+1))
+# done
+# NUM=0
+# for IPADDR in `seq $DL_RANGE` ; do
+# NUMSTR=`printf "%02d" $NUM`
+# echo "diskless${NUMSTR} A $PREFIX.$IPADDR" \
+# >> $target/etc/bind/db.intern
+# NUM=$(($NUM+1))
+# done
diff --git a/fai/config/scripts/FAISERVER/10-config b/fai/config/scripts/FAISERVER/10-config
index 94e2f05..b8288ed 100755
--- a/fai/config/scripts/FAISERVER/10-config
+++ b/fai/config/scripts/FAISERVER/10-config
@@ -9,6 +9,8 @@ if [ "$FAI_ACTION" == "install" ] || [ "$CONVERT" == "true" ] ; then
fcopy /etc/rc.local
sed -i "s/WS_RANGE/${WS_RANGE}/g" $target/etc/rc.local
sed -i "s/DL_RANGE/${DL_RANGE}/g" $target/etc/rc.local
+ PREFIX=`echo $SUBNET | cut -d "." --fields=1,2,3`
+ sed -i "s/PREFIX/${PREFIX}/g" $target/etc/rc.local
if ifclass DISKLESS_SERVER ; then
sed -i "s%\(^.*\#\#DISKLESS_SERVER\#\#\)%\#\1%" $target/etc/rc.local
diff --git a/fai/config/scripts/FAISERVER/40-dhcp b/fai/config/scripts/FAISERVER/40-dhcp
index 0982b2e..cd978ff 100755
--- a/fai/config/scripts/FAISERVER/40-dhcp
+++ b/fai/config/scripts/FAISERVER/40-dhcp
@@ -6,38 +6,101 @@ if [ -e $target/etc/dhcp/dhcpd.conf_orig ]; then
exit 0
fi
+## Create keys for dynamic DNS update:
+CRKEY="$DATADIR/create_ddnskey"
+mkdir -p ${target}/$DATADIR
+
+cat > ${target}/$CRKEY <<EOF
+#!/bin/bash
+## create key for ddns
+set -e
+DIR=\$(pwd)
+cd $DATADIR
+
+if ls Kdhcp_updater* 2> /dev/null ; then
+ echo "Key exists already, nothing done!"
+ exit 1
+fi
+
+KEYFILE=\$(dnssec-keygen -a HMAC-MD5 -b 128 -r /dev/urandom -n USER DHCP_UPDATER).private
+KEY=\$(grep 'Key: ' \$KEYFILE | cut -d ' ' -f2)
+
+cat > $DATADIR/ddns.key <<END
+key DHCP_UPDATER {
+ algorithm HMAC-MD5;
+ secret "\$KEY";
+};
+END
+
+install -o root -g bind -m 0640 $DATADIR/ddns.key /etc/bind/ddns.key
+install -o root -g root -m 0640 $DATADIR/ddns.key /etc/dhcp/ddns.key
+cd \$DIR
+echo "Dynamic DNS update key created and installed."
+EOF
+
+chmod ug+x ${target}/$CRKEY
+$ROOTCMD $CRKEY
+
## Generate the DHCP configuration file 'dhcpd.conf'.
## Use variables from corresponding class/*.var file.
-mv $target/etc/dhcp/dhcpd.conf $target/etc/dhcp/dhcpd.conf_orig
+mv -v $target/etc/dhcp/dhcpd.conf $target/etc/dhcp/dhcpd.conf_orig
if [ -z ${NAMESERVER_IPADDR} ] ; then
NAMESERVER_IPADDR=$MAINSERVER_IPADDR
fi
+# FIXME: make this more general for different subnet masks.
+PREFIX1=`echo $SUBNET | cut -d "." --fields=1`
+PREFIX2=`echo $SUBNET | cut -d "." --fields=2`
+
cat > $target/etc/dhcp/dhcpd.conf <<EOF
# dhcpd.conf generated by $0
-option dhcp-max-message-size 2048;
-use-host-decl-names on;
+authoritative;
-option routers ${GATEWAY};
-option domain-name "intern";
-option domain-name-servers ${NAMESERVER_IPADDR};
-option ntp-servers ntp;
+option domain-name "intern";
+option domain-name-servers ${NAMESERVER_IPADDR};
+option routers ${GATEWAY};
+option ntp-servers ntp;
+option dhcp-max-message-size 2048;
-subnet ${SUBNET} netmask ${NETMASK} {
- allow unknown-clients;
- range ${RANGE};
+ddns-updates on;
+ddns-update-style interim;
+update-static-leases on;
+use-host-decl-names on;
+
+include "/etc/dhcp/ddns.key";
+
+zone intern. {
+ primary dns;
+ key DHCP_UPDATER;
+}
+
+zone ${PREFIX2}.${PREFIX1}.in-addr.arpa. {
+ primary dns;
+ key DHCP_UPDATER;
+}
+
+class "PXE-clients" {
+ match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
+ ddns-updates off;
+ max-lease-time 120;
server-name faiserver;
next-server faiserver;
filename "fai/pxelinux.0";
}
+subnet ${SUBNET} netmask ${NETMASK} {
+ pool {
+ allow unknown-clients;
+ max-lease-time 7200;
+ range ${RANGE};
+ option host-name = concat("guest",suffix(binary-to-ascii(10,8,".",suffix(leased-address,1)),2));
+ }
+}
+
group {
- server-name faiserver;
- next-server faiserver;
- filename "fai/pxelinux.0";
on commit {
execute("/usr/local/sbin/dhcpd-keytab", host-decl-name);
@@ -50,7 +113,7 @@ PREFIX=`echo $SUBNET | cut -d "." --fields=1,2,3`
NUM=0
for IPADDR in `seq $WS_RANGE` ; do
NUMSTR=`printf "%02d" $NUM`
- echo " host workstation${NUMSTR} {hardware ethernet A1:B2:C3:D4:E5:${NUMSTR}; fixed-address $PREFIX.$IPADDR;}" \
+ echo " host workstation${NUMSTR} {hardware ethernet A1:B2:C3:D4:E5:${NUMSTR}; fixed-address $PREFIX.$IPADDR; ddns-hostname workstation${NUMSTR};}" \
>> $target/etc/dhcp/dhcpd.conf
NUM=$(($NUM+1))
done
@@ -58,17 +121,13 @@ echo "}" >> $target/etc/dhcp/dhcpd.conf
cat >> $target/etc/dhcp/dhcpd.conf <<EOF
group {
- server-name faiserver;
- next-server faiserver;
- filename "fai/pxelinux.0";
EOF
NUM=0
for IPADDR in `seq $DL_RANGE` ; do
NUMSTR=`printf "%02d" $NUM`
- echo " host diskless${NUMSTR} {hardware ethernet A1:B2:C3:D4:E5:${NUMSTR}; fixed-address $PREFIX.$IPADDR;}" \
+ echo " host diskless${NUMSTR} {hardware ethernet A1:B2:C3:D4:E5:${NUMSTR}; fixed-address $PREFIX.$IPADDR; ddns-hostname diskless${NUMSTR};}" \
>> $target/etc/dhcp/dhcpd.conf
NUM=$(($NUM+1))
done
echo "}" >> $target/etc/dhcp/dhcpd.conf
-
--
Debian-LAN development and packaging
More information about the debian-lan-devel
mailing list