Commit 802ed2aa authored by Klaus Aehlig's avatar Klaus Aehlig
Browse files

Add generic daemon options support binding to interfaces



In some situations, it is desirable to bind one of our servers only to
a particular interface, like eth0, instead of an IP address. Therefore,
add an option -i to specify an interface; its address will then be bound
to.
Signed-off-by: default avatarKlaus Aehlig <aehlig@google.com>
Reviewed-by: default avatarHelga Velroyen <helgav@google.com>
parent 194775f5
......@@ -712,12 +712,12 @@ def GenericMain(daemon_name, optionparser,
default=constants.SYSLOG_USAGE,
choices=["no", "yes", "only"])
family = ssconf.SimpleStore().GetPrimaryIPFamily()
# family will default to AF_INET if there is no ssconf file (e.g. when
# upgrading a cluster from 2.2 -> 2.3. This is intended, as Ganeti clusters
# <= 2.2 can not be AF_INET6
if daemon_name in constants.DAEMONS_PORTS:
default_bind_address = constants.IP4_ADDRESS_ANY
family = ssconf.SimpleStore().GetPrimaryIPFamily()
# family will default to AF_INET if there is no ssconf file (e.g. when
# upgrading a cluster from 2.2 -> 2.3. This is intended, as Ganeti clusters
# <= 2.2 can not be AF_INET6
if family == netutils.IP6Address.family:
default_bind_address = constants.IP6_ADDRESS_ANY
......@@ -731,6 +731,8 @@ def GenericMain(daemon_name, optionparser,
help=("Bind address (default: '%s')" %
default_bind_address),
default=default_bind_address, metavar="ADDRESS")
optionparser.add_option("-i", "--interface", dest="bind_interface",
help=("Bind interface"), metavar="INTERFACE")
if default_ssl_key is not None and default_ssl_cert is not None:
optionparser.add_option("--no-ssl", dest="ssl",
......@@ -753,6 +755,24 @@ def GenericMain(daemon_name, optionparser,
options, args = optionparser.parse_args()
if getattr(options, "bind_interface", None) is not None:
if options.bind_address != default_bind_address:
msg = ("Can't specify both, bind address (%s) and bind interface (%s)" %
(options.bind_address, options.bind_interface))
print >> sys.stderr, msg
sys.exit(constants.EXIT_FAILURE)
interface_ip_addresses = \
netutils.GetInterfaceIpAddresses(options.bind_interface)
if family == netutils.IP6Address.family:
if_addresses = interface_ip_addresses[constants.IP6_VERSION]
else:
if_addresses = interface_ip_addresses[constants.IP4_VERSION]
if len(if_addresses) < 1:
msg = "Failed to find IP for interface %s" % options.bind_interace
print >> sys.stderr, msg
sys.exit(constants.EXIT_FAILURE)
options.bind_address = if_addresses[0]
if getattr(options, "ssl", False):
ssl_paths = {
"certificate": options.ssl_cert,
......
......@@ -1177,7 +1177,8 @@ def Main():
"""
parser = OptionParser(description="Ganeti node daemon",
usage="%prog [-f] [-d] [-p port] [-b ADDRESS]",
usage="%prog [-f] [-d] [-p port] [-b ADDRESS]\
\ [-i INTERFACE]",
version="%%prog (ganeti) %s" %
constants.RELEASE_VERSION)
parser.add_option("--no-mlock", dest="mlock",
......
......@@ -360,7 +360,8 @@ def Main():
"""
parser = optparse.OptionParser(description="Ganeti Remote API",
usage="%prog [-f] [-d] [-p port] [-b ADDRESS]",
usage="%prog [-f] [-d] [-p port] [-b ADDRESS]\
\ [-i INTERFACE]",
version="%%prog (ganeti) %s" %
constants.RELEASE_VERSION)
parser.add_option("--require-authentication", dest="reqauth",
......
......@@ -9,7 +9,7 @@ ganeti-noded - Ganeti node daemon
Synopsis
--------
**ganeti-noded** [-f] [-d] [-p *PORT*] [-b *ADDRESS*]
**ganeti-noded** [-f] [-d] [-p *PORT*] [-b *ADDRESS*] [-i *INTERFACE*]
[--no-mlock] [--syslog] [--no-ssl] [-K *SSL_KEY_FILE*] [-C *SSL_CERT_FILE*]
DESCRIPTION
......@@ -35,7 +35,8 @@ The **ganeti-noded** daemon listens to port 1811 TCP, on all
interfaces, by default. The port can be overridden by an entry in the
services database (usually ``/etc/services``) or by passing the ``-p``
option. The ``-b`` option can be used to specify the address to bind
to (defaults to ``0.0.0.0``).
to (defaults to ``0.0.0.0``); alternatively, the ``-i`` option can be
used to specify the interface to bind do.
Ganeti noded communication is protected via SSL, with a key
generated at cluster init time. This can be disabled with the
......
......@@ -9,7 +9,7 @@ ganeti-rapi - Ganeti remote API daemon
Synopsis
--------
| **ganeti-rapi** [-d] [-f] [-p *PORT] [-b *ADDRESS*]
| **ganeti-rapi** [-d] [-f] [-p *PORT] [-b *ADDRESS*] [-i *INTERFACE*]
| [\--no-ssl] [-K *SSL_KEY_FILE*] [-C *SSL_CERT_FILE*]
| [\--require-authentication]
......@@ -28,7 +28,8 @@ The daemon will listen to the "ganeti-rapi" TCP port, as listed in the
system services database, or if not defined, to port 5080 by default.
The port can be overridded by passing the ``-p`` option. The ``-b``
option can be used to specify the address to bind to (defaults to
``0.0.0.0``).
``0.0.0.0``); alternatively, the ``-i`` option can be used to specify
the interface to bind do.
See the *Ganeti remote API* documentation for further information.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment