#!/bin/bash # # Copyright (C) 2014 Google Inc. # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are # met: # # 1. Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS # IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, # EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # This script is a hook called to configure new TAP network interfaces # used for instance communication, and it should be called whenever a # new instance is started. # # This script configures the new interface but it also performs # maintenance on the network interfaces that have been configured # before, by checking whether those TAP interfaces still exist, etc. # # This script also controls the DHCP server that leases IP address for # instances, i.e., the NICs inside the instances, not the TAP # interfaces. The DHCP server is started and restarted # as necessary and always with up-to-date configuration files. # # This script expects the following environment variables # # INTERFACE: network interface name to be configured # MODE: networking mode for 'INTERFACE' (must be 'routed') # MAC: MAC address for 'INTERFACE' # IP: IP address for 'INTERFACE' source @PKGLIBDIR@/net-common readonly NETMASK=255.255.255.255 readonly DNSMASQ_CONF=/var/run/ganeti/dnsmasq.conf readonly DNSMASQ_HOSTS=/var/run/ganeti/dnsmasq.hosts readonly DNSMASQ_PID=/var/run/ganeti/dnsmasq.pid # join intercalates a sequence of arguments using the given separator function join { local IFS="$1" shift echo "$*" } # restart_dnsmasq restarts the DHCP server dnsmasq with the (possibly # up-to-date) configuration file. # # If all instances have been terminated, which means there are no more # TAP network interfaces to monitor or IP addresses to lease, the DHCP # server is terminated through 'SIGTERM'. # # If there are still instances running, it will be restarted and the # configuration file will be passed it. function restart_dnsmasq { local RUNNING= local PID if [ -f "$DNSMASQ_PID" ] then PID=$(cat $DNSMASQ_PID) if [ -n "$PID" ] && ps -p "$PID" then RUNNING=yes fi fi if [ "$RUNNING" = yes ] then kill -TERM $PID # wait for the process to die while kill -0 $PID 2>/dev/null do sleep 1 done rm -f $DNSMASQ_PID fi if [ -n "$ALIVE_INTERFACES" -a -n "$ALIVE_LEASES" ] then dnsmasq -C $DNSMASQ_CONF fi return 0 } # Check that environment variable 'INTERFACE' exists. # # This environment variable holds the TAP network interface that # should be configured by this script. Ganeti always passes it, # but... :) if [ -z "$INTERFACE" ] then echo ifup-os: Failed to configure communication mechanism \ interface because the \'INTERFACE\' environment variable was \ not specified to the script exit 1 fi # Check that environment variable 'MODE' exists. # # See comment about environment variable 'INTERFACE'. if [ -z "$MODE" ] then echo ifup-os: Failed to configure communication mechanism \ interface because the \'MODE\' environment variable was \ not specified to the script exit 1 fi # Check whether the interface being configured has instance # communication enabled, otherwise exit this script. if ! is_instance_communication_tap; then exit 0; fi # Check that environment variable 'MAC' exists. # # See comment about environment variable 'INTERFACE'. if [ -z "$MAC" ] then echo ifup-os: Failed to configure communication mechanism \ interface because the \'MAC\' environment variable was \ not specified to the script exit 1 fi # Check that environment variable 'IP' exists. # # See comment about environment variable 'INTERFACE'. if [ -z "$IP" ] then echo ifup-os: Failed to configure communication mechanism \ interface because the \'IP\' environment variable was \ not specified to the script exit 1 fi # Configure the TAP interface # # Ganeti defers the configuration of instance network interfaces to # hooks, therefore, we must configure the interface's network address, # netmask, and IP address. # # The TAP network interface, which is used by the instance # communication, is part of the network 169.254.0.0/16 and has the IP # 169.254.169.254. Because all network interfaces used in the # instance communication have the same IP, the routing table must also # be configured, and that is done at a later step. # # Note the interface must be marked as up before configuring the # routing table and before starting/restarting the DHCP server. # # Note also that we don't have to check whether the interface is # already configured because reconfiguring the interface with the same # parameters does not produce an error. ifconfig $INTERFACE 169.254.169.254 netmask $NETMASK up # There is a known bug where UDP packets comming from a host to a XEN # guest are missing checksums. There are several ways how to tackle the # issue, for example fixing the checksums using iptables (requires a # newer version): # # iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM \ # --checksum-fill # # The easiest one currently seems to be to just turn checksumming off # for this direction: ethtool -K $INTERFACE tx off || true # Configure the routing table # # Given that all TAP network interfaces in the instance communication # have the same IP address, the routing table must be configured in # order to properly route traffic from the host to the guests. # # Note that we must first check if a duplicate routing rule has # already been added to the routing table, as this operation will fail # if we try to add a routing rule that already exists. ACTIVE_IP=$(ip route | grep "dev $INTERFACE" | awk '{ print $1 }') if [ -z "$ACTIVE_IP" -o "$ACTIVE_IP" != "$IP" ] then route add -host $IP dev $INTERFACE fi # Ensure the DHCP server configuration files exist touch $DNSMASQ_CONF chmod 0644 $DNSMASQ_CONF touch $DNSMASQ_HOSTS chmod 0644 $DNSMASQ_HOSTS # Determine dnsmasq operational mode. # # The DHCP server dnsmasq can run in different modes. In this version # of the script, only the mode 'bind-dynamic' is supported. Please # refer to the dnsmasq FAQ for a detailed of each mode. # # Note that dnsmasq might already be running, therefore, we don't need # to determine which modes are supported by this DHCP server. # Instead, we just read the current mode from the configuration file. DNSMASQ_MODE=$(head -n 1 $DNSMASQ_CONF) if [ -z "$DNSMASQ_MODE" ] then BIND_DYNAMIC=$(dnsmasq --help | grep -e --bind-dynamic) if [ -z "$BIND_DYNAMIC" ] then echo ifup-os: dnsmasq mode \"bind-dynamic\" is not supported exit 1 fi DNSMASQ_MODE=bind-dynamic fi # Determine the interfaces that should go in the configuration file. # # The TAP network interfaces used by the instance communication are # named after the following pattern # # gnt.com.%d # # where '%d' is a unique number within the host. Fortunately, dnsmasq # supports binding to specific network interfaces via a pattern. ALIVE_INTERFACES=${GANETI_TAP}.* # Determine which of the leases are not duplicated and should go in # the new configuration file for the DHCP server. # # Given that instances come and go, it is possible that we offer more # leases that necessary and, worse, that we have duplicate leases, # that is, the same IP address for the same/different MAC addresses. # Duplicate leases must be eliminated before being written to the # configuration file. CONF_LEASES=$(cat $DNSMASQ_HOSTS) CONF_LEASES=$(join $'\n' $CONF_LEASES | sort -u) ALIVE_LEASES=( $MAC,$IP ) for i in $CONF_LEASES do LEASE_MAC=$(echo $i | cut -d "," -f 1) LEASE_IP=$(echo $i | cut -d "," -f 2) if [ "$LEASE_MAC" != "$MAC" -a "$LEASE_IP" != "$IP" ] then ALIVE_LEASES=( ${ALIVE_LEASES[@]} $i ) fi done ALIVE_LEASES=$(echo ${ALIVE_LEASES[@]} | sort -u) # Update dnsmasq configuration. # # Write the parameters we have collected before into the new dnsmasq # configuration file. Also, write the new leases into the new dnsmasq # hosts file. Finally, restart dnsmasq with the new configuration # files. cat > $DNSMASQ_CONF <> $DNSMASQ_CONF; done echo -n > $DNSMASQ_HOSTS for i in $ALIVE_LEASES; do echo $i >> $DNSMASQ_HOSTS; done restart_dnsmasq