Steve Linabery
2009-Mar-16 20:57 UTC
[Ovirt-devel] [PATCH server] Force ovirt ssl conf to listen on both Admin and Guest network interfaces.
Variable name change in ovirt-installer and associated .pp (et al) files for consistency with current documented architecture diagrams. --- conf/ovirt-server.conf | 5 +- .../appliances/ovirt-appliance/ovirt-appliance.pp | 12 ++-- installer/bin/ovirt-installer | 60 ++++++++++--------- installer/modules/ovirt/manifests/cobbler.pp | 4 +- installer/modules/ovirt/manifests/dns.pp | 18 +++--- installer/modules/ovirt/manifests/freeipa.pp | 2 +- installer/modules/ovirt/manifests/ovirt.pp | 13 +++- .../modules/ovirt/templates/ovirt-dhcp.conf.erb | 4 +- 8 files changed, 65 insertions(+), 53 deletions(-) diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf index ab192ae..e414f07 100644 --- a/conf/ovirt-server.conf +++ b/conf/ovirt-server.conf @@ -6,8 +6,9 @@ NameVirtualHost *:80 </Location> </VirtualHost> -NameVirtualHost 192.168.50.2:443 -<VirtualHost 192.168.50.2:443> +NameVirtualHost GuestNetIpAddress:443 +NameVirtualHost AdminNetIpAddress:443 +<VirtualHost GuestNetIpAddress:443 AdminNetIpAddress:443> RequestHeader set X_FORWARDED_PROTO 'https' diff --git a/installer/appliances/ovirt-appliance/ovirt-appliance.pp b/installer/appliances/ovirt-appliance/ovirt-appliance.pp index ffeceba..4ad503d 100644 --- a/installer/appliances/ovirt-appliance/ovirt-appliance.pp +++ b/installer/appliances/ovirt-appliance/ovirt-appliance.pp @@ -6,12 +6,12 @@ firewall::setup{'setup': status => 'enabled'} firewall_rule{"ssh": destination_port => "22"} # dns configuration -$mgmt_ipaddr = '192.168.50.2' -$prov_ipaddr = '192.168.50.2' +$admin_ipaddr = '192.168.50.2' +$guest_ipaddr = '192.168.50.2' $ovirt_host = 'management.priv.ovirt.org' $ipa_host = 'management.priv.ovirt.org' -dns::bundled{setup: mgmt_ipaddr=> $mgmt_ipaddr, prov_ipaddr=> $prov_ipaddr, mgmt_dev => 'eth0', prov_dev => 'eth0'} +dns::bundled{setup: admin_ipaddr=> $admin_ipaddr, guest_ipaddr=> $guest_ipaddr, admin_dev => 'eth0', guest_dev => 'eth0'} # dhcp configuration $dhcp_interface = 'eth0' @@ -19,10 +19,10 @@ $dhcp_network = '192.168.50' $dhcp_start = '3' $dhcp_stop = '50' $dhcp_domain = 'priv.ovirt.org' -$ntp_server = $mgmt_ipaddr +$ntp_server = $admin_ipaddr -$prov_dns_server = '192.168.50.2' -$prov_network_gateway = '192.168.50.1' +$guest_dns_server = '192.168.50.2' +$guest_network_gateway = '192.168.50.1' # cobbler configuration $cobbler_hostname = 'localhost' $cobbler_user_name = 'cobbler' diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer index 1c5f992..1f059d5 100755 --- a/installer/bin/ovirt-installer +++ b/installer/bin/ovirt-installer @@ -127,11 +127,13 @@ else end end -mgmt_dev = prompt_for_answer("Enter your management interface:", :default => "eth0") -# For now only supporting one network interface -#prov_dev = prompt_for_answer("Enter your provisioning interface, this may also be your management interface:", :default => mgmt_dev) -prov_dev = mgmt_dev -#sep_networks = (mgmt_dev == prov_dev) ? "n" : "y" +admin_httpd_dev = prompt_for_answer("Enter the interface for the Admin network:", :default => "eth0") +guest_dev = prompt_for_answer("Enter the interface for the Guest network (this may be the same as the Admin interface):", :default => "eth0") + +#FIXME: correctly configure separate networks. +#For now, define admin and guest networks to be the same +admin_dev = guest_dev +#sep_networks = (admin_dev == guest_dev) ? "n" : "y" ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management server (example: management.example.com):", :regex => IP_OR_FQDN) ipa_host = ovirt_host @@ -144,22 +146,24 @@ File.open('/etc/resolv.conf').each_line{ |line| } dns_servers = prompt_yes_no("Use this systems's dns servers?") -mgmt_ip = `ifconfig #{mgmt_dev}` -mgmt_ipaddr= mgmt_ip.scan(/\s*inet addr:([\d.]+)/) -prov_ip = `ifconfig #{prov_dev}` -prov_ipaddr= prov_ip.scan(/\s*inet addr:([\d.]+)/) +admin_httpd_ip = `ifconfig #{admin_httpd_dev}` +admin_httpd_ipaddr = admin_httpd_ip.scan(/\s*inet addr:([\d.]+)/) +admin_ip = `ifconfig #{admin_dev}` +admin_ipaddr = admin_ip.scan(/\s*inet addr:([\d.]+)/) +guest_ip = `ifconfig #{guest_dev}` +guest_ipaddr = guest_ip.scan(/\s*inet addr:([\d.]+)/) if dns_servers == "y" - mgmt_ipaddr_lookup = Socket.getaddrinfo(mgmt_ipaddr.to_s,nil) - mgmt_hostname = mgmt_ipaddr_lookup[1][2] - if mgmt_hostname.to_s != ipa_host.to_s - @cli.say("Reverse dns lookup for #{mgmt_ipaddr} failed, exiting") + admin_ipaddr_lookup = Socket.getaddrinfo(admin_ipaddr.to_s,nil) + admin_hostname = admin_ipaddr_lookup[1][2] + if admin_hostname.to_s != ipa_host.to_s + @cli.say("Reverse dns lookup for #{admin_ipaddr} failed, exiting") exit(0) end ipa_host_lookup = Socket.getaddrinfo(ipa_host,nil) ipa_hostip = ipa_host_lookup[1][3] - if ipa_hostip.to_s != mgmt_ipaddr.to_s + if ipa_hostip.to_s != admin_ipaddr.to_s @cli.say("Forward dns lookup for #{ipa_host} failed, exiting") exit(0) end @@ -170,13 +174,13 @@ dhcp_setup = prompt_yes_no("Does your provisioning network already have dhcp?") if dhcp_setup == "n" dnsdomainname = `/bin/dnsdomainname` default_gw = `route -n | grep 'UG'|awk {'print $2'}` - dhcp_interface = prov_dev + dhcp_interface = guest_dev dhcp_network = prompt_for_answer("Enter the first 3 octets of the dhcp network you wish to use (example: 192.168.50):", :regex => THREE_OCTETS) dhcp_start = prompt_for_answer("Enter the dhcp pool start address (example: 3):", :regex => OCTET) dhcp_stop = prompt_for_answer("Enter the dhcp pool end addess (example: 100):", :regex => OCTET) dhcp_domain = prompt_for_answer("Enter the dhcp domain you wish to use (example: example.com):", :default => dnsdomainname.chomp, :regex => IP_OR_FQDN) - prov_dns_server = prov_ip.scan(/\s*inet addr:([\d.]+)/) - prov_network_gateway = prompt_for_answer("Enter the network gateway for your provisioning network (example: 192.168.50.254):", :default => default_gw.chomp, :regex => IP_OR_FQDN) + guest_dns_server = guest_ip.scan(/\s*inet addr:([\d.]+)/) + guest_network_gateway = prompt_for_answer("Enter the network gateway for your provisioning network (example: 192.168.50.254):", :default => default_gw.chomp, :regex => IP_OR_FQDN) tftp_setup = prompt_yes_no("Provide pxe/tftp capability?") end @@ -229,8 +233,8 @@ firewall::setup{'setup': firewall_rule{"ssh": destination_port => "22"} #DNS Configuration -$mgmt_ipaddr = '<%= mgmt_ipaddr %>' -$prov_ipaddr = '<%= prov_ipaddr %>' +$admin_ipaddr = '<%= admin_ipaddr %>' +$guest_ipaddr = '<%= guest_ipaddr %>' $ovirt_host = '<%= ovirt_host %>' $ipa_host = '<%= ipa_host %>' @@ -239,10 +243,10 @@ dns::bundled{setup: <% else %> dns::remote{setup: <% end %> - mgmt_ipaddr=> $mgmt_ipaddr, - prov_ipaddr=> $prov_ipaddr, - mgmt_dev => '<%= mgmt_dev %>', - prov_dev => '<%= prov_dev %>' + admin_ipaddr=> $admin_ipaddr, + guest_ipaddr=> $guest_ipaddr, + admin_dev => '<%= admin_dev %>', + guest_dev => '<%= guest_dev %>' } # DHCP Configuration @@ -252,9 +256,9 @@ $dhcp_network = '<%= dhcp_network %>' $dhcp_start = '<%= dhcp_start %>' $dhcp_stop = '<%= dhcp_stop %>' $dhcp_domain = '<%= dhcp_domain %>' -$ntp_server = '<%= mgmt_ipaddr %>' -$prov_network_gateway = '<%= prov_network_gateway %>' -$prov_dns_server = '<%= prov_dns_server %>' +$ntp_server = '<%= admin_ipaddr %>' +$guest_network_gateway = '<%= guest_network_gateway %>' +$guest_dns_server = '<%= guest_dns_server %>' <% if tftp_setup == "y" %> include tftp::bundled <% end %> @@ -283,8 +287,8 @@ include cobbler::remote <% end %> <% if dhcp_setup == "n" %> include dhcp::bundled -firewall_rule{"nat-forward": chain => "FORWARD", in_interface => "<%= prov_dev %>", out_interface => "<%= mgmt_dev %>", protocol => ""} -firewall_rule{"nat-postrouting": table => "nat", chain => "POSTROUTING", out_interface => "<%= mgmt_dev %>", protocol => "", action => "MASQUERADE"} +firewall_rule{"nat-forward": chain => "FORWARD", in_interface => "<%= guest_dev %>", out_interface => "<%= admin_dev %>", protocol => ""} +firewall_rule{"nat-postrouting": table => "nat", chain => "POSTROUTING", out_interface => "<%= admin_dev %>", protocol => "", action => "MASQUERADE"} <% end %> include postgres::bundled include freeipa::bundled diff --git a/installer/modules/ovirt/manifests/cobbler.pp b/installer/modules/ovirt/manifests/cobbler.pp index 89b22b1..a903694 100644 --- a/installer/modules/ovirt/manifests/cobbler.pp +++ b/installer/modules/ovirt/manifests/cobbler.pp @@ -132,7 +132,7 @@ class cobbler::bundled { file_replacement{"settings_server": file => "/etc/cobbler/settings", pattern => "server: 127.0.0.1", - replacement => "server: $mgmt_ipaddr", + replacement => "server: $admin_ipaddr", require => Package[cobbler], notify => Service[cobblerd] } @@ -140,7 +140,7 @@ class cobbler::bundled { file_replacement{"settings_next_server": file => "/etc/cobbler/settings", pattern => "next_server: 127.0.0.1", - replacement => "next_server: $mgmt_ipaddr", + replacement => "next_server: $admin_ipaddr", require => Package[cobbler], notify => Service[cobblerd] } diff --git a/installer/modules/ovirt/manifests/dns.pp b/installer/modules/ovirt/manifests/dns.pp index 98d9942..2bcca98 100644 --- a/installer/modules/ovirt/manifests/dns.pp +++ b/installer/modules/ovirt/manifests/dns.pp @@ -22,7 +22,7 @@ import "augeas" -define dns::common($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { +define dns::common($admin_ipaddr="", $guest_ipaddr="",$admin_dev="",$guest_dev="") { package {"dnsmasq": ensure => installed, @@ -43,7 +43,7 @@ define dns::common($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { } single_exec {"add_dns_server_to_resolv.conf": - command => "/bin/sed -e '1i nameserver $prov_ipaddr' -i /etc/resolv.conf", + command => "/bin/sed -e '1i nameserver $guest_ipaddr' -i /etc/resolv.conf", require => [Single_exec["set_hostname"]] } @@ -61,18 +61,18 @@ define dns::common($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { file_append {"dhclient_config": file => "/etc/dhclient.conf", - line => "prepend domain-name-servers $prov_ipaddr;", + line => "prepend domain-name-servers $guest_ipaddr;", require => [Single_exec["set_hostname"], Package["dnsmasq"], File["/etc/dhclient.conf"]] , notify => Service[dnsmasq], } } -define dns::bundled($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { +define dns::bundled($admin_ipaddr="", $guest_ipaddr="",$admin_dev="",$guest_dev="") { - dns::common{"setup": mgmt_ipaddr=>$mgmt_ipaddr, prov_ipaddr=>$prov_ipaddr, mgmt_dev=>$mgmt_dev, prov_dev=>$prov_dev} + dns::common{"setup": admin_ipaddr=>$admin_ipaddr, guest_ipaddr=>$guest_ipaddr, admin_dev=>$admin_dev, guest_dev=>$guest_dev} - single_exec {"add_mgmt_server_to_etc_hosts": - command => "/bin/echo $mgmt_ipaddr $ipa_host >> /etc/hosts", + single_exec {"add_admin_server_to_etc_hosts": + command => "/bin/echo $admin_ipaddr $ipa_host >> /etc/hosts", notify => [Service[dnsmasq], Single_exec["add_dns_server_to_resolv.conf"]] } @@ -88,7 +88,7 @@ define dns::bundled($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") } -define dns::remote($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { +define dns::remote($admin_ipaddr="", $guest_ipaddr="",$admin_dev="",$guest_dev="") { # On the pxe server you will need to ensure that the # next server option points to the ip address of the tftp server @@ -106,6 +106,6 @@ define dns::remote($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { # Also A records must be present for each oVirt node. Without this they are unable # to determine their hostname and locate the management server. - dns::common{"setup": mgmt_ipaddr=>$mgmt_ipaddr, prov_ipaddr=>$prov_ipaddr, mgmt_dev=>$mgmt_dev, prov_dev=>$prov_dev} + dns::common{"setup": admin_ipaddr=>$admin_ipaddr, guest_ipaddr=>$guest_ipaddr, admin_dev=>$admin_dev, guest_dev=>$guest_dev} } diff --git a/installer/modules/ovirt/manifests/freeipa.pp b/installer/modules/ovirt/manifests/freeipa.pp index 09f77ed..01f0f53 100644 --- a/installer/modules/ovirt/manifests/freeipa.pp +++ b/installer/modules/ovirt/manifests/freeipa.pp @@ -56,7 +56,7 @@ class freeipa::bundled{ single_exec {"dnsmasq_restart": command => "/usr/bin/pkill dnsmasq;/etc/init.d/dnsmasq start", - require => [Single_exec[add_mgmt_server_to_etc_hosts],Package[dnsmasq]] + require => [Single_exec[add_admin_server_to_etc_hosts],Package[dnsmasq]] } single_exec {"ipa_server_install": diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp index 4df3cc7..2346046 100644 --- a/installer/modules/ovirt/manifests/ovirt.pp +++ b/installer/modules/ovirt/manifests/ovirt.pp @@ -20,10 +20,17 @@ class ovirt::setup { - file_replacement{"ovirt_httpd_config_change": + file_replacement{"ovirt_httpd_config_change_admin_net": file => "/etc/httpd/conf.d/ovirt-server.conf", - pattern => "192\.168\.50\.2", - replacement => "$mgmt_ipaddr", + pattern => "AdminNetIpAddress", + replacement => "$admin_httpd_ipaddr", + require => Package[ovirt-server] + } + + file_replacement{"ovirt_httpd_config_change_guest_net": + file => "/etc/httpd/conf.d/ovirt-server.conf", + pattern => "GuestNetIpAddress", + replacement => "$guest_ipaddr", require => Package[ovirt-server] } diff --git a/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb b/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb index acbdb39..79575ea 100644 --- a/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb +++ b/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb @@ -3,8 +3,8 @@ bind-interfaces except-interface=lo dhcp-range=<%= dhcp_network %>.<%= dhcp_start %>,<%= dhcp_network%>.<%= dhcp_stop %> domain=<%= dhcp_domain %> -dhcp-option=option:router,<%= prov_network_gateway %> +dhcp-option=option:router,<%= guest_network_gateway %> dhcp-option=option:ntp-server,<%= ntp_server %> dhcp-option=12 local=/<%= dhcp_domain %>/ -server=<%= prov_dns_server %> +server=<%= guest_dns_server %> -- 1.6.0.6
Steve Linabery
2009-Mar-16 21:44 UTC
[Ovirt-devel] Re: [PATCH server] Force ovirt ssl conf to listen on both Admin and Guest network interfaces.
On Mon, Mar 16, 2009 at 03:57:15PM -0500, Steve Linabery wrote:> Variable name change in ovirt-installer and associated .pp (et al) files for > consistency with current documented architecture diagrams. > --- > conf/ovirt-server.conf | 5 +- > .../appliances/ovirt-appliance/ovirt-appliance.pp | 12 ++-- > installer/bin/ovirt-installer | 60 ++++++++++--------- > installer/modules/ovirt/manifests/cobbler.pp | 4 +- > installer/modules/ovirt/manifests/dns.pp | 18 +++--- > installer/modules/ovirt/manifests/freeipa.pp | 2 +- > installer/modules/ovirt/manifests/ovirt.pp | 13 +++- > .../modules/ovirt/templates/ovirt-dhcp.conf.erb | 4 +- > 8 files changed, 65 insertions(+), 53 deletions(-)Disregard ^^^ please. Yours truly had everything upside down and backwards.
Steve Linabery
2009-Mar-17 14:32 UTC
[Ovirt-devel] [PATCH server] Force ovirt ssl conf to listen on both Admin and Guest network interfaces.
Variable name change in ovirt-installer and associated .pp (et al) files for consistency with current documented architecture diagrams. --- conf/ovirt-server.conf | 5 +- .../appliances/ovirt-appliance/ovirt-appliance.pp | 12 ++-- installer/bin/ovirt-installer | 60 ++++++++++--------- installer/modules/ovirt/manifests/cobbler.pp | 4 +- installer/modules/ovirt/manifests/dns.pp | 18 +++--- installer/modules/ovirt/manifests/freeipa.pp | 2 +- installer/modules/ovirt/manifests/ovirt.pp | 13 +++- .../modules/ovirt/templates/ovirt-dhcp.conf.erb | 4 +- 8 files changed, 65 insertions(+), 53 deletions(-) diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf index ab192ae..e414f07 100644 --- a/conf/ovirt-server.conf +++ b/conf/ovirt-server.conf @@ -6,8 +6,9 @@ NameVirtualHost *:80 </Location> </VirtualHost> -NameVirtualHost 192.168.50.2:443 -<VirtualHost 192.168.50.2:443> +NameVirtualHost GuestNetIpAddress:443 +NameVirtualHost AdminNetIpAddress:443 +<VirtualHost GuestNetIpAddress:443 AdminNetIpAddress:443> RequestHeader set X_FORWARDED_PROTO 'https' diff --git a/installer/appliances/ovirt-appliance/ovirt-appliance.pp b/installer/appliances/ovirt-appliance/ovirt-appliance.pp index ffeceba..4ad503d 100644 --- a/installer/appliances/ovirt-appliance/ovirt-appliance.pp +++ b/installer/appliances/ovirt-appliance/ovirt-appliance.pp @@ -6,12 +6,12 @@ firewall::setup{'setup': status => 'enabled'} firewall_rule{"ssh": destination_port => "22"} # dns configuration -$mgmt_ipaddr = '192.168.50.2' -$prov_ipaddr = '192.168.50.2' +$guest_ipaddr = '192.168.50.2' +$admin_ipaddr = '192.168.50.2' $ovirt_host = 'management.priv.ovirt.org' $ipa_host = 'management.priv.ovirt.org' -dns::bundled{setup: mgmt_ipaddr=> $mgmt_ipaddr, prov_ipaddr=> $prov_ipaddr, mgmt_dev => 'eth0', prov_dev => 'eth0'} +dns::bundled{setup: guest_ipaddr=> $guest_ipaddr, admin_ipaddr=> $admin_ipaddr, guest_dev => 'eth0', admin_dev => 'eth0'} # dhcp configuration $dhcp_interface = 'eth0' @@ -19,10 +19,10 @@ $dhcp_network = '192.168.50' $dhcp_start = '3' $dhcp_stop = '50' $dhcp_domain = 'priv.ovirt.org' -$ntp_server = $mgmt_ipaddr +$ntp_server = $guest_ipaddr -$prov_dns_server = '192.168.50.2' -$prov_network_gateway = '192.168.50.1' +$admin_dns_server = '192.168.50.2' +$admin_network_gateway = '192.168.50.1' # cobbler configuration $cobbler_hostname = 'localhost' $cobbler_user_name = 'cobbler' diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer index 1c5f992..1f059d5 100755 --- a/installer/bin/ovirt-installer +++ b/installer/bin/ovirt-installer @@ -127,11 +127,13 @@ else end end -mgmt_dev = prompt_for_answer("Enter your management interface:", :default => "eth0") -# For now only supporting one network interface -#prov_dev = prompt_for_answer("Enter your provisioning interface, this may also be your management interface:", :default => mgmt_dev) -prov_dev = mgmt_dev -#sep_networks = (mgmt_dev == prov_dev) ? "n" : "y" +guest_httpd_dev = prompt_for_answer("Enter the interface for the Guest network:", :default => "eth0") +admin_dev = prompt_for_answer("Enter the interface for the Admin network (this may be the same as the Guest network interface):", :default => "eth0") + +#FIXME: correctly configure separate networks. +#For now, define admin and guest networks to be the same +guest_dev = admin_dev +#sep_networks = (guest_dev == admin_dev) ? "n" : "y" ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management server (example: management.example.com):", :regex => IP_OR_FQDN) ipa_host = ovirt_host @@ -144,22 +146,24 @@ File.open('/etc/resolv.conf').each_line{ |line| } dns_servers = prompt_yes_no("Use this systems's dns servers?") -mgmt_ip = `ifconfig #{mgmt_dev}` -mgmt_ipaddr= mgmt_ip.scan(/\s*inet addr:([\d.]+)/) -prov_ip = `ifconfig #{prov_dev}` -prov_ipaddr= prov_ip.scan(/\s*inet addr:([\d.]+)/) +guest_httpd_ip = `ifconfig #{guest_httpd_dev}` +guest_httpd_ipaddr = guest_httpd_ip.scan(/\s*inet addr:([\d.]+)/) +guest_ip = `ifconfig #{guest_dev}` +guest_ipaddr = guest_ip.scan(/\s*inet addr:([\d.]+)/) +admin_ip = `ifconfig #{admin_dev}` +admin_ipaddr = admin_ip.scan(/\s*inet addr:([\d.]+)/) if dns_servers == "y" - mgmt_ipaddr_lookup = Socket.getaddrinfo(mgmt_ipaddr.to_s,nil) - mgmt_hostname = mgmt_ipaddr_lookup[1][2] - if mgmt_hostname.to_s != ipa_host.to_s - @cli.say("Reverse dns lookup for #{mgmt_ipaddr} failed, exiting") + guest_ipaddr_lookup = Socket.getaddrinfo(guest_ipaddr.to_s,nil) + guest_hostname = guest_ipaddr_lookup[1][2] + if guest_hostname.to_s != ipa_host.to_s + @cli.say("Reverse dns lookup for #{guest_ipaddr} failed, exiting") exit(0) end ipa_host_lookup = Socket.getaddrinfo(ipa_host,nil) ipa_hostip = ipa_host_lookup[1][3] - if ipa_hostip.to_s != mgmt_ipaddr.to_s + if ipa_hostip.to_s != guest_ipaddr.to_s @cli.say("Forward dns lookup for #{ipa_host} failed, exiting") exit(0) end @@ -170,13 +174,13 @@ dhcp_setup = prompt_yes_no("Does your provisioning network already have dhcp?") if dhcp_setup == "n" dnsdomainname = `/bin/dnsdomainname` default_gw = `route -n | grep 'UG'|awk {'print $2'}` - dhcp_interface = prov_dev + dhcp_interface = admin_dev dhcp_network = prompt_for_answer("Enter the first 3 octets of the dhcp network you wish to use (example: 192.168.50):", :regex => THREE_OCTETS) dhcp_start = prompt_for_answer("Enter the dhcp pool start address (example: 3):", :regex => OCTET) dhcp_stop = prompt_for_answer("Enter the dhcp pool end addess (example: 100):", :regex => OCTET) dhcp_domain = prompt_for_answer("Enter the dhcp domain you wish to use (example: example.com):", :default => dnsdomainname.chomp, :regex => IP_OR_FQDN) - prov_dns_server = prov_ip.scan(/\s*inet addr:([\d.]+)/) - prov_network_gateway = prompt_for_answer("Enter the network gateway for your provisioning network (example: 192.168.50.254):", :default => default_gw.chomp, :regex => IP_OR_FQDN) + admin_dns_server = admin_ip.scan(/\s*inet addr:([\d.]+)/) + admin_network_gateway = prompt_for_answer("Enter the network gateway for your provisioning network (example: 192.168.50.254):", :default => default_gw.chomp, :regex => IP_OR_FQDN) tftp_setup = prompt_yes_no("Provide pxe/tftp capability?") end @@ -229,8 +233,8 @@ firewall::setup{'setup': firewall_rule{"ssh": destination_port => "22"} #DNS Configuration -$mgmt_ipaddr = '<%= mgmt_ipaddr %>' -$prov_ipaddr = '<%= prov_ipaddr %>' +$guest_ipaddr = '<%= guest_ipaddr %>' +$admin_ipaddr = '<%= admin_ipaddr %>' $ovirt_host = '<%= ovirt_host %>' $ipa_host = '<%= ipa_host %>' @@ -239,10 +243,10 @@ dns::bundled{setup: <% else %> dns::remote{setup: <% end %> - mgmt_ipaddr=> $mgmt_ipaddr, - prov_ipaddr=> $prov_ipaddr, - mgmt_dev => '<%= mgmt_dev %>', - prov_dev => '<%= prov_dev %>' + guest_ipaddr=> $guest_ipaddr, + admin_ipaddr=> $admin_ipaddr, + guest_dev => '<%= guest_dev %>', + admin_dev => '<%= admin_dev %>' } # DHCP Configuration @@ -252,9 +256,9 @@ $dhcp_network = '<%= dhcp_network %>' $dhcp_start = '<%= dhcp_start %>' $dhcp_stop = '<%= dhcp_stop %>' $dhcp_domain = '<%= dhcp_domain %>' -$ntp_server = '<%= mgmt_ipaddr %>' -$prov_network_gateway = '<%= prov_network_gateway %>' -$prov_dns_server = '<%= prov_dns_server %>' +$ntp_server = '<%= guest_ipaddr %>' +$admin_network_gateway = '<%= admin_network_gateway %>' +$admin_dns_server = '<%= admin_dns_server %>' <% if tftp_setup == "y" %> include tftp::bundled <% end %> @@ -283,8 +287,8 @@ include cobbler::remote <% end %> <% if dhcp_setup == "n" %> include dhcp::bundled -firewall_rule{"nat-forward": chain => "FORWARD", in_interface => "<%= prov_dev %>", out_interface => "<%= mgmt_dev %>", protocol => ""} -firewall_rule{"nat-postrouting": table => "nat", chain => "POSTROUTING", out_interface => "<%= mgmt_dev %>", protocol => "", action => "MASQUERADE"} +firewall_rule{"nat-forward": chain => "FORWARD", in_interface => "<%= admin_dev %>", out_interface => "<%= guest_dev %>", protocol => ""} +firewall_rule{"nat-postrouting": table => "nat", chain => "POSTROUTING", out_interface => "<%= guest_dev %>", protocol => "", action => "MASQUERADE"} <% end %> include postgres::bundled include freeipa::bundled diff --git a/installer/modules/ovirt/manifests/cobbler.pp b/installer/modules/ovirt/manifests/cobbler.pp index 89b22b1..a903694 100644 --- a/installer/modules/ovirt/manifests/cobbler.pp +++ b/installer/modules/ovirt/manifests/cobbler.pp @@ -132,7 +132,7 @@ class cobbler::bundled { file_replacement{"settings_server": file => "/etc/cobbler/settings", pattern => "server: 127.0.0.1", - replacement => "server: $mgmt_ipaddr", + replacement => "server: $guest_ipaddr", require => Package[cobbler], notify => Service[cobblerd] } @@ -140,7 +140,7 @@ class cobbler::bundled { file_replacement{"settings_next_server": file => "/etc/cobbler/settings", pattern => "next_server: 127.0.0.1", - replacement => "next_server: $mgmt_ipaddr", + replacement => "next_server: $guest_ipaddr", require => Package[cobbler], notify => Service[cobblerd] } diff --git a/installer/modules/ovirt/manifests/dns.pp b/installer/modules/ovirt/manifests/dns.pp index 98d9942..2bcca98 100644 --- a/installer/modules/ovirt/manifests/dns.pp +++ b/installer/modules/ovirt/manifests/dns.pp @@ -22,7 +22,7 @@ import "augeas" -define dns::common($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { +define dns::common($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev="") { package {"dnsmasq": ensure => installed, @@ -43,7 +43,7 @@ define dns::common($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { } single_exec {"add_dns_server_to_resolv.conf": - command => "/bin/sed -e '1i nameserver $prov_ipaddr' -i /etc/resolv.conf", + command => "/bin/sed -e '1i nameserver $admin_ipaddr' -i /etc/resolv.conf", require => [Single_exec["set_hostname"]] } @@ -61,18 +61,18 @@ define dns::common($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { file_append {"dhclient_config": file => "/etc/dhclient.conf", - line => "prepend domain-name-servers $prov_ipaddr;", + line => "prepend domain-name-servers $admin_ipaddr;", require => [Single_exec["set_hostname"], Package["dnsmasq"], File["/etc/dhclient.conf"]] , notify => Service[dnsmasq], } } -define dns::bundled($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { +define dns::bundled($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev="") { - dns::common{"setup": mgmt_ipaddr=>$mgmt_ipaddr, prov_ipaddr=>$prov_ipaddr, mgmt_dev=>$mgmt_dev, prov_dev=>$prov_dev} + dns::common{"setup": guest_ipaddr=>$guest_ipaddr, admin_ipaddr=>$admin_ipaddr, guest_dev=>$guest_dev, admin_dev=>$admin_dev} - single_exec {"add_mgmt_server_to_etc_hosts": - command => "/bin/echo $mgmt_ipaddr $ipa_host >> /etc/hosts", + single_exec {"add_guest_server_to_etc_hosts": + command => "/bin/echo $guest_ipaddr $ipa_host >> /etc/hosts", notify => [Service[dnsmasq], Single_exec["add_dns_server_to_resolv.conf"]] } @@ -88,7 +88,7 @@ define dns::bundled($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") } -define dns::remote($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { +define dns::remote($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev="") { # On the pxe server you will need to ensure that the # next server option points to the ip address of the tftp server @@ -106,6 +106,6 @@ define dns::remote($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { # Also A records must be present for each oVirt node. Without this they are unable # to determine their hostname and locate the management server. - dns::common{"setup": mgmt_ipaddr=>$mgmt_ipaddr, prov_ipaddr=>$prov_ipaddr, mgmt_dev=>$mgmt_dev, prov_dev=>$prov_dev} + dns::common{"setup": guest_ipaddr=>$guest_ipaddr, admin_ipaddr=>$admin_ipaddr, guest_dev=>$guest_dev, admin_dev=>$admin_dev} } diff --git a/installer/modules/ovirt/manifests/freeipa.pp b/installer/modules/ovirt/manifests/freeipa.pp index 09f77ed..01f0f53 100644 --- a/installer/modules/ovirt/manifests/freeipa.pp +++ b/installer/modules/ovirt/manifests/freeipa.pp @@ -56,7 +56,7 @@ class freeipa::bundled{ single_exec {"dnsmasq_restart": command => "/usr/bin/pkill dnsmasq;/etc/init.d/dnsmasq start", - require => [Single_exec[add_mgmt_server_to_etc_hosts],Package[dnsmasq]] + require => [Single_exec[add_guest_server_to_etc_hosts],Package[dnsmasq]] } single_exec {"ipa_server_install": diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp index 4df3cc7..2346046 100644 --- a/installer/modules/ovirt/manifests/ovirt.pp +++ b/installer/modules/ovirt/manifests/ovirt.pp @@ -20,10 +20,17 @@ class ovirt::setup { - file_replacement{"ovirt_httpd_config_change": + file_replacement{"ovirt_httpd_config_change_guest_net": file => "/etc/httpd/conf.d/ovirt-server.conf", - pattern => "192\.168\.50\.2", - replacement => "$mgmt_ipaddr", + pattern => "GuestNetIpAddress", + replacement => "$guest_httpd_ipaddr", + require => Package[ovirt-server] + } + + file_replacement{"ovirt_httpd_config_change_admin_net": + file => "/etc/httpd/conf.d/ovirt-server.conf", + pattern => "AdminNetIpAddress", + replacement => "$admin_ipaddr", require => Package[ovirt-server] } diff --git a/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb b/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb index acbdb39..79575ea 100644 --- a/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb +++ b/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb @@ -3,8 +3,8 @@ bind-interfaces except-interface=lo dhcp-range=<%= dhcp_network %>.<%= dhcp_start %>,<%= dhcp_network%>.<%= dhcp_stop %> domain=<%= dhcp_domain %> -dhcp-option=option:router,<%= prov_network_gateway %> +dhcp-option=option:router,<%= admin_network_gateway %> dhcp-option=option:ntp-server,<%= ntp_server %> dhcp-option=12 local=/<%= dhcp_domain %>/ -server=<%= prov_dns_server %> +server=<%= admin_dns_server %> -- 1.6.0.6