Steve Linabery
2009-Mar-17 15:26 UTC
[Ovirt-devel] [PATCH server] Force ovirt ssl conf to listen on both Admin and Guest net interfaces (revised)
Variable name change in ovirt-installer and associated .pp (et al) files for
consistency with current documented architecture diagrams.
---
conf/ovirt-server.conf | 5 +-
.../appliances/ovirt-appliance/ovirt-appliance.pp | 12 ++--
installer/bin/ovirt-installer | 61 +++++++++++---------
installer/modules/ovirt/manifests/cobbler.pp | 4 +-
installer/modules/ovirt/manifests/dns.pp | 18 +++---
installer/modules/ovirt/manifests/freeipa.pp | 2 +-
installer/modules/ovirt/manifests/ovirt.pp | 13 +++-
.../modules/ovirt/templates/ovirt-dhcp.conf.erb | 4 +-
8 files changed, 66 insertions(+), 53 deletions(-)
diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf
index ab192ae..e414f07 100644
--- a/conf/ovirt-server.conf
+++ b/conf/ovirt-server.conf
@@ -6,8 +6,9 @@ NameVirtualHost *:80
</Location>
</VirtualHost>
-NameVirtualHost 192.168.50.2:443
-<VirtualHost 192.168.50.2:443>
+NameVirtualHost GuestNetIpAddress:443
+NameVirtualHost AdminNetIpAddress:443
+<VirtualHost GuestNetIpAddress:443 AdminNetIpAddress:443>
RequestHeader set X_FORWARDED_PROTO 'https'
diff --git a/installer/appliances/ovirt-appliance/ovirt-appliance.pp
b/installer/appliances/ovirt-appliance/ovirt-appliance.pp
index ffeceba..1c4e0b7 100644
--- a/installer/appliances/ovirt-appliance/ovirt-appliance.pp
+++ b/installer/appliances/ovirt-appliance/ovirt-appliance.pp
@@ -6,12 +6,12 @@ firewall::setup{'setup': status =>
'enabled'}
firewall_rule{"ssh": destination_port => "22"}
# dns configuration
-$mgmt_ipaddr = '192.168.50.2'
-$prov_ipaddr = '192.168.50.2'
+$guest_ipaddr = '192.168.50.2'
+$admin_ipaddr = '192.168.50.2'
$ovirt_host = 'management.priv.ovirt.org'
$ipa_host = 'management.priv.ovirt.org'
-dns::bundled{setup: mgmt_ipaddr=> $mgmt_ipaddr, prov_ipaddr=>
$prov_ipaddr, mgmt_dev => 'eth0', prov_dev => 'eth0'}
+dns::bundled{setup: guest_ipaddr=> $guest_ipaddr, admin_ipaddr=>
$admin_ipaddr, guest_dev => 'eth0', admin_dev => 'eth0'}
# dhcp configuration
$dhcp_interface = 'eth0'
@@ -19,10 +19,10 @@ $dhcp_network = '192.168.50'
$dhcp_start = '3'
$dhcp_stop = '50'
$dhcp_domain = 'priv.ovirt.org'
-$ntp_server = $mgmt_ipaddr
+$ntp_server = $guest_ipaddr
-$prov_dns_server = '192.168.50.2'
-$prov_network_gateway = '192.168.50.1'
+$admin_dns_server = '192.168.50.2'
+$admin_network_gateway = '192.168.50.1'
# cobbler configuration
$cobbler_hostname = 'localhost'
$cobbler_user_name = 'cobbler'
diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer
index 1c5f992..b42912c 100755
--- a/installer/bin/ovirt-installer
+++ b/installer/bin/ovirt-installer
@@ -127,11 +127,13 @@ else
end
end
-mgmt_dev = prompt_for_answer("Enter your management interface:",
:default => "eth0")
-# For now only supporting one network interface
-#prov_dev = prompt_for_answer("Enter your provisioning interface, this may
also be your management interface:", :default => mgmt_dev)
-prov_dev = mgmt_dev
-#sep_networks = (mgmt_dev == prov_dev) ? "n" : "y"
+guest_httpd_dev = prompt_for_answer("Enter the interface for the Guest
network:", :default => "eth0")
+admin_dev = prompt_for_answer("Enter the interface for the Admin network
(this may be the same as the Guest network interface):", :default =>
"eth0")
+
+#FIXME: correctly configure separate networks.
+#For now, define admin and guest networks to be the same
+guest_dev = admin_dev
+#sep_networks = (guest_dev == admin_dev) ? "n" : "y"
ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management
server (example: management.example.com):", :regex => IP_OR_FQDN)
ipa_host = ovirt_host
@@ -144,22 +146,24 @@ File.open('/etc/resolv.conf').each_line{ |line|
}
dns_servers = prompt_yes_no("Use this systems's dns servers?")
-mgmt_ip = `ifconfig #{mgmt_dev}`
-mgmt_ipaddr= mgmt_ip.scan(/\s*inet addr:([\d.]+)/)
-prov_ip = `ifconfig #{prov_dev}`
-prov_ipaddr= prov_ip.scan(/\s*inet addr:([\d.]+)/)
+guest_httpd_ip = `ifconfig #{guest_httpd_dev}`
+guest_httpd_ipaddr = guest_httpd_ip.scan(/\s*inet addr:([\d.]+)/)
+guest_ip = `ifconfig #{guest_dev}`
+guest_ipaddr = guest_ip.scan(/\s*inet addr:([\d.]+)/)
+admin_ip = `ifconfig #{admin_dev}`
+admin_ipaddr = admin_ip.scan(/\s*inet addr:([\d.]+)/)
if dns_servers == "y"
- mgmt_ipaddr_lookup = Socket.getaddrinfo(mgmt_ipaddr.to_s,nil)
- mgmt_hostname = mgmt_ipaddr_lookup[1][2]
- if mgmt_hostname.to_s != ipa_host.to_s
- @cli.say("Reverse dns lookup for #{mgmt_ipaddr} failed,
exiting")
+ guest_ipaddr_lookup = Socket.getaddrinfo(guest_ipaddr.to_s,nil)
+ guest_hostname = guest_ipaddr_lookup[1][2]
+ if guest_hostname.to_s != ipa_host.to_s
+ @cli.say("Reverse dns lookup for #{guest_ipaddr} failed,
exiting")
exit(0)
end
ipa_host_lookup = Socket.getaddrinfo(ipa_host,nil)
ipa_hostip = ipa_host_lookup[1][3]
- if ipa_hostip.to_s != mgmt_ipaddr.to_s
+ if ipa_hostip.to_s != guest_ipaddr.to_s
@cli.say("Forward dns lookup for #{ipa_host} failed,
exiting")
exit(0)
end
@@ -170,13 +174,13 @@ dhcp_setup = prompt_yes_no("Does your provisioning
network already have dhcp?")
if dhcp_setup == "n"
dnsdomainname = `/bin/dnsdomainname`
default_gw = `route -n | grep 'UG'|awk {'print $2'}`
- dhcp_interface = prov_dev
+ dhcp_interface = admin_dev
dhcp_network = prompt_for_answer("Enter the first 3 octets of the dhcp
network you wish to use (example: 192.168.50):", :regex => THREE_OCTETS)
dhcp_start = prompt_for_answer("Enter the dhcp pool start address
(example: 3):", :regex => OCTET)
dhcp_stop = prompt_for_answer("Enter the dhcp pool end addess
(example: 100):", :regex => OCTET)
dhcp_domain = prompt_for_answer("Enter the dhcp domain you wish to use
(example: example.com):", :default => dnsdomainname.chomp, :regex =>
IP_OR_FQDN)
- prov_dns_server = prov_ip.scan(/\s*inet addr:([\d.]+)/)
- prov_network_gateway = prompt_for_answer("Enter the network gateway
for your provisioning network (example: 192.168.50.254):", :default =>
default_gw.chomp, :regex => IP_OR_FQDN)
+ admin_dns_server = admin_ip.scan(/\s*inet addr:([\d.]+)/)
+ admin_network_gateway = prompt_for_answer("Enter the network gateway
for your provisioning network (example: 192.168.50.254):", :default =>
default_gw.chomp, :regex => IP_OR_FQDN)
tftp_setup = prompt_yes_no("Provide pxe/tftp capability?")
end
@@ -229,8 +233,9 @@ firewall::setup{'setup':
firewall_rule{"ssh": destination_port => "22"}
#DNS Configuration
-$mgmt_ipaddr = '<%= mgmt_ipaddr %>'
-$prov_ipaddr = '<%= prov_ipaddr %>'
+$guest_httpd_ipaddr = '<%= guest_httpd_ipaddr %>'
+$guest_ipaddr = '<%= guest_ipaddr %>'
+$admin_ipaddr = '<%= admin_ipaddr %>'
$ovirt_host = '<%= ovirt_host %>'
$ipa_host = '<%= ipa_host %>'
@@ -239,10 +244,10 @@ dns::bundled{setup:
<% else %>
dns::remote{setup:
<% end %>
- mgmt_ipaddr=> $mgmt_ipaddr,
- prov_ipaddr=> $prov_ipaddr,
- mgmt_dev => '<%= mgmt_dev %>',
- prov_dev => '<%= prov_dev %>'
+ guest_ipaddr=> $guest_ipaddr,
+ admin_ipaddr=> $admin_ipaddr,
+ guest_dev => '<%= guest_dev %>',
+ admin_dev => '<%= admin_dev %>'
}
# DHCP Configuration
@@ -252,9 +257,9 @@ $dhcp_network = '<%= dhcp_network %>'
$dhcp_start = '<%= dhcp_start %>'
$dhcp_stop = '<%= dhcp_stop %>'
$dhcp_domain = '<%= dhcp_domain %>'
-$ntp_server = '<%= mgmt_ipaddr %>'
-$prov_network_gateway = '<%= prov_network_gateway %>'
-$prov_dns_server = '<%= prov_dns_server %>'
+$ntp_server = '<%= guest_ipaddr %>'
+$admin_network_gateway = '<%= admin_network_gateway %>'
+$admin_dns_server = '<%= admin_dns_server %>'
<% if tftp_setup == "y" %>
include tftp::bundled
<% end %>
@@ -283,8 +288,8 @@ include cobbler::remote
<% end %>
<% if dhcp_setup == "n" %>
include dhcp::bundled
-firewall_rule{"nat-forward": chain => "FORWARD",
in_interface => "<%= prov_dev %>", out_interface =>
"<%= mgmt_dev %>", protocol => ""}
-firewall_rule{"nat-postrouting": table => "nat", chain
=> "POSTROUTING", out_interface => "<%= mgmt_dev
%>", protocol => "", action => "MASQUERADE"}
+firewall_rule{"nat-forward": chain => "FORWARD",
in_interface => "<%= admin_dev %>", out_interface =>
"<%= guest_dev %>", protocol => ""}
+firewall_rule{"nat-postrouting": table => "nat", chain
=> "POSTROUTING", out_interface => "<%= guest_dev
%>", protocol => "", action => "MASQUERADE"}
<% end %>
include postgres::bundled
include freeipa::bundled
diff --git a/installer/modules/ovirt/manifests/cobbler.pp
b/installer/modules/ovirt/manifests/cobbler.pp
index 89b22b1..44e368b 100644
--- a/installer/modules/ovirt/manifests/cobbler.pp
+++ b/installer/modules/ovirt/manifests/cobbler.pp
@@ -132,7 +132,7 @@ class cobbler::bundled {
file_replacement{"settings_server":
file => "/etc/cobbler/settings",
pattern => "server: 127.0.0.1",
- replacement => "server: $mgmt_ipaddr",
+ replacement => "server: $guest_ipaddr",
require => Package[cobbler],
notify => Service[cobblerd]
}
@@ -140,7 +140,7 @@ class cobbler::bundled {
file_replacement{"settings_next_server":
file => "/etc/cobbler/settings",
pattern => "next_server: 127.0.0.1",
- replacement => "next_server: $mgmt_ipaddr",
+ replacement => "next_server: $guest_ipaddr",
require => Package[cobbler],
notify => Service[cobblerd]
}
diff --git a/installer/modules/ovirt/manifests/dns.pp
b/installer/modules/ovirt/manifests/dns.pp
index 98d9942..57c128b 100644
--- a/installer/modules/ovirt/manifests/dns.pp
+++ b/installer/modules/ovirt/manifests/dns.pp
@@ -22,7 +22,7 @@
import "augeas"
-define dns::common($mgmt_ipaddr="",
$prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
+define dns::common($guest_ipaddr="",
$admin_ipaddr="",$guest_dev="",$admin_dev="") {
package {"dnsmasq":
ensure => installed,
@@ -43,7 +43,7 @@ define dns::common($mgmt_ipaddr="",
$prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
}
single_exec {"add_dns_server_to_resolv.conf":
- command => "/bin/sed -e '1i nameserver $prov_ipaddr' -i
/etc/resolv.conf",
+ command => "/bin/sed -e '1i nameserver $admin_ipaddr'
-i /etc/resolv.conf",
require => [Single_exec["set_hostname"]]
}
@@ -61,18 +61,18 @@ define dns::common($mgmt_ipaddr="",
$prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
file_append {"dhclient_config":
file => "/etc/dhclient.conf",
- line => "prepend domain-name-servers $prov_ipaddr;",
+ line => "prepend domain-name-servers $admin_ipaddr;",
require => [Single_exec["set_hostname"],
Package["dnsmasq"], File["/etc/dhclient.conf"]] ,
notify => Service[dnsmasq],
}
}
-define dns::bundled($mgmt_ipaddr="",
$prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
+define dns::bundled($guest_ipaddr="",
$admin_ipaddr="",$guest_dev="",$admin_dev="") {
- dns::common{"setup": mgmt_ipaddr=>$mgmt_ipaddr,
prov_ipaddr=>$prov_ipaddr, mgmt_dev=>$mgmt_dev, prov_dev=>$prov_dev}
+ dns::common{"setup": guest_ipaddr=>$guest_ipaddr,
admin_ipaddr=>$admin_ipaddr, guest_dev=>$guest_dev,
admin_dev=>$admin_dev}
- single_exec {"add_mgmt_server_to_etc_hosts":
- command => "/bin/echo $mgmt_ipaddr $ipa_host >>
/etc/hosts",
+ single_exec {"add_guest_server_to_etc_hosts":
+ command => "/bin/echo $guest_ipaddr $ipa_host >>
/etc/hosts",
notify => [Service[dnsmasq],
Single_exec["add_dns_server_to_resolv.conf"]]
}
@@ -88,7 +88,7 @@ define dns::bundled($mgmt_ipaddr="",
$prov_ipaddr="",$mgmt_dev="",$prov_dev="")
}
-define dns::remote($mgmt_ipaddr="",
$prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
+define dns::remote($guest_ipaddr="",
$admin_ipaddr="",$guest_dev="",$admin_dev="") {
# On the pxe server you will need to ensure that the
# next server option points to the ip address of the tftp server
@@ -106,6 +106,6 @@ define dns::remote($mgmt_ipaddr="",
$prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
# Also A records must be present for each oVirt node. Without this they are
unable
# to determine their hostname and locate the management server.
- dns::common{"setup": mgmt_ipaddr=>$mgmt_ipaddr,
prov_ipaddr=>$prov_ipaddr, mgmt_dev=>$mgmt_dev, prov_dev=>$prov_dev}
+ dns::common{"setup": guest_ipaddr=>$guest_ipaddr,
admin_ipaddr=>$admin_ipaddr, guest_dev=>$guest_dev,
admin_dev=>$admin_dev}
}
diff --git a/installer/modules/ovirt/manifests/freeipa.pp
b/installer/modules/ovirt/manifests/freeipa.pp
index 09f77ed..aa806fe 100644
--- a/installer/modules/ovirt/manifests/freeipa.pp
+++ b/installer/modules/ovirt/manifests/freeipa.pp
@@ -56,7 +56,7 @@ class freeipa::bundled{
single_exec {"dnsmasq_restart":
command => "/usr/bin/pkill dnsmasq;/etc/init.d/dnsmasq
start",
- require =>
[Single_exec[add_mgmt_server_to_etc_hosts],Package[dnsmasq]]
+ require =>
[Single_exec[add_guest_server_to_etc_hosts],Package[dnsmasq]]
}
single_exec {"ipa_server_install":
diff --git a/installer/modules/ovirt/manifests/ovirt.pp
b/installer/modules/ovirt/manifests/ovirt.pp
index 4df3cc7..723d758 100644
--- a/installer/modules/ovirt/manifests/ovirt.pp
+++ b/installer/modules/ovirt/manifests/ovirt.pp
@@ -20,10 +20,17 @@
class ovirt::setup {
- file_replacement{"ovirt_httpd_config_change":
+ file_replacement{"ovirt_httpd_config_change_guest_net":
file => "/etc/httpd/conf.d/ovirt-server.conf",
- pattern => "192\.168\.50\.2",
- replacement => "$mgmt_ipaddr",
+ pattern => "GuestNetIpAddress",
+ replacement => "$guest_httpd_ipaddr",
+ require => Package[ovirt-server]
+ }
+
+ file_replacement{"ovirt_httpd_config_change_admin_net":
+ file => "/etc/httpd/conf.d/ovirt-server.conf",
+ pattern => "AdminNetIpAddress",
+ replacement => "$admin_ipaddr",
require => Package[ovirt-server]
}
diff --git a/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb
b/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb
index acbdb39..dda7976 100644
--- a/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb
+++ b/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb
@@ -3,8 +3,8 @@ bind-interfaces
except-interface=lo
dhcp-range=<%= dhcp_network %>.<%= dhcp_start %>,<%=
dhcp_network%>.<%= dhcp_stop %>
domain=<%= dhcp_domain %>
-dhcp-option=option:router,<%= prov_network_gateway %>
+dhcp-option=option:router,<%= admin_network_gateway %>
dhcp-option=option:ntp-server,<%= ntp_server %>
dhcp-option=12
local=/<%= dhcp_domain %>/
-server=<%= prov_dns_server %>
+server=<%= admin_dns_server %>
--
1.6.0.6
Joey Boggs
2009-Mar-17 21:25 UTC
[Ovirt-devel] [PATCH server] Force ovirt ssl conf to listen on both Admin and Guest net interfaces (revised)
Steve Linabery wrote:> Variable name change in ovirt-installer and associated .pp (et al) files for > consistency with current documented architecture diagrams. > --- > conf/ovirt-server.conf | 5 +- > .../appliances/ovirt-appliance/ovirt-appliance.pp | 12 ++-- > installer/bin/ovirt-installer | 61 +++++++++++--------- > installer/modules/ovirt/manifests/cobbler.pp | 4 +- > installer/modules/ovirt/manifests/dns.pp | 18 +++--- > installer/modules/ovirt/manifests/freeipa.pp | 2 +- > installer/modules/ovirt/manifests/ovirt.pp | 13 +++- > .../modules/ovirt/templates/ovirt-dhcp.conf.erb | 4 +- > 8 files changed, 66 insertions(+), 53 deletions(-) > > diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf > index ab192ae..e414f07 100644 > --- a/conf/ovirt-server.conf > +++ b/conf/ovirt-server.conf > @@ -6,8 +6,9 @@ NameVirtualHost *:80 > </Location> > </VirtualHost> > > -NameVirtualHost 192.168.50.2:443 > -<VirtualHost 192.168.50.2:443> > +NameVirtualHost GuestNetIpAddress:443 > +NameVirtualHost AdminNetIpAddress:443 > +<VirtualHost GuestNetIpAddress:443 AdminNetIpAddress:443> > > RequestHeader set X_FORWARDED_PROTO 'https' > > diff --git a/installer/appliances/ovirt-appliance/ovirt-appliance.pp b/installer/appliances/ovirt-appliance/ovirt-appliance.pp > index ffeceba..1c4e0b7 100644 > --- a/installer/appliances/ovirt-appliance/ovirt-appliance.pp > +++ b/installer/appliances/ovirt-appliance/ovirt-appliance.pp > @@ -6,12 +6,12 @@ firewall::setup{'setup': status => 'enabled'} > firewall_rule{"ssh": destination_port => "22"} > > # dns configuration > -$mgmt_ipaddr = '192.168.50.2' > -$prov_ipaddr = '192.168.50.2' > +$guest_ipaddr = '192.168.50.2' > +$admin_ipaddr = '192.168.50.2' > $ovirt_host = 'management.priv.ovirt.org' > $ipa_host = 'management.priv.ovirt.org' > > -dns::bundled{setup: mgmt_ipaddr=> $mgmt_ipaddr, prov_ipaddr=> $prov_ipaddr, mgmt_dev => 'eth0', prov_dev => 'eth0'} > +dns::bundled{setup: guest_ipaddr=> $guest_ipaddr, admin_ipaddr=> $admin_ipaddr, guest_dev => 'eth0', admin_dev => 'eth0'} > > # dhcp configuration > $dhcp_interface = 'eth0' > @@ -19,10 +19,10 @@ $dhcp_network = '192.168.50' > $dhcp_start = '3' > $dhcp_stop = '50' > $dhcp_domain = 'priv.ovirt.org' > -$ntp_server = $mgmt_ipaddr > +$ntp_server = $guest_ipaddr > > -$prov_dns_server = '192.168.50.2' > -$prov_network_gateway = '192.168.50.1' > +$admin_dns_server = '192.168.50.2' > +$admin_network_gateway = '192.168.50.1' > # cobbler configuration > $cobbler_hostname = 'localhost' > $cobbler_user_name = 'cobbler' > diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer > index 1c5f992..b42912c 100755 > --- a/installer/bin/ovirt-installer > +++ b/installer/bin/ovirt-installer > @@ -127,11 +127,13 @@ else > end > end > > -mgmt_dev = prompt_for_answer("Enter your management interface:", :default => "eth0") > -# For now only supporting one network interface > -#prov_dev = prompt_for_answer("Enter your provisioning interface, this may also be your management interface:", :default => mgmt_dev) > -prov_dev = mgmt_dev > -#sep_networks = (mgmt_dev == prov_dev) ? "n" : "y" > +guest_httpd_dev = prompt_for_answer("Enter the interface for the Guest network:", :default => "eth0") > +admin_dev = prompt_for_answer("Enter the interface for the Admin network (this may be the same as the Guest network interface):", :default => "eth0") > + > +#FIXME: correctly configure separate networks. > +#For now, define admin and guest networks to be the same > +guest_dev = admin_dev > +#sep_networks = (guest_dev == admin_dev) ? "n" : "y" > > ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management server (example: management.example.com):", :regex => IP_OR_FQDN) > ipa_host = ovirt_host > @@ -144,22 +146,24 @@ File.open('/etc/resolv.conf').each_line{ |line| > } > dns_servers = prompt_yes_no("Use this systems's dns servers?") > > -mgmt_ip = `ifconfig #{mgmt_dev}` > -mgmt_ipaddr= mgmt_ip.scan(/\s*inet addr:([\d.]+)/) > -prov_ip = `ifconfig #{prov_dev}` > -prov_ipaddr= prov_ip.scan(/\s*inet addr:([\d.]+)/) > +guest_httpd_ip = `ifconfig #{guest_httpd_dev}` > +guest_httpd_ipaddr = guest_httpd_ip.scan(/\s*inet addr:([\d.]+)/) > +guest_ip = `ifconfig #{guest_dev}` > +guest_ipaddr = guest_ip.scan(/\s*inet addr:([\d.]+)/) > +admin_ip = `ifconfig #{admin_dev}` > +admin_ipaddr = admin_ip.scan(/\s*inet addr:([\d.]+)/) > > if dns_servers == "y" > - mgmt_ipaddr_lookup = Socket.getaddrinfo(mgmt_ipaddr.to_s,nil) > - mgmt_hostname = mgmt_ipaddr_lookup[1][2] > - if mgmt_hostname.to_s != ipa_host.to_s > - @cli.say("Reverse dns lookup for #{mgmt_ipaddr} failed, exiting") > + guest_ipaddr_lookup = Socket.getaddrinfo(guest_ipaddr.to_s,nil) > + guest_hostname = guest_ipaddr_lookup[1][2] > + if guest_hostname.to_s != ipa_host.to_s > + @cli.say("Reverse dns lookup for #{guest_ipaddr} failed, exiting") > exit(0) > end > > ipa_host_lookup = Socket.getaddrinfo(ipa_host,nil) > ipa_hostip = ipa_host_lookup[1][3] > - if ipa_hostip.to_s != mgmt_ipaddr.to_s > + if ipa_hostip.to_s != guest_ipaddr.to_s > @cli.say("Forward dns lookup for #{ipa_host} failed, exiting") > exit(0) > end > @@ -170,13 +174,13 @@ dhcp_setup = prompt_yes_no("Does your provisioning network already have dhcp?") > if dhcp_setup == "n" > dnsdomainname = `/bin/dnsdomainname` > default_gw = `route -n | grep 'UG'|awk {'print $2'}` > - dhcp_interface = prov_dev > + dhcp_interface = admin_dev > dhcp_network = prompt_for_answer("Enter the first 3 octets of the dhcp network you wish to use (example: 192.168.50):", :regex => THREE_OCTETS) > dhcp_start = prompt_for_answer("Enter the dhcp pool start address (example: 3):", :regex => OCTET) > dhcp_stop = prompt_for_answer("Enter the dhcp pool end addess (example: 100):", :regex => OCTET) > dhcp_domain = prompt_for_answer("Enter the dhcp domain you wish to use (example: example.com):", :default => dnsdomainname.chomp, :regex => IP_OR_FQDN) > - prov_dns_server = prov_ip.scan(/\s*inet addr:([\d.]+)/) > - prov_network_gateway = prompt_for_answer("Enter the network gateway for your provisioning network (example: 192.168.50.254):", :default => default_gw.chomp, :regex => IP_OR_FQDN) > + admin_dns_server = admin_ip.scan(/\s*inet addr:([\d.]+)/) > + admin_network_gateway = prompt_for_answer("Enter the network gateway for your provisioning network (example: 192.168.50.254):", :default => default_gw.chomp, :regex => IP_OR_FQDN) > tftp_setup = prompt_yes_no("Provide pxe/tftp capability?") > end > > @@ -229,8 +233,9 @@ firewall::setup{'setup': > firewall_rule{"ssh": destination_port => "22"} > > #DNS Configuration > -$mgmt_ipaddr = '<%= mgmt_ipaddr %>' > -$prov_ipaddr = '<%= prov_ipaddr %>' > +$guest_httpd_ipaddr = '<%= guest_httpd_ipaddr %>' > +$guest_ipaddr = '<%= guest_ipaddr %>' > +$admin_ipaddr = '<%= admin_ipaddr %>' > $ovirt_host = '<%= ovirt_host %>' > $ipa_host = '<%= ipa_host %>' > > @@ -239,10 +244,10 @@ dns::bundled{setup: > <% else %> > dns::remote{setup: > <% end %> > - mgmt_ipaddr=> $mgmt_ipaddr, > - prov_ipaddr=> $prov_ipaddr, > - mgmt_dev => '<%= mgmt_dev %>', > - prov_dev => '<%= prov_dev %>' > + guest_ipaddr=> $guest_ipaddr, > + admin_ipaddr=> $admin_ipaddr, > + guest_dev => '<%= guest_dev %>', > + admin_dev => '<%= admin_dev %>' > } > > # DHCP Configuration > @@ -252,9 +257,9 @@ $dhcp_network = '<%= dhcp_network %>' > $dhcp_start = '<%= dhcp_start %>' > $dhcp_stop = '<%= dhcp_stop %>' > $dhcp_domain = '<%= dhcp_domain %>' > -$ntp_server = '<%= mgmt_ipaddr %>' > -$prov_network_gateway = '<%= prov_network_gateway %>' > -$prov_dns_server = '<%= prov_dns_server %>' > +$ntp_server = '<%= guest_ipaddr %>' > +$admin_network_gateway = '<%= admin_network_gateway %>' > +$admin_dns_server = '<%= admin_dns_server %>' > <% if tftp_setup == "y" %> > include tftp::bundled > <% end %> > @@ -283,8 +288,8 @@ include cobbler::remote > <% end %> > <% if dhcp_setup == "n" %> > include dhcp::bundled > -firewall_rule{"nat-forward": chain => "FORWARD", in_interface => "<%= prov_dev %>", out_interface => "<%= mgmt_dev %>", protocol => ""} > -firewall_rule{"nat-postrouting": table => "nat", chain => "POSTROUTING", out_interface => "<%= mgmt_dev %>", protocol => "", action => "MASQUERADE"} > +firewall_rule{"nat-forward": chain => "FORWARD", in_interface => "<%= admin_dev %>", out_interface => "<%= guest_dev %>", protocol => ""} > +firewall_rule{"nat-postrouting": table => "nat", chain => "POSTROUTING", out_interface => "<%= guest_dev %>", protocol => "", action => "MASQUERADE"} > <% end %> > include postgres::bundled > include freeipa::bundled > diff --git a/installer/modules/ovirt/manifests/cobbler.pp b/installer/modules/ovirt/manifests/cobbler.pp > index 89b22b1..44e368b 100644 > --- a/installer/modules/ovirt/manifests/cobbler.pp > +++ b/installer/modules/ovirt/manifests/cobbler.pp > @@ -132,7 +132,7 @@ class cobbler::bundled { > file_replacement{"settings_server": > file => "/etc/cobbler/settings", > pattern => "server: 127.0.0.1", > - replacement => "server: $mgmt_ipaddr", > + replacement => "server: $guest_ipaddr", > require => Package[cobbler], > notify => Service[cobblerd] > } > @@ -140,7 +140,7 @@ class cobbler::bundled { > file_replacement{"settings_next_server": > file => "/etc/cobbler/settings", > pattern => "next_server: 127.0.0.1", > - replacement => "next_server: $mgmt_ipaddr", > + replacement => "next_server: $guest_ipaddr", > require => Package[cobbler], > notify => Service[cobblerd] > } > diff --git a/installer/modules/ovirt/manifests/dns.pp b/installer/modules/ovirt/manifests/dns.pp > index 98d9942..57c128b 100644 > --- a/installer/modules/ovirt/manifests/dns.pp > +++ b/installer/modules/ovirt/manifests/dns.pp > @@ -22,7 +22,7 @@ > > import "augeas" > > -define dns::common($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { > +define dns::common($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev="") { > > package {"dnsmasq": > ensure => installed, > @@ -43,7 +43,7 @@ define dns::common($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { > } > > single_exec {"add_dns_server_to_resolv.conf": > - command => "/bin/sed -e '1i nameserver $prov_ipaddr' -i /etc/resolv.conf", > + command => "/bin/sed -e '1i nameserver $admin_ipaddr' -i /etc/resolv.conf", > require => [Single_exec["set_hostname"]] > } > > @@ -61,18 +61,18 @@ define dns::common($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { > > file_append {"dhclient_config": > file => "/etc/dhclient.conf", > - line => "prepend domain-name-servers $prov_ipaddr;", > + line => "prepend domain-name-servers $admin_ipaddr;", > require => [Single_exec["set_hostname"], Package["dnsmasq"], File["/etc/dhclient.conf"]] , > notify => Service[dnsmasq], > } > } > > -define dns::bundled($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { > +define dns::bundled($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev="") { > > - dns::common{"setup": mgmt_ipaddr=>$mgmt_ipaddr, prov_ipaddr=>$prov_ipaddr, mgmt_dev=>$mgmt_dev, prov_dev=>$prov_dev} > + dns::common{"setup": guest_ipaddr=>$guest_ipaddr, admin_ipaddr=>$admin_ipaddr, guest_dev=>$guest_dev, admin_dev=>$admin_dev} > > - single_exec {"add_mgmt_server_to_etc_hosts": > - command => "/bin/echo $mgmt_ipaddr $ipa_host >> /etc/hosts", > + single_exec {"add_guest_server_to_etc_hosts": > + command => "/bin/echo $guest_ipaddr $ipa_host >> /etc/hosts", > notify => [Service[dnsmasq], Single_exec["add_dns_server_to_resolv.conf"]] > } > > @@ -88,7 +88,7 @@ define dns::bundled($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") > > } > > -define dns::remote($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { > +define dns::remote($guest_ipaddr="", $admin_ipaddr="",$guest_dev="",$admin_dev="") { > > # On the pxe server you will need to ensure that the > # next server option points to the ip address of the tftp server > @@ -106,6 +106,6 @@ define dns::remote($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") { > # Also A records must be present for each oVirt node. Without this they are unable > # to determine their hostname and locate the management server. > > - dns::common{"setup": mgmt_ipaddr=>$mgmt_ipaddr, prov_ipaddr=>$prov_ipaddr, mgmt_dev=>$mgmt_dev, prov_dev=>$prov_dev} > + dns::common{"setup": guest_ipaddr=>$guest_ipaddr, admin_ipaddr=>$admin_ipaddr, guest_dev=>$guest_dev, admin_dev=>$admin_dev} > > } > diff --git a/installer/modules/ovirt/manifests/freeipa.pp b/installer/modules/ovirt/manifests/freeipa.pp > index 09f77ed..aa806fe 100644 > --- a/installer/modules/ovirt/manifests/freeipa.pp > +++ b/installer/modules/ovirt/manifests/freeipa.pp > @@ -56,7 +56,7 @@ class freeipa::bundled{ > > single_exec {"dnsmasq_restart": > command => "/usr/bin/pkill dnsmasq;/etc/init.d/dnsmasq start", > - require => [Single_exec[add_mgmt_server_to_etc_hosts],Package[dnsmasq]] > + require => [Single_exec[add_guest_server_to_etc_hosts],Package[dnsmasq]] > } > > single_exec {"ipa_server_install": > diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp > index 4df3cc7..723d758 100644 > --- a/installer/modules/ovirt/manifests/ovirt.pp > +++ b/installer/modules/ovirt/manifests/ovirt.pp > @@ -20,10 +20,17 @@ > > class ovirt::setup { > > - file_replacement{"ovirt_httpd_config_change": > + file_replacement{"ovirt_httpd_config_change_guest_net": > file => "/etc/httpd/conf.d/ovirt-server.conf", > - pattern => "192\.168\.50\.2", > - replacement => "$mgmt_ipaddr", > + pattern => "GuestNetIpAddress", > + replacement => "$guest_httpd_ipaddr", > + require => Package[ovirt-server] > + } > + > + file_replacement{"ovirt_httpd_config_change_admin_net": > + file => "/etc/httpd/conf.d/ovirt-server.conf", > + pattern => "AdminNetIpAddress", > + replacement => "$admin_ipaddr", > require => Package[ovirt-server] > } > > diff --git a/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb b/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb > index acbdb39..dda7976 100644 > --- a/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb > +++ b/installer/modules/ovirt/templates/ovirt-dhcp.conf.erb > @@ -3,8 +3,8 @@ bind-interfaces > except-interface=lo > dhcp-range=<%= dhcp_network %>.<%= dhcp_start %>,<%= dhcp_network%>.<%= dhcp_stop %> > domain=<%= dhcp_domain %> > -dhcp-option=option:router,<%= prov_network_gateway %> > +dhcp-option=option:router,<%= admin_network_gateway %> > dhcp-option=option:ntp-server,<%= ntp_server %> > dhcp-option=12 > local=/<%= dhcp_domain %>/ > -server=<%= prov_dns_server %> > +server=<%= admin_dns_server %> >ACK