Difference between revisions of "Quattor and IPv6"

From PDP/Grid Wiki
Jump to navigationJump to search
 
(5 intermediate revisions by the same user not shown)
Line 88: Line 88:
  
 
Finally, the third solution, which is the adopted one, just includes some extra parameters in the types ''structure_network'', ''structure_interface'', and ''structure_interface_alias''. I thought that this solution would be the easiest one to implement, since not all the parameters in a structure would need to be defined, so this would be ideal for sites that wanted only IPv4.  
 
Finally, the third solution, which is the adopted one, just includes some extra parameters in the types ''structure_network'', ''structure_interface'', and ''structure_interface_alias''. I thought that this solution would be the easiest one to implement, since not all the parameters in a structure would need to be defined, so this would be ideal for sites that wanted only IPv4.  
The interface (Also the alias) need to include an extra IP (Only ''type_ipv6''). The interface includes the gateway for '''IPv6''' and a parameter to initialize '''IPv6''' in that interface. I have bolded the new parameters:
+
The interface (Also the alias) need to include an extra IP (Only ''type_ipv6''). The interface includes the gateway for '''IPv6''' and a parameter to initialize '''IPv6''' in that interface. I have added an asterisk after the new parameters:
  
type structure_interface_alias = {
+
type structure_interface_alias = {
"ip"      ? type_ip
+
"ip"      ? type_ip
"ipv6"    ? type_ipv6
+
"ipv6"    ? type_ipv6           *
"netmask" : type_ip
+
"netmask" : type_ip
"broadcast" ? type_ip
+
"broadcast" ? type_ip
};
+
};
type structure_interface = {
+
type structure_interface = {
  "ip"          ? type_ip
+
  "ip"          ? type_ip
  "gateway"      ? type_ip
+
  "gateway"      ? type_ip
  "ipv6"        ? type_ipv6
+
  "ipv6"        ? type_ipv6             *
  "gateway6"    ? type_ipv6
+
  "gateway6"    ? type_ipv6             *
  "ipv6init"    ? string
+
  "ipv6init"    ? string                 *
  "netmask"      ? type_ip
+
  "netmask"      ? type_ip
  "broadcast"    ? type_ip
+
  "broadcast"    ? type_ip
  "driver"      ? string
+
  "driver"      ? string
  "bootproto"    ? string
+
  "bootproto"    ? string
  "onboot"      ? string
+
  "onboot"      ? string
  "type"        ? string
+
  "type"        ? string
  "device"      ? string
+
  "device"      ? string
  "master"      ? string
+
  "master"      ? string
  "mtu"          ? long
+
  "mtu"          ? long
  "route"        ? structure_route[]
+
  "route"        ? structure_route[]
  "aliases"      ? structure_interface_alias{}
+
  "aliases"      ? structure_interface_alias{}
  "set_hwaddr"  ? boolean
+
  "set_hwaddr"  ? boolean
  "bridge"      ? string with exists ("/system/network/interfaces/" + SELF)
+
  "bridge"      ? string with exists ("/system/network/interfaces/" + SELF)
  "bonding_opts" ? structure_bonding_options
+
  "bonding_opts" ? structure_bonding_options
  "offload"      ? structure_ethtool_offload
+
  "offload"      ? structure_ethtool_offload
  "ring"        ? structure_ethtool_ring
+
  "ring"        ? structure_ethtool_ring
  "ethtool"      ? structure_ethtool
+
  "ethtool"      ? structure_ethtool
  "vlan" ? boolean
+
  "vlan" ? boolean
  "physdev"    ? string with exists ("/system/network/interfaces/" + SELF)
+
  "physdev"    ? string with exists ("/system/network/interfaces/" + SELF)
};  
+
};  
 
 
 
This is for the network in general and a default gateway needs to be defined also for IPv6.
 
This is for the network in general and a default gateway needs to be defined also for IPv6.
  
type structure_network = {
+
type structure_network = {
    "domainname"      : type_fqdn
+
    "domainname"      : type_fqdn
    "hostname"        : type_shorthostname
+
    "hostname"        : type_shorthostname
    "realhostname"    ? type_fqdn
+
    "realhostname"    ? type_fqdn
    "default_gateway"  ? type_ip
+
    "default_gateway"  ? type_ip
    "gatewaydev"      ? string with exists ("/system/network/interfaces/" + SELF)
+
    "gatewaydev"      ? string with exists ("/system/network/interfaces/" + SELF)
    "default_gateway6" ? type_ipv6
+
    "default_gateway6" ? type_ipv6         *
"networking_ipv6"  ? string  
+
    "networking_ipv6"  ? string           *
    "interfaces"      : structure_interface{}
+
    "interfaces"      : structure_interface{}
    "nameserver"      : type_ip[]
+
    "nameserver"      : type_ip[]
    "nisdomain"        ? type_fqdn
+
    "nisdomain"        ? type_fqdn
    "nozeroconf"      ? boolean
+
    "nozeroconf"      ? boolean
    "set_hwaddr"      ? boolean
+
    "set_hwaddr"      ? boolean
};
+
};
2.3.- $L/cfg/sites/ndpf/site/network.tpl
 
This is just to give the value to NETWORKING_IPV6 which enables IPv6 in the server.
 
  
"/system/network/networking_ipv6" = NETWORKING_IPV6;
+
=== $L/cfg/sites/ndpf/site/network.tpl ===
 +
This is just to give the value to ''NETWORKING_IPV6'' which enables '''IPv6''' in the server.
  
2.4.- $L/cfg/sites/ndpf/site/global_variables.tpl
+
"/system/network/networking_ipv6" = NETWORKING_IPV6;
In this template, first I give the real value to NETWORKING_IPv6 (= yes), and then I modify the variable NETWORK_PARAMS to get the DB in 'myip6' with the HOSTNAME <--> IPv6 resolution
+
 
 +
=== $L/cfg/sites/ndpf/site/global_variables.tpl ===
 +
 
 +
In this template, first I give the real value to ''NETWORKING_IPv6'' (= yes), and then I modify the variable ''NETWORK_PARAMS'' to get the DB in ''myip6'' with the ''HOSTNAME <--> IPv6'' resolution
 
...
 
...
#IPv6
+
 
final variable NETWORKING_IPV6 = "yes";
+
#IPv6
...
+
final variable NETWORKING_IPV6 = "yes";
variable NETWORK_PARAMS = {
+
...
 +
variable NETWORK_PARAMS = {
 
     myip = DB_IP[escape(FULL_HOSTNAME)];
 
     myip = DB_IP[escape(FULL_HOSTNAME)];
 
     myip6 = DB_IP6[escape(FULL_HOSTNAME)];
 
     myip6 = DB_IP6[escape(FULL_HOSTNAME)];
Line 160: Line 163:
 
     npar["ipv6init"] = ip6init;
 
     npar["ipv6init"] = ip6init;
 
     npar;
 
     npar;
};
+
};
 +
 
 +
'''TO DO'''
 +
While I was writing this document, it came to my head that this is going to set to yes ''NETWORKING_IPV6'' and ''IPV6INIT'', either we want it or not; so I need to modify this somehow... I'm thinking of �If myip6 is empty, then don't initialize those two variables�
 +
 
 +
=== $L/cfg/sites/ndpf/site/databases.tpl ===
  
While I was writing this document, it came to my head that this is going to set to yes NETWORKING_IPV6 and IPV6INIT, either we want it or not; so I need to modify this somehow... I'm thinking of �If myip6 is empty, then don't initialize those two variables�
+
This is just the database with the hostnames and their IPs (Copied from ''DB_IP''):
2.5.- $L/cfg/sites/ndpf/site/databases.tpl
 
This is just the database with the hostnames and their IPs (Copied from DB_IP):
 
  
final variable DB_IP6 = nlist(
+
final variable DB_IP6 = nlist(
  escape("ce.nikhef.nl"),"2001:610:120:e120::3",
+
      escape("ce.nikhef.nl"),"2001:610:120:e120::3",
  escape("wn-001.nikhef.nl"),"2001:610:120:e120::4",
+
      escape("wn-001.nikhef.nl"),"2001:610:120:e120::4",
  escape("wn-002.nikhef.nl"),"2001:610:120:e120::5",
+
      escape("wn-002.nikhef.nl"),"2001:610:120:e120::5",
  escape("torque.nikhef.nl"),"2001:610:120:e120::6",
+
      escape("torque.nikhef.nl"),"2001:610:120:e120::6",
  escape("wms.nikhef.nl"),"2001:610:120:e120::7",
+
      escape("wms.nikhef.nl"),"2001:610:120:e120::7",
  escape("bdii.nikhef.nl"),"2001:610:120:e120::8",
+
      escape("bdii.nikhef.nl"),"2001:610:120:e120::8",
  escape("ui.nikhef.nl"),"2001:610:120:e120::9",
+
      escape("ui.nikhef.nl"),"2001:610:120:e120::9",
);
+
);
2.6- $L/cfg/sites/ndpf/site/config/network-table.tpl
 
I just included the gateway for IPv6 with its IP:
 
  
final variable NETWORK_TABLE = nlist(
+
=== $L/cfg/sites/ndpf/site/config/network-table.tpl ===
    "farmnet-public", nlist(
 
        "subnet", "10.50.50.0", "gateway", "10.50.50.1",
 
  "gateway6", "2001:610:120:e120::1",
 
        "netmask", "255.255.255.0", "broadcast", "10.255.255.255",
 
        "nameservers", list("10.50.50.2", )
 
    ),
 
);
 
  
 +
I just included the gateway for '''IPv6''' with its IP:
  
3.- Network component
+
final variable NETWORK_TABLE = nlist(
I've made a diff between the versions 1.2.6 and the new version 1.2.7, which supports IPv6. Explained in few lines, the component backups the current configuration, it reads from /system/network, and it updates the different files (Mainly /etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcg-eth0) according to the read information, in case the network tests (With the new info) are successful:
+
    "farmnet-public", nlist(
The first modification is regarding the variable IPV6INIT, if it's defined (A value was given), then it's included (Same for the rest of the IPv6 parameters defined in the schema):
+
        "subnet", "10.50.50.0",
250a251,256
+
        "gateway", "10.50.50.1",
> if ($net{$iface}{ipv6init}) {
+
        "gateway6", "2001:610:120:e120::1",
>            $text .= "IPV6INIT=".$net{$iface}{ipv6init}."\n";
+
        "netmask", "255.255.255.0",  
>        }
+
        "broadcast", "10.255.255.255",
 +
        "nameservers", list("10.50.50.2", )
 +
    ),
 +
);
  
  
NOTE: I need to remove the 'else', since it should't be an error that IPV6ADDR is not defined (This would be the case of sites with only IPv4):
+
== Network component ==
  
319a326,332
+
I've made a diff between the versions ''1.2.6'' and the new version ''1.2.7'', which supports IPv6. Explained in few lines, the component backups the current configuration, it reads from ''/system/network'', and it updates the different files (Mainly ''/etc/sysconfig/network'' and ''/etc/sysconfig/network-scripts/ifcg-eth0'') according to the read information, in case the network tests (With the new info) are successful:
>            ### set ipv6addr
 
>            if ($net{$iface}{'ipv6'}) {
 
>                $text .= "IPV6ADDR=".$net{$iface}{'ipv6'}."\n";
 
>            } else {
 
>                $self->error("Using static bootproto and no ",
 
>                              "ipv6address configured for $iface");
 
>            }
 
  
 +
The first modification is regarding the variable ''IPV6INIT'', if it's defined (A value was given), then it's included (Same for the rest of the '''IPv6''' parameters defined in the schema):
  
387a401,404
+
250a251,256
>                 if ( $net{$iface}{route}{$rt}{'gateway6'}) {############## NEW FOR IPV6
+
> if ($net{$iface}{ipv6init}) {
>                     $text .= "IPV6_DEFAULTGW$rt=" .
+
>             $text .= "IPV6INIT=".$net{$iface}{ipv6init}."\n";
>                    $net{$iface}{route}{$rt}{'gateway6'}."\n";
+
>         }
>                 }
 
  
406a424,426
+
'''
>                if ( $net{$iface}{aliases}{$al}{'ipv6'}) {
+
'''TO DO''': I need to remove the 'else', since it shouldn't be an error that ''IPV6ADDR'' is not defined (This would be the case of sites with only IPv4):
>                    $text .= "IPV6ADDR=".$net{$iface}{aliases}{$al}{'ipv6'}."\n";
 
>                }
 
  
429a450,453
+
319a326,332
>     ## checking ipv6 networking
+
>             ### set ipv6addr
>     if ($config->elementExists($path."/networking_ipv6")) {
+
>             if ($net{$iface}{'ipv6'}) {
>         $text .= "NETWORKING_IPV6=".$config->getValue($path."/networking_ipv6")."\n";
+
>                 $text .= "IPV6ADDR=".$net{$iface}{'ipv6'}."\n";
>     }
+
>            } else {
 +
>                $self->error("Using static bootproto and no ",
 +
>                              "ipv6address configured for $iface");
 +
>             }
  
468a493,496
+
387a401,404
>     ## ipv6 gateway        New for IPv6
+
>                 if ( $net{$iface}{route}{$rt}{'gateway6'}) {############## NEW FOR IPV6
>    if ($config->elementExists($path."/default_gateway6")) {
+
>                     $text .= "IPV6_DEFAULTGW$rt=" .
>         $text .= "IPV6_DEFAULTGW=".$config->getValue($path."/default_gateway6")."\n";
+
>                    $net{$iface}{route}{$rt}{'gateway6'}."\n";
>     }
+
>                 }
  
 +
406a424,426
 +
>                if ( $net{$iface}{aliases}{$al}{'ipv6'}) {
 +
>                    $text .= "IPV6ADDR=".$net{$iface}{aliases}{$al}{'ipv6'}."\n";
 +
>                }
  
 +
429a450,453
 +
>    ## checking ipv6 networking
 +
>    if ($config->elementExists($path."/networking_ipv6")) {
 +
>        $text .= "NETWORKING_IPV6=".$config->getValue($path."/networking_ipv6")."\n";
 +
>    }
  
 +
468a493,496
 +
>    ## ipv6 gateway        New for IPv6
 +
>    if ($config->elementExists($path."/default_gateway6")) {
 +
>        $text .= "IPV6_DEFAULTGW=".$config->getValue($path."/default_gateway6")."\n";
 +
>    }
  
  
4.- Iptables component
+
== Iptables component ==
This component works with the path /software/components/iptables. After a fist look at the component, it seems that not many changes are needed.
+
 
The first one would be in the variable that contains the definition of the different iptables options. I haven't done any change yet, so what you see at '-s' (source) and '-d' (destiny) is for IPv4 addresses, but I guess also that can be improved, because if I'm not wrong, that also allows the address 999.999.999.999. Anyway, I need to find the right regular expression, so that it also allows IPv6 addresses:
+
This component works with the path ''/software/components/iptables''. After a fist look at the component, it seems that not many changes are needed.
my %options_arg = ( '-A'              => "", #defined as "($regexp_chains)" on a table by table basis
+
The first one would be in the variable that contains the definition of the different iptables options. I haven't done any change yet, so what you see at ''-s'' (source) and ''-d'' (destiny) is for IPv4 addresses, but I guess also that can be improved, because if I'm not wrong, that also allows the address ''999.999.999.999''. Anyway, I need to find the right regular expression, so that it also allows '''IPv6''' addresses:
 +
 
 +
my %options_arg = ( '-A'              => "", #defined as "($regexp_chains)" on a table by table basis
 
                     '-D'              => "",
 
                     '-D'              => "",
 
                     '-I'              => "",
 
                     '-I'              => "",
Line 247: Line 258:
 
                     '-s'              => '(\!?\s*\d{0,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)',
 
                     '-s'              => '(\!?\s*\d{0,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)',
 
                     '-d'              => '(\!?\s*\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)',
 
                     '-d'              => '(\!?\s*\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)',
...
+
...
 +
 
 +
I have also copied from the ip6tables man pages some extensions that would need to be included in the options hash table:
  
I have also copied from the ip6tables man pages some extensions that would need to be included in the options hash table:
+
=== icmp6 ===
icmp6  
 
 
This extension can be used if '--protocol ipv6-icmp' or '--protocol icmpv6' is specified. It provides the following option:  
 
This extension can be used if '--protocol ipv6-icmp' or '--protocol icmpv6' is specified. It provides the following option:  
 
[!] --icmpv6-type type[/code]|typename  
 
[!] --icmpv6-type type[/code]|typename  
Line 256: Line 268:
 
ip6tables -p ipv6-icmp -h
 
ip6tables -p ipv6-icmp -h
  
ipv6header  
+
=== ipv6header ===
 
This module matches IPv6 extension headers and/or upper layer header.  
 
This module matches IPv6 extension headers and/or upper layer header.  
 
--soft  
 
--soft  

Latest revision as of 12:17, 10 October 2012