Difference between revisions of "Quattor and IPv6"
From PDP/Grid Wiki
Jump to navigationJump to search(5 intermediate revisions by the same user not shown) | |||
Line 88: | Line 88: | ||
Finally, the third solution, which is the adopted one, just includes some extra parameters in the types ''structure_network'', ''structure_interface'', and ''structure_interface_alias''. I thought that this solution would be the easiest one to implement, since not all the parameters in a structure would need to be defined, so this would be ideal for sites that wanted only IPv4. | Finally, the third solution, which is the adopted one, just includes some extra parameters in the types ''structure_network'', ''structure_interface'', and ''structure_interface_alias''. I thought that this solution would be the easiest one to implement, since not all the parameters in a structure would need to be defined, so this would be ideal for sites that wanted only IPv4. | ||
− | The interface (Also the alias) need to include an extra IP (Only ''type_ipv6''). The interface includes the gateway for '''IPv6''' and a parameter to initialize '''IPv6''' in that interface. I have | + | The interface (Also the alias) need to include an extra IP (Only ''type_ipv6''). The interface includes the gateway for '''IPv6''' and a parameter to initialize '''IPv6''' in that interface. I have added an asterisk after the new parameters: |
− | + | type structure_interface_alias = { | |
− | + | "ip" ? type_ip | |
− | + | "ipv6" ? type_ipv6 * | |
− | + | "netmask" : type_ip | |
− | + | "broadcast" ? type_ip | |
− | + | }; | |
− | + | type structure_interface = { | |
− | + | "ip" ? type_ip | |
− | + | "gateway" ? type_ip | |
− | + | "ipv6" ? type_ipv6 * | |
− | + | "gateway6" ? type_ipv6 * | |
− | + | "ipv6init" ? string * | |
− | + | "netmask" ? type_ip | |
− | + | "broadcast" ? type_ip | |
− | + | "driver" ? string | |
− | + | "bootproto" ? string | |
− | + | "onboot" ? string | |
− | + | "type" ? string | |
− | + | "device" ? string | |
− | + | "master" ? string | |
− | + | "mtu" ? long | |
− | + | "route" ? structure_route[] | |
− | + | "aliases" ? structure_interface_alias{} | |
− | + | "set_hwaddr" ? boolean | |
− | + | "bridge" ? string with exists ("/system/network/interfaces/" + SELF) | |
− | + | "bonding_opts" ? structure_bonding_options | |
− | + | "offload" ? structure_ethtool_offload | |
− | + | "ring" ? structure_ethtool_ring | |
− | + | "ethtool" ? structure_ethtool | |
− | + | "vlan" ? boolean | |
− | + | "physdev" ? string with exists ("/system/network/interfaces/" + SELF) | |
− | + | }; | |
This is for the network in general and a default gateway needs to be defined also for IPv6. | This is for the network in general and a default gateway needs to be defined also for IPv6. | ||
− | + | type structure_network = { | |
− | + | "domainname" : type_fqdn | |
− | + | "hostname" : type_shorthostname | |
− | + | "realhostname" ? type_fqdn | |
− | + | "default_gateway" ? type_ip | |
− | + | "gatewaydev" ? string with exists ("/system/network/interfaces/" + SELF) | |
− | + | "default_gateway6" ? type_ipv6 * | |
− | + | "networking_ipv6" ? string * | |
− | + | "interfaces" : structure_interface{} | |
− | + | "nameserver" : type_ip[] | |
− | + | "nisdomain" ? type_fqdn | |
− | + | "nozeroconf" ? boolean | |
− | + | "set_hwaddr" ? boolean | |
− | + | }; | |
− | |||
− | |||
− | + | === $L/cfg/sites/ndpf/site/network.tpl === | |
+ | This is just to give the value to ''NETWORKING_IPV6'' which enables '''IPv6''' in the server. | ||
− | + | "/system/network/networking_ipv6" = NETWORKING_IPV6; | |
− | In this template, first I give the real value to NETWORKING_IPv6 (= yes), and then I modify the variable NETWORK_PARAMS to get the DB in 'myip6' with the HOSTNAME <--> IPv6 resolution | + | |
+ | === $L/cfg/sites/ndpf/site/global_variables.tpl === | ||
+ | |||
+ | In this template, first I give the real value to ''NETWORKING_IPv6'' (= yes), and then I modify the variable ''NETWORK_PARAMS'' to get the DB in ''myip6'' with the ''HOSTNAME <--> IPv6'' resolution | ||
... | ... | ||
− | #IPv6 | + | |
− | final variable NETWORKING_IPV6 = "yes"; | + | #IPv6 |
− | ... | + | final variable NETWORKING_IPV6 = "yes"; |
− | variable NETWORK_PARAMS = { | + | ... |
+ | variable NETWORK_PARAMS = { | ||
myip = DB_IP[escape(FULL_HOSTNAME)]; | myip = DB_IP[escape(FULL_HOSTNAME)]; | ||
myip6 = DB_IP6[escape(FULL_HOSTNAME)]; | myip6 = DB_IP6[escape(FULL_HOSTNAME)]; | ||
Line 160: | Line 163: | ||
npar["ipv6init"] = ip6init; | npar["ipv6init"] = ip6init; | ||
npar; | npar; | ||
− | }; | + | }; |
+ | |||
+ | '''TO DO''' | ||
+ | While I was writing this document, it came to my head that this is going to set to yes ''NETWORKING_IPV6'' and ''IPV6INIT'', either we want it or not; so I need to modify this somehow... I'm thinking of �If myip6 is empty, then don't initialize those two variables� | ||
+ | |||
+ | === $L/cfg/sites/ndpf/site/databases.tpl === | ||
− | + | This is just the database with the hostnames and their IPs (Copied from ''DB_IP''): | |
− | |||
− | This is just the database with the hostnames and their IPs (Copied from DB_IP): | ||
− | + | final variable DB_IP6 = nlist( | |
− | + | escape("ce.nikhef.nl"),"2001:610:120:e120::3", | |
− | + | escape("wn-001.nikhef.nl"),"2001:610:120:e120::4", | |
− | + | escape("wn-002.nikhef.nl"),"2001:610:120:e120::5", | |
− | + | escape("torque.nikhef.nl"),"2001:610:120:e120::6", | |
− | + | escape("wms.nikhef.nl"),"2001:610:120:e120::7", | |
− | + | escape("bdii.nikhef.nl"),"2001:610:120:e120::8", | |
− | + | escape("ui.nikhef.nl"),"2001:610:120:e120::9", | |
− | + | ); | |
− | |||
− | |||
− | + | === $L/cfg/sites/ndpf/site/config/network-table.tpl === | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | I just included the gateway for '''IPv6''' with its IP: | ||
− | + | final variable NETWORK_TABLE = nlist( | |
− | + | "farmnet-public", nlist( | |
− | + | "subnet", "10.50.50.0", | |
− | + | "gateway", "10.50.50.1", | |
− | + | "gateway6", "2001:610:120:e120::1", | |
− | + | "netmask", "255.255.255.0", | |
− | + | "broadcast", "10.255.255.255", | |
+ | "nameservers", list("10.50.50.2", ) | ||
+ | ), | ||
+ | ); | ||
− | + | == Network component == | |
− | + | I've made a diff between the versions ''1.2.6'' and the new version ''1.2.7'', which supports IPv6. Explained in few lines, the component backups the current configuration, it reads from ''/system/network'', and it updates the different files (Mainly ''/etc/sysconfig/network'' and ''/etc/sysconfig/network-scripts/ifcg-eth0'') according to the read information, in case the network tests (With the new info) are successful: | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | The first modification is regarding the variable ''IPV6INIT'', if it's defined (A value was given), then it's included (Same for the rest of the '''IPv6''' parameters defined in the schema): | ||
− | + | 250a251,256 | |
− | > | + | > if ($net{$iface}{ipv6init}) { |
− | > | + | > $text .= "IPV6INIT=".$net{$iface}{ipv6init}."\n"; |
− | + | > } | |
− | > | ||
− | + | ''' | |
− | + | '''TO DO''': I need to remove the 'else', since it shouldn't be an error that ''IPV6ADDR'' is not defined (This would be the case of sites with only IPv4): | |
− | |||
− | |||
− | + | 319a326,332 | |
− | > | + | > ### set ipv6addr |
− | > | + | > if ($net{$iface}{'ipv6'}) { |
− | > | + | > $text .= "IPV6ADDR=".$net{$iface}{'ipv6'}."\n"; |
− | > | + | > } else { |
+ | > $self->error("Using static bootproto and no ", | ||
+ | > "ipv6address configured for $iface"); | ||
+ | > } | ||
− | + | 387a401,404 | |
− | > | + | > if ( $net{$iface}{route}{$rt}{'gateway6'}) {############## NEW FOR IPV6 |
− | + | > $text .= "IPV6_DEFAULTGW$rt=" . | |
− | > | + | > $net{$iface}{route}{$rt}{'gateway6'}."\n"; |
− | > | + | > } |
+ | 406a424,426 | ||
+ | > if ( $net{$iface}{aliases}{$al}{'ipv6'}) { | ||
+ | > $text .= "IPV6ADDR=".$net{$iface}{aliases}{$al}{'ipv6'}."\n"; | ||
+ | > } | ||
+ | 429a450,453 | ||
+ | > ## checking ipv6 networking | ||
+ | > if ($config->elementExists($path."/networking_ipv6")) { | ||
+ | > $text .= "NETWORKING_IPV6=".$config->getValue($path."/networking_ipv6")."\n"; | ||
+ | > } | ||
+ | 468a493,496 | ||
+ | > ## ipv6 gateway New for IPv6 | ||
+ | > if ($config->elementExists($path."/default_gateway6")) { | ||
+ | > $text .= "IPV6_DEFAULTGW=".$config->getValue($path."/default_gateway6")."\n"; | ||
+ | > } | ||
− | + | == Iptables component == | |
− | This component works with the path /software/components/iptables. After a fist look at the component, it seems that not many changes are needed. | + | |
− | The first one would be in the variable that contains the definition of the different iptables options. I haven't done any change yet, so what you see at '-s' (source) and '-d' (destiny) is for IPv4 addresses, but I guess also that can be improved, because if I'm not wrong, that also allows the address 999.999.999.999. Anyway, I need to find the right regular expression, so that it also allows IPv6 addresses: | + | This component works with the path ''/software/components/iptables''. After a fist look at the component, it seems that not many changes are needed. |
− | my %options_arg = ( '-A' => "", #defined as "($regexp_chains)" on a table by table basis | + | The first one would be in the variable that contains the definition of the different iptables options. I haven't done any change yet, so what you see at ''-s'' (source) and ''-d'' (destiny) is for IPv4 addresses, but I guess also that can be improved, because if I'm not wrong, that also allows the address ''999.999.999.999''. Anyway, I need to find the right regular expression, so that it also allows '''IPv6''' addresses: |
+ | |||
+ | my %options_arg = ( '-A' => "", #defined as "($regexp_chains)" on a table by table basis | ||
'-D' => "", | '-D' => "", | ||
'-I' => "", | '-I' => "", | ||
Line 247: | Line 258: | ||
'-s' => '(\!?\s*\d{0,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)', | '-s' => '(\!?\s*\d{0,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)', | ||
'-d' => '(\!?\s*\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)', | '-d' => '(\!?\s*\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)', | ||
− | ... | + | ... |
+ | |||
+ | I have also copied from the ip6tables man pages some extensions that would need to be included in the options hash table: | ||
− | + | === icmp6 === | |
− | icmp6 | ||
This extension can be used if '--protocol ipv6-icmp' or '--protocol icmpv6' is specified. It provides the following option: | This extension can be used if '--protocol ipv6-icmp' or '--protocol icmpv6' is specified. It provides the following option: | ||
[!] --icmpv6-type type[/code]|typename | [!] --icmpv6-type type[/code]|typename | ||
Line 256: | Line 268: | ||
ip6tables -p ipv6-icmp -h | ip6tables -p ipv6-icmp -h | ||
− | ipv6header | + | === ipv6header === |
This module matches IPv6 extension headers and/or upper layer header. | This module matches IPv6 extension headers and/or upper layer header. | ||
--soft | --soft |