Difference between revisions of "Quattor and IPv6"

From PDP/Grid Wiki
Jump to navigationJump to search
 
(3 intermediate revisions by the same user not shown)
Line 165: Line 165:
 
  };
 
  };
  
While I was writing this document, it came to my head that this is going to set to yes NETWORKING_IPV6 and IPV6INIT, either we want it or not; so I need to modify this somehow... I'm thinking of �If myip6 is empty, then don't initialize those two variables�
+
'''TO DO'''
2.5.- $L/cfg/sites/ndpf/site/databases.tpl
+
While I was writing this document, it came to my head that this is going to set to yes ''NETWORKING_IPV6'' and ''IPV6INIT'', either we want it or not; so I need to modify this somehow... I'm thinking of �If myip6 is empty, then don't initialize those two variables�
This is just the database with the hostnames and their IPs (Copied from DB_IP):
 
  
final variable DB_IP6 = nlist(
+
=== $L/cfg/sites/ndpf/site/databases.tpl ===
  escape("ce.nikhef.nl"),"2001:610:120:e120::3",
 
  escape("wn-001.nikhef.nl"),"2001:610:120:e120::4",
 
  escape("wn-002.nikhef.nl"),"2001:610:120:e120::5",
 
  escape("torque.nikhef.nl"),"2001:610:120:e120::6",
 
  escape("wms.nikhef.nl"),"2001:610:120:e120::7",
 
  escape("bdii.nikhef.nl"),"2001:610:120:e120::8",
 
  escape("ui.nikhef.nl"),"2001:610:120:e120::9",
 
);
 
2.6- $L/cfg/sites/ndpf/site/config/network-table.tpl
 
I just included the gateway for IPv6 with its IP:
 
  
final variable NETWORK_TABLE = nlist(
+
This is just the database with the hostnames and their IPs (Copied from ''DB_IP''):
    "farmnet-public", nlist(
 
        "subnet", "10.50.50.0", "gateway", "10.50.50.1",
 
  "gateway6", "2001:610:120:e120::1",
 
        "netmask", "255.255.255.0", "broadcast", "10.255.255.255",
 
        "nameservers", list("10.50.50.2", )
 
    ),
 
);
 
  
 +
final variable DB_IP6 = nlist(
 +
      escape("ce.nikhef.nl"),"2001:610:120:e120::3",
 +
      escape("wn-001.nikhef.nl"),"2001:610:120:e120::4",
 +
      escape("wn-002.nikhef.nl"),"2001:610:120:e120::5",
 +
      escape("torque.nikhef.nl"),"2001:610:120:e120::6",
 +
      escape("wms.nikhef.nl"),"2001:610:120:e120::7",
 +
      escape("bdii.nikhef.nl"),"2001:610:120:e120::8",
 +
      escape("ui.nikhef.nl"),"2001:610:120:e120::9",
 +
);
  
3.- Network component
+
=== $L/cfg/sites/ndpf/site/config/network-table.tpl ===
I've made a diff between the versions 1.2.6 and the new version 1.2.7, which supports IPv6. Explained in few lines, the component backups the current configuration, it reads from /system/network, and it updates the different files (Mainly /etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcg-eth0) according to the read information, in case the network tests (With the new info) are successful:
 
The first modification is regarding the variable IPV6INIT, if it's defined (A value was given), then it's included (Same for the rest of the IPv6 parameters defined in the schema):
 
250a251,256
 
> if ($net{$iface}{ipv6init}) {
 
>            $text .= "IPV6INIT=".$net{$iface}{ipv6init}."\n";
 
>        }
 
  
 +
I just included the gateway for '''IPv6''' with its IP:
  
NOTE: I need to remove the 'else', since it should't be an error that IPV6ADDR is not defined (This would be the case of sites with only IPv4):
+
final variable NETWORK_TABLE = nlist(
 +
    "farmnet-public", nlist(
 +
        "subnet", "10.50.50.0",
 +
        "gateway", "10.50.50.1",
 +
        "gateway6", "2001:610:120:e120::1",
 +
        "netmask", "255.255.255.0",
 +
        "broadcast", "10.255.255.255",
 +
        "nameservers", list("10.50.50.2", )
 +
    ),
 +
);
  
319a326,332
 
>            ### set ipv6addr
 
>            if ($net{$iface}{'ipv6'}) {
 
>                $text .= "IPV6ADDR=".$net{$iface}{'ipv6'}."\n";
 
>            } else {
 
>                $self->error("Using static bootproto and no ",
 
>                              "ipv6address configured for $iface");
 
>            }
 
  
 +
== Network component ==
  
387a401,404
+
I've made a diff between the versions ''1.2.6'' and the new version ''1.2.7'', which supports IPv6. Explained in few lines, the component backups the current configuration, it reads from ''/system/network'', and it updates the different files (Mainly ''/etc/sysconfig/network'' and ''/etc/sysconfig/network-scripts/ifcg-eth0'') according to the read information, in case the network tests (With the new info) are successful:
>                if ( $net{$iface}{route}{$rt}{'gateway6'}) {############## NEW FOR IPV6
 
>                    $text .= "IPV6_DEFAULTGW$rt=" .
 
>                    $net{$iface}{route}{$rt}{'gateway6'}."\n";
 
>                }
 
  
406a424,426
+
The first modification is regarding the variable ''IPV6INIT'', if it's defined (A value was given), then it's included (Same for the rest of the '''IPv6''' parameters defined in the schema):
>                if ( $net{$iface}{aliases}{$al}{'ipv6'}) {
 
>                    $text .= "IPV6ADDR=".$net{$iface}{aliases}{$al}{'ipv6'}."\n";
 
>                }
 
  
429a450,453
+
250a251,256
>     ## checking ipv6 networking
+
> if ($net{$iface}{ipv6init}) {
>    if ($config->elementExists($path."/networking_ipv6")) {
+
>             $text .= "IPV6INIT=".$net{$iface}{ipv6init}."\n";
>         $text .= "NETWORKING_IPV6=".$config->getValue($path."/networking_ipv6")."\n";
+
>         }
>     }
 
  
468a493,496
+
'''
>    ## ipv6 gateway        New for IPv6
+
'''TO DO''': I need to remove the 'else', since it shouldn't be an error that ''IPV6ADDR'' is not defined (This would be the case of sites with only IPv4):
>    if ($config->elementExists($path."/default_gateway6")) {
 
>        $text .= "IPV6_DEFAULTGW=".$config->getValue($path."/default_gateway6")."\n";
 
>    }
 
  
 +
319a326,332
 +
>            ### set ipv6addr
 +
>            if ($net{$iface}{'ipv6'}) {
 +
>                $text .= "IPV6ADDR=".$net{$iface}{'ipv6'}."\n";
 +
>            } else {
 +
>                $self->error("Using static bootproto and no ",
 +
>                              "ipv6address configured for $iface");
 +
>            }
  
 +
387a401,404
 +
>                if ( $net{$iface}{route}{$rt}{'gateway6'}) {############## NEW FOR IPV6
 +
>                    $text .= "IPV6_DEFAULTGW$rt=" .
 +
>                    $net{$iface}{route}{$rt}{'gateway6'}."\n";
 +
>                }
  
 +
406a424,426
 +
>                if ( $net{$iface}{aliases}{$al}{'ipv6'}) {
 +
>                    $text .= "IPV6ADDR=".$net{$iface}{aliases}{$al}{'ipv6'}."\n";
 +
>                }
  
 +
429a450,453
 +
>    ## checking ipv6 networking
 +
>    if ($config->elementExists($path."/networking_ipv6")) {
 +
>        $text .= "NETWORKING_IPV6=".$config->getValue($path."/networking_ipv6")."\n";
 +
>    }
  
4.- Iptables component
+
468a493,496
This component works with the path /software/components/iptables. After a fist look at the component, it seems that not many changes are needed.
+
>    ## ipv6 gateway        New for IPv6
The first one would be in the variable that contains the definition of the different iptables options. I haven't done any change yet, so what you see at '-s' (source) and '-d' (destiny) is for IPv4 addresses, but I guess also that can be improved, because if I'm not wrong, that also allows the address 999.999.999.999. Anyway, I need to find the right regular expression, so that it also allows IPv6 addresses:
+
>    if ($config->elementExists($path."/default_gateway6")) {
my %options_arg = ( '-A'              => "", #defined as "($regexp_chains)" on a table by table basis
+
>        $text .= "IPV6_DEFAULTGW=".$config->getValue($path."/default_gateway6")."\n";
 +
>    }
 +
 
 +
 
 +
== Iptables component ==
 +
 
 +
This component works with the path ''/software/components/iptables''. After a fist look at the component, it seems that not many changes are needed.
 +
The first one would be in the variable that contains the definition of the different iptables options. I haven't done any change yet, so what you see at ''-s'' (source) and ''-d'' (destiny) is for IPv4 addresses, but I guess also that can be improved, because if I'm not wrong, that also allows the address ''999.999.999.999''. Anyway, I need to find the right regular expression, so that it also allows '''IPv6''' addresses:
 +
 
 +
my %options_arg = ( '-A'              => "", #defined as "($regexp_chains)" on a table by table basis
 
                     '-D'              => "",
 
                     '-D'              => "",
 
                     '-I'              => "",
 
                     '-I'              => "",
Line 250: Line 258:
 
                     '-s'              => '(\!?\s*\d{0,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)',
 
                     '-s'              => '(\!?\s*\d{0,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)',
 
                     '-d'              => '(\!?\s*\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)',
 
                     '-d'              => '(\!?\s*\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)',
...
+
...
 +
 
 +
I have also copied from the ip6tables man pages some extensions that would need to be included in the options hash table:
  
I have also copied from the ip6tables man pages some extensions that would need to be included in the options hash table:
+
=== icmp6 ===
icmp6  
 
 
This extension can be used if '--protocol ipv6-icmp' or '--protocol icmpv6' is specified. It provides the following option:  
 
This extension can be used if '--protocol ipv6-icmp' or '--protocol icmpv6' is specified. It provides the following option:  
 
[!] --icmpv6-type type[/code]|typename  
 
[!] --icmpv6-type type[/code]|typename  
Line 259: Line 268:
 
ip6tables -p ipv6-icmp -h
 
ip6tables -p ipv6-icmp -h
  
ipv6header  
+
=== ipv6header ===
 
This module matches IPv6 extension headers and/or upper layer header.  
 
This module matches IPv6 extension headers and/or upper layer header.  
 
--soft  
 
--soft  

Latest revision as of 12:17, 10 October 2012