Difference between revisions of "Quattor and IPv6"
From PDP/Grid Wiki
Jump to navigationJump to search| (One intermediate revision by the same user not shown) | |||
| Line 173: | Line 173: | ||
final variable DB_IP6 = nlist( | final variable DB_IP6 = nlist( | ||
| − | + | escape("ce.nikhef.nl"),"2001:610:120:e120::3", | |
| − | + | escape("wn-001.nikhef.nl"),"2001:610:120:e120::4", | |
| − | + | escape("wn-002.nikhef.nl"),"2001:610:120:e120::5", | |
| − | + | escape("torque.nikhef.nl"),"2001:610:120:e120::6", | |
| − | + | escape("wms.nikhef.nl"),"2001:610:120:e120::7", | |
| − | + | escape("bdii.nikhef.nl"),"2001:610:120:e120::8", | |
| − | + | escape("ui.nikhef.nl"),"2001:610:120:e120::9", | |
); | ); | ||
=== $L/cfg/sites/ndpf/site/config/network-table.tpl === | === $L/cfg/sites/ndpf/site/config/network-table.tpl === | ||
| − | I just included the gateway for IPv6 with its IP: | + | I just included the gateway for '''IPv6''' with its IP: |
final variable NETWORK_TABLE = nlist( | final variable NETWORK_TABLE = nlist( | ||
| Line 200: | Line 200: | ||
== Network component == | == Network component == | ||
| − | I've made a diff between the versions 1.2.6 and the new version 1.2.7, which supports IPv6. Explained in few lines, the component backups the current configuration, it reads from /system/network, and it updates the different files (Mainly /etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcg-eth0) according to the read information, in case the network tests (With the new info) are successful: | + | I've made a diff between the versions ''1.2.6'' and the new version ''1.2.7'', which supports IPv6. Explained in few lines, the component backups the current configuration, it reads from ''/system/network'', and it updates the different files (Mainly ''/etc/sysconfig/network'' and ''/etc/sysconfig/network-scripts/ifcg-eth0'') according to the read information, in case the network tests (With the new info) are successful: |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | The first modification is regarding the variable ''IPV6INIT'', if it's defined (A value was given), then it's included (Same for the rest of the '''IPv6''' parameters defined in the schema): | ||
| − | + | 250a251,256 | |
| + | > if ($net{$iface}{ipv6init}) { | ||
| + | > $text .= "IPV6INIT=".$net{$iface}{ipv6init}."\n"; | ||
| + | > } | ||
| − | + | ''' | |
| − | + | '''TO DO''': I need to remove the 'else', since it shouldn't be an error that ''IPV6ADDR'' is not defined (This would be the case of sites with only IPv4): | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | 319a326,332 | ||
| + | > ### set ipv6addr | ||
| + | > if ($net{$iface}{'ipv6'}) { | ||
| + | > $text .= "IPV6ADDR=".$net{$iface}{'ipv6'}."\n"; | ||
| + | > } else { | ||
| + | > $self->error("Using static bootproto and no ", | ||
| + | > "ipv6address configured for $iface"); | ||
| + | > } | ||
| − | 387a401,404 | + | 387a401,404 |
| − | > if ( $net{$iface}{route}{$rt}{'gateway6'}) {############## NEW FOR IPV6 | + | > if ( $net{$iface}{route}{$rt}{'gateway6'}) {############## NEW FOR IPV6 |
| − | > $text .= "IPV6_DEFAULTGW$rt=" . | + | > $text .= "IPV6_DEFAULTGW$rt=" . |
| − | > $net{$iface}{route}{$rt}{'gateway6'}."\n"; | + | > $net{$iface}{route}{$rt}{'gateway6'}."\n"; |
| − | > } | + | > } |
| − | 406a424,426 | + | 406a424,426 |
| − | > if ( $net{$iface}{aliases}{$al}{'ipv6'}) { | + | > if ( $net{$iface}{aliases}{$al}{'ipv6'}) { |
| − | > $text .= "IPV6ADDR=".$net{$iface}{aliases}{$al}{'ipv6'}."\n"; | + | > $text .= "IPV6ADDR=".$net{$iface}{aliases}{$al}{'ipv6'}."\n"; |
| − | > } | + | > } |
| − | 429a450,453 | + | 429a450,453 |
| − | > ## checking ipv6 networking | + | > ## checking ipv6 networking |
| − | > if ($config->elementExists($path."/networking_ipv6")) { | + | > if ($config->elementExists($path."/networking_ipv6")) { |
| − | > $text .= "NETWORKING_IPV6=".$config->getValue($path."/networking_ipv6")."\n"; | + | > $text .= "NETWORKING_IPV6=".$config->getValue($path."/networking_ipv6")."\n"; |
| − | > } | + | > } |
| − | 468a493,496 | + | 468a493,496 |
| − | > ## ipv6 gateway New for IPv6 | + | > ## ipv6 gateway New for IPv6 |
| − | > if ($config->elementExists($path."/default_gateway6")) { | + | > if ($config->elementExists($path."/default_gateway6")) { |
| − | > $text .= "IPV6_DEFAULTGW=".$config->getValue($path."/default_gateway6")."\n"; | + | > $text .= "IPV6_DEFAULTGW=".$config->getValue($path."/default_gateway6")."\n"; |
| − | > } | + | > } |
| + | == Iptables component == | ||
| + | This component works with the path ''/software/components/iptables''. After a fist look at the component, it seems that not many changes are needed. | ||
| + | The first one would be in the variable that contains the definition of the different iptables options. I haven't done any change yet, so what you see at ''-s'' (source) and ''-d'' (destiny) is for IPv4 addresses, but I guess also that can be improved, because if I'm not wrong, that also allows the address ''999.999.999.999''. Anyway, I need to find the right regular expression, so that it also allows '''IPv6''' addresses: | ||
| − | + | my %options_arg = ( '-A' => "", #defined as "($regexp_chains)" on a table by table basis | |
| − | |||
| − | |||
| − | |||
| − | my %options_arg = ( '-A' => "", #defined as "($regexp_chains)" on a table by table basis | ||
'-D' => "", | '-D' => "", | ||
'-I' => "", | '-I' => "", | ||
| Line 258: | Line 258: | ||
'-s' => '(\!?\s*\d{0,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)', | '-s' => '(\!?\s*\d{0,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)', | ||
'-d' => '(\!?\s*\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)', | '-d' => '(\!?\s*\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\/\d{1,2}){0,1}|\S+)', | ||
| − | ... | + | ... |
| + | |||
| + | I have also copied from the ip6tables man pages some extensions that would need to be included in the options hash table: | ||
| − | + | === icmp6 === | |
| − | icmp6 | ||
This extension can be used if '--protocol ipv6-icmp' or '--protocol icmpv6' is specified. It provides the following option: | This extension can be used if '--protocol ipv6-icmp' or '--protocol icmpv6' is specified. It provides the following option: | ||
[!] --icmpv6-type type[/code]|typename | [!] --icmpv6-type type[/code]|typename | ||
| Line 267: | Line 268: | ||
ip6tables -p ipv6-icmp -h | ip6tables -p ipv6-icmp -h | ||
| − | ipv6header | + | === ipv6header === |
This module matches IPv6 extension headers and/or upper layer header. | This module matches IPv6 extension headers and/or upper layer header. | ||
--soft | --soft | ||
