From 62449203055562a29d2b83f50022e902700efbf8 Mon Sep 17 00:00:00 2001 From: daniceexi Date: Fri, 24 Oct 2014 09:43:31 -0400 Subject: [PATCH] Enhance the ddns.pm to support the site.dnsinterfaces for DNS server to listen on specific interfaces instead of all --- perl-xCAT/xCAT/Schema.pm | 10 ++++ xCAT-server/lib/xcat/plugins/ddns.pm | 90 +++++++++++++++++++++++++++- 2 files changed, 98 insertions(+), 2 deletions(-) diff --git a/perl-xCAT/xCAT/Schema.pm b/perl-xCAT/xCAT/Schema.pm index 8ed823d11..7770e9971 100755 --- a/perl-xCAT/xCAT/Schema.pm +++ b/perl-xCAT/xCAT/Schema.pm @@ -995,6 +995,16 @@ site => { " dnsupdaters: The value are \',\' separated string which will be added to the zone config\n". " section. This is an interface for user to add configuration entries to\n". " the zone sections in named.conf.\n\n". + " dnsinterfaces: The network interfaces DNS server should listen on. If it is the same\n". + " for all nodes, use a simple comma-separated list of NICs. To\n". + " specify different NICs for different nodes:\n". + " xcatmn|eth1,eth2;service|bond0.\n". + " In this example xcatmn is the name of the xCAT MN, and DNS there\n". + " should listen on eth1 and eth2. On all of the nodes in group\n". + " 'service' DNS should listen on the bond0 nic.\n". + " NOTE: if using this attribute to block certain interfaces, make sure\n". + " the ip maps to your hostname of xCAT MN is not blocked since xCAT needs to\n". + " use this ip to communicate with the local NDS server on MN.\n\n". " -------------------------\n". "HARDWARE CONTROL ATTRIBUTES\n". " -------------------------\n". diff --git a/xCAT-server/lib/xcat/plugins/ddns.pm b/xCAT-server/lib/xcat/plugins/ddns.pm index 2d6175f20..8ade8cbf8 100755 --- a/xCAT-server/lib/xcat/plugins/ddns.pm +++ b/xCAT-server/lib/xcat/plugins/ddns.pm @@ -515,6 +515,61 @@ sub process_request { $ctx->{zonestotouch}->{$_->{domain}}=1; } } + + # get the listen on port for the DNS server from site.dnsinterfaces + my @dnsifinsite = xCAT::TableUtils->get_site_attribute("dnsinterfaces"); + if (@dnsifinsite) + #syntax should be like host|ifname1,ifname2;host2|ifname3,ifname2 etc or simply ifname,ifname2 + { + my $dnsinterfaces = $dnsifinsite[0]; + my $listenonifs; + foreach my $dnsif (split /;/,$dnsinterfaces) { + if ($dnsif =~ /\|/) { # there's host in the string + my ($hosts,$dnsif) = split /\|/,$dnsif; + if (! xCAT::NetworkUtils->thishostisnot($hosts)) { + $listenonifs=$dnsif; + } else { + # this host string might be a xcat group, try to test each node in the group + foreach my $host (noderange($hosts)) { + unless (xCAT::NetworkUtils->thishostisnot($host)) { + $listenonifs=$dnsif; + last; + } + } + } + } else { + $listenonifs = $dnsif; + } + + # get the ip for each interface and set it to $ctx->{dnslistenonifs} + if ($listenonifs) { + $listenonifs = "lo,".$listenonifs; + # get the ip address for each interface + my (@listenipv4, @listenipv6); + for my $if (split /,/, $listenonifs) { + my @ifaddrs = `ip addr show $if`; + foreach (@ifaddrs) { + if (/^\s*inet\s+([^ ]*)/) { + my $ip = $1; + $ip =~ s/\/.*//; + push @listenipv4, $ip; + } elsif (/^\s*inet6\s+([^ ]*)/) { + my $ip = $1; + $ip =~ s/\/.*//; + push @listenipv6, $ip; + } + } + } + if (@listenipv4) { + $ctx->{dnslistenonifs}->{ipv4} = \@listenipv4; + } + if (@listenipv6) { + $ctx->{dnslistenonifs}->{ipv6} = \@listenipv6; + } + last; + } + } + } xCAT::SvrUtils::sendmsg("Getting reverse zones, this may take several minutes for a large cluster.", $callback); @@ -930,6 +985,20 @@ sub update_namedconf { push @newnamed,"\t\t".$_.";\n"; } push @newnamed,"\t};\n"; + } elsif (defined($ctx->{dnslistenonifs}) and defined($ctx->{dnslistenonifs}->{ipv4}) and $line =~ /listen-on {/) { + push @newnamed,"\tlisten-on \{\n"; + $skip=1; + foreach (@{$ctx->{dnslistenonifs}->{ipv4}}) { + push @newnamed,"\t\t".$_.";\n"; + } + push @newnamed,"\t};\n"; + } elsif (defined($ctx->{dnslistenonifs}) and defined($ctx->{dnslistenonifs}->{ipv6}) and $line =~ /listen-on-v6 {/) { + push @newnamed,"\tlisten-on-v6 \{\n"; + $skip=1; + foreach (@{$ctx->{dnslistenonifs}->{ipv6}}) { + push @newnamed,"\t\t".$_.";\n"; + } + push @newnamed,"\t};\n"; } elsif ($skip) { if ($line =~ /};/) { $skip = 0; @@ -1029,7 +1098,7 @@ sub update_namedconf { push @newnamed,"\tdirectory \"".$ctx->{zonesdir}."\";\n"; push @newnamed, "\tallow-recursion { any; };\n"; } - push @newnamed,"\t\t//listen-on-v6 { any; };\n"; + #push @newnamed,"\t\t//listen-on-v6 { any; };\n"; if ($ctx->{forwarders}) { push @newnamed,"\tforwarders {\n"; foreach (@{$ctx->{forwarders}}) { @@ -1055,6 +1124,23 @@ sub update_namedconf { push @newnamed,"\t};\n"; } } + + # add the listen-on option + if (defined($ctx->{dnslistenonifs}) and defined($ctx->{dnslistenonifs}->{ipv4})) { + push @newnamed, "\tlisten-on \{\n"; + foreach (@{$ctx->{dnslistenonifs}->{ipv4}}) { + push @newnamed,"\t\t".$_.";\n"; + } + push @newnamed,"\t};\n" + } + if (defined($ctx->{dnslistenonifs}) and defined($ctx->{dnslistenonifs}->{ipv6})) { + push @newnamed,"\tlisten-on-v6 \{\n"; + foreach (@{$ctx->{dnslistenonifs}->{ipv6}}) { + push @newnamed,"\t\t".$_.";\n"; + } + push @newnamed,"\t};\n"; + } + push @newnamed,"};\n\n"; } @@ -1068,7 +1154,7 @@ sub update_namedconf { $ctx->{restartneeded}=1; } } - + my $cmd = "grep '^nameserver' /etc/resolv.conf | awk '{print \$2}'"; my @output = xCAT::Utils->runcmd($cmd, 0); my $zone;