Enhance the ddns.pm to support the site.dnsinterfaces for DNS server to listen on specific interfaces instead of all
This commit is contained in:
daniceexi
@@ -995,6 +995,16 @@ site => {
|
||||
" dnsupdaters: The value are \',\' separated string which will be added to the zone config\n".
|
||||
" section. This is an interface for user to add configuration entries to\n".
|
||||
" the zone sections in named.conf.\n\n".
|
||||
" dnsinterfaces: The network interfaces DNS server should listen on. If it is the same\n".
|
||||
" for all nodes, use a simple comma-separated list of NICs. To\n".
|
||||
" specify different NICs for different nodes:\n".
|
||||
" xcatmn|eth1,eth2;service|bond0.\n".
|
||||
" In this example xcatmn is the name of the xCAT MN, and DNS there\n".
|
||||
" should listen on eth1 and eth2. On all of the nodes in group\n".
|
||||
" 'service' DNS should listen on the bond0 nic.\n".
|
||||
" NOTE: if using this attribute to block certain interfaces, make sure\n".
|
||||
" the ip maps to your hostname of xCAT MN is not blocked since xCAT needs to\n".
|
||||
" use this ip to communicate with the local NDS server on MN.\n\n".
|
||||
" -------------------------\n".
|
||||
"HARDWARE CONTROL ATTRIBUTES\n".
|
||||
" -------------------------\n".
|
||||
|
||||
@@ -515,6 +515,61 @@ sub process_request {
|
||||
$ctx->{zonestotouch}->{$_->{domain}}=1;
|
||||
}
|
||||
}
|
||||
|
||||
# get the listen on port for the DNS server from site.dnsinterfaces
|
||||
my @dnsifinsite = xCAT::TableUtils->get_site_attribute("dnsinterfaces");
|
||||
if (@dnsifinsite)
|
||||
#syntax should be like host|ifname1,ifname2;host2|ifname3,ifname2 etc or simply ifname,ifname2
|
||||
{
|
||||
my $dnsinterfaces = $dnsifinsite[0];
|
||||
my $listenonifs;
|
||||
foreach my $dnsif (split /;/,$dnsinterfaces) {
|
||||
if ($dnsif =~ /\|/) { # there's host in the string
|
||||
my ($hosts,$dnsif) = split /\|/,$dnsif;
|
||||
if (! xCAT::NetworkUtils->thishostisnot($hosts)) {
|
||||
$listenonifs=$dnsif;
|
||||
} else {
|
||||
# this host string might be a xcat group, try to test each node in the group
|
||||
foreach my $host (noderange($hosts)) {
|
||||
unless (xCAT::NetworkUtils->thishostisnot($host)) {
|
||||
$listenonifs=$dnsif;
|
||||
last;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$listenonifs = $dnsif;
|
||||
}
|
||||
|
||||
# get the ip for each interface and set it to $ctx->{dnslistenonifs}
|
||||
if ($listenonifs) {
|
||||
$listenonifs = "lo,".$listenonifs;
|
||||
# get the ip address for each interface
|
||||
my (@listenipv4, @listenipv6);
|
||||
for my $if (split /,/, $listenonifs) {
|
||||
my @ifaddrs = `ip addr show $if`;
|
||||
foreach (@ifaddrs) {
|
||||
if (/^\s*inet\s+([^ ]*)/) {
|
||||
my $ip = $1;
|
||||
$ip =~ s/\/.*//;
|
||||
push @listenipv4, $ip;
|
||||
} elsif (/^\s*inet6\s+([^ ]*)/) {
|
||||
my $ip = $1;
|
||||
$ip =~ s/\/.*//;
|
||||
push @listenipv6, $ip;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (@listenipv4) {
|
||||
$ctx->{dnslistenonifs}->{ipv4} = \@listenipv4;
|
||||
}
|
||||
if (@listenipv6) {
|
||||
$ctx->{dnslistenonifs}->{ipv6} = \@listenipv6;
|
||||
}
|
||||
last;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
xCAT::SvrUtils::sendmsg("Getting reverse zones, this may take several minutes for a large cluster.", $callback);
|
||||
|
||||
@@ -930,6 +985,20 @@ sub update_namedconf {
|
||||
push @newnamed,"\t\t".$_.";\n";
|
||||
}
|
||||
push @newnamed,"\t};\n";
|
||||
} elsif (defined($ctx->{dnslistenonifs}) and defined($ctx->{dnslistenonifs}->{ipv4}) and $line =~ /listen-on {/) {
|
||||
push @newnamed,"\tlisten-on \{\n";
|
||||
$skip=1;
|
||||
foreach (@{$ctx->{dnslistenonifs}->{ipv4}}) {
|
||||
push @newnamed,"\t\t".$_.";\n";
|
||||
}
|
||||
push @newnamed,"\t};\n";
|
||||
} elsif (defined($ctx->{dnslistenonifs}) and defined($ctx->{dnslistenonifs}->{ipv6}) and $line =~ /listen-on-v6 {/) {
|
||||
push @newnamed,"\tlisten-on-v6 \{\n";
|
||||
$skip=1;
|
||||
foreach (@{$ctx->{dnslistenonifs}->{ipv6}}) {
|
||||
push @newnamed,"\t\t".$_.";\n";
|
||||
}
|
||||
push @newnamed,"\t};\n";
|
||||
} elsif ($skip) {
|
||||
if ($line =~ /};/) {
|
||||
$skip = 0;
|
||||
@@ -1029,7 +1098,7 @@ sub update_namedconf {
|
||||
push @newnamed,"\tdirectory \"".$ctx->{zonesdir}."\";\n";
|
||||
push @newnamed, "\tallow-recursion { any; };\n";
|
||||
}
|
||||
push @newnamed,"\t\t//listen-on-v6 { any; };\n";
|
||||
#push @newnamed,"\t\t//listen-on-v6 { any; };\n";
|
||||
if ($ctx->{forwarders}) {
|
||||
push @newnamed,"\tforwarders {\n";
|
||||
foreach (@{$ctx->{forwarders}}) {
|
||||
@@ -1055,6 +1124,23 @@ sub update_namedconf {
|
||||
push @newnamed,"\t};\n";
|
||||
}
|
||||
}
|
||||
|
||||
# add the listen-on option
|
||||
if (defined($ctx->{dnslistenonifs}) and defined($ctx->{dnslistenonifs}->{ipv4})) {
|
||||
push @newnamed, "\tlisten-on \{\n";
|
||||
foreach (@{$ctx->{dnslistenonifs}->{ipv4}}) {
|
||||
push @newnamed,"\t\t".$_.";\n";
|
||||
}
|
||||
push @newnamed,"\t};\n"
|
||||
}
|
||||
if (defined($ctx->{dnslistenonifs}) and defined($ctx->{dnslistenonifs}->{ipv6})) {
|
||||
push @newnamed,"\tlisten-on-v6 \{\n";
|
||||
foreach (@{$ctx->{dnslistenonifs}->{ipv6}}) {
|
||||
push @newnamed,"\t\t".$_.";\n";
|
||||
}
|
||||
push @newnamed,"\t};\n";
|
||||
}
|
||||
|
||||
push @newnamed,"};\n\n";
|
||||
}
|
||||
|
||||
@@ -1068,7 +1154,7 @@ sub update_namedconf {
|
||||
$ctx->{restartneeded}=1;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
my $cmd = "grep '^nameserver' /etc/resolv.conf | awk '{print \$2}'";
|
||||
my @output = xCAT::Utils->runcmd($cmd, 0);
|
||||
my $zone;
|
||||
|
||||
Reference in New Issue
Block a user