diff --git a/sub_scripts/lxc_build.sh b/sub_scripts/lxc_build.sh index 0107f14..e7bee83 100755 --- a/sub_scripts/lxc_build.sh +++ b/sub_scripts/lxc_build.sh @@ -9,6 +9,7 @@ ARG_SSH="-t" DOMAIN=domain.tld YUNO_PWD=admin LXC_NAME=pchecker_lxc +LXC_BRIDGE=lxc-pchecker # Tente de définir l'interface réseau principale main_iface=$(sudo route | grep default | awk '{print $8;}') # Prend l'interface réseau défini par default @@ -47,9 +48,9 @@ echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/lxc_pchecker.conf >> "$LOG sudo sysctl -p /etc/sysctl.d/lxc_pchecker.conf >> "$LOG_BUILD_LXC" 2>&1 echo -e "\e[1m> Ajoute un brige réseau pour la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC" -echo | sudo tee /etc/network/interfaces.d/lxc-pchecker <> "$LOG_BUILD_LXC" 2>&1 -auto lxc-pchecker -iface lxc-pchecker inet static +echo | sudo tee /etc/network/interfaces.d/$LXC_BRIDGE <> "$LOG_BUILD_LXC" 2>&1 +auto $LXC_BRIDGE +iface $LXC_BRIDGE inet static address $PLAGE_IP.1/24 bridge_ports none bridge_fd 0 @@ -57,17 +58,17 @@ iface lxc-pchecker inet static EOF echo -e "\e[1m> Active le bridge réseau\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo ifup lxc-pchecker --interfaces=/etc/network/interfaces.d/lxc-pchecker >> "$LOG_BUILD_LXC" 2>&1 +sudo ifup $LXC_BRIDGE --interfaces=/etc/network/interfaces.d/$LXC_BRIDGE >> "$LOG_BUILD_LXC" 2>&1 echo -e "\e[1m> Configuration réseau du conteneur\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo sed -i 's/^lxc.network.type = empty$/lxc.network.type = veth\nlxc.network.flags = up\nlxc.network.link = lxc-pchecker\nlxc.network.name = eth0\nlxc.network.hwaddr = 00:FF:AA:00:00:01/' /var/lib/lxc/$LXC_NAME/config >> "$LOG_BUILD_LXC" 2>&1 +sudo sed -i "s/^lxc.network.type = empty$/lxc.network.type = veth\nlxc.network.flags = up\nlxc.network.link = $LXC_BRIDGE\nlxc.network.name = eth0\nlxc.network.hwaddr = 00:FF:AA:00:00:01/" /var/lib/lxc/$LXC_NAME/config >> "$LOG_BUILD_LXC" 2>&1 echo -e "\e[1m> Configuration réseau de la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC" sudo sed -i "s@iface eth0 inet dhcp@iface eth0 inet static\n\taddress $PLAGE_IP.2/24\n\tgateway $PLAGE_IP.1@" /var/lib/lxc/$LXC_NAME/rootfs/etc/network/interfaces >> "$LOG_BUILD_LXC" 2>&1 echo -e "\e[1m> Configure le parefeu\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo iptables -A FORWARD -i lxc-pchecker -o $main_iface -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1 -sudo iptables -A FORWARD -i $main_iface -o lxc-pchecker -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1 +sudo iptables -A FORWARD -i $LXC_BRIDGE -o $main_iface -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1 +sudo iptables -A FORWARD -i $main_iface -o $LXC_BRIDGE -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1 sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE >> "$LOG_BUILD_LXC" 2>&1 echo -e "\e[1m> Démarrage de la machine\e[0m" | tee -a "$LOG_BUILD_LXC" @@ -138,10 +139,10 @@ echo -e "\e[1m> Arrêt de la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC sudo lxc-stop -n $LXC_NAME >> "$LOG_BUILD_LXC" 2>&1 echo -e "\e[1m> Suppression des règles de parefeu\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo iptables -D FORWARD -i lxc-pchecker -o $main_iface -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1 -sudo iptables -D FORWARD -i $main_iface -o lxc-pchecker -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1 +sudo iptables -D FORWARD -i $LXC_BRIDGE -o $main_iface -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1 +sudo iptables -D FORWARD -i $main_iface -o $LXC_BRIDGE -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1 sudo iptables -t nat -D POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE >> "$LOG_BUILD_LXC" 2>&1 -sudo ifdown --force lxc-pchecker >> "$LOG_BUILD_LXC" 2>&1 +sudo ifdown --force $LXC_BRIDGE >> "$LOG_BUILD_LXC" 2>&1 echo -e "\e[1m> Création d'un snapshot\e[0m" | tee -a "$LOG_BUILD_LXC" sudo lxc-snapshot -n $LXC_NAME >> "$LOG_BUILD_LXC" 2>&1 diff --git a/sub_scripts/lxc_check.sh b/sub_scripts/lxc_check.sh index 4abaa0a..50481dd 100755 --- a/sub_scripts/lxc_check.sh +++ b/sub_scripts/lxc_check.sh @@ -9,6 +9,7 @@ if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$( PLAGE_IP=$(cat "$script_dir/lxc_build.sh" | grep PLAGE_IP= | cut -d '"' -f2) ARG_SSH="-t" LXC_NAME=$(cat "$script_dir/lxc_build.sh" | grep LXC_NAME= | cut -d '=' -f2) +LXC_BRIDGE=$(cat "$script_dir/lxc_build.sh" | grep LXC_BRIDGE= | cut -d '=' -f2) if [ -e "$script_dir/../config" ]; then main_iface=$(cat "$script_dir/../config" | grep iface= | cut -d '=' -f2) else # Si le fichier de config n'existe pas @@ -29,19 +30,19 @@ STOP_CONTAINER () { START_NETWORK () { echo "Initialisation du réseau pour le conteneur." - sudo ifup lxc-pchecker --interfaces=/etc/network/interfaces.d/lxc-pchecker + sudo ifup $LXC_BRIDGE --interfaces=/etc/network/interfaces.d/$LXC_BRIDGE # Activation des règles iptables - sudo iptables -A FORWARD -i lxc-pchecker -o $main_iface -j ACCEPT - sudo iptables -A FORWARD -i $main_iface -o lxc-pchecker -j ACCEPT + sudo iptables -A FORWARD -i $LXC_BRIDGE -o $main_iface -j ACCEPT + sudo iptables -A FORWARD -i $main_iface -o $LXC_BRIDGE -j ACCEPT sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE } STOP_NETWORK () { echo "Arrêt du réseau pour le conteneur." - sudo iptables -D FORWARD -i lxc-pchecker -o $main_iface -j ACCEPT > /dev/null 2>&1 - sudo iptables -D FORWARD -i $main_iface -o lxc-pchecker -j ACCEPT > /dev/null 2>&1 + sudo iptables -D FORWARD -i $LXC_BRIDGE -o $main_iface -j ACCEPT > /dev/null 2>&1 + sudo iptables -D FORWARD -i $main_iface -o $LXC_BRIDGE -j ACCEPT > /dev/null 2>&1 sudo iptables -t nat -D POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE > /dev/null 2>&1 - sudo ifdown --force lxc-pchecker > /dev/null 2>&1 + sudo ifdown --force $LXC_BRIDGE > /dev/null 2>&1 } REBOOT_CONTENEUR () { @@ -141,13 +142,13 @@ LXC_NETWORK_CONFIG () { echo "lxc.network.flags = up" | sudo tee -a /var/lib/lxc/$LXC_NAME/config fi fi - if ! sudo cat /var/lib/lxc/$LXC_NAME/config | grep -q "^lxc.network.link = lxc-pchecker"; then + if ! sudo cat /var/lib/lxc/$LXC_NAME/config | grep -q "^lxc.network.link = $LXC_BRIDGE"; then lxc_network=1 check_repair=1 if sudo cat /var/lib/lxc/$LXC_NAME/config | grep -q ".*lxc.network.link"; then - sudo sed -i "s/.*lxc.network.link.*/lxc.network.link = lxc-pchecker/g" /var/lib/lxc/$LXC_NAME/config + sudo sed -i "s/.*lxc.network.link.*/lxc.network.link = $LXC_BRIDGE" /var/lib/lxc/$LXC_NAME/config else - echo "lxc.network.link = lxc-pchecker" | sudo tee -a /var/lib/lxc/$LXC_NAME/config + echo "lxc.network.link = $LXC_BRIDGE" | sudo tee -a /var/lib/lxc/$LXC_NAME/config fi fi if ! sudo cat /var/lib/lxc/$LXC_NAME/config | grep -q "^lxc.network.name = eth0"; then @@ -193,9 +194,9 @@ check_repair=0 ### Test de la configuration réseau echo -e "\e[1m> Test de la configuration réseau du côté de l'hôte:\e[0m" CREATE_BRIDGE () { - echo | sudo tee /etc/network/interfaces.d/lxc-pchecker < Désactive le bridge réseau\e[0m" -sudo ifdown --force lxc-pchecker +sudo ifdown --force $LXC_BRIDGE echo -e "\e[1m> Supprime le brige réseau\e[0m" -sudo rm /etc/network/interfaces.d/lxc-pchecker +sudo rm /etc/network/interfaces.d/$LXC_BRIDGE echo -e "\e[1m> Suppression de la machine et de son snapshots\e[0m" sudo lxc-snapshot -n $LXC_NAME -d snap0 diff --git a/sub_scripts/lxc_upgrade.sh b/sub_scripts/lxc_upgrade.sh index 9f15b3d..320c391 100755 --- a/sub_scripts/lxc_upgrade.sh +++ b/sub_scripts/lxc_upgrade.sh @@ -12,6 +12,7 @@ touch "$script_dir/../pcheck.lock" # Met en place le lock de Package check PLAGE_IP=$(cat "$script_dir/lxc_build.sh" | grep PLAGE_IP= | cut -d '"' -f2) LXC_NAME=$(cat "$script_dir/lxc_build.sh" | grep LXC_NAME= | cut -d '=' -f2) +LXC_BRIDGE=$(cat "$script_dir/lxc_build.sh" | grep LXC_BRIDGE= | cut -d '=' -f2) if [ -e "$script_dir/../config" ]; then main_iface=$(cat "$script_dir/../config" | grep iface= | cut -d '=' -f2) else # Si le fichier de config n'existe pas @@ -34,19 +35,19 @@ if [ "$(whoami)" != "$(cat "$script_dir/setup_user")" ] && test -e "$script_dir/ fi echo "\e[1m> Active le bridge réseau\e[0m" -if ! sudo ifquery lxc-pchecker --state > /dev/null +if ! sudo ifquery $LXC_BRIDGE --state > /dev/null then - sudo ifup lxc-pchecker --interfaces=/etc/network/interfaces.d/lxc-pchecker + sudo ifup $LXC_BRIDGE --interfaces=/etc/network/interfaces.d/$LXC_BRIDGE fi echo "\e[1m> Configure le parefeu\e[0m" -if ! sudo iptables -D FORWARD -i lxc-pchecker -o $main_iface -j ACCEPT 2> /dev/null +if ! sudo iptables -D FORWARD -i $LXC_BRIDGE -o $main_iface -j ACCEPT 2> /dev/null then - sudo iptables -A FORWARD -i lxc-pchecker -o $main_iface -j ACCEPT + sudo iptables -A FORWARD -i $LXC_BRIDGE -o $main_iface -j ACCEPT fi -if ! sudo iptables -C FORWARD -i $main_iface -o lxc-pchecker -j ACCEPT 2> /dev/null +if ! sudo iptables -C FORWARD -i $main_iface -o $LXC_BRIDGE -j ACCEPT 2> /dev/null then - sudo iptables -A FORWARD -i $main_iface -o lxc-pchecker -j ACCEPT + sudo iptables -A FORWARD -i $main_iface -o $LXC_BRIDGE -j ACCEPT fi if ! sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null then @@ -82,10 +83,10 @@ echo "\e[1m> Arrêt de la machine virtualisée\e[0m" sudo lxc-stop -n $LXC_NAME echo "\e[1m> Suppression des règles de parefeu\e[0m" -sudo iptables -D FORWARD -i lxc-pchecker -o $main_iface -j ACCEPT -sudo iptables -D FORWARD -i $main_iface -o lxc-pchecker -j ACCEPT +sudo iptables -D FORWARD -i $LXC_BRIDGE -o $main_iface -j ACCEPT +sudo iptables -D FORWARD -i $main_iface -o $LXC_BRIDGE -j ACCEPT sudo iptables -t nat -D POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE -sudo ifdown --force lxc-pchecker +sudo ifdown --force $LXC_BRIDGE if [ "$update_apt" -eq 1 ]