Patches version 2 fix a minor typo. I have completed testing of in VM with 0, 1, 2 and 4 wired network interfaces.
-- Sunil
From 0aa3e258f5f6b5efccfe923fba5177ebf670ba0d Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <su...@medhas.org>
Date: Wed, 5 Aug 2015 16:31:44 +0530
Subject: [PATCH 1/4] network: Remove interface re-naming
- It does not work anymore with the removal of
/lib/udev/write_net_rules.
- Ordering interfaces by MAC addresses might work on some devices such
as Dreamplug but won't work on others.
- systemd has a new mechanism of naming intefaces predictably. We can
start using this to configure interfaces more reliably.
- Also remove writing to /etc/network/intefaces as we are only writing
"lo" setup to it currently. The rest of the configuration being done
by network manager.
---
debian/changelog | 5 ++++-
first-run.d/05_network | 57 ++------------------------------------------------
2 files changed, 6 insertions(+), 56 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index f64f149..3107f89 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,13 +5,16 @@ freedombox-setup (0.5) UNRELEASED; urgency=medium
* Use nmcli to setup network connections (Closes: #786689).
* Remove jwchat/ejabber setup as it is handle by Plinth (Closes: #787025).
* Remove LDAP root password and create ou=groups (Closes: #787128).
+ * Remove renaming of network interaces as it does not work. Start using
+ systemd's new predictable naming. Don't alter
+ /etc/network/interface anymore. (Closes: #789441).
[ James Valleroy ]
* Apply patch from Sunil to fix hang issue when building Raspberry Pi images.
* Remove privoxy setup as it happens in Plinth now (Closes: #791704).
* Configure PAM for LDAP user logins (Close: #792233).
- -- James Valleroy <jvalle...@mailbox.org> Sat, 01 Aug 2015 20:29:03 -0400
+ -- Sunil Mohan Adapa <su...@medhas.org> Wed, 05 Aug 2015 16:37:58 +0530
freedombox-setup (0.4) experimental; urgency=low
diff --git a/first-run.d/05_network b/first-run.d/05_network
index 1529fd8..e5cc14b 100755
--- a/first-run.d/05_network
+++ b/first-run.d/05_network
@@ -23,49 +23,6 @@ function get-wired-interfaces {
| grep "^[^l][^o]"`
}
-function remove-udev {
- # removes udev rules.
-
- rm -f /etc/udev/rules.d/75-persistent-net-generator.rules
-}
-
-function sort-interfaces {
- # always name interfaces in same order as MAC addresses
-
- # "service networking restart" deprecated.
- service networking stop; service networking start
-
- MACS=$(ifconfig | awk '/Ethernet/ { print $5 }' | sort)
- COUNT=0
- for MAC in $MACS; do
- export MATCHADDR=$MAC
- export INTERFACE=eth
- export INTERFACE_NAME=eth$COUNT
- /lib/udev/write_net_rules
- COUNT=$((COUNT+1))
- done
-}
-
-function interfaces-start {
- # creates empty network-interfaces file.
-
- cat > $IFACES_FILE <<EOF
-# This file describes the network interfaces available on your system
-# and how to activate them. For more information, see interfaces(5).
-EOF
-}
-
-function interfaces-lo {
- # add loopback to interfaces file.
-
- cat >> $IFACES_FILE <<EOF
-# The loopback network interface
-auto lo
- iface lo inet loopback
-
-EOF
-}
-
function interfaces-eth0 {
# create n-m connection for eth0
nmcli con add con-name freedomboxWAN ifname eth0 type ethernet
@@ -84,24 +41,14 @@ function interfaces-eth1 {
nmcli con modify freedomboxLAN connection.zone internal
}
-function default-setup {
- # normal, shared setup for all devices.
-
- remove-udev
- interfaces-start
- interfaces-lo
- interfaces-eth0
- sort-interfaces
-}
-
function two-wired-setup {
- default-setup
+ interfaces-eth0
interfaces-eth1
echo "Two wired-interfaces setup complete."
}
function one-wired-setup {
- default-setup
+ interfaces-eth0
echo "One wired-interfaces setup complete."
}
--
2.1.4
From 7cee9bb3f1e1909661fdb129b7248f1f0f3c044a Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <su...@medhas.org>
Date: Wed, 5 Aug 2015 16:43:58 +0530
Subject: [PATCH 2/4] Ignore intermediate generated files.
---
.gitignore | 11 +++++++++++
1 file changed, 11 insertions(+)
create mode 100644 .gitignore
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..38c6aa0
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,11 @@
+/doc/manual-jessie.epub
+/doc/manual-jessie.html
+/doc/manual-jessie.pdf
+/doc/manual-jessie.txt
+/debian/freedombox-setup/
+/debian/freedombox-setup.debhelper.log
+/debian/*.debhelper
+/debian/files
+/debian/freedombox-setup.substvars
+/.emacs.desktop*
+/doc/README.fbx-home
--
2.1.4
From 43f0fe385dafe4514031e5568f5198e94d979647 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <su...@medhas.org>
Date: Wed, 5 Aug 2015 20:32:42 +0530
Subject: [PATCH 3/4] Use network manager configuring shared connections
On shared network interfaces:
- Self-assign an address and network
- Start and manage DNS server (dnsmasq)
- Start and manage DHCP server (dnsmasq)
- Register address with mDNS
- Add firewall rules for NATing from this interface
With this explict configuration for DNS and DHCP servers is no longer
required.
---
debian/changelog | 1 +
debian/control | 3 +--
first-run.d/05_network | 13 ++++++++++---
setup.d/30_dnsmasq-server | 34 ----------------------------------
setup.d/40_dhcp-server | 42 ------------------------------------------
5 files changed, 12 insertions(+), 81 deletions(-)
delete mode 100755 setup.d/30_dnsmasq-server
delete mode 100755 setup.d/40_dhcp-server
diff --git a/debian/changelog b/debian/changelog
index 3107f89..4b5e313 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ freedombox-setup (0.5) UNRELEASED; urgency=medium
* Remove renaming of network interaces as it does not work. Start using
systemd's new predictable naming. Don't alter
/etc/network/interface anymore. (Closes: #789441).
+ * Use network manager for configuring DNS and DHCP servers.
[ James Valleroy ]
* Apply patch from Sunil to fix hang issue when building Raspberry Pi images.
diff --git a/debian/control b/debian/control
index 332a1d2..d38c18a 100644
--- a/debian/control
+++ b/debian/control
@@ -33,7 +33,7 @@ Depends: ${misc:Depends}
, curl
, devio
, dialog
- , dnsmasq
+ , dnsmasq-base
, dnsutils
, dosfstools
, etckeeper
@@ -44,7 +44,6 @@ Depends: ${misc:Depends}
, iftop
, iptables
, iputils-ping
- , isc-dhcp-client
, iw
, libnss-gw-name
, libnss-mdns
diff --git a/first-run.d/05_network b/first-run.d/05_network
index e5cc14b..31ef5bb 100755
--- a/first-run.d/05_network
+++ b/first-run.d/05_network
@@ -31,11 +31,18 @@ function interfaces-eth0 {
}
function interfaces-eth1 {
- # create n-m connection for eth1
- nmcli con add con-name freedomboxLAN ifname eth1 type ethernet \
- ip4 192.168.1.1/24
+ # Create n-m connection for eth1
+ nmcli con add con-name freedomboxLAN ifname eth1 type ethernet
nmcli con modify freedomboxLAN connection.autoconnect TRUE
+ # Configure this interface to be shared with other computers.
+ # - Self-assign an address and network
+ # - Start and manage DNS server (dnsmasq)
+ # - Start and manage DHCP server (dnsmasq)
+ # - Register address with mDNS
+ # - Add firewall rules for NATing from this interface
+ nmcli con modify freedomboxLAN ipv4.method shared
+
# If two interfaces are available, then change eth0 to be external.
nmcli con modify freedomboxWAN connection.zone external
nmcli con modify freedomboxLAN connection.zone internal
diff --git a/setup.d/30_dnsmasq-server b/setup.d/30_dnsmasq-server
deleted file mode 100755
index c01d7c4..0000000
--- a/setup.d/30_dnsmasq-server
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-#
-# Replacement dnsmasq server configuration used by the dreamplug
-
-cat > /etc/dnsmasq.conf <<EOF
-log-facility=DAEMON
-
-local=/fbx/
-local=/freedombox/
-
-# We will serve this DNS domain
-# (DHCP hosts will receive a .lan suffix in DNS)
-domain=lan
-EOF
-
-cat > /etc/dnsmasq.d/freedombox-upstream-dns <<EOF
-# Upstream DNS server
-# FIXME this should be updated on boot.
-server=192.168.0.1@eth0
-EOF
-
-cat > /etc/dnsmasq.d/freedombox-dhcp-server <<EOF
-# We're the authoritative dhcpd
-# Read the manpage for a good explanation of what this does
-dhcp-authoritative
-
-# We are going to serve hosts for:
-# - LAN (192.168.1.0/24) (Only static hosts)
-# - WLAN (192.168.2.0/24)
-# New clients will receive an IP from the WLAN range.
-
-dhcp-range=set:lan,192.168.1.10,192.168.1.100,255.255.255.0,2h
-dhcp-range=set:wlan,192.168.2.10,192.168.2.100,255.255.255.0,2h
-EOF
diff --git a/setup.d/40_dhcp-server b/setup.d/40_dhcp-server
deleted file mode 100755
index d91fb0b..0000000
--- a/setup.d/40_dhcp-server
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-#
-# Replacement DHCP server configuration used on the dreamplug
-
-# Disabled while dnsmasq is used as DHCP server
-echo warning: Not setting up isc-dhcp-server, as dnsmasq is used instead.
-exit 0
-
-cat > /etc/dhcp/dhcpd.conf<<EOF
-#
-# FreedomBox ISC dhcpd configuration
-#
-#
-
-# The ddns-updates-style parameter controls whether or not the server will
-# attempt to do a DNS update when a lease is confirmed. We default to the
-# behavior of the version 2 packages ('none', since DHCP v2 didn't
-# have support for DDNS.)
-ddns-update-style none;
-
-# option definitions common to all supported networks...
-option domain-name "free.dom";
-option domain-name-servers ns1.free.dom, ns2.free.dom;
-
-default-lease-time 600;
-max-lease-time 7200;
-
-# If this DHCP server is the official DHCP server for the local
-# network, the authoritative directive should be uncommented.
-authoritative;
-
-# Use this to send dhcp log messages to a different log file (you also
-# have to hack syslog.conf to complete the redirection).
-log-facility local7;
-
-# basic subnet configuration for the 'downstream' wired network
-
-subnet 192.168.1.0 netmask 255.255.255.0 {
- range 192.168.1.10 192.168.1.100;
- option routers 192.168.1.1;
-}
-EOF
--
2.1.4
From d427bc760744c94a0afb561042aacf37ac06b898 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <su...@medhas.org>
Date: Wed, 5 Aug 2015 21:56:19 +0530
Subject: [PATCH 4/4] Fix assumption of network interface names
- Make the code for more than two interfaces.
---
first-run.d/05_network | 71 +++++++++++++++++++++++++++-----------------------
1 file changed, 39 insertions(+), 32 deletions(-)
diff --git a/first-run.d/05_network b/first-run.d/05_network
index 31ef5bb..268133c 100755
--- a/first-run.d/05_network
+++ b/first-run.d/05_network
@@ -17,23 +17,30 @@ fi
INTERFACE_DETECT="interface-detect"
function get-wired-interfaces {
- # set WIRED_IFACES to list of wired interfaces, less lo.
-
- WIRED_IFACES=`$INTERFACE_DETECT | grep "wired" \
- | grep "^[^l][^o]"`
+ # XXX: Sorting of interfaces is non-numeric
+ WIRED_IFACES=$(nmcli --terse --fields type,device device | grep "^ethernet:" | cut -d: -f2 | sort)
+ NO_OF_WIRED_IFACES=$(echo $WIRED_IFACES | wc -w)
}
-function interfaces-eth0 {
- # create n-m connection for eth0
- nmcli con add con-name freedomboxWAN ifname eth0 type ethernet
+function configure-regular-interface {
+ interface="$1"
+ zone="$2"
+
+ # Create n-m connection for a regular interface
+ nmcli con add con-name freedomboxWAN ifname $interface type ethernet
nmcli con modify freedomboxWAN connection.autoconnect TRUE
- nmcli con modify freedomboxWAN connection.zone internal
+ nmcli con modify freedomboxWAN connection.zone $zone
+
+ echo "Configured interface $interface for $zone use."
}
-function interfaces-eth1 {
+function configure-shared-interface {
+ interface="$1"
+
# Create n-m connection for eth1
- nmcli con add con-name freedomboxLAN ifname eth1 type ethernet
- nmcli con modify freedomboxLAN connection.autoconnect TRUE
+ nmcli con add con-name freedomboxLAN$interface ifname $interface type ethernet
+ nmcli con modify freedomboxLAN$interface connection.autoconnect TRUE
+ nmcli con modify freedomboxLAN$interface connection.zone internal
# Configure this interface to be shared with other computers.
# - Self-assign an address and network
@@ -41,26 +48,27 @@ function interfaces-eth1 {
# - Start and manage DHCP server (dnsmasq)
# - Register address with mDNS
# - Add firewall rules for NATing from this interface
- nmcli con modify freedomboxLAN ipv4.method shared
+ nmcli con modify freedomboxLAN$interface ipv4.method shared
- # If two interfaces are available, then change eth0 to be external.
- nmcli con modify freedomboxWAN connection.zone external
- nmcli con modify freedomboxLAN connection.zone internal
+ echo "Configured interface $interface for shared use."
}
-function two-wired-setup {
- interfaces-eth0
- interfaces-eth1
- echo "Two wired-interfaces setup complete."
-}
+function multi-wired-setup {
+ first_interface="$1"
+ shift
+ remaining_interfaces="$@"
-function one-wired-setup {
- interfaces-eth0
- echo "One wired-interfaces setup complete."
+ configure-regular-interface $first_interface external
+
+ for interface in $remaining_interfaces
+ do
+ configure-shared-interface $interface
+ done
}
-function zero-wired-setup {
- echo "No wired interfaces detected. Not configuring networking."
+function one-wired-setup {
+ interface="$1"
+ configure-regular-interface $interface internal
}
function update-null-macs {
@@ -106,16 +114,15 @@ function generate_dummy_mac {
echo "Setting up network configuration..."
get-wired-interfaces
-# count wired interfaces
-case `echo $WIRED_IFACES | wc -w` in
- "2")
- two-wired-setup
+case $NO_OF_WIRED_IFACES in
+ "0")
+ echo "No wired interfaces detected."
;;
"1")
- one-wired-setup
+ one-wired-setup $WIRED_IFACES
;;
- "0")
- zero-wired-setup
+ *)
+ multi-wired-setup $WIRED_IFACES
esac
update-null-macs
--
2.1.4
signature.asc
Description: OpenPGP digital signature
