Merge pull request #136 from redBorder/development

Release 2.1.0
redBorder · Jun 17, 2024 · 3c61e56 · 3c61e56
2 parents 129824f + a1910c6
commit 3c61e56
Show file tree

Hide file tree

Showing 6 changed files with 165 additions and 2 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-2.0.1
+2.1.0
diff --git a/resources/bin/rb_checkping.sh b/resources/bin/rb_checkping.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+#######################################################################
+# Copyright (c) 2014 ENEO Tecnología S.L.
+# This file is part of redBorder.
+# redBorder is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# redBorder is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License License for more details.
+# You should have received a copy of the GNU Affero General Public License License
+# along with redBorder. If not, see <http://www.gnu.org/licenses/>.
+#######################################################################
+
+HOST="$1"
+RET=1
+
+if [ "x$HOST" != "x" ]; then
+    RET=0
+    ping -c 1 $HOST &>/dev/null
+    if [ $? -ne 0 ]; then
+        sleep 1
+        ping -c 1 $HOST &>/dev/null
+        if [ $? -ne 0 ]; then
+            RET=1
+        fi
+    fi
+else
+    echo "Usage: $0 host port"
+fi
+
+exit $RET
diff --git a/resources/bin/rb_checkudp.sh b/resources/bin/rb_checkudp.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+#######################################################################
+# Copyright (c) 2014 ENEO Tecnología S.L.
+# This file is part of redBorder.
+# redBorder is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# redBorder is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License License for more details.
+# You should have received a copy of the GNU Affero General Public License License
+# along with redBorder. If not, see <http://www.gnu.org/licenses/>.
+#######################################################################
+
+HOST="$1"
+PORT="$2"
+RET=1
+
+if [ "x$HOST" != "x" -a "x$PORT" != "x" ]; then
+    RET=0
+    ping -c 1 $HOST &>/dev/null
+    if [ $? -ne 0 ]; then
+        sleep 1
+        ping -c 1 $HOST &>/dev/null
+        if [ $? -ne 0 ]; then
+            RET=1
+        fi
+    fi
+
+    if [ $RET -eq 0 ]; then
+        nc -znu -w 3 $HOST $PORT &>/dev/null
+        RET=$?
+    fi
+else
+    echo "Usage: $0 host port"
+fi
+
+exit $RET
diff --git a/resources/bin/rb_configure_leader.sh b/resources/bin/rb_configure_leader.sh
@@ -273,6 +273,35 @@ _RBEOF_
   "id": "cluster",
   "uuid": "$(cat /proc/sys/kernel/random/uuid)"
 }
+_RBEOF_
+
+  ## Generating external virtual ip
+  mkdir -p /var/chef/data/data_bag/rBglobal
+  cat > /var/chef/data/data_bag/rBglobal/ipvirtual-external-webui.json <<-_RBEOF_
+{
+  "id": "ipvirtual-external-webui"
+}
+_RBEOF_
+
+  mkdir -p /var/chef/data/data_bag/rBglobal
+  cat > /var/chef/data/data_bag/rBglobal/ipvirtual-external-f2k.json <<-_RBEOF_
+{
+  "id": "ipvirtual-external-f2k"
+}
+_RBEOF_
+
+  mkdir -p /var/chef/data/data_bag/rBglobal
+  cat > /var/chef/data/data_bag/rBglobal/ipvirtual-external-sfacctd.json <<-_RBEOF_
+{
+  "id": "ipvirtual-external-sfacctd"
+}
+_RBEOF_
+
+  mkdir -p /var/chef/data/data_bag/rBglobal
+  cat > /var/chef/data/data_bag/rBglobal/ipvirtual-external-kafka.json <<-_RBEOF_
+{
+  "id": "ipvirtual-external-kafka"
+}
 _RBEOF_
 
 LICMODE=$(head -n 1 /etc/licmode 2>/dev/null)
@@ -349,7 +378,7 @@ function configure_leader(){
                 hadoop samza nginx geoip webui snmp mongodb rbmonitor rbscanner
                 f2k logstash pmacct minio postgresql rbdswatcher rbevents-counter
                 rsyslog freeradius rbnmsp n2klocd rbale rbcep k2http rblogstatter rb-arubacentral rbcgroup rb-exporter rb-proxy rb-postfix
-                snort barnyard2 rb-ips rbaioutliers rb-manager" # The order matters!
+                keepalived snort barnyard2 rb-ips rbaioutliers rb-manager" # The order matters!
 
   for n in $listCookbooks; do # cookbooks
     # rsync -a /var/chef/cookbooks/${n}/ /var/chef/cache/cookbooks/$n

diff --git a/resources/bin/rb_create_lo.sh b/resources/bin/rb_create_lo.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+#######################################################################
+# Copyright (c) 2014 ENEO Tecnología S.L.
+# This file is part of redBorder.
+# redBorder is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# redBorder is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License License for more details.
+# You should have received a copy of the GNU Affero General Public License License
+# along with redBorder. If not, see <http://www.gnu.org/licenses/>.
+#######################################################################
+
+function read_from_ip() {
+    # check from ips readed from interface
+    while read line; do
+        IP=$(echo $line | awk '{print $2}' | tr '/' ' ' | awk '{print $1}')
+        n=$(echo $line | sed 's/.*lo//')
+
+        if [ "x$n" == "x" ]; then
+            ip a del ${IP}/32 dev lo
+        else
+            n=$(echo $line | sed 's/.*lo://')
+            if [ -f /etc/sysconfig/network-scripts/ifcfg-lo\:$n ]; then
+                source /etc/sysconfig/network-scripts/ifcfg-lo\:$n
+                [ "x$IPADDR" != "x$IP" ] && ip a del ${IP}/32 dev lo:$n 
+            else
+                ip a del ${IP}/32 dev lo:$n
+            fi
+        fi
+    done <<< "$(ip a s lo|grep "lo"|grep inet | grep global)"
+
+}
+
+read_from_ip
+
+for n in $(ls /etc/sysconfig/network-scripts/ifcfg-lo\:* | sed 's|/etc/sysconfig/network-scripts/ifcfg-lo:||'); do 
+    if [ -f /etc/sysconfig/network-scripts/ifcfg-lo\:$n ]; then
+        source /etc/sysconfig/network-scripts/ifcfg-lo\:$n
+
+        if [ "x$IPADDR" != "x" ]; then
+            CURRENT=$(ip a s lo |grep "lo:$n$" |grep inet|grep -v "127.0.0.1/8"|grep "global"| awk '{print $2}' | tr '/' ' ' | awk '{print $1}' | head -n 1)
+            if [ "x$CURRENT" != "x$IPADDR" ]; then
+                ifdown lo:$n
+                [ "x$CURRENT" != "x" ] && ip a del ${CURRENT}/32 dev lo:$n
+                ifup lo:$n
+            fi
+        fi
+    fi
+done
diff --git a/resources/scripts/rb_init_conf.rb b/resources/scripts/rb_init_conf.rb
@@ -329,6 +329,10 @@
   system("firewall-cmd --permanent --zone=home --add-port=162/udp &>/dev/null")
   system("firewall-cmd --permanent --zone=public --add-port=162/udp &>/dev/null")
 
+  #keepalived
+  system("firewall-cmd --add-protocol=112 --permanent")
+  system("firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"224.0.0.18\" accept' --permanent")
+
   #webui
   system("firewall-cmd --permanent --zone=home --add-port=8001/tcp &>/dev/null")