From b4f5544a25c680e8a67682acf81d241fcac84e3b Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Thu, 9 Jul 2015 07:59:19 +0200
Subject: [PATCH] dicos/99_one-master.xml: Ajout et utilisation de la variable
 arp_cache_poisoning
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Permet d'activer ou de désactiver la protection arp_cache_poisoning, si cette option
est activée avec OpenVswitch et des réseaux de niveau 2, les VM ne boot pas car elles
n'ont pas d'IP et ovs-flowctl attend absolument une IP pour ajouter les règles anti ARP spoofing.
---
 dicos/99_one-master.xml     |  8 ++++++++
 tmpl/OpenNebulaNetwork.conf | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 tmpl/OpenNebulaNetwork.conf

diff --git a/dicos/99_one-master.xml b/dicos/99_one-master.xml
index c953b9a..a290c46 100644
--- a/dicos/99_one-master.xml
+++ b/dicos/99_one-master.xml
@@ -4,6 +4,7 @@
         <!--file filelist='onesinglenode' name='/etc/one/sunstone-server.conf' rm='True' mkdir='True'/-->
         <file filelist='onesinglenode' name='/etc/one/vmm_exec/vmm_exec_kvm.conf' rm='True' mkdir='True'/>
         <file filelist='onesinglenode' name='/etc/one/oned.conf' rm='True' mkdir='True'/>
+        <file filelist='onesinglenode' name='/var/lib/one/remotes/vnm/OpenNebulaNetwork.conf' rm='True' mkdir='True'/>
         <service type='service'>opennebula</service>
 
         <service_access service='one-ssh'>
@@ -59,6 +60,9 @@
             <variable name='activer_multinode' description='Activer le mode multi-noeud' mode='expert' type='oui/non'>
                 <value>non</value>
             </variable>
+            <variable name='arp_cache_poisoning' type='oui/non' description="Activer la protection contre l'ARP Poisoning" mode='expert'>
+                <value>non</value>
+            </variable>
             <variable name='one_nodes' type='string' description='Noeud voisin du Cluster' multi='True'/>
             <variable name='node_ip' type='ip' description='Adresse IP du noeud' multi='True'/>
         </family>
@@ -97,6 +101,7 @@
             <target type='variable'>l2_vnet_size</target>
             <target type='variable'>l2_vnet_vlan_tag</target>
             <target type='variable'>l2_vnet_vlan_trunk</target>
+            <target type='variable'>arp_cache_poisoning</target>
         </condition>
 
         <condition name='disabled_if_in' source='activer_multinode'>
@@ -151,9 +156,12 @@
             <target type='variable'>l2_vnet_size</target>
             <target type='variable'>l2_vnet_vlan_tag</target>
             <target type='variable'>l2_vnet_vlan_trunk</target>
+            <target type='variable'>arp_cache_poisoning</target>
         </condition>
     </constraints>
     <help>
         <variable name='activer_onesinglenode'>Interface d'administration du Cluster OpenNebula.</variable>
+        <variable name='arp_cache_poisoning'>Active la protection contre les attaques par empoisonnement ARP. Non compatible avec les réseaux de Niveau 2</variable>
+
     </help>
 </creole>
diff --git a/tmpl/OpenNebulaNetwork.conf b/tmpl/OpenNebulaNetwork.conf
new file mode 100644
index 0000000..4ee2c85
--- /dev/null
+++ b/tmpl/OpenNebulaNetwork.conf
@@ -0,0 +1,34 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2014, OpenNebula Project (OpenNebula.org), C12G Labs        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+
+################################################################################
+# General Options
+################################################################################
+
+# Configure the initial VLAN ID tag (corresponds to vnet ID = 0)
+:start_vlan: 2
+
+################################################################################
+# Open vSwitch Options
+################################################################################
+
+# Enable ARP Cache Poisoning Prevention Rules
+%if %%getVar('arp_cache_poisoning','non') == 'oui' 
+:arp_cache_poisoning: true
+%else
+:arp_cache_poisoning: false
+%end if
+