dicos/99_one-master.xml: Ajout et utilisation de la variable arp_cache_poisoning
Permet d'activer ou de désactiver la protection arp_cache_poisoning, si cette option est activée avec OpenVswitch et des réseaux de niveau 2, les VM ne boot pas car elles n'ont pas d'IP et ovs-flowctl attend absolument une IP pour ajouter les règles anti ARP spoofing.
This commit is contained in:
parent
d140b32d03
commit
b4f5544a25
|
@ -4,6 +4,7 @@
|
||||||
<!--file filelist='onesinglenode' name='/etc/one/sunstone-server.conf' rm='True' mkdir='True'/-->
|
<!--file filelist='onesinglenode' name='/etc/one/sunstone-server.conf' rm='True' mkdir='True'/-->
|
||||||
<file filelist='onesinglenode' name='/etc/one/vmm_exec/vmm_exec_kvm.conf' rm='True' mkdir='True'/>
|
<file filelist='onesinglenode' name='/etc/one/vmm_exec/vmm_exec_kvm.conf' rm='True' mkdir='True'/>
|
||||||
<file filelist='onesinglenode' name='/etc/one/oned.conf' rm='True' mkdir='True'/>
|
<file filelist='onesinglenode' name='/etc/one/oned.conf' rm='True' mkdir='True'/>
|
||||||
|
<file filelist='onesinglenode' name='/var/lib/one/remotes/vnm/OpenNebulaNetwork.conf' rm='True' mkdir='True'/>
|
||||||
<service type='service'>opennebula</service>
|
<service type='service'>opennebula</service>
|
||||||
|
|
||||||
<service_access service='one-ssh'>
|
<service_access service='one-ssh'>
|
||||||
|
@ -59,6 +60,9 @@
|
||||||
<variable name='activer_multinode' description='Activer le mode multi-noeud' mode='expert' type='oui/non'>
|
<variable name='activer_multinode' description='Activer le mode multi-noeud' mode='expert' type='oui/non'>
|
||||||
<value>non</value>
|
<value>non</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
<variable name='arp_cache_poisoning' type='oui/non' description="Activer la protection contre l'ARP Poisoning" mode='expert'>
|
||||||
|
<value>non</value>
|
||||||
|
</variable>
|
||||||
<variable name='one_nodes' type='string' description='Noeud voisin du Cluster' multi='True'/>
|
<variable name='one_nodes' type='string' description='Noeud voisin du Cluster' multi='True'/>
|
||||||
<variable name='node_ip' type='ip' description='Adresse IP du noeud' multi='True'/>
|
<variable name='node_ip' type='ip' description='Adresse IP du noeud' multi='True'/>
|
||||||
</family>
|
</family>
|
||||||
|
@ -97,6 +101,7 @@
|
||||||
<target type='variable'>l2_vnet_size</target>
|
<target type='variable'>l2_vnet_size</target>
|
||||||
<target type='variable'>l2_vnet_vlan_tag</target>
|
<target type='variable'>l2_vnet_vlan_tag</target>
|
||||||
<target type='variable'>l2_vnet_vlan_trunk</target>
|
<target type='variable'>l2_vnet_vlan_trunk</target>
|
||||||
|
<target type='variable'>arp_cache_poisoning</target>
|
||||||
</condition>
|
</condition>
|
||||||
|
|
||||||
<condition name='disabled_if_in' source='activer_multinode'>
|
<condition name='disabled_if_in' source='activer_multinode'>
|
||||||
|
@ -151,9 +156,12 @@
|
||||||
<target type='variable'>l2_vnet_size</target>
|
<target type='variable'>l2_vnet_size</target>
|
||||||
<target type='variable'>l2_vnet_vlan_tag</target>
|
<target type='variable'>l2_vnet_vlan_tag</target>
|
||||||
<target type='variable'>l2_vnet_vlan_trunk</target>
|
<target type='variable'>l2_vnet_vlan_trunk</target>
|
||||||
|
<target type='variable'>arp_cache_poisoning</target>
|
||||||
</condition>
|
</condition>
|
||||||
</constraints>
|
</constraints>
|
||||||
<help>
|
<help>
|
||||||
<variable name='activer_onesinglenode'>Interface d'administration du Cluster OpenNebula.</variable>
|
<variable name='activer_onesinglenode'>Interface d'administration du Cluster OpenNebula.</variable>
|
||||||
|
<variable name='arp_cache_poisoning'>Active la protection contre les attaques par empoisonnement ARP. Non compatible avec les réseaux de Niveau 2</variable>
|
||||||
|
|
||||||
</help>
|
</help>
|
||||||
</creole>
|
</creole>
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
# -------------------------------------------------------------------------- #
|
||||||
|
# Copyright 2002-2014, OpenNebula Project (OpenNebula.org), C12G Labs #
|
||||||
|
# #
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
||||||
|
# not use this file except in compliance with the License. You may obtain #
|
||||||
|
# a copy of the License at #
|
||||||
|
# #
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0 #
|
||||||
|
# #
|
||||||
|
# Unless required by applicable law or agreed to in writing, software #
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, #
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
||||||
|
# See the License for the specific language governing permissions and #
|
||||||
|
# limitations under the License. #
|
||||||
|
#--------------------------------------------------------------------------- #
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# General Options
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
# Configure the initial VLAN ID tag (corresponds to vnet ID = 0)
|
||||||
|
:start_vlan: 2
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# Open vSwitch Options
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
# Enable ARP Cache Poisoning Prevention Rules
|
||||||
|
%if %%getVar('arp_cache_poisoning','non') == 'oui'
|
||||||
|
:arp_cache_poisoning: true
|
||||||
|
%else
|
||||||
|
:arp_cache_poisoning: false
|
||||||
|
%end if
|
||||||
|
|
Loading…
Reference in New Issue