dicos/99_one-master.xml: Ajout et utilisation de la variable arp_cache_poisoning

Permet d'activer ou de désactiver la protection arp_cache_poisoning, si cette option
est activée avec OpenVswitch et des réseaux de niveau 2, les VM ne boot pas car elles
n'ont pas d'IP et ovs-flowctl attend absolument une IP pour ajouter les règles anti ARP spoofing.
This commit is contained in:
Philippe Caseiro 2015-07-09 07:59:19 +02:00
parent d140b32d03
commit b4f5544a25
2 changed files with 42 additions and 0 deletions

View File

@ -4,6 +4,7 @@
<!--file filelist='onesinglenode' name='/etc/one/sunstone-server.conf' rm='True' mkdir='True'/--> <!--file filelist='onesinglenode' name='/etc/one/sunstone-server.conf' rm='True' mkdir='True'/-->
<file filelist='onesinglenode' name='/etc/one/vmm_exec/vmm_exec_kvm.conf' rm='True' mkdir='True'/> <file filelist='onesinglenode' name='/etc/one/vmm_exec/vmm_exec_kvm.conf' rm='True' mkdir='True'/>
<file filelist='onesinglenode' name='/etc/one/oned.conf' rm='True' mkdir='True'/> <file filelist='onesinglenode' name='/etc/one/oned.conf' rm='True' mkdir='True'/>
<file filelist='onesinglenode' name='/var/lib/one/remotes/vnm/OpenNebulaNetwork.conf' rm='True' mkdir='True'/>
<service type='service'>opennebula</service> <service type='service'>opennebula</service>
<service_access service='one-ssh'> <service_access service='one-ssh'>
@ -59,6 +60,9 @@
<variable name='activer_multinode' description='Activer le mode multi-noeud' mode='expert' type='oui/non'> <variable name='activer_multinode' description='Activer le mode multi-noeud' mode='expert' type='oui/non'>
<value>non</value> <value>non</value>
</variable> </variable>
<variable name='arp_cache_poisoning' type='oui/non' description="Activer la protection contre l'ARP Poisoning" mode='expert'>
<value>non</value>
</variable>
<variable name='one_nodes' type='string' description='Noeud voisin du Cluster' multi='True'/> <variable name='one_nodes' type='string' description='Noeud voisin du Cluster' multi='True'/>
<variable name='node_ip' type='ip' description='Adresse IP du noeud' multi='True'/> <variable name='node_ip' type='ip' description='Adresse IP du noeud' multi='True'/>
</family> </family>
@ -97,6 +101,7 @@
<target type='variable'>l2_vnet_size</target> <target type='variable'>l2_vnet_size</target>
<target type='variable'>l2_vnet_vlan_tag</target> <target type='variable'>l2_vnet_vlan_tag</target>
<target type='variable'>l2_vnet_vlan_trunk</target> <target type='variable'>l2_vnet_vlan_trunk</target>
<target type='variable'>arp_cache_poisoning</target>
</condition> </condition>
<condition name='disabled_if_in' source='activer_multinode'> <condition name='disabled_if_in' source='activer_multinode'>
@ -151,9 +156,12 @@
<target type='variable'>l2_vnet_size</target> <target type='variable'>l2_vnet_size</target>
<target type='variable'>l2_vnet_vlan_tag</target> <target type='variable'>l2_vnet_vlan_tag</target>
<target type='variable'>l2_vnet_vlan_trunk</target> <target type='variable'>l2_vnet_vlan_trunk</target>
<target type='variable'>arp_cache_poisoning</target>
</condition> </condition>
</constraints> </constraints>
<help> <help>
<variable name='activer_onesinglenode'>Interface d'administration du Cluster OpenNebula.</variable> <variable name='activer_onesinglenode'>Interface d'administration du Cluster OpenNebula.</variable>
<variable name='arp_cache_poisoning'>Active la protection contre les attaques par empoisonnement ARP. Non compatible avec les réseaux de Niveau 2</variable>
</help> </help>
</creole> </creole>

View File

@ -0,0 +1,34 @@
# -------------------------------------------------------------------------- #
# Copyright 2002-2014, OpenNebula Project (OpenNebula.org), C12G Labs #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
################################################################################
# General Options
################################################################################
# Configure the initial VLAN ID tag (corresponds to vnet ID = 0)
:start_vlan: 2
################################################################################
# Open vSwitch Options
################################################################################
# Enable ARP Cache Poisoning Prevention Rules
%if %%getVar('arp_cache_poisoning','non') == 'oui'
:arp_cache_poisoning: true
%else
:arp_cache_poisoning: false
%end if