rpms / openstack-nova

Clone
Source Code
GIT

Files

  1.   07d81d73
  2.   0013-Cloudpipe-tap-vpn-not-always-working.patch
Blob Blame History Raw 
From 7c64de95f422add711bcdf5821310435e7be0199 Mon Sep 17 00:00:00 2001
From: Cor Cornelisse <cor@hyves.nl>
Date: Fri, 6 Apr 2012 15:54:16 +0200
Subject: [PATCH] Cloudpipe tap vpn not always working

Fixes bug 975043

Since Essex, all instances will have an eth0 MAC address in the range
of FA:16:3E, which is near the end of the MAC address space.

When openvpn is started, a TAP interface is created with a random
generated MAC address. Chances are high the generated MAC address is
lower in value than the eth0 MAC address. Once the tap interface is
added to the bridge interface, the bridge interface will no longer have
the eth0 MAC address, but take over the TAP MAC address. This is a
feature of the linux kernel, whereby a bridge interface will take the
MAC address with the lowest value amongst its interfaces. After the ARP
entries expire, this will result in the cloudpipe instance being no
longer reachable.

This fix, randomly generates a MAC address starting with FA:17:3E, which
is greater than FA, and will thus ensure the brige will keep the eth0 MAC
address.

Change-Id: I0bd994b6dc7a92738ed23cd62ee42a021fd394e2
---
 nova/cloudpipe/bootscript.template |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/nova/cloudpipe/bootscript.template b/nova/cloudpipe/bootscript.template
index 94dea3f..0fe38b7 100755
--- a/nova/cloudpipe/bootscript.template
+++ b/nova/cloudpipe/bootscript.template
@@ -24,6 +24,10 @@ export VPN_IP=`ifconfig  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2
 export BROADCAST=`ifconfig  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f3 | awk '{print $$1}'`
 export DHCP_MASK=`ifconfig  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f4 | awk '{print $$1}'`
 export GATEWAY=`netstat -r | grep default | cut -d' ' -f10`
+# Need a higher valued MAC address than eth0, to prevent the TAP MAC address
+# from becoming the bridge MAC address. Since Essex eth0 MAC starts with
+# FA:16:3E, we'll thus generate a MAC starting with FA:17:3E to be higher than eth0.
+export RANDOM_TAP_MAC=`openssl rand -hex 8 | sed 's/\(..\)/\1:/g' | cut -b-8 | awk '{print "FA:17:3E:"$$1}'`
 
 DHCP_LOWER=`echo $$BROADCAST | awk -F. '{print $$1"."$$2"."$$3"." $$4 - ${num_vpn} }'`
 DHCP_UPPER=`echo $$BROADCAST | awk -F. '{print $$1"."$$2"."$$3"." $$4 - 1 }'`
@@ -47,5 +51,6 @@ sed -i -e s/max-clients\ 1/max-clients\ 10/g server.conf
 echo "push \"route ${dmz_net} ${dmz_mask} $$GATEWAY\"" >> server.conf
 echo "duplicate-cn" >> server.conf
 echo "crl-verify /etc/openvpn/crl.pem" >> server.conf
+echo "lladdr $$RANDOM_TAP_MAC" >> server.conf
 
 /etc/init.d/openvpn start
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.