Bug fixes, and improvements.

This includes a bug fix found in the ipv6 agent for AWS SG's, along
with better IPv6 detection to get the current active source IPv6
address.
This commit is contained in:
Eric Renfro 2018-12-07 22:09:12 -05:00
parent 744be856b0
commit 402420472e
Signed by: psi-jack
GPG key ID: 14977F3A50D9A5BF
3 changed files with 40 additions and 29 deletions

View file

@ -15,19 +15,24 @@ if [[ -z "$agent_aws_sg_id" ]]; then
exit 99 exit 99
fi fi
if [[ -d "${DIP_BASE_DIR}/aws" ]]; then #if [[ -d "${DIP_BASE_DIR}/aws" ]]; then
if [[ ! -r "${DIP_BASE_DIR}/aws/config" ]]; then # if [[ ! -r "${DIP_BASE_DIR}/aws/config" ]]; then
logerr "ERROR: AWS config file not found: '${DIP_BASE_DIR}/aws/config'" # logerr "ERROR: AWS config file not found: '${DIP_BASE_DIR}/aws/config'"
exit 99 # exit 99
elif [[ ! -r "${DIP_BASE_DIR}/aws/credentials" ]]; then # elif [[ ! -r "${DIP_BASE_DIR}/aws/credentials" ]]; then
logerr "ERROR: AWS credentials file not found: '${DIP_BASE_DIR}/aws/credentials'" # logerr "ERROR: AWS credentials file not found: '${DIP_BASE_DIR}/aws/credentials'"
exit 99 # exit 99
else # else
export AWS_CONFIG_FILE="${DIP_BASE_DIR}/aws/config" # export AWS_CONFIG_FILE="${DIP_BASE_DIR}/aws/config"
export AWS_SHARED_CREDENTIALS_FILE="${DIP_BASE_DIR}/aws/credentials" # export AWS_SHARED_CREDENTIALS_FILE="${DIP_BASE_DIR}/aws/credentials"
fi # fi
else #else
logerr "ERROR: AWS config directory not found. '${DIP_BASE_DIR}/aws/' is expected to exist and contain 'config' and 'credentials' for AWS access." # logerr "ERROR: AWS config directory not found. '${DIP_BASE_DIR}/aws/' is expected to exist and contain 'config' and 'credentials' for AWS access."
# exit 99
#fi
if [[ -z "$AWS_ACCESS_KEY_ID" || -z "$AWS_SECRET_ACCESS_KEY" || -z "$AWS_DEFAULT_REGION" ]]; then
echo "ERROR: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY need to be set"
exit 99 exit 99
fi fi
@ -57,7 +62,7 @@ if valid_ipv6 "$DIP_CUR_IP"; then
log "No changes required." log "No changes required."
else else
log "Updating Security Group IPv6" log "Updating Security Group IPv6"
aws ec2 revoke-security-group-ingress --group-id "${agent_aws-sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${existingprefix}\"}]}]" aws ec2 revoke-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${existingprefix}\"}]}]"
aws ec2 authorize-security-group-ingress --group-id "${agent_aws-sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${currentprefix}\"}]}]" aws ec2 authorize-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${currentprefix}\"}]}]"
fi fi
fi fi

View file

@ -17,19 +17,24 @@ if [[ -z "$agent_update_dns_r53_id" ]]; then
exit 99 exit 99
fi fi
if [[ -d "${DIP_BASE_DIR}/aws" ]]; then #if [[ -d "${DIP_BASE_DIR}/aws" ]]; then
if [[ ! -r "${DIP_BASE_DIR}/aws/config" ]]; then # if [[ ! -r "${DIP_BASE_DIR}/aws/config" ]]; then
logerr "ERROR: AWS config file not found: '${DIP_BASE_DIR}/aws/config'" # logerr "ERROR: AWS config file not found: '${DIP_BASE_DIR}/aws/config'"
exit 99 # exit 99
elif [[ ! -r "${DIP_BASE_DIR}/aws/credentials" ]]; then # elif [[ ! -r "${DIP_BASE_DIR}/aws/credentials" ]]; then
logerr "ERROR: AWS credentials file not found: '${DIP_BASE_DIR}/aws/credentials'" # logerr "ERROR: AWS credentials file not found: '${DIP_BASE_DIR}/aws/credentials'"
exit 99 # exit 99
else # else
export AWS_CONFIG_FILE="${DIP_BASE_DIR}/aws/config" # export AWS_CONFIG_FILE="${DIP_BASE_DIR}/aws/config"
export AWS_SHARED_CREDENTIALS_FILE="${DIP_BASE_DIR}/aws/credentials" # export AWS_SHARED_CREDENTIALS_FILE="${DIP_BASE_DIR}/aws/credentials"
fi # fi
else #else
logerr "ERROR: AWS config directory not found. '${DIP_BASE_DIR}/aws/' is expected to exist and contain 'config' and 'credentials' for AWS access." # logerr "ERROR: AWS config directory not found. '${DIP_BASE_DIR}/aws/' is expected to exist and contain 'config' and 'credentials' for AWS access."
# exit 99
#fi
if [[ -z "$AWS_ACCESS_KEY_ID" || -z "$AWS_SECRET_ACCESS_KEY" ]]; then
echo "ERROR: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY need to be set"
exit 99 exit 99
fi fi

View file

@ -113,7 +113,8 @@ getIPv4() {
getIPv6() { getIPv6() {
local result local result
result=$(/sbin/ip -6 addr | grep inet6 | awk -F '[ \t]+|/' '{print $3}' | grep -v ^::1 | grep -v ^fe80) || return 1 #result=$(/sbin/ip -6 addr | grep inet6 | awk -F '[ \t]+|/' '{print $3}' | grep -v ^::1 | grep -v ^fe80) || return 1
result=$(ip -6 route get to 2001:4860:4860::8888 | sed 's/^.*src \([^ ]*\).*$/\1/;q') || return 1
if valid_ipv6 "$result"; then if valid_ipv6 "$result"; then
echo "$result" echo "$result"