ネットワーク設定ツール

#-----------------------------------------------------------

usage(){

echo USAGE: ./set 

}

#-----------------------------------------------------------

DEBUG=debug

timedatectl set-timezone Asia/Tokyo

localectl set-locale LANG=ja_JP.utf8

DEVICE_1=`nmcli d |grep ethernet | sort |head -1 |tail -n 1 |cut -d " "  -f 1`

DEVICE_2=`nmcli d |grep ethernet | sort |head -2 |tail -n 1 |cut -d " "  -f 1`

DEVICE_3=`nmcli d |grep ethernet | sort |head -3 |tail -n 1 |cut -d " "  -f 1`

HOST_NAME=apisv1n

HOST_NAME=apisv2n

HOST_NAME=websv1n

HOST_NAME=websv2n

HOST_NAME=utlsv1n

HOST_NAME=officesv1n

HOST_NAME=postgres15

HOST_NAME=postgres15-2

HOST_NAME=oracle19c

HOST_NAME=zabbix

HOST_NAME=nassv

HOST_NAME=ora2pg

HOST_NAME=buildsv

HOST_NAME=igw

HOST_NAME=ngw-1a

HOST_NAME=ngw-1c

HOST_NAME=elb-api

HOST_NAME=elb-web

HOST_NAME=securitygroup

HOST_NAME=ami-rocky9-20G

HOST_NAME=ngw-1a

if [ "${DEBUG}" == "debug" ]; then

echo nmcli general hostname $HOST_NAME

else

nmcli general hostname $HOST_NAME

fi

#               HOST  NETWORK           DEVICE    IP    GW ROUTE

HOST_LISTS="    new|nassv|private_db_1a|-|10.0.18.201/24|10.0.18.2|-| \

new|securitygroup|global_network|enp1s0|192.168.1.240/24|192.168.1.1|-| \

                new|securitygroup|inside_control|enp7s0|10.0.1.2/24|-|-|  \

                new|securitygroup|public_nat_1a|enp8s0|10.0.10.2/24|-|-|  \

                new|securitygroup|public_nat_1c|enp9s0|10.0.20.2/24|-|-|  \

                new|securitygroup|private_api_1a|enp10s0|10.0.11.2/24|-|-| \

                new|securitygroup|private_api_1c|enp11s0|10.0.21.2/24|-|-| \

                new|securitygroup|private_web_1a|enp12s0|10.0.12.2/24|-|-| \

                new|securitygroup|private_web_1c|enp13s0|10.0.22.2/24|-|-| \

                new|securitygroup|private_utl_1a|enp14s0|10.0.13.2/24|-|-| \

                new|securitygroup|private_utl_1c|enp15s0|10.0.23.2/24|-|-| \

                new|securitygroup|private_ofc_1a|enp16s0|10.0.14.2/24|-|-| \

                new|securitygroup|private_ofc_1c|enp17s0|10.0.24.2/24|-|-| \

                new|securitygroup|private_db_1a|enp18s0|10.0.18.2/24|-|-|  \

                new|securitygroup|private_db_1c|enp19s0|10.0.28.2/24|-|-|  \

                new|securitygroup|private_mng_1a|enp20s0|10.0.19.2/24|-|-| \

                new|securitygroup|private_mng_1c|enp21s0|10.0.29.2/24|-|-| \

                new|elb-api|inside_control|-|10.0.1.101/24|10.0.1.2|-| \

                new|elb-web|inside_control|-|10.0.1.102/24|10.0.1.2|- |\

                new|igw|global_network|1|192.168.1.241/24|192.168.1.1|-| \

                mod|igw|global_network|1|192.168.1.242/24|-|-| \

                mod|igw|global_network|1|192.168.1.243/24|-|-| \

                mod|igw|global_network|1|192.168.1.244/24|-|-| \

                new|igw|inside_control|2|10.0.1.220/24|-|-| \

                new|ngw-1a|global_network|1|auto|192.168.1.1|-| \

                new|ngw-1a|public_nat_1a|2|10.0.10.101/24|-|-| \

                mod|ngw-1a|public_nat_1a|2|-|10.0.10.2|10.0.13.0/24| \

                mod|ngw-1a|public_nat_1a|2|-|10.0.10.2|10.0.14.0/24| \

                mod|ngw-1a|public_nat_1a|2|-|10.0.10.2|10.0.19.0/24| \

                nat|ngw-1a|public_nat_1a|-|-|-|-| \

                new|apisv1n|private_api_1a|-|10.0.11.101/24|10.0.11.2|-| \

                new|apisv2n|private_api_1c|-|10.0.21.101/24|10.0.21.2|-| \

                new|websv1n|private_web_1a|-|10.0.12.101/24|10.0.12.2|-| \

                new|websv2n|private_web_1c|-|10.0.22.101/24|10.0.22.2|-| \

                new|utlsv1n|private_utl_1a|-|10.0.13.101/24|10.0.13.2|-| \

                new|officesv1n|private_ofc_1a|-|10.0.14.101/24|10.0.14.2|-| \

                new|postgres15|private_db_1a|-|10.0.18.101/24|10.0.18.2|-| \

                new|postgres15-2|private_db_1a|-|10.0.18.102/24|10.0.18.2|-| \

                new|ami-rocky9-20G|private_mng_1a|-|10.0.19.100/24|10.0.19.2|-| \

                new|ora2pg|private_mng_1a|-|10.0.19.201/24|10.0.19.2|-| \

                new|buildsv|private_mng_1a|-|10.0.19.202/24|10.0.19.2|-| \

                new|zabbix5.4|private_mng_1a|-|10.0.19.119/24|10.0.19.2|-| \

           "

#----------------------------------------------------------------

# main()

#----------------------------------------------------------------

main(){

case "$1" in

        "config" )

config

        ;;

        *)

usage

        ;;

esac

nmcli d

nmcli c

ip a

ip r

}

config(){

for row in $HOST_LISTS; do

            MODE=`echo        $row | cut -d "|" -f 1`

            NAME=`echo        $row | cut -d "|" -f 2`

            VLAN_NAME=`echo   $row | cut -d "|" -f 3`

            LAN_DEVICE=`echo  $row | cut -d "|" -f 4`

            VLAN_IP=`echo     $row | cut -d "|" -f 5`

            VLAN_GW=`echo     $row | cut -d "|" -f 6`

            VLAN_ROUTE=`echo  $row | cut -d "|" -f 7`

if [ "${LAN_DEVICE}" == "-" ] || [ "${LAN_DEVICE}" == "1" ]; then

DEVICE=${DEVICE_1}

elif [ "${LAN_DEVICE}" == "2" ]; then

DEVICE=${DEVICE_2}

elif [ "${LAN_DEVICE}" == "3" ]; then

DEVICE=${DEVICE_3}

else

DEVICE=${LAN_DEVICE}

fi

if [ "${NAME}" == "${HOST_NAME}" ]; then

if [ "${MODE}" == "new" ]; then

net_config ${NAME} ${VLAN_NAME} ${DEVICE} ${VLAN_IP} ${VLAN_GW} ${VLAN_ROUTE}

elif [ "${MODE}" == "mod" ]; then

mod_config ${NAME} ${VLAN_NAME} ${DEVICE} ${VLAN_IP} ${VLAN_GW} ${VLAN_ROUTE}

elif [ "${MODE}" == "nat" ]; then

nat_config ${NAME} ${VLAN_NAME} 

  fi

                fi

done

}

net_config(){

NAME=$1

VLAN_NAME=$2

  DEVICE=$3

  VLAN_IP=$4

VLAN_GW=$5

if [ "${DEBUG}" == "debug" ]; then

echo nmcli c delete ${VLAN_NAME}

echo nmcli c add type ethernet ifname ${DEVICE} con-name "${VLAN_NAME}"

                if [ "${VLAN_IP}" == "auto" ]; then 

echo nmcli c mod ${VLAN_NAME} ipv4.method auto

else

        echo nmcli c mod ${VLAN_NAME} ipv4.addresses ${VLAN_IP}

echo nmcli c mod ${VLAN_NAME} ipv4.method manual

fi

echo nmcli c mod ${VLAN_NAME} connection.autoconnect yes

echo nmcli c mod ${VLAN_NAME} ipv4.gateway ${VLAN_GW}

echo nmcli c up  ${VLAN_NAME}

        else

nmcli c delete ${VLAN_NAME}

nmcli c add type ethernet ifname ${DEVICE} con-name "${VLAN_NAME}"

                if [ "${VLAN_IP}" == "auto" ]; then 

nmcli c mod ${VLAN_NAME} ipv4.method auto

else

nmcli c mod ${VLAN_NAME} ipv4.addresses ${VLAN_IP}

nmcli c mod ${VLAN_NAME} ipv4.method manual

fi

nmcli c mod ${VLAN_NAME} connection.autoconnect yes

if [ "${VLAN_GW}" != "-" ]; then

nmcli c mod ${VLAN_NAME} ipv4.gateway ${VLAN_GW}

fi

nmcli c up  ${VLAN_NAME}

fi

}

mod_config(){

NAME=$1

VLAN_NAME=$2

  DEVICE=$3

  VLAN_IP=$4

VLAN_GW=$5

VLAN_ROUTE=$6

        if [ "${VLAN_IP}" != "-" ]; then

if [ "${DEBUG}" == "debug" ]; then

echo nmcli c mod ${VLAN_NAME} +ipv4.addresses ${VLAN_IP}

else

nmcli c mod ${VLAN_NAME} +ipv4.addresses ${VLAN_IP}

nmcli c up  ${VLAN_NAME}

fi

fi

        if [ "${VLAN_GW}" != "-" ]; then

if [ ${DEBUG} == "debug" ]; then

echo nmcli c mod ${VLAN_NAME} +ipv4.routes "${VLAN_ROUTE} ${VLAN_GW}"

else

nmcli c mod ${VLAN_NAME} +ipv4.routes "${VLAN_ROUTE} ${VLAN_GW}"

nmcli c up  ${VLAN_NAME}

fi

fi

}

nat_config(){

NAME=$1

INTERNAL=$2

        EXTERNAL="global_network"

if [ ${DEBUG} == "debug" ]; then

echo nmcli c mod $EXTERNAL connection.zone external

echo nmcli c mod $INTERNAL connection.zone internal

echo firewall-cmd --zone=external --add-masquerade --permanent

echo nmcli c up  $EXTERNAL

echo nmcli c up  $INTERNAL

else

nmcli c mod $EXTERNAL connection.zone external

nmcli c mod $INTERNAL connection.zone internal

firewall-cmd --zone=external --add-masquerade --permanent

nmcli c up  $EXTERNAL

nmcli c up  $INTERNAL

fi

}

main $@