Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 996
  • Last Modified:

Pre-written script to change CentOS IP addresses

Are there any prewritten scripts out there to change the IP address info of a given machine?

Here is the scenario, I have a distributor who puts together my box, burns my image to the box, then ships it to different data centers in the country.

I want to give the distributor a script that he can use to install the IP addresses.

It can be a Windows Script or a Bash script.
0
lvnv
Asked:
lvnv
  • 4
  • 3
  • 2
  • +2
3 Solutions
 
Kerem ERSOYPresidentCommented:
In rehdat linux it is there's no need to write a script. If he edits the file in:

/etc/sysconfig/networking/profiles/default/ifcfg-eth0

and the contents will be something like this:

# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
TYPE=Ethernet
DEVICE=eth0
HWADDR=xx:xx:xx:xx:xx:xx:xx:xx
BOOTPROTO=none
NETMASK=<net_mesk>
IPADDR=>ip.addr>
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=no

Then when the system boots it will have the fixed IP specified in IPADDR and NETMASK with the interface MAC specified in HWADDR.

This is it.
0
 
elf_binCommented:
Just to expand on what KeremE said.
In /etc/sysconfig/network-scripts/ there are ifcfg-ethx (where x is the interface number, 0, 1, 2 etc in multi-homed hosts).  
Generally, they start with a comment about to which interface they apply (so mine has # Intel Corporation 82566DM-2 Gigabit Network Connection).  
Then the device number (i.e.: eth0, eth1 etc), prepended with DEVICE=
Then the boot protocol (BOOTPROTO=) which'll be none for static IP address, dhcp for dhcp and so on.
Next is the MAC address (HWADDR=).
NETMASK= & IPADDR= are the lines where IP address & subnet mask are configured (static only).
DHCP_HOSTNAME= would be the dhcp supplied hostname (if sent).
TYPE=Ethernet is the media type used.
USERCTL=yes|no.  Can the user manipulate the network interface (such as shut it down, bring it up etc.)?
IPV6INIT=yes|no.  Do we want IPv6 support?
PEERDNS=yes|no.  "Peer to peer" DNS queries.
What I'm assuming here is that you're not using the Network Manager tool to manage your interfaces.

So you could use the sed command to change known values into new values.  For example, if the manufacturer ships IPADDR=1.1.1.1 NETMASK=1.1.1.1 you could use this:
sed s/"IPADDR=1.1.1.1"/"IPADDR=192.168.2.1"/ /etc/sysconfig/network-scripts/ ifcfg-eth0 | sed s/"NETMASK=1.1.1.1"/"NETMASK=1.1.1.1"/ - > /etc/sysconfig/network-scripts/ifcfg-eth0.new

You could use the ip command to add | remove or manage interfaces and addresses.
You could use system-config-network-cmd to add | remove or manage interfaces and addresses.

But the obvious choice is why don't you just use DHCP?  That's what it's there for!

Hope this helps.
0
 
lvnvAuthor Commented:
Thanks, I know how to do both of your answers and that's how I've been doing in until now.

HOWEVER, both require root access to the system.  Therein lies the problem.  I don't want to give anyone root access or any shell access at all for that matter.
Remember, they are burning an image of disk, then changing the IP of that image.

If there was a C script that only logged in and changed the info it would be perfect.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Kerem ERSOYPresidentCommented:
So will you a bit clarify the steps of the process? At what step they burn the cd? D o they change after changing? What does the image file contain? Who uses the CD ?
0
 
lvnvAuthor Commented:
1) I have given the image of a disk to the "manufacturer"
2) they use G4L to copy the image to every new server that I order
3) they ship the new server to a remote location
some of the remote locations allow me to login and change the IP (because they / it uses DHCP)..
Others require me to give them root access so they can change the config files.

I don't like either option.

I'd like a script to give my manufacturer which will update the IP information on each new system without him logging in as root.

I am probably going to end up writing a C script that will do it.  I was hoping that someone on here had seen one already... I can't imagine this is a new problem..
0
 
Kerem ERSOYPresidentCommented:
The problem with script is that: You'd allow a SUID script to the image which is very very very dangerous in that people could later change the script and use it as a vulnerability to exploit. The same goes with the C script since it would need to run with root privileges.
0
 
lvnvAuthor Commented:
Well, as it stands now, they're getting root access so that's worse in my opinion...

but I figured there must be some way to encrypt the username and password in the C script then compile it as a binary...

with root:
they can do whatever they want...

with script:
They'd have to work at decompiling the binary or watching what it does...

0
 
Kerem ERSOYPresidentCommented:
Yeah but can't you just connect to the host and change the root password once they have finished configuring the IP?  You can start with a default password to start.

Or better you create a user with sudo all privilege. Once he'd login the system for the first time he sts up the networking then you'd connect nd revoke the privliege to him.. So that Ho won't know root password.
0
 
elf_binCommented:
The thing is you'll never know how many times the CD has been used, so you'll never know which I addresses have been assigned.
What I'd do is put something in /etc/rc.local that creates a file somewhere on disk (say /usr/local/var) when it runs.  The idea being run the script if that file is there & don't run it if it isn't there.  That way the script will only run at first boot.  You can put in something that checks and updates an external server to indicate if an IP address has been used or not and setup the networking that way.  I reckon you could even change the root password with it.
Is that the kind of thing you're after?
0
 
tkutherCommented:
Why not use SSH with command restriction.

Just write a script that takes two parameters, reads out the MAC, and changes the ifcfg-eth0 script accordingly

in root's ~/.ssh/authorized_keys put something like this:

command="/path/to/ip-changer.sh $SSH_ORIGINAL_COMMAND" ssh-rsa ....

Open in new window

0
 
tkutherCommented:
..and hand the private key to the customer. All he will be able to do, is execute this script with the parameters, and if the script has the needed sanity checks, this is a quite safe way

(sorry, I failed to find the edit button)
0
 
colinvannCommented:
Hi there,

How about on first boot, you make it ask the person in front of the system to setup networking using system-config-network. After execution it can update the ifcfg-eth0 or which ever interface you wish to configure and then set itself not to run again, rebooting the system to ensure that a clean start occurs...

Place the attached code snippet at the bottom of the /etc/rc.local ( -> /etc/rc.d/rc.local)...

The sleep commands are just there to give the system enough time realize that the last command has exited properly, on fast systems I've seen this be a problem.

This is a clean solution that doesn't risk security at all.

Let me know if you have problems with it,
Colin


# Setup networking and reboot the system without asking for it again
system-config-network
sleep 1
service network restart
sleep 1
# Restore the original rc.local
touch /tmp/rc.local
cat /etc/rc.d/rc.local | grep -v "Setup networking and" | grep -v system-config-network | grep -v sleep | grep -v "service network restart"  |grep -v "Restore the original" |grep -v reboot |grep -v touch > /tmp/rc.local
sleep 1
reboot & mv /tmp/rc.local /etc/rc.d/rc.local

Open in new window

0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 4
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now