gh_mirrors/reinstall
1
0
Fork 0
mirror of https://github.com/bin456789/reinstall.git synced 2025-01-18 20:39:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
reinstall/initrd-network.sh
bin456789 34f64e31db
core: alpine netboot 阶段使用 dhcpcd
2024-11-23 23:50:13 +08:00

455 lines
13 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/ash
# shellcheck shell=dash
# alpine / debian initrd 共用此脚本
mac_addr=$1
ipv4_addr=$2
ipv4_gateway=$3
ipv6_addr=$4
ipv6_gateway=$5
is_in_china=$6
DHCP_TIMEOUT=15
DNS_FILE_TIMEOUT=5
TEST_TIMEOUT=10
# 检测是否有网络是通过检测这些 IP 的端口是否开放
# 因为 debian initrd 没有 nslookup
# 改成 generate_204但检测网络时可能 resolv.conf 为空
# HTTP 80
# HTTPS/DOH 443
# DOT 853
if $is_in_china; then
ipv4_dns1='223.5.5.5'
ipv4_dns2='119.29.29.29' # 不开放 853
ipv6_dns1='2400:3200::1'
ipv6_dns2='2402:4e00::' # 不开放 853
else
ipv4_dns1='1.1.1.1'
ipv4_dns2='8.8.8.8' # 不开放 80
ipv6_dns1='2606:4700:4700::1111'
ipv6_dns2='2001:4860:4860::8888' # 不开放 80
fi
# 找到主网卡
# debian 11 initrd 没有 xargs awk
# debian 12 initrd 没有 xargs
get_ethx() {
# 过滤 azure vf (带 master ethx)
# 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000\ link/ether 60:45:bd:21:8a:51 brd ff:ff:ff:ff:ff:ff
# 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP800> mtu 1500 qdisc mq master eth0 state UP qlen 1000\ link/ether 60:45:bd:21:8a:51 brd ff:ff:ff
if false; then
ip -o link | grep -i "$mac_addr" | grep -v master | awk '{print $2}' | cut -d: -f1
else
ip -o link | grep -i "$mac_addr" | grep -v master | cut -d' ' -f2 | cut -d: -f1
fi
}
get_ipv4_gateway() {
# debian 11 initrd 没有 xargs awk
# debian 12 initrd 没有 xargs
ip -4 route show default dev "$ethx" | head -1 | cut -d ' ' -f3
}
get_ipv6_gateway() {
# debian 11 initrd 没有 xargs awk
# debian 12 initrd 没有 xargs
ip -6 route show default dev "$ethx" | head -1 | cut -d ' ' -f3
}
get_first_ipv4_addr() {
# debian 11 initrd 没有 xargs awk
# debian 12 initrd 没有 xargs
if false; then
ip -4 -o addr show scope global dev "$ethx" | head -1 | awk '{print $4}'
else
ip -4 -o addr show scope global dev "$ethx" | head -1 | grep -o '[0-9\.]*/[0-9]*'
fi
}
get_first_ipv4_gateway() {
# debian 11 initrd 没有 xargs awk
# debian 12 initrd 没有 xargs
if false; then
ip -4 route show default dev "$ethx" | head -1 | awk '{print $3}'
else
ip -4 route show default dev "$ethx" | head -1 | cut -d' ' -f3
fi
}
remove_netmask() {
cut -d/ -f1
}
get_first_ipv6_addr() {
# debian 11 initrd 没有 xargs awk
# debian 12 initrd 没有 xargs
if false; then
ip -6 -o addr show scope global dev "$ethx" | head -1 | awk '{print $4}'
else
ip -6 -o addr show scope global dev "$ethx" | head -1 | grep -o '[0-9a-f\:]*/[0-9]*'
fi
}
get_first_ipv6_gateway() {
# debian 11 initrd 没有 xargs awk
# debian 12 initrd 没有 xargs
if false; then
ip -6 route show default dev "$ethx" | head -1 | awk '{print $3}'
else
ip -6 route show default dev "$ethx" | head -1 | cut -d' ' -f3
fi
}
is_have_ipv4_addr() {
ip -4 addr show scope global dev "$ethx" | grep -q inet
}
is_have_ipv6_addr() {
ip -6 addr show scope global dev "$ethx" | grep -q inet6
}
is_have_ipv4_gateway() {
ip -4 route show default dev "$ethx" | grep -q .
}
is_have_ipv6_gateway() {
ip -6 route show default dev "$ethx" | grep -q .
}
is_have_ipv4() {
is_have_ipv4_addr && is_have_ipv4_gateway
}
is_have_ipv6() {
is_have_ipv6_addr && is_have_ipv6_gateway
}
is_have_ipv4_dns() {
[ -f /etc/resolv.conf ] && grep -q '^nameserver .*\.' /etc/resolv.conf
}
is_have_ipv6_dns() {
[ -f /etc/resolv.conf ] && grep -q '^nameserver .*:' /etc/resolv.conf
}
add_missing_ipv4_config() {
if [ -n "$ipv4_addr" ] && [ -n "$ipv4_gateway" ]; then
if ! is_have_ipv4_addr; then
ip -4 addr add "$ipv4_addr" dev "$ethx"
fi
if ! is_have_ipv4_gateway; then
# 如果 dhcp 无法设置onlink网关那么在这里设置
# debian 9 ipv6 不能识别 onlink但 ipv4 能识别 onlink
if true; then
ip -4 route add "$ipv4_gateway" dev "$ethx"
ip -4 route add default via "$ipv4_gateway" dev "$ethx"
else
ip -4 route add default via "$ipv4_gateway" dev "$ethx" onlink
fi
fi
fi
}
add_missing_ipv6_config() {
if [ -n "$ipv6_addr" ] && [ -n "$ipv6_gateway" ]; then
if ! is_have_ipv6_addr; then
ip -6 addr add "$ipv6_addr" dev "$ethx"
fi
if ! is_have_ipv6_gateway; then
# 如果 dhcp 无法设置onlink网关那么在这里设置
# debian 9 ipv6 不能识别 onlink
if true; then
ip -6 route add "$ipv6_gateway" dev "$ethx"
ip -6 route add default via "$ipv6_gateway" dev "$ethx"
else
ip -6 route add default via "$ipv6_gateway" dev "$ethx" onlink
fi
fi
fi
}
is_need_test_ipv4() {
is_have_ipv4 && ! $ipv4_has_internet
}
is_need_test_ipv6() {
is_have_ipv6 && ! $ipv6_has_internet
}
# 测试方法:
# ping 有的机器禁止
# nc 测试 dot doh 端口是否开启
# wget 测试下载
# initrd 里面的软件版本是否支持指定源IP/网卡
# 软件 nc wget nslookup
# debian9 × √ 没有此软件
# alpine √ × ×
test_by_wget() {
src=$1
dst=$2
# ipv6 需要添加 []
if echo "$dst" | grep -q ':'; then
url="https://[$dst]"
else
url="https://$dst"
fi
# tcp 443 通了就算成功,不管 http 是不是 404
wget -T "$TEST_TIMEOUT" \
--bind-address="$src" \
--no-check-certificate \
--max-redirect 0 \
--tries 1 \
-O /dev/null \
"$url" 2>&1 | grep -iq connected
}
test_by_nc() {
src=$1
dst=$2
# tcp 443 通了就算成功
nc -z -v \
-w "$TEST_TIMEOUT" \
-s "$src" \
"$dst" 443
}
is_debian() {
[ -f /etc/lsb-release ] && grep -iq Debian /etc/lsb-release
}
test_connect() {
if is_debian; then
test_by_wget "$1" "$2"
else
test_by_nc "$1" "$2"
fi
}
test_internet() {
for i in $(seq 5); do
echo "Testing Internet Connection. Test $i... "
if is_need_test_ipv4 && test_connect "$(get_first_ipv4_addr | remove_netmask)" "$ipv4_dns1" >/dev/null 2>&1; then
echo "IPv4 has internet."
ipv4_has_internet=true
fi
if is_need_test_ipv6 && test_connect "$(get_first_ipv6_addr | remove_netmask)" "$ipv6_dns1" >/dev/null 2>&1; then
echo "IPv6 has internet."
ipv6_has_internet=true
fi
if ! is_need_test_ipv4 && ! is_need_test_ipv6; then
break
fi
sleep 1
done
}
flush_ipv4_config() {
ip -4 addr flush scope global dev "$ethx"
ip -4 route flush dev "$ethx"
}
flush_ipv6_config() {
# 是否临时禁用 ra / slaac
if [ "$1" = true ]; then
echo 0 >"/proc/sys/net/ipv6/conf/$ethx/autoconf"
fi
ip -6 addr flush scope global dev "$ethx"
ip -6 route flush dev "$ethx"
}
ethx=$(get_ethx)
if [ -z "$ethx" ]; then
echo "Not found network card: $mac_addr"
exit
fi
echo "Configuring $ethx ($mac_addr)..."
# 开启 ethx
ip link set dev "$ethx" up
sleep 1
# 开启 dhcpv4/v6
# debian / kali
if [ -f /usr/share/debconf/confmodule ]; then
# shellcheck source=/dev/null
. /usr/share/debconf/confmodule
db_progress STEP 1
# dhcpv4
# 无需等待写入 dns在 dhcpv6 等待
db_progress INFO netcfg/dhcp_progress
udhcpc -i "$ethx" -f -q -n || true
db_progress STEP 1
# slaac + dhcpv6
db_progress INFO netcfg/slaac_wait_title
# https://salsa.debian.org/installer-team/netcfg/-/blob/master/autoconfig.c#L148
cat <<EOF >/var/lib/netcfg/dhcp6c.conf
interface $ethx {
send ia-na 0;
request domain-name-servers;
request domain-name;
script "/lib/netcfg/print-dhcp6c-info";
};
id-assoc na 0 {
};
EOF
dhcp6c -c /var/lib/netcfg/dhcp6c.conf "$ethx" || true
sleep $DHCP_TIMEOUT # 等待获取 ip 和写入 dns
# kill-all-dhcp
kill -9 "$(cat /var/run/dhcp6c.pid)" || true
db_progress STEP 1
# 静态 + 检测网络提示
db_subst netcfg/link_detect_progress interface "$ethx"
db_progress INFO netcfg/link_detect_progress
else
# alpine
# h3c 移动云电脑使用 udhcpc 会重复提示 sending select无法获得 ipv6因此使用 dhcpcd
method=dhcpcd
case "$method" in
udhcpc)
udhcpc -i "$ethx" -f -q -n || true
udhcpc6 -i "$ethx" -f -q -n || true
sleep $DNS_FILE_TIMEOUT # 好像不用等待写入 dns但是以防万一
;;
dhcpcd)
# https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/dhcpcd/dhcpcd.pre-install
grep -q dhcpcd /etc/group || addgroup -S dhcpcd
grep -q dhcpcd /etc/passwd || adduser -S -D \
-h /var/lib/dhcpcd \
-s /sbin/nologin \
-G dhcpcd \
-g dhcpcd \
dhcpcd
# --noipv4ll 禁止生成 169.254.x.x
if false; then
# 等待 DHCP 全过程
timeout $DHCP_TIMEOUT \
dhcpcd --persistent --noipv4ll --nobackground "$ethx"
else
# 等待 DNS
dhcpcd --persistent --noipv4ll "$ethx" # 获取到 IP 后立即切换到后台
sleep $DNS_FILE_TIMEOUT # 需要等待写入 dns
dhcpcd -x "$ethx" # 终止
fi
;;
esac
fi
# 等待slaac
# 有ipv6地址就跳过不管是slaac或者dhcpv6
# 因为会在trans里判断
# 这里等待5秒就够了因为之前尝试获取dhcp6也用了一段时间
for i in $(seq 5 -1 0); do
is_have_ipv6 && break
echo "waiting slaac for ${i}s"
sleep 1
done
# 记录是否有动态地址
# 由于还没设置静态ip所以有条目表示有动态地址
is_have_ipv4_addr && dhcpv4=true || dhcpv4=false
is_have_ipv6_addr && dhcpv6_or_slaac=true || dhcpv6_or_slaac=false
should_disable_ra_slaac=false
# 如果自动获取的 IPv4 地址不是重装前的,则使用之前的
if $dhcpv4 && [ -n "$ipv4_addr" ] && [ -n "$ipv4_gateway" ] &&
! [ "$ipv4_addr" = "$(get_first_ipv4_addr)" ]; then
echo "IPv4 address auto obtained is different from old system."
dhcpv4=false
flush_ipv4_config
fi
# 如果自动获取的 IPv6 地址不是重装前的,则使用之前的
if $dhcpv6_or_slaac && [ -n "$ipv6_addr" ] && [ -n "$ipv6_gateway" ] &&
! [ "$ipv6_addr" = "$(get_first_ipv6_addr)" ]; then
echo "IPv6 address auto obtained is different from old system."
dhcpv6_or_slaac=false
should_disable_ra_slaac=true
flush_ipv6_config
fi
# 设置静态地址,或者设置 debian 9 udhcpc 无法设置的网关
add_missing_ipv4_config
add_missing_ipv6_config
# 检查 ipv4/ipv6 是否连接联网
ipv4_has_internet=false
ipv6_has_internet=false
test_internet
# 如果 IPv4 无法上网,并且自动获取的网关不是重装前的网关,则改成静态
if ! $ipv4_has_internet &&
$dhcpv4 && [ -n "$ipv4_addr" ] && [ -n "$ipv4_gateway" ] &&
! [ "$ipv4_gateway" = "$(get_first_ipv4_gateway)" ]; then
echo "IPv4 gateway auto obtained is different from old system."
dhcpv4=false
flush_ipv4_config
add_missing_ipv4_config
test_internet
fi
# 如果 IPv6 无法上网,并且自动获取的网关不是重装前的网关,则改成静态
if ! $ipv6_has_internet &&
$dhcpv6_or_slaac && [ -n "$ipv6_addr" ] && [ -n "$ipv6_gateway" ] &&
! [ "$ipv6_gateway" = "$(get_first_ipv6_gateway)" ]; then
echo "IPv6 gateway auto obtained is different from old system."
dhcpv6_or_slaac=false
should_disable_ra_slaac=true
flush_ipv6_config true
add_missing_ipv6_config
test_internet
fi
# 要删除不联网协议的ip因为
# 1 甲骨文云管理面板添加ipv6地址然后取消
# 依然会分配ipv6地址但ipv6没网络
# 此时alpine只会用ipv6下载apk而不用会ipv4下载
# 2 有ipv4地址但没有ipv4网关的情况(vultr)aria2会用ipv4下载
if $ipv4_has_internet && ! $ipv6_has_internet; then
echo 0 >"/proc/sys/net/ipv6/conf/$ethx/accept_ra"
ip -6 addr flush scope global dev "$ethx"
elif ! $ipv4_has_internet && $ipv6_has_internet; then
ip -4 addr flush scope global dev "$ethx"
fi
# 如果联网了,但没获取到默认 DNS则添加我们的 DNS
if $ipv4_has_internet && ! { [ -e /etc/resolv.conf ] && is_have_ipv4_dns; }; then
echo "nameserver $ipv4_dns1" >>/etc/resolv.conf
echo "nameserver $ipv4_dns2" >>/etc/resolv.conf
fi
if $ipv6_has_internet && ! { [ -e /etc/resolv.conf ] && is_have_ipv6_dns; }; then
echo "nameserver $ipv6_dns1" >>/etc/resolv.conf
echo "nameserver $ipv6_dns2" >>/etc/resolv.conf
fi
# 传参给 trans.start
netconf="/dev/netconf/$ethx"
mkdir -p "$netconf"
$dhcpv4 && echo 1 >"$netconf/dhcpv4" || echo 0 >"$netconf/dhcpv4"
$should_disable_ra_slaac && echo 1 >"$netconf/should_disable_ra_slaac" || echo 0 >"$netconf/should_disable_ra_slaac"
$is_in_china && echo 1 >"$netconf/is_in_china" || echo 0 >"$netconf/is_in_china"
echo "$ethx" >"$netconf/ethx"
echo "$mac_addr" >"$netconf/mac_addr"
echo "$ipv4_addr" >"$netconf/ipv4_addr"
echo "$ipv4_gateway" >"$netconf/ipv4_gateway"
echo "$ipv6_addr" >"$netconf/ipv6_addr"
echo "$ipv6_gateway" >"$netconf/ipv6_gateway"
$ipv4_has_internet && echo 1 >"$netconf/ipv4_has_internet" || echo 0 >"$netconf/ipv4_has_internet"
$ipv6_has_internet && echo 1 >"$netconf/ipv6_has_internet" || echo 0 >"$netconf/ipv6_has_internet"
Reference in New Issue View Git Blame Copy Permalink