From e70df3ca2bd039c1c4f285059bb3a27dbd90a2bf Mon Sep 17 00:00:00 2001 From: Bach Dániel <bach.daniel@cloud.bme.hu> Date: Wed, 25 Mar 2015 14:27:24 +0100 Subject: [PATCH] firewall: set BRIDGE_TYPE=NONE --- pillar/firewall.sls | 13 ++++++++----- salt/fwdriver/configuration.sls | 8 -------- salt/fwdriver/files/postactivate | 1 + salt/fwdriver/files/sudoers | 2 +- salt/manager/files/init.sh | 3 +-- salt/network/init.sls | 38 ++++++-------------------------------- 6 files changed, 17 insertions(+), 48 deletions(-) diff --git a/pillar/firewall.sls b/pillar/firewall.sls index c048b33..6c7a08f 100644 --- a/pillar/firewall.sls +++ b/pillar/firewall.sls @@ -1,14 +1,17 @@ fwdriver: repo_name: https://git.ik.bme.hu/circle/fwdriver.git repo_revision: master + user: fw + queue_name: cloud - portal_ip: 192.168.1.1 - portal_netmask: 255.255.255.0 + + vm_if: vm vm_net: 192.168.2.254/24 + + management_if: eth5 management_net: 192.168.1.254/24 + + external_if: eth0 external_net: 10.0.0.97/16 gateway: 10.0.255.254 - external_if: eth0 - trunk_if: linkb - management_if: ethy diff --git a/salt/fwdriver/configuration.sls b/salt/fwdriver/configuration.sls index fa73b4f..800be89 100644 --- a/salt/fwdriver/configuration.sls +++ b/salt/fwdriver/configuration.sls @@ -32,13 +32,6 @@ - user: {{ pillar['fwdriver']['user'] }} - group: {{ pillar['fwdriver']['user'] }} -/etc/init/isc-dhcp-server.conf: - file.managed: - - user: root - - group: root - - template: jinja - - source: salt://fwdriver/files/isc-dhcp-server.conf - /etc/init.d/isc-dhcp-server: file.symlink: - target: /lib/init/upstart-job @@ -50,7 +43,6 @@ isc-dhcp-server: - watch: - file: /etc/dhcp/dhcpd.conf - file: /etc/dhcp/dhcpd.conf.generated - - file: /etc/init/isc-dhcp-server.conf - file: /etc/init.d/isc-dhcp-server /etc/sysctl.d/60-circle-firewall.conf: diff --git a/salt/fwdriver/files/postactivate b/salt/fwdriver/files/postactivate index 193b0ab..6317a7d 100644 --- a/salt/fwdriver/files/postactivate +++ b/salt/fwdriver/files/postactivate @@ -1,3 +1,4 @@ export GATEWAY={{ pillar['fwdriver']['gateway'] }} export AMQP_URI=amqp://{{ pillar['amqp']['user'] }}:{{ pillar['amqp']['password'] }}@{{ pillar['amqp']['host'] }}:{{ pillar['amqp']['port'] }}/{{ pillar['amqp']['vhost'] }} export CACHE_URI={{ pillar['cache'] }} +export BRIDGE_TYPE=NONE diff --git a/salt/fwdriver/files/sudoers b/salt/fwdriver/files/sudoers index b811d0f..a6cd140 100644 --- a/salt/fwdriver/files/sudoers +++ b/salt/fwdriver/files/sudoers @@ -1 +1 @@ -{{ pillar['fwdriver']['user'] }} ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw ip addr *, /sbin/ip netns exec fw ip ro *, /sbin/ip netns exec fw ip link *, /sbin/ip netns exec fw ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw iptables-restore -c, /sbin/ip netns exec fw ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link * +{{ pillar['fwdriver']['user'] }} ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw ip addr *, /sbin/ip netns exec fw ip ro *, /sbin/ip netns exec fw ip link *, /sbin/ip netns exec fw ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw iptables-restore -c, /sbin/ip netns exec fw ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link *, /sbin/iptables-restore -c, /sbin/ip6tables-restore -c, /sbin/ipset * diff --git a/salt/manager/files/init.sh b/salt/manager/files/init.sh index 34c4670..931fb1f 100644 --- a/salt/manager/files/init.sh +++ b/salt/manager/files/init.sh @@ -4,7 +4,6 @@ source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/activate source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate {% set fw = pillar['fwdriver'] %} exec python /home/{{ pillar['user'] }}/circle/circle/manage.py init \ - --portal-ip={{ fw['portal_ip'] }} \ --external-net={{ fw['external_net'] }} \ --management-net={{ fw['management_net'] }} \ --vm-net={{ fw['vm_net'] }} \ @@ -14,4 +13,4 @@ exec python /home/{{ pillar['user'] }}/circle/circle/manage.py init \ --firewall-queue={{ fw['queue_name'] }} \ --external-if={{ fw['external_if'] }} \ --management-if={{ fw['management_if'] }} \ - --trunk-if={{ fw['trunk_if'] }} + --vm-if={{ fw['vm_if'] }} diff --git a/salt/network/init.sls b/salt/network/init.sls index 66b83af..cb80e92 100644 --- a/salt/network/init.sls +++ b/salt/network/init.sls @@ -1,40 +1,15 @@ ovs-if: cmd.run: - - name: ovs-vsctl add-port cloud man0 tag=3 -- set Interface man0 type=internal - - unless: ovs-vsctl list-ifaces cloud | grep "^man0$" + - name: ovs-vsctl add-port cloud vm tag=2 -- set Interface vm type=internal + - unless: ovs-vsctl list-ifaces cloud | grep "^vm$" -linka: - network.managed: - - enabled: True - - type: eth - - proto: manual - - pre_up_cmds: - - ip link add linka type veth peer name linkb - - /etc/init.d/openvswitch-switch restart - - /usr/bin/ovs-vsctl --if-exists del-port cloud linka - - /usr/bin/ovs-vsctl --may-exist add-port cloud linka - - ip link set linka up - - ip link set linkb up - - post_down_cmds: - - ip link del linka - -{{ pillar['fwdriver']['external_if'] }}: - network.managed: - - enabled: True - - type: eth - - proto: manual - -man0: +vm: network.managed: - enabled: True - type: eth - proto: static - - ipaddr: {{ pillar['fwdriver']['portal_ip'] }} - - netmask: {{ pillar['fwdriver']['portal_netmask'] }} - - gateway: {{ pillar['fwdriver']['management_net'].split('/')[0] }} - - dns: - - 8.8.8.8 - - 8.8.4.4 + - ipaddr: {{ pillar['fwdriver']['vm_net'].split('/')[0] }} + - netmask: {{ pillar['fwdriver']['vm_net'].split('/')[1] }} - pre_up_cmds: - /etc/init.d/openvswitch-switch restart - require: @@ -45,7 +20,7 @@ firewall2: - name: firewall - running - require: - - network: man0 + - network: vm salt://network/files/reload_firewall.sh: cmd.script: @@ -53,4 +28,3 @@ salt://network/files/reload_firewall.sh: - user: {{ pillar['user'] }} - require: - service: firewall2 - - network: linka -- libgit2 0.26.0