From e70df3ca2bd039c1c4f285059bb3a27dbd90a2bf Mon Sep 17 00:00:00 2001
From: Bach Dániel <bach.daniel@cloud.bme.hu>
Date: Wed, 25 Mar 2015 14:27:24 +0100
Subject: [PATCH] firewall: set BRIDGE_TYPE=NONE
---
pillar/firewall.sls | 13 ++++++++-----
salt/fwdriver/configuration.sls | 8 --------
salt/fwdriver/files/postactivate | 1 +
salt/fwdriver/files/sudoers | 2 +-
salt/manager/files/init.sh | 3 +--
salt/network/init.sls | 38 ++++++--------------------------------
6 files changed, 17 insertions(+), 48 deletions(-)
diff --git a/pillar/firewall.sls b/pillar/firewall.sls
index c048b33..6c7a08f 100644
--- a/pillar/firewall.sls
+++ b/pillar/firewall.sls
@@ -1,14 +1,17 @@
fwdriver:
repo_name: https://git.ik.bme.hu/circle/fwdriver.git
repo_revision: master
+
user: fw
+
queue_name: cloud
- portal_ip: 192.168.1.1
- portal_netmask: 255.255.255.0
+
+ vm_if: vm
vm_net: 192.168.2.254/24
+
+ management_if: eth5
management_net: 192.168.1.254/24
+
+ external_if: eth0
external_net: 10.0.0.97/16
gateway: 10.0.255.254
- external_if: eth0
- trunk_if: linkb
- management_if: ethy
diff --git a/salt/fwdriver/configuration.sls b/salt/fwdriver/configuration.sls
index fa73b4f..800be89 100644
--- a/salt/fwdriver/configuration.sls
+++ b/salt/fwdriver/configuration.sls
@@ -32,13 +32,6 @@
- user: {{ pillar['fwdriver']['user'] }}
- group: {{ pillar['fwdriver']['user'] }}
-/etc/init/isc-dhcp-server.conf:
- file.managed:
- - user: root
- - group: root
- - template: jinja
- - source: salt://fwdriver/files/isc-dhcp-server.conf
-
/etc/init.d/isc-dhcp-server:
file.symlink:
- target: /lib/init/upstart-job
@@ -50,7 +43,6 @@ isc-dhcp-server:
- watch:
- file: /etc/dhcp/dhcpd.conf
- file: /etc/dhcp/dhcpd.conf.generated
- - file: /etc/init/isc-dhcp-server.conf
- file: /etc/init.d/isc-dhcp-server
/etc/sysctl.d/60-circle-firewall.conf:
diff --git a/salt/fwdriver/files/postactivate b/salt/fwdriver/files/postactivate
index 193b0ab..6317a7d 100644
--- a/salt/fwdriver/files/postactivate
+++ b/salt/fwdriver/files/postactivate
@@ -1,3 +1,4 @@
export GATEWAY={{ pillar['fwdriver']['gateway'] }}
export AMQP_URI=amqp://{{ pillar['amqp']['user'] }}:{{ pillar['amqp']['password'] }}@{{ pillar['amqp']['host'] }}:{{ pillar['amqp']['port'] }}/{{ pillar['amqp']['vhost'] }}
export CACHE_URI={{ pillar['cache'] }}
+export BRIDGE_TYPE=NONE
diff --git a/salt/fwdriver/files/sudoers b/salt/fwdriver/files/sudoers
index b811d0f..a6cd140 100644
--- a/salt/fwdriver/files/sudoers
+++ b/salt/fwdriver/files/sudoers
@@ -1 +1 @@
-{{ pillar['fwdriver']['user'] }} ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw ip addr *, /sbin/ip netns exec fw ip ro *, /sbin/ip netns exec fw ip link *, /sbin/ip netns exec fw ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw iptables-restore -c, /sbin/ip netns exec fw ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link *
+{{ pillar['fwdriver']['user'] }} ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw ip addr *, /sbin/ip netns exec fw ip ro *, /sbin/ip netns exec fw ip link *, /sbin/ip netns exec fw ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw iptables-restore -c, /sbin/ip netns exec fw ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link *, /sbin/iptables-restore -c, /sbin/ip6tables-restore -c, /sbin/ipset *
diff --git a/salt/manager/files/init.sh b/salt/manager/files/init.sh
index 34c4670..931fb1f 100644
--- a/salt/manager/files/init.sh
+++ b/salt/manager/files/init.sh
@@ -4,7 +4,6 @@ source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/activate
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate
{% set fw = pillar['fwdriver'] %}
exec python /home/{{ pillar['user'] }}/circle/circle/manage.py init \
- --portal-ip={{ fw['portal_ip'] }} \
--external-net={{ fw['external_net'] }} \
--management-net={{ fw['management_net'] }} \
--vm-net={{ fw['vm_net'] }} \
@@ -14,4 +13,4 @@ exec python /home/{{ pillar['user'] }}/circle/circle/manage.py init \
--firewall-queue={{ fw['queue_name'] }} \
--external-if={{ fw['external_if'] }} \
--management-if={{ fw['management_if'] }} \
- --trunk-if={{ fw['trunk_if'] }}
+ --vm-if={{ fw['vm_if'] }}
diff --git a/salt/network/init.sls b/salt/network/init.sls
index 66b83af..cb80e92 100644
--- a/salt/network/init.sls
+++ b/salt/network/init.sls
@@ -1,40 +1,15 @@
ovs-if:
cmd.run:
- - name: ovs-vsctl add-port cloud man0 tag=3 -- set Interface man0 type=internal
- - unless: ovs-vsctl list-ifaces cloud | grep "^man0$"
+ - name: ovs-vsctl add-port cloud vm tag=2 -- set Interface vm type=internal
+ - unless: ovs-vsctl list-ifaces cloud | grep "^vm$"
-linka:
- network.managed:
- - enabled: True
- - type: eth
- - proto: manual
- - pre_up_cmds:
- - ip link add linka type veth peer name linkb
- - /etc/init.d/openvswitch-switch restart
- - /usr/bin/ovs-vsctl --if-exists del-port cloud linka
- - /usr/bin/ovs-vsctl --may-exist add-port cloud linka
- - ip link set linka up
- - ip link set linkb up
- - post_down_cmds:
- - ip link del linka
-
-{{ pillar['fwdriver']['external_if'] }}:
- network.managed:
- - enabled: True
- - type: eth
- - proto: manual
-
-man0:
+vm:
network.managed:
- enabled: True
- type: eth
- proto: static
- - ipaddr: {{ pillar['fwdriver']['portal_ip'] }}
- - netmask: {{ pillar['fwdriver']['portal_netmask'] }}
- - gateway: {{ pillar['fwdriver']['management_net'].split('/')[0] }}
- - dns:
- - 8.8.8.8
- - 8.8.4.4
+ - ipaddr: {{ pillar['fwdriver']['vm_net'].split('/')[0] }}
+ - netmask: {{ pillar['fwdriver']['vm_net'].split('/')[1] }}
- pre_up_cmds:
- /etc/init.d/openvswitch-switch restart
- require:
@@ -45,7 +20,7 @@ firewall2:
- name: firewall
- running
- require:
- - network: man0
+ - network: vm
salt://network/files/reload_firewall.sh:
cmd.script:
@@ -53,4 +28,3 @@ salt://network/files/reload_firewall.sh:
- user: {{ pillar['user'] }}
- require:
- service: firewall2
- - network: linka
--
libgit2 0.26.0