From e70df3ca2bd039c1c4f285059bb3a27dbd90a2bf Mon Sep 17 00:00:00 2001
From: Bach Dániel <bach.daniel@cloud.bme.hu>
Date: Wed, 25 Mar 2015 14:27:24 +0100
Subject: [PATCH] firewall: set BRIDGE_TYPE=NONE

---
 pillar/firewall.sls              | 13 ++++++++-----
 salt/fwdriver/configuration.sls  |  8 --------
 salt/fwdriver/files/postactivate |  1 +
 salt/fwdriver/files/sudoers      |  2 +-
 salt/manager/files/init.sh       |  3 +--
 salt/network/init.sls            | 38 ++++++--------------------------------
 6 files changed, 17 insertions(+), 48 deletions(-)

diff --git a/pillar/firewall.sls b/pillar/firewall.sls
index c048b33..6c7a08f 100644
--- a/pillar/firewall.sls
+++ b/pillar/firewall.sls
@@ -1,14 +1,17 @@
 fwdriver:
   repo_name: https://git.ik.bme.hu/circle/fwdriver.git
   repo_revision: master
+
   user: fw
+
   queue_name: cloud
-  portal_ip: 192.168.1.1
-  portal_netmask: 255.255.255.0
+
+  vm_if: vm
   vm_net: 192.168.2.254/24
+
+  management_if: eth5
   management_net: 192.168.1.254/24
+
+  external_if: eth0
   external_net: 10.0.0.97/16
   gateway: 10.0.255.254
-  external_if: eth0
-  trunk_if: linkb
-  management_if: ethy
diff --git a/salt/fwdriver/configuration.sls b/salt/fwdriver/configuration.sls
index fa73b4f..800be89 100644
--- a/salt/fwdriver/configuration.sls
+++ b/salt/fwdriver/configuration.sls
@@ -32,13 +32,6 @@
     - user: {{ pillar['fwdriver']['user'] }}
     - group: {{ pillar['fwdriver']['user'] }}
 
-/etc/init/isc-dhcp-server.conf:
-  file.managed:
-    - user: root
-    - group: root
-    - template: jinja
-    - source: salt://fwdriver/files/isc-dhcp-server.conf
-
 /etc/init.d/isc-dhcp-server:
   file.symlink:
     - target: /lib/init/upstart-job
@@ -50,7 +43,6 @@ isc-dhcp-server:
     - watch:
       - file: /etc/dhcp/dhcpd.conf
       - file: /etc/dhcp/dhcpd.conf.generated
-      - file: /etc/init/isc-dhcp-server.conf
       - file: /etc/init.d/isc-dhcp-server
 
 /etc/sysctl.d/60-circle-firewall.conf:
diff --git a/salt/fwdriver/files/postactivate b/salt/fwdriver/files/postactivate
index 193b0ab..6317a7d 100644
--- a/salt/fwdriver/files/postactivate
+++ b/salt/fwdriver/files/postactivate
@@ -1,3 +1,4 @@
 export GATEWAY={{ pillar['fwdriver']['gateway'] }}
 export AMQP_URI=amqp://{{ pillar['amqp']['user'] }}:{{ pillar['amqp']['password'] }}@{{ pillar['amqp']['host'] }}:{{ pillar['amqp']['port'] }}/{{ pillar['amqp']['vhost'] }}
 export CACHE_URI={{ pillar['cache'] }}
+export BRIDGE_TYPE=NONE
diff --git a/salt/fwdriver/files/sudoers b/salt/fwdriver/files/sudoers
index b811d0f..a6cd140 100644
--- a/salt/fwdriver/files/sudoers
+++ b/salt/fwdriver/files/sudoers
@@ -1 +1 @@
-{{ pillar['fwdriver']['user'] }}    ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw ip addr *, /sbin/ip netns exec fw ip ro *, /sbin/ip netns exec fw ip link *, /sbin/ip netns exec fw ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw iptables-restore -c, /sbin/ip netns exec fw ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link *
+{{ pillar['fwdriver']['user'] }}    ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw ip addr *, /sbin/ip netns exec fw ip ro *, /sbin/ip netns exec fw ip link *, /sbin/ip netns exec fw ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw iptables-restore -c, /sbin/ip netns exec fw ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link *, /sbin/iptables-restore -c, /sbin/ip6tables-restore -c, /sbin/ipset *
diff --git a/salt/manager/files/init.sh b/salt/manager/files/init.sh
index 34c4670..931fb1f 100644
--- a/salt/manager/files/init.sh
+++ b/salt/manager/files/init.sh
@@ -4,7 +4,6 @@ source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/activate
 source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate
 {% set fw = pillar['fwdriver'] %}
 exec python /home/{{ pillar['user'] }}/circle/circle/manage.py init \
-    --portal-ip={{ fw['portal_ip'] }} \
     --external-net={{ fw['external_net'] }} \
     --management-net={{ fw['management_net'] }} \
     --vm-net={{ fw['vm_net'] }} \
@@ -14,4 +13,4 @@ exec python /home/{{ pillar['user'] }}/circle/circle/manage.py init \
     --firewall-queue={{ fw['queue_name'] }} \
     --external-if={{ fw['external_if'] }} \
     --management-if={{ fw['management_if'] }} \
-    --trunk-if={{ fw['trunk_if'] }}
+    --vm-if={{ fw['vm_if'] }}
diff --git a/salt/network/init.sls b/salt/network/init.sls
index 66b83af..cb80e92 100644
--- a/salt/network/init.sls
+++ b/salt/network/init.sls
@@ -1,40 +1,15 @@
 ovs-if:
   cmd.run:
-    - name: ovs-vsctl add-port cloud man0 tag=3 -- set Interface man0 type=internal
-    - unless: ovs-vsctl list-ifaces cloud | grep "^man0$"
+    - name: ovs-vsctl add-port cloud vm tag=2 -- set Interface vm type=internal
+    - unless: ovs-vsctl list-ifaces cloud | grep "^vm$"
 
-linka:
-  network.managed:
-    - enabled: True
-    - type: eth
-    - proto: manual
-    - pre_up_cmds:
-      - ip link add linka type veth peer name linkb
-      - /etc/init.d/openvswitch-switch restart
-      - /usr/bin/ovs-vsctl --if-exists del-port cloud linka
-      - /usr/bin/ovs-vsctl --may-exist add-port cloud linka
-      - ip link set linka up
-      - ip link set linkb up
-    - post_down_cmds:
-      - ip link del linka
-
-{{ pillar['fwdriver']['external_if'] }}:
-  network.managed:
-    - enabled: True
-    - type: eth
-    - proto: manual
-
-man0:
+vm:
   network.managed:
     - enabled: True
     - type: eth
     - proto: static
-    - ipaddr: {{ pillar['fwdriver']['portal_ip'] }}
-    - netmask: {{ pillar['fwdriver']['portal_netmask'] }}
-    - gateway: {{ pillar['fwdriver']['management_net'].split('/')[0] }}
-    - dns:
-      - 8.8.8.8
-      - 8.8.4.4
+    - ipaddr: {{ pillar['fwdriver']['vm_net'].split('/')[0] }}
+    - netmask: {{ pillar['fwdriver']['vm_net'].split('/')[1] }}
     - pre_up_cmds:
       - /etc/init.d/openvswitch-switch restart
     - require:
@@ -45,7 +20,7 @@ firewall2:
     - name: firewall
     - running
     - require:
-      - network: man0
+      - network: vm
 
 salt://network/files/reload_firewall.sh:
   cmd.script:
@@ -53,4 +28,3 @@ salt://network/files/reload_firewall.sh:
     - user: {{ pillar['user'] }}
     - require:
       - service: firewall2
-      - network: linka
--
libgit2 0.26.0