root / kvm-vif-bridge @ 054ff79a
History | View | Annotate | Download (1.4 kB)
| 1 | cf51ea5b | Dimitris Aragiorgis | #!/bin/bash |
|---|---|---|---|
| 2 | cf51ea5b | Dimitris Aragiorgis | |
| 3 | cf51ea5b | Dimitris Aragiorgis | # This is an example of a Ganeti kvm ifup script that configures network |
| 4 | cf51ea5b | Dimitris Aragiorgis | # interfaces based on the initial deployment of the Okeanos project |
| 5 | cf51ea5b | Dimitris Aragiorgis | |
| 6 | 4ae972e7 | Dimitris Aragiorgis | source /etc/default/snf-network |
| 7 | 38305e4c | Dimitris Aragiorgis | source /usr/lib/snf-network/common.sh |
| 8 | d2b16e51 | Dimitris Aragiorgis | |
| 9 | 38305e4c | Dimitris Aragiorgis | FROM=FROM${INTERFACE^^}
|
| 10 | 38305e4c | Dimitris Aragiorgis | TO=TO${INTERFACE^^}
|
| 11 | 673de0e4 | Dimitris Aragiorgis | |
| 12 | 38305e4c | Dimitris Aragiorgis | try clear_routed_setup_ipv4 |
| 13 | 38305e4c | Dimitris Aragiorgis | try clear_routed_setup_ipv6 |
| 14 | 38305e4c | Dimitris Aragiorgis | try clear_routed_setup_firewall |
| 15 | 38305e4c | Dimitris Aragiorgis | try clear_ebtables |
| 16 | 38305e4c | Dimitris Aragiorgis | try clear_nfdhcpd |
| 17 | 2b9e52e1 | Dimitris Aragiorgis | |
| 18 | cf51ea5b | Dimitris Aragiorgis | if [ "$MODE" = "routed" ]; then |
| 19 | 2e8a73e0 | Dimitris Aragiorgis | TABLE=$LINK |
| 20 | 9bd377b2 | Dimitris Aragiorgis | ip link set $INTERFACE addr $TAP_CONSTANT_MAC up |
| 21 | 9bd377b2 | Dimitris Aragiorgis | INDEV=$INTERFACE |
| 22 | 054ff79a | Dimitris Aragiorgis | # DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP" |
| 23 | cf51ea5b | Dimitris Aragiorgis | elif [ "$MODE" = "bridged" ]; then |
| 24 | 9bd377b2 | Dimitris Aragiorgis | ip link set $INTERFACE up |
| 25 | 7ff50e40 | Dimitris Aragiorgis | brctl addif $BRIDGE $INTERFACE |
| 26 | 9bd377b2 | Dimitris Aragiorgis | INDEV=$BRIDGE |
| 27 | 52366a23 | Dimitris Aragiorgis | # nfdhcpd creates responses with src mac the mac of indec |
| 28 | 52366a23 | Dimitris Aragiorgis | INDEV_MAC=$(cat /sys/class/net/$INDEV/address) |
| 29 | 054ff79a | Dimitris Aragiorgis | # DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP" |
| 30 | d2b16e51 | Dimitris Aragiorgis | fi |
| 31 | 9bd377b2 | Dimitris Aragiorgis | |
| 32 | 9bd377b2 | Dimitris Aragiorgis | |
| 33 | 9bd377b2 | Dimitris Aragiorgis | for tag in $NETWORK_TAGS; do |
| 34 | 9bd377b2 | Dimitris Aragiorgis | case $tag in |
| 35 | c0bb4267 | Dimitris Aragiorgis | $IP_LESS_ROUTED_TAG) |
| 36 | 38305e4c | Dimitris Aragiorgis | try routed_setup_ipv4 |
| 37 | 38305e4c | Dimitris Aragiorgis | try routed_setup_ipv6 |
| 38 | 38305e4c | Dimitris Aragiorgis | try routed_setup_firewall |
| 39 | 9bd377b2 | Dimitris Aragiorgis | ;; |
| 40 | c0bb4267 | Dimitris Aragiorgis | $NFDHCPD_TAG) |
| 41 | 9bd377b2 | Dimitris Aragiorgis | # Drop unicast BOOTP/DHCP packets |
| 42 | 054ff79a | Dimitris Aragiorgis | # $DROPDHCPREQCMD |
| 43 | 38305e4c | Dimitris Aragiorgis | try setup_nfdhcpd |
| 44 | 9bd377b2 | Dimitris Aragiorgis | ;; |
| 45 | c0bb4267 | Dimitris Aragiorgis | $MAC_FILTERED_TAG) |
| 46 | 054ff79a | Dimitris Aragiorgis | try init_ebtables |
| 47 | 38305e4c | Dimitris Aragiorgis | try setup_ebtables |
| 48 | 9bd377b2 | Dimitris Aragiorgis | ;; |
| 49 | c0bb4267 | Dimitris Aragiorgis | $MASQ_TAG) |
| 50 | 38305e4c | Dimitris Aragiorgis | try setup_masq |
| 51 | 9bd377b2 | Dimitris Aragiorgis | ;; |
| 52 | 9bd377b2 | Dimitris Aragiorgis | esac |
| 53 | 9bd377b2 | Dimitris Aragiorgis | done |
| 54 | 9bd377b2 | Dimitris Aragiorgis | |
| 55 | 62ebfafe | Dimitris Aragiorgis | if [ -x "$IFUP_EXTRA_SCRIPT" ]; then |
| 56 | 62ebfafe | Dimitris Aragiorgis | exec $IFUP_EXTRA_SCRIPT "$@" |
| 57 | 62ebfafe | Dimitris Aragiorgis | fi |
| 58 | 62ebfafe | Dimitris Aragiorgis | |
| 59 | af5ded08 | Dimitris Aragiorgis | exit 0 |