Skip to content

Commit

Permalink
Merge pull request #1 from veldrane/rocky9-ovs
Browse files Browse the repository at this point in the history 
Merger from rocky9 openvswitch branch to master
  • Loading branch information
@veldrane
veldrane authored Sep 17, 2024
2 parents 64de460 + f9fef92 commit 54bcf18
Show file tree
Hide file tree
Showing 189 changed files with 8,995 additions and 3,886 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ temp
09_apigw/krakend/dockerfiles/krakend*
08_keycloak/ansible/archives/keycloak-12.0.2.tar.gz
08_keycloak/ansible/centos/archives/keycloak-12.0.2.tar.gz
01_template/ssh/id_ecdsa
5 changes: 0 additions & 5 deletions 00_proliant/00_addumy.sh
View file

This file was deleted.

4 changes: 4 additions & 0 deletions 00_proliant/00_packages.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash

dnf -y install mc openvswitch3.3 git qemu-kvm libvirt virt-manager virt-install uuid

56 changes: 0 additions & 56 deletions 00_proliant/01_newnet.sh
View file

This file was deleted.

4 changes: 0 additions & 4 deletions 00_proliant/02_iptables.sh
View file

This file was deleted.

4 changes: 4 additions & 0 deletions 00_proliant/02_libvirtd.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash

systemctl enable libvirtd
systemctl start libvirtd
5 changes: 5 additions & 0 deletions 00_proliant/03_storage.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/bin/bash

lvcreate -L+20G -n iso rootvg
lvcreate -L+100G -n vms rootvg

14 changes: 14 additions & 0 deletions 00_proliant/04_libvirt-network.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/bash

ovs-vsctl add-br br-pub0
#nmcli con up br-pub0
ip link set dev br-pub0 up
#nmcli con modify br-pub0 connection.autoconnect true
nmcli con add type vlan con-name vlan8 ifname vlan8 dev br-pub0 id 8 ip4 10.1.8.1/24 connection.autoconnect true
nmcli con up vlan8
echo "net.ipv4.conf.vlan8.forwarding=1" > /etc/sysctl.d/10-vlan8-forwarding.conf
echo "net.ipv4.conf.eno1.forwarding=1" > /etc/sysctl.d/10-eno1-forwarding.conf

virsh net-define libvirt-network/public.xml
virsh net-start public
virsh net-autostart public
13 changes: 13 additions & 0 deletions 00_proliant/04_ovn_network.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/bin/bash

ovs-vsctl add-br br-int0
#nmcli con up br-int0
ip link set dev br-int0 up
#nmcli con modify br-int0 connection.autoconnect true
nmcli con add type vlan con-name vlan64 ifname vlan64 dev br-int0 id 64 ip4 10.2.64.1/24 connection.autoconnect true
nmcli con up vlan64
echo "net.ipv4.conf.vlan64.forwarding=1" > /etc/sysctl.d/10-vlan64-forwarding.conf

virsh net-define libvirt-network/ovn.xml
virsh net-start ovn
virsh net-autostart ovn
4 changes: 4 additions & 0 deletions 00_proliant/05_vlan8-nat.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
nft add table nat
nft 'add chain nat postrouting { type nat hook postrouting priority 100 ; }'

nft add rule nat postrouting ip saddr 10.1.8.0/24 oif eno1 masquerade
17 changes: 17 additions & 0 deletions 00_proliant/06_nftables.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/bin/bash

# Flush existing rules
nft flush ruleset

# Create NAT table and chains
nft add table ip nat
nft add chain ip nat prerouting { type nat hook prerouting priority 0 \; }
nft add chain ip nat postrouting { type nat hook postrouting priority 100 \; }

# NAT rule for outgoing traffic to the internet
nft add rule ip nat postrouting oif "eno1" ip saddr 10.1.4.0/24 ip daddr != 192.168.1.0/24 ip daddr != 10.2.0.0/16 counter snat to 192.168.1.228
nft add rule ip nat postrouting oif "eno1" ip saddr 10.1.8.0/24 ip daddr != 192.168.1.0/24 ip daddr != 10.2.0.0/16 counter snat to 192.168.1.228
nft add rule ip nat postrouting oif "eno1" ip saddr 10.1.16.0/24 ip daddr != 192.168.1.0/24 ip daddr != 10.2.0.0/16 counter snat to 192.168.1.228

# Accept rule for local traffic to 192.168.1.0/24 and 10.2.0.0/16
nft add rule ip nat postrouting oif "eno1" ip daddr { 192.168.1.0/24, 10.2.0.0/16 } counter accept
16 changes: 16 additions & 0 deletions 00_proliant/06_nftables_bsegment.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash

# Flush existing rules
nft flush ruleset

# Create NAT table and chains
nft add table ip nat
nft add chain ip nat prerouting { type nat hook prerouting priority 0 \; }
nft add chain ip nat postrouting { type nat hook postrouting priority 100 \; }

# NAT rule for outgoing traffic to the internet
nft add rule ip nat postrouting oif "eno1" ip saddr 10.1.0.0/16 ip daddr != 192.168.1.0/24 ip daddr != 10.2.0.0/16 ip daddr != 10.1.0.0/16 counter snat to 192.168.1.228
nft add rule ip nat postrouting oif "eno1" ip saddr 10.2.0.0/16 ip daddr != 192.168.1.0/24 ip daddr != 10.2.0.0/16 ip daddr != 10.1.0.0/16 counter snat to 192.168.1.228

# Accept rule for local traffic to 192.168.1.0/24 and 10.2.0.0/16
nft add rule ip nat postrouting oif "eno1" ip daddr { 192.168.1.0/24, 192.168.2.0/24 } counter accept
6 changes: 6 additions & 0 deletions 00_proliant/99_service.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/bash

SERVICE=$1

systemctl enable $1
systemctl start $1
15 changes: 15 additions & 0 deletions 00_proliant/99_vlans.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/bin/bash

ID=$1
RE='^[0-9]+$'


! [[ "$1" =~ $RE ]] && echo "Add correct vlan id"
[[ "$1" -ge 4095 ]] && echo "Add correct vlan id"

nmcli con add type vlan con-name vlan$ID ifname vlan$ID dev br-pub0 id $ID ip4 10.1.$ID.1/24 connection.autoconnect true
nmcli con up vlan$ID

sysctl -w net.ipv4.conf.vlan$ID.forwarding=1

echo "net.ipv4.conf.vlan$ID.forwarding=1" > /etc/sysctl.d/10-vlan$ID-forwarding.conf
56 changes: 0 additions & 56 deletions 00_proliant/include/anaconda-ks.cfg
View file

This file was deleted.

16 changes: 0 additions & 16 deletions 00_proliant/include/[email protected]
View file

This file was deleted.

15 changes: 0 additions & 15 deletions 00_proliant/include/iptables.save
View file

This file was deleted.

2 changes: 0 additions & 2 deletions 00_proliant/include/sysctl.conf
View file

This file was deleted.

5 changes: 0 additions & 5 deletions 00_proliant/isolation-cpu.md
View file

This file was deleted.

33 changes: 0 additions & 33 deletions 00_proliant/issue-readme.md
View file

This file was deleted.

11 changes: 11 additions & 0 deletions 00_proliant/libvirt-network/ovn.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<network>
<name>ovn</name>
<uuid>88115f4c-3e06-4a29-8d4d-e1648358324b</uuid>
<forward mode='bridge'/>
<bridge name='br-int0'/>
<virtualport type='openvswitch'/>
<vlan trunk='yes'>
<tag id='1' nativeMode='untagged'/>
<tag id='64'/>
</vlan>
</network>
17 changes: 17 additions & 0 deletions 00_proliant/libvirt-network/public.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
<network>
<name>public</name>
<uuid>9cdde189-9298-4de1-a513-d2e4d8ac8cef</uuid>
<forward mode='bridge'/>
<bridge name='br-pub0'/>
<virtualport type='openvswitch'/>
<vlan trunk='yes'>
<tag id='1' nativeMode='untagged'/>
<tag id='2'/>
<tag id='3'/>
<tag id='4'/>
<tag id='5'/>
<tag id='6'/>
<tag id='7'/>
<tag id='8'/>
</vlan>
</network>
Loading

0 comments on commit 54bcf18

Please sign in to comment.