Commit ef992520 by Czémán Arnold

fwdriver, manager: move fwdriver specific states and files to fwdriver, and…

fwdriver, manager: move fwdriver specific states and files to fwdriver, and manager specific states to manager
network: collect common network states to network module
parent 4d78348b
include: include:
- profile - profile
- agentdriver - agentdriver
- fwdriver
- manager - manager
- graphite - graphite
- monitor-client - monitor-client
- storagedriver - storagedriver
- vmdriver - vmdriver
- vncproxy - vncproxy
- fwdriver
- network - network
include: include:
- openvswitch - network
/home/{{ pillar['fwdriver']['user'] }}/.virtualenvs/fw/bin/postactivate: /home/{{ pillar['fwdriver']['user'] }}/.virtualenvs/fw/bin/postactivate:
file.managed: file.managed:
...@@ -95,6 +95,12 @@ systemd-sysctl: ...@@ -95,6 +95,12 @@ systemd-sysctl:
- template: jinja - template: jinja
- mode: 644 - mode: 644
firewall-selinux_pkgs:
pkg.installed:
- pkgs:
- policycoreutils
- policycoreutils-python
firewall-init_semodule: firewall-init_semodule:
cmd.run: cmd.run:
- cwd: /root - cwd: /root
...@@ -103,6 +109,6 @@ firewall-init_semodule: ...@@ -103,6 +109,6 @@ firewall-init_semodule:
- unless: semodule -l |grep -qs ^firewall-init - unless: semodule -l |grep -qs ^firewall-init
- require: - require:
- file: /root/firewall-init.te - file: /root/firewall-init.te
- pkg: firewall-selinux_pkgs
{% endif %} {% endif %}
#!/bin/bash
sed -i '/HWADDR=.*/d' /etc/sysconfig/network-scripts/ifcfg-vm
sed -i -e \$aNM_CONTROLLED=\"no\" /etc/sysconfig/network-scripts/ifcfg-vm
/bin/systemctl daemon-reload
ifup vm
systemctl restart firewall
systemctl restart dhcpd
exit 0
# systemd service file extras added by CIRCLE Salt installer:
# openvswitch and virtual network interface must be up before
# dhcpd is started
[Unit]
After=openvswitch-switch.service
[Service]
ExecStartPre=-/sbin/ifup vm
{# TODO: change 'vm' to pillar['fwdriver']['vm_if'] ? #}
{# TODO: similar patch for firewall.service ? #}
...@@ -2,6 +2,7 @@ include: ...@@ -2,6 +2,7 @@ include:
- fwdriver.gitrepo - fwdriver.gitrepo
- fwdriver.virtualenv - fwdriver.virtualenv
- fwdriver.configuration - fwdriver.configuration
- fwdriver.network
disable_os_firewall: disable_os_firewall:
cmd.run: cmd.run:
...@@ -57,14 +58,3 @@ firewall: ...@@ -57,14 +58,3 @@ firewall:
firewall-init: firewall-init:
service: service:
- enabled - enabled
{# TODO: standalone firewall mode #}
{% if pillar['fwdriver']['open_ports'] %}
salt://fwdriver/files/open_ports.sh:
cmd.script:
- template: jinja
- user: {{ pillar['user'] }}
- require:
- service: firewall
{% endif %}
ovs-if:
cmd.run:
- name: ovs-vsctl add-port cloud vm tag=2 -- set Interface vm type=internal
- unless: ovs-vsctl list-ifaces cloud | grep "^vm$"
vm:
network.managed:
- enabled: True
- type: eth
- proto: none
- ipaddr: {{ pillar['fwdriver']['vm_net_ip'] }}
- netmask: {{ pillar['fwdriver']['vm_net_mask'] }}
- pre_up_cmds:
{% if grains['os_family'] == 'RedHat' %}
- /bin/systemctl restart openvswitch
{% elif grains['os'] == 'Debian' %}
- /bin/systemctl restart openvswitch-switch
{% else %}
- /etc/init.d/openvswitch-switch restart
{% endif %}
- require:
- cmd: ovs-if
{% if grains['os'] == 'Debian' %}
symlink_dhcpd:
file.symlink:
- name: /etc/init.d/dhcpd
- target: /etc/init.d/isc-dhcp-server
- force: True
cmd.run:
- name: /bin/systemctl daemon-reload
- require:
- file: symlink_dhcpd
{% endif %}
firewall2:
service:
- name: firewall
- running
- require:
- network: vm
{% if grains['os_family'] == 'RedHat' %}
fix_dhcp:
cmd.script:
- name: salt://fwdriver/files/fix_dhcp.sh
{% endif %}
{% if grains['os'] == 'Debian' %}
{# For next reboot #}
after_openvswitch_conf:
file.managed:
- name: /etc/systemd/system/isc-dhcp-server.service.d/after_openvswitch.conf
- source: salt://fwdriver/files/fix_dhcp_Debian.conf
- user: root
- group: root
- template: jinja
- makedirs: True
fix_dhcp_daemon_reload:
cmd.run:
- name: /bin/systemctl daemon-reload
- require:
- file: after_openvswitch_conf
{% endif %}
...@@ -87,3 +87,21 @@ memcached: ...@@ -87,3 +87,21 @@ memcached:
- enable: True - enable: True
- require: - require:
- pkg: manager - pkg: manager
{% if pillar['fwdriver']['open_ports'] %}
open_ports:
cmd.script:
- name: salt://fwdriver/files/open_ports.sh
- template: jinja
- user: {{ pillar['user'] }}
{% endif %}
reload_firewall:
cmd.script:
- name: salt://network/files/reload_firewall.sh
- template: jinja
- user: {{ pillar['user'] }}
{% if pillar['fwdriver']['open_ports'] %}
- require:
- cmd: open_ports
{% endif %}
ovs-if: include:
cmd.run: - openvswitch
- name: ovs-vsctl add-port cloud vm tag=2 -- set Interface vm type=internal
- unless: ovs-vsctl list-ifaces cloud | grep "^vm$"
vm:
network.managed:
- enabled: True
- type: eth
- proto: none
- ipaddr: {{ pillar['fwdriver']['vm_net_ip'] }}
- netmask: {{ pillar['fwdriver']['vm_net_mask'] }}
- pre_up_cmds:
{% if grains['os_family'] == 'RedHat' %}
- /bin/systemctl restart openvswitch
{% elif grains['os'] == 'Debian' %}
- /bin/systemctl restart openvswitch-switch
{% else %}
- /etc/init.d/openvswitch-switch restart
{% endif %}
- require:
- cmd: ovs-if
{% if grains['os'] == 'Debian' %} ovs-bridge:
symlink_dhcpd: openvswitch_bridge.present:
file.symlink: - name: cloud
- name: /etc/init.d/dhcpd
- target: /etc/init.d/isc-dhcp-server
- force: True
cmd.run:
- name: /bin/systemctl daemon-reload
- require:
- file: symlink_dhcpd
{% endif %}
firewall2:
service:
- name: firewall
- running
- require:
- network: vm
reload_firewall:
cmd.script:
- name: salt://network/files/reload_firewall.sh
- template: jinja
- user: {{ pillar['user'] }}
- require:
- service: firewall2
{% if grains['os'] == 'Debian' %}
- cmd: symlink_dhcpd
{% endif %}
{% if grains['os_family'] == 'RedHat' %} {% if grains['os_family'] == 'RedHat' %}
net_config: net_config:
...@@ -59,56 +14,4 @@ net_config: ...@@ -59,56 +14,4 @@ net_config:
- user: root - user: root
- group: root - group: root
- mode: 644 - mode: 644
fix_dhcp:
cmd.script:
- name: salt://network/files/fix_dhcp.sh
- require:
- cmd: reload_firewall
- file: net_config
{% endif %}
isc-dhcp-server:
{% if grains['os_family'] == 'RedHat' or grains['os'] == 'Debian' %}
cmd.run:
- name: /bin/systemctl restart dhcpd
{% if grains['os_family'] == 'RedHat' %}
- watch:
- cmd: fix_dhcp
{% elif grains['os'] == 'Debian' %}
- watch:
- cmd: fix_dhcp_daemon_reload
{% endif %}
{% endif %}
service.running:
- enable: True
{% if grains['os_family'] == 'RedHat' %}
- watch:
- cmd: fix_dhcp
{% elif grains['os'] == 'Debian' %}
- watch:
- cmd: fix_dhcp_daemon_reload
{% endif %}
{% if grains['os_family'] == 'RedHat' or grains['os'] == 'Debian' %}
- name: dhcpd
- require:
- cmd: isc-dhcp-server
{% endif %}
{% if grains['os'] == 'Debian' %}
{# For next reboot #}
after_openvswitch_conf:
file.managed:
- name: /etc/systemd/system/isc-dhcp-server.service.d/after_openvswitch.conf
- source: salt://network/files/fix_dhcp_Debian.conf
- user: root
- group: root
- template: jinja
- makedirs: True
fix_dhcp_daemon_reload:
cmd.run:
- name: /bin/systemctl daemon-reload
- require:
- file: after_openvswitch_conf
{% endif %} {% endif %}
include: include:
- openvswitch - network
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/bin/postactivate: /home/{{ pillar['user'] }}/.virtualenvs/vmdriver/bin/postactivate:
file.managed: file.managed:
...@@ -24,11 +24,6 @@ include: ...@@ -24,11 +24,6 @@ include:
- source: file:///home/{{ pillar['user'] }}/vmdriver/miscellaneous/{{ file }} - source: file:///home/{{ pillar['user'] }}/vmdriver/miscellaneous/{{ file }}
{% endfor %} {% endfor %}
ovs-bridge:
cmd.run:
- name: ovs-vsctl add-br cloud
- unless: ovs-vsctl list-br | grep "^cloud$"
/etc/sudoers.d/netdriver: /etc/sudoers.d/netdriver:
file.managed: file.managed:
- source: salt://vmdriver/files/sudoers - source: salt://vmdriver/files/sudoers
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment