├── solo ├── solo.json ├── solo.rb ├── run └── solo-from-scratch ├── README.md ├── cookbooks └── cephco-senta │ ├── files │ └── default │ │ ├── libvirt-net-pub.xml │ │ ├── libvirt-net-ipmi.xml │ │ ├── libvirt-net-front.xml │ │ ├── ttyS1.conf │ │ └── rename-if-by-mac │ ├── templates │ └── default │ │ ├── libvirt-net-isolated.xml.erb │ │ └── interfaces.erb │ └── recipes │ ├── default.rb │ ├── ssh-keys.rb │ ├── serial.rb │ ├── networking.rb │ └── libvirt.rb └── data_bags └── ssh-keys ├── tv_shiny.json ├── tv_dreamer.json └── dmick_angus.json /solo/solo.json: -------------------------------------------------------------------------------- 1 | { 2 | "run_list": [ "recipe[cephco-senta::default]" ] 3 | } 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | coobook-senta 2 | ============= 3 | 4 | Chef Solo recipes used to bring up KVM hypervisors in the Sepia lab -------------------------------------------------------------------------------- /solo/solo.rb: -------------------------------------------------------------------------------- 1 | root = File.absolute_path(File.dirname(__FILE__)) 2 | 3 | file_cache_path root 4 | cookbook_path root + '/../cookbooks' 5 | data_bag_path root + '/../data_bags' 6 | -------------------------------------------------------------------------------- /cookbooks/cephco-senta/files/default/libvirt-net-pub.xml: -------------------------------------------------------------------------------- 1 | 2 | pub 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /cookbooks/cephco-senta/files/default/libvirt-net-ipmi.xml: -------------------------------------------------------------------------------- 1 | 2 | ipmi 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /cookbooks/cephco-senta/files/default/libvirt-net-front.xml: -------------------------------------------------------------------------------- 1 | 2 | front 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /cookbooks/cephco-senta/templates/default/libvirt-net-isolated.xml.erb: -------------------------------------------------------------------------------- 1 | 2 | <%= @name %> 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /cookbooks/cephco-senta/files/default/ttyS1.conf: -------------------------------------------------------------------------------- 1 | # ttyS1 - getty 2 | # 3 | # This service maintains a getty on ttyS1 from the point the system is 4 | # started until it is shut down again. 5 | 6 | start on stopped rc RUNLEVEL=[2345] 7 | stop on runlevel [!2345] 8 | 9 | respawn 10 | exec /sbin/getty -8 115200 ttyS1 11 | 12 | -------------------------------------------------------------------------------- /cookbooks/cephco-senta/recipes/default.rb: -------------------------------------------------------------------------------- 1 | package 'qemu-kvm' 2 | package 'libvirt-bin' 3 | package 'virtinst' 4 | package 'ebtables' 5 | package 'python-vm-builder' 6 | 7 | include_recipe "cephco-senta::ssh-keys" 8 | include_recipe "cephco-senta::serial" 9 | include_recipe "cephco-senta::networking" 10 | include_recipe "cephco-senta::libvirt" 11 | -------------------------------------------------------------------------------- /data_bags/ssh-keys/tv_shiny.json: -------------------------------------------------------------------------------- 1 | {"id": "tv_shiny", "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgDkFXxj5EQIWYUcbb/IQfY3R10RtmfOeWwGqs+zuMQUBIRhcGY3FF2x3xtHMPu7mYHSud8VICDJk2Yg6ffYTIMnTES/A2Y/ukFyaVYuMjvkaEXJT2RZW7AppeWaF/muBYFqpEmbccaAsVDR4ZqE3D3exxVGY45VT+6nO68A7iveEwo41hooXfD/xkcseGRe8xKuoFzzPFT0Y5LftQI9YkWljSdAm1Ejxhm3xfKUY7MZj4dIA718wArb0skU/3POAwkgpX96AMeHvNLmsBVQnz0D9N53PTA+JguTBkwR8afNv2oN32rE594/mHX3+7kKoN+xoUxT+c0+e93+Twl99p tv@shiny"} 2 | -------------------------------------------------------------------------------- /data_bags/ssh-keys/tv_dreamer.json: -------------------------------------------------------------------------------- 1 | {"id": "tv_dreamer", "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc7yOXy126/9f/5NLo3/6rGUsGZ/lAifBLzZfYLIum/ED+qj02qlhU07G1is7n8/FK7PgANazFVwSWAuFItoMCp1MhalNi1hansPKBuBotm7RqjFdtutAnKPcPJoiWp2F04Ja/YMq3SoDvDbMeptgBaHRj+KUjRXVPpDojtqM1Fy5EJ06wwh2ocHl3yTJmwZmWBV3iUW7Dpd9lTyXr/uOOhfcbqw1kXliaD6bsXeQAzRazNcr6RbvsLA1fAEt1QMP2/6kk8vhfCy7GZa0Mvh13cSXtU1UXBOJWcSHKuTuB19xBj0PVIDzc6lr1ugAOSAXEC8EQ4OTheWQZmTEvvfJR tv@dreamer"} 2 | -------------------------------------------------------------------------------- /data_bags/ssh-keys/dmick_angus.json: -------------------------------------------------------------------------------- 1 | {"id": "dmick_angus", "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC305rmql/Qm8Si+DFvAs77hSUZakwiXhhAhSetS89bWq3AdPQTL1MUXJHFm3AMzwzb00tndvsl1AUmFseXLfAi87daNcKJdwEj/JvXgcHKzAXOpVRfArHh08JnOumQiP4EoLYvq7rL+3LjEFURKOWJLLnGxh4E+iiJAnxLTG3WuUcnz9kXVTwtmIs60+2yH+gZJkkB04mnivPYjX46sHigoKgtlE2JnQfOU1lBkeZaBeUhoZX2rIKwRyGELPPcUBwHk10izyk6tePLAw9bSWeS9uEaa/m+qa8neJDyR4/hWQNR9yRXp0YjKkiKoFog+qtsBt3xBNzTPsFLxZ5zugmp dmick@angus"} 2 | -------------------------------------------------------------------------------- /cookbooks/cephco-senta/recipes/ssh-keys.rb: -------------------------------------------------------------------------------- 1 | directory '/home/ubuntu/.ssh' do 2 | owner "ubuntu" 3 | group "ubuntu" 4 | mode "0755" 5 | end 6 | 7 | ruby_block "set up ssh keys" do 8 | block do 9 | names = data_bag('ssh-keys') 10 | f = File.open('/home/ubuntu/.ssh/authorized_keys.chef', 'w') do |f| 11 | names.each do |name| 12 | data = data_bag_item('ssh-keys', name) 13 | f.puts(data['key']) 14 | end 15 | end 16 | end 17 | end 18 | 19 | execute "merge authorized ssh keys" do 20 | command <<-'EOH' 21 | set -e 22 | set -- ~ubuntu/.ssh/authorized_keys.chef 23 | if [ -e ~ubuntu/.ssh/authorized_keys ]; then 24 | set -- "$@" ~ubuntu/.ssh/authorized_keys 25 | fi 26 | sort -u -o ~ubuntu/.ssh/authorized_keys.tmp -- "$@" 27 | chown ubuntu:ubuntu -- ~ubuntu/.ssh/authorized_keys.tmp 28 | mv -- ~ubuntu/.ssh/authorized_keys.tmp ~ubuntu/.ssh/authorized_keys 29 | EOH 30 | end 31 | 32 | -------------------------------------------------------------------------------- /solo/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | cd "$(dirname "$0")" 5 | 6 | for package in ruby1.9.1 ruby1.9.1-dev build-essential; do 7 | if [ "$(dpkg --status -- $package|sed -n 's/^Status: //p')" != "install ok installed" ]; then 8 | # add a space after old values 9 | missing="${missing:+$missing }$package" 10 | fi 11 | done 12 | if [ -n "$missing" ]; then 13 | echo "$0: installing missing required packages: $missing" 1>&2 14 | sudo \ 15 | env DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical \ 16 | apt-get \ 17 | -q \ 18 | -o Dpkg::Options::=--force-confnew \ 19 | install \ 20 | --no-install-recommends \ 21 | --assume-yes \ 22 | -- \ 23 | $missing 24 | fi 25 | 26 | CHEF_BIN_DIR="${HOME}/.gem/ruby/1.9.1/bin" 27 | CHEF_BIN="$CHEF_BIN_DIR/chef-solo" 28 | 29 | if [ ! -e "$CHEF_BIN" ]; then 30 | gem1.9.1 install --no-rdoc --no-ri --user-install chef 31 | fi 32 | 33 | sudo "$CHEF_BIN" -c solo.rb -j solo.json 34 | -------------------------------------------------------------------------------- /solo/solo-from-scratch: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This file is not chmod a+x on purpose, to avoid running it 4 | # accidentally. Automation will always run it through 5 | # 6 | # wget -q -O- https://raw.github.com/ceph/cookbook-senta/master/solo/solo-from-scratch | sh 7 | 8 | set -e 9 | 10 | for package in git; do 11 | if [ "$(dpkg --status -- $package|sed -n 's/^Status: //p')" != "install ok installed" ]; then 12 | # add a space after old values 13 | missing="${missing:+$missing }$package" 14 | fi 15 | done 16 | if [ -n "$missing" ]; then 17 | echo "solo-from-scratch: installing missing required packages: $missing" 1>&2 18 | sudo \ 19 | env DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical \ 20 | apt-get \ 21 | -q \ 22 | -o Dpkg::Options::=--force-confnew \ 23 | install \ 24 | --no-install-recommends \ 25 | --assume-yes \ 26 | -- \ 27 | $missing 28 | fi 29 | 30 | SCRATCH="$(mktemp -d --tmpdir 'solo-from-scratch.XXXXXXXXXXXX')" 31 | cd "$SCRATCH" 32 | 33 | cleanup () { 34 | rm -rf "$SCRATCH" 35 | } 36 | 37 | trap cleanup INT TERM EXIT 38 | git init 39 | git pull https://github.com/ceph/cookbook-senta.git 40 | ./solo/run 41 | -------------------------------------------------------------------------------- /cookbooks/cephco-senta/recipes/serial.rb: -------------------------------------------------------------------------------- 1 | execute "enable kernel logging to console" do 2 | command <<-'EOH' 3 | set -e 4 | f=/etc/default/grub 5 | 6 | # if it has a setting, make sure it's to ttyS1 7 | if grep -q '^GRUB_CMDLINE_LINUX=.*".*console=tty0 console=ttyS[01],115200' $f; then sed 's/console=ttyS[01]/console=ttyS1/' <$f >$f.chef; fi 8 | 9 | # if it has no setting, add it 10 | if ! grep -q '^GRUB_CMDLINE_LINUX=.*".* console=tty0 console=ttyS[01],115200.*' $f; then sed 's/^GRUB_CMDLINE_LINUX="$.*$"$/GRUB_CMDLINE_LINUX="\1 console=tty0 console=ttyS1,115200"/' <$f >$f.chef; fi 11 | 12 | # if we did something; move it into place. update-grub done below. 13 | if [ -f $f.chef ] ; then mv $f.chef $f; fi 14 | EOH 15 | end 16 | 17 | execute 'update-grub' do 18 | end 19 | 20 | cookbook_file '/etc/init/ttyS1.conf' do 21 | source 'ttyS1.conf' 22 | mode 0644 23 | owner "root" 24 | group "root" 25 | notifies :start, "service[ttyS1]" 26 | end 27 | 28 | service "ttyS1" do 29 | # Default provider for Ubuntu is Debian, and :enable doesn't work 30 | # for Upstart services unless we change provider. Assume Upstart 31 | provider Chef::Provider::Service::Upstart 32 | action [:enable,:start] 33 | end 34 | -------------------------------------------------------------------------------- /cookbooks/cephco-senta/recipes/networking.rb: -------------------------------------------------------------------------------- 1 | package 'ethtool' 2 | package 'bridge-utils' 3 | 4 | # this is ugly but let's fight that later 5 | 6 | # a true chef person would probably try to put these in node 7 | # attributes, but these are not lovingly crafted nodes, these are 8 | # chef-solo runs, and there's only 4 senta machines.. 9 | 10 | SENTA_MACS = { 11 | 'senta01' => { 12 | '1g1' => '00:25:90:08:0a:fa', 13 | '1g2' => '00:25:90:08:0a:fb', 14 | }, 15 | 'senta02' => { 16 | '1g1' => '00:25:90:08:09:c6', 17 | '1g2' => '00:25:90:08:09:c7', 18 | }, 19 | 'senta03' => { 20 | '1g1' => '00:25:90:08:0a:4c', 21 | '1g2' => '00:25:90:08:0a:4d', 22 | }, 23 | 'senta04' => { 24 | '1g1' => '00:25:90:08:09:d2', 25 | '1g2' => '00:25:90:08:09:d3', 26 | }, 27 | } 28 | 29 | SENTA_IPS = { 30 | 'senta01' => { 31 | 'front' => '10.214.137.31', 32 | 'back' => '10.214.150.31', 33 | }, 34 | 'senta02' => { 35 | 'front' => '10.214.137.32', 36 | 'back' => '10.214.150.32', 37 | }, 38 | 'senta03' => { 39 | 'front' => '10.214.137.33', 40 | 'back' => '10.214.150.33', 41 | }, 42 | 'senta04' => { 43 | 'front' => '10.214.137.34', 44 | 'back' => '10.214.150.34', 45 | }, 46 | } 47 | 48 | cookbook_file '/etc/network/rename-if-by-mac' do 49 | backup false 50 | owner 'root' 51 | group 'root' 52 | mode 0755 53 | end 54 | 55 | 56 | # generate a .chef file from a template, and then be extra careful in 57 | # swapping it in place; effecting changes over ssh is DANGEROUS, 58 | # please have a serial console handy 59 | template '/etc/network/interfaces.chef' do 60 | source 'interfaces.erb' 61 | mode 0644 62 | variables( 63 | 'macs' => SENTA_MACS[node['hostname']], 64 | 'ips' => SENTA_IPS[node['hostname']], 65 | ) 66 | end 67 | 68 | execute "activate network config" do 69 | command <<-'EOH' 70 | set -e 71 | ifdown -a 72 | mv /etc/network/interfaces.chef /etc/network/interfaces 73 | ifup -a 74 | EOH 75 | # don't run the ifdown/ifup if there's no change to the file 76 | not_if "cmp /etc/network/interfaces.chef /etc/network/interfaces" 77 | end 78 | -------------------------------------------------------------------------------- /cookbooks/cephco-senta/files/default/rename-if-by-mac: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | # nameif is not useful when virtual interfaces are inheriting the mac 4 | # from the physical interface; e.g. after a "ip link add link ... name 5 | # ... type vlan id ...", it will try to rename the vlan interface, 6 | # collides with the physical interface, and aborts 7 | 8 | import argparse 9 | import os 10 | import re 11 | import subprocess 12 | import sys 13 | 14 | PROG = os.path.basename(sys.argv[0]) 15 | 16 | class Fail(SystemExit): 17 | def __init__(self, msg, **kwargs): 18 | msg = msg.format(**kwargs) 19 | super(Fail, self).__init__('{prog}: {msg}'.format( 20 | prog=PROG, 21 | msg=msg, 22 | )) 23 | 24 | LINK_RE = re.compile(r""" 25 | # ifindex 26 | ^\d+:[ ] 27 | # iface name 28 | (?P.*?):[ ] 29 | # uninteresting 30 | .*[ ] 31 | # mac address 32 | link/ether\ (?P[0-9a-f][0-9a-f](?::[0-9a-f][0-9a-f]){5}) 33 | # tailing uninterestingness 34 | [ ] 35 | """, re.MULTILINE|re.VERBOSE) 36 | 37 | def get_state(): 38 | output = subprocess.check_output(['ip', '-o', 'link', 'show']) 39 | matches = LINK_RE.findall(output) 40 | links = dict(matches) 41 | return links 42 | 43 | 44 | def main(): 45 | parser = argparse.ArgumentParser( 46 | description='Rename interface based on MAC address', 47 | ) 48 | parser.add_argument( 49 | 'iface', 50 | help='Desired interface name', 51 | ) 52 | parser.add_argument( 53 | 'mac', 54 | help='MAC address to look for', 55 | ) 56 | args = parser.parse_args() 57 | 58 | state = get_state() 59 | 60 | cur = state.get(args.iface) 61 | if cur is not None: 62 | if cur != args.mac: 63 | raise Fail( 64 | 'Interface exists with wrong MAC: {iface} {mac}', 65 | iface=args.iface, 66 | mac=cur, 67 | ) 68 | 69 | # all done here 70 | return 71 | 72 | # no interface by that name exists currently; look for it 73 | candidates = [iface 74 | for (iface,mac) in state.iteritems() 75 | if mac == args.mac] 76 | if not candidates: 77 | raise Fail( 78 | 'Cannot find any interface with MAC: {mac}', 79 | mac=args.mac, 80 | ) 81 | 82 | if len(candidates) > 1: 83 | only_eth = [iface 84 | for iface in candidates 85 | if iface.startswith('eth')] 86 | if only_eth: 87 | candidates = only_eth 88 | 89 | if len(candidates) > 1: 90 | raise Fail( 91 | 'Several candidate interfaces, aborting: {ifaces}', 92 | ifaces=' '.join(candidates), 93 | ) 94 | 95 | # and finally do it 96 | iface = candidates[0] 97 | os.execvp('ip', ['ip', 'link', 'set', iface, 'name', args.iface]) 98 | 99 | if __name__ == '__main__': 100 | import sys 101 | sys.exit(main()) 102 | -------------------------------------------------------------------------------- /cookbooks/cephco-senta/recipes/libvirt.rb: -------------------------------------------------------------------------------- 1 | # workaround for bug https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1018956 2 | execute 'set up libvirt pool default' do 3 | command <<-'EOH' 4 | set -e 5 | if ! virsh pool-uuid default >/dev/null 2>/dev/null; then 6 | # does not exist 7 | virsh pool-define-as --name default dir --target /var/lib/libvirt/images 8 | fi 9 | virsh -q pool-info default | while read line; do 10 | case "$line" in 11 | State:\ *inactive) 12 | virsh pool-start default 13 | ;; 14 | Autostart:\ *no) 15 | virsh pool-autostart default 16 | ;; 17 | esac 18 | done 19 | EOH 20 | end 21 | 22 | directory '/srv/chef' do 23 | owner 'root' 24 | group 'root' 25 | mode 0755 26 | end 27 | 28 | cookbook_file '/srv/chef/libvirt-net-pub.xml' do 29 | owner 'root' 30 | group 'root' 31 | mode 0644 32 | end 33 | 34 | execute 'set up libvirt network pub' do 35 | command <<-'EOH' 36 | set -e 37 | if ! virsh net-uuid pub >/dev/null 2>/dev/null; then 38 | # does not exist 39 | virsh net-define /srv/chef/libvirt-net-pub.xml 40 | fi 41 | virsh -q net-info pub | while read line; do 42 | case "$line" in 43 | Active:\ *no) 44 | virsh net-start pub 45 | ;; 46 | Autostart:\ *no) 47 | virsh net-autostart pub 48 | ;; 49 | esac 50 | done 51 | EOH 52 | end 53 | 54 | cookbook_file '/srv/chef/libvirt-net-front.xml' do 55 | owner 'root' 56 | group 'root' 57 | mode 0644 58 | end 59 | 60 | cookbook_file '/srv/chef/libvirt-net-ipmi.xml' do 61 | owner 'root' 62 | group 'root' 63 | mode 0644 64 | end 65 | 66 | execute 'set up libvirt network front' do 67 | command <<-'EOH' 68 | set -e 69 | if ! virsh net-uuid front >/dev/null 2>/dev/null; then 70 | # does not exist 71 | virsh net-define /srv/chef/libvirt-net-front.xml 72 | fi 73 | virsh -q net-info front | while read line; do 74 | case "$line" in 75 | Active:\ *no) 76 | virsh net-start front 77 | ;; 78 | Autostart:\ *no) 79 | virsh net-autostart front 80 | ;; 81 | esac 82 | done 83 | EOH 84 | end 85 | 86 | execute 'set up libvirt network ipmi' do 87 | command <<-'EOH' 88 | set -e 89 | if ! virsh net-uuid ipmi >/dev/null 2>/dev/null; then 90 | # does not exist 91 | virsh net-define /srv/chef/libvirt-net-ipmi.xml 92 | fi 93 | virsh -q net-info ipmi | while read line; do 94 | case "$line" in 95 | Active:\ *no) 96 | virsh net-start ipmi 97 | ;; 98 | Autostart:\ *no) 99 | virsh net-autostart ipmi 100 | ;; 101 | esac 102 | done 103 | EOH 104 | end 105 | 106 | 107 | execute 'allow libvirt for user ubuntu' do 108 | command <<-'EOH' 109 | set -e 110 | gpasswd -a ubuntu libvirtd 111 | EOH 112 | end 113 | 114 | 115 | # TODO refactor into a libvirt_interface LWR? 116 | [0, 1, 2, 3, 4, 5, 6, 7, 8, 9].each do |num| 117 | 118 | template "/srv/chef/libvirt-net-isolated#{num}.xml" do 119 | source 'libvirt-net-isolated.xml.erb' 120 | owner 'root' 121 | group 'root' 122 | mode 0644 123 | variables( 124 | 'name' => "isolated#{num}", 125 | ) 126 | end 127 | 128 | execute "set up libvirt network isolated#{num}" do 129 | environment ({ 130 | 'NET' => "isolated#{num}", 131 | }) 132 | command <<-'EOH' 133 | set -e 134 | if ! virsh net-uuid "$NET" >/dev/null 2>/dev/null; then 135 | # does not exist 136 | virsh net-define /srv/chef/libvirt-net-"$NET".xml 137 | fi 138 | virsh -q net-info "$NET" | while read line; do 139 | case "$line" in 140 | Active:\ *no) 141 | virsh net-start "$NET" 142 | ;; 143 | Autostart:\ *no) 144 | virsh net-autostart "$NET" 145 | ;; 146 | esac 147 | done 148 | EOH 149 | end 150 | 151 | end 152 | -------------------------------------------------------------------------------- /cookbooks/cephco-senta/templates/default/interfaces.erb: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED with Chef, DO NOT EDIT 2 | 3 | # The loopback network interface 4 | auto lo 5 | iface lo inet loopback 6 | 7 | 8 | auto 1g1 9 | iface 1g1 inet manual 10 | pre-up /etc/network/rename-if-by-mac -- "$IFACE" <%= @macs['1g1'] %> 11 | pre-up ip link set dev "$IFACE" up 12 | 13 | auto br-front 14 | iface br-front inet static 15 | bridge_ports 1g1 16 | bridge_fd 9 17 | bridge_hello 2 18 | bridge_maxage 12 19 | bridge_stp off 20 | # "front" is special: instead of just the vlan trunk, it has a 21 | # native vlan for PXE; this IP address is useful for SSH 22 | address <%= @ips['front'] %> 23 | netmask 255.255.240.0 24 | gateway 10.214.128.1 25 | dns-domain sepia.ceph.com 26 | dns-search front.sepia.ceph.com 27 | dns-nameservers 8.8.8.8 8.8.4.4 28 | 29 | 30 | # "back" side: trunk with no native vlan 31 | auto 1g2 32 | iface 1g2 inet manual 33 | pre-up /etc/network/rename-if-by-mac -- "$IFACE" <%= @macs['1g2'] %> 34 | # ixgbe README warns against bridging/routing and LRO/GRO 35 | # http://downloadmirror.intel.com/14687/eng/README.txt 36 | pre-up ethtool -K "$IFACE" gro off lro off 37 | pre-up ip link set dev "$IFACE" up 38 | 39 | auto vlan-back 40 | iface vlan-back inet manual 41 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 2214 42 | pre-up ip link set dev "$IFACE" up 43 | pre-down ip link delete "$IFACE" 44 | 45 | auto br-back 46 | iface br-back inet static 47 | bridge_ports vlan-back 48 | bridge_fd 9 49 | bridge_hello 2 50 | bridge_maxage 12 51 | bridge_stp off 52 | address <%= @ips['back'] %> 53 | netmask 255.255.240.0 54 | 55 | # "ipmi": trunked on same 10G interface as "back". No IP setup; 56 | # VMs will attach to the bridge and set up IP for themselves 57 | auto vlan-ipmi 58 | iface vlan-ipmi inet manual 59 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 414 60 | pre-up ip link set dev "$IFACE" up 61 | pre-down ip link delete "$IFACE" 62 | 63 | auto br-ipmi 64 | iface br-ipmi inet manual 65 | bridge_ports vlan-ipmi 66 | bridge_fd 9 67 | bridge_hello 2 68 | bridge_maxage 12 69 | bridge_stp off 70 | up ip link set dev "$IFACE" up 71 | pre-down ip link set dev "$IFACE" down 72 | 73 | # "pub": trunked on same 10G interface as "back". No IP setup; 74 | # VMs will attach to the bridge and set up IP for themselves 75 | auto vlan-pub 76 | iface vlan-pub inet manual 77 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 146 78 | pre-up ip link set dev "$IFACE" up 79 | pre-down ip link delete "$IFACE" 80 | 81 | auto br-pub 82 | iface br-pub inet manual 83 | bridge_ports vlan-pub 84 | bridge_fd 9 85 | bridge_hello 2 86 | bridge_maxage 12 87 | bridge_stp off 88 | up ip link set dev "$IFACE" up 89 | pre-down ip link set dev "$IFACE" down 90 | 91 | # "isolatedN": trunked on same 10G interface as "back". No IP setup; 92 | # VMs will attach to the bridge and set up IP for themselves 93 | auto vlan-isolated0 94 | iface vlan-isolated0 inet manual 95 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 1000 96 | pre-up ip link set dev "$IFACE" up 97 | pre-down ip link delete "$IFACE" 98 | 99 | auto br-isolated0 100 | iface br-isolated0 inet manual 101 | bridge_ports vlan-isolated0 102 | bridge_fd 9 103 | bridge_hello 2 104 | bridge_maxage 12 105 | bridge_stp off 106 | up ip link set dev "$IFACE" up 107 | pre-down ip link set dev "$IFACE" down 108 | 109 | auto vlan-isolated1 110 | iface vlan-isolated1 inet manual 111 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 1001 112 | pre-up ip link set dev "$IFACE" up 113 | pre-down ip link delete "$IFACE" 114 | 115 | auto br-isolated1 116 | iface br-isolated1 inet manual 117 | bridge_ports vlan-isolated1 118 | bridge_fd 9 119 | bridge_hello 2 120 | bridge_maxage 12 121 | bridge_stp off 122 | up ip link set dev "$IFACE" up 123 | pre-down ip link set dev "$IFACE" down 124 | 125 | auto vlan-isolated2 126 | iface vlan-isolated2 inet manual 127 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 1002 128 | pre-up ip link set dev "$IFACE" up 129 | pre-down ip link delete "$IFACE" 130 | 131 | auto br-isolated2 132 | iface br-isolated2 inet manual 133 | bridge_ports vlan-isolated2 134 | bridge_fd 9 135 | bridge_hello 2 136 | bridge_maxage 12 137 | bridge_stp off 138 | up ip link set dev "$IFACE" up 139 | pre-down ip link set dev "$IFACE" down 140 | 141 | auto vlan-isolated3 142 | iface vlan-isolated3 inet manual 143 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 1003 144 | pre-up ip link set dev "$IFACE" up 145 | pre-down ip link delete "$IFACE" 146 | 147 | auto br-isolated3 148 | iface br-isolated3 inet manual 149 | bridge_ports vlan-isolated3 150 | bridge_fd 9 151 | bridge_hello 2 152 | bridge_maxage 12 153 | bridge_stp off 154 | up ip link set dev "$IFACE" up 155 | pre-down ip link set dev "$IFACE" down 156 | 157 | auto vlan-isolated4 158 | iface vlan-isolated4 inet manual 159 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 1004 160 | pre-up ip link set dev "$IFACE" up 161 | pre-down ip link delete "$IFACE" 162 | 163 | auto br-isolated4 164 | iface br-isolated4 inet manual 165 | bridge_ports vlan-isolated4 166 | bridge_fd 9 167 | bridge_hello 2 168 | bridge_maxage 12 169 | bridge_stp off 170 | up ip link set dev "$IFACE" up 171 | pre-down ip link set dev "$IFACE" down 172 | 173 | auto vlan-isolated5 174 | iface vlan-isolated5 inet manual 175 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 1005 176 | pre-up ip link set dev "$IFACE" up 177 | pre-down ip link delete "$IFACE" 178 | 179 | auto br-isolated5 180 | iface br-isolated5 inet manual 181 | bridge_ports vlan-isolated5 182 | bridge_fd 9 183 | bridge_hello 2 184 | bridge_maxage 12 185 | bridge_stp off 186 | up ip link set dev "$IFACE" up 187 | pre-down ip link set dev "$IFACE" down 188 | 189 | auto vlan-isolated6 190 | iface vlan-isolated6 inet manual 191 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 1006 192 | pre-up ip link set dev "$IFACE" up 193 | pre-down ip link delete "$IFACE" 194 | 195 | auto br-isolated6 196 | iface br-isolated6 inet manual 197 | bridge_ports vlan-isolated6 198 | bridge_fd 9 199 | bridge_hello 2 200 | bridge_maxage 12 201 | bridge_stp off 202 | up ip link set dev "$IFACE" up 203 | pre-down ip link set dev "$IFACE" down 204 | 205 | auto vlan-isolated7 206 | iface vlan-isolated7 inet manual 207 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 1007 208 | pre-up ip link set dev "$IFACE" up 209 | pre-down ip link delete "$IFACE" 210 | 211 | auto br-isolated7 212 | iface br-isolated7 inet manual 213 | bridge_ports vlan-isolated7 214 | bridge_fd 9 215 | bridge_hello 2 216 | bridge_maxage 12 217 | bridge_stp off 218 | up ip link set dev "$IFACE" up 219 | pre-down ip link set dev "$IFACE" down 220 | 221 | auto vlan-isolated8 222 | iface vlan-isolated8 inet manual 223 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 1008 224 | pre-up ip link set dev "$IFACE" up 225 | pre-down ip link delete "$IFACE" 226 | 227 | auto br-isolated8 228 | iface br-isolated8 inet manual 229 | bridge_ports vlan-isolated8 230 | bridge_fd 9 231 | bridge_hello 2 232 | bridge_maxage 12 233 | bridge_stp off 234 | up ip link set dev "$IFACE" up 235 | pre-down ip link set dev "$IFACE" down 236 | 237 | auto vlan-isolated9 238 | iface vlan-isolated9 inet manual 239 | pre-up ip link add link 1g2 name "$IFACE" type vlan id 1009 240 | pre-up ip link set dev "$IFACE" up 241 | pre-down ip link delete "$IFACE" 242 | 243 | auto br-isolated9 244 | iface br-isolated9 inet manual 245 | bridge_ports vlan-isolated9 246 | bridge_fd 9 247 | bridge_hello 2 248 | bridge_maxage 12 249 | bridge_stp off 250 | up ip link set dev "$IFACE" up 251 | pre-down ip link set dev "$IFACE" down 252 | --------------------------------------------------------------------------------