Perry Myers
2008-Nov-09 07:50 UTC
[Ovirt-devel] [PATCH recipe] Changes to support removal of second network interface on the appliance
Old appliance had:
eth0 - libvirt default network (used for forwarding and upstream access)
eth1 - ovirtbr0 for fake node access and bridging to oVirt network
The forwarding/NAT and upstream access has been merged into ovirtbr0
eliminating the need for eth0/default. So eth0 becomes bridged
to ovirtbr0 and eth1 is removed.
To support this, the create-ovirt-appliance script needs to be
modified to set up the host network appropriately. This is done
in a related patch in the ovirt-appliance repo.
The appliance is no longer used as a gateway, the host is the
default gateway. So the sections for NAT are removed from the puppet
config.
Signed-off-by: Perry Myers <pmyers at redhat.com>
---
appliances/ovirt/files/ovirt-server-appliance | 6 +++---
appliances/ovirt/ovirt.pp.in | 19 ++-----------------
2 files changed, 5 insertions(+), 20 deletions(-)
diff --git a/appliances/ovirt/files/ovirt-server-appliance
b/appliances/ovirt/files/ovirt-server-appliance
index 5cf530d..4dabce0 100644
--- a/appliances/ovirt/files/ovirt-server-appliance
+++ b/appliances/ovirt/files/ovirt-server-appliance
@@ -12,7 +12,7 @@ TARGET_ID=32101
start() {
echo -n "Starting ovirt-server-appliance: "
- dnsmasq -i eth1 -F 192.168.50.6,192.168.50.252 \
+ dnsmasq -i eth0 -F 192.168.50.6,192.168.50.252 \
-G 00:16:3e:12:34:57,192.168.50.3 -G 00:16:3e:12:34:58,192.168.50.4 \
-G 00:16:3e:12:34:59,192.168.50.5 \
-s priv.ovirt.org \
@@ -23,9 +23,9 @@ start() {
-W _qpidd._tcp,management.priv.ovirt.org,5672 \
-W _identify._tcp,management.priv.ovirt.org,12120 \
--enable-tftp --tftp-root=/var/lib/tftpboot -M pxelinux.0 \
- -O option:router,192.168.50.2 -O option:ntp-server,192.168.50.2 \
+ -O option:router,192.168.50.1 -O option:ntp-server,192.168.50.2 \
--dhcp-option=12 \
- -R --local /priv.ovirt.org/ --server 192.168.122.1
+ -R --local /priv.ovirt.org/ --server 192.168.50.1
# Set up the fake iscsi target
tgtadm --lld iscsi --op new --mode target --tid $TARGET_ID \
diff --git a/appliances/ovirt/ovirt.pp.in b/appliances/ovirt/ovirt.pp.in
index 299a11d..ab52d57 100644
--- a/appliances/ovirt/ovirt.pp.in
+++ b/appliances/ovirt/ovirt.pp.in
@@ -46,8 +46,8 @@ postgres::setup{$appliance_name:}
firewall::setup{$appliance_name: status => "enabled"}
$net_changes = [
- "set /files/etc/sysconfig/network-scripts/ifcfg-eth0/PEERDNS no",
- "set /files/etc/sysconfig/network-scripts/ifcfg-eth1/DNS1
192.168.50.2"
+ "set /files/etc/sysconfig/network-scripts/ifcfg-eth0/DNS1
192.168.50.2",
+ "set /files/etc/sysconfig/network-scripts/ifcfg-eth0/GATEWAY
192.168.50.1"
]
augeas {"network_scripts":
@@ -96,14 +96,6 @@ file {"/boot/grub/splash.xpm.gz":
source => "puppet:///ovirt/ovirt-splash.xpm.gz"
}
-firewall_rule {"ovirt_nat":
- table => "nat",
- chain => "POSTROUTING",
- out_interface => "eth0",
- action => "MASQUERADE",
- protocol => ''
-}
-
firewall_rule {"ssh": destination_port => '22'}
firewall_rule {"http": destination_port => '80'}
firewall_rule {"https": destination_port => '443'}
@@ -129,13 +121,6 @@ firewall_rule {"krb5kdc": destination_port =>
'88', protocol => 'udp'}
firewall_rule {"cobblerd": destination_port => "25150"}
firewall_rule {"cobblerd-mgmt": destination_port =>
"25151"}
-file_replacement{"nat_forwarding" :
- file => "/etc/sysctl.conf",
- pattern => "^net.ipv4.ip_forward = .*",
- replacement => "net.ipv4.ip_forward = 1",
- notify => Service[network]
-}
-
service {"nfs":
ensure => "running",
enable => true,
--
1.6.0.3
Perry Myers
2008-Nov-09 07:50 UTC
[Ovirt-devel] [PATCH appliance] Refactor the create-ovirt-appliance script into several scripts
Separated out several independent functions from ovirt-create-appliance:
- installing the appliance image from the appliance packaging
- creating the appliance in libvirt
- creating the fake nodes
- setting up the host networking to support running the appliance
Along with these changes also made it so that the appliance and
fake nodes are created using virt-image from the appliance-creator
or from virt-install and changed so that only a single network
(ovirtbr0) is required for the appliance and fake nodes.
Signed-off-by: Perry Myers <pmyers at redhat.com>
---
Makefile.am | 4 +
create-ovirt-appliance | 329 ++++----------------------------------------
create-ovirt-network | 139 +++++++++++++++++++
create-ovirt-nodes | 49 +++++++
get-ovirt-appliance | 93 +++++++++++++
ovirt-appliance-functions | 169 +++++++++++++++++++++++
ovirt-appliance.ks | 4 +-
7 files changed, 485 insertions(+), 302 deletions(-)
create mode 100755 create-ovirt-network
create mode 100755 create-ovirt-nodes
create mode 100755 get-ovirt-appliance
create mode 100644 ovirt-appliance-functions
diff --git a/Makefile.am b/Makefile.am
index 61df672..f6a9b69 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -30,6 +30,10 @@ NVR = $(PACKAGE)-$(VERSION)-$(ARCH)
EXTRA_DIST = \
.gitignore \
create-$(PACKAGE) \
+ create-ovirt-network \
+ create-ovirt-nodes \
+ get-$(PACKAGE) \
+ $(PACKAGE)-functions \
gettree.sh \
$(PACKAGE).ks \
$(PACKAGE).spec \
diff --git a/create-ovirt-appliance b/create-ovirt-appliance
index 9454377..3d6fae9 100755
--- a/create-ovirt-appliance
+++ b/create-ovirt-appliance
@@ -1,44 +1,42 @@
#!/bin/bash
-
-PATH=$PATH:/sbin:/usr/sbin
-
-ME=$(basename "$0")
-warn() { printf '%s: %s\n' "$ME" "$*" >&2; }
-try_h() { printf "Try \`$ME -h' for more information.\n"
>&2; }
-die() { warn "$@"; try_h; exit 1; }
-
-RAM=768
-
-IMGDIR_DEFAULT=/var/lib/libvirt/images
-NAME_DEFAULT=ovirt-appliance
-NET_SCRIPTS=/etc/sysconfig/network-scripts
-BRIDGENAME=ovirtbr0
-NET_TYPE=network
-
-NODE_DISK_SIZE=128M
-NODE_DISK_FMT=raw
-
-imgdir=$IMGDIR_DEFAULT
-name=$NAME_DEFAULT
+#
+# Create oVirt Appliance
+# Copyright 2008 Red Hat, Inc.
+# Written by Perry Myers <pmyers at redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Library General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+. $(dirname $0)/ovirt-appliance-functions
usage() {
case $# in 1) warn "$1"; try_h; exit 1;; esac
cat <<EOF
-Usage: $ME [-d image_dir] [-n name] [-e eth]
+Usage: $ME [-d image_dir] [-n name] [-c]
-d: directory to place virtual disk (default: $IMGDIR_DEFAULT)
-n: appliance name (default: $NAME_DEFAULT)
- -e: ethernet device to use as bridge (i.e. eth1)
+ -c: open console when appliance is started
-h: display this help and exit
EOF
}
err=0 help=0
-bridge-while getopts :d:e:n:h c; do
+console=0
+while getopts :d:n:ch c; do
case $c in
d) imgdir=$OPTARG;;
- e) bridge=$OPTARG;;
n) name=$OPTARG;;
+ c) console=1;;
h) help=1;;
'?') err=1; warn "invalid option: \`-$OPTARG'";;
:) err=1; warn "missing argument to \`-$OPTARG' option";;
@@ -48,282 +46,15 @@ done
test $err = 1 && { try_h; exit 1; }
test $help = 1 && { usage; exit 0; }
-gen_bridge() {
- local name=$1
- cat << EOF
-<network>
- <name>$name</name>
- <bridge name="$name" stp="off"
forwardDelay="0" />
- <ip address="192.168.50.1"
netmask="255.255.255.0"/>
-</network>
-EOF
-}
-
-gen_fake_managed_node() {
- local num=$1
- local disk=$2
- local last_mac=$(( 54 + $num ))
-
- cat <<EOF
-<domain type='kvm'>
- <name>node$num</name>
- <uuid>25ab2490-7c4c-099f-b647-${num}5ff8efa73f6</uuid>
- <memory>524288</memory>
- <currentMemory>524288</currentMemory>
- <vcpu>1</vcpu>
- <os>
- <type>hvm</type>
- <boot dev='network'/>
- </os>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>destroy</on_crash>
- <devices>
- <emulator>$KVM_BINARY</emulator>
- <disk type='file' device='disk'>
- <source file='$disk'/>
- <target dev='hda'/>
- </disk>
- <interface type='$NET_TYPE'>
- <mac address='00:16:3e:12:34:$last_mac'/>
- <source $NET_TYPE='$BRIDGENAME'/>
- </interface>
- <serial type='pty'>
- <target port='0'/>
- </serial>
- <console type='pty'>
- <target port='0'/>
- </console>
- <input type='mouse' bus='ps2'/>
- <graphics type='vnc' port='-1'
listen='127.0.0.1'/>
- </devices>
-</domain>
-EOF
-}
-
-gen_app() {
- local name=$1
- local disk=$2
- local ram=$3
-
- cat<<EOF
-<domain type='kvm'>
- <name>$name</name>
- <memory>$(( $ram * 1024 ))</memory>
- <currentMemory>$(( $ram * 1024 ))</currentMemory>
- <vcpu>1</vcpu>
- <os>
- <type>hvm</type>
- <boot dev='hd'/>
- </os>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>destroy</on_crash>
- <devices>
- <emulator>$KVM_BINARY</emulator>
- <disk type='file' device='disk'>
- <source file='$disk'/>
- <target dev='hda'/>
- </disk>
- <interface type='network'>
- <source network='default'/>
- <model type='virtio'/>
- </interface>
- <interface type='$NET_TYPE'>
- <source $NET_TYPE='$BRIDGENAME'/>
- <model type='virtio'/>
- </interface>
- <serial type='pty'>
- <target port='0'/>
- </serial>
- <console type='pty'>
- <target port='0'/>
- </console>
- <input type='mouse' bus='ps2'/>
- <graphics type='vnc' port='-1'
listen='127.0.0.1'/>
- </devices>
-</domain>
-EOF
-}
-
-net_debug() {
- # Some output for debugging problems
- echo "Currently active bridges:"
- echo "-------------------------"
- brctl show
- echo
- echo "Currently defined libvirt networks:"
- echo "-----------------------------------"
- virsh net-list --all
- echo
-}
-
-# first, check to see we are root
-if [ $( id -u ) -ne 0 ]; then
- die "Must run as root"
-fi
-
-# now make sure the packages we need are installed
-if [ -e /etc/redhat-release ]; then
- # We rely on RPM deps for this in Red Hat/Fedora systems
- CHECK=0
- KVM_BINARY=/usr/bin/qemu-kvm
-elif [ -e /etc/debian_version ]; then
- # Works in Ubuntu 8.04. Still needs testing in Debian
- PACKAGES="libvirt0 libvirt-bin kvm qemu"
- CHECK=$(dpkg -l $PACKAGES &> /dev/null; echo $?)
- KVM_BINARY=/usr/bin/kvm
-else
- die "Not a supported system"
-fi
-
-if [ $CHECK -ne 0 ]; then
- # one of the previous packages wasn't installed; bail out
- die "Must have the $PACKAGES packages installed"
-fi
-
-service libvirtd status > /dev/null 2>&1 \
- || service libvirtd start > /dev/null 2>&1
-chkconfig libvirtd on
-
-# Cleanup to handle older version of script that used these bridge names
-{
- virsh net-destroy dummybridge
- virsh net-undefine dummybridge
- brctl delif eth1bridge eth1
- virsh net-destroy eth1bridge
- virsh net-undefine eth1bridge
- old_bridge=$(brctl show \
- | awk -v BRIDGENAME=ovirtbr '$1==BRIDGENAME {print $4}')
- if [ -n "$old_bridge" ]; then
- ifconfig $old_bridge down
- fi
- brctl delif ovirtbr $old_bridge
- virsh net-destroy ovirtbr
- virsh net-undefine ovirtbr
- sed -i "/# ovirtbr$/d" /etc/rc.d/rc.local
-} > /dev/null 2>&1
-
-net_debug
-
-# If we're bridging to a physical network, run some checks to make sure the
-# choice of physical eth device is sane
-if [ -n "$bridge" ]; then
- NET_TYPE=bridge
- # Check to see if the physical device is present
- ifconfig $bridge > /dev/null 2>&1 ; bridge_dev_present=$?
- test $bridge_dev_present != 0 \
- && die "$bridge device not present, aborting!"
-
- # Check to see if the eth device is already tied to a non oVirt bridge
- attached_bridge=$(brctl show \
- | awk -v BRIDGE=$bridge '$4~BRIDGE {print $1}')
- test -n "$attached_bridge" -a "$attached_bridge" !=
"$BRIDGENAME" \
- && die "$bridge already attached to other bridge
$attached_bridge"
-
- # Check to make sure that the system is not already using the interface
- if test -f $NET_SCRIPTS/ifcfg-$bridge ; then
- echo "$NET_SCRIPTS/ifcfg-$bridge is present, are you sure you wish
to"
- echo "overwrite this file? [y/N]? "
- read yesno
-
- if [ "$yesno" != "y" -a "$yesno" !=
"Y" ]; then
- exit 2
- fi
- fi
-fi
-
mkdir -p $imgdir
-# define the fake managed nodes we will use.
-for i in `seq 3 5` ; do
- imgname="node${i}.img"
- if [ ! -f $imgdir/$imgname ]; then
- qemu-img create -f $NODE_DISK_FMT $imgdir/$imgname $NODE_DISK_SIZE
- fi
- virsh destroy node$i >& /dev/null
- virsh undefine node$i >& /dev/null
- TMPXML=$(mktemp)
- gen_fake_managed_node $i $imgdir/$imgname > $TMPXML
- virsh define $TMPXML
- rm $TMPXML
-done
-
-# Remove old bridge device if it exists
-sed -i "/# $BRIDGENAME/d" /etc/rc.d/rc.local
-old_bridge=$(brctl show \
- | awk -v BRIDGENAME=$BRIDGENAME '$1==BRIDGENAME {print $4}')
-if [ -n "$old_bridge" ]; then
- echo "Removing old bridge $old_bridge"
- ifconfig $old_bridge down
- brctl delif $BRIDGENAME $old_bridge
- rm -f $NET_SCRIPTS/ifcfg-$old_bridge
-fi
-
-{
-echo "Removing $BRIDGENAME"
-virsh net-destroy $BRIDGENAME
-virsh net-undefine $BRIDGENAME
-ifconfig $BRIDGENAME down
-brctl delbr $BRIDGENAME
-rm -fv $NET_SCRIPTS/ifcfg-$BRIDGENAME
-echo "Done Removing $BRIDGENAME"
-} 2> /dev/null
-
-if [ -n "$bridge" ]; then
- # real external bridge, use distro networking scripts
- ifconfig $bridge down 2> /dev/null
- TMPAUG=$(mktemp) || exit 1
- cat > $TMPAUG <<EOF
-rm /files$NET_SCRIPTS/ifcfg-$bridge
-set /files$NET_SCRIPTS/ifcfg-$bridge/DEVICE $bridge
-set /files$NET_SCRIPTS/ifcfg-$bridge/ONBOOT yes
-set /files$NET_SCRIPTS/ifcfg-$bridge/BRIDGE $BRIDGENAME
-rm /files$NET_SCRIPTS/ifcfg-$BRIDGENAME
-set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/DEVICE $BRIDGENAME
-set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/BOOTPROTO static
-set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/ONBOOT y
-set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/TYPE Bridge
-set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/PEERNTP yes
-set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/IPADDR 192.168.50.1
-set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/NETMASK 255.255.255.0
-set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/DELAY 0
-save
-EOF
- augtool < $TMPAUG
- ifup $BRIDGENAME
- ifup $bridge
-else
- # internal bridge only, use libvirt networking
- TMPXML=$(mktemp) || exit 1
- gen_bridge $BRIDGENAME > $TMPXML
- virsh net-define $TMPXML
- rm $TMPXML
- virsh net-start $BRIDGENAME
- virsh net-autostart $BRIDGENAME
-fi
-
-net_debug
-
-# Cleanup to handle older version of script that used these domain names
-{
- virsh destroy developer
- virsh undefine developer
- virsh destroy bundled
- virsh undefine bundled
-} > /dev/null 2>&1
+appdisk=$name-sda.$DISK_FMT
+datadisk=$name-sdb.$DISK_FMT
-imgname=$name.img
-test ! -r $imgdir/$imgname && die "Disk image not found at
$imgdir/$imgname"
+test ! -r $imgdir/$appdisk && die "Disk image not found at
$imgdir/$appdisk"
+test ! -r $imgdir/$datadisk && die "Disk image not found at
$imgdir/$datadisk"
virsh destroy $name > /dev/null 2>&1
virsh undefine $name > /dev/null 2>&1
-TMPXML=$(mktemp) || exit 1
-# FIXME virt-image to define the appliance instance
-gen_app $name $imgdir/$imgname $RAM > $TMPXML
-virsh define $TMPXML
-rm $TMPXML
-echo "Application defined using disk located at $imgdir/$imgname."
-echo "Run virsh start $name to start the appliance"
+virt-image -b $BRIDGENAME $imgdir/$name.xml
+test $console = 1 && virsh console $name
diff --git a/create-ovirt-network b/create-ovirt-network
new file mode 100755
index 0000000..a8c67c7
--- /dev/null
+++ b/create-ovirt-network
@@ -0,0 +1,139 @@
+#!/bin/bash
+
+. $(dirname $0)/ovirt-appliance-functions
+
+usage() {
+ case $# in 1) warn "$1"; try_h; exit 1;; esac
+ cat <<EOF
+Usage: $ME [-e eth]
+ -e: ethernet device to use as bridge (i.e. eth1)
+ -h: display this help and exit
+EOF
+}
+
+err=0 help=0
+bridge+while getopts :e:h c; do
+ case $c in
+ e) bridge=$OPTARG;;
+ h) help=1;;
+ '?') err=1; warn "invalid option: \`-$OPTARG'";;
+ :) err=1; warn "missing argument to \`-$OPTARG' option";;
+ *) err=1; warn "internal error: \`-$OPTARG' not
handled";;
+ esac
+done
+test $err = 1 && { try_h; exit 1; }
+test $help = 1 && { usage; exit 0; }
+
+cleanup_old_nets
+
+net_debug
+
+# If we're bridging to a physical network, run some checks to make sure the
+# choice of physical eth device is sane
+if [ -n "$bridge" ]; then
+ # Check to see if the physical device is present
+ ifconfig $bridge > /dev/null 2>&1 ; bridge_dev_present=$?
+ test $bridge_dev_present != 0 \
+ && die "$bridge device not present, aborting!"
+
+ # Check to see if the eth device is already tied to a non oVirt bridge
+ attached_bridge=$(brctl show \
+ | awk -v BRIDGE=$bridge '$4~BRIDGE {print $1}')
+ test -n "$attached_bridge" -a "$attached_bridge" !=
"$BRIDGENAME" \
+ && die "$bridge already attached to other bridge
$attached_bridge"
+
+ # Check to make sure that the system is not already using the interface
+ if test -f $NET_SCRIPTS/ifcfg-$bridge ; then
+ echo "$NET_SCRIPTS/ifcfg-$bridge is present, are you sure you wish
to"
+ echo "overwrite this file? [y/N]? "
+ read yesno
+
+ if [ "$yesno" != "y" -a "$yesno" !=
"Y" ]; then
+ exit 2
+ fi
+ fi
+fi
+
+# Remove old bridge device if it exists
+sed -i "/# $BRIDGENAME/d" /etc/rc.d/rc.local
+old_bridge=$(brctl show \
+ | awk -v BRIDGENAME=$BRIDGENAME '$1==BRIDGENAME {print $4}')
+if [ -n "$old_bridge" ]; then
+ echo "Removing old bridge $old_bridge"
+ ifconfig $old_bridge down
+ brctl delif $BRIDGENAME $old_bridge
+ rm -f $NET_SCRIPTS/ifcfg-$old_bridge
+fi
+
+{
+echo "Removing $BRIDGENAME"
+virsh net-destroy $BRIDGENAME
+virsh net-undefine $BRIDGENAME
+ifconfig $BRIDGENAME down
+brctl delbr $BRIDGENAME
+rm -fv $NET_SCRIPTS/ifcfg-$BRIDGENAME
+rm -fv /etc/sysconfig/iptables-$BRIDGENAME-filter
+rm -fv /etc/sysconfig/iptables-$BRIDGENAME-nat
+sed -i "/iptables-$BRIDGENAME/d"
/etc/sysconfig/system-config-firewall
+lokkit --update
+echo "Done Removing $BRIDGENAME"
+} 2> /dev/null
+
+if [ -n "$bridge" ]; then
+ # real external bridge, use distro networking scripts
+ ifconfig $bridge down 2> /dev/null
+ TMPAUG=$(mktemp) || exit 1
+ cat > $TMPAUG <<EOF
+rm /files$NET_SCRIPTS/ifcfg-$bridge
+set /files$NET_SCRIPTS/ifcfg-$bridge/DEVICE $bridge
+set /files$NET_SCRIPTS/ifcfg-$bridge/ONBOOT yes
+set /files$NET_SCRIPTS/ifcfg-$bridge/BRIDGE $BRIDGENAME
+rm /files$NET_SCRIPTS/ifcfg-$BRIDGENAME
+set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/DEVICE $BRIDGENAME
+set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/BOOTPROTO static
+set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/ONBOOT y
+set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/TYPE Bridge
+set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/PEERNTP yes
+set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/IPADDR ${NETWORK%.*}.1
+set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/NETMASK $NETMASK
+set /files$NET_SCRIPTS/ifcfg-$BRIDGENAME/DELAY 0
+save
+EOF
+ augtool < $TMPAUG
+ ifup $BRIDGENAME
+ ifup $bridge
+
+ cat > /etc/sysconfig/iptables-$BRIDGENAME-filter <<EOF
+-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
+-A FORWARD -d $NETWORK/$NETMASK -o $BRIDGENAME -m state --state
RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -s $NETWORK/$NETMASK -i $BRIDGENAME -j ACCEPT
+-A FORWARD -i $BRIDGENAME -o $BRIDGENAME -j ACCEPT
+EOF
+
+ cat > /etc/sysconfig/iptables-$BRIDGENAME-nat <<EOF
+-A POSTROUTING -s $NETWORK/$NETMASK -d ! $NETWORK/$NETMASK -j MASQUERADE
+EOF
+
+ lokkit
--custom-rules=ipv4:filter:/etc/sysconfig/iptables-$BRIDGENAME-filter
+ lokkit --custom-rules=ipv4:nat:/etc/sysconfig/iptables-$BRIDGENAME-nat
+else
+ # internal bridge only, use libvirt networking
+ TMPXML=$(mktemp) || exit 1
+ gen_bridge > $TMPXML
+ virsh net-define $TMPXML
+ rm $TMPXML
+ virsh net-start $BRIDGENAME
+ virsh net-autostart $BRIDGENAME
+fi
+
+# Set up dnsmasq on $BRIDGENAME just for DNS forwarding
+cat <<EOF > /etc/dnsmasq.d/$BRIDGENAME.conf
+bind-interfaces
+interface=$BRIDGENAME
+except-interface=lo
+EOF
+chkconfig dnsmasq on
+service dnsmasq restart
+
+net_debug
diff --git a/create-ovirt-nodes b/create-ovirt-nodes
new file mode 100755
index 0000000..89ad7ad
--- /dev/null
+++ b/create-ovirt-nodes
@@ -0,0 +1,49 @@
+#!/bin/bash
+#
+# Create fake oVirt Nodes that PXE boot to the Appliance Server
+# Copyright 2008 Red Hat, Inc.
+# Written by Perry Myers <pmyers at redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Library General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+. $(dirname $0)/ovirt-appliance-functions
+
+usage() {
+ case $# in 1) warn "$1"; try_h; exit 1;; esac
+ cat <<EOF
+Usage: $ME [-d image_dir]
+ -d: directory to place virtual disk (default: $IMGDIR_DEFAULT)
+ -h: display this help and exit
+EOF
+}
+
+err=0 help=0
+while getopts :dh c; do
+ case $c in
+ d) imgdir=$OPTARG;;
+ h) help=1;;
+ '?') err=1; warn "invalid option: \`-$OPTARG'";;
+ :) err=1; warn "missing argument to \`-$OPTARG' option";;
+ *) err=1; warn "internal error: \`-$OPTARG' not
handled";;
+ esac
+done
+test $err = 1 && { try_h; exit 1; }
+test $help = 1 && { usage; exit 0; }
+
+mkdir -p $imgdir
+
+# define the fake managed nodes we will use.
+for i in `seq 3 5` ; do
+ gen_fake_managed_node $i
+done
diff --git a/get-ovirt-appliance b/get-ovirt-appliance
new file mode 100755
index 0000000..a03661d
--- /dev/null
+++ b/get-ovirt-appliance
@@ -0,0 +1,93 @@
+#!/bin/bash
+#
+# Install oVirt Appliance disk images from local directory or from
+# remote URL
+# Copyright 2008 Red Hat, Inc.
+# Written by Perry Myers <pmyers at redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Library General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+. $(dirname $0)/ovirt-appliance-functions
+
+usage() {
+ case $# in 1) warn "$1"; try_h; exit 1;; esac
+ cat <<EOF
+Usage: $ME [-d image_dir] [-n name] [-l appliance location]
+ -d: directory to place virtual disk (default: $IMGDIR_DEFAULT)
+ -n: appliance name (default: $NAME_DEFAULT)
+ -l: directory or url to get appliance zip and md5sum files (default:
$OVIRT_URL)
+ this can either be http:// url or relative/absolute path
+ -h: display this help and exit
+EOF
+}
+
+err=0 help=0
+app_loc=$OVIRT_URL
+while getopts :d:n:l:h c; do
+ case $c in
+ d) imgdir=$OPTARG;;
+ n) name=$OPTARG;;
+ l) app_loc=$OPTARG;;
+ h) help=1;;
+ '?') err=1; warn "invalid option: \`-$OPTARG'";;
+ :) err=1; warn "missing argument to \`-$OPTARG' option";;
+ *) err=1; warn "internal error: \`-$OPTARG' not
handled";;
+ esac
+done
+test $err = 1 && { try_h; exit 1; }
+test $help = 1 && { usage; exit 0; }
+
+zipfile=$name-$version-$(uname -i).zip
+md5file=$zipfile.md5sum
+
+if echo $app_loc | grep "^http://" > /dev/null 2>&1 ; then
+ echo "Using http at $app_loc to retrieve appliance"
+
+ if verify_md5 $zipfile $md5file ; then
+ app_loc=$(pwd)
+ else
+ wget -c $app_loc/$md5file || die "error downloading
$app_loc/$md5file"
+ wget -c $app_loc/$zipfile || die "error downloading
$app_loc/$zipfile"
+ if verify_md5 $zipfile $md5file ; then
+ app_loc=$(pwd)
+ else
+ die "appliance files not available, aborting"
+ fi
+ fi
+else
+ echo "Using local files in $app_loc for appliance"
+
+ if [ -d $app_loc ]; then
+ if ! verify_md5 $app_loc/$zipfile $app_loc/$md5file ; then
+ die "appliance files not available, aborting"
+ fi
+ elif [ -f $app_loc -a -f $app_loc.md5sum ]; then
+ if ! verify_md5 $app_loc $app_loc.md5sum ; then
+ die "appliance files not available, aborting"
+ fi
+ fi
+fi
+
+mkdir -p $imgdir
+
+appdisk=$name-sda.$DISK_FMT
+datadisk=$name-sdb.$DISK_FMT
+
+unzip -o $app_loc/$zipfile $name\* -d $imgdir
+
+test ! -r $imgdir/$appdisk && die "Disk image not found at
$imgdir/$appdisk"
+test ! -r $imgdir/$datadisk && die "Disk image not found at
$imgdir/$datadisk"
+
+echo "Appliance Disks installed to $imgdir"
+echo "Run create-ovirt-appliance to define and start the appliance"
diff --git a/ovirt-appliance-functions b/ovirt-appliance-functions
new file mode 100644
index 0000000..218f362
--- /dev/null
+++ b/ovirt-appliance-functions
@@ -0,0 +1,169 @@
+# -*-Shell-script-*-
+#
+# Common functions for the oVirt Appliance scripts
+# Copyright 2008 Red Hat, Inc.
+# Written by Perry Myers <pmyers at redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Library General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+PATH=$PATH:/sbin:/usr/sbin
+
+ME=$(basename "$0")
+warn() { printf '%s: %s\n' "$ME" "$*" >&2; }
+try_h() { printf "Try \`$ME -h' for more information.\n"
>&2; }
+die() { warn "$@"; try_h; exit 1; }
+
+IMGDIR_DEFAULT=/var/lib/libvirt/images
+NAME_DEFAULT=ovirt-appliance
+NET_SCRIPTS=/etc/sysconfig/network-scripts
+
+BRIDGENAME=ovirtbr0
+NETWORK=192.168.50.0
+NETMASK=255.255.255.0
+
+DISK_FMT=qcow2
+OVIRT_URL=http://ovirt.org/download
+
+imgdir=$IMGDIR_DEFAULT
+name=$NAME_DEFAULT
+
+# first, check to see we are root
+if [ $( id -u ) -ne 0 ]; then
+ die "Must run as root"
+fi
+
+# now make sure the packages we need are installed
+if [ -e /etc/redhat-release ]; then
+ # We rely on RPM deps for this in Red Hat/Fedora systems
+ CHECK=0
+ KVM_BINARY=/usr/bin/qemu-kvm
+ version=$(rpm -q --qf '%{version}' ovirt-appliance)
+elif [ -e /etc/debian_version ]; then
+ # Works in Ubuntu 8.04. Still needs testing in Debian
+ PACKAGES="libvirt0 libvirt-bin kvm qemu"
+ CHECK=$(dpkg -l $PACKAGES &> /dev/null; echo $?)
+ KVM_BINARY=/usr/bin/kvm
+ version=LATEST
+else
+ die "Not a supported system"
+fi
+
+if [ $CHECK -ne 0 ]; then
+ # one of the previous packages wasn't installed; bail out
+ die "Must have the $PACKAGES packages installed"
+fi
+
+service NetworkManager status > /dev/null 2>&1 \
+ && die "NetworkManager is running, disable and use standard
network scripts before proceeding"
+
+service iptables status > /dev/null 2>&1 \
+ || service iptables start > /dev/null 2>&1
+chkconfig iptables on
+
+service libvirtd status > /dev/null 2>&1 \
+ || service libvirtd start > /dev/null 2>&1
+chkconfig libvirtd on
+
+gen_bridge() {
+ cat << EOF
+<network>
+ <name>$BRIDGENAME</name>
+ <bridge name="$BRIDGENAME" stp="off"
forwardDelay="0" />
+ <forward/>
+ <ip address="${NETWORK%.*}.1" netmask="$NETMASK"/>
+</network>
+EOF
+}
+
+gen_fake_managed_node() {
+ local num=$1
+ local last_mac=$(( 54 + $num ))
+
+ echo "Creating fake node$num..."
+ virsh destroy node$num > /dev/null 2>&1
+ virsh undefine node$num > /dev/null 2>&1
+ # FIXME: virt-install should be changed to have a --nostart parameter
+ # that just defines the VM w/o starting it.
+ virt-install --name=node$num --ram=512 --vcpus=1 \
+ --disk path=$imgdir/node${i}-sda.raw,size=.15 \
+ --network=bridge:$BRIDGENAME --mac=00:16:3e:12:34:$last_mac \
+ --vnc --accelerate --hvm --noautoconsole \
+ --os-type=linux --os-variant=fedora9 \
+ --force --noreboot --pxe
+ virsh destroy node$num > /dev/null 2>&1
+ # FIXME: virt-install should be changed to allow network boot
+ # to be a permanent selection
+ TMPXML=$(mktemp) || exit 1
+ virsh dumpxml node$num | sed "s/boot dev='.*'/boot
dev='network'/" > $TMPXML
+ virsh define $TMPXML
+ rm -f $TMPXML
+ echo "node$num created"
+}
+
+net_debug() {
+ # Some output for debugging problems
+ echo "Currently active bridges:"
+ echo "-------------------------"
+ brctl show
+ echo
+ echo "Currently defined libvirt networks:"
+ echo "-----------------------------------"
+ virsh net-list --all
+ echo
+}
+
+cleanup_old_apps() {
+ # Cleanup to handle older version of script that used these domain names
+ virsh destroy developer
+ virsh undefine developer
+ virsh destroy bundled
+ virsh undefine bundled
+} > /dev/null 2>&1
+
+cleanup_old_nets() {
+ # Cleanup to handle older version of script that used these bridge names
+ virsh net-destroy dummybridge
+ virsh net-undefine dummybridge
+ brctl delif eth1bridge eth1
+ virsh net-destroy eth1bridge
+ virsh net-undefine eth1bridge
+ old_bridge=$(brctl show \
+ | awk -v BRIDGENAME=ovirtbr '$1==BRIDGENAME {print $4}')
+ if [ -n "$old_bridge" ]; then
+ ifconfig $old_bridge down
+ fi
+ brctl delif ovirtbr $old_bridge
+ virsh net-destroy ovirtbr
+ virsh net-undefine ovirtbr
+ sed -i "/# ovirtbr$/d" /etc/rc.d/rc.local
+} > /dev/null 2>&1
+
+verify_md5() {
+ local zipfile=$1
+ local md5file=$2
+
+ test ! -f $md5file && { echo "$md5file not found" ;
return 1 ; }
+ test ! -f $zipfile && { echo "$zipfile not found" ;
return 1 ; }
+
+ local actual_md5=$(md5sum $zipfile | awk '{print $1}')
+ local expect_md5=$(awk '{print $1}' $md5file)
+
+ if [ "$actual_md5" = "$expect_md5" ]; then
+ echo "md5sum verified"
+ return 0
+ else
+ echo "md5sum failed"
+ return 1
+ fi
+}
diff --git a/ovirt-appliance.ks b/ovirt-appliance.ks
index d7e0892..8801fb7 100644
--- a/ovirt-appliance.ks
+++ b/ovirt-appliance.ks
@@ -2,7 +2,7 @@ install
lang en_US.UTF-8
keyboard us
-network --device eth0 --bootproto dhcp
+network --device=eth0 --bootproto=static --ip=192.168.50.2
--netmask=255.255.255.0 --onboot=on --nameserver=192.168.50.2
--hostname=management.priv.ovirt.org
rootpw --iscrypted Xa8QeYfWrtscM
firewall --disabled
authconfig --enableshadow --enablemd5
@@ -20,8 +20,6 @@ part swap --ondisk=sda --fstype=swap --size=512
part /mnt/data --ondisk=sdb --fstype=ext3 --size=20000
reboot
-network --device=eth1 --bootproto=static --ip=192.168.50.2
--netmask=255.255.255.0 --onboot=on --nameserver=192.168.50.2
--hostname=management.priv.ovirt.org
-
%include repos.ks
%packages --nobase
--
1.6.0.3
Perry Myers
2008-Nov-09 07:50 UTC
[Ovirt-devel] [PATCH release] Created update-app target for installing appliance image from image archive
Signed-off-by: Perry Myers <pmyers at redhat.com> --- ovirt.mk | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/ovirt.mk b/ovirt.mk index 5814b03..d053e18 100644 --- a/ovirt.mk +++ b/ovirt.mk @@ -85,6 +85,9 @@ update-host: ovirt-release ovirt-build ovirt-appliance ovirt-node ovirt-docs \ ovirt-node-selinux +update-app: update-host + sudo get-ovirt-appliance -l appliance + tar-src: @mkdir -p $(OVIRT_CACHE_DIR) @sudo chown -R $(USER) $(OVIRT_CACHE_DIR) -- 1.6.0.3
Alan Pevec
2008-Nov-10 20:39 UTC
[Ovirt-devel] Re: [PATCH recipe] Changes to support removal of second network interface on the appliance
ACK - this simplifies setup and gives better performance, avoiding additional hop through appliance Only thing to note is that you need to run ovirt-create-network on the host machine to get necessary iptables changes.