Initial commit:

* ifcfg files for ovs trunk and VLAN
* direct.xml firewalld config
* libvirt netoworks

etc/firewalld/direct.xml

@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<direct>
+ [ <rule ipv="ipv4" table="filter" chain="FORWARD" priority="0"> -i virbr0 -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="FORWARD" priority="0"> -i osp9management -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="FORWARD" priority="0"> -i osp9provision -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="FORWARD" priority="0"> -i osp9external -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="FORWARD" priority="0"> -i osp9storage -j ACCEPT </rule> ]
+
+ [ <rule ipv="ipv4" table="filter" chain="FORWARD" priority="0"> -i ooomanagement -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="FORWARD" priority="0"> -i oooprovision -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="FORWARD" priority="0"> -i oooexternal -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="FORWARD" priority="0"> -i ooostorage -j ACCEPT </rule> ]
+
+ [ <rule ipv="ipv4" table="filter" chain="FORWARD" priority="0"> -i osp8provision -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="FORWARD" priority="0"> -i osp7provision -j ACCEPT </rule> ]
+
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i osp7provision -p udp -m udp --dport 53 -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i osp7provision -p tcp -m tcp --dport 53 -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i osp8provision -p udp -m udp --dport 53 -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i osp8provision -p tcp -m tcp --dport 53 -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i osp9provision -p udp -m udp --dport 53 -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i osp9provision -p tcp -m tcp --dport 53 -j ACCEPT </rule> ]
+
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i osp9management -p udp -m udp --dport 53 -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i osp9management -p tcp -m tcp --dport 53 -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i osp9storage -p udp -m udp --dport 67 -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i osp9storage -p udp -m udp --dport 68 -j ACCEPT </rule> ]
+
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i oooprovision -p udp -m udp --dport 53 -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i oooprovision -p tcp -m tcp --dport 53 -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i ooomanagement -p udp -m udp --dport 53 -j ACCEPT </rule> ]
+ [ <rule ipv="ipv4" table="filter" chain="INPUT" priority="0"> -i ooomanagement -p tcp -m tcp --dport 53 -j ACCEPT </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.16.100.0/24 -d base-address.mcast.net/24 -j RETURN </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.16.100.0/24 -d 255.255.255.255 -j RETURN </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.16.101.0/24 -d base-address.mcast.net/24 -j RETURN </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.16.101.0/24 -d 255.255.255.255 -j RETURN </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.16.103.0/24 -d base-address.mcast.net/24 -j RETURN </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.16.103.0/24 -d 255.255.255.255 -j RETURN </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.16.200.0/24 -d base-address.mcast.net/24 -j RETURN </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.16.200.0/24 -d 255.255.255.255 -j RETURN </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.16.201.0/24 -d base-address.mcast.net/24 -j RETURN </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.16.201.0/24 -d 255.255.255.255 -j RETURN </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.16.203.0/24 -d base-address.mcast.net/24 -j RETURN </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.16.203.0/24 -d 255.255.255.255 -j RETURN </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 192.168.122.0/24 -d base-address.mcast.net/24 -j RETURN </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 192.168.122.0/24 -d 255.255.255.255 -j RETURN </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.17.0.0/24 -d base-address.mcast.net/24 -j RETURN </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.17.0.0/24 -d 255.255.255.255 -j RETURN </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.18.0.0/24 -d base-address.mcast.net/24 -j RETURN </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -s 172.18.0.0/24 -d 255.255.255.255 -j RETURN </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p tcp ! -d 172.16.100.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p udp ! -d 172.16.100.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> ! -d 172.16.100.0/24 -j MASQUERADE </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p tcp ! -d 172.16.103.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p udp ! -d 172.16.103.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> ! -d 172.16.103.0/24 -j MASQUERADE </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p tcp ! -d 172.16.101.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p udp ! -d 172.16.101.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> ! -d 172.16.101.0/24 -j MASQUERADE </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p tcp ! -d 172.16.200.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p udp ! -d 172.16.200.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> ! -d 172.16.200.0/24 -j MASQUERADE </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p tcp ! -d 172.16.203.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p udp ! -d 172.16.203.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> ! -d 172.16.103.0/24 -j MASQUERADE </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p tcp ! -d 172.16.201.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p udp ! -d 172.16.201.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> ! -d 172.16.101.0/24 -j MASQUERADE </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p tcp ! -d 192.168.122.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p udp ! -d 192.168.122.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> ! -d 192.168.122.0/24 -j MASQUERADE </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p tcp ! -d 172.17.0.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p udp ! -d 172.17.0.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> ! -d 172.17.0.0/24 -j MASQUERADE </rule> ]
+
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p tcp ! -d 172.18.0.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> -p udp ! -d 172.18.0.0/24 -j MASQUERADE --to-ports 1024-65535 </rule> ]
+ [ <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0"> ! -d 172.18.0.0/24 -j MASQUERADE </rule> ]
+
+</direct>
+

etc/sysconfig/network-scripts/ifcfg-br-oootrunk

@@ -0,0 +1,7 @@
+DEVICE=br-oootrunk
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSBridge
+HOTPLUG=no
+BOOTPROTO=none
+

etc/sysconfig/network-scripts/ifcfg-br-osp7trunk

@@ -0,0 +1,7 @@
+DEVICE=br-osp7trunk
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSBridge
+HOTPLUG=no
+BOOTPROTO=none
+

etc/sysconfig/network-scripts/ifcfg-br-osp8trunk

@@ -0,0 +1,7 @@
+DEVICE=br-osp8trunk
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSBridge
+HOTPLUG=no
+BOOTPROTO=none
+

etc/sysconfig/network-scripts/ifcfg-br-osp9trunk

@@ -0,0 +1,7 @@
+DEVICE=br-osp9trunk
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSBridge
+HOTPLUG=no
+BOOTPROTO=none
+

etc/sysconfig/network-scripts/ifcfg-osp7external

@@ -0,0 +1,12 @@
+NAME=osp7external
+DEVICE=osp7external
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp7trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.18.1.254
+PREFIX=24
+OVS_OPTIONS="tag=401"
+

etc/sysconfig/network-scripts/ifcfg-osp7floating

@@ -0,0 +1,12 @@
+NAME=osp7floating
+DEVICE=osp7floating
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp7trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.18.2.254
+PREFIX=24
+OVS_OPTIONS="tag=402"
+

etc/sysconfig/network-scripts/ifcfg-osp7provisioning

@@ -0,0 +1,11 @@
+NAME=osp7provision
+DEVICE=osp7provision
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp7trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.18.0.254
+PREFIX=24
+OVS_OPTIONS="tag=400"

etc/sysconfig/network-scripts/ifcfg-osp7storage

@@ -0,0 +1,12 @@
+NAME=osp7storage
+DEVICE=osp7storage
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp7trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.18.6.254
+PREFIX=24
+OVS_OPTIONS="tag=406"
+

etc/sysconfig/network-scripts/ifcfg-osp7storagemgmt

@@ -0,0 +1,12 @@
+NAME=osp7storagemgmt
+DEVICE=osp7storagemgmt
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp7trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.18.7.254
+PREFIX=24
+OVS_OPTIONS="tag=407"
+

etc/sysconfig/network-scripts/ifcfg-osp8external

@@ -0,0 +1,12 @@
+NAME=osp8external
+DEVICE=osp8external
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp8trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.17.1.254
+PREFIX=24
+OVS_OPTIONS="tag=301"
+

etc/sysconfig/network-scripts/ifcfg-osp8floating

@@ -0,0 +1,12 @@
+NAME=osp8floating
+DEVICE=osp8floating
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp8trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.17.2.254
+PREFIX=24
+OVS_OPTIONS="tag=302"
+

etc/sysconfig/network-scripts/ifcfg-osp8managment

@@ -0,0 +1,12 @@
+NAME=osp8management
+DEVICE=osp8management
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp8trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.17.3.254
+PREFIX=24
+OVS_OPTIONS="tag=303"
+

etc/sysconfig/network-scripts/ifcfg-osp8provisioning

@@ -0,0 +1,11 @@
+NAME=osp8provision
+DEVICE=osp8provision
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp8trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.17.0.254
+PREFIX=24
+OVS_OPTIONS="tag=300"

etc/sysconfig/network-scripts/ifcfg-osp8storage

@@ -0,0 +1,12 @@
+NAME=osp8storage
+DEVICE=osp8storage
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp8trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.17.6.254
+PREFIX=24
+OVS_OPTIONS="tag=306"
+

etc/sysconfig/network-scripts/ifcfg-osp8storagemgmt

@@ -0,0 +1,12 @@
+NAME=osp8storagemgmt
+DEVICE=osp8storagemgmt
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp8trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.17.7.254
+PREFIX=24
+OVS_OPTIONS="tag=307"
+

etc/sysconfig/network-scripts/ifcfg-osp9external

@@ -0,0 +1,12 @@
+NAME=osp9external
+DEVICE=osp9external
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp9trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.16.101.254
+PREFIX=24
+OVS_OPTIONS="tag=101"
+

etc/sysconfig/network-scripts/ifcfg-osp9floating

@@ -0,0 +1,12 @@
+NAME=osp9floating
+DEVICE=osp9floating
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp9trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.16.102.254
+PREFIX=24
+OVS_OPTIONS="tag=102"
+

etc/sysconfig/network-scripts/ifcfg-osp9management

@@ -0,0 +1,12 @@
+NAME=osp9management
+DEVICE=osp9management
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp9trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.16.103.254
+PREFIX=24
+OVS_OPTIONS="tag=103"
+

etc/sysconfig/network-scripts/ifcfg-osp9provision

@@ -0,0 +1,11 @@
+NAME=osp9provision
+DEVICE=osp9provision
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp9trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.16.100.254
+PREFIX=24
+OVS_OPTIONS="tag=100"

etc/sysconfig/network-scripts/ifcfg-osp9storage

@@ -0,0 +1,12 @@
+NAME=osp9storage
+DEVICE=osp9storage
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp9trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.16.106.254
+PREFIX=24
+OVS_OPTIONS="tag=106"
+

etc/sysconfig/network-scripts/ifcfg-osp9storagemgmt

@@ -0,0 +1,12 @@
+NAME=osp9storagemgmt
+DEVICE=osp9storagemgmt
+ONBOOT=yes
+DEVICETYPE=ovs
+TYPE=OVSIntPort
+OVS_BRIDGE=br-osp9trunk
+IPV6INIT=no
+BOOTPROTO=static
+IPADDR=172.16.107.254
+PREFIX=24
+OVS_OPTIONS="tag=107"
+

ooo-network.xml

@@ -0,0 +1,27 @@
+<network>
+  <name>ooo-network</name>
+  <forward mode='bridge'/>
+  <bridge name='br-oootrunk'/>
+  <virtualport type='openvswitch'/>
+  <portgroup name='oooprovision'>
+    <vlan>
+      <tag id='200'/>
+    </vlan>
+  </portgroup>
+  <portgroup name='ooomanagement'>
+    <vlan>
+      <tag id='203'/>
+    </vlan>
+  </portgroup>
+  <portgroup name='oootrunk' default='yes'>
+    <vlan trunk='yes'>
+      <tag id='201'/>
+      <tag id='202'/>
+      <tag id='204'/>
+      <tag id='205'/>
+      <tag id='206'/>
+      <tag id='207'/>
+    </vlan>
+  </portgroup>
+</network>
+

osp7-network.xml

@@ -0,0 +1,22 @@
+<network>
+  <name>osp7-network</name>
+  <forward mode='bridge'/>
+  <bridge name='br-osp7trunk'/>
+  <virtualport type='openvswitch'/>
+  <portgroup name='osp7provision'>
+    <vlan>
+      <tag id='400'/>
+    </vlan>
+  </portgroup>
+  <portgroup name='osp7trunk' default='yes'>
+    <vlan trunk='yes'>
+      <tag id='401'/>
+      <tag id='402'/>
+      <tag id='404'/>
+      <tag id='405'/>
+      <tag id='406'/>
+      <tag id='407'/>
+    </vlan>
+  </portgroup>
+</network>
+