From b49fdee359f696106b16de37018761643a667092 Mon Sep 17 00:00:00 2001 From: jonas Date: Wed, 24 Nov 2021 12:42:48 +0100 Subject: [PATCH] Disable netfilter for network bridge --- salt/states/br0/init.sls | 7 +------ salt/states/kvm/init.sls | 24 +++++++++++++----------- 2 files changed, 14 insertions(+), 17 deletions(-) diff --git a/salt/states/br0/init.sls b/salt/states/br0/init.sls index d510ec8..9ff36d0 100644 --- a/salt/states/br0/init.sls +++ b/salt/states/br0/init.sls @@ -1,11 +1,6 @@ -Set {{ pillar['network']['bridge'] }} to be managed by NetworkManager: - cmd.run: - - name: nmcli device set {{ pillar['network']['bridge'] }} managed yes - - unless: bash -c "if [[ \"$(nmcli device show {{ pillar['network']['bridge'] }} | sed -n 's/^GENERAL.STATE.*(\(.*\)).*$/\1/p')\" == \"unmanaged\" ]]; then exit 1; else exit 0; fi" - Configure {{ pillar['network']['bridge'] }} connection: cmd.run: - - name: nmcli connection add con-name {{ pillar['network']['bridge'] }} type bridge ifname {{ pillar['network']['bridge'] }} ipv4.method manual ipv4.addresses {{ pillar['network']['ip'] }}/24 ipv4.dns "127.0.0.1, 1.1.1.1, 1.1.1.2" ipv6.method disabled connection.autoconnect yes stp no + - name: nmcli connection add con-name {{ pillar['network']['bridge'] }} type bridge ifname {{ pillar['network']['bridge'] }} ipv4.method manual ipv4.addresses {{ pillar['network']['ip'] }}/24 ipv4.dns "127.0.0.1, 1.1.1.1, 1.1.1.2" ipv6.method disabled connection.zone internal connection.autoconnect yes stp no - unless: nmcli connection show {{ pillar['network']['bridge'] }} > /dev/null Add {{ pillar['network']['interface'] }} to bridge {{ pillar['network']['bridge'] }}: diff --git a/salt/states/kvm/init.sls b/salt/states/kvm/init.sls index 3b1ce09..44ce170 100644 --- a/salt/states/kvm/init.sls +++ b/salt/states/kvm/init.sls @@ -1,12 +1,3 @@ -<<<<<<< HEAD -Install kvm server and tools: - pkg.installed: -# - name: pattern:kvm_server - - pkgs: - - pattern:kvm_server - - pattern:kvm_tools - - includes: [pattern] -======= Install KVM Server: pkg.installed: - name: pattern:kvm_server @@ -22,5 +13,16 @@ Start libvirtd: - name: libvirtd - enable: True - ->>>>>>> kvm-rancher +Disable netfilter on network bridge: + file.managed: + - name: /etc/sysctl.d/netfilter.conf + - source: salt://kvm/files/netfilter.conf + - user: root + - group: root + - mode: "0644" + +Reload systctl for br_netfilter: + cmd.run: + - name: sysctl -p /etc/sysctl.d/netfilter.conf + - onchanges: + - file: Disable netfilter on network bridge