Disable netfilter for network bridge

2021-11-24 12:42:48 +01:00 · 2021-11-24 12:42:48 +01:00 · b49fdee359
commit b49fdee359
parent 4d397012a4
2 changed files with 14 additions and 17 deletions
--- a/salt/states/br0/init.sls
+++ b/salt/states/br0/init.sls
@ -1,11 +1,6 @@
-Set {{ pillar['network']['bridge'] }} to be managed by NetworkManager:
-  cmd.run:
-    - name: nmcli device set {{ pillar['network']['bridge'] }} managed yes
-    - unless: bash -c "if [[ \"$(nmcli device show {{ pillar['network']['bridge'] }} | sed -n 's/^GENERAL.STATE.*(\(.*\)).*$/\1/p')\" == \"unmanaged\" ]]; then exit 1; else exit 0; fi"
-
 Configure {{ pillar['network']['bridge'] }} connection:
  cmd.run:
-    - name: nmcli connection add con-name {{ pillar['network']['bridge'] }} type bridge ifname {{ pillar['network']['bridge'] }} ipv4.method manual ipv4.addresses {{ pillar['network']['ip'] }}/24 ipv4.dns "127.0.0.1, 1.1.1.1, 1.1.1.2" ipv6.method disabled connection.autoconnect yes stp no
+    - name: nmcli connection add con-name {{ pillar['network']['bridge'] }} type bridge ifname {{ pillar['network']['bridge'] }} ipv4.method manual ipv4.addresses {{ pillar['network']['ip'] }}/24 ipv4.dns "127.0.0.1, 1.1.1.1, 1.1.1.2" ipv6.method disabled connection.zone internal connection.autoconnect yes stp no
    - unless: nmcli connection show {{ pillar['network']['bridge'] }} > /dev/null

 Add {{ pillar['network']['interface'] }} to bridge {{ pillar['network']['bridge'] }}:
--- a/salt/states/kvm/init.sls
+++ b/salt/states/kvm/init.sls
@ -1,12 +1,3 @@
-<<<<<<< HEAD
-Install kvm server and tools:
-  pkg.installed:
-#    - name: pattern:kvm_server
-    - pkgs:
-        - pattern:kvm_server
-        - pattern:kvm_tools
-    - includes: [pattern]
-=======
 Install KVM Server:
  pkg.installed:
    - name: pattern:kvm_server
@ -22,5 +13,16 @@ Start libvirtd:
    - name: libvirtd
    - enable: True
          
-  
->>>>>>> kvm-rancher
+Disable netfilter on network bridge:
+  file.managed:
+    - name: /etc/sysctl.d/netfilter.conf
+    - source: salt://kvm/files/netfilter.conf
+    - user: root
+    - group: root
+    - mode: "0644"
+
+Reload systctl for br_netfilter:
+  cmd.run:
+    - name: sysctl -p /etc/sysctl.d/netfilter.conf
+    - onchanges:
+      - file: Disable netfilter on network bridge