4 SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))"
5 LIBDIR="$(dirname ${SCRIPTDIR})/lib"
7 source $LIBDIR/logging.sh
8 source $LIBDIR/common.sh
10 if [[ $EUID -ne 0 ]]; then
11 echo "confgiure script must be run as root"
15 function check_interface_ip {
19 ip addr show dev $interface
24 local ipv4address=$(ip addr show dev $interface | awk '$1 == "inet" { sub("/.*", "", $2); print $2 }')
25 if [ "$ipv4address" != "$ipaddr" ]; then
30 function configure_ironic_bridge {
31 ip link add dev provisioning type bridge
32 ip link set provisioning up
33 ip link set dev $IRONIC_INTERFACE master provisioning
34 ip addr add dev provisioning 172.22.0.1/24
37 function configure_ironic_interfaces {
38 # Add firewall rules to ensure the IPA ramdisk can reach httpd, Ironic and the Inspector API on the host
39 if [ "$IRONIC_PROVISIONING_INTERFACE" ]; then
40 check_interface_ip $IRONIC_PROVISIONING_INTERFACE $IRONIC_PROVISIONING_INTERFACE_IP
45 for port in 80 5050 6385 ; do
46 if ! sudo iptables -C INPUT -i $IRONIC_PROVISIONING_INTERFACE -p tcp -m tcp --dport $port -j ACCEPT > /dev/null 2>&1; then
47 sudo iptables -I INPUT -i $IRONIC_PROVISIONING_INTERFACE -p tcp -m tcp --dport $port -j ACCEPT
51 #Allow access to dhcp and tftp server for pxeboot
52 for port in 67 69 ; do
53 if ! sudo iptables -C INPUT -i $IRONIC_PROVISIONING_INTERFACE -p udp --dport $port -j ACCEPT 2>/dev/null ; then
54 sudo iptables -I INPUT -i $IRONIC_PROVISIONING_INTERFACE -p udp --dport $port -j ACCEPT
60 configure_ironic_bridge
61 configure_ironic_interfaces