+function check_interface_ip {
+ local -r interface=$1
+ local -r ipaddr=$2
+
+ ip addr show dev ${interface}
+ if [[ $? -ne 0 ]]; then
+ exit 1
+ fi
+
+ local -r ipv4address=$(ip addr show dev ${interface} | awk '$1 == "inet" { sub("/.*", "", $2); print $2 }')
+ if [[ "$ipv4address" != "$ipaddr" ]]; then
+ exit 1
+ fi
+}
+
+function configure_ironic_bridge {
+ if [[ ! $(ip link show dev provisioning) ]]; then
+ ip link add dev provisioning type bridge
+ fi
+ ip link set provisioning up
+ ip link set dev ${IRONIC_INTERFACE} master provisioning
+ if [[ ! $(ip addr show dev provisioning to 172.22.0.1) ]]; then
+ ip addr add dev provisioning 172.22.0.1/24
+ fi
+}
+
+function configure_ironic_interfaces {
+ # Add firewall rules to ensure the IPA ramdisk can reach httpd,
+ # Ironic and the Inspector API on the host
+ if [ "${IRONIC_PROVISIONING_INTERFACE}" ]; then
+ check_interface_ip ${IRONIC_PROVISIONING_INTERFACE} ${IRONIC_PROVISIONING_INTERFACE_IP}
+ else
+ exit 1
+ fi
+
+ for port in 80 5050 6385 ; do
+ if ! sudo iptables -C INPUT -i ${IRONIC_PROVISIONING_INTERFACE} -p tcp -m tcp --dport ${port} -j ACCEPT > /dev/null 2>&1; then
+ sudo iptables -I INPUT -i ${IRONIC_PROVISIONING_INTERFACE} -p tcp -m tcp --dport ${port} -j ACCEPT
+ fi
+ done
+
+ # Allow access to dhcp and tftp server for pxeboot
+ for port in 67 69 ; do
+ if ! sudo iptables -C INPUT -i ${IRONIC_PROVISIONING_INTERFACE} -p udp --dport ${port} -j ACCEPT 2>/dev/null ; then
+ sudo iptables -I INPUT -i ${IRONIC_PROVISIONING_INTERFACE} -p udp --dport ${port} -j ACCEPT
+ fi
+ done
+}
+
+function deploy_bridge {
+ configure_ironic_bridge
+ configure_ironic_interfaces
+}
+
+function clean_bridge {
+ ip link set provisioning down || true
+ ip link del provisioning type bridge || true
+}
+