X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=site_type%2Fsriov%2Fairship-treasuremap%2Fglobal%2Fv4.0%2Fscripts%2Fconfigure-ip-rules.yaml;fp=site_type%2Fsriov%2Fairship-treasuremap%2Fglobal%2Fv4.0%2Fscripts%2Fconfigure-ip-rules.yaml;h=217d9de11722c1ca144328c06f82dd498195cfed;hb=c88cf93ab1508f0dd1ec862fc02634604ca9c94d;hp=0000000000000000000000000000000000000000;hpb=65e9ce265e221f060686a69efce51f982c1833b0;p=yaml_builds.git

diff --git a/site_type/sriov/airship-treasuremap/global/v4.0/scripts/configure-ip-rules.yaml b/site_type/sriov/airship-treasuremap/global/v4.0/scripts/configure-ip-rules.yaml
new file mode 100644
index 0000000..217d9de
--- /dev/null
+++ b/site_type/sriov/airship-treasuremap/global/v4.0/scripts/configure-ip-rules.yaml
@@ -0,0 +1,128 @@
+---
+schema: pegleg/Script/v1
+metadata:
+  schema: metadata/Document/v1
+  name: configure-ip-rules
+  storagePolicy: cleartext
+  layeringDefinition:
+    abstract: false
+    layer: global
+data: |-
+  #!/bin/bash
+  set -ex
+
+  function usage() {
+      cat <<EOU
+  Options are:
+
+    -c POD_CIDR     The pod CIDR for the Kubernetes cluster, e.g. 10.97.0.0/16
+    -i INTERFACE    (optional) The interface for internal pod traffic, e.g.
+                    bond0.22.  Used to auto-detect the service gateway.
+                    Exclusive with -g.
+    -g SERVICE_GW   (optional) The service gateway/VRR IP for routing pod
+                    traffic.  Exclusive with -i.
+    -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
+                    INTERFACE.  It is used to provide a work around when
+                    complete Calico routes cannot be received via BGP.
+                    e.g. 10.96.0.0/15.  NOTE: This must include the POD_CIDR.
+    -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
+                    e.g. 10.23.22.192/29
+  EOU
+  }
+
+  SERVICE_CIDR=
+  OVERLAP_CIDR=
+
+  while getopts ":c:g:hi:o:s:" o; do
+      case "${o}" in
+          c)
+              POD_CIDR=${OPTARG}
+              ;;
+          g)
+              SERVICE_GW=${OPTARG}
+              ;;
+          h)
+              usage
+              exit 0
+              ;;
+          i)
+              INTERFACE=${OPTARG}
+              ;;
+          o)
+              OVERLAP_CIDR=${OPTARG}
+              ;;
+          s)
+              SERVICE_CIDR=${OPTARG}
+              ;;
+          \?)
+              echo "Unknown option: -${OPTARG}" >&2
+              exit 1
+              ;;
+          :)
+              echo "Missing argument for option: -${OPTARG}" >&2
+              exit 1
+              ;;
+          *)
+              echo "Unimplemented option: -${OPTARG}" >&2
+              exit 1
+              ;;
+      esac
+  done
+  shift $((OPTIND-1))
+
+  if [ "x$POD_CIDR" == "x" ]; then
+      echo "Missing pod CIDR, e.g -c 10.97.0.0/16" >&2
+      usage
+      exit 1
+  fi
+
+  if [ "x$INTERFACE" != "x" ]; then
+      while ! ip route list dev "${INTERFACE}" > /dev/null; do
+          echo Waiting for device "${INTERFACE}" to be ready. >&2
+          sleep 5
+      done
+  fi
+
+  intra_vrrp_ip=
+  if [ "x${SERVICE_GW}" == "x" ]; then
+      intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
+  else
+      intra_vrrp_ip=${SERVICE_GW}
+  fi
+
+  TABLE="1500"
+
+  if [ "x${intra_vrrp_ip}" == "x" ]; then
+      echo "Either INTERFACE or SERVICE_GW is required: e.g. either -i bond0.22 or -g 10.23.22.1"
+      usage
+      exit 1
+  fi
+
+  # Setup a routing table for traffic from service IPs
+  ip route flush table "${TABLE}"
+  ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
+
+  # Setup arp_announce adjustment on interface facing gateway
+  arp_intf=$(ip route get ${intra_vrrp_ip} | grep dev | awk '{print $3}')
+  echo 2 > /proc/sys/net/ipv4/conf/${arp_intf}/arp_announce
+
+
+  if [ "x$OVERLAP_CIDR" != "x" ]; then
+      # NOTE: This is a work-around for nodes not receiving complete
+      # routes via BGP.
+      ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
+  fi
+
+  if [ "x$SERVICE_CIDR" != "x" ]; then
+      # Traffic from the service IPs to pods should use the pod network.
+      ip rule add \
+          from "${SERVICE_CIDR}" \
+          to "${POD_CIDR}" \
+          lookup main \
+          pref 10000
+      # Other traffic from service IPs should only use the VRRP IP
+      ip rule add \
+          from "${SERVICE_CIDR}" \
+          lookup "${TABLE}" \
+          pref 10100
+  fi