Added V2 from scratch

devenv/vagrant/etc/libvirt/hooks/qemu

@@ -0,0 +1,39 @@
+#!/bin/bash
+#
+# HubGridCloud libvirt qemu hook
+#
+
+domain_name="$1"
+domain_task="$2"
+network="169.254.0.0/16"
+
+
+zeroconf_add() {
+    # Get VNET interface
+    target=$(xmlstarlet select -t -m "//devices/interface[@type='bridge']" -v "concat(target/@dev, ' ')" -n | head -1)
+    iface=$(echo ${target} | cut -d- -f2)
+
+    # Add rule for 169.254.0.0/16
+    ebtables -t nat -I "I-${iface}-ipv4-ip" 2 -p IPv4 --ip-src "${network}" -j RETURN
+    ebtables -t nat -I "I-${iface}-arp-ip" -p ARP --arp-ip-src "${network}" -j RETURN
+}
+
+
+case "${domain_task}" in
+  prepare)
+    ;;
+  started)
+    zeroconf_add
+    ;;
+  stopped)
+    ;;
+  reconnect)
+    zeroconf_add
+    ;;
+  *)
+    exit 0
+    echo "qemu hook called with unexpected options $*" >&2
+    ;;
+esac
+
+exit 0

devenv/vagrant/etc/libvirt/networks/private.xml

@@ -0,0 +1,5 @@
+<network>
+  <name>private</name>
+  <forward mode='bridge'/>
+  <bridge name='br-int'/>
+</network>

devenv/vagrant/etc/libvirt/networks/public.xml

@@ -0,0 +1,5 @@
+<network>
+  <name>public</name>
+  <forward mode='bridge'/>
+  <bridge name='br-ext'/>
+</network>

devenv/vagrant/etc/libvirt/nwfilters/allow-incoming-ipv6.xml

@@ -0,0 +1,3 @@
+<filter name='allow-incoming-ipv6' chain='ipv6' priority='-600'>
+  <rule action='accept' direction='in' priority='500'/>
+</filter>

devenv/vagrant/etc/libvirt/nwfilters/clean-traffic-ipv6.xml

@@ -0,0 +1,19 @@
+<filter name='clean-traffic-ipv6' chain='root'>
+  <filterref filter='no-mac-spoofing'/>
+  <filterref filter='no-ip-spoofing'/>
+  <rule action='accept' direction='out' priority='-650'>
+    <mac protocolid='ipv4'/>
+  </rule>
+  <filterref filter='no-ipv6-spoofing'/>
+  <rule action='accept' direction='out' priority='-650'>
+    <mac protocolid='ipv6'/>
+  </rule>
+  <filterref filter='allow-incoming-ipv4'/>
+  <filterref filter='allow-incoming-ipv6'/>
+  <filterref filter='no-arp-spoofing'/>
+  <rule action='accept' direction='inout' priority='-500'>
+    <mac protocolid='arp'/>
+  </rule>
+  <filterref filter='no-other-l2-traffic'/>
+  <filterref filter='qemu-announce-self'/>
+</filter>

devenv/vagrant/etc/libvirt/nwfilters/no-ipv6-spoofing.xml

@@ -0,0 +1,5 @@
+<filter name='no-ipv6-spoofing' chain='ipv6' priority='-600'>
+  <rule action='drop' direction='out' priority='500'>
+    <ipv6 match='no' srcipaddr='$IPV6'/>
+  </rule>
+</filter>

devenv/vagrant/etc/libvirt/pools/backups.xml

@@ -0,0 +1,6 @@
+<pool type='dir'>
+  <name>backups</name>
+  <target>
+    <path>/mnt/backups</path>
+  </target>
+</pool>

devenv/vagrant/etc/libvirt/pools/images.xml

@@ -0,0 +1,6 @@
+<pool type='dir'>
+  <name>images</name>
+  <target>
+    <path>/var/lib/libvirt/images</path>
+  </target>
+</pool>

devenv/vagrant/etc/libvirt/pools/isos.xml

@@ -0,0 +1,6 @@
+<pool type='dir'>
+  <name>isos</name>
+  <target>
+    <path>/var/lib/libvirt/isos</path>
+  </target>
+</pool>

devenv/vagrant/etc/sysconfig/network-scripts/ifcfg-br-ext

@@ -0,0 +1,10 @@
+DEVICE=br-ext
+TYPE=Bridge
+IPADDR=10.255.0.1
+PREFIX=16
+IPADDR1=169.254.169.254
+PREFIX1=16
+ONBOOT=yes
+BOOTPROTO=none
+NM_CONTROLLED=yes
+DELAY=0

devenv/vagrant/etc/sysconfig/network-scripts/ifcfg-br-int

@@ -0,0 +1,6 @@
+DEVICE=br-int
+TYPE=Bridge
+ONBOOT=yes
+BOOTPROTO=none
+NM_CONTROLLED=no
+DELAY=0

devenv/vagrant/etc/sysconfig/network-scripts/ifcfg-eth1

@@ -0,0 +1,6 @@
+DEVICE=eth1
+TYPE=Ethernet
+BOOTPROTO=none
+ONBOOT=yes
+NM_CONTROLLED=no
+BRIDGE=br-ext

devenv/vagrant/etc/sysconfig/network-scripts/ifcfg-eth2

@@ -0,0 +1,9 @@
+DEVICE=eth2
+TYPE=Ethernet
+IPADDR=172.16.0.1
+PREFIX=16
+MTU=1600
+BOOTPROTO=none
+ONBOOT=yes
+NM_CONTROLLED=no
+BRIDGE=br-int

devenv/vagrant/etc/sysctl.d/99-libvirt.conf

@@ -0,0 +1,7 @@
+# Libvirt settings
+net.ipv4.ip_forward=1
+net.ipv4.conf.all.rp_filter=0
+net.ipv4.conf.default.rp_filter=0
+net.bridge.bridge-nf-call-arptables=1
+net.bridge.bridge-nf-call-iptables=1
+net.bridge.bridge-nf-call-ip6tables=1