Add multi-machine setup script

CMakeLists.txt

@@ -214,6 +214,12 @@ install(
     PERMISSIONS ${EXECUTABLE_PERMISSIONS}
     COMPONENT "openvswitch" EXCLUDE_FROM_ALL
 )
+install(
+    FILES "script/os-autoinst-setup-multi-machine"
+    DESTINATION "${CMAKE_INSTALL_BINDIR}"
+    PERMISSIONS ${EXECUTABLE_PERMISSIONS}
+    COMPONENT "openvswitch" EXCLUDE_FROM_ALL
+)
 install(
     FILES "etc/dbus-1/system.d/org.opensuse.os_autoinst.switch.conf"
     DESTINATION "${CMAKE_INSTALL_FULL_SYSCONFDIR}/dbus-1/system.d"

doc/networking.md

@@ -27,6 +27,10 @@ e.g. "tunctl -u _openqa-worker -p -t tap0".
 Some configuration can also be configured by environment variables as defined
 in the script `os-autoinst-openvswitch`.
 
+The script `script/os-autoinst-setup-multi-machine` can be used to setup
+common dependencies for that setup to work including firewalld configuration
+and TAP and bridge device setup.
+
 ## Multiple network devices
 To create multiple network devices, one can set multiple, comma-separated MAC addresses
 via NICMAC. The TAPDEV variable supports multiple, comma-separated values, too.

script/os-autoinst-setup-multi-machine

@@ -0,0 +1,77 @@
+#!/bin/bash -e
+set -euo pipefail
+instances="${instances:-20}"
+bridge="${bridge:-"br1"}"
+ethernet="${ethernet:-"eth0"}"
+zone="${zone:-"trusted"}"
+
+ensure_ip_forwarding() {
+    grep -q 1 /proc/sys/net/ipv4/ip_forward || echo -e 'net.ipv4.ip_forward = 1\nnet.ipv6.conf.all.forwarding = 1' > /etc/sysctl.d/ip_forward.conf
+}
+
+setup_multi_machine() {
+    zypper -n in openvswitch os-autoinst-openvswitch firewalld
+    ovs-vsctl add-br $bridge
+    echo "OS_AUTOINST_USE_BRIDGE=$bridge" > /etc/sysconfig/os-autoinst-openvswitch
+    cat > /etc/sysconfig/network/ifcfg-$bridge <<EOF
+BOOTPROTO='static'
+IPADDR='10.0.2.2/15'
+STARTMODE='auto'
+ZONE="$zone"
+OVS_BRIDGE='yes'
+PRE_UP_SCRIPT="wicked:gre_tunnel_preup.sh"
+OVS_BRIDGE_PORT_DEVICE_0='tap0'
+EOF
+    cat > /etc/sysconfig/network/ifcfg-tap0 <<EOF
+BOOTPROTO='none'
+IPADDR=''
+NETMASK=''
+PREFIXLEN=''
+STARTMODE='auto'
+TUNNEL='tap'
+TUNNEL_SET_GROUP='nogroup'
+TUNNEL_SET_OWNER='_openqa-worker'
+EOF
+    for i in $(seq 1 $instances; seq 64 $((64+$instances)); seq 128 $((128+$instances))); do ln -sf ifcfg-tap0 /etc/sysconfig/network/ifcfg-tap$i && echo "OVS_BRIDGE_PORT_DEVICE_$i='tap$i'" >> /etc/sysconfig/network/ifcfg-$bridge; done
+    cat > /etc/firewalld/zones/"$zone".xml <<EOF
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="ACCEPT">
+  <short>"${zone^}"</short>
+  <description>All network connections are accepted.</description>
+  <service name="isotovideo"/>
+  <interface name="$bridge"/>
+  <interface name="ovs-system"/>
+  <interface name="$ethernet"/>
+  <masquerade/>
+</zone>
+EOF
+    zypper -n in libcap-progs
+    setcap CAP_NET_ADMIN=ep /usr/bin/qemu-system-x86_64
+    cat > /etc/wicked/scripts/gre_tunnel_preup.sh <<EOF
+#!/bin/sh
+action="\$1"
+bridge="\$2"
+ovs-vsctl set bridge \$bridge stp_enable=true
+# TODO add entries according to your network topology
+#ovs-vsctl --may-exist add-port \$bridge gre1 -- set interface gre1 type=gre options:remote_ip=<IP address of other host>
+EOF
+    chmod +x /etc/wicked/scripts/gre_tunnel_preup.sh
+    systemctl enable --now openvswitch os-autoinst-openvswitch
+}
+
+configure_firewall() {
+    systemctl enable --now firewalld
+    firewall-cmd --permanent --new-service isotovideo
+    for i in $(seq 1 $instances); do firewall-cmd --permanent --service=isotovideo --add-port=$((i * 10 + 20003))/tcp ; done
+    firewall-cmd --permanent --zone="$zone" --add-service=isotovideo
+    firewall-cmd --set-default-zone="$zone"
+    systemctl reload firewalld
+}
+
+main() {
+    ensure_ip_forwarding
+    setup_multi_machine
+    configure_firewall
+}
+
+caller 0 >/dev/null || main "$@"