centos xen多网桥单位内配置实例,还在用

 [root@sgz data2]# cat /etc/xen/xend-config.sxp |grep -v "#"|grep -v "^$"

(logfile /var/log/xen/xend.log)
(loglevel DEBUG)
(xend-unix-server yes)
(xend-unix-path /var/lib/xend/xend-socket)
(xend-port            8000)
(xend-relocation-port 8002)
(xend-address '')
(xend-relocation-address '')
(xend-relocation-hosts-allow '')
(network-script 'network-bridge bridge=<name>')
(network-script 'network-bridge bridge=<name>')
(network-script two.sh)
(vif-script vif-bridge)
(dom0-min-mem 256)
(dom0-cpus 0)
(vnc-listen '0.0.0.0')
  
(vncpasswd '')
(keymap 'en-us')
[root@sgz data2]# cat /etc/xen/scripts/network-bridge |grep -v "#"|grep -v "^$"
dir=$(dirname "$0")
. "$dir/xen-script-common.sh"
. "$dir/xen-network-common.sh"
findCommand "$@"
evalVariables "$@"
vifnum=${vifnum:-$(ip route list | awk '/^default / { split($0, x, "dev "); split(x[2], x, " "); print x[1] }' | sed 's/^[^0-9]*//')}
vifnum=${vifnum:-0}
bridge=${bridge:-xenbr${vifnum}}
netdev=${netdev:-eth${vifnum}}
antispoof=${antispoof:-no}
pdev="p${netdev}"
vdev="veth${vifnum}"
vif0="vif0.${vifnum}"
addr_pfx=
get_ip_info() {
    addr_pfx=`ip addr show dev $1 | sed -n 's/^ *inet \(.*\) [^ ]*$/\1/p'`
    gateway=`ip route show dev $1 | fgrep default | sed 's/default via //'`
}
    
is_bonding() {
    [ -f "/sys/class/net/$1/bonding/slaves" ]
}
is_vlan() {
    [ -f "/proc/net/vlan/$1" ]
}
is_ifup() {
    ip link show dev $1 | awk '{ exit $3 !~ /[<,]UP[,>]/ }'
}
do_ifup() {
    if ! ifup $1 || ! is_ifup $1 ; then
        if [ -n "${addr_pfx}" ] ; then
            ip addr flush $1
            ip addr add ${addr_pfx} dev $1
            ip link set dev $1 up
            [ ${gateway} ] && ip route add default via ${gateway}
        fi
    fi
}
transfer_addrs () {
    local src=$1
    local dst=$2
    if ip addr show dev ${dst} | egrep -q '^ *inet ' ; then
        return
    fi
    ip addr show dev ${src} | egrep '^ *inet ' | sed -e "
s/inet/ip addr add/
s@\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/[0-9]\+\)@\1@
s/${src}/dev ${dst} label ${dst}/
s/secondary//
" | sh -e
    ip route list | sed -ne "
/dev ${dst}\( \|$\)/ {
  s/^/ip route del /
  p
}" | sh -e
}
transfer_routes () {
    local src=$1
    local dst=$2
    ip route list | sed -ne "
/dev ${src}\( \|$\)/ {
  h
  s/^/ip route del /
  P
  g
  s/${src}/${dst}/
  s/^/ip route add /
  P
  d
}" | sh -e
}
link_exists()
{
    if ip link show "$1" >/dev/null 2>/dev/null
    then
        return 0
    else
        return 1
    fi
}
antispoofing () {
    iptables -P FORWARD DROP
    iptables -F FORWARD
    iptables -A FORWARD -m physdev --physdev-in ${pdev} -j ACCEPT
    iptables -A FORWARD -m physdev --physdev-in ${vif0} -j ACCEPT
}
show_status () {
    local dev=$1
    local bridge=$2
    
    echo '============================================================'
    ip addr show ${dev}
    ip addr show ${bridge}
    echo ' '
    brctl show ${bridge}
    echo ' '
    ip route list
    echo ' '
    route -n
    echo '============================================================'
}
is_network_root () {
    [[ "$rootfs" =~ "^nfs" ]] || [[ "$rootopts" =~ "_netdev" ]] && return 0 || return 1
}
op_start () {
    if [ "${bridge}" = "null" ] ; then
return
    fi
    if is_network_root ; then
        [ -x /usr/bin/logger ] && /usr/bin/logger "network-bridge: bridging not supported on network root; not starting"
        return
    fi
    if ! link_exists "$vdev"; then
        if link_exists "$pdev"; then
            return
        else
            echo "
Link $vdev is missing.
This may be because you have reached the limit of the number of interfaces
that the loopback driver supports.  If the loopback driver is a module, you
may raise this limit by passing it as a parameter (nloopbacks=<N>); if the
driver is compiled statically into the kernel, then you may set the parameter
using loopback.nloopbacks=<N> on the domain 0 kernel command line.
" >&2
            exit 1
        fi
    fi
    if link_exists "$vdev"; then
mac=`ip link show ${netdev} | grep 'link\/ether' | sed -e 's/.*ether \(..:..:..:..:..:..\).*/\1/'`
preiftransfer ${netdev}
transfer_addrs ${netdev} ${vdev}
if is_bonding ${netdev} || is_vlan ${netdev} || ! ifdown ${netdev}; then
   get_ip_info ${netdev}
   ip link set ${netdev} down
   ip addr flush ${netdev}
fi
ip link set ${netdev} name ${pdev}
ip link set ${vdev} name ${netdev}
setup_bridge_port ${pdev}
setup_bridge_port ${vif0}
ip link set ${netdev} addr ${mac} arp on
if [ -e "/sys/class/net/${pdev}/mtu" ]; then
   ip link set ${netdev} mtu `cat /sys/class/net/${pdev}/mtu`
fi
ifup_and_wait ${pdev}
create_bridge ${bridge} ${pdev}
add_to_bridge ${bridge} ${vif0}
do_ifup ${netdev}
    else
create_bridge   ${bridge}
transfer_addrs  ${netdev} ${bridge}
transfer_routes ${netdev} ${bridge}
    fi
    if [ ${antispoof} = 'yes' ] ; then
antispoofing
    fi
}
op_stop () {
    if [ "${bridge}" = "null" ]; then
return
    fi
    if ! link_exists "$bridge"; then
return
    fi
    if link_exists "$pdev"; then
ip link set dev ${vif0} down
mac=`ip link show ${netdev} | grep 'link\/ether' | sed -e 's/.*ether \(..:..:..:..:..:..\).*/\1/'`
transfer_addrs ${netdev} ${pdev}
if ! ifdown ${netdev}; then
   get_ip_info ${netdev}
fi
ip link set ${netdev} down arp off
ip link set ${netdev} addr fe:ff:ff:ff:ff:ff
ip link set ${pdev} down
ip addr flush ${netdev}
ip link set ${pdev} addr ${mac} arp on
brctl delif ${bridge} ${pdev}
brctl delif ${bridge} ${vif0}
ip link set ${bridge} down
ip link set ${netdev} name ${vdev}
ip link set ${pdev} name ${netdev}
do_ifup ${netdev}
    else
transfer_routes ${bridge} ${netdev}
ip link set ${bridge} down
    fi
    brctl delbr ${bridge}
}
ifup_and_wait() {
    local dev=$1
    local maxtries=10
    echo -n "Waiting for ${dev} to negotiate link."
    ip link set ${dev} up
    for i in `seq ${maxtries}` ; do
if ifconfig ${dev} | grep -q RUNNING ; then
   break
else
   echo -n '.'
   sleep 1
fi
    done
    if [ ${i} -eq ${maxtries} ] ; then echo '(link isnt in running state)' ; fi
}
case "$command" in
    start)
op_start
;;
    
    stop)
op_stop
;;
    status)
show_status ${netdev} ${bridge}
;;
    *)
echo "Unknown command: $command" >&2
echo 'Valid commands are: start, stop, status' >&2
exit 1
esac
[root@sgz data2]# cat /etc/xen/scripts/two.sh |grep -v "#"|grep -v "^$"
set -e
OP=$1
shift
script=/etc/xen/scripts/network-bridge-2
case ${OP} in
start)
$script start vifnum=1 bridge=xenbr1 netdev=eth1
$script start vifnum=0 bridge=xenbr0 netdev=eth0
;;
stop)
$script stop vifnum=1 bridge=xenbr1 netdev=eth1
$script stop vifnum=0 bridge=xenbr0 netdev=eth0
;;
status)
$script status vifnum=1 bridge=xenbr1 netdev=eth1
$script status vifnum=0 bridge=xenbr0 netdev=eth0
;;
*)
echo 'Unknown command: ' ${OP}
echo 'Valid commands are: start, stop, status'
exit 1
esac

你可能感兴趣的:(centos,职场,bridge,xen,休闲)