Fix NAT and make it working for Terraform and Vagrant
Commit b504810
introduced a NAT to make worker capable of reaching the
public internet via the provisioner.
But it also introduced a bug, it only works for the Vagrant setup as
Manny pointed out:
https://github.com/tinkerbell/sandbox/pull/33#issuecomment-759651035
This is an attempt to fix it
Signed-off-by: Gianluca Arbezzano <gianarb92@gmail.com>
This commit is contained in:
parent
f07e3d8d72
commit
243777b6ef
@ -66,6 +66,14 @@ resource "null_resource" "tink_directory" {
|
|||||||
destination = "/root/tink"
|
destination = "/root/tink"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
provisioner "remote-exec" {
|
||||||
|
inline = [
|
||||||
|
"iptables -A FORWARD -i eth1 -o bond0 -j ACCEPT",
|
||||||
|
"iptables -A FORWARD -i bond0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT",
|
||||||
|
"iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
"chmod +x /root/tink/*.sh /root/tink/deploy/tls/*.sh"
|
"chmod +x /root/tink/*.sh /root/tink/deploy/tls/*.sh"
|
||||||
|
@ -63,6 +63,12 @@ configure_vagrant_user() (
|
|||||||
--password-stdin "$TINKERBELL_HOST_IP"
|
--password-stdin "$TINKERBELL_HOST_IP"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
setup_nat() (
|
||||||
|
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
|
||||||
|
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||||
|
)
|
||||||
|
|
||||||
main() (
|
main() (
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
|
|
||||||
@ -91,6 +97,8 @@ main() (
|
|||||||
|
|
||||||
./setup.sh
|
./setup.sh
|
||||||
|
|
||||||
|
setup_nat
|
||||||
|
|
||||||
secure_certs
|
secure_certs
|
||||||
|
|
||||||
configure_vagrant_user
|
configure_vagrant_user
|
||||||
|
7
setup.sh
7
setup.sh
@ -487,12 +487,6 @@ whats_next() (
|
|||||||
echo "$BLANK Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow."
|
echo "$BLANK Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow."
|
||||||
)
|
)
|
||||||
|
|
||||||
setup_nat() (
|
|
||||||
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
|
|
||||||
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
||||||
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
||||||
)
|
|
||||||
|
|
||||||
do_setup() (
|
do_setup() (
|
||||||
# perform some very rudimentary platform detection
|
# perform some very rudimentary platform detection
|
||||||
lsb_dist=$(get_distribution)
|
lsb_dist=$(get_distribution)
|
||||||
@ -510,7 +504,6 @@ do_setup() (
|
|||||||
source "$ENV_FILE"
|
source "$ENV_FILE"
|
||||||
|
|
||||||
setup_networking "$lsb_dist" "$lsb_version"
|
setup_networking "$lsb_dist" "$lsb_version"
|
||||||
setup_nat
|
|
||||||
setup_osie
|
setup_osie
|
||||||
generate_certificates
|
generate_certificates
|
||||||
setup_docker_registry
|
setup_docker_registry
|
||||||
|
Loading…
Reference in New Issue
Block a user