Fix NAT and make it working for Terraform and Vagrant

Commit b504810 introduced a NAT to make worker capable of reaching the
public internet via the provisioner.

But it also introduced a bug, it only works for the Vagrant setup as
Manny pointed out:

https://github.com/tinkerbell/sandbox/pull/33#issuecomment-759651035

This is an attempt to fix it

Signed-off-by: Gianluca Arbezzano <gianarb92@gmail.com>
This commit is contained in:
Gianluca Arbezzano 2021-01-22 09:35:16 +01:00
parent f07e3d8d72
commit 243777b6ef
3 changed files with 16 additions and 7 deletions

View File

@ -66,6 +66,14 @@ resource "null_resource" "tink_directory" {
destination = "/root/tink" destination = "/root/tink"
} }
provisioner "remote-exec" {
inline = [
"iptables -A FORWARD -i eth1 -o bond0 -j ACCEPT",
"iptables -A FORWARD -i bond0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT",
"iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
]
}
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"chmod +x /root/tink/*.sh /root/tink/deploy/tls/*.sh" "chmod +x /root/tink/*.sh /root/tink/deploy/tls/*.sh"

View File

@ -63,6 +63,12 @@ configure_vagrant_user() (
--password-stdin "$TINKERBELL_HOST_IP" --password-stdin "$TINKERBELL_HOST_IP"
) )
setup_nat() (
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
)
main() ( main() (
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
@ -91,6 +97,8 @@ main() (
./setup.sh ./setup.sh
setup_nat
secure_certs secure_certs
configure_vagrant_user configure_vagrant_user

View File

@ -487,12 +487,6 @@ whats_next() (
echo "$BLANK Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow." echo "$BLANK Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow."
) )
setup_nat() (
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
)
do_setup() ( do_setup() (
# perform some very rudimentary platform detection # perform some very rudimentary platform detection
lsb_dist=$(get_distribution) lsb_dist=$(get_distribution)
@ -510,7 +504,6 @@ do_setup() (
source "$ENV_FILE" source "$ENV_FILE"
setup_networking "$lsb_dist" "$lsb_version" setup_networking "$lsb_dist" "$lsb_version"
setup_nat
setup_osie setup_osie
generate_certificates generate_certificates
setup_docker_registry setup_docker_registry