Fix NAT and make it working for Terraform and Vagrant
Commit b504810
introduced a NAT to make worker capable of reaching the
public internet via the provisioner.
But it also introduced a bug, it only works for the Vagrant setup as
Manny pointed out:
https://github.com/tinkerbell/sandbox/pull/33#issuecomment-759651035
This is an attempt to fix it
Signed-off-by: Gianluca Arbezzano <gianarb92@gmail.com>
This commit is contained in:
parent
f07e3d8d72
commit
243777b6ef
@ -66,6 +66,14 @@ resource "null_resource" "tink_directory" {
|
||||
destination = "/root/tink"
|
||||
}
|
||||
|
||||
provisioner "remote-exec" {
|
||||
inline = [
|
||||
"iptables -A FORWARD -i eth1 -o bond0 -j ACCEPT",
|
||||
"iptables -A FORWARD -i bond0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT",
|
||||
"iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
|
||||
]
|
||||
}
|
||||
|
||||
provisioner "remote-exec" {
|
||||
inline = [
|
||||
"chmod +x /root/tink/*.sh /root/tink/deploy/tls/*.sh"
|
||||
|
@ -63,6 +63,12 @@ configure_vagrant_user() (
|
||||
--password-stdin "$TINKERBELL_HOST_IP"
|
||||
)
|
||||
|
||||
setup_nat() (
|
||||
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
|
||||
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
)
|
||||
|
||||
main() (
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
@ -91,6 +97,8 @@ main() (
|
||||
|
||||
./setup.sh
|
||||
|
||||
setup_nat
|
||||
|
||||
secure_certs
|
||||
|
||||
configure_vagrant_user
|
||||
|
7
setup.sh
7
setup.sh
@ -487,12 +487,6 @@ whats_next() (
|
||||
echo "$BLANK Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow."
|
||||
)
|
||||
|
||||
setup_nat() (
|
||||
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
|
||||
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
)
|
||||
|
||||
do_setup() (
|
||||
# perform some very rudimentary platform detection
|
||||
lsb_dist=$(get_distribution)
|
||||
@ -510,7 +504,6 @@ do_setup() (
|
||||
source "$ENV_FILE"
|
||||
|
||||
setup_networking "$lsb_dist" "$lsb_version"
|
||||
setup_nat
|
||||
setup_osie
|
||||
generate_certificates
|
||||
setup_docker_registry
|
||||
|
Loading…
Reference in New Issue
Block a user