djpbessems
/
Tinkerbell.Sandbox
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Terraform in Equinix Metal: Fix NAT to reference correct interfaces (#76) 

## Description

The NAT setup commands assume that the interface is named eth1, when clearly from the [documentation](https://github.com/tinkerbell/tinkerbell-docs/blame/master/docs/setup/equinix-metal-terraform.md#L118) it is named `enp1s0f1`. This commit fixes the NAT setup commands accordingly.

## Why is this needed

NAT doesn't work by default on Equinix Metal when following the documentation

## How Has This Been Tested?

- [x] Tested with Terraform in Equinix Metal

## How are existing users impacted? What migration steps/scripts do we need?

Existing sandboxes (that are broken) should either be rebuilt, or can run the commands manually to enable NAT

## Checklist:

I have:

- [ ] updated the documentation and/or roadmap (if required)
- [ ] added unit or e2e tests
- [ ] provided instructions on how to upgrade
This commit is contained in:
mergify[bot] 2021-04-08 20:24:22 +00:00 committed by GitHub
parent 5347fe6da7 4d13239d77
commit 3fc23c58eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
deploy/terraform/main.tf
View File

@ -71,12 +71,9 @@ resource "null_resource" "tink_directory" {
destination = "/root/tink"
}
provisioner "remote-exec" {
inline = [
"iptables -A FORWARD -i eth1 -o bond0 -j ACCEPT",
"iptables -A FORWARD -i bond0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT",
"iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
]
provisioner "file" {
source = "nat_interface"
destination = "/root/tink/.nat_interface"
}
provisioner "remote-exec" {

1
deploy/terraform/nat_interface Normal file
View File

@ -0,0 +1 @@
bond0

11
setup.sh
View File

@ -110,6 +110,17 @@ setup_networking() (
else
echo "$ERR tinkerbell network interface configuration failed"
fi
if [ -r .nat_interface ]; then
NAT_INTERFACE=$(cat .nat_interface)
fi
if [ -n "$NAT_INTERFACE" ] && ip addr show "$NAT_INTERFACE" &>/dev/null; then
# TODO(nshalman) the terraform code would just run these commands as-is once
# but it would be nice to make these more persistent based on OS
iptables -A FORWARD -i "$TINKERBELL_NETWORK_INTERFACE" -o "$NAT_INTERFACE" -j ACCEPT
iptables -A FORWARD -i "$NAT_INTERFACE" -o "$TINKERBELL_NETWORK_INTERFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o "$NAT_INTERFACE" -j MASQUERADE
fi
)
setup_networking_manually() (