Terraform in Equinix Metal: Fix NAT to reference correct interfaces (#76)
## Description The NAT setup commands assume that the interface is named eth1, when clearly from the [documentation](https://github.com/tinkerbell/tinkerbell-docs/blame/master/docs/setup/equinix-metal-terraform.md#L118) it is named `enp1s0f1`. This commit fixes the NAT setup commands accordingly. ## Why is this needed NAT doesn't work by default on Equinix Metal when following the documentation ## How Has This Been Tested? - [x] Tested with Terraform in Equinix Metal ## How are existing users impacted? What migration steps/scripts do we need? Existing sandboxes (that are broken) should either be rebuilt, or can run the commands manually to enable NAT ## Checklist: I have: - [ ] updated the documentation and/or roadmap (if required) - [ ] added unit or e2e tests - [ ] provided instructions on how to upgrade
This commit is contained in:
commit
3fc23c58eb
@ -71,12 +71,9 @@ resource "null_resource" "tink_directory" {
|
|||||||
destination = "/root/tink"
|
destination = "/root/tink"
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
provisioner "file" {
|
||||||
inline = [
|
source = "nat_interface"
|
||||||
"iptables -A FORWARD -i eth1 -o bond0 -j ACCEPT",
|
destination = "/root/tink/.nat_interface"
|
||||||
"iptables -A FORWARD -i bond0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT",
|
|
||||||
"iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
|
1
deploy/terraform/nat_interface
Normal file
1
deploy/terraform/nat_interface
Normal file
@ -0,0 +1 @@
|
|||||||
|
bond0
|
11
setup.sh
11
setup.sh
@ -110,6 +110,17 @@ setup_networking() (
|
|||||||
else
|
else
|
||||||
echo "$ERR tinkerbell network interface configuration failed"
|
echo "$ERR tinkerbell network interface configuration failed"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -r .nat_interface ]; then
|
||||||
|
NAT_INTERFACE=$(cat .nat_interface)
|
||||||
|
fi
|
||||||
|
if [ -n "$NAT_INTERFACE" ] && ip addr show "$NAT_INTERFACE" &>/dev/null; then
|
||||||
|
# TODO(nshalman) the terraform code would just run these commands as-is once
|
||||||
|
# but it would be nice to make these more persistent based on OS
|
||||||
|
iptables -A FORWARD -i "$TINKERBELL_NETWORK_INTERFACE" -o "$NAT_INTERFACE" -j ACCEPT
|
||||||
|
iptables -A FORWARD -i "$NAT_INTERFACE" -o "$TINKERBELL_NETWORK_INTERFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
iptables -t nat -A POSTROUTING -o "$NAT_INTERFACE" -j MASQUERADE
|
||||||
|
fi
|
||||||
)
|
)
|
||||||
|
|
||||||
setup_networking_manually() (
|
setup_networking_manually() (
|
||||||
|
Loading…
Reference in New Issue
Block a user