djpbessems/Tinkerbell.Sandbox
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix NAT and make it working for Terraform and Vagrant (#41)

Browse Source 
Commit b504810 introduced a NAT to make worker capable of reaching the
public internet via the provisioner.

But it also introduced a bug, it only works for the Vagrant setup as
Manny pointed out:

https://github.com/tinkerbell/sandbox/pull/33#issuecomment-759651035

This is an attempt to fix it

@mmlb I would like to avoid additional conditions as part of the
setup.sh, we have already too many of them and they are not even easy to
dsicover. We have different entrypoint for those environment let's use them.
This commit is contained in:
mergify[bot] 2021-01-23 03:44:11 +00:00 committed by GitHub
commit 89a304f4a7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
deploy/terraform/main.tf
View File

@ -66,6 +66,14 @@ resource "null_resource" "tink_directory" {
destination = "/root/tink" destination = "/root/tink"
} }
provisioner "remote-exec" {
inline = [
"iptables -A FORWARD -i eth1 -o bond0 -j ACCEPT",
"iptables -A FORWARD -i bond0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT",
"iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
]
}
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"chmod +x /root/tink/*.sh /root/tink/deploy/tls/*.sh" "chmod +x /root/tink/*.sh /root/tink/deploy/tls/*.sh"

8
deploy/vagrant/scripts/tinkerbell.sh
View File

@ -63,6 +63,12 @@ configure_vagrant_user() (
--password-stdin "$TINKERBELL_HOST_IP" --password-stdin "$TINKERBELL_HOST_IP"
) )
setup_nat() (
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
)
main() ( main() (
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
@ -91,6 +97,8 @@ main() (
./setup.sh ./setup.sh
setup_nat
secure_certs secure_certs
configure_vagrant_user configure_vagrant_user

7
setup.sh
View File

@ -487,12 +487,6 @@ whats_next() (
echo "$BLANK Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow." echo "$BLANK Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow."
) )
setup_nat() (
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
)
do_setup() ( do_setup() (
# perform some very rudimentary platform detection # perform some very rudimentary platform detection
lsb_dist=$(get_distribution) lsb_dist=$(get_distribution)
@ -510,7 +504,6 @@ do_setup() (
source "$ENV_FILE" source "$ENV_FILE"
setup_networking "$lsb_dist" "$lsb_version" setup_networking "$lsb_dist" "$lsb_version"
setup_nat
setup_osie setup_osie
generate_certificates generate_certificates
setup_docker_registry setup_docker_registry