djpbessems/Tinkerbell.Sandbox
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
89a304f4a7
Tinkerbell.Sandbox/deploy/vagrant/scripts/tinkerbell.sh
Gianluca Arbezzano 243777b6ef Fix NAT and make it working for Terraform and Vagrant 
Commit b504810 introduced a NAT to make worker capable of reaching the
public internet via the provisioner.

But it also introduced a bug, it only works for the Vagrant setup as
Manny pointed out:

https://github.com/tinkerbell/sandbox/pull/33#issuecomment-759651035

This is an attempt to fix it

Signed-off-by: Gianluca Arbezzano <gianarb92@gmail.com>
2021-01-22 16:40:08 +01:00

109 lines
2.0 KiB
Bash
Raw Blame History

#!/bin/bash
# abort this script on errors
set -euxo pipefail
whoami
cd /vagrant
setup_docker() (
# steps from https://docs.docker.com/engine/install/ubuntu/
sudo apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
sudo apt-key add -
local repo
repo=$(
printf "deb [arch=amd64] https://download.docker.com/linux/ubuntu %s stable" \
"$(lsb_release -cs)"
)
sudo add-apt-repository "$repo"
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
)
setup_docker_compose() (
# from https://docs.docker.com/compose/install/
sudo curl -L \
"https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" \
-o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
)
make_certs_writable() (
local certdir="/etc/docker/certs.d/$TINKERBELL_HOST_IP"
sudo mkdir -p "$certdir"
sudo chown -R "$USER" "$certdir"
)
secure_certs() (
local certdir="/etc/docker/certs.d/$TINKERBELL_HOST_IP"
sudo chown "root" "$certdir"
)
command_exists() (
command -v "$@" >/dev/null 2>&1
)
configure_vagrant_user() (
sudo usermod -aG docker vagrant
echo -n "$TINKERBELL_REGISTRY_PASSWORD" |
sudo -iu vagrant docker login \
--username="$TINKERBELL_REGISTRY_USERNAME" \
--password-stdin "$TINKERBELL_HOST_IP"
)
setup_nat() (
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
)
main() (
export DEBIAN_FRONTEND=noninteractive
apt-get update
if ! command_exists docker; then
setup_docker
fi
if ! command_exists docker-compose; then
setup_docker_compose
fi
if ! command_exists jq; then
sudo apt-get install -y jq
fi
if [ ! -f ./.env ]; then
./generate-envrc.sh eth1 >.env
fi
# shellcheck disable=SC1091
. ./.env
make_certs_writable
./setup.sh
setup_nat
secure_certs
configure_vagrant_user
)
main
Reference in New Issue View Git Blame Copy Permalink