From 2ce95ccafc07b4a85cea660fd4061cf5ac61b346 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Sat, 4 Jun 2022 18:09:33 +0200 Subject: [PATCH] fickit: Fix IP and ifaces --- fickit-backend.yml | 11 ++++++----- fickit-frontend.yml | 14 +++++++------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/fickit-backend.yml b/fickit-backend.yml index 4bf8d6d6..5aa07b7b 100644 --- a/fickit-backend.yml +++ b/fickit-backend.yml @@ -41,20 +41,21 @@ onboot: # image: linuxkit/openntpd:d6c36ac367ed26a6eeffd8db78334d9f8041b038 - name: synchro-ip-setup image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf - command: ["/bin/sh", "-c", "ip a add 10.10.10.1/29 dev eth0; ip link set eth0 up;" ] + command: ["/bin/sh", "-c", "ip a add 10.10.10.1/29 dev eth2; ip link set eth2 up;" ] net: new runtime: interfaces: - - name: eth0 + - name: eth2 bindNS: net: /run/netns/synchro - name: admin-ip-setup image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf - command: ["/bin/sh", "-c", "ip link add link eth1 name adminiface type vlan id 99; ip a add 172.16.99.219/24 dev adminiface; ip link set eth1 up; ip link set adminiface up; ip r add default via 172.16.99.1; ip a add 172.17.0.2/24 dev vethin-admin; ip link set vethin-admin up; ping -W 10 -c 1 172.16.99.1;" ] + #command: ["/bin/sh", "-c", "ip link add link eth3 name adminiface type vlan id 99; ip a add 172.16.99.219/24 dev adminiface; ip link set eth3 up; ip link set adminiface up; ip r add default via 172.16.99.1; ip a add 172.17.0.2/24 dev vethin-admin; ip link set vethin-admin up; ping -W 10 -c 1 172.16.99.1;" ] + command: ["/bin/sh", "-c", "ip a add 192.168.49.10/24 dev eth3; ip link set eth3 up; ip r add default via 192.168.49.1; ip a add 172.17.0.2/24 dev vethin-admin; ip link set vethin-admin up; ping -W 10 -c 1 192.168.49.1;" ] net: new runtime: interfaces: - - name: eth1 + - name: eth3 - name: vethin-admin add: veth peer: veth-admin @@ -388,7 +389,7 @@ files: [0:0] -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT [0:0] -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT [0:0] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - [0:0] -A OUTPUT -o eth0 -d 10.10.10.2 -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT + [0:0] -A OUTPUT -o eth2 -d 10.10.10.2 -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT [0:0] -A OUTPUT -j LOG [0:0] -A OUTPUT -j REJECT COMMIT diff --git a/fickit-frontend.yml b/fickit-frontend.yml index ebe68615..f30d3359 100644 --- a/fickit-frontend.yml +++ b/fickit-frontend.yml @@ -48,17 +48,17 @@ onboot: net: /run/netns/nginx - name: frontal-ip-setup # without bonding image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf - command: ["/bin/sh", "-c", "ip link set eth1 up; ip a add 172.23.42.1/24 dev eth1; ip a add 172.23.42.254/24 dev eth1; ip a add 91.243.117.240/32 dev eth1; ip link add link eth1 name internet type vlan id 2; ip link set internet up;" ] + command: ["/bin/sh", "-c", "ip link set name bond-frontal eth3; ip link set bond-frontal up; ip a add 192.168.50.10/24 dev bond-frontal; ip a add 91.243.117.240/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 4; ip link set internet up;" ] net: /run/netns/nginx runtime: interfaces: - - name: eth1 +# - name: eth1 # - name: eth2 -# - name: eth3 + - name: eth3 # - name: eth4 # - name: frontal-ip-setup # with bonding # image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf -# command: ["/bin/sh", "-c", "ip link set dev bond-frontal type bond mode balance-alb; ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3 eth4; ip a add 172.23.42.254/24 dev bond-frontal; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 91.243.117.240/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 2; ip link set internet up; sysctl -w net.ipv4.ip_forward=1;" ] +# command: ["/bin/sh", "-c", "ip link set dev bond-frontal type bond mode balance-alb; ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3 eth4; ip a add 172.23.42.254/24 dev bond-frontal; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 91.243.117.240/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 4; ip link set internet up; sysctl -w net.ipv4.ip_forward=1;" ] # net: /run/netns/nginx # runtime: # interfaces: @@ -81,11 +81,11 @@ onboot: net: /run/netns/fic-frontend - name: sshd-ip-setup image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf - command: ["/bin/sh", "-c", "ip a add 10.10.10.2/29 dev eth0; ip link set eth0 up;" ] + command: ["/bin/sh", "-c", "ip a add 10.10.10.2/29 dev eth2; ip link set eth2 up;" ] net: new runtime: interfaces: - - name: eth0 + - name: eth2 bindNS: net: /run/netns/sshd - name: auth-ip-setup @@ -420,7 +420,7 @@ files: [0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP [0:0] -A INPUT -p icmp -j ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - [0:0] -A INPUT -i eth0 -s 10.10.10.0/29 -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT + [0:0] -A INPUT -i eth2 -s 10.10.10.0/29 -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT [0:0] -A INPUT -j LOG [0:0] -A FORWARD -j LOG [0:0] -A OUTPUT -o lo -j ACCEPT