fic
/
server
2
0
Fork 0
Code Issues Pull Requests 9 Releases Wiki Activity

fickit: IP setup 2021

This commit is contained in:
nemunaire 2021-09-09 11:28:52 +02:00
parent b9a220c359
commit 8a383719b4
2 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
fickit-backend.yml
View File

@ -48,7 +48,7 @@ onboot:
net: /run/netns/synchro
- name: admin-ip-setup
image: linuxkit/ip:b98c32fab9c8997c5d05677af979f05dfcd8b3f1
command: ["/bin/sh", "-c", "ip a add 192.168.23.1/24 dev eth1; ip link set eth1 up; ip a add 172.17.0.2/24 dev vethin-admin; ip link set vethin-admin up;" ]
command: ["/bin/sh", "-c", "ip link add link eth1 name adminiface type vlan id 99; ip a add 172.16.99.219/24 dev adminiface; ip link set eth1 up; ip link set adminiface up; ip r add default via 172.16.99.1; ip a add 172.17.0.2/24 dev vethin-admin; ip link set vethin-admin up; ping -W 10 -c 1 172.16.99.1;" ]
net: new
runtime:
interfaces:
@ -263,18 +263,18 @@ services:
runtime:
mkdir:
- /var/lib/fic/outofsync
- name: dhcp-server
image: joebiellik/dhcpd
binds:
- /etc/dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf:ro
capabilities:
- CAP_NET_BIND_SERVICE
- CAP_NET_RAW
- CAP_DAC_OVERRIDE
net: /run/netns/fic-admin
pid: new
ipc: new
uts: new
# - name: dhcp-server
# image: joebiellik/dhcpd
# binds:
# - /etc/dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf:ro
# capabilities:
# - CAP_NET_BIND_SERVICE
# - CAP_NET_RAW
# - CAP_DAC_OVERRIDE
# net: /run/netns/fic-admin
# pid: new
# ipc: new
# uts: new
files:
- path: etc/init.d/015-setup-sshd
@ -344,7 +344,7 @@ files:
[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
[0:0] -A INPUT -p icmp -j ACCEPT
[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -i eth1 -s 192.168.23.0/24 -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT
[0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT
[0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 8081 -j ACCEPT
[0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 8082 -j ACCEPT
[0:0] -A INPUT -i vethin-admin -s 172.17.0.0/24 -p tcp -m conntrack --ctstate NEW -j ACCEPT

6
fickit-frontend.yml
View File

@ -46,7 +46,7 @@ onboot:
net: /run/netns/nginx
- name: frontal-ip-setup # without bonding
image: linuxkit/ip:b98c32fab9c8997c5d05677af979f05dfcd8b3f1
command: ["/bin/sh", "-c", "ip link set eth1 up; ip a add 172.23.42.1/24 dev eth1; ip a add 172.23.42.254/24 dev eth1; ip a add 163.5.55.58/32 dev eth1; ip link add link eth1 name internet type vlan id 2; ip link set internet up;" ]
command: ["/bin/sh", "-c", "ip link set eth1 up; ip a add 172.23.42.1/24 dev eth1; ip a add 172.23.42.254/24 dev eth1; ip a add 91.243.117.240/32 dev eth1; ip link add link eth1 name internet type vlan id 2; ip link set internet up;" ]
net: /run/netns/nginx
runtime:
interfaces:
@ -56,7 +56,7 @@ onboot:
# - name: eth4
# - name: frontal-ip-setup # with bonding
# image: linuxkit/ip:b98c32fab9c8997c5d05677af979f05dfcd8b3f1
# command: ["/bin/sh", "-c", "ip link set dev bond-frontal type bond mode balance-alb; ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3 eth4; ip a add 172.23.42.254/24 dev bond-frontal; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 163.5.55.58/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 2; ip link set internet up; sysctl -w net.ipv4.ip_forward=1;" ]
# command: ["/bin/sh", "-c", "ip link set dev bond-frontal type bond mode balance-alb; ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3 eth4; ip a add 172.23.42.254/24 dev bond-frontal; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 91.243.117.240/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 2; ip link set internet up; sysctl -w net.ipv4.ip_forward=1;" ]
# net: /run/netns/nginx
# runtime:
# interfaces:
@ -99,7 +99,7 @@ onboot:
net: /run/netns/auth
- name: bridge-setup
image: linuxkit/ip:b98c32fab9c8997c5d05677af979f05dfcd8b3f1
command: ["/bin/sh", "-c", "ip a add 172.17.1.1/24 dev br0; ip link set veth-nginx master br0; ip link set veth-frontend master br0; ip link set br0 up; ip link set veth-nginx up; ip link set veth-frontend up;" ]
command: ["/bin/sh", "-c", "ip a add 172.17.1.1/24 dev br0; ip link set veth-nginx master br0; ip link set veth-frontend master br0; ip link set veth-auth master br0; ip link set br0 up; ip link set veth-nginx up; ip link set veth-frontend up; ip link set veth-auth up;" ]
runtime:
interfaces:
- name: br0