diff --git a/fickit-backend.yml b/fickit-backend.yml index 95132401..12699337 100644 --- a/fickit-backend.yml +++ b/fickit-backend.yml @@ -48,7 +48,7 @@ onboot: net: /run/netns/synchro - name: admin-ip-setup image: linuxkit/ip:b98c32fab9c8997c5d05677af979f05dfcd8b3f1 - command: ["/bin/sh", "-c", "ip a add 192.168.23.1/24 dev eth1; ip link set eth1 up; ip a add 172.17.0.2/24 dev vethin-admin; ip link set vethin-admin up;" ] + command: ["/bin/sh", "-c", "ip link add link eth1 name adminiface type vlan id 99; ip a add 172.16.99.219/24 dev adminiface; ip link set eth1 up; ip link set adminiface up; ip r add default via 172.16.99.1; ip a add 172.17.0.2/24 dev vethin-admin; ip link set vethin-admin up; ping -W 10 -c 1 172.16.99.1;" ] net: new runtime: interfaces: @@ -263,18 +263,18 @@ services: runtime: mkdir: - /var/lib/fic/outofsync - - name: dhcp-server - image: joebiellik/dhcpd - binds: - - /etc/dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf:ro - capabilities: - - CAP_NET_BIND_SERVICE - - CAP_NET_RAW - - CAP_DAC_OVERRIDE - net: /run/netns/fic-admin - pid: new - ipc: new - uts: new +# - name: dhcp-server +# image: joebiellik/dhcpd +# binds: +# - /etc/dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf:ro +# capabilities: +# - CAP_NET_BIND_SERVICE +# - CAP_NET_RAW +# - CAP_DAC_OVERRIDE +# net: /run/netns/fic-admin +# pid: new +# ipc: new +# uts: new files: - path: etc/init.d/015-setup-sshd @@ -344,7 +344,7 @@ files: [0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP [0:0] -A INPUT -p icmp -j ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - [0:0] -A INPUT -i eth1 -s 192.168.23.0/24 -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT + [0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT [0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 8081 -j ACCEPT [0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 8082 -j ACCEPT [0:0] -A INPUT -i vethin-admin -s 172.17.0.0/24 -p tcp -m conntrack --ctstate NEW -j ACCEPT diff --git a/fickit-frontend.yml b/fickit-frontend.yml index c5adb528..32e00cc4 100644 --- a/fickit-frontend.yml +++ b/fickit-frontend.yml @@ -46,7 +46,7 @@ onboot: net: /run/netns/nginx - name: frontal-ip-setup # without bonding image: linuxkit/ip:b98c32fab9c8997c5d05677af979f05dfcd8b3f1 - command: ["/bin/sh", "-c", "ip link set eth1 up; ip a add 172.23.42.1/24 dev eth1; ip a add 172.23.42.254/24 dev eth1; ip a add 163.5.55.58/32 dev eth1; ip link add link eth1 name internet type vlan id 2; ip link set internet up;" ] + command: ["/bin/sh", "-c", "ip link set eth1 up; ip a add 172.23.42.1/24 dev eth1; ip a add 172.23.42.254/24 dev eth1; ip a add 91.243.117.240/32 dev eth1; ip link add link eth1 name internet type vlan id 2; ip link set internet up;" ] net: /run/netns/nginx runtime: interfaces: @@ -56,7 +56,7 @@ onboot: # - name: eth4 # - name: frontal-ip-setup # with bonding # image: linuxkit/ip:b98c32fab9c8997c5d05677af979f05dfcd8b3f1 -# command: ["/bin/sh", "-c", "ip link set dev bond-frontal type bond mode balance-alb; ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3 eth4; ip a add 172.23.42.254/24 dev bond-frontal; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 163.5.55.58/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 2; ip link set internet up; sysctl -w net.ipv4.ip_forward=1;" ] +# command: ["/bin/sh", "-c", "ip link set dev bond-frontal type bond mode balance-alb; ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3 eth4; ip a add 172.23.42.254/24 dev bond-frontal; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 91.243.117.240/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 2; ip link set internet up; sysctl -w net.ipv4.ip_forward=1;" ] # net: /run/netns/nginx # runtime: # interfaces: @@ -99,7 +99,7 @@ onboot: net: /run/netns/auth - name: bridge-setup image: linuxkit/ip:b98c32fab9c8997c5d05677af979f05dfcd8b3f1 - command: ["/bin/sh", "-c", "ip a add 172.17.1.1/24 dev br0; ip link set veth-nginx master br0; ip link set veth-frontend master br0; ip link set br0 up; ip link set veth-nginx up; ip link set veth-frontend up;" ] + command: ["/bin/sh", "-c", "ip a add 172.17.1.1/24 dev br0; ip link set veth-nginx master br0; ip link set veth-frontend master br0; ip link set veth-auth master br0; ip link set br0 up; ip link set veth-nginx up; ip link set veth-frontend up; ip link set veth-auth up;" ] runtime: interfaces: - name: br0