diff --git a/bolt_vm_automation/plans/create_alpine.yaml b/bolt_vm_automation/plans/create_alpine.yaml index 35d2673..3885219 100644 --- a/bolt_vm_automation/plans/create_alpine.yaml +++ b/bolt_vm_automation/plans/create_alpine.yaml @@ -51,9 +51,9 @@ parameters: type: Boolean description: "Enable DHCP on the VM" default: false - gateway: + gateway_ip: type: String - description: "Gateway for the VM" + description: "Gateway IP for the VM" default: "100.40.223.1" nameserver1: type: String @@ -107,7 +107,7 @@ steps: vm_name: $vm_name disk_path: "${disk_path}/${vm_name}.qcow2" staging_ip: $staging_ip - + gateway_ip: $gateway_ip - name: install_packages description: Install Packages on the VM task: bolt_vm_automation::install_packages_alpine @@ -130,7 +130,7 @@ steps: ip_with_cidr: $ip_with_cidr hostname: $hostname dhcp: $dhcp - gateway: $gateway + gateway_ip: $gateway_ip nameserver1: $nameserver1 nameserver2: $nameserver2 nameserver3: $nameserver3 diff --git a/bolt_vm_automation/tasks/install_alpine.sh b/bolt_vm_automation/tasks/install_alpine.sh index f9f68b7..edef34b 100644 --- a/bolt_vm_automation/tasks/install_alpine.sh +++ b/bolt_vm_automation/tasks/install_alpine.sh @@ -4,6 +4,7 @@ VM_NAME="${PT_vm_name}" DISK_PATH="${PT_disk_path}" STAGING_IP="${PT_staging_ip}" +GATEWAY_IP="${PT_gateway_ip}" # Wait for VM to be accessible via SSH while ! ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 root@${STAGING_IP} "echo 'VM is accessible'"; do @@ -19,9 +20,9 @@ iface lo inet loopback auto eth0 iface eth0 inet static - address 100.40.223.190 + address ${STAGING_IP} netmask 255.255.255.0 - gateway 100.40.223.1 + gateway ${GATEWAY_IP} \" DNSOPTS=\"-n 8.8.8.8 8.8.4.4\" TIMEZONEOPTS=\"-z UTC\" diff --git a/bolt_vm_automation/tasks/install_packages_alpine.sh b/bolt_vm_automation/tasks/install_packages_alpine.sh index f56ff2f..8fdfc41 100644 --- a/bolt_vm_automation/tasks/install_packages_alpine.sh +++ b/bolt_vm_automation/tasks/install_packages_alpine.sh @@ -7,7 +7,7 @@ STAGING_IP="${PT_staging_ip}" ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "sed -i '3s/^#//' /etc/apk/repositories" # Install required packages -ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "apk update && apk add --no-cache vim fping htop sudo bash mtr rsync tmux" +ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "apk update && apk add --no-cache vim git fping htop sudo bash mtr rsync tmux" # Change default shell to bash ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "sed -i -E '/^(root|moeny):/ s:/bin/sh$:/bin/bash:' /etc/passwd" diff --git a/bolt_vm_automation/tasks/system_setup_alpine.json b/bolt_vm_automation/tasks/system_setup_alpine.json index efdf498..3c73bf3 100644 --- a/bolt_vm_automation/tasks/system_setup_alpine.json +++ b/bolt_vm_automation/tasks/system_setup_alpine.json @@ -16,7 +16,7 @@ "description": "Whether to use DHCP for network configuration", "default": false }, - "gateway": { + "gateway_ip": { "type": "String", "description": "Gateway IP address", "default": "100.40.223.1" diff --git a/bolt_vm_automation/tasks/system_setup_alpine.sh b/bolt_vm_automation/tasks/system_setup_alpine.sh index 72802c9..758c209 100644 --- a/bolt_vm_automation/tasks/system_setup_alpine.sh +++ b/bolt_vm_automation/tasks/system_setup_alpine.sh @@ -4,14 +4,14 @@ IP="${PT_ip_with_cidr}" HOSTNAME="${PT_hostname}" DHCP="${PT_dhcp}" -GATEWAY="${PT_gateway}" +GATEWAY_IP="${PT_gateway_ip}" NAMESERVER1="${PT_nameserver1}" NAMESERVER2="${PT_nameserver2}" NAMESERVER3="${PT_nameserver3}" STAGING_IP="${PT_staging_ip}" # Check if all required parameters are provided -if [ -z "$IP" ] || [ -z "$HOSTNAME" ] || [ -z "$DHCP" ] || [ -z "$GATEWAY" ] || [ -z "$NAMESERVER1" ] || [ -z "$NAMESERVER2" ] || [ -z "$NAMESERVER3" ]; then +if [ -z "$IP" ] || [ -z "$HOSTNAME" ] || [ -z "$DHCP" ] || [ -z "$GATEWAY_IP" ] || [ -z "$NAMESERVER1" ] || [ -z "$NAMESERVER2" ] || [ -z "$NAMESERVER3" ]; then echo '{"status": "failure", "message": "Missing required parameters. All parameters must be provided."}' exit 1 fi @@ -22,6 +22,7 @@ ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "apk add --no-cache iptables" # Configure iptables rules ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "iptables -A INPUT -p tcp --dport 22 -s 100.40.223.128/26 -j ACCEPT && \ iptables -A INPUT -p tcp --dport 22 -s 173.62.109.73/32 -j ACCEPT && \ + iptables -A INPUT -p tcp --dport 22 -s 10.0.0.0/8 -j ACCEPT && \ iptables -A INPUT -p tcp --dport 22 -j DROP" # Save iptables rules @@ -34,7 +35,7 @@ if [ "$DHCP" = "false" ]; then auto eth0 iface eth0 inet static address ${IP} - gateway ${GATEWAY} + gateway ${GATEWAY_IP} EOF" fi diff --git a/hosts/vortex/etc/init.d/setup-moeny-network b/hosts/vortex/etc/init.d/setup-moeny-network new file mode 100644 index 0000000..be20044 --- /dev/null +++ b/hosts/vortex/etc/init.d/setup-moeny-network @@ -0,0 +1,20 @@ +#!/sbin/openrc-run + +description="Custom moeny network and iptables setup" + +depend() { + # Run after networking and libvirt (if used) are up + after network-online libvirtd + need net +} + +start() { + ebegin "Setting moeny network routes and iptables" + /usr/local/bin/setup-moeny-network.sh + eend $? +} + +stop() { + ebegin "Stopping moeny network Setup (no-op)" + eend 0 +} \ No newline at end of file diff --git a/hosts/vortex/usr/local/bin/setup-moeny-network.sh b/hosts/vortex/usr/local/bin/setup-moeny-network.sh new file mode 100644 index 0000000..60fa299 --- /dev/null +++ b/hosts/vortex/usr/local/bin/setup-moeny-network.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +# Wait for interfaces to be up (optional, adjust as needed) +while ! ip link show virbr0 >/dev/null 2>&1 || ! ip link show br1 >/dev/null 2>&1; do + sleep 1 +done + +# Routing table setup +ip route add 10.88.0.0/24 via 10.44.0.3 dev virbr0 \ No newline at end of file