internal net initial working
This commit is contained in:
parent
490231d45a
commit
f2a9bfe8d5
@ -51,9 +51,9 @@ parameters:
|
|||||||
type: Boolean
|
type: Boolean
|
||||||
description: "Enable DHCP on the VM"
|
description: "Enable DHCP on the VM"
|
||||||
default: false
|
default: false
|
||||||
gateway:
|
gateway_ip:
|
||||||
type: String
|
type: String
|
||||||
description: "Gateway for the VM"
|
description: "Gateway IP for the VM"
|
||||||
default: "100.40.223.1"
|
default: "100.40.223.1"
|
||||||
nameserver1:
|
nameserver1:
|
||||||
type: String
|
type: String
|
||||||
@ -107,7 +107,7 @@ steps:
|
|||||||
vm_name: $vm_name
|
vm_name: $vm_name
|
||||||
disk_path: "${disk_path}/${vm_name}.qcow2"
|
disk_path: "${disk_path}/${vm_name}.qcow2"
|
||||||
staging_ip: $staging_ip
|
staging_ip: $staging_ip
|
||||||
|
gateway_ip: $gateway_ip
|
||||||
- name: install_packages
|
- name: install_packages
|
||||||
description: Install Packages on the VM
|
description: Install Packages on the VM
|
||||||
task: bolt_vm_automation::install_packages_alpine
|
task: bolt_vm_automation::install_packages_alpine
|
||||||
@ -130,7 +130,7 @@ steps:
|
|||||||
ip_with_cidr: $ip_with_cidr
|
ip_with_cidr: $ip_with_cidr
|
||||||
hostname: $hostname
|
hostname: $hostname
|
||||||
dhcp: $dhcp
|
dhcp: $dhcp
|
||||||
gateway: $gateway
|
gateway_ip: $gateway_ip
|
||||||
nameserver1: $nameserver1
|
nameserver1: $nameserver1
|
||||||
nameserver2: $nameserver2
|
nameserver2: $nameserver2
|
||||||
nameserver3: $nameserver3
|
nameserver3: $nameserver3
|
||||||
|
|||||||
@ -4,6 +4,7 @@
|
|||||||
VM_NAME="${PT_vm_name}"
|
VM_NAME="${PT_vm_name}"
|
||||||
DISK_PATH="${PT_disk_path}"
|
DISK_PATH="${PT_disk_path}"
|
||||||
STAGING_IP="${PT_staging_ip}"
|
STAGING_IP="${PT_staging_ip}"
|
||||||
|
GATEWAY_IP="${PT_gateway_ip}"
|
||||||
|
|
||||||
# Wait for VM to be accessible via SSH
|
# Wait for VM to be accessible via SSH
|
||||||
while ! ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 root@${STAGING_IP} "echo 'VM is accessible'"; do
|
while ! ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 root@${STAGING_IP} "echo 'VM is accessible'"; do
|
||||||
@ -19,9 +20,9 @@ iface lo inet loopback
|
|||||||
|
|
||||||
auto eth0
|
auto eth0
|
||||||
iface eth0 inet static
|
iface eth0 inet static
|
||||||
address 100.40.223.190
|
address ${STAGING_IP}
|
||||||
netmask 255.255.255.0
|
netmask 255.255.255.0
|
||||||
gateway 100.40.223.1
|
gateway ${GATEWAY_IP}
|
||||||
\"
|
\"
|
||||||
DNSOPTS=\"-n 8.8.8.8 8.8.4.4\"
|
DNSOPTS=\"-n 8.8.8.8 8.8.4.4\"
|
||||||
TIMEZONEOPTS=\"-z UTC\"
|
TIMEZONEOPTS=\"-z UTC\"
|
||||||
|
|||||||
@ -7,7 +7,7 @@ STAGING_IP="${PT_staging_ip}"
|
|||||||
ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "sed -i '3s/^#//' /etc/apk/repositories"
|
ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "sed -i '3s/^#//' /etc/apk/repositories"
|
||||||
|
|
||||||
# Install required packages
|
# Install required packages
|
||||||
ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "apk update && apk add --no-cache vim fping htop sudo bash mtr rsync tmux"
|
ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "apk update && apk add --no-cache vim git fping htop sudo bash mtr rsync tmux"
|
||||||
|
|
||||||
# Change default shell to bash
|
# Change default shell to bash
|
||||||
ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "sed -i -E '/^(root|moeny):/ s:/bin/sh$:/bin/bash:' /etc/passwd"
|
ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "sed -i -E '/^(root|moeny):/ s:/bin/sh$:/bin/bash:' /etc/passwd"
|
||||||
|
|||||||
@ -16,7 +16,7 @@
|
|||||||
"description": "Whether to use DHCP for network configuration",
|
"description": "Whether to use DHCP for network configuration",
|
||||||
"default": false
|
"default": false
|
||||||
},
|
},
|
||||||
"gateway": {
|
"gateway_ip": {
|
||||||
"type": "String",
|
"type": "String",
|
||||||
"description": "Gateway IP address",
|
"description": "Gateway IP address",
|
||||||
"default": "100.40.223.1"
|
"default": "100.40.223.1"
|
||||||
|
|||||||
@ -4,14 +4,14 @@
|
|||||||
IP="${PT_ip_with_cidr}"
|
IP="${PT_ip_with_cidr}"
|
||||||
HOSTNAME="${PT_hostname}"
|
HOSTNAME="${PT_hostname}"
|
||||||
DHCP="${PT_dhcp}"
|
DHCP="${PT_dhcp}"
|
||||||
GATEWAY="${PT_gateway}"
|
GATEWAY_IP="${PT_gateway_ip}"
|
||||||
NAMESERVER1="${PT_nameserver1}"
|
NAMESERVER1="${PT_nameserver1}"
|
||||||
NAMESERVER2="${PT_nameserver2}"
|
NAMESERVER2="${PT_nameserver2}"
|
||||||
NAMESERVER3="${PT_nameserver3}"
|
NAMESERVER3="${PT_nameserver3}"
|
||||||
STAGING_IP="${PT_staging_ip}"
|
STAGING_IP="${PT_staging_ip}"
|
||||||
|
|
||||||
# Check if all required parameters are provided
|
# Check if all required parameters are provided
|
||||||
if [ -z "$IP" ] || [ -z "$HOSTNAME" ] || [ -z "$DHCP" ] || [ -z "$GATEWAY" ] || [ -z "$NAMESERVER1" ] || [ -z "$NAMESERVER2" ] || [ -z "$NAMESERVER3" ]; then
|
if [ -z "$IP" ] || [ -z "$HOSTNAME" ] || [ -z "$DHCP" ] || [ -z "$GATEWAY_IP" ] || [ -z "$NAMESERVER1" ] || [ -z "$NAMESERVER2" ] || [ -z "$NAMESERVER3" ]; then
|
||||||
echo '{"status": "failure", "message": "Missing required parameters. All parameters must be provided."}'
|
echo '{"status": "failure", "message": "Missing required parameters. All parameters must be provided."}'
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
@ -22,6 +22,7 @@ ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "apk add --no-cache iptables"
|
|||||||
# Configure iptables rules
|
# Configure iptables rules
|
||||||
ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "iptables -A INPUT -p tcp --dport 22 -s 100.40.223.128/26 -j ACCEPT && \
|
ssh -o StrictHostKeyChecking=no root@${STAGING_IP} "iptables -A INPUT -p tcp --dport 22 -s 100.40.223.128/26 -j ACCEPT && \
|
||||||
iptables -A INPUT -p tcp --dport 22 -s 173.62.109.73/32 -j ACCEPT && \
|
iptables -A INPUT -p tcp --dport 22 -s 173.62.109.73/32 -j ACCEPT && \
|
||||||
|
iptables -A INPUT -p tcp --dport 22 -s 10.0.0.0/8 -j ACCEPT && \
|
||||||
iptables -A INPUT -p tcp --dport 22 -j DROP"
|
iptables -A INPUT -p tcp --dport 22 -j DROP"
|
||||||
|
|
||||||
# Save iptables rules
|
# Save iptables rules
|
||||||
@ -34,7 +35,7 @@ if [ "$DHCP" = "false" ]; then
|
|||||||
auto eth0
|
auto eth0
|
||||||
iface eth0 inet static
|
iface eth0 inet static
|
||||||
address ${IP}
|
address ${IP}
|
||||||
gateway ${GATEWAY}
|
gateway ${GATEWAY_IP}
|
||||||
EOF"
|
EOF"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
20
hosts/vortex/etc/init.d/setup-moeny-network
Normal file
20
hosts/vortex/etc/init.d/setup-moeny-network
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
#!/sbin/openrc-run
|
||||||
|
|
||||||
|
description="Custom moeny network and iptables setup"
|
||||||
|
|
||||||
|
depend() {
|
||||||
|
# Run after networking and libvirt (if used) are up
|
||||||
|
after network-online libvirtd
|
||||||
|
need net
|
||||||
|
}
|
||||||
|
|
||||||
|
start() {
|
||||||
|
ebegin "Setting moeny network routes and iptables"
|
||||||
|
/usr/local/bin/setup-moeny-network.sh
|
||||||
|
eend $?
|
||||||
|
}
|
||||||
|
|
||||||
|
stop() {
|
||||||
|
ebegin "Stopping moeny network Setup (no-op)"
|
||||||
|
eend 0
|
||||||
|
}
|
||||||
9
hosts/vortex/usr/local/bin/setup-moeny-network.sh
Normal file
9
hosts/vortex/usr/local/bin/setup-moeny-network.sh
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Wait for interfaces to be up (optional, adjust as needed)
|
||||||
|
while ! ip link show virbr0 >/dev/null 2>&1 || ! ip link show br1 >/dev/null 2>&1; do
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
|
||||||
|
# Routing table setup
|
||||||
|
ip route add 10.88.0.0/24 via 10.44.0.3 dev virbr0
|
||||||
Loading…
Reference in New Issue
Block a user