Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.package
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
11
Merge Requests
11
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
slapos.package
Commits
1a63a56f
Commit
1a63a56f
authored
1 year ago
by
Joanne Hugé
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
playbook/ors: add iptables rules and disable dns stub
parent
38020ebe
master
bbu
binary-cache-force-url
ors-dev
ors-offline
ors-ue
No related merge requests found
Pipeline
#28302
failed with stage
in 0 seconds
Changes
2
Pipelines
1
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
46 additions
and
2 deletions
+46
-2
playbook/roles/ors/files/interfaces
playbook/roles/ors/files/interfaces
+6
-2
playbook/roles/ors/tasks/main.yml
playbook/roles/ors/tasks/main.yml
+40
-0
No files found.
playbook/roles/ors/files/interfaces
View file @
1a63a56f
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
...
...
@@ -7,10 +5,16 @@ auto enp2s0
iface enp2s0 inet dhcp
post-up echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
post-up iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -p udp -m udp --sport 5353 -j SNAT --to-source :53
post-up iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination :5353
post-up ip6tables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
auto enp0s31f6
iface enp0s31f6 inet dhcp
post-up echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
post-up iptables -t nat -A POSTROUTING -o enp0s31f6 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -p udp -m udp --sport 5353 -j SNAT --to-source :53
post-up iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination :5353
post-up ip6tables -t nat -A POSTROUTING -o enp0s31f6 -j MASQUERADE
source /etc/network/interfaces.d/*
This diff is collapsed.
Click to expand it.
playbook/roles/ors/tasks/main.yml
View file @
1a63a56f
...
...
@@ -122,6 +122,46 @@
-
name
:
Copy keys for SR
copy
:
src=/root/.amarisoft dest=/opt/amarisoft owner=root mode=644
ignore_errors
:
yes
-
name
:
Add kernel parameter
script
:
configure-grub
-
name
:
Disable DNS stub resolver
lineinfile
:
dest=/etc/systemd/resolved.conf regexp="(.*)DNSStubListener=(.*)" line="DNSStubListener=no" state=present
register
:
disable_dns_stub
-
name
:
Create resolv symbolic link
file
:
src
:
/run/systemd/resolve/resolv.conf
dest
:
/etc/resolv.conf
state
:
link
force
:
true
register
:
create_resolv_link
-
name
:
Restart systemd-resolved.service if necessary
systemd
:
name=systemd-resolved.service enabled=yes state=restarted
when
:
(disable_dns_stub.changed) or (create_resolv_link.changed)
-
name
:
Enable and start systemd-resolved.service
systemd
:
name=systemd-resolved.service enabled=yes state=started
-
name
:
Redirect 53 to
5353
ansible.builtin.iptables
:
chain
:
PREROUTING
table
:
nat
protocol
:
udp
match
:
udp
jump
:
DNAT
destination_port
:
53
to_destination
:
'
:5353'
-
name
:
Redirect 5353 to
53
ansible.builtin.iptables
:
chain
:
POSTROUTING
table
:
nat
protocol
:
udp
match
:
udp
jump
:
SNAT
source_port
:
5353
to_source
:
'
:53'
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment