make public ip infra
Signed-off-by: GnomeZworc <nicolas.boufidjeline@g3e.fr>
This commit is contained in:
parent
f81a4d959c
commit
a4cd5bce4d
GPG key ID:
4406BBBF8845D632
4 changed files with 65 additions and 37 deletions
44
README.md
44
README.md
|
|
@ -5,20 +5,13 @@ this project is Two with bash on first move
|
||||||
|
|
||||||
## Prepare kvm
|
## Prepare kvm
|
||||||
|
|
||||||
```
|
package usage:
|
||||||
apt-get install -y \
|
- ebtables / filtre arp
|
||||||
vim \
|
- socat / socket interaction
|
||||||
htop \
|
- qemu-system qemu-utils qemu-kvm / qemu install
|
||||||
socat \
|
- curl / use lib
|
||||||
ebtables \ # filtre arp
|
- tcpdump / debug network
|
||||||
qemu-system qemu-utils qemu-kvm \ # qemu install
|
- bridge-utils / bridge add
|
||||||
genisoimage \ # cloud-init file
|
|
||||||
curl \
|
|
||||||
whois \
|
|
||||||
tcpdump \
|
|
||||||
bridge-utils # bridge add
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Command et info utile
|
## Command et info utile
|
||||||
|
|
||||||
|
|
@ -104,27 +97,4 @@ qemu-system-x86_64 -enable-kvm -cpu host -m 512 \
|
||||||
-netdev tap,id=net0,ifname=tap9102959250,script=no,downscript=no -device virtio-net-pci,netdev=net0,mac=00:22:33:00:00:0A \
|
-netdev tap,id=net0,ifname=tap9102959250,script=no,downscript=no -device virtio-net-pci,netdev=net0,mac=00:22:33:00:00:0A \
|
||||||
-display none -daemonize \
|
-display none -daemonize \
|
||||||
-drive file=./seed/seed.iso,media=cdrom,if=ide
|
-drive file=./seed/seed.iso,media=cdrom,if=ide
|
||||||
```
|
|
||||||
|
|
||||||
add public ip:
|
|
||||||
```
|
|
||||||
brctl addbr br-public
|
|
||||||
brctl stp "br-public" off
|
|
||||||
ip link add "veth-public-ext" type veth peer name "veth-public-int" netns "vpc-00003"
|
|
||||||
ip netns exec "vpc-00003" brctl addbr "br-public"
|
|
||||||
ip netns exec "vpc-00003" brctl stp "br-public" off
|
|
||||||
|
|
||||||
brctl addif "br-public" "veth-public-ext"
|
|
||||||
ip netns exec "vpc-00003" brctl addif "br-public" "veth-public-int"
|
|
||||||
|
|
||||||
|
|
||||||
ip link set up dev "veth-public-ext"
|
|
||||||
ip link set up dev "br-public"
|
|
||||||
ip -n "vpc-00003" link set up dev "veth-public-int"
|
|
||||||
ip -n "vpc-00003" link set up dev "br-public"
|
|
||||||
|
|
||||||
ip link add link eno1 name macvlan0 type macvlan mode bridge
|
|
||||||
|
|
||||||
-A PREROUTING -d 192.168.15.2/32 -j DNAT --to-destination 192.168.20.10
|
|
||||||
-A POSTROUTING -s 192.168.20.10/32 -o br-public -j MASQUERADE
|
|
||||||
```
|
```
|
||||||
|
|
@ -3,6 +3,18 @@
|
||||||
. ./lib/metadata.sh
|
. ./lib/metadata.sh
|
||||||
|
|
||||||
function config_kvm {
|
function config_kvm {
|
||||||
|
apt-get install -y \
|
||||||
|
vim \
|
||||||
|
htop \
|
||||||
|
socat \
|
||||||
|
ebtables \
|
||||||
|
qemu-system qemu-utils qemu-kvm \
|
||||||
|
genisoimage \
|
||||||
|
curl \
|
||||||
|
whois \
|
||||||
|
tcpdump \
|
||||||
|
bridge-utils
|
||||||
|
|
||||||
sysctl -w net.ipv4.ip_forward=1
|
sysctl -w net.ipv4.ip_forward=1
|
||||||
iptables -A OUTPUT -p icmp --icmp-type time-exceeded -j DROP
|
iptables -A OUTPUT -p icmp --icmp-type time-exceeded -j DROP
|
||||||
|
|
||||||
|
|
@ -25,6 +37,10 @@ function config_kvm {
|
||||||
iptables -A INPUT -j ACCEPT_BOGON
|
iptables -A INPUT -j ACCEPT_BOGON
|
||||||
|
|
||||||
|
|
||||||
|
brctl addbr br-public
|
||||||
|
brctl stp "br-public" off
|
||||||
|
ip link set up dev "br-public"
|
||||||
|
|
||||||
metadata_service
|
metadata_service
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
}
|
}
|
||||||
28
lib/public_ip.sh
Normal file
28
lib/public_ip.sh
Normal file
|
|
@ -0,0 +1,28 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
function add_public_ip {
|
||||||
|
local vpc_name="${1}"
|
||||||
|
local public_ip="${2}"
|
||||||
|
local private_ip="${3}"
|
||||||
|
local host_ip="${4}"
|
||||||
|
|
||||||
|
ip -n "${vpc_name}" a add "${public_ip}/32" dev br-public
|
||||||
|
ip r add "${public_ip}" dev br-public scope link
|
||||||
|
ip -n "${vpc_name}" r add "${host_ip}" dev br-public scope link
|
||||||
|
ip -n "${vpc_name}" r add default via "${host_ip}"
|
||||||
|
|
||||||
|
ip netns exec "${vpc_name}" iptables -t nat -A PREROUTING -d "${public_ip}/32" -j DNAT --to-destination "${private_ip}"
|
||||||
|
ip netns exec "${vpc_name}" iptables -t nat -A POSTROUTING -s "${private_ip}/32" -o br-public --to-source "${public_ip}" -j SNAT
|
||||||
|
}
|
||||||
|
|
||||||
|
function delete_public_ip {
|
||||||
|
local vpc_name="${1}"
|
||||||
|
local public_ip="${2}"
|
||||||
|
local private_ip="${3}"
|
||||||
|
|
||||||
|
ip -n "${vpc_name}" a del "${public_ip}/32" dev br-public
|
||||||
|
ip r del "${public_ip}" dev br-public
|
||||||
|
|
||||||
|
ip netns exec "${vpc_name}" iptables -t nat -D PREROUTING -d "${public_ip}/32" -j DNAT --to-destination "${private_ip}"
|
||||||
|
ip netns exec "${vpc_name}" iptables -t nat -D POSTROUTING -s "${private_ip}/32" -o br-public --to-source "${public_ip}" -j SNAT
|
||||||
|
}
|
||||||
14
lib/vpc.sh
14
lib/vpc.sh
|
|
@ -27,6 +27,20 @@ function create_vpc {
|
||||||
{
|
{
|
||||||
add_in_db "vpc" "${vpc_name}"
|
add_in_db "vpc" "${vpc_name}"
|
||||||
create_netns "${vpc_name}"
|
create_netns "${vpc_name}"
|
||||||
|
|
||||||
|
ip link add "${vpc_name}-ext" type veth peer name "veth-public-int" netns "${vpc_name}"
|
||||||
|
ip netns exec "${vpc_name}" brctl addbr "br-public"
|
||||||
|
ip netns exec "${vpc_name}" brctl stp "br-public" off
|
||||||
|
|
||||||
|
|
||||||
|
brctl addif "br-public" "${vpc_name}-ext"
|
||||||
|
ip netns exec "${vpc_name}" brctl addif "br-public" "veth-public-int"
|
||||||
|
|
||||||
|
|
||||||
|
ip link set up dev "${vpc_name}-ext"
|
||||||
|
ip -n "${vpc_name}" link set up dev "veth-public-int"
|
||||||
|
ip -n "${vpc_name}" link set up dev "br-public"
|
||||||
|
|
||||||
print_in_color "${COLOR_GREEN}" "Create ${vpc_name}"
|
print_in_color "${COLOR_GREEN}" "Create ${vpc_name}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue