wip

3 months ago · ed1b3bd891
3 changed files with 14 additions and 9 deletions
--- a/bootc/base/Containerfile
+++ b/bootc/base/Containerfile
@ -11,7 +11,7 @@ dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarc
 dnf install -y mkpasswd podman skopeo flightctl-agent cockpit cockpit-machines cockpit-podman \
               cockpit-files cockpit-ostree cockpit-pcp cockpit-system libvirt libvirt-daemon-kvm \
               virt-install virt-top libguestfs-tools genisoimage greenboot greenboot-default-health-checks \
-               stress-ng yq podman-compose tmux
+               stress-ng yq podman-compose tmux smartmontools hdparm tcpdump
 dnf clean all

 if [ -n "$ADMIN_USERNAME" ]; then
--- a/bootc/scenario3a/root/etc/nftables/libvirt.nft
+++ b/bootc/scenario3a/root/etc/nftables/libvirt.nft
@ -12,16 +12,21 @@ table ip libvirt-nat {
        type filter hook forward priority filter - 10
        policy accept
        
-        iifname != "virbr0" ip daddr 192.168.122.2/24 tcp dport { 80 } ct state { new } counter accept
-        ip daddr 192.168.122.2/24 ct state { related, established } counter accept
-        ip saddr 192.168.122.2/24 ct state { related, established } counter accept
+        # Accept packets related to existing connections
+        ct state invalid counter drop
+        ct state { established, related } counter accept
+
+        oifname "virbr0" ip daddr 192.168.122.2/24 tcp dport { 80, 9090 } ct state { new } counter accept
    }

    chain Pre-Routing {
-        type nat hook prerouting priority dstnat
+        type nat hook prerouting priority dstnat - 10
        policy accept

-        # Redirect port 80 to the Nextcloud VM
-        ip daddr 192.168.2.0/24 iifname != "virbr0" tcp dport { 80 } counter dnat to 192.168.122.2
+        # Redirect HTTP connections to the Nextcloud VM
+        iifname != "virbr0" ip daddr 192.168.2.0/24 tcp dport 80 counter dnat to 192.168.122.2
+
+        # Redirect Cockpit connections to the Nextcloud VM
+        iifname != "virbr0" ip daddr 192.168.2.0/24 tcp dport 9091 counter dnat to 192.168.122.2:9090
    }
 }
--- a/bootc/scenario3a/root/usr/local/bin/bootstrap-vm.sh
+++ b/bootc/scenario3a/root/usr/local/bin/bootstrap-vm.sh
@ -8,7 +8,7 @@ if [[ $# -ne 1 ]]; then
 fi

 VM="${1}"
-if [ -f "/var/lib/libvirt/images/${VM}/root.qcow2" ]; then
+if [ -d "/var/lib/libvirt/images/${VM}/" ]; then
  echo "VM ${VM} already exists. Please remove it first."
  exit 1
 fi
@ -21,7 +21,7 @@ cleanup() {
    echo "An error occurred. Cleaning up..."
    virsh destroy "${VM}" || true
    virsh undefine "${VM}" --nvram || true
-    rm -f "/var/lib/libvirt/images/${VM}/root.qcow2"
+    rm -rf "/var/lib/libvirt/images/${VM}/"
  fi
 }
 trap cleanup EXIT