nicolas
/
demo-edge-retail
mirror of https://github.com/nmasse-itix/demo-edge-retail.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

wip

main
Nicolas Massé 3 months ago
parent
12b4a9b3f2
commit
ed1b3bd891
3 changed files with 14 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      bootc/base/Containerfile
  2. 17
      bootc/scenario3a/root/etc/nftables/libvirt.nft
  3. 4
      bootc/scenario3a/root/usr/local/bin/bootstrap-vm.sh

2
bootc/base/Containerfile
View File

@ -11,7 +11,7 @@ dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarc
dnf install -y mkpasswd podman skopeo flightctl-agent cockpit cockpit-machines cockpit-podman \ dnf install -y mkpasswd podman skopeo flightctl-agent cockpit cockpit-machines cockpit-podman \
cockpit-files cockpit-ostree cockpit-pcp cockpit-system libvirt libvirt-daemon-kvm \ cockpit-files cockpit-ostree cockpit-pcp cockpit-system libvirt libvirt-daemon-kvm \
virt-install virt-top libguestfs-tools genisoimage greenboot greenboot-default-health-checks \ virt-install virt-top libguestfs-tools genisoimage greenboot greenboot-default-health-checks \
stress-ng yq podman-compose tmux stress-ng yq podman-compose tmux smartmontools hdparm tcpdump
dnf clean all dnf clean all
if [ -n "$ADMIN_USERNAME" ]; then if [ -n "$ADMIN_USERNAME" ]; then

17
bootc/scenario3a/root/etc/nftables/libvirt.nft
View File

@ -12,16 +12,21 @@ table ip libvirt-nat {
type filter hook forward priority filter - 10 type filter hook forward priority filter - 10
policy accept policy accept
iifname != "virbr0" ip daddr 192.168.122.2/24 tcp dport { 80 } ct state { new } counter accept # Accept packets related to existing connections
ip daddr 192.168.122.2/24 ct state { related, established } counter accept ct state invalid counter drop
ip saddr 192.168.122.2/24 ct state { related, established } counter accept ct state { established, related } counter accept
oifname "virbr0" ip daddr 192.168.122.2/24 tcp dport { 80, 9090 } ct state { new } counter accept
} }
chain Pre-Routing { chain Pre-Routing {
type nat hook prerouting priority dstnat type nat hook prerouting priority dstnat - 10
policy accept policy accept
# Redirect port 80 to the Nextcloud VM # Redirect HTTP connections to the Nextcloud VM
ip daddr 192.168.2.0/24 iifname != "virbr0" tcp dport { 80 } counter dnat to 192.168.122.2 iifname != "virbr0" ip daddr 192.168.2.0/24 tcp dport 80 counter dnat to 192.168.122.2
# Redirect Cockpit connections to the Nextcloud VM
iifname != "virbr0" ip daddr 192.168.2.0/24 tcp dport 9091 counter dnat to 192.168.122.2:9090
} }
} }

4
bootc/scenario3a/root/usr/local/bin/bootstrap-vm.sh
View File

@ -8,7 +8,7 @@ if [[ $# -ne 1 ]]; then
fi fi
VM="${1}" VM="${1}"
if [ -f "/var/lib/libvirt/images/${VM}/root.qcow2" ]; then if [ -d "/var/lib/libvirt/images/${VM}/" ]; then
echo "VM ${VM} already exists. Please remove it first." echo "VM ${VM} already exists. Please remove it first."
exit 1 exit 1
fi fi
@ -21,7 +21,7 @@ cleanup() {
echo "An error occurred. Cleaning up..." echo "An error occurred. Cleaning up..."
virsh destroy "${VM}" || true virsh destroy "${VM}" || true
virsh undefine "${VM}" --nvram || true virsh undefine "${VM}" --nvram || true
rm -f "/var/lib/libvirt/images/${VM}/root.qcow2" rm -rf "/var/lib/libvirt/images/${VM}/"
fi fi
} }
trap cleanup EXIT trap cleanup EXIT

Write Preview
Loading…
Cancel
Save