Updates to bridged network setup.

This commit is contained in:
Derek Smith 2022-08-19 15:30:30 -04:00
parent b3e8f950e6
commit 4c2e16ae74
Signed by: farscapian
GPG Key ID: 8F1CD799CCA516CC
3 changed files with 45 additions and 28 deletions

View File

@ -38,11 +38,12 @@ if [ "$COMMAND" = create ]; then
# Note: the path above ./ corresponds to your LXD Remote. If your remote is set to 'cluster1' # Note: the path above ./ corresponds to your LXD Remote. If your remote is set to 'cluster1'
# Then $HOME/ss-clusters/cluster1 will be your cluster working path. # Then $HOME/ss-clusters/cluster1 will be your cluster working path.
export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)" export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)"
export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED- see www.sovereign-stack.org/reservations/"
# This is REQUIRED. A list of all sites in ~/ss-sites/ that will be deployed. # This is REQUIRED. A list of all sites in ~/ss-sites/ that will be deployed.
# e.g., 'domain1.tld,domain2.tld,domain3.tld' Add all your domains that will # e.g., 'domain1.tld,domain2.tld,domain3.tld' Add all your domains that will
# run within this SS deployment. # run within this SS deployment.
SITE_LIST="domain1.tld" export SITE_LIST="domain1.tld"
# only relevant # only relevant
export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000" export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000"
@ -92,29 +93,29 @@ EOL
esac esac
done done
# if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
# echo "INFO: It looks like you didn't provide input on the command line for the data plane macvlan interface." echo "INFO: It looks like you didn't provide input on the command line for the data plane macvlan interface."
# echo " We need to know which interface that is! Enter it here now." echo " We need to know which interface that is! Enter it here now."
# echo "" echo ""
# ssh "ubuntu@$FQDN" ip link ssh "ubuntu@$FQDN" ip link
# echo "Please enter the network interface that's dedicated to the Sovereign Stack data plane: " echo "Please enter the network interface that's dedicated to the Sovereign Stack data plane: "
# read DATA_PLANE_MACVLAN_INTERFACE read DATA_PLANE_MACVLAN_INTERFACE
# fi fi
# if [ -z "$DISK_TO_USE" ]; then if [ -z "$DISK_TO_USE" ]; then
# echo "INFO: It looks like the DISK_TO_USE has not been set. Enter it now." echo "INFO: It looks like the DISK_TO_USE has not been set. Enter it now."
# echo "" echo ""
# ssh "ubuntu@$FQDN" lsblk ssh "ubuntu@$FQDN" lsblk
# USER_DISK= USER_DISK=
# echo "Please enter the disk or partition that Sovereign Stack will use to store data (default: loop): " echo "Please enter the disk or partition that Sovereign Stack will use to store data (default: loop): "
# read USER_DISK read USER_DISK
# fi fi
else else
echo "ERROR: the cluster already exists! You need to go delete your lxd remote if you want to re-create your cluster." echo "ERROR: the cluster already exists! You need to go delete your lxd remote if you want to re-create your cluster."
@ -159,8 +160,8 @@ EOL
sleep 1 sleep 1
fi fi
if lxc network list --format csv | grep -q lxdbr0; then if lxc network list --format csv | grep -q lxdbrSS; then
lxc network delete lxdbr0 lxc network delete lxdbrSS
sleep 1 sleep 1
fi fi
fi fi
@ -168,12 +169,12 @@ EOL
ssh -t "ubuntu@$FQDN" " ssh -t "ubuntu@$FQDN" "
# set host firewall policy. # set host firewall policy.
# allow LXD API from management network. # allow LXD API from management network.
sudo ufw allow from ${IP_OF_MGMT_MACHINE}/32 proto tcp to $MGMT_PLANE_IP port 8443 # sudo ufw allow from ${IP_OF_MGMT_MACHINE}/32 proto tcp to $MGMT_PLANE_IP port 8443
# enable it. # enable it.
if sudo ufw status | grep -q 'Status: inactive'; then # if sudo ufw status | grep -q 'Status: inactive'; then
sudo ufw enable # sudo ufw enable
fi # fi
# install lxd as a snap if it's not installed. We only really use the LXC part of this package. # install lxd as a snap if it's not installed. We only really use the LXC part of this package.
if ! snap list | grep -q lxd; then if ! snap list | grep -q lxd; then
@ -196,11 +197,11 @@ config:
images.auto_update_interval: 15 images.auto_update_interval: 15
networks: networks:
- name: lxdbr0 - name: lxdbrSS
type: bridge type: bridge
config: config:
ipv4.nat: "true" ipv4.nat: "true"
ipv6.nat: "true" ipv6.address: "none"
managed: true managed: true
description: ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-},${DISK_TO_USE:-} description: ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-},${DISK_TO_USE:-}

View File

@ -181,7 +181,18 @@ else
preserve_hostname: false preserve_hostname: false
fqdn: ${FQDN} fqdn: ${FQDN}
user.network-config: |
version: 2
ethernets:
enp5s0:
dhcp4: true
match:
macaddress: ${MAC_ADDRESS_TO_PROVISION}
set-name: enp5s0
enp6s0:
dhcp4: true
EOF EOF
fi fi
@ -199,7 +210,7 @@ devices:
type: disk type: disk
EOF EOF
# TODO get the sovereign-stack lxc profile OFF the lxdbr0 bridge network. # TODO get the sovereign-stack lxc profile OFF the lxdbrSS bridge network.
echo "DATA_PLANE_MACVLAN_INTERFACE: $DATA_PLANE_MACVLAN_INTERFACE" echo "DATA_PLANE_MACVLAN_INTERFACE: $DATA_PLANE_MACVLAN_INTERFACE"
if [ "$VIRTUAL_MACHINE" = sovereign-stack ] ; then if [ "$VIRTUAL_MACHINE" = sovereign-stack ] ; then
@ -207,6 +218,7 @@ if [ "$VIRTUAL_MACHINE" = sovereign-stack ] ; then
# If we are deploying the www, we attach the vm to the underlay via macvlan. # If we are deploying the www, we attach the vm to the underlay via macvlan.
cat >> "$YAML_PATH" <<EOF cat >> "$YAML_PATH" <<EOF
enp5s0: enp5s0:
name: enp5s0
nictype: macvlan nictype: macvlan
parent: ${DATA_PLANE_MACVLAN_INTERFACE} parent: ${DATA_PLANE_MACVLAN_INTERFACE}
type: nic type: nic
@ -220,6 +232,10 @@ cat >> "$YAML_PATH" <<EOF
nictype: macvlan nictype: macvlan
parent: ${DATA_PLANE_MACVLAN_INTERFACE} parent: ${DATA_PLANE_MACVLAN_INTERFACE}
type: nic type: nic
enp6s0:
name: enp6s0
network: lxdbrSS
type: nic
name: ${FILENAME} name: ${FILENAME}
EOF EOF

View File

@ -21,7 +21,7 @@ fi
# enable docker swarm mode so we can support docker stacks. # enable docker swarm mode so we can support docker stacks.
if ! docker info | grep -q "Swarm: active"; then if ! docker info | grep -q "Swarm: active"; then
docker swarm init docker swarm init --advertise-addr enp6s0
fi fi
# stop services. # stop services.