diff options
author | Daniel Farrell <dfarrell@redhat.com> | 2015-06-01 10:06:36 -0400 |
---|---|---|
committer | Daniel Farrell <dfarrell@redhat.com> | 2015-06-01 10:43:51 -0400 |
commit | 220bcb74645f5beba93282a38bac0276be199a71 (patch) | |
tree | cdef237c5e8a806e5349d074ade2e0a0b6ca4273 /foreman/ci/nat_setup.sh | |
parent | db9f29f35ef27bf9af45cb37661bfad8f1543f8b (diff) |
Copy Foreman deploy logic from bgs_vagrant repo
This code was developed in a scratch space GitHub
repo, mostly by Tim. As part of the clean-up process
for Arno, it should be migrated to Genesis and all
future work should be done via Genesis.
This is trozet/bgs_vagrant as of f27548.
I didn't copy the clean.sh, deploy.sh and build.sh scripts
from bgs_vagrant in this commit. They differ from those
in Genesis and need more attention for a proper migration.
See: https://github.com/trozet/bgs_vagrant
JIRA: BGS-53
Change-Id: I512e0ea0d02f8d99048db771221abc88aa60e2d5
Signed-off-by: Daniel Farrell <dfarrell@redhat.com>
Diffstat (limited to 'foreman/ci/nat_setup.sh')
-rwxr-xr-x | foreman/ci/nat_setup.sh | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/foreman/ci/nat_setup.sh b/foreman/ci/nat_setup.sh new file mode 100755 index 0000000..398a826 --- /dev/null +++ b/foreman/ci/nat_setup.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +#NAT setup script to setup NAT from Admin -> Public interface +#on a Vagrant VM +#Called by Vagrantfile in conjunction with deploy.sh +#author: Tim Rozet (trozet@redhat.com) +# +#Uses Vagrant and VirtualBox +#VagrantFile uses nat_setup.sh which sets up NAT +# + +##make sure firewalld is stopped and disabled +if ! systemctl stop firewalld; then + printf '%s\n' 'nat_setup.sh: Unable to stop firewalld' >&2 + exit 1 +fi + +systemctl disable firewalld + +##install iptables +if ! yum -y install iptables-services; then + printf '%s\n' 'nat_setup.sh: Unable to install iptables-services' >&2 + exit 1 +fi + +##start and enable iptables service +if ! systemctl start iptables; then + printf '%s\n' 'nat_setup.sh: Unable to start iptables-services' >&2 + exit 1 +fi + +systemctl enable iptables + +##enable IP forwarding +echo 1 > /proc/sys/net/ipv4/ip_forward + +##Configure iptables +/sbin/iptables -t nat -I POSTROUTING -o enp0s10 -j MASQUERADE +/sbin/iptables -I FORWARD 1 -i enp0s10 -o enp0s8 -m state --state RELATED,ESTABLISHED -j ACCEPT +/sbin/iptables -I FORWARD 1 -i enp0s8 -o enp0s10 -j ACCEPT +/sbin/iptables -I INPUT 1 -j ACCEPT +/sbin/iptables -I OUTPUT 1 -j ACCEPT + |