diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2020-10-22 18:29:37 +0200 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2020-10-22 18:29:37 +0200 |
commit | b53b71f750008267351d84938b4701413f045628 (patch) | |
tree | cc2c8aea67333e2df7320c9a225cd585c78421ee | |
parent | 6858f17766fcd6fd0f05c43393188b79d29be5e5 (diff) | |
download | infrastructure-feature/bind_ipv6.tar.gz infrastructure-feature/bind_ipv6.zip |
Fix some bugsfeature/bind_ipv6
-rw-r--r-- | os/config/README.md | 10 | ||||
-rw-r--r-- | os/config/roles/network/templates/rules.v4 | 5 | ||||
-rw-r--r-- | os/config/roles/network/templates/rules.v6 | 6 |
3 files changed, 15 insertions, 6 deletions
diff --git a/os/config/README.md b/os/config/README.md index db8d960..fb4f6e7 100644 --- a/os/config/README.md +++ b/os/config/README.md @@ -4,12 +4,16 @@ For each machine, **one by one** do: - Check that cluster is healthy - - `sudo gluster peer status` - - `sudo gluster volume status all` (check Online Col, only `Y` must appear) + - Check gluster + - `sudo gluster peer status` + - `sudo gluster volume status all` (check Online Col, only `Y` must appear) - Check that Nomad is healthy + - `nomad server members` + - `nomad node status` - Check that Consul is healthy + - `consul members` - Check that Postgres is healthy - - Run `ansible-playbook -i production --limit <machine> site.yml` + - Run `ansible-playbook -i production.yml --limit <machine> site.yml` - Reboot - Check that cluster is healthy diff --git a/os/config/roles/network/templates/rules.v4 b/os/config/roles/network/templates/rules.v4 index 159f5f7..a5f138b 100644 --- a/os/config/roles/network/templates/rules.v4 +++ b/os/config/roles/network/templates/rules.v4 @@ -3,12 +3,15 @@ :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -# Debug +# Internet Control Message Protocol -A INPUT -p icmp -j ACCEPT # Administration -A INPUT -p tcp --dport 22 -j ACCEPT +# Diplonat needs everything open to communicate with IGD with the router +-A INPUT -s 192.168.1.254 -j ACCEPT + # Cluster {% for selected_host in groups['cluster_nodes'] %} -A INPUT -s {{ hostvars[selected_host]['ipv4'] }} -j ACCEPT diff --git a/os/config/roles/network/templates/rules.v6 b/os/config/roles/network/templates/rules.v6 index 7365b8a..50737a0 100644 --- a/os/config/roles/network/templates/rules.v6 +++ b/os/config/roles/network/templates/rules.v6 @@ -3,8 +3,10 @@ :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -# Debug +# Internet Control Message Protocol +# (required) -A INPUT -p icmp -j ACCEPT +-A INPUT -p ipv6-icmp -j ACCEPT # Administration -A INPUT -p tcp --dport 22 -j ACCEPT @@ -17,7 +19,7 @@ # Local -A INPUT -i docker0 -j ACCEPT -A INPUT -s ::1/128 -j ACCEPT --A INPUT -m conntrack --cstate ESTABLISHED,RELATED -j ACCEPT +-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT COMMIT |