Mercurial > code > home > repos > infra

changeset 107:d70816c7c7db

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix pipe net forwarding after update to ubuntu 22.04
author drewp
date Tue, 19 Jul 2022 17:40:02 -0700
parents 5faa7e3aa38f
children 0381ed592b5c
files kube.py net.py templates/dnsmasq/dnsmasq.service.j2 templates/net/house_net.service.j2
diffstat 4 files changed, 12 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/kube.py	Tue Jul 19 17:39:12 2022 -0700
+++ b/kube.py	Tue Jul 19 17:40:02 2022 -0700
@@ -64,13 +64,6 @@
     if is_pi:
         pi_cgroup_setup()
 
-    # https://github.com/k3s-io/k3s/issues/1812 unclear
-    server.shell(commands=[
-        'update-alternatives --set iptables /usr/sbin/iptables-legacy',
-        'update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy',
-    ])
-    # needs reboot if this changed
-
 
 def config_and_run_service():
     download_k3s()
@@ -109,6 +102,7 @@
     # docs: https://rancher.com/docs/k3s/latest/en/installation/private-registry/
     # user confusions: https://github.com/rancher/k3s/issues/1802
     files.template(src='templates/kube/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml')
+    # also note that podman dropped the default `docker.io/` prefix on image names (see https://unix.stackexchange.com/a/701785/419418)
     config_and_run_service()
 
 if host.name in admin_from:
--- a/net.py	Tue Jul 19 17:39:12 2022 -0700
+++ b/net.py	Tue Jul 19 17:40:02 2022 -0700
@@ -35,6 +35,14 @@
     apt.packages(packages=['ufw'], present=False)
 
 
+# https://github.com/k3s-io/k3s/issues/1812 unclear, but more importantly, this has to be set
+# on pipe in a way that works with the commands in house_net.service (and net_routes)
+server.shell(commands=[
+    'update-alternatives --set iptables /usr/sbin/iptables-legacy',
+    'update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy',
+])
+# needs reboot if this changed
+
 server.sysctl(key='net.ipv6.conf.all.disable_ipv6', value=1, persist=True)
 
 if is_wifi_pi:
--- a/templates/dnsmasq/dnsmasq.service.j2	Tue Jul 19 17:39:12 2022 -0700
+++ b/templates/dnsmasq/dnsmasq.service.j2	Tue Jul 19 17:40:02 2022 -0700
@@ -12,7 +12,8 @@
 #    wg-quick@wg0.service
 #    dnsmasq_10.5
 {% if net == '10.2' %}
-#Before=wg-quick@wg0.service
+Before=wg-quick@wg0.service
+After=house_net.service
 {% endif %}
 {% if net == '10.5' %}
 Requires=wg-quick@wg0.service
--- a/templates/net/house_net.service.j2	Tue Jul 19 17:39:12 2022 -0700
+++ b/templates/net/house_net.service.j2	Tue Jul 19 17:40:02 2022 -0700
@@ -6,7 +6,7 @@
 
 [Service]
 Type=oneshot
-ExecStart=/usr/sbin/iptables -A POSTROUTING --table nat --out-interface eth0 --jump MASQUERADE
+ExecStart=sh -c "sysctl net.ipv4.ip_forward=1 && /usr/sbin/iptables -A POSTROUTING --table nat --out-interface eth0 --jump MASQUERADE"
 RemainAfterExit=yes