Add basic machineconfigs for communishift and instructions

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-25 02:41:36 +02:00 · 2019-05-25 02:41:36 +02:00 · 2d2feeaa5f
commit 2d2feeaa5f
parent 1878e49a6d
5 changed files with 77 additions and 0 deletions
--- a/files/communishift/mcs/README.md
+++ b/files/communishift/mcs/README.md
@ -0,0 +1,12 @@
 MachineConfig files
 -------------------
 The files in this directory are used as machineconfig files for communishift.
 Note that they're template files: some changes will need to be made before "oc create -f".
 Specifically:
 - The templates have two "DOBOTH" replacements. You want to create the file twice,
  once with both DOBOTH cases replaced with "master" and once replaced with "worker".
 - The mc_firewall.yml.template has a bit FILL_IN_HERE. Run "./to_data.sh firewall.sh",
  and copy the output from that script into the FILL_IN_HERE bit in the MC.
  Then run that MC twice as per the previous point (master and worker).
--- a/files/communishift/mcs/firewall.sh
+++ b/files/communishift/mcs/firewall.sh
@ -0,0 +1,10 @@
 set -xe
 iptables -N fedora-block-ports
 iptables -A fedora-block-ports -p tcp --dport 111 -j REJECT
 iptables -A fedora-block-ports -p udp --dport 111 -j REJECT
 iptables -A fedora-block-ports -p tcp --dport 22623 --src 38.145.48.42 -j ACCEPT
 iptables -A fedora-block-ports -p tcp --dport 22623 --src 38.145.48.43 -j ACCEPT
 iptables -A fedora-block-ports -p tcp --dport 22623 -j REJECT
 iptables -I INPUT 1 -j fedora-block-ports
--- a/files/communishift/mcs/mc_chrony.yml.template
+++ b/files/communishift/mcs/mc_chrony.yml.template
@ -0,0 +1,19 @@
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 metadata:
  generation: 1
  name: 50-chrony-DOBOTH
  labels:
    machineconfiguration.openshift.io/role: DOBOTH
 spec:
  config:
    ignition:
      version: "2.2.0"
    storage:
      files:
      - contents:
          source: "data:,server%20cloud-noc01.cloud.fedoraproject.org%20port%20124"
          verification: {}
        filesystem: root
        mode: 0644
        path: /etc/chrony.conf
--- a/files/communishift/mcs/mc_firewall.yml.template
+++ b/files/communishift/mcs/mc_firewall.yml.template
@ -0,0 +1,32 @@
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 metadata:
  generation: 1
  name: 40-firewall-DOBOTH
  labels:
    machineconfiguration.openshift.io/role: DOBOTH
 spec:
  config:
    ignition:
      version: "2.2.0"
    storage:
      files:
      - path: /etc/fedora_firewall.sh
        mode: 0755
        filesystem: root
        contents:
          source: "FILL_IN_HERE"
    systemd:
      units:
      - name: "fedora_firewall.service"
        enabled: true
        contents: |-
          [Unit]
          Descrption=Block firewall ports for Fedora
          [Service]
          Type=oneshot
          ExecStart=bash /etc/fedora_firewall.sh
          [Install]
          WantedBy=multi-user.target
--- a/files/communishift/mcs/to_data.sh
+++ b/files/communishift/mcs/to_data.sh
@ -0,0 +1,4 @@
 #!/bin/bash
 echo -n "data:,"
 cat $1 | tr '\n' '*' | sed -e 's/*/%0A/g' | sed -e 's/ /%20/g'
 echo