Skip to content

Instantly share code, notes, and snippets.

@dannysauer

dannysauer/"Static" IP notes.md

Last active December 4, 2019 22:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dannysauer/c19714378da6cf81aece2e7cf95ed8d9 to your computer and use it in GitHub Desktop.
Save dannysauer/c19714378da6cf81aece2e7cf95ed8d9 to your computer and use it in GitHub Desktop.
Download ZIP
Firewall stuff
Raw
"Static" IP notes.md

Rather than set up static IPs in VMs, I'd prefer to use DHCP and just have static assignments. This is basically how I do that:

List the interfaces:

for H in $( sudo virsh list --name | grep proxy ); do echo $H; sudo virsh --quiet domiflist --domain $H; done

For each interface's MAC, add a static lease:

sudo virsh net-update proxynet add-last ip-dhcp-host '<host mac="52:54:00:02:e1:aa" ip="192.168.42.10" />' --live --config

I like .10 for the manager, .21-.2x for up to nine masters, and .31+ for workers. That should probably be a loop, and should be tied into clone.sh(https://gist.github.com/dannysauer/758cf2e9037b5aa9df155e5637531b04#file-clone-sh). Maybe eventually.

Raw
proxy_log.txt
After bootstrap and join 3 masters + 2 workers:
sauer@squid:~$ sudo awk '$3~/192.168.42..*/{print $6,$7}' /var/log/squid/access.log | sort | uniq -c | sort -n
9 CONNECT www.google.com:443
28 CONNECT storage.googleapis.com:443
61 CONNECT d20cu4swhmy76u.cloudfront.net:443
84 CONNECT k8s.gcr.io:443
109 CONNECT scc.suse.com:443
241 CONNECT registry.suse.com:443
296 CONNECT updates.suse.com:443
Raw
proxy_setup_transcript.txt
sauer@proxy_manager:~> for H in 192.168.42.{10,2{1,2,3},3{1,2}}; do ssh $H "hostname;sudo whoami"; done
OK
Identity added: /home/sauer/.ssh/id_ed25519 (sauer@proxy_manager)
proxy_manager
root
proxy_master1
root
proxy_master2
root
proxy_master3
root
proxy_worker1
root
proxy_worker2
root
sauer@proxy_manager:~> for H in 192.168.42.{10,2{1,2,3},3{1,2}}; do ssh $H "hostname;sudo yast proxy set http='$http_proxy'; sudo yast proxy set https='$https_proxy'; sudo yast proxy set noproxy='$no_proxy'; sudo yast proxy enable; sudo yast proxy summary"; done
...
proxy_worker2
Error opening terminal: unknown.
Error opening terminal: unknown.
Error opening terminal: unknown.
Error opening terminal: unknown.
* Proxy is enabled.
* HTTP Proxy: http://squid.home.dannysauer.com:3128/
* HTTPS Proxy: http://squid.home.dannysauer.com:3128/
sauer@proxy_manager:~> for H in 192.168.42.{10,2{1,2,3},3{1,2}}; do ssh $H "source /etc/profile.d/profile.sh; sudo -E SUSEConnect -p sle-module-containers/15.1/x86_64 && sudo -E SUSEConnect -p caasp/4.0/x86_64 -r $CAASP_REG_CODE"; done
...
Registering system to SUSE Customer Center
Updating system details on https://scc.suse.com ...
Activating caasp 4.0 x86_64 ...
-> Adding service to system ...
-> Installing release package ...
Successfully registered system
sauer@proxy_manager:~> for H in 192.168.42.{10,2{1,2,3},3{1,2}}; do ssh $H "sudo sed -i.pre_proxy 's:EnvironmentFile.*crio:EnvironmentFile=-/etc/sysconfig/proxy\n&:' /usr/lib/systemd/system/crio.service"; done
sauer@proxy_manager:~> for H in 192.168.42.{10,2{1,2,3},3{1,2}}; do ssh $H "sudo systemctl restart crio"; done
sauer@proxy_manager:~> skuba cluster init --control-plane 192.168.42.21 --strict-capability-defaults proxycluster
[init] configuration files written to /home/sauer/proxycluster
sauer@proxy_manager:~> cd proxycluster/
sauer@proxy_manager:~/proxycluster> skuba node bootstrap --user sauer --sudo --target 192.168.42.21 proxymaster1
W1127 00:36:55.083742 25535 ssh.go:306]
The authenticity of host '192.168.42.21:22' can't be established.
...
[bootstrap] downloading secrets from bootstrapped node "192.168.42.21"
[bootstrap] deploying core add-ons on node "192.168.42.21"
[bootstrap] successfully bootstrapped core add-ons on node "192.168.42.21"
sauer@proxy_manager:~/proxycluster> skuba node join --role master --user sauer --sudo --target 192.168.42.22 proxymaster2
...
[join] node successfully joined the cluster
sauer@proxy_manager:~/proxycluster> skuba node join --role master --user sauer --sudo --target 192.168.42.23 proxymaster3
...
sauer@proxy_manager:~/proxycluster> skuba node join --role worker --user sauer --sudo --target 192.168.42.31 proxyworker1
...
[join] node successfully joined the cluster
sauer@proxy_manager:~/proxycluster> skuba node join --role worker --user sauer --sudo --target 192.168.42.32 proxyworker2
W1127 01:13:34.939563 27250 ssh.go:306]
...
[join] node successfully joined the cluster
Raw
setup.sh
sauer@proxy_manager:~> sudo yast proxy set http="http://squid.home.dannysauer.com:3128/"
sauer@proxy_manager:~> sudo yast proxy set https="http://squid.home.dannysauer.com:3128/"
sauer@proxy_manager:~> sudo yast proxy set noproxy="192.168.42.21"
sauer@proxy_manager:~> sudo yast proxy enable
sauer@proxy_manager:~> sudo yast proxy summary
* Proxy is enabled.
* HTTP Proxy: http://squid.home.dannysauer.com:3128/
* HTTPS Proxy: https://squid.home.dannysauer.com:3128/
sauer@proxy_manager:~> . /etc/profile.d/profile.sh
sauer@proxy_manager:~> env | grep -i no_proxy
no_proxy=192.168.42.21
NO_PROXY=192.168.42.21
sauer@proxy_manager:~> curl https://www.google.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment