Comments (3)
The issue that we face is that whilst a machine/laptop may be internet facing, the virtual machines created by Vagrant are not.
+--------------+
| Internet |
+------+-------+
|
+--------------------------------------------+
| | |
| +------+-----+ +--------------+ |
| | eth0 | | Tinkerbell | |
| +------------+ +-+------------+ |
| | |
+--------------------------------------------+
|
+-----v-----+
| VM1 |
+-----------+
In order to provide this functionality to these created virtual machines we need to use iptables
to allow ip_forwarding
and network address translation from the network traffic of VM1
to traverse eth0
# Set the environment variables of the two interfaces
export main=<public_ip_iface>
export vagrant=<tinkerbell_ip_iface>
# Enable internet forwarding (not permanent, we would need to edit /etc/sysctl for this)
echo 1 > /proc/sys/net/ipv4/ip_forward
# Forward traffic from vagrant network to main interface
iptables -A FORWARD -i $vagrant -o $main -j ACCEPT
# Forward established (existing traffic back from internet to vagrant network
iptables -A FORWARD -i $main -o $vagrant -m state --state ESTABLISHED,RELATED \
-j ACCEPT
# Translate addresses so traffic appears to have come from the correct address
iptables -t nat -A POSTROUTING -o $vagrant -j MASQUERADE
+--------------+
| Internet |
+------+-------+
|
+----------------------------------------------------+
| | |
| +------+---+---------------------->+------------+ |
| | eth0 | iptables | Tinkerbell | |
| +----------+<----------------------+--------+---+ |
| | |
+----------------------------------------------------+
|
+---v---+
| VM1 |
+-------+
from tinkerbell.org.
@thebsdbox does this issue affect both the Provisioner and the Worker? I think this originally discussed in context of letting a Worker see the Internet, but if it does also affect the Provisioner are there any cases where you would want to run the commands there too?
Edit: I think the diagrams answer my question, since the Provisioner is providing the network interface to the Worker, it does not have the same problem.
from tinkerbell.org.
Other thoughts - I can just drop in this content at the end of the Vagrant set up doc, but is there any context on why someone would want or need to have the Worker see the Internet at this point? @thebsdbox
from tinkerbell.org.
Related Issues (20)
- Tinkerbell.org/docs is still accessible HOT 4
- Local setup docs fix HOT 1
- Update Tinkerbell favicon HOT 3
- Google Search Console site verification HOT 1
- Sitemap Update: Docs HOT 7
- Incomplete sitemap
- Homepage "Get Started" is 404 HOT 1
- Examples hello-world has 404
- Create robots.txt
- Merging Support & Community Slack
- Footer update with CNCF HOT 6
- Add "edit" link to docs pages HOT 7
- hello-world example should direct users on how to fulfill prerequisites HOT 2
- Move Tinkerbell slack from company to CNCF Slack HOT 6
- Main website still lists OSIE, but OSIE has been deprecated in favor of Hook HOT 1
- Add documentation for Rufio
- Add documentation for tinkerbell/charts
- Add documentation around CRDs
- Why are there 2 doc repos? HOT 1
- tinkerbell.org web site down (Netlify issues) HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tinkerbell.org.