mvhutz/hetzner-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: internet access to the private compute instances

Browse Source
This commit is contained in:
Maxim Hutz
2025-12-30 14:45:11 -05:00
parent 61e0166ee6
commit 32580ec4a5
4 changed files with 56 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Taskfile.yml
View File

@@ -5,6 +5,7 @@ tasks:
tf:apply: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}} tf:apply: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}}
tf:destroy: ansible-playbook playbooks/destroy.yml {{.CLI_ARGS}} tf:destroy: ansible-playbook playbooks/destroy.yml {{.CLI_ARGS}}
configure-nat: ansible-playbook playbooks/configure_nat.yml {{.CLI_ARGS}} configure-nat: ansible-playbook playbooks/configure_nat.yml {{.CLI_ARGS}}
configure-servers: ansible-playbook playbooks/configure_servers.yml {{.CLI_ARGS}}
enter: enter:
cmd: ssh -i {{.KEY}} -p 22 root@{{.IP}} cmd: ssh -i {{.KEY}} -p 22 root@{{.IP}}

4
ansible.cfg
View File

@@ -4,9 +4,7 @@ inventory = inventory.cfg
localhost_warning = False localhost_warning = False
vault_password_file = vault.key vault_password_file = vault.key
interpreter_python = /usr/bin/python3.11 interpreter_python = /usr/bin/python3.11
deprecation_warnings=False
[inventory]
inventory_unparsed_warning = False
[ssh_connection] [ssh_connection]
ssh_args = -F secrets/ssh.cfg -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none ssh_args = -F secrets/ssh.cfg -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none

19
playbooks/configure_nat.yml
View File

@@ -2,4 +2,21 @@
hosts: gateways hosts: gateways
gather_facts: false gather_facts: false
tasks: tasks:
- ansible.builtin.raw: hostname -I - name: Enable IPv4 forwarding.
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: '1'
sysctl_set: true
- name: Update and upgrade packages.
ansible.builtin.apt:
update_cache: true
upgrade: true
- name: Add routing.
ansible.builtin.iptables:
table: nat
chain: POSTROUTING
source: 10.0.0.0/16
out_interface: eth0
jump: MASQUERADE

36
playbooks/configure_servers.yml Normal file
View File

@@ -0,0 +1,36 @@
- name: Configure NAT
hosts: servers
gather_facts: false
tasks:
- name: Uninstall Hetzner Cloud Utils.
ansible.builtin.apt:
state: absent
name: [hc-utils]
- name: Check if default route exists.
ansible.builtin.command: ip route
changed_when: "'default' in route_output.stdout"
register: route_output
notify:
- Disable default IP route.
- name: Configure networking.
ansible.builtin.blockinfile:
path: /etc/network/interfaces
marker: "# {mark} CONFIGURE NETWORKING"
block: |
auto enp7s0
iface enp7s0 inet dhcp
post-up ip route add default via 10.0.0.1
dns-nameservers 8.8.8.8 1.1.1.1
- name: Restart networking module.
ansible.builtin.systemd:
state: restarted
name: networking
handlers:
- name: Disable default IP route.
ansible.builtin.command:
ip route del default
changed_when: true