Allow ssh over link local addresses into the machines

metal-stack · Jun 7, 2024 · de5854d · de5854d
1 parent a0f743c
commit de5854d
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -136,11 +136,11 @@ _privatenet: env
 
 .PHONY: machine
 machine: _privatenet
-	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test --name test --hostname test --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --networks $(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
+	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test --name test --hostname test --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --userdata "@/tmp/ignition.json" --networks $(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
 
 .PHONY: firewall
 firewall: _ips _privatenet
-	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
+	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --userdata "@/tmp/ignition.json" --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
 
 .PHONY: ls
 ls: env

diff --git a/compose.yaml b/compose.yaml
@@ -79,6 +79,7 @@ services:
       - METALCTL_API_URL=http://api.172.17.0.1.nip.io:8080/metal
     volumes:
       - ./files/ssh:/root/.ssh:ro
+      - ./files/ignition.json:/tmp/ignition.json
     network_mode: host
     dns:
       - 172.17.0.1

diff --git a/files/ignition.json b/files/ignition.json
@@ -0,0 +1,25 @@
+{
+  "ignition": {
+    "config": {},
+    "security": {},
+    "timeouts": {},
+    "version": "2.3.0"
+  },
+  "networkd": {},
+  "passwd": {},
+  "storage": {
+    "files": [
+      {
+        "filesystem": "root",
+        "path": "/etc/hosts.allow",
+        "append": true,
+        "contents": {
+          "source": "data:,ALL%3A%20%5Bfe80%3A%3A%5D%2F10%0D%0A",
+          "verification": {}
+        },
+        "mode": 644
+      }
+    ]
+  },
+  "systemd": {}
+}