openstack/openstack-ansible-lxc_hosts
Code Issues Proposed changes

Minor tweak to the lxc-system-manage template

Browse Source 
This patch tweaks the lxc-system-manage template with typo
corrections.

Change-Id: I8e03cd823aaf7a4217afc3f7ae18d2a992b689bb
This commit is contained in:
tengqm 2016-04-09 10:45:37 -04:00
parent 48a3423967
commit aae22d17a3
1 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
templates/lxc-system-manage.j2
View File

@ -72,7 +72,7 @@ function remove_rules {
--dport 68 \ --dport 68 \
-j CHECKSUM \ -j CHECKSUM \
--checksum-fill --checksum-fill
success "IPtables rules removed." success "LXC IPtables rules removed."
} }
function add_rules { function add_rules {
@ -81,24 +81,24 @@ function add_rules {
# Set ip_prwarding # Set ip_prwarding
sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1 sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1
# Add rules from the INPUT chain # Add rules to the INPUT chain
iptables ${USE_IPTABLES_LOCK} -I INPUT -i "${LXC_BRIDGE}" -p udp --dport 67 -j ACCEPT iptables ${USE_IPTABLES_LOCK} -I INPUT -i "${LXC_BRIDGE}" -p udp --dport 67 -j ACCEPT
iptables ${USE_IPTABLES_LOCK} -I INPUT -i "${LXC_BRIDGE}" -p tcp --dport 67 -j ACCEPT iptables ${USE_IPTABLES_LOCK} -I INPUT -i "${LXC_BRIDGE}" -p tcp --dport 67 -j ACCEPT
iptables ${USE_IPTABLES_LOCK} -I INPUT -i "${LXC_BRIDGE}" -p udp --dport 53 -j ACCEPT iptables ${USE_IPTABLES_LOCK} -I INPUT -i "${LXC_BRIDGE}" -p udp --dport 53 -j ACCEPT
iptables ${USE_IPTABLES_LOCK} -I INPUT -i "${LXC_BRIDGE}" -p tcp --dport 53 -j ACCEPT iptables ${USE_IPTABLES_LOCK} -I INPUT -i "${LXC_BRIDGE}" -p tcp --dport 53 -j ACCEPT
# Add rules from the FORWARDING chain # Add rules to the FORWARDING chain
iptables ${USE_IPTABLES_LOCK} -I FORWARD -i "${LXC_BRIDGE}" -j ACCEPT iptables ${USE_IPTABLES_LOCK} -I FORWARD -i "${LXC_BRIDGE}" -j ACCEPT
iptables ${USE_IPTABLES_LOCK} -I FORWARD -o "${LXC_BRIDGE}" -j ACCEPT iptables ${USE_IPTABLES_LOCK} -I FORWARD -o "${LXC_BRIDGE}" -j ACCEPT
# Add rules from the nat POSTROUTING chain # Add rules to the nat POSTROUTING chain
iptables ${USE_IPTABLES_LOCK} -t nat \ iptables ${USE_IPTABLES_LOCK} -t nat \
-A POSTROUTING \ -A POSTROUTING \
-s "${LXC_NETWORK}" ! \ -s "${LXC_NETWORK}" ! \
-d "${LXC_NETWORK}" \ -d "${LXC_NETWORK}" \
-j MASQUERADE -j MASQUERADE
# Add rules from the mangle POSTROUTING chain # Add rules to the mangle POSTROUTING chain
iptables ${USE_IPTABLES_LOCK} -t mangle \ iptables ${USE_IPTABLES_LOCK} -t mangle \
-A POSTROUTING \ -A POSTROUTING \
-s "${LXC_NETWORK}" \ -s "${LXC_NETWORK}" \
@ -108,7 +108,7 @@ function add_rules {
--dport 68 \ --dport 68 \
-j CHECKSUM \ -j CHECKSUM \
--checksum-fill --checksum-fill
success "IPtables rules created." success "LXC IPtables rules created."
} }
function cleanup { function cleanup {
@ -159,7 +159,7 @@ function start_dnsmasq {
function start_containers_nicely { function start_containers_nicely {
set -e set -e
# Stop all containers on a host # Start all containers on a host
success "Starting all containers." success "Starting all containers."
for container in $(lxc-ls); do for container in $(lxc-ls); do
lxc-start -d -n "${container}" lxc-start -d -n "${container}"
@ -341,21 +341,21 @@ case "$1" in
operate, including the containers, dnsmasq, operate, including the containers, dnsmasq,
LXC bridge, and IPtables. LXC bridge, and IPtables.
system-tear-down Tear down everything LXC on this system. system-tear-down Tear down everything LXC on this system.
This will remove all all IPtables rules, kill This will remove all LXC IPtables rules, kill
dnsmasq, remove the LXC bridge, stops all dnsmasq, remove the LXC bridge, stop all
containers, removes DOWN veth interfaces, containers, remove DOWN veth interfaces,
and flushes the net cache. and flush the net cache.
system-force-tear-down Force tear down everything LXC on this system. system-force-tear-down Force tear down everything LXC on this system.
This will remove all all IPtables rules, kill This will remove all LXC IPtables rules, kill
dnsmasq, remove the LXC bridge, stops all dnsmasq, remove the LXC bridge, stop all
containers, removes DOWN veth interfaces, containers, remove DOWN veth interfaces,
and flushes the net cache. and flush the net cache.
system-rebuild Rebuild the LXC network, IPtables, dnsmasq, system-rebuild Rebuild the LXC network, IPtables, dnsmasq,
removes DOWN veth interfaces, flushes the remove DOWN veth interfaces, flush the
net cache, and restarts all conatiners. net cache, and restart all containers.
system-force-rebuild Force rebuild the LXC network, IPtables, dnsmasq, system-force-rebuild Force rebuild the LXC network, IPtables, dnsmasq,
removes DOWN veth interfaces, flushes the remove DOWN veth interfaces, flush the
net cache, and restarts all conatiners. net cache, and restart all containers.
dnsmasq-start Start the LXC dnsmasq process. dnsmasq-start Start the LXC dnsmasq process.
dnsmasq-stop Stop the LXC dnsmasq process. dnsmasq-stop Stop the LXC dnsmasq process.
dnsmasq-restart Restart the LXC dnsmasq process. dnsmasq-restart Restart the LXC dnsmasq process.
@ -363,7 +363,7 @@ case "$1" in
iptables-remove Remove the LXC IPtables rules for NAT. iptables-remove Remove the LXC IPtables rules for NAT.
iptables-recreate Recreate the LXC IPtables rules for NAT. iptables-recreate Recreate the LXC IPtables rules for NAT.
veth-cleanup Remove all DOWN veth interfaces from a system. veth-cleanup Remove all DOWN veth interfaces from a system.
flush-net-cache Flush the hosts network cache. This is useful if flush-net-cache Flush the host network cache. This is useful if
IP addresses are being recycled on to containers IP addresses are being recycled on to containers
from other hosts. from other hosts.
' '