Created
July 8, 2020 16:39
-
-
Save vernhart/68f81a2d04ea99756d6fb64a6aef8024 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NS="qrouter-$(openstack router show ubuntu-router -f value -c id)" | |
| juju run --unit neutron-gateway/leader " | |
| # this creates two interfaces connected by a virtual cable | |
| ip link add name vethhost0 type veth peer name vethns0 | |
| # and the put the second interface within the namespace | |
| ip link set vethns0 netns $NS | |
| ip addr add 172.30.30.1/30 dev vethhost0 | |
| ip -n $NS addr add 172.30.30.2/30 dev vethns0 | |
| ip link set vethhost0 up | |
| ip -n $NS link set vethns0 up | |
| # now we can just route traffic over this veth pair | |
| ip route add 10.93.192.0/18 via 172.30.30.2 | |
| ip netns exec $NS iptables -I FORWARD -s 172.30.30.1 -j ACCEPT | |
| " | |
| sshuttle -r $(juju run --unit neutron-gateway/leader \ | |
| unit-get public-address) 10.93.192.0/18 | |
| # if connections stop working, it's likely because this is a kluge and neutron | |
| # rewrote the fw rules. this will fix it: | |
| juju run --unit neutron-gateway/leader " | |
| ip netns exec $NS iptables -I FORWARD -s 172.30.30.1 -j ACCEPT | |
| " |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment