fix 安装前iptables清理

2021-02-01 11:26:00 +08:00 · 2021-02-01 11:26:00 +08:00 · f672a96be0
parent fac9023a7e
commit f672a96be0
3 changed files with 12 additions and 1 deletions
--- a/roles/cluster-addon/defaults/main.yml
+++ b/roles/cluster-addon/defaults/main.yml
@ -27,7 +27,7 @@ dashboardMetricsScraperVer: "v1.0.6"
 metricsscraper_offline: "metrics-scraper_{{ dashboardMetricsScraperVer }}.tar"

 # ingress 自动安装，可选 "traefik" 和 "nginx-ingress"
-ingress_install: "yes"
+ingress_install: "no"
 ingress_backend: "traefik_v2"
 traefikVer: "v2.4"
 traefik_v2_offline: "traefik_{{ traefikVer }}.tar"
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -70,6 +70,8 @@
    
    - name: flush-iptables
      shell: "iptables -P INPUT ACCEPT \
+            && iptables -P FORWARD ACCEPT \
+            && iptables -P OUTPUT ACCEPT \
            && iptables -F && iptables -X \
            && iptables -F -t nat && iptables -X -t nat \
            && iptables -F -t raw && iptables -X -t raw \
--- a/tools/easzup
+++ b/tools/easzup
@ -124,6 +124,15 @@ EOF
    sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
  fi

+  logger info "clean iptable rules"
+  iptables -P INPUT ACCEPT && \
+  iptables -P FORWARD ACCEPT && \
+  iptables -P OUTPUT ACCEPT && \
+  iptables -F && iptables -X && \
+  iptables -F -t nat && iptables -X -t nat && \
+  iptables -F -t raw && iptables -X -t raw && \
+  iptables -F -t mangle && iptables -X -t mangle
+
  echo "[INFO] enable and start docker"
  systemctl enable docker
  systemctl daemon-reload && systemctl restart docker && sleep 4