Hi there,
I hope somebody here can help
We have centos server called awx, that also functions as docker host for ansible awx.
Automation requires that we establish a VPN connection to Softlayer from the container host. Then the container awx_task needs to connect to softlayer vm's via ssh.
After establishing vpn connection I've discovered the following:
1. No internet action (yum update fails)
2. Ping softlayer vm's takes a long time to respond
3. I am able to connect manually via ssh after succesfull ping
The above is true for both awx and awx_task.
awx before vpn
Code:
route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 ens160
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.0.0 0.0.0.0 255.255.254.0 U 100 0 0 ens160
awx after vpn
Code:
route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 ens160
1.1.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.0.0.0 1.1.1.1 255.0.0.0 UG 0 0 0 tun0
169.51.127.228 gateway 255.255.255.255 UGH 0 0 0 ens160
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.0.0 0.0.0.0 255.255.254.0 U 100 0 0 ens160
gateway 0.0.0.0 255.255.255.255 UH 0 0 0 ens160
192.168.1.49 gateway 255.255.255.255 UGH 0 0 0 ens160
192.168.1.50 gateway 255.255.255.255 UGH 0 0 0 ens160
awx
Code:
iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
-A DOCKER -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
-A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8052 -j ACCEPT
awx (ip6 excluded from result)
Code:
ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:aaff:fec6:10d5 prefixlen 64 scopeid 0x20<link>
ether 02:42:aa:c6:10:d5 txqueuelen 0 (Ethernet)
RX packets 1558567 bytes 3965183274 (3.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2022254 bytes 1412428213 (1.3 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.86 netmask 255.255.254.0 broadcast 192.168.1.255
inet6 fe80::817a:a980:db6b:aad9 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:86:7e:30 txqueuelen 1000 (Ethernet)
RX packets 29364820 bytes 3819609474 (3.5 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7810377 bytes 8187943191 (7.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I pretty much know nothing about networking so any help would be greatly apreciated!
In short. We need internet access after VPN connection and be able to connect via ssh without delay and first pinging.