-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconfigure-remote-priv.sh
executable file
·72 lines (57 loc) · 1.1 KB
/
configure-remote-priv.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/bin/bash
display_usage() {
echo -e "\nUsage:\n$0 SERVER_IP CRC_IP \n"
}
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
exit
fi
# if less than one argument supplied, display usage
if [ $# -le 1 ]
then
display_usage
exit 1
fi
SERVER_IP=$1
CRC_IP=$2
# get deps
dnf -y install haproxy policycoreutils-python-utils firewalld
#configure firewalld
systemctl enable --now firewalld
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=6443/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent
systemctl restart firewalld
semanage port -a -t http_port_t -p tcp 6443
cat << EOF > /etc/haproxy/haproxy.cfg
global
debug
defaults
log global
mode http
timeout connect 0
timeout client 0
timeout server 0
frontend apps
bind :80
bind :443
option tcplog
mode tcp
default_backend apps
backend apps
mode tcp
balance roundrobin
server webserver1 $CRC_IP
frontend api
bind :6443
option tcplog
mode tcp
default_backend api
backend api
mode tcp
balance roundrobin
server webserver1 $CRC_IP:6443
EOF
systemctl stop haproxy || :
systemctl enable haproxy || :
systemctl start haproxy