cerc-io
/
stack-orchestrator
mirror of https://github.com/cerc-io/stack-orchestrator
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
15 Commits
66 Branches
528 Tags
47 MiB
Python 57.3%
Shell 36.6%
Dockerfile 4.5%
TypeScript 1%
JavaScript 0.3%
Other 0.2%
 
 
 
 
 
 
Go to file
A. F. Dudley 05f9acf8a0 fix: DOCKER-USER rules for inbound relay, add UDP test playbooks 
Root cause: Docker FORWARD chain policy DROP blocked all DNAT'd relay
traffic (UDP/TCP 8001, UDP 9000-9025) to the kind node. The DOCKER
chain only ACCEPTs specific TCP ports (6443, 443, 80). Added ACCEPT
rules in DOCKER-USER chain which runs before all Docker chains.

Changes:
- ashburn-relay-biscayne.yml: add DOCKER-USER ACCEPT rules (inbound
  tag) and rollback cleanup
- ashburn-relay-setup.sh.j2: persist DOCKER-USER rules across reboot
- relay-inbound-udp-test.yml: controlled e2e test — listener in kind
  netns, sender from kelce, assert arrival
- relay-link-test.yml: link-by-link tcpdump captures at each hop
- relay-test-udp-listen.py, relay-test-udp-send.py: test helpers
- relay-test-ip-echo.py: full ip_echo protocol test
- inventory/kelce.yml, inventory/panic.yml: test host inventories
- test-ashburn-relay.sh: add ip_echo UDP reachability test

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 		2026-03-08 02:43:31 +00:00
ashburn-relay-lab chore: add containerlab topologies for relay testing 2026-03-07 22:30:03 +00:00
docs docs: document DoubleZero agent managed config on both switches 2026-03-07 23:45:36 +00:00
inventory fix: DOCKER-USER rules for inbound relay, add UDP test playbooks 2026-03-08 02:43:31 +00:00
inventory-switches fix: separate switch inventory to prevent accidental targeting 2026-03-07 10:56:48 +00:00
playbooks fix: DOCKER-USER rules for inbound relay, add UDP test playbooks 2026-03-08 02:43:31 +00:00
scripts fix: DOCKER-USER rules for inbound relay, add UDP test playbooks 2026-03-08 02:43:31 +00:00
shred-relay-lab chore: add containerlab topologies for relay testing 2026-03-07 22:30:03 +00:00
.gitignore fix: ashburn relay playbooks and document DZ tunnel ACL root cause 2026-03-07 01:44:25 +00:00
CLAUDE.md fix: inventory layering — playbooks use hosts:all, cross-inventory uses explicit hosts 2026-03-07 22:28:21 +00:00
README.md fix: ashburn relay playbooks and document DZ tunnel ACL root cause 2026-03-07 01:44:25 +00:00
ansible.cfg fix: redeploy playbook handles SSH agent, git pull, config regen, stale PVs 2026-03-07 09:58:29 +00:00

README.md

biscayne-agave-runbook

Ansible playbooks for operating the kind-based agave-stack deployment on biscayne.vaasl.io.