cerc-io
/
stack-orchestrator
mirror of https://github.com/cerc-io/stack-orchestrator
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
stack-orchestrator/playbooks
History
A. F. Dudley 05f9acf8a0 fix: DOCKER-USER rules for inbound relay, add UDP test playbooks 
Root cause: Docker FORWARD chain policy DROP blocked all DNAT'd relay
traffic (UDP/TCP 8001, UDP 9000-9025) to the kind node. The DOCKER
chain only ACCEPTs specific TCP ports (6443, 443, 80). Added ACCEPT
rules in DOCKER-USER chain which runs before all Docker chains.

Changes:
- ashburn-relay-biscayne.yml: add DOCKER-USER ACCEPT rules (inbound
  tag) and rollback cleanup
- ashburn-relay-setup.sh.j2: persist DOCKER-USER rules across reboot
- relay-inbound-udp-test.yml: controlled e2e test — listener in kind
  netns, sender from kelce, assert arrival
- relay-link-test.yml: link-by-link tcpdump captures at each hop
- relay-test-udp-listen.py, relay-test-udp-send.py: test helpers
- relay-test-ip-echo.py: full ip_echo protocol test
- inventory/kelce.yml, inventory/panic.yml: test host inventories
- test-ashburn-relay.sh: add ip_echo UDP reachability test

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 		2026-03-08 02:43:31 +00:00
..
files fix: DOCKER-USER rules for inbound relay, add UDP test playbooks 2026-03-08 02:43:31 +00:00
ashburn-relay-biscayne.yml fix: DOCKER-USER rules for inbound relay, add UDP test playbooks 2026-03-08 02:43:31 +00:00
ashburn-relay-check.yml fix: inventory layering — playbooks use hosts:all, cross-inventory uses explicit hosts 2026-03-07 22:28:21 +00:00
ashburn-relay-mia-sw01.yml fix: VRF isolation for mia-sw01 relay, TCP dport mangle for ip_echo 2026-03-07 23:31:18 +00:00
ashburn-relay-was-sw01.yml fix: inventory layering — playbooks use hosts:all, cross-inventory uses explicit hosts 2026-03-07 22:28:21 +00:00
biscayne-prepare-agave.yml fix: inventory layering — playbooks use hosts:all, cross-inventory uses explicit hosts 2026-03-07 22:28:21 +00:00
biscayne-recover.yml fix: ansible-lint production profile compliance for all playbooks 2026-03-07 10:52:40 +00:00
biscayne-redeploy.yml feat: layer 4 invariants, mount checks, and deployment layer docs 2026-03-07 13:08:04 +00:00
biscayne-start.yml fix: inventory layering — playbooks use hosts:all, cross-inventory uses explicit hosts 2026-03-07 22:28:21 +00:00
biscayne-stop.yml fix: ansible-lint production profile compliance for all playbooks 2026-03-07 10:52:40 +00:00
connect-doublezero-multicast.yml fix: inventory layering — playbooks use hosts:all, cross-inventory uses explicit hosts 2026-03-07 22:28:21 +00:00
fix-pv-mounts.yml fix: ansible-lint production profile compliance for all playbooks 2026-03-07 10:52:40 +00:00
health-check.yml fix: inventory layering — playbooks use hosts:all, cross-inventory uses explicit hosts 2026-03-07 22:28:21 +00:00
relay-inbound-udp-test.yml fix: DOCKER-USER rules for inbound relay, add UDP test playbooks 2026-03-08 02:43:31 +00:00
relay-link-test.yml fix: DOCKER-USER rules for inbound relay, add UDP test playbooks 2026-03-08 02:43:31 +00:00