On Mon, Jul 16, 2018 at 4:56 AM, Rickard von Essen <
rickard.von.es...@gmail.com> wrote:
> It looks like cloud-init in the VM can't even reach 169.254.169.254. Does
> it have routing to get there? Is there a fw blocking the calls from the VM
> to 169.254.169.254?
>
I don't think so. This is my pf.conf (n.b. it's mostly just additional
stuff so that I can access the permanently-configired VMs through the NAT)
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
ext_if="athn0"
#ext_if="bge0"
vmd_if="vether0"
set skip on lo
block return # block stateless traffic
pass # establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# vmm setup: outbound nat, inbound port mapping
match out on $ext_if inet from $vmd_if:network to any nat-to ($ext_if)
pass in on $ext_if proto tcp from any to any port 2200 rdr-to 10.13.37.200
port 22
pass in on $ext_if proto tcp from any to any port 2201 rdr-to 10.13.37.201
port 22
pass in on $ext_if proto tcp from any to any port 2202 rdr-to 10.13.37.202
port 22
pass in on $ext_if proto tcp from any to any port 2203 rdr-to 10.13.37.203
port 22
pass in on $ext_if proto tcp from any to any port 2204 rdr-to 10.13.37.204
port 22
pass in on $ext_if proto tcp from any to any port 8000 rdr-to 10.13.37.200
port 80
pass in on $ext_if proto tcp from any to any port 8001 rdr-to 10.13.37.201
port 80
pass in on $ext_if proto tcp from any to any port 8002 rdr-to 10.13.37.202
port 80
pass in on $ext_if proto tcp from any to any port 8003 rdr-to 10.13.37.203
port 80
So that you can get a feel for my setup:
vether0 is static-configured 10.13.37.1 255.255.255.0. dhcpd is bound only
to vether0 (to assign a mix of reserved and pool IPs to VMM guests) and
vether0 is added to bridge0 at boot via hostname.bridge0.
bridge0 is tied to the "local" switch in vm.conf, and that's what all of my
VMs connect to.
On Mon, Jul 16, 2018 at 12:20 PM, <ed...@pettijohn-web.com> wrote:
>
> I thought it was:
>
> root "/" strip 1
>
> No curlies and no comma, but I haven't tried it.
>
>
httpd doesn't like that syntax, either:
[axon@transient ~]$ doas httpd -d
startup
/etc/httpd.conf:16: syntax error
logger exiting, pid 63722
server exiting, pid 24069
server exiting, pid 34562
server exiting, pid 69335
[axon@transient ~]$ cat -n /etc/httpd.conf
1 ext_addr="*"
2 server "default" {
3 root "/htdocs/"
4 directory auto index
5 listen on $ext_addr port 80
6 }
7
8 # Include MIME types instead of the built-in ones
9 types {
10 include "/usr/share/misc/mime.types"
11 }
12
13 server "meta-data" {
14 listen on 169.254.169.254 port 80
15 fastcgi socket "/run/httpd.sock"
16 root "/" strip 1
17 }
18
