From c54e7a19d8cfe2c5bd32ea3e50d06ec65a3964e9 Mon Sep 17 00:00:00 2001 From: woojong Date: Thu, 7 Nov 2024 04:46:18 +0900 Subject: [PATCH 01/14] =?UTF-8?q?refactor:=20yml=20file=20=EB=B3=80?= =?UTF-8?q?=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/Backend-CD-My-A.yml | 54 +++++++++++++++++++++++++ .github/workflows/Backend-CD-My-All.yml | 53 ++++++++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 .github/workflows/Backend-CD-My-A.yml create mode 100644 .github/workflows/Backend-CD-My-All.yml diff --git a/.github/workflows/Backend-CD-My-A.yml b/.github/workflows/Backend-CD-My-A.yml new file mode 100644 index 000000000..6b834f2c8 --- /dev/null +++ b/.github/workflows/Backend-CD-My-A.yml @@ -0,0 +1,54 @@ +name: Backend Production Server CD A + +on: + workflow_call: + +permissions: + contents: read + +jobs: + deploy: + runs-on: [ cd, my-a ] + steps: + - name: Change permission + run: | + sudo chown -R ubuntu:ubuntu /home/ubuntu/actions-runner/_work/2024-pokerogue-helper + + - name: Deploy + run: | + cd /home/ubuntu + + sudo chmod 666 /var/run/docker.sock + + if [ "$(docker ps -qa -f name=server)" ]; then + docker rm -f server + else + echo "No container named 'server' to remove." + fi + + sudo docker system prune -f + + docker pull ${{ secrets.DOCKER_SERVER_IMAGE }} + + docker run -d -p 80:8080 --name server \ + -e JAVA_OPTS="-XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0" \ + -e TZ=Asia/Seoul \ + ${{ secrets.DOCKER_SERVER_IMAGE }} + + - name: Check service availability + run: | + SUCCESS=false + + for i in {1..10}; do + HTTP_STATUS=$(curl -o /dev/null -s -w "%{http_code}" http://localhost:80/actuator/health) || { + echo "Attempt $i: curl command failed. Retrying..."; + sleep 3; + continue; + } + + if [ $? -eq 0 ] && [ "$HTTP_STATUS" -eq 200 ]; then + echo "Service is up and running" + SUCCESS=true + break + fi + done diff --git a/.github/workflows/Backend-CD-My-All.yml b/.github/workflows/Backend-CD-My-All.yml new file mode 100644 index 000000000..4db95e3f7 --- /dev/null +++ b/.github/workflows/Backend-CD-My-All.yml @@ -0,0 +1,53 @@ +name: Backend Production Server CD All + +permissions: + contents: read + +on: + push: + branches: [ "be/my-test" ] + tags: + - 'v*' + +jobs: + test: + uses: ./.github/workflows/Backend-CI.yml + secrets: inherit + + build: + needs: test + runs-on: ci + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + token: ${{ secrets.ACTION_TOKEN }} + submodules: true + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + + - name: Build with Gradle + run: ./gradlew bootJar + working-directory: ./backend/pokerogue + + - name: Docker build and push + run: | + docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} + + docker build -t ${{ secrets.DOCKER_SERVER_IMAGE }} -f ./backend/pokerogue/docker/Dockerfile ./backend/pokerogue + docker push ${{ secrets.DOCKER_SERVER_IMAGE }} + + prod_a: + needs: build + name: Backend Production Server CD A + uses: ./.github/workflows/Backend-CD-Prod-A.yml + secrets: inherit + prod_b: + needs: prod_a + name: Backend Production Server CD B + uses: ./.github/workflows/Backend-CD-Prod-B.yml + secrets: inherit From 021282f24b17078951b613b63948afc527c357a1 Mon Sep 17 00:00:00 2001 From: woojong Date: Thu, 7 Nov 2024 04:47:35 +0900 Subject: [PATCH 02/14] =?UTF-8?q?refactor:=20yml=20file=20=EB=B3=80?= =?UTF-8?q?=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/Backend-CD-My-All.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/Backend-CD-My-All.yml b/.github/workflows/Backend-CD-My-All.yml index 4db95e3f7..dc56cb892 100644 --- a/.github/workflows/Backend-CD-My-All.yml +++ b/.github/workflows/Backend-CD-My-All.yml @@ -46,8 +46,3 @@ jobs: name: Backend Production Server CD A uses: ./.github/workflows/Backend-CD-Prod-A.yml secrets: inherit - prod_b: - needs: prod_a - name: Backend Production Server CD B - uses: ./.github/workflows/Backend-CD-Prod-B.yml - secrets: inherit From 1f1c4624abfd50c754550a756f05e622c675b694 Mon Sep 17 00:00:00 2001 From: woojong Date: Thu, 7 Nov 2024 04:51:49 +0900 Subject: [PATCH 03/14] =?UTF-8?q?refactor:=20=EB=B3=80=EC=88=98=EB=AA=85?= =?UTF-8?q?=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/Backend-CD-My-A.yml | 2 +- .github/workflows/Backend-CD-My-All.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/Backend-CD-My-A.yml b/.github/workflows/Backend-CD-My-A.yml index 6b834f2c8..997d487df 100644 --- a/.github/workflows/Backend-CD-My-A.yml +++ b/.github/workflows/Backend-CD-My-A.yml @@ -1,4 +1,4 @@ -name: Backend Production Server CD A +name: Backend Production Server My A on: workflow_call: diff --git a/.github/workflows/Backend-CD-My-All.yml b/.github/workflows/Backend-CD-My-All.yml index dc56cb892..2e0edb292 100644 --- a/.github/workflows/Backend-CD-My-All.yml +++ b/.github/workflows/Backend-CD-My-All.yml @@ -1,4 +1,4 @@ -name: Backend Production Server CD All +name: Backend Production Server CD My All permissions: contents: read @@ -43,6 +43,6 @@ jobs: prod_a: needs: build - name: Backend Production Server CD A - uses: ./.github/workflows/Backend-CD-Prod-A.yml + name: Backend Production Server CD My A + uses: ./.github/workflows/Backend-CD-My-A.yml secrets: inherit From 1ae9522de8efcba06d6924f5397c5b2f4f706652 Mon Sep 17 00:00:00 2001 From: woojong Date: Thu, 7 Nov 2024 05:49:52 +0900 Subject: [PATCH 04/14] =?UTF-8?q?chore:=20=EC=BB=A4=EB=B0=8B=20=EC=8B=9C?= =?UTF-8?q?=EC=A0=90=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/pokerogue/src/main/resources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/pokerogue/src/main/resources b/backend/pokerogue/src/main/resources index 84d406f5f..830eb5414 160000 --- a/backend/pokerogue/src/main/resources +++ b/backend/pokerogue/src/main/resources @@ -1 +1 @@ -Subproject commit 84d406f5f4d2cdb524a5bc60caf1530066a022f4 +Subproject commit 830eb54148396a08cfddbac8207adcc80a8bb51f From 5498d70dd04a6bfa8af89e4f9db53ff2a6c1fcae Mon Sep 17 00:00:00 2001 From: woojong Date: Thu, 7 Nov 2024 06:17:19 +0900 Subject: [PATCH 05/14] refactor: db ip change --- backend/pokerogue/src/main/resources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/pokerogue/src/main/resources b/backend/pokerogue/src/main/resources index 830eb5414..f9fe8f6f4 160000 --- a/backend/pokerogue/src/main/resources +++ b/backend/pokerogue/src/main/resources @@ -1 +1 @@ -Subproject commit 830eb54148396a08cfddbac8207adcc80a8bb51f +Subproject commit f9fe8f6f4d42370352a291a0970aa9fc3dc6a4ef From 6d199125109a366b25d1668b6aa82f09debe105a Mon Sep 17 00:00:00 2001 From: woojong Date: Thu, 7 Nov 2024 06:23:44 +0900 Subject: [PATCH 06/14] =?UTF-8?q?refactor:=20replica=20=EC=84=A4=EC=A0=95?= =?UTF-8?q?=20=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/pokerogue/src/main/resources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/pokerogue/src/main/resources b/backend/pokerogue/src/main/resources index f9fe8f6f4..5a9158590 160000 --- a/backend/pokerogue/src/main/resources +++ b/backend/pokerogue/src/main/resources @@ -1 +1 @@ -Subproject commit f9fe8f6f4d42370352a291a0970aa9fc3dc6a4ef +Subproject commit 5a9158590d35472b4fd13a999139c69f11a78bd6 From 3e9dc311808bc0588a47c29a970b9afcb462b834 Mon Sep 17 00:00:00 2001 From: woojong Date: Thu, 7 Nov 2024 16:53:09 +0900 Subject: [PATCH 07/14] =?UTF-8?q?refactor:=20server=20b=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/Backend-CD-My-B.yml | 0 backend/pokerogue/src/main/resources | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 .github/workflows/Backend-CD-My-B.yml diff --git a/.github/workflows/Backend-CD-My-B.yml b/.github/workflows/Backend-CD-My-B.yml new file mode 100644 index 000000000..e69de29bb diff --git a/backend/pokerogue/src/main/resources b/backend/pokerogue/src/main/resources index 5a9158590..da82e307b 160000 --- a/backend/pokerogue/src/main/resources +++ b/backend/pokerogue/src/main/resources @@ -1 +1 @@ -Subproject commit 5a9158590d35472b4fd13a999139c69f11a78bd6 +Subproject commit da82e307be3cabd28816c34c8aa09ff8ee4ea079 From d6f1c6ae4afb4d2370e0c77370bee342c34971d5 Mon Sep 17 00:00:00 2001 From: woojong Date: Thu, 7 Nov 2024 16:55:16 +0900 Subject: [PATCH 08/14] refactor: added my-b --- .github/workflows/Backend-CD-My-All.yml | 5 +++ .github/workflows/Backend-CD-My-B.yml | 54 +++++++++++++++++++++++++ 2 files changed, 59 insertions(+) diff --git a/.github/workflows/Backend-CD-My-All.yml b/.github/workflows/Backend-CD-My-All.yml index 2e0edb292..64bb1d68c 100644 --- a/.github/workflows/Backend-CD-My-All.yml +++ b/.github/workflows/Backend-CD-My-All.yml @@ -46,3 +46,8 @@ jobs: name: Backend Production Server CD My A uses: ./.github/workflows/Backend-CD-My-A.yml secrets: inherit + prod_b: + needs: build + name: Backend Production Server CD My B + uses: ./.github/workflows/Backend-CD-My-B.yml + secrets: inherit diff --git a/.github/workflows/Backend-CD-My-B.yml b/.github/workflows/Backend-CD-My-B.yml index e69de29bb..93a7cb077 100644 --- a/.github/workflows/Backend-CD-My-B.yml +++ b/.github/workflows/Backend-CD-My-B.yml @@ -0,0 +1,54 @@ +name: Backend Production Server My B + +on: + workflow_call: + +permissions: + contents: read + +jobs: + deploy: + runs-on: [ cd, my-b ] + steps: + - name: Change permission + run: | + sudo chown -R ubuntu:ubuntu /home/ubuntu/actions-runner/_work/2024-pokerogue-helper + + - name: Deploy + run: | + cd /home/ubuntu + + sudo chmod 666 /var/run/docker.sock + + if [ "$(docker ps -qa -f name=server)" ]; then + docker rm -f server + else + echo "No container named 'server' to remove." + fi + + sudo docker system prune -f + + docker pull ${{ secrets.DOCKER_SERVER_IMAGE }} + + docker run -d -p 80:8080 --name server \ + -e JAVA_OPTS="-XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0" \ + -e TZ=Asia/Seoul \ + ${{ secrets.DOCKER_SERVER_IMAGE }} + + - name: Check service availability + run: | + SUCCESS=false + + for i in {1..10}; do + HTTP_STATUS=$(curl -o /dev/null -s -w "%{http_code}" http://localhost:80/actuator/health) || { + echo "Attempt $i: curl command failed. Retrying..."; + sleep 3; + continue; + } + + if [ $? -eq 0 ] && [ "$HTTP_STATUS" -eq 200 ]; then + echo "Service is up and running" + SUCCESS=true + break + fi + done From 56d8f835e3acd25449c105d0e862dbf218b165ec Mon Sep 17 00:00:00 2001 From: woojong Date: Thu, 7 Nov 2024 17:04:07 +0900 Subject: [PATCH 09/14] =?UTF-8?q?refactor:=20replica=20=EC=84=A4=EC=A0=95?= =?UTF-8?q?=20=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/pokerogue/src/main/resources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/pokerogue/src/main/resources b/backend/pokerogue/src/main/resources index da82e307b..ac9ece5c4 160000 --- a/backend/pokerogue/src/main/resources +++ b/backend/pokerogue/src/main/resources @@ -1 +1 @@ -Subproject commit da82e307be3cabd28816c34c8aa09ff8ee4ea079 +Subproject commit ac9ece5c4ecd6746c74555e80ef19fd3ecfd5b81 From 0f065545c49733f2461a42e8e9b99554f07171f9 Mon Sep 17 00:00:00 2001 From: woojong Date: Thu, 7 Nov 2024 22:04:58 +0900 Subject: [PATCH 10/14] refactor: delete one db ip address --- backend/pokerogue/src/main/resources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/pokerogue/src/main/resources b/backend/pokerogue/src/main/resources index ac9ece5c4..db9800ae1 160000 --- a/backend/pokerogue/src/main/resources +++ b/backend/pokerogue/src/main/resources @@ -1 +1 @@ -Subproject commit ac9ece5c4ecd6746c74555e80ef19fd3ecfd5b81 +Subproject commit db9800ae13cba0a0d35714a3e0b9994ce02fa98d From e9e72204a5930735fd9fcbc4b291afad379a7e1f Mon Sep 17 00:00:00 2001 From: woojong Date: Fri, 8 Nov 2024 00:56:36 +0900 Subject: [PATCH 11/14] =?UTF-8?q?refactor:=20=EB=AC=B4=EC=A4=91=EB=8B=A8?= =?UTF-8?q?=20=EB=B0=B0=ED=8F=AC=20=EC=84=A4=EC=A0=95=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/Backend-CD-My-A.yml | 23 ++++++++++++++++++++++- .github/workflows/Backend-CD-My-B.yml | 21 +++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Backend-CD-My-A.yml b/.github/workflows/Backend-CD-My-A.yml index 997d487df..7603f7ab4 100644 --- a/.github/workflows/Backend-CD-My-A.yml +++ b/.github/workflows/Backend-CD-My-A.yml @@ -14,6 +14,13 @@ jobs: run: | sudo chown -R ubuntu:ubuntu /home/ubuntu/actions-runner/_work/2024-pokerogue-helper + - name: Port forwarding begin + run: | + sudo sysctl -w net.ipv4.ip_forward=1 + sudo iptables -t nat -I PREROUTING 1 -p tcp --dport 80 -j DNAT --to-destination ${{ secrets.BE_PROD_B_MY_PRIVATE_IP }}:80 + sudo iptables -t nat -I POSTROUTING 1 -p tcp --dport 80 -j SNAT --to-source ${{ secrets.BE_PROD_A_MY_PRIVATE_IP }} + sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + - name: Deploy run: | cd /home/ubuntu @@ -38,7 +45,7 @@ jobs: - name: Check service availability run: | SUCCESS=false - + for i in {1..10}; do HTTP_STATUS=$(curl -o /dev/null -s -w "%{http_code}" http://localhost:80/actuator/health) || { echo "Attempt $i: curl command failed. Retrying..."; @@ -52,3 +59,17 @@ jobs: break fi done + + - name: Port forwarding end + run: | + sudo iptables -t nat -D PREROUTING 1 + sudo iptables -t nat -D POSTROUTING 1 + sudo iptables -D INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + sudo iptables -L -v -t nat + + - name: Exit if fails + run: | + if [ "$SUCCESS" = false ]; then + echo "Service did not respond successfully after $ATTEMPTS attempts, stopping github actions.." + sudo exit 1 + fi diff --git a/.github/workflows/Backend-CD-My-B.yml b/.github/workflows/Backend-CD-My-B.yml index 93a7cb077..54c00483a 100644 --- a/.github/workflows/Backend-CD-My-B.yml +++ b/.github/workflows/Backend-CD-My-B.yml @@ -14,6 +14,13 @@ jobs: run: | sudo chown -R ubuntu:ubuntu /home/ubuntu/actions-runner/_work/2024-pokerogue-helper + - name: Port forwarding begin + run: | + sudo sysctl -w net.ipv4.ip_forward=1 + sudo iptables -t nat -I PREROUTING 1 -p tcp --dport 80 -j DNAT --to-destination ${{ secrets.BE_PROD_A_MY_PRIVATE_IP }}:80 + sudo iptables -t nat -I POSTROUTING 1 -p tcp --dport 80 -j SNAT --to-source ${{ secrets.BE_PROD_B_MY_PRIVATE_IP }} + sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + - name: Deploy run: | cd /home/ubuntu @@ -52,3 +59,17 @@ jobs: break fi done + + - name: Port forwarding end + run: | + sudo iptables -t nat -D PREROUTING 1 + sudo iptables -t nat -D POSTROUTING 1 + sudo iptables -D INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + sudo iptables -L -v -t nat + + - name: Exit if fails + run: | + if [ "$SUCCESS" = false ]; then + echo "Service did not respond successfully after 10 attempts, stopping github actions.." + sudo exit 1 + fi From 9dd90533aabf66dabf4986e0db1ca26e728447bd Mon Sep 17 00:00:00 2001 From: woojong Date: Fri, 8 Nov 2024 01:02:02 +0900 Subject: [PATCH 12/14] =?UTF-8?q?refactor:=20=EC=98=A4=ED=83=88=EC=9E=90?= =?UTF-8?q?=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/Backend-CD-My-All.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Backend-CD-My-All.yml b/.github/workflows/Backend-CD-My-All.yml index 64bb1d68c..df60150bf 100644 --- a/.github/workflows/Backend-CD-My-All.yml +++ b/.github/workflows/Backend-CD-My-All.yml @@ -47,7 +47,7 @@ jobs: uses: ./.github/workflows/Backend-CD-My-A.yml secrets: inherit prod_b: - needs: build + needs: prod_a name: Backend Production Server CD My B uses: ./.github/workflows/Backend-CD-My-B.yml secrets: inherit From d49203052b74072ed774cd6703286c90b5933567 Mon Sep 17 00:00:00 2001 From: woojong Date: Fri, 8 Nov 2024 01:54:50 +0900 Subject: [PATCH 13/14] =?UTF-8?q?refactor:=20=ED=8F=AC=EC=9B=8C=EB=94=A9?= =?UTF-8?q?=20=EC=8B=9C=EC=9E=91=EC=8B=9C=20forward=20policy=20accept=20?= =?UTF-8?q?=EC=83=81=ED=83=9C=EB=A1=9C=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/Backend-CD-My-A.yml | 1 + .github/workflows/Backend-CD-My-B.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/Backend-CD-My-A.yml b/.github/workflows/Backend-CD-My-A.yml index 7603f7ab4..f8b7ed42e 100644 --- a/.github/workflows/Backend-CD-My-A.yml +++ b/.github/workflows/Backend-CD-My-A.yml @@ -17,6 +17,7 @@ jobs: - name: Port forwarding begin run: | sudo sysctl -w net.ipv4.ip_forward=1 + sudo iptables --policy FORWARD ACCEPT sudo iptables -t nat -I PREROUTING 1 -p tcp --dport 80 -j DNAT --to-destination ${{ secrets.BE_PROD_B_MY_PRIVATE_IP }}:80 sudo iptables -t nat -I POSTROUTING 1 -p tcp --dport 80 -j SNAT --to-source ${{ secrets.BE_PROD_A_MY_PRIVATE_IP }} sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT diff --git a/.github/workflows/Backend-CD-My-B.yml b/.github/workflows/Backend-CD-My-B.yml index 54c00483a..cfc9eb58b 100644 --- a/.github/workflows/Backend-CD-My-B.yml +++ b/.github/workflows/Backend-CD-My-B.yml @@ -17,6 +17,7 @@ jobs: - name: Port forwarding begin run: | sudo sysctl -w net.ipv4.ip_forward=1 + sudo iptables --policy FORWARD ACCEPT sudo iptables -t nat -I PREROUTING 1 -p tcp --dport 80 -j DNAT --to-destination ${{ secrets.BE_PROD_A_MY_PRIVATE_IP }}:80 sudo iptables -t nat -I POSTROUTING 1 -p tcp --dport 80 -j SNAT --to-source ${{ secrets.BE_PROD_B_MY_PRIVATE_IP }} sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT From 9003991a774c87e31556ddab4943a6d701faa27b Mon Sep 17 00:00:00 2001 From: woojong Date: Fri, 8 Nov 2024 02:22:22 +0900 Subject: [PATCH 14/14] =?UTF-8?q?refactor:=20=EB=AC=B4=EC=A4=91=EB=8B=A8?= =?UTF-8?q?=20=EC=A7=80=EC=97=B0=20=EC=8B=9C=EA=B0=84=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/Backend-CD-My-A.yml | 5 +++-- .github/workflows/Backend-CD-My-B.yml | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/Backend-CD-My-A.yml b/.github/workflows/Backend-CD-My-A.yml index f8b7ed42e..2ba66e1f0 100644 --- a/.github/workflows/Backend-CD-My-A.yml +++ b/.github/workflows/Backend-CD-My-A.yml @@ -18,9 +18,10 @@ jobs: run: | sudo sysctl -w net.ipv4.ip_forward=1 sudo iptables --policy FORWARD ACCEPT + sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -t nat -I PREROUTING 1 -p tcp --dport 80 -j DNAT --to-destination ${{ secrets.BE_PROD_B_MY_PRIVATE_IP }}:80 sudo iptables -t nat -I POSTROUTING 1 -p tcp --dport 80 -j SNAT --to-source ${{ secrets.BE_PROD_A_MY_PRIVATE_IP }} - sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + sleep 5 - name: Deploy run: | @@ -63,9 +64,9 @@ jobs: - name: Port forwarding end run: | + sudo iptables -D INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -t nat -D PREROUTING 1 sudo iptables -t nat -D POSTROUTING 1 - sudo iptables -D INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -L -v -t nat - name: Exit if fails diff --git a/.github/workflows/Backend-CD-My-B.yml b/.github/workflows/Backend-CD-My-B.yml index cfc9eb58b..bf6875699 100644 --- a/.github/workflows/Backend-CD-My-B.yml +++ b/.github/workflows/Backend-CD-My-B.yml @@ -18,9 +18,10 @@ jobs: run: | sudo sysctl -w net.ipv4.ip_forward=1 sudo iptables --policy FORWARD ACCEPT + sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -t nat -I PREROUTING 1 -p tcp --dport 80 -j DNAT --to-destination ${{ secrets.BE_PROD_A_MY_PRIVATE_IP }}:80 sudo iptables -t nat -I POSTROUTING 1 -p tcp --dport 80 -j SNAT --to-source ${{ secrets.BE_PROD_B_MY_PRIVATE_IP }} - sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + sleep 5 - name: Deploy run: | @@ -63,9 +64,9 @@ jobs: - name: Port forwarding end run: | + sudo iptables -D INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -t nat -D PREROUTING 1 sudo iptables -t nat -D POSTROUTING 1 - sudo iptables -D INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -L -v -t nat - name: Exit if fails