updates

chnroute.yml

+---
+  - hosts: chnroute-reverse
+    remote_user: root
+    become: true
+    tasks:
+      - name: upload list
+        copy:
+          src: '../chnroute-reverse/chnroute-reverse.txt'
+          dest: '{{ansible_user_dir}}/chnroute-reverse.txt'
+          owner: '{{ansible_ssh_user}}'
+          group: '{{ansible_ssh_user}}'
+          mode: 0644
+        notify: reload_list
+    handlers:
+      - name: reload_list
+        shell: |
+          ipset create chnrouter hash:net maxelem 1000000 || true
+          ipset flush chnrouter
+          grep -P '^((2[0-4]\d|25[0-5]|[01]?\d\d?)\.){3}(2[0-4]\d|25[0-5]|[01]?\d\d?)' {{ansible_user_dir}}/chnroute-reverse.txt | sort | uniq | xargs -I {} bash -c 'ipset add chnrouter {}'
+          true

files/hypervisor/iptables-forward.sh

 #!/bin/bash
 sudo iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -p tcp -m multiport --dports $1 -j DNAT --to-destination $2
 sudo iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports $1 -j DNAT --to-destination $2
+
 cp ./ipt ./ipt.bak
 sudo iptables-save > ./ipt
+
+echo "# use iptables-restore --noflush" > ~/iptables-gateways
+echo "*nat" >> ~/iptables-gateways
+echo ":PREROUTING -" >> ~/iptables-gateways
+sudo iptables -t nat -S PREROUTING  | grep -- "-j DNAT" >> ~/iptables-gateways
+echo "COMMIT" >> ~/iptables-gateways
+
 #netfilter-persistent save 

services.yml

@@ -21,8 +21,6 @@
           verify_host: no
           checksum: yes                                                          
           archive: no
-          owner: yes
-          group: yes
           perms: yes
       - name: templates directory
         file:

worker.yml

@@ -24,7 +24,6 @@
       pip:
         name: ansible,awscli
         state: latest
-        extra_args: -i https://mirrors.aliyun.com/pypi/simple/
     - name: ansible
       synchronize:
         src: ~/ansible/