From 0dc0a373610b53e06f6aac852155f876caeed11d Mon Sep 17 00:00:00 2001
From: Recolic <git@me.recolic.net>
Date: Tue, 25 Feb 2025 16:24:30 -0800
Subject: [PATCH] quick_push

---
 quick_push.sh           | 24 ++++++++++++++++--------
 srv-deps/azv-plugin-slb | 19 ++++++++++++++-----
 2 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/quick_push.sh b/quick_push.sh
index bd0bfe0..4d433e7 100755
--- a/quick_push.sh
+++ b/quick_push.sh
@@ -1,16 +1,24 @@
 #!/bin/bash
 
+set -e
+
 # git restore config/vim/.netrwhist
-git stash clear
+git stash clear || true
 
-git fetch && 
-git stash &&
-git pull || exit $?
-git stash apply # This command would fail if no stashed change
+git fetch
+git stash
+git pull
+git stash apply || true # This command would fail if no stashed change
 
-git add -A &&
-git commit -m quick_push &&
+git add -A
+git commit -m quick_push
 git push
 
-exit $?
+# copy to mirror
+msmirror=$HOME/code/msdoc/proj/sh-mirror
+if [[ -d $msmirror ]]; then
+    rm -rf $msmirror/mybin $msmirror/mymsbin
+    cp -r mybin $msmirror/mybin
+    cp -r mymsbin $msmirror/mymsbin
+fi
 
diff --git a/srv-deps/azv-plugin-slb b/srv-deps/azv-plugin-slb
index fbb0deb..c5d5479 100755
--- a/srv-deps/azv-plugin-slb
+++ b/srv-deps/azv-plugin-slb
@@ -47,19 +47,28 @@ function plugin_after_vm_creat () {
     FE_IP=feip_$prefix
     BE_PL=bepl_$prefix
     var_default_val outbound_ports_per_vm 1000
+    var_default_val enable_outbound_rule_fix 1
     debugexec az network lb create --resource-group $resgrp --name $LB_NAME --sku Standard --frontend-ip-name $FE_IP --backend-pool-name $BE_PL --vnet-name $vnetname || exit
-    debugexec az network lb address-pool update -g $resgrp --lb-name $LB_NAME -n $BE_PL --vnet $vnetname --backend-addresses "[{name:addr1,ip-address:10.0.0.4}]" || exit
+
+    if [[ $enable_outbound_rule_fix = 1 ]]; then
+        # This is an unreliable trick to use NIC directly. It's from good-case ARM template dump. 
+        debugexec az network lb address-pool update -g $resgrp --lb-name $LB_NAME -n $BE_PL --vnet $vnetname --backend-addresses "[{name:${resgrp}_${vmname}VMNicipconfig${vmname}}]" || exit
+    else
+        echo -e "$COLOR_RED_BLD Warning: enable_outbound_rule_fix not enabled. outbound_ports_per_vm limit won't make effect $COLOR_CLR" 1>&2
+        # When a backend pool is configured by IP address, the backend instances are not secure by default and still use default outbound access.
+        # This means: outbound_ports_per_vm won't make effect
+        # Ref: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/default-outbound-access#how-can-i-transition-to-an-explicit-method-of-public-connectivity-and-disable-default-outbound-access
+        debugexec az network lb address-pool update -g $resgrp --lb-name $LB_NAME -n $BE_PL --vnet $vnetname --backend-addresses "[{name:addr1,ip-address:10.0.0.4}]" || exit
+    fi
+
     # TODO: The correct way to redirect PUBLIC:4022 to VM1:22. But azure-cli cannot associate nat-rule to machine. Even if u manually created one on az portal, it will de-associate after some time.
     # debugexec az network lb inbound-nat-rule create --resource-group $resgrp --lb-name $LB_NAME  --name nat_rule_nt --protocol Tcp --frontend-port 4022 --backend-port 22 --frontend-ip-name $FE_IP || exit
     # Warning: outbound-rule + lb-rule = outbound internet access
     debugexec az network lb outbound-rule    create --resource-group $resgrp --lb-name $LB_NAME --name MyOutboundRule --protocol All --idle-timeout 4 --frontend-ip-configs $FE_IP --address-pool $BE_PL --outbound-ports $outbound_ports_per_vm || exit
+
     # Redirects 8888 to ANY_MACHINE:22. Backend machine selected randomly. (replacement to inbound-nat-rule as workaround)
     debugexec az network lb rule             create --resource-group $resgrp --lb-name $LB_NAME --name lb_rule_a --protocol All --frontend-port 8888 --backend-port 22 --backend-pool-name $BE_PL --frontend-ip $FE_IP --protocol Tcp --disable-outbound-snat 1 || exit
     if [[ $vmcount != 1 ]]; then
         echo -e "$COLOR_RED_BLD Warning: PublicIp:8888 is mapped to RANDOM_MACHINE:22. Add inbound-nat-rule on az portal manually if required.$COLOR_CLR" 1>&2
     fi
-    if [[ $outbound_ports_per_vm != 1000 ]]; then
-        echo -e "$COLOR_RED_BLD Known-Bug: If you use this script, outbound_ports_per_vm limit doesn't work $COLOR_CLR" 1>&2
-        echo -e "$COLOR_RED_BLD Solution : Go to SLB-backend_pool, delete the IP, switch to NIC, add VM NIC $COLOR_CLR" 1>&2
-    fi
 }
-- 
GitLab