first draft for bastion support, needs to be tested

.drone.yml

@@ -12,4 +12,4 @@ pipeline:
                         - chmod 600 /tmp/id_rsa
                         - scp -i /tmp/id_rsa -o StrictHostKeyChecking=no -P 22022 ../wit-network-config_*_all.deb root@cloud-api.v2.stack.wit.com:/data/incoming
                 secrets: [ ssh_key ]
-branches: [ master, edge-support ]
+branches: [ master, edge-support, bastion-support ]

debian/wit-network-config.postinst

@@ -79,11 +79,12 @@ case "$1" in
 
 
       # gathering defined interfaces
-        for if in mgmt feth up ibgp gre;   do
+        for if in mgmt mgmtgw ipmigw feth up ibgp gre;   do
-          for i in {1..2};    do                #### for now we support/cound only to 2 interfaces of each type, we can just raise this to whatever number we want (exeption mgmt)
+          for i in {1..4};    do                #### for now we support/count only to 4 interfaces of each type, we can just raise this to whatever number we want (exeption mgmt)
             ifname=${if}${i}
             ifalias=$(dig_txt name.${ifname}.${HOSTNAME}) || true  ## still thinking how to do this cleaner
 
+
             if [[ $ifname = gre? ]] && [[ ! -z $ifalias ]]; then
                 ifmtu=$(dig_txt mtu.${ifname}.${HOSTNAME})
                 local=$(dig_txt local.${ifname}.${HOSTNAME})
@@ -121,10 +122,14 @@ case "$1" in
             fi
 
 
-            ## physical interfaces
+            ## blow we deal with real physical interfaces
-            ifmac=$(dig_txt mac.${ifname/mgmt1/mgmt}.${HOSTNAME}) || continue      ## skip undefined interfaces
+            ## it is crucial that this `ifmac` block is above the rest, since if no mac is returned it will skip the loop and prevent the package install to fail
-
+            if [[ $if = mgmt ]] || [[ $if = mgmtgw ]] || [[ $if = ipmigw ]]
-
+              then
+                ifmac=$(dig_txt mac.${if}.${HOSTNAME}) || continue      ## at this point skip the rest of the loop for interfaces that do not have a mac defined (those are not physical)
+              else
+                ifmac=$(dig_txt mac.${ifname}.${HOSTNAME}) || continue      ## at this point skip the rest of the loop for interfaces that do not have a mac defined (those are not physical)
+            fi
             echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="'${ifmac}'", ATTR{type}=="1", NAME="'${ifname}'"' >>$UDEVCONFIG
 
 
@@ -188,7 +193,7 @@ case "$1" in
             fi
 
 
-            if [[ $ifname = mgmt? ]]; then
+            if [[ $ifname = mgmt1 ]]; then            ## only 1 mgmt interface supported for now
                 cat <<-EOF >>$IFCONFIG
 			auto $ifname
 			iface $ifname inet6 auto
@@ -202,14 +207,13 @@ case "$1" in
 		EOF
             fi
 
-
           done
         done
 
      ## STOP nic config compile
 
 
-     ## START compiling frr config
+     ## START compiling frr and ipsec dynamic config blocks
 
          ## compile public IP space prefix lists, this is what's going to be advertised out the upstream provider
             i=1
@@ -334,7 +338,7 @@ case "$1" in
 
     ## START configuring services as we need it
 
-        systemctl disable strongswan    # disable ipsec till we have the certs and all
+        systemctl disable strongswan    # disable ipsec till we have the certs and all ansible will enable it after dropping certs
         systemctl enable firewall
         systemctl restart systemd-timesyncd
         systemctl restart ssh