adding ipsec config as well

debian/postinst.ex

@@ -21,11 +21,52 @@ set -e
 case "$1" in
     configure)
 
+      
+        export NODE_ID=$(ip -4 -br addr | grep 10.0. | awk '{ print $3 }' | awk 'BEGIN{FS="[./]"} { print $4 }')
+
+        export MGMT_ID=$(ip -4 -br addr | grep 10.0. | awk '{ print $3 }' | awk 'BEGIN{FS="[./]"} { print $3 }')
+        export MGMT_MAC=$(ip -br link show dev $(ip -4 -br addr | grep 10.0. | awk '{ print $1 }') | awk '{ print $3 }')
+
+
+        [ "$MGMT_ID" -ge  0 -a "$MGMT_ID" -lt 16 ] && export DOMAINNAME=.usw1.wit.com
+        [ "$MGMT_ID" -ge 16 -a "$MGMT_ID" -lt 32 ] && export DOMAINNAME=.usw2.wit.com
+
+
+        [ ${HOSTNAME:0:1} = h ] && export HOSTTYPE=hypervisor
+        [ ${HOSTNAME:0:1} = d ] && export HOSTTYPE=datanode
+
+
+        [ $HOSTTYPE = hypervisor -a $DOMAINNAME = .usw1.wit.com ] && export TIER_ID=2
+        [ $HOSTTYPE = datanode   -a $DOMAINNAME = .usw1.wit.com ] && export TIER_ID=4
+        [ $HOSTTYPE = hypervisor -a $DOMAINNAME = .usw2.wit.com ] && export TIER_ID=18
+        [ $HOSTTYPE = datanode   -a $DOMAINNAME = .usw2.wit.com ] && export TIER_ID=20
+
+
+        if [ -z "$TIER_ID" ]; then
+            echo "Unable to autodetect TIER_ID, looks like we deal with a special node, please set in environment"
+            exit 2
+        fi
+        if [ -z "$DOMAINNAME" ]; then
+            echo "Unable to autodetect DOMAINNAME, looks like we deal with a special case, please set in environment and/or update the code"
+            exit 2
+        fi
+
+        export NODE_ASN="$(printf "%03d" $TIER_ID)$(printf "%03d" $NODE_ID)"
+
+
+
         echo "auto lo:0" >/etc/network/interfaces.d/lo
         echo "iface lo:0 inet static\n    address 10.1.$TIER_ID.$NODE_ID/32" >> /etc/network/interfaces.d/lo
         echo "iface lo:0 inet6 static\n    address 2604:bbc0::$TIER_ID:$NODE_ID/128" >> /etc/network/interfaces.d/lo 
 
-        #sed -i -e "s/VTEPINDEX/$MYID/" -e "s/TIERID/$TIERID/" -e "s/TIERASN/$(printf "%03d" $TIERID)/" -e "s/VTEPASN/$(printf "%03d" $MYID)/" /etc/frr/frr.conf
+
+        sed -i -e "s/VTEPINDEX/$NODE_ID/" -e "s/TIERID/$TIER_ID/" -e "s/NODEASN/$NODE_ASN/" /etc/frr/frr.conf.wit 
+        chown frr.frr /etc/frr/frr.conf.wit /etc/frr/daemons.wit
+
+
+        sed -i -e "s/HOSTNAME\.DOMAINNAME/${HOSTNAME}${DOMAINNAME}/" /etc/ipsec.conf.wit
+        echo ": RSA ${HOSTNAME}${DOMAINNAME}.key" >/etc/ipsec.secrets
+        chmod 600 /etc/ipsec.secrets
 
 
         echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="'$MGMT_MAC'", ATTR{type}=="1", NAME="mgmt1"' >/etc/udev/rules.d/70-persistent-net.rules
@@ -39,7 +80,6 @@ case "$1" in
         sed -i "/$MGMT_MAC.*feth./d" /etc/udev/rules.d/70-persistent-net.rules
 
 
-
         systemctl stop systemd-networkd.socket
         systemctl stop systemd-networkd.service
         systemctl stop systemd-networkd-wait-online

debian/preinst.ex

@@ -16,38 +16,6 @@ set -e
 
 case "$1" in
     install|upgrade)
-      
-        [ -z "$NODE_ID" ] && export NODE_ID=$(ip -4 -br addr | grep 10.0. | awk '{ print $3 }' | awk 'BEGIN{FS="[./]"} { print $4 }')
-
-        MGMT_ID=$(ip -4 -br addr | grep 10.0. | awk '{ print $3 }' | awk 'BEGIN{FS="[./]"} { print $3 }')
-        MGMT_MAC=$(ip -br link show dev $(ip -4 -br addr | grep 10.0. | awk '{ print $1 }') | awk '{ print $3 }')
-
-
-        [ "$MGMT_ID" -ge  0 -a "$MGMT_ID" -lt 16 ] && export DOMAINNAME=usw1.wit.com
-        [ "$MGMT_ID" -ge 16 -a "$MGMT_ID" -lt 32 ] && export DOMAINNAME=usw2.wit.com
-
-
-        [ ${HOSTNAME:0:1} = h ] && export HOSTTYPE=hypervisor
-        [ ${HOSTNAME:0:1} = d ] && export HOSTTYPE=datanode
-
-
-        [ $HOSTTYPE = hypervisor -a $DOMAINNAME = .usw1.wit.com ] && export TIER_ID=2
-        [ $HOSTTYPE = datanode   -a $DOMAINNAME = .usw1.wit.com ] && export TIER_ID=4
-        [ $HOSTTYPE = hypervisor -a $DOMAINNAME = .usw2.wit.com ] && export TIER_ID=18
-        [ $HOSTTYPE = datanode   -a $DOMAINNAME = .usw2.wit.com ] && export TIER_ID=20
-
-
-        if [ -z "$TIER_ID" ]; then
-            echo "Unable to autodetect TIER_ID, looks like we deal with a special node, please set in environment"
-            exit 2
-        fi
-        if [ -z "$DOMAINNAME" ]; then
-            echo "Unable to autodetect DOMAINNAME, looks like we deal with a special case, please set in environment and/or update the code"
-            exit 2
-        fi
-
-        export NODE_ASN="$(printf "%03d" $TIER_ID)$(printf "%03d" $NODE_ID)"
-
     ;;
 
     abort-upgrade)

debian/wit-hypervisor.displace

@@ -0,0 +1,2 @@
+/etc/frr/frr.conf.wit
+/etc/ipsec.conf.wit

debian/wit-hypervisor.links

@@ -0,0 +1,3 @@
+/etc/libvirt/hooks/qemu-ifdown /etc/qemu-ifdown
+/etc/libvirt/hooks/qemu-ifup /etc/qemu-ifup
+/etc/libvirt/hooks/qemu-ifup-public /etc/qemu-ifup-public

debian/wit-hypervisor.transform

@@ -1,4 +1,3 @@
 /etc/systemd/timesyncd.conf.wit sed -e 's/#NTP=.*/NTP=ipv6.ntp.ubuntu.com/g'
 /etc/bash.bashrc.wit sed -e '/.*bashrc-witaddon.*/d' -e '$ s/$/\nsource \/etc\/bashrc-witaddon/'
 /etc/frr/daemons.wit sed -e 's/bgpd=no/bgpd=yes/' -e 's/zebra=no/zebra=yes/'
-/etc/frr/frr.conf.wit <files/frr.conf.wit sed -e "s/VTEPINDEX/$NODE_ID/" -e "s/TIERID/$TIER_ID/" -e "s/NODEASN/$NODE_ASN/"

files/ipsec.conf.wit

@@ -0,0 +1,32 @@
+config setup
+    #charondebug="all"
+    #uniqueids=yes
+    #strictcrlpolicy=yes
+    cachecrls=yes
+
+#ca ca-wit       #define alternative CRL distribution point
+#    cacert=ca-wit.crt
+#    crluri=ca-wit.crl
+#    auto=add
+
+conn %default
+    mobike=no
+    keyingtries=%forever
+    dpdtimeout=10
+    dpddelay=3
+    dpdaction=restart
+    type=transport
+    keyexchange=ikev1
+    ike=aes128-sha1-modp2048!
+    esp=aes128-sha1-modp2048!
+
+
+conn loopbacks
+    auto=route
+    leftsubnet=10.1.2.0/24,10.1.18.0/24,10.1.20.0/24
+    rightsubnet=10.1.2.0/24,10.1.18.0/24,10.1.20.0/24
+    right=%any
+    leftcert=HOSTNAME.DOMAINNAME.crt
+    leftid="C=US, O=Wit, CN=HOSTNAME.DOMAINNAME"
+    rightid="C=US, O=Wit, CN=*"
+