jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
251 Commits 1 Branch 0 Tags 268 KiB
Commit Graph

251 Commits

Author SHA1 Message Date
toby 289b42e100 fixing sysctl tweak path 2019-02-14 17:31:38 -08:00
toby 3003509bf4 trying yet again a different approach to update files correctly upon install 2019-02-14 16:43:13 -08:00
toby a3934b7014 evidently everything is breaking right now, so trying a different approach 2019-02-14 14:43:53 -08:00
toby 1066e48dc7 evidently everything is breaking right now, so trying a different approach 2019-02-14 14:38:06 -08:00
toby 7ef14c0794 adding some comments to the dynamic files 2019-02-14 13:24:08 -08:00
toby db0f639547 switching the debian install around: all 'templates' are modified in the local folder and are than installed when already modified using isc-dhcp-server as an example in hope to imporove upgrade-consistency. 2019-02-14 12:35:33 -08:00
toby 94b3a68407 allow Default fallback route by default on eBGPv6-IN as well 2019-02-14 03:25:27 -08:00
root 30ac6534a3 adding first very very basic old-school vlan support 2019-02-14 08:34:11 +00:00
toby 5363feff09 firewall: adding new approach to stackapi over VPN, ipsec.conf: no changes, just nicer grouping 2019-02-09 19:48:51 -08:00
toby 90e3484f5c firewall: adding TTL hop-check on the BGP firewall rules. this makes it a bit more secure on fairly wide open BGP rules 2019-02-05 20:42:36 -08:00
toby b9d53909b8 starting to use ceph on ipv6 as well .... 2019-02-05 20:23:44 -08:00
toby c99727567d frr.conf: setting timers manually that would be set by the --enable-datacenter flag on frr. this way we don't have to compile our own frr. --enable-cumulus at this point only enables and alias for bgp address-family of evpn vs address-family l2vpn evpn. which we don't use anyway or already do it the right way 2019-02-05 19:16:03 -08:00
toby 48abb08b5a setting loopback source IP on all bgp routes for IPv6 as well - did this on ipv4 but may need patching as I wanted to use only the public IP for public routes on IPv4. may still break if for whatever reason it prefers the mgmtgw/ipmigw IP like it just happened on ipv6 2019-02-04 18:09:28 -08:00
toby d8245c2223 limiting lldp to only mgmt interfaces and avoid VMs to see lldp neigh requests 2019-01-30 11:36:56 -08:00
toby 78d6e4d4ff less output on qemu ifup scripts 2019-01-29 22:31:07 -08:00
toby 2af76bb4e8 qemu-ifup/public scritps, replaced dig loopback lookup with ip, for more stability and better all round support for outside of libvirt 2019-01-29 18:51:02 +00:00
toby 39d7830086 IPsec: ipsec.conf config items typoed. auth vs authby need to make sure it does't break but this shuold be the right way 2019-01-24 14:12:41 -08:00
toby c3df5d6f12 just some comments and to test the new signing machinery ... 2019-01-23 14:50:54 -08:00
toby a1d5439422 firewall: allowing ipmi calles to be routed so that VPN clients and other boxes can make calls to ipmi 2019-01-11 18:09:37 +01:00
toby 0de30974af fixing the copyright in debian to be GPLv3 2019-01-09 23:20:40 +01:00
toby 277cd58eaa completely removing grub left overs 2019-01-08 21:00:46 +01:00
toby afdcd416b7 removing ssh-password less which is now default anyway, and also remove grub config which needs to be broken out since it differes on various platforms like arm and s86 2019-01-08 19:11:29 +01:00
toby 643519147d removing grub-pc from dependencies again, PXE has more issues anyway and we wanna work towards the EFI boot options and it bites grub-efi 2019-01-03 15:48:13 +01:00
toby e88b13e51d adding customer interface bgp firewall fules 2019-01-02 22:29:23 +01:00
toby 7468e4fddf more work on customer link support on edges 2019-01-02 22:05:35 +01:00
toby 2a4150aa41 firewall cleanup and organization 2018-12-21 17:41:04 +01:00
toby 83332a7f74 just formatting 2018-12-20 15:28:27 +01:00
toby 6114dffa19 Merge branch 'prometheus-exporters' of netops/wit-network-config into master 2018-12-20 08:21:00 +00:00
Tim Sogard dfa58f6089 Allow hosts to communicate with prometheus exporters 2018-12-20 02:27:37 -05:00
toby fcfdc8b19c mistakenly commited initial work for customer peering. so fixing the problem now by disabling the parts that would break things 2018-12-20 00:01:59 +01:00
toby 279648eeb3 adding frr-pythontools and grub-pc as dependencies 2018-12-19 23:53:35 +01:00
toby d0d6eacce6 adding strongswan-swanctl to the dependencies, this is nice to have 2018-12-12 00:34:21 +01:00
toby 3032bf9edb tweaking threads a bit more 2018-12-09 22:55:54 +01:00
toby 7fb7552c90 firewall: removing upstream NTP and adding bgp rules for edge ibgp links 2018-12-07 23:27:09 +01:00
toby e3fe47275c we now have full support for various components in the repo, so cleaning it up a bit 2018-12-07 18:51:53 +01:00
toby d81c621bd0 ipsec tweaks for stability ... hopefully.... 2018-12-07 18:08:11 +01:00
toby b5710ce2fd fixing bug if no GRE tunnel is defined 2018-12-06 23:19:52 +01:00
toby 4714fb8981 yeah yeah I know I'm anal 2018-12-06 23:12:57 +01:00
toby b513ca1f38 build trigger 2018-12-06 22:08:51 +01:00
toby 31f41d7b59 build trigger 2018-12-06 21:50:58 +01:00
toby bac1515265 adding experimental to drone build 2018-12-06 19:28:48 +01:00
toby 1c1b6e6383 some work to actually advertise mgmt/ipmi networks from bastion into the bgp domain 2018-12-06 18:57:32 +01:00
toby f8e0d68111 removing handler for NTP since we use DHCP (not sure why I didn't do that from the beginning, sometimes I just blank 2018-12-06 10:23:41 +01:00
toby 0494fb2e21 ipsec: no changes, just unified formating and cleanup of config 2018-12-05 21:26:06 +01:00
toby 51f6a94ccd increasing error checking on ipsec generation 2018-12-03 22:22:54 +01:00
toby 5ec811359a more debugging on the drone build 2018-12-01 19:15:38 +01:00
toby 383375dafe more debugging on the drone build 2018-12-01 19:14:46 +01:00
toby d3c5c5eb47 more debugging on the drone build 2018-12-01 18:59:17 +01:00
toby 1b237d4a52 more debugging on the drone build 2018-12-01 18:56:31 +01:00
toby 9c19bab033 more debugging on the drone build 2018-12-01 18:54:57 +01:00