Commit Graph

207 Commits

Author SHA1 Message Date
toby 51f6a94ccd increasing error checking on ipsec generation 2018-12-03 22:22:54 +01:00
toby 5ec811359a more debugging on the drone build 2018-12-01 19:15:38 +01:00
toby 383375dafe more debugging on the drone build 2018-12-01 19:14:46 +01:00
toby d3c5c5eb47 more debugging on the drone build 2018-12-01 18:59:17 +01:00
toby 1b237d4a52 more debugging on the drone build 2018-12-01 18:56:31 +01:00
toby 9c19bab033 more debugging on the drone build 2018-12-01 18:54:57 +01:00
toby 2ca1595db8 more debugging on the drone build 2018-12-01 18:48:36 +01:00
toby 022daebf3c trying to fix staging component 2018-12-01 18:42:51 +01:00
toby adefd694e4 enabling debug post-script again and removing hardcoded domain name in post-script for subnets lookups 2018-12-01 18:30:10 +01:00
toby bfbd9068e4 minor adjustments to swanctl config template after making all these upgrades to ipsec.conf. ipsec.conf is still the one active, swanctl not cut over yet 2018-12-01 18:29:29 +01:00
toby d1e2f90bd6 adding support for prod and stage branch to push to various repo components 2018-12-01 18:28:41 +01:00
toby 8e8e18adc0 ignoring a fail of timesyncd restart.... 2018-11-30 19:17:08 +01:00
toby 91e34ea5e1 ipsec: removing old proposal now that we are 100% upgraded, also tweaking some settings making use of ikev2 2018-11-30 18:27:18 +01:00
toby 83e0ccc728 adding firewall restart to postinst script. firewall is now restarted on upgrade, may break kickstart, need to test 2018-11-28 18:14:08 +01:00
toby f022e1e2c0 always update NTP server in timesyncd, not just when commented out 2018-11-26 19:55:11 +01:00
toby fcaa400452 removing ceph rgw 8080 for now since it's not in use 2018-11-26 19:17:31 +01:00
toby 188f689bbf testing useing bastion as NTP, moving it to a internal only service 2018-11-26 18:49:04 +01:00
toby 2ff6566d2e firewall house-keeping 2018-11-26 18:39:18 +01:00
toby 0a3575db3c fixing ipv6 prefix announcement for bastion boxes, no change for anything but bastion installs 2018-11-20 00:11:40 +01:00
toby c65529f6ad adding support for bastions public lo ipv4 2018-11-19 18:35:11 +01:00
toby e5b6e96c2e adding bastion2 to firewalls for potential failover 2018-11-19 00:32:12 +01:00
toby b2b902672b raising dpdtimeout to be 5x the delay, it's much more agressive than defaults but at least its the same multiplier than default 2018-11-18 23:18:29 +01:00
toby b4fb94c60b ah what the hell. I keep the swanctl config around for now even when not used. we do eventually wanna switch 2018-11-18 22:59:14 +01:00
toby 9d11caf8f9 changed my mind about closeaction, we should maybe have that, but trying to use hold instead 2018-11-18 22:14:26 +01:00
toby 86d5c80bbb ipsec changes: IKEv2, and more ipsec changes to hopefully inclrease stability 2018-11-18 22:06:53 +01:00
toby e3fba4ecad prepping to flip back bastion to a loopback ip. setting firewall rule accordingly 2018-11-18 02:22:04 +01:00
toby 9028be6de6 fixing live migration iptables rules 2018-11-17 02:06:37 +01:00
toby a0d2d87355 adding ceph rgw rules to firewall 2018-11-16 18:26:57 +01:00
toby 052aeec779 we obviously wanna remove our private ASNs on IPv6 as well 2018-11-15 21:05:45 +01:00
toby 26f34e482f adding smarthost to the firewall 2018-11-13 20:41:41 +01:00
toby 346f3516d4 more/better bastion support 2018-11-13 17:22:42 +01:00
toby 045736616f fixng small console error so that systemd actually thinks firewall started successfully 2018-11-12 21:08:25 +01:00
toby cd7566f253 god damn control file syntax and pickiness 2018-11-07 22:10:26 +01:00
toby 1316620232 god damn control file syntax and pickiness 2018-11-07 19:11:06 +01:00
toby 39e447d633 adjustments for frr 6.0 2018-11-07 17:16:12 +01:00
toby 039b56b15d fixing issue showing IPs 2018-11-07 17:07:47 +01:00
toby b5caf073ba fixing DNS querry for bastion public IP 2018-11-06 21:14:44 +01:00
toby 01d5a92771 doh... typo... 2018-11-06 19:30:03 +01:00
toby f7738182af fixing sed escape bug 2018-11-06 18:42:11 +01:00
toby d6566cff38 enabling debugging 2018-11-06 18:30:27 +01:00
toby 1855169a42 adding bastion firewall rules to all firewalls. this is precausion so that we have the blocking rules in any event. the rest of bastion gets deployed through ansible but since if ansible gets forgotton or other things happen this will make sure the most critical things are there 2018-11-04 21:13:13 +01:00
toby 0868dd4df3 adding some early work for bastion support 2018-11-04 21:02:07 +01:00
toby 7aabd41def simplifying and adding flexibility to the NOTRACK rules 2018-11-04 19:19:09 +00:00
toby 249e13bac6 adding mgmt IPs on the console output 2018-11-03 20:27:10 +01:00
toby 56d95d9bb8 build trigger 2018-11-03 19:55:06 +01:00
toby 14610d67a4 build trigger 2018-11-03 19:49:22 +01:00
toby 188c679218 fixing another bug for ipmi/mgmtgw interfaces 2018-11-03 00:02:42 +01:00
toby 51cef1a3e5 fixing minor bug on ipmigw/mgmtgw interface 2018-11-02 23:54:39 +01:00
toby 6c16ceb2c9 fixing typo 2018-11-01 21:12:23 +01:00
toby c25c9f4e03 ipsec: swanctl work: binding to only lo and feth interfaces. this should potentially avoid some issues 2018-11-01 16:11:59 +01:00