toby
|
51f6a94ccd
|
increasing error checking on ipsec generation
|
2018-12-03 22:22:54 +01:00 |
toby
|
5ec811359a
|
more debugging on the drone build
|
2018-12-01 19:15:38 +01:00 |
toby
|
383375dafe
|
more debugging on the drone build
|
2018-12-01 19:14:46 +01:00 |
toby
|
d3c5c5eb47
|
more debugging on the drone build
|
2018-12-01 18:59:17 +01:00 |
toby
|
1b237d4a52
|
more debugging on the drone build
|
2018-12-01 18:56:31 +01:00 |
toby
|
9c19bab033
|
more debugging on the drone build
|
2018-12-01 18:54:57 +01:00 |
toby
|
2ca1595db8
|
more debugging on the drone build
|
2018-12-01 18:48:36 +01:00 |
toby
|
022daebf3c
|
trying to fix staging component
|
2018-12-01 18:42:51 +01:00 |
toby
|
adefd694e4
|
enabling debug post-script again and removing hardcoded domain name in post-script for subnets lookups
|
2018-12-01 18:30:10 +01:00 |
toby
|
bfbd9068e4
|
minor adjustments to swanctl config template after making all these upgrades to ipsec.conf. ipsec.conf is still the one active, swanctl not cut over yet
|
2018-12-01 18:29:29 +01:00 |
toby
|
d1e2f90bd6
|
adding support for prod and stage branch to push to various repo components
|
2018-12-01 18:28:41 +01:00 |
toby
|
8e8e18adc0
|
ignoring a fail of timesyncd restart....
|
2018-11-30 19:17:08 +01:00 |
toby
|
91e34ea5e1
|
ipsec: removing old proposal now that we are 100% upgraded, also tweaking some settings making use of ikev2
|
2018-11-30 18:27:18 +01:00 |
toby
|
83e0ccc728
|
adding firewall restart to postinst script. firewall is now restarted on upgrade, may break kickstart, need to test
|
2018-11-28 18:14:08 +01:00 |
toby
|
f022e1e2c0
|
always update NTP server in timesyncd, not just when commented out
|
2018-11-26 19:55:11 +01:00 |
toby
|
fcaa400452
|
removing ceph rgw 8080 for now since it's not in use
|
2018-11-26 19:17:31 +01:00 |
toby
|
188f689bbf
|
testing useing bastion as NTP, moving it to a internal only service
|
2018-11-26 18:49:04 +01:00 |
toby
|
2ff6566d2e
|
firewall house-keeping
|
2018-11-26 18:39:18 +01:00 |
toby
|
0a3575db3c
|
fixing ipv6 prefix announcement for bastion boxes, no change for anything but bastion installs
|
2018-11-20 00:11:40 +01:00 |
toby
|
c65529f6ad
|
adding support for bastions public lo ipv4
|
2018-11-19 18:35:11 +01:00 |
toby
|
e5b6e96c2e
|
adding bastion2 to firewalls for potential failover
|
2018-11-19 00:32:12 +01:00 |
toby
|
b2b902672b
|
raising dpdtimeout to be 5x the delay, it's much more agressive than defaults but at least its the same multiplier than default
|
2018-11-18 23:18:29 +01:00 |
toby
|
b4fb94c60b
|
ah what the hell. I keep the swanctl config around for now even when not used. we do eventually wanna switch
|
2018-11-18 22:59:14 +01:00 |
toby
|
9d11caf8f9
|
changed my mind about closeaction, we should maybe have that, but trying to use hold instead
|
2018-11-18 22:14:26 +01:00 |
toby
|
86d5c80bbb
|
ipsec changes: IKEv2, and more ipsec changes to hopefully inclrease stability
|
2018-11-18 22:06:53 +01:00 |
toby
|
e3fba4ecad
|
prepping to flip back bastion to a loopback ip. setting firewall rule accordingly
|
2018-11-18 02:22:04 +01:00 |
toby
|
9028be6de6
|
fixing live migration iptables rules
|
2018-11-17 02:06:37 +01:00 |
toby
|
a0d2d87355
|
adding ceph rgw rules to firewall
|
2018-11-16 18:26:57 +01:00 |
toby
|
052aeec779
|
we obviously wanna remove our private ASNs on IPv6 as well
|
2018-11-15 21:05:45 +01:00 |
toby
|
26f34e482f
|
adding smarthost to the firewall
|
2018-11-13 20:41:41 +01:00 |
toby
|
346f3516d4
|
more/better bastion support
|
2018-11-13 17:22:42 +01:00 |
toby
|
045736616f
|
fixng small console error so that systemd actually thinks firewall started successfully
|
2018-11-12 21:08:25 +01:00 |
toby
|
cd7566f253
|
god damn control file syntax and pickiness
|
2018-11-07 22:10:26 +01:00 |
toby
|
1316620232
|
god damn control file syntax and pickiness
|
2018-11-07 19:11:06 +01:00 |
toby
|
39e447d633
|
adjustments for frr 6.0
|
2018-11-07 17:16:12 +01:00 |
toby
|
039b56b15d
|
fixing issue showing IPs
|
2018-11-07 17:07:47 +01:00 |
toby
|
b5caf073ba
|
fixing DNS querry for bastion public IP
|
2018-11-06 21:14:44 +01:00 |
toby
|
01d5a92771
|
doh... typo...
|
2018-11-06 19:30:03 +01:00 |
toby
|
f7738182af
|
fixing sed escape bug
|
2018-11-06 18:42:11 +01:00 |
toby
|
d6566cff38
|
enabling debugging
|
2018-11-06 18:30:27 +01:00 |
toby
|
1855169a42
|
adding bastion firewall rules to all firewalls. this is precausion so that we have the blocking rules in any event. the rest of bastion gets deployed through ansible but since if ansible gets forgotton or other things happen this will make sure the most critical things are there
|
2018-11-04 21:13:13 +01:00 |
toby
|
0868dd4df3
|
adding some early work for bastion support
|
2018-11-04 21:02:07 +01:00 |
toby
|
7aabd41def
|
simplifying and adding flexibility to the NOTRACK rules
|
2018-11-04 19:19:09 +00:00 |
toby
|
249e13bac6
|
adding mgmt IPs on the console output
|
2018-11-03 20:27:10 +01:00 |
toby
|
56d95d9bb8
|
build trigger
|
2018-11-03 19:55:06 +01:00 |
toby
|
14610d67a4
|
build trigger
|
2018-11-03 19:49:22 +01:00 |
toby
|
188c679218
|
fixing another bug for ipmi/mgmtgw interfaces
|
2018-11-03 00:02:42 +01:00 |
toby
|
51cef1a3e5
|
fixing minor bug on ipmigw/mgmtgw interface
|
2018-11-02 23:54:39 +01:00 |
toby
|
6c16ceb2c9
|
fixing typo
|
2018-11-01 21:12:23 +01:00 |
toby
|
c25c9f4e03
|
ipsec: swanctl work: binding to only lo and feth interfaces. this should potentially avoid some issues
|
2018-11-01 16:11:59 +01:00 |