toby
|
2a4150aa41
|
firewall cleanup and organization
|
2018-12-21 17:41:04 +01:00 |
toby
|
83332a7f74
|
just formatting
|
2018-12-20 15:28:27 +01:00 |
toby
|
6114dffa19
|
Merge branch 'prometheus-exporters' of netops/wit-network-config into master
|
2018-12-20 08:21:00 +00:00 |
Tim Sogard
|
dfa58f6089
|
Allow hosts to communicate with prometheus exporters
|
2018-12-20 02:27:37 -05:00 |
toby
|
fcfdc8b19c
|
mistakenly commited initial work for customer peering. so fixing the problem now by disabling the parts that would break things
|
2018-12-20 00:01:59 +01:00 |
toby
|
279648eeb3
|
adding frr-pythontools and grub-pc as dependencies
|
2018-12-19 23:53:35 +01:00 |
toby
|
d0d6eacce6
|
adding strongswan-swanctl to the dependencies, this is nice to have
|
2018-12-12 00:34:21 +01:00 |
toby
|
3032bf9edb
|
tweaking threads a bit more
|
2018-12-09 22:55:54 +01:00 |
toby
|
7fb7552c90
|
firewall: removing upstream NTP and adding bgp rules for edge ibgp links
|
2018-12-07 23:27:09 +01:00 |
toby
|
e3fe47275c
|
we now have full support for various components in the repo, so cleaning it up a bit
|
2018-12-07 18:51:53 +01:00 |
toby
|
d81c621bd0
|
ipsec tweaks for stability ... hopefully....
|
2018-12-07 18:08:11 +01:00 |
toby
|
b5710ce2fd
|
fixing bug if no GRE tunnel is defined
|
2018-12-06 23:19:52 +01:00 |
toby
|
4714fb8981
|
yeah yeah I know I'm anal
|
2018-12-06 23:12:57 +01:00 |
toby
|
b513ca1f38
|
build trigger
|
2018-12-06 22:08:51 +01:00 |
toby
|
31f41d7b59
|
build trigger
|
2018-12-06 21:50:58 +01:00 |
toby
|
bac1515265
|
adding experimental to drone build
|
2018-12-06 19:28:48 +01:00 |
toby
|
1c1b6e6383
|
some work to actually advertise mgmt/ipmi networks from bastion into the bgp domain
|
2018-12-06 18:57:32 +01:00 |
toby
|
f8e0d68111
|
removing handler for NTP since we use DHCP (not sure why I didn't do that from the beginning, sometimes I just blank
|
2018-12-06 10:23:41 +01:00 |
toby
|
0494fb2e21
|
ipsec: no changes, just unified formating and cleanup of config
|
2018-12-05 21:26:06 +01:00 |
toby
|
51f6a94ccd
|
increasing error checking on ipsec generation
|
2018-12-03 22:22:54 +01:00 |
toby
|
5ec811359a
|
more debugging on the drone build
|
2018-12-01 19:15:38 +01:00 |
toby
|
383375dafe
|
more debugging on the drone build
|
2018-12-01 19:14:46 +01:00 |
toby
|
d3c5c5eb47
|
more debugging on the drone build
|
2018-12-01 18:59:17 +01:00 |
toby
|
1b237d4a52
|
more debugging on the drone build
|
2018-12-01 18:56:31 +01:00 |
toby
|
9c19bab033
|
more debugging on the drone build
|
2018-12-01 18:54:57 +01:00 |
toby
|
2ca1595db8
|
more debugging on the drone build
|
2018-12-01 18:48:36 +01:00 |
toby
|
022daebf3c
|
trying to fix staging component
|
2018-12-01 18:42:51 +01:00 |
toby
|
adefd694e4
|
enabling debug post-script again and removing hardcoded domain name in post-script for subnets lookups
|
2018-12-01 18:30:10 +01:00 |
toby
|
bfbd9068e4
|
minor adjustments to swanctl config template after making all these upgrades to ipsec.conf. ipsec.conf is still the one active, swanctl not cut over yet
|
2018-12-01 18:29:29 +01:00 |
toby
|
d1e2f90bd6
|
adding support for prod and stage branch to push to various repo components
|
2018-12-01 18:28:41 +01:00 |
toby
|
8e8e18adc0
|
ignoring a fail of timesyncd restart....
|
2018-11-30 19:17:08 +01:00 |
toby
|
91e34ea5e1
|
ipsec: removing old proposal now that we are 100% upgraded, also tweaking some settings making use of ikev2
|
2018-11-30 18:27:18 +01:00 |
toby
|
83e0ccc728
|
adding firewall restart to postinst script. firewall is now restarted on upgrade, may break kickstart, need to test
|
2018-11-28 18:14:08 +01:00 |
toby
|
f022e1e2c0
|
always update NTP server in timesyncd, not just when commented out
|
2018-11-26 19:55:11 +01:00 |
toby
|
fcaa400452
|
removing ceph rgw 8080 for now since it's not in use
|
2018-11-26 19:17:31 +01:00 |
toby
|
188f689bbf
|
testing useing bastion as NTP, moving it to a internal only service
|
2018-11-26 18:49:04 +01:00 |
toby
|
2ff6566d2e
|
firewall house-keeping
|
2018-11-26 18:39:18 +01:00 |
toby
|
0a3575db3c
|
fixing ipv6 prefix announcement for bastion boxes, no change for anything but bastion installs
|
2018-11-20 00:11:40 +01:00 |
toby
|
c65529f6ad
|
adding support for bastions public lo ipv4
|
2018-11-19 18:35:11 +01:00 |
toby
|
e5b6e96c2e
|
adding bastion2 to firewalls for potential failover
|
2018-11-19 00:32:12 +01:00 |
toby
|
b2b902672b
|
raising dpdtimeout to be 5x the delay, it's much more agressive than defaults but at least its the same multiplier than default
|
2018-11-18 23:18:29 +01:00 |
toby
|
b4fb94c60b
|
ah what the hell. I keep the swanctl config around for now even when not used. we do eventually wanna switch
|
2018-11-18 22:59:14 +01:00 |
toby
|
9d11caf8f9
|
changed my mind about closeaction, we should maybe have that, but trying to use hold instead
|
2018-11-18 22:14:26 +01:00 |
toby
|
86d5c80bbb
|
ipsec changes: IKEv2, and more ipsec changes to hopefully inclrease stability
|
2018-11-18 22:06:53 +01:00 |
toby
|
e3fba4ecad
|
prepping to flip back bastion to a loopback ip. setting firewall rule accordingly
|
2018-11-18 02:22:04 +01:00 |
toby
|
9028be6de6
|
fixing live migration iptables rules
|
2018-11-17 02:06:37 +01:00 |
toby
|
a0d2d87355
|
adding ceph rgw rules to firewall
|
2018-11-16 18:26:57 +01:00 |
toby
|
052aeec779
|
we obviously wanna remove our private ASNs on IPv6 as well
|
2018-11-15 21:05:45 +01:00 |
toby
|
26f34e482f
|
adding smarthost to the firewall
|
2018-11-13 20:41:41 +01:00 |
toby
|
346f3516d4
|
more/better bastion support
|
2018-11-13 17:22:42 +01:00 |