Commit Graph

276 Commits

Author SHA1 Message Date
toby 2a4150aa41 firewall cleanup and organization 2018-12-21 17:41:04 +01:00
toby 83332a7f74 just formatting 2018-12-20 15:28:27 +01:00
toby 6114dffa19 Merge branch 'prometheus-exporters' of netops/wit-network-config into master 2018-12-20 08:21:00 +00:00
Tim Sogard dfa58f6089 Allow hosts to communicate with prometheus exporters 2018-12-20 02:27:37 -05:00
toby fcfdc8b19c mistakenly commited initial work for customer peering. so fixing the problem now by disabling the parts that would break things 2018-12-20 00:01:59 +01:00
toby 279648eeb3 adding frr-pythontools and grub-pc as dependencies 2018-12-19 23:53:35 +01:00
toby d0d6eacce6 adding strongswan-swanctl to the dependencies, this is nice to have 2018-12-12 00:34:21 +01:00
toby 3032bf9edb tweaking threads a bit more 2018-12-09 22:55:54 +01:00
toby 7fb7552c90 firewall: removing upstream NTP and adding bgp rules for edge ibgp links 2018-12-07 23:27:09 +01:00
toby e3fe47275c we now have full support for various components in the repo, so cleaning it up a bit 2018-12-07 18:51:53 +01:00
toby d81c621bd0 ipsec tweaks for stability ... hopefully.... 2018-12-07 18:08:11 +01:00
toby b5710ce2fd fixing bug if no GRE tunnel is defined 2018-12-06 23:19:52 +01:00
toby 4714fb8981 yeah yeah I know I'm anal 2018-12-06 23:12:57 +01:00
toby b513ca1f38 build trigger 2018-12-06 22:08:51 +01:00
toby 31f41d7b59 build trigger 2018-12-06 21:50:58 +01:00
toby bac1515265 adding experimental to drone build 2018-12-06 19:28:48 +01:00
toby 1c1b6e6383 some work to actually advertise mgmt/ipmi networks from bastion into the bgp domain 2018-12-06 18:57:32 +01:00
toby f8e0d68111 removing handler for NTP since we use DHCP (not sure why I didn't do that from the beginning, sometimes I just blank 2018-12-06 10:23:41 +01:00
toby 0494fb2e21 ipsec: no changes, just unified formating and cleanup of config 2018-12-05 21:26:06 +01:00
toby 51f6a94ccd increasing error checking on ipsec generation 2018-12-03 22:22:54 +01:00
toby 5ec811359a more debugging on the drone build 2018-12-01 19:15:38 +01:00
toby 383375dafe more debugging on the drone build 2018-12-01 19:14:46 +01:00
toby d3c5c5eb47 more debugging on the drone build 2018-12-01 18:59:17 +01:00
toby 1b237d4a52 more debugging on the drone build 2018-12-01 18:56:31 +01:00
toby 9c19bab033 more debugging on the drone build 2018-12-01 18:54:57 +01:00
toby 2ca1595db8 more debugging on the drone build 2018-12-01 18:48:36 +01:00
toby 022daebf3c trying to fix staging component 2018-12-01 18:42:51 +01:00
toby adefd694e4 enabling debug post-script again and removing hardcoded domain name in post-script for subnets lookups 2018-12-01 18:30:10 +01:00
toby bfbd9068e4 minor adjustments to swanctl config template after making all these upgrades to ipsec.conf. ipsec.conf is still the one active, swanctl not cut over yet 2018-12-01 18:29:29 +01:00
toby d1e2f90bd6 adding support for prod and stage branch to push to various repo components 2018-12-01 18:28:41 +01:00
toby 8e8e18adc0 ignoring a fail of timesyncd restart.... 2018-11-30 19:17:08 +01:00
toby 91e34ea5e1 ipsec: removing old proposal now that we are 100% upgraded, also tweaking some settings making use of ikev2 2018-11-30 18:27:18 +01:00
toby 83e0ccc728 adding firewall restart to postinst script. firewall is now restarted on upgrade, may break kickstart, need to test 2018-11-28 18:14:08 +01:00
toby f022e1e2c0 always update NTP server in timesyncd, not just when commented out 2018-11-26 19:55:11 +01:00
toby fcaa400452 removing ceph rgw 8080 for now since it's not in use 2018-11-26 19:17:31 +01:00
toby 188f689bbf testing useing bastion as NTP, moving it to a internal only service 2018-11-26 18:49:04 +01:00
toby 2ff6566d2e firewall house-keeping 2018-11-26 18:39:18 +01:00
toby 0a3575db3c fixing ipv6 prefix announcement for bastion boxes, no change for anything but bastion installs 2018-11-20 00:11:40 +01:00
toby c65529f6ad adding support for bastions public lo ipv4 2018-11-19 18:35:11 +01:00
toby e5b6e96c2e adding bastion2 to firewalls for potential failover 2018-11-19 00:32:12 +01:00
toby b2b902672b raising dpdtimeout to be 5x the delay, it's much more agressive than defaults but at least its the same multiplier than default 2018-11-18 23:18:29 +01:00
toby b4fb94c60b ah what the hell. I keep the swanctl config around for now even when not used. we do eventually wanna switch 2018-11-18 22:59:14 +01:00
toby 9d11caf8f9 changed my mind about closeaction, we should maybe have that, but trying to use hold instead 2018-11-18 22:14:26 +01:00
toby 86d5c80bbb ipsec changes: IKEv2, and more ipsec changes to hopefully inclrease stability 2018-11-18 22:06:53 +01:00
toby e3fba4ecad prepping to flip back bastion to a loopback ip. setting firewall rule accordingly 2018-11-18 02:22:04 +01:00
toby 9028be6de6 fixing live migration iptables rules 2018-11-17 02:06:37 +01:00
toby a0d2d87355 adding ceph rgw rules to firewall 2018-11-16 18:26:57 +01:00
toby 052aeec779 we obviously wanna remove our private ASNs on IPv6 as well 2018-11-15 21:05:45 +01:00
toby 26f34e482f adding smarthost to the firewall 2018-11-13 20:41:41 +01:00
toby 346f3516d4 more/better bastion support 2018-11-13 17:22:42 +01:00