toby
|
d3a64d956c
|
fix updating resolv.conf for IPv6 stateless DHCP6
|
2019-04-19 20:34:35 +00:00 |
toby
|
ff5df9e336
|
swtiching to statleless dhcp6 and trying to disable ipv4 now that mirrors is ipv6 it should work in theory. we'll have to fix SNTP dhcp client script probably though
|
2019-04-19 19:12:12 +00:00 |
toby
|
f293436c67
|
just like I assumed, SAN header not needed for ipsec and moved the CA handler to mirrors
|
2019-04-18 05:33:21 +00:00 |
toby
|
4f0c28d56b
|
starting to migrate to a more meaningfull DN for ipsec
|
2019-04-17 02:42:36 +00:00 |
toby
|
60b16ebddc
|
forcing the curl to be over IPv6, allows us to close the firewall for ipv4
|
2019-04-16 21:48:29 +00:00 |
toby
|
182de8533f
|
removing ipsec reload upon cert *creation*, no point in doing it, we don't have the signed cert yet. we just risk breaking a working setup while being sure we won't get it working right away. the cron job, pulling the actual signed cert will be doing this part
|
2019-04-16 21:21:29 +00:00 |
toby
|
d3f593888e
|
remove some dependencies, that aren't really needed. we should move them to optional package
|
2019-04-12 04:34:50 +00:00 |
toby
|
0bed52d345
|
conffiles name is not variable after all :)
|
2019-04-10 22:02:22 +00:00 |
toby
|
8f76828d0b
|
not sure if this is needed - actually I know its not - but it seems like a good idea as it may be needed for compat level 12+?... who knows
|
2019-04-10 04:30:09 +00:00 |
toby
|
fa496d25c5
|
making sure the new cert is tried to be pulled over the mgmt vrf since it doesn't have connectivity on the frontend without a cert
|
2019-04-09 23:26:37 +00:00 |
toby
|
c53f3e2219
|
making sysctl tweaks more versatile and just reload sysctl settings
|
2019-04-09 21:00:11 +00:00 |
toby
|
d3ecbaf20b
|
fixing ipsec cert generation section in postscript
|
2019-03-29 19:57:08 +00:00 |
toby
|
ebc7c6a5ff
|
screw it, allowing undefined vars for now, will fix that eventually
|
2019-03-29 18:46:22 +00:00 |
toby
|
3a08cb5182
|
trying to be more specific on the variables and fail if var has not been defined, also fixing some drone stuff
|
2019-03-29 18:33:34 +00:00 |
toby
|
ec5869cba8
|
adding ipsec node cerd self generation and sign req to bastion
|
2019-03-29 17:57:21 +00:00 |
toby
|
73ae7b9680
|
accepting up to /56 on ipv6 and bugfixing for wit-gc
|
2019-03-11 18:59:24 +00:00 |
toby
|
51d76bc101
|
more testing...
|
2019-03-08 23:37:53 -08:00 |
toby
|
268dd01421
|
another attempt at the rules file
|
2019-03-08 23:21:18 -08:00 |
toby
|
cfeef0de5b
|
... seriously,... running out of ideas ...
|
2019-03-08 23:19:39 -08:00 |
toby
|
396b2899ae
|
... seriously,... running out of ideas ...
|
2019-03-08 22:53:21 -08:00 |
toby
|
b63d21ba83
|
... seriously,... running out of ideas ...
|
2019-03-08 22:42:11 -08:00 |
toby
|
2b1c7b34a6
|
trying a whole new approach, seems like it worked on my wit-vm-router-config package, lets see what it does here ...
|
2019-03-08 22:14:00 -08:00 |
toby
|
22b4da07a3
|
removing jumbo frames from uplinks. it aint happening....
|
2019-02-23 06:22:12 +00:00 |
toby
|
a497c70abe
|
adding mgmt dhcp6 - so we get ntp and dns over ipv6 - and timesyncd dhcp6 exit script
|
2019-02-23 04:09:55 +00:00 |
toby
|
13be20d519
|
writing out ipsec.secrets through postinst again since apparmor blocks any type of hide/displace action
|
2019-02-14 22:15:36 -08:00 |
toby
|
289b42e100
|
fixing sysctl tweak path
|
2019-02-14 17:31:38 -08:00 |
toby
|
3003509bf4
|
trying yet again a different approach to update files correctly upon install
|
2019-02-14 16:43:13 -08:00 |
toby
|
a3934b7014
|
evidently everything is breaking right now, so trying a different approach
|
2019-02-14 14:43:53 -08:00 |
toby
|
1066e48dc7
|
evidently everything is breaking right now, so trying a different approach
|
2019-02-14 14:38:06 -08:00 |
toby
|
db0f639547
|
switching the debian install around: all 'templates' are modified in the local folder and are than installed when already modified using isc-dhcp-server as an example in hope to imporove upgrade-consistency.
|
2019-02-14 12:35:33 -08:00 |
toby
|
48abb08b5a
|
setting loopback source IP on all bgp routes for IPv6 as well - did this on ipv4 but may need patching as I wanted to use only the public IP for public routes on IPv4. may still break if for whatever reason it prefers the mgmtgw/ipmigw IP like it just happened on ipv6
|
2019-02-04 18:09:28 -08:00 |
toby
|
d8245c2223
|
limiting lldp to only mgmt interfaces and avoid VMs to see lldp neigh requests
|
2019-01-30 11:36:56 -08:00 |
toby
|
0de30974af
|
fixing the copyright in debian to be GPLv3
|
2019-01-09 23:20:40 +01:00 |
toby
|
277cd58eaa
|
completely removing grub left overs
|
2019-01-08 21:00:46 +01:00 |
toby
|
afdcd416b7
|
removing ssh-password less which is now default anyway, and also remove grub config which needs to be broken out since it differes on various platforms like arm and s86
|
2019-01-08 19:11:29 +01:00 |
toby
|
643519147d
|
removing grub-pc from dependencies again, PXE has more issues anyway and we wanna work towards the EFI boot options and it bites grub-efi
|
2019-01-03 15:48:13 +01:00 |
toby
|
7468e4fddf
|
more work on customer link support on edges
|
2019-01-02 22:05:35 +01:00 |
toby
|
279648eeb3
|
adding frr-pythontools and grub-pc as dependencies
|
2018-12-19 23:53:35 +01:00 |
toby
|
d0d6eacce6
|
adding strongswan-swanctl to the dependencies, this is nice to have
|
2018-12-12 00:34:21 +01:00 |
toby
|
b5710ce2fd
|
fixing bug if no GRE tunnel is defined
|
2018-12-06 23:19:52 +01:00 |
toby
|
4714fb8981
|
yeah yeah I know I'm anal
|
2018-12-06 23:12:57 +01:00 |
toby
|
1c1b6e6383
|
some work to actually advertise mgmt/ipmi networks from bastion into the bgp domain
|
2018-12-06 18:57:32 +01:00 |
toby
|
f8e0d68111
|
removing handler for NTP since we use DHCP (not sure why I didn't do that from the beginning, sometimes I just blank
|
2018-12-06 10:23:41 +01:00 |
toby
|
51f6a94ccd
|
increasing error checking on ipsec generation
|
2018-12-03 22:22:54 +01:00 |
toby
|
adefd694e4
|
enabling debug post-script again and removing hardcoded domain name in post-script for subnets lookups
|
2018-12-01 18:30:10 +01:00 |
toby
|
8e8e18adc0
|
ignoring a fail of timesyncd restart....
|
2018-11-30 19:17:08 +01:00 |
toby
|
91e34ea5e1
|
ipsec: removing old proposal now that we are 100% upgraded, also tweaking some settings making use of ikev2
|
2018-11-30 18:27:18 +01:00 |
toby
|
83e0ccc728
|
adding firewall restart to postinst script. firewall is now restarted on upgrade, may break kickstart, need to test
|
2018-11-28 18:14:08 +01:00 |
toby
|
f022e1e2c0
|
always update NTP server in timesyncd, not just when commented out
|
2018-11-26 19:55:11 +01:00 |
toby
|
188f689bbf
|
testing useing bastion as NTP, moving it to a internal only service
|
2018-11-26 18:49:04 +01:00 |