Commit Graph

146 Commits

Author SHA1 Message Date
toby d3a64d956c fix updating resolv.conf for IPv6 stateless DHCP6 2019-04-19 20:34:35 +00:00
toby ff5df9e336 swtiching to statleless dhcp6 and trying to disable ipv4 now that mirrors is ipv6 it should work in theory. we'll have to fix SNTP dhcp client script probably though 2019-04-19 19:12:12 +00:00
toby f293436c67 just like I assumed, SAN header not needed for ipsec and moved the CA handler to mirrors 2019-04-18 05:33:21 +00:00
toby 4f0c28d56b starting to migrate to a more meaningfull DN for ipsec 2019-04-17 02:42:36 +00:00
toby 60b16ebddc forcing the curl to be over IPv6, allows us to close the firewall for ipv4 2019-04-16 21:48:29 +00:00
toby 182de8533f removing ipsec reload upon cert *creation*, no point in doing it, we don't have the signed cert yet. we just risk breaking a working setup while being sure we won't get it working right away. the cron job, pulling the actual signed cert will be doing this part 2019-04-16 21:21:29 +00:00
toby d3f593888e remove some dependencies, that aren't really needed. we should move them to optional package 2019-04-12 04:34:50 +00:00
toby 0bed52d345 conffiles name is not variable after all :) 2019-04-10 22:02:22 +00:00
toby 8f76828d0b not sure if this is needed - actually I know its not - but it seems like a good idea as it may be needed for compat level 12+?... who knows 2019-04-10 04:30:09 +00:00
toby fa496d25c5 making sure the new cert is tried to be pulled over the mgmt vrf since it doesn't have connectivity on the frontend without a cert 2019-04-09 23:26:37 +00:00
toby c53f3e2219 making sysctl tweaks more versatile and just reload sysctl settings 2019-04-09 21:00:11 +00:00
toby d3ecbaf20b fixing ipsec cert generation section in postscript 2019-03-29 19:57:08 +00:00
toby ebc7c6a5ff screw it, allowing undefined vars for now, will fix that eventually 2019-03-29 18:46:22 +00:00
toby 3a08cb5182 trying to be more specific on the variables and fail if var has not been defined, also fixing some drone stuff 2019-03-29 18:33:34 +00:00
toby ec5869cba8 adding ipsec node cerd self generation and sign req to bastion 2019-03-29 17:57:21 +00:00
toby 73ae7b9680 accepting up to /56 on ipv6 and bugfixing for wit-gc 2019-03-11 18:59:24 +00:00
toby 51d76bc101 more testing... 2019-03-08 23:37:53 -08:00
toby 268dd01421 another attempt at the rules file 2019-03-08 23:21:18 -08:00
toby cfeef0de5b ... seriously,... running out of ideas ... 2019-03-08 23:19:39 -08:00
toby 396b2899ae ... seriously,... running out of ideas ... 2019-03-08 22:53:21 -08:00
toby b63d21ba83 ... seriously,... running out of ideas ... 2019-03-08 22:42:11 -08:00
toby 2b1c7b34a6 trying a whole new approach, seems like it worked on my wit-vm-router-config package, lets see what it does here ... 2019-03-08 22:14:00 -08:00
toby 22b4da07a3 removing jumbo frames from uplinks. it aint happening.... 2019-02-23 06:22:12 +00:00
toby a497c70abe adding mgmt dhcp6 - so we get ntp and dns over ipv6 - and timesyncd dhcp6 exit script 2019-02-23 04:09:55 +00:00
toby 13be20d519 writing out ipsec.secrets through postinst again since apparmor blocks any type of hide/displace action 2019-02-14 22:15:36 -08:00
toby 289b42e100 fixing sysctl tweak path 2019-02-14 17:31:38 -08:00
toby 3003509bf4 trying yet again a different approach to update files correctly upon install 2019-02-14 16:43:13 -08:00
toby a3934b7014 evidently everything is breaking right now, so trying a different approach 2019-02-14 14:43:53 -08:00
toby 1066e48dc7 evidently everything is breaking right now, so trying a different approach 2019-02-14 14:38:06 -08:00
toby db0f639547 switching the debian install around: all 'templates' are modified in the local folder and are than installed when already modified using isc-dhcp-server as an example in hope to imporove upgrade-consistency. 2019-02-14 12:35:33 -08:00
toby 48abb08b5a setting loopback source IP on all bgp routes for IPv6 as well - did this on ipv4 but may need patching as I wanted to use only the public IP for public routes on IPv4. may still break if for whatever reason it prefers the mgmtgw/ipmigw IP like it just happened on ipv6 2019-02-04 18:09:28 -08:00
toby d8245c2223 limiting lldp to only mgmt interfaces and avoid VMs to see lldp neigh requests 2019-01-30 11:36:56 -08:00
toby 0de30974af fixing the copyright in debian to be GPLv3 2019-01-09 23:20:40 +01:00
toby 277cd58eaa completely removing grub left overs 2019-01-08 21:00:46 +01:00
toby afdcd416b7 removing ssh-password less which is now default anyway, and also remove grub config which needs to be broken out since it differes on various platforms like arm and s86 2019-01-08 19:11:29 +01:00
toby 643519147d removing grub-pc from dependencies again, PXE has more issues anyway and we wanna work towards the EFI boot options and it bites grub-efi 2019-01-03 15:48:13 +01:00
toby 7468e4fddf more work on customer link support on edges 2019-01-02 22:05:35 +01:00
toby 279648eeb3 adding frr-pythontools and grub-pc as dependencies 2018-12-19 23:53:35 +01:00
toby d0d6eacce6 adding strongswan-swanctl to the dependencies, this is nice to have 2018-12-12 00:34:21 +01:00
toby b5710ce2fd fixing bug if no GRE tunnel is defined 2018-12-06 23:19:52 +01:00
toby 4714fb8981 yeah yeah I know I'm anal 2018-12-06 23:12:57 +01:00
toby 1c1b6e6383 some work to actually advertise mgmt/ipmi networks from bastion into the bgp domain 2018-12-06 18:57:32 +01:00
toby f8e0d68111 removing handler for NTP since we use DHCP (not sure why I didn't do that from the beginning, sometimes I just blank 2018-12-06 10:23:41 +01:00
toby 51f6a94ccd increasing error checking on ipsec generation 2018-12-03 22:22:54 +01:00
toby adefd694e4 enabling debug post-script again and removing hardcoded domain name in post-script for subnets lookups 2018-12-01 18:30:10 +01:00
toby 8e8e18adc0 ignoring a fail of timesyncd restart.... 2018-11-30 19:17:08 +01:00
toby 91e34ea5e1 ipsec: removing old proposal now that we are 100% upgraded, also tweaking some settings making use of ikev2 2018-11-30 18:27:18 +01:00
toby 83e0ccc728 adding firewall restart to postinst script. firewall is now restarted on upgrade, may break kickstart, need to test 2018-11-28 18:14:08 +01:00
toby f022e1e2c0 always update NTP server in timesyncd, not just when commented out 2018-11-26 19:55:11 +01:00
toby 188f689bbf testing useing bastion as NTP, moving it to a internal only service 2018-11-26 18:49:04 +01:00