jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
314 Commits 1 Branch 0 Tags 268 KiB
Commit Graph

95 Commits

Author SHA1 Message Date
toby e907220280 apperently interfaces can't have comments 2019-04-27 05:21:56 +00:00
toby 0493a328ff re-addign ipv4 dhcp for mgmt1, still need it for the hostname for, but prob gonna hardcode the dns/sntp/hostname at this point soon 2019-04-23 06:42:40 +00:00
toby ff5df9e336 swtiching to statleless dhcp6 and trying to disable ipv4 now that mirrors is ipv6 it should work in theory. we'll have to fix SNTP dhcp client script probably though 2019-04-19 19:12:12 +00:00
toby f293436c67 just like I assumed, SAN header not needed for ipsec and moved the CA handler to mirrors 2019-04-18 05:33:21 +00:00
toby 4f0c28d56b starting to migrate to a more meaningfull DN for ipsec 2019-04-17 02:42:36 +00:00
toby 60b16ebddc forcing the curl to be over IPv6, allows us to close the firewall for ipv4 2019-04-16 21:48:29 +00:00
toby 182de8533f removing ipsec reload upon cert *creation*, no point in doing it, we don't have the signed cert yet. we just risk breaking a working setup while being sure we won't get it working right away. the cron job, pulling the actual signed cert will be doing this part 2019-04-16 21:21:29 +00:00
toby fa496d25c5 making sure the new cert is tried to be pulled over the mgmt vrf since it doesn't have connectivity on the frontend without a cert 2019-04-09 23:26:37 +00:00
toby c53f3e2219 making sysctl tweaks more versatile and just reload sysctl settings 2019-04-09 21:00:11 +00:00
toby d3ecbaf20b fixing ipsec cert generation section in postscript 2019-03-29 19:57:08 +00:00
toby ebc7c6a5ff screw it, allowing undefined vars for now, will fix that eventually 2019-03-29 18:46:22 +00:00
toby 3a08cb5182 trying to be more specific on the variables and fail if var has not been defined, also fixing some drone stuff 2019-03-29 18:33:34 +00:00
toby ec5869cba8 adding ipsec node cerd self generation and sign req to bastion 2019-03-29 17:57:21 +00:00
toby 73ae7b9680 accepting up to /56 on ipv6 and bugfixing for wit-gc 2019-03-11 18:59:24 +00:00
toby 51d76bc101 more testing... 2019-03-08 23:37:53 -08:00
toby cfeef0de5b ... seriously,... running out of ideas ... 2019-03-08 23:19:39 -08:00
toby 396b2899ae ... seriously,... running out of ideas ... 2019-03-08 22:53:21 -08:00
toby 2b1c7b34a6 trying a whole new approach, seems like it worked on my wit-vm-router-config package, lets see what it does here ... 2019-03-08 22:14:00 -08:00
toby 22b4da07a3 removing jumbo frames from uplinks. it aint happening.... 2019-02-23 06:22:12 +00:00
toby a497c70abe adding mgmt dhcp6 - so we get ntp and dns over ipv6 - and timesyncd dhcp6 exit script 2019-02-23 04:09:55 +00:00
toby 13be20d519 writing out ipsec.secrets through postinst again since apparmor blocks any type of hide/displace action 2019-02-14 22:15:36 -08:00
toby 289b42e100 fixing sysctl tweak path 2019-02-14 17:31:38 -08:00
toby 3003509bf4 trying yet again a different approach to update files correctly upon install 2019-02-14 16:43:13 -08:00
toby 1066e48dc7 evidently everything is breaking right now, so trying a different approach 2019-02-14 14:38:06 -08:00
toby db0f639547 switching the debian install around: all 'templates' are modified in the local folder and are than installed when already modified using isc-dhcp-server as an example in hope to imporove upgrade-consistency. 2019-02-14 12:35:33 -08:00
toby 48abb08b5a setting loopback source IP on all bgp routes for IPv6 as well - did this on ipv4 but may need patching as I wanted to use only the public IP for public routes on IPv4. may still break if for whatever reason it prefers the mgmtgw/ipmigw IP like it just happened on ipv6 2019-02-04 18:09:28 -08:00
toby 277cd58eaa completely removing grub left overs 2019-01-08 21:00:46 +01:00
toby afdcd416b7 removing ssh-password less which is now default anyway, and also remove grub config which needs to be broken out since it differes on various platforms like arm and s86 2019-01-08 19:11:29 +01:00
toby 7468e4fddf more work on customer link support on edges 2019-01-02 22:05:35 +01:00
toby b5710ce2fd fixing bug if no GRE tunnel is defined 2018-12-06 23:19:52 +01:00
toby 4714fb8981 yeah yeah I know I'm anal 2018-12-06 23:12:57 +01:00
toby 1c1b6e6383 some work to actually advertise mgmt/ipmi networks from bastion into the bgp domain 2018-12-06 18:57:32 +01:00
toby 51f6a94ccd increasing error checking on ipsec generation 2018-12-03 22:22:54 +01:00
toby adefd694e4 enabling debug post-script again and removing hardcoded domain name in post-script for subnets lookups 2018-12-01 18:30:10 +01:00
toby 8e8e18adc0 ignoring a fail of timesyncd restart.... 2018-11-30 19:17:08 +01:00
toby 91e34ea5e1 ipsec: removing old proposal now that we are 100% upgraded, also tweaking some settings making use of ikev2 2018-11-30 18:27:18 +01:00
toby 83e0ccc728 adding firewall restart to postinst script. firewall is now restarted on upgrade, may break kickstart, need to test 2018-11-28 18:14:08 +01:00
toby 2ff6566d2e firewall house-keeping 2018-11-26 18:39:18 +01:00
toby 0a3575db3c fixing ipv6 prefix announcement for bastion boxes, no change for anything but bastion installs 2018-11-20 00:11:40 +01:00
toby c65529f6ad adding support for bastions public lo ipv4 2018-11-19 18:35:11 +01:00
toby b4fb94c60b ah what the hell. I keep the swanctl config around for now even when not used. we do eventually wanna switch 2018-11-18 22:59:14 +01:00
toby 346f3516d4 more/better bastion support 2018-11-13 17:22:42 +01:00
toby b5caf073ba fixing DNS querry for bastion public IP 2018-11-06 21:14:44 +01:00
toby 01d5a92771 doh... typo... 2018-11-06 19:30:03 +01:00
toby f7738182af fixing sed escape bug 2018-11-06 18:42:11 +01:00
toby d6566cff38 enabling debugging 2018-11-06 18:30:27 +01:00
toby 0868dd4df3 adding some early work for bastion support 2018-11-04 21:02:07 +01:00
toby 188c679218 fixing another bug for ipmi/mgmtgw interfaces 2018-11-03 00:02:42 +01:00
toby 51cef1a3e5 fixing minor bug on ipmigw/mgmtgw interface 2018-11-02 23:54:39 +01:00
toby 6c16ceb2c9 fixing typo 2018-11-01 21:12:23 +01:00