jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
297 Commits 1 Branch 0 Tags 268 KiB
Commit Graph

297 Commits

Author SHA1 Message Date
toby fa496d25c5 making sure the new cert is tried to be pulled over the mgmt vrf since it doesn't have connectivity on the frontend without a cert 2019-04-09 23:26:37 +00:00
toby a000b9e2de firewall: moving the http rule to ipv6 - doh - and killing the etcd/stackapi rules again since we decided to go without them 2019-04-09 22:47:57 +00:00
toby 47b2e0b3e6 adding firewall http over VPN rule for bastion cert exchange and possibly more in the future 2019-04-09 21:27:28 +00:00
toby c53f3e2219 making sysctl tweaks more versatile and just reload sysctl settings 2019-04-09 21:00:11 +00:00
toby 1c38fef482 updateting qemu-ifup to support the VNI passed in the ifname 2019-04-09 20:38:44 +00:00
toby 7d5a761793 Merge branch 'master' of https://git.wit.com/netops/wit-network-config 2019-04-05 18:09:30 +00:00
toby 68f8088b55 drone and gitignore 2019-04-05 18:09:20 +00:00
toby 7a00635a57 adding curl supprt to the qemu-ifup script again 2019-04-05 17:58:55 +00:00
toby b8e6a8a418 doh, ipv6 we want not ipv4 ;) 2019-04-05 00:17:39 +00:00
toby 30eecc7f51 allowing stackapi traffic over the VPN 2019-04-04 23:35:07 +00:00
toby 50688b3188 adding changelog to gitignore since it's generated out of the git history 2019-04-01 18:57:16 +00:00
toby d2a7099392 pulling out all the bastion related rules and moving them to tha bastion ansible... this may break shit... 2019-03-29 22:40:03 +00:00
toby a2201fd74b adding debheler log to gitignore 2019-03-29 19:58:35 +00:00
toby d3ecbaf20b fixing ipsec cert generation section in postscript 2019-03-29 19:57:08 +00:00
toby ebc7c6a5ff screw it, allowing undefined vars for now, will fix that eventually 2019-03-29 18:46:22 +00:00
toby 3a08cb5182 trying to be more specific on the variables and fail if var has not been defined, also fixing some drone stuff 2019-03-29 18:33:34 +00:00
toby 3e5b0e21a6 drone fixes 2019-03-29 18:10:33 +00:00
toby 22008293c5 updating .drone file for mirrors 2019-03-29 18:07:01 +00:00
toby ec5869cba8 adding ipsec node cerd self generation and sign req to bastion 2019-03-29 17:57:21 +00:00
toby 2b6992eec1 qemu-ifup: use variable for consistency 2019-03-22 19:55:03 +00:00
toby ff8f9fa025 default frr logging verbosity to debug. so when debug is enabled it's actually logged as well 2019-03-18 22:58:00 +00:00
toby 9fa840a956 fixing typo in firewall rules 2019-03-13 01:32:01 +00:00
toby 73b2389f08 adding iptables comments to all rules 2019-03-13 00:14:17 +00:00
toby 0c2e02c1b8 removing old prometheus rules that were once hosted in aws 2019-03-11 21:51:06 +00:00
toby c760ae7c2c firewall: updating mirrors.wit.com to allow the new location in usw1 over ipv6 2019-03-11 21:48:58 +00:00
toby eeb6cedbf6 bugfix wit-gc: changing the way to quickly add the blackhole route. this way it does not get advertised over BGP (it's considered invalid) and so it doesn't create any hickups if the same route would already be used somewhere else 2019-03-11 19:30:52 +00:00
toby 73ae7b9680 accepting up to /56 on ipv6 and bugfixing for wit-gc 2019-03-11 18:59:24 +00:00
toby 2e9317222e minor bugfix on wit-gc... more to come on stale routes 2019-03-11 07:19:09 +00:00
toby 5be0d4b8fc updated qemu scripts and wit-gc to support new ipv4 forwarding 2019-03-11 02:16:33 +00:00
toby bc47af367a we definitely wanna support more than /64 on ipv6, upping it to /60 for now, but prob wanna do more eventually 2019-03-09 13:13:36 -08:00
toby f44ff9304e disabling arp on the vm interface all together. we have the static entries from the unnumbered system, reduces the attack surface and DOS potentially on the hypervisor 2019-03-09 12:05:45 -08:00
toby 51d76bc101 more testing... 2019-03-08 23:37:53 -08:00
toby 268dd01421 another attempt at the rules file 2019-03-08 23:21:18 -08:00
toby cfeef0de5b ... seriously,... running out of ideas ... 2019-03-08 23:19:39 -08:00
toby 396b2899ae ... seriously,... running out of ideas ... 2019-03-08 22:53:21 -08:00
toby b63d21ba83 ... seriously,... running out of ideas ... 2019-03-08 22:42:11 -08:00
toby 2b1c7b34a6 trying a whole new approach, seems like it worked on my wit-vm-router-config package, lets see what it does here ... 2019-03-08 22:14:00 -08:00
toby 1cf4ef12f7 migrating to the more conventional static arp/unnumbered ipv4 routing based on the BGP unnumbered RFC just without the BGP ;) ... its nice this way cause if we do decide to add BGP on top on a later time it will look essentially the same, just dynamic... for now it's static though ;) 2019-03-08 20:09:13 +00:00
toby 22b4da07a3 removing jumbo frames from uplinks. it aint happening.... 2019-02-23 06:22:12 +00:00
toby af873ce08e adding interface length safety 2019-02-23 05:16:27 +00:00
toby 15c67eae20 since we changed the manual vmrun script we can now force the if-variable file to be present in qemu-ifup 2019-02-23 05:05:21 +00:00
toby a497c70abe adding mgmt dhcp6 - so we get ntp and dns over ipv6 - and timesyncd dhcp6 exit script 2019-02-23 04:09:55 +00:00
toby fc197c9fce just comments... 2019-02-21 04:31:18 +00:00
toby fb96f1daa8 adding more resiliancy to the ifup-public script. we want it to maybe fail if it doesn't know what to do with the variable. not just silently continue 2019-02-21 01:02:35 +00:00
toby 13be20d519 writing out ipsec.secrets through postinst again since apparmor blocks any type of hide/displace action 2019-02-14 22:15:36 -08:00
toby 477b89aa0e fixing major bug in ipsec.secrets 2019-02-14 17:46:50 -08:00
toby 289b42e100 fixing sysctl tweak path 2019-02-14 17:31:38 -08:00
toby 3003509bf4 trying yet again a different approach to update files correctly upon install 2019-02-14 16:43:13 -08:00
toby a3934b7014 evidently everything is breaking right now, so trying a different approach 2019-02-14 14:43:53 -08:00
toby 1066e48dc7 evidently everything is breaking right now, so trying a different approach 2019-02-14 14:38:06 -08:00