5489eeeb7a
Use correct output filename
2025-03-31 17:29:35 +02:00
39e1db9c32
Add basic firewall setup for l4lb namespace
...
Also teach sunet-l4lb-namespace to load the nft ruleset if it exists.
While here modify the script so instead of running "once per netns
config file" we merge the interface config from each json file into the
same dict per namespace. Without this we would attempt to load the nft
ruleset twice (once per file that mentioned the namespace) or warn twice
if the file did not exist etc.
2025-03-31 17:19:29 +02:00
f7dd464ed7
l4lb: install conntrack
...
Useful for veryfing what traffic is creating state.
2025-03-30 08:39:16 +02:00
db2b4ca409
Update sunet-l4lb-namespace
...
Make it able to delete addresses that are no longer in the netns config.
Also make it read one netns-base.json for hardware config which is
managed by puppet but also make it look for netns-sunet-cdn-agent.json
which is not created by puppet. This file will be generated by
sunet-cdn-agent and will include the configuration for dummy0.
2025-03-19 12:35:21 +01:00
f638e4c6f4
Update to latest sunet-cdnp
2025-03-17 22:36:55 +01:00
7a91f6df19
Properly ensure files
2024-11-13 14:54:33 +01:00
206e450c99
Add init script for setting up cdn database
2024-11-13 14:52:17 +01:00
728ed4126f
Fix naming for db compose file
2024-11-13 13:33:18 +01:00
85afb706ed
Add initial support for handling a DB server
...
Used to store varnish config etc
2024-11-13 13:27:58 +01:00
e7efc59870
Update cdnp to v0.0.6
2024-11-12 16:59:08 +01:00
f27eb9c07d
Update cdnp to v0.0.5
2024-11-12 16:47:17 +01:00
0447b7b106
Restart sunet-cdnp if extracting new version
2024-11-12 16:31:29 +01:00
56b16a6d44
Update cdnp to v0.0.4
2024-11-12 16:28:52 +01:00
da099a5e53
Make sure cdnp is running
2024-11-12 10:31:23 +01:00
6d6f1b632d
Add ","
2024-11-12 10:19:11 +01:00
2e49e12c70
Start creating sunet-cdnp unit file
2024-11-12 10:11:03 +01:00
0a61c8ad28
Update sunet-cdnp to v0.0.3
2024-11-08 09:41:14 +01:00
91fe726b61
Update sunet-cdnp to v0.0.2
2024-11-08 08:45:53 +01:00
1164b59747
Install tool for managing ACME provisioner
2024-11-07 12:41:14 +01:00
f07e6708e3
Another update of certbot-sync dir
2024-11-05 15:37:05 +01:00
3413446ce4
Less stuttering in variable naming
2024-11-04 11:58:15 +01:00
efa269ab33
Add back $clients
...
Should not have been removed in last commit
2024-11-04 11:56:00 +01:00
a71a8f5639
mqtt: open local firewall for any clients
2024-11-04 11:52:31 +01:00
9cee243af6
Allow ACME validation from step-ca to cache
2024-11-04 09:39:02 +01:00
e5a23593bf
Apply IP-specific certbot command to cache instead
2024-11-04 09:31:50 +01:00
6f2dd2df0f
Revert "Only bind certbot to machine-specific IP"
...
Incorrectly applied to MQTT class, was supposed to be done for cache servers.
This reverts commit b4261094a7
2024-11-04 09:30:39 +01:00
b4261094a7
Only bind certbot to machine-specific IP
...
Because there will be haproxy instances running next to this service we
can only listen to the machine-local address not the default of "all addreses":
Error seen:
```
Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.
```
2024-11-04 09:26:42 +01:00
d4f938770a
Get internal cert for hostname
...
Used for client cert auth to MQTT server
2024-11-04 09:14:42 +01:00
101f11fdad
Use new synced certbot dir
2024-11-01 14:38:04 +01:00
a39f5cdbae
Remove "command" and fix indent
2024-10-31 15:39:11 +01:00
ca94d62c62
Make sure root owns sunet-cdnp binary
2024-10-31 15:38:17 +01:00
740c5d29c1
Missing ","
2024-10-31 15:35:44 +01:00
48d9866a7c
Call tar from command to make notify simpler
2024-10-31 15:33:48 +01:00
0ad91d34d1
Missing ","
2024-10-31 15:30:36 +01:00
e15225d1b5
Extract sunet-cdnp and create symlink in PATH
...
Store files in /var/lib/sunet-cdnp instead of /root
2024-10-31 15:26:08 +01:00
19aa10dc05
Missing ","
2024-10-31 12:56:33 +01:00
395e67c918
Download CDN purger to cache
2024-10-31 12:55:07 +01:00
196c1403e6
Allow decapsulated ip6ip6 packets
2024-10-30 09:25:12 +01:00
41298df063
Setup interface for ip6ip6 tunneling
...
Running into systemd-networkd bugs, don't be fooled by "Local=::1" and
"Remote=::1". This still results in the equivalent of setting them to
'any' or '::' because we are using the default interface name.
2024-10-29 17:01:46 +01:00
2ad7073858
Fix name
2024-10-29 14:23:34 +01:00
0b3e9c48ff
Add nftables rule for ip6tnl packets
2024-10-29 14:21:34 +01:00
bd055b1ac8
Run puppet-lint
2024-10-29 08:30:49 +01:00
af96f5e985
Manage bird.conf on l4lb machines
...
Currently just add basic template
2024-10-28 13:18:59 +01:00
e2d550bf29
Start managing bird2
...
Also give dummy-interface support to sunet-l4lb-namespace tool, used
to hold IPv4/IPv6 service addresses that should be announced via BGP.
2024-10-25 15:19:21 +02:00
4856be3f06
Rework dir layout to match other hosts
2024-10-22 17:11:58 +02:00
f588078b75
Add namespace management files
2024-10-22 17:06:29 +02:00
74c0bf76a1
Fix type name
2024-10-22 15:23:03 +02:00
1ddf93c330
Disable cilium by default
...
We will go for IPVS for now which can deal with the l4lb hosts being
multihomed.
2024-10-22 15:20:09 +02:00
ad66745a90
Missing "
2024-10-13 14:32:42 +02:00
4f2428575c
Fix name
2024-10-13 14:31:23 +02:00
