sunet-cdn/cdn-ops
2
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
427 commits 1 branch 203 tags 1.4 MiB
Commit graph

215 commits

Author SHA1 Message Date
Patrik Lundin 61f47320a7
Use named volume for persistence 2024-11-13 13:52:26 +01:00
Patrik Lundin b121790b77
Fix password variable 2024-11-13 13:39:42 +01:00
Patrik Lundin 17219fd226
Install dockerhost2 on db machine 2024-11-13 13:35:15 +01:00
Patrik Lundin 728ed4126f
Fix naming for db compose file 2024-11-13 13:33:18 +01:00
Patrik Lundin 85afb706ed
Add initial support for handling a DB server 
Used to store varnish config etc
 2024-11-13 13:27:58 +01:00
Patrik Lundin e7efc59870
Update cdnp to v0.0.6 2024-11-12 16:59:08 +01:00
Patrik Lundin f27eb9c07d
Update cdnp to v0.0.5 2024-11-12 16:47:17 +01:00
Patrik Lundin 0447b7b106
Restart sunet-cdnp if extracting new version 2024-11-12 16:31:29 +01:00
Patrik Lundin 56b16a6d44
Update cdnp to v0.0.4 2024-11-12 16:28:52 +01:00
Patrik Lundin da099a5e53
Make sure cdnp is running 2024-11-12 10:31:23 +01:00
Patrik Lundin 6d6f1b632d
Add "," 2024-11-12 10:19:11 +01:00
Patrik Lundin 2e49e12c70
Start creating sunet-cdnp unit file 2024-11-12 10:11:03 +01:00
Patrik Lundin dba0e2e107
Test firewall config 2024-11-11 15:37:59 +01:00
Patrik Lundin 0a61c8ad28
Update sunet-cdnp to v0.0.3 2024-11-08 09:41:14 +01:00
Patrik Lundin 91fe726b61
Update sunet-cdnp to v0.0.2 2024-11-08 08:45:53 +01:00
Patrik Lundin f0eed8e804
Revert "Test updated certbot sync script" 
This reverts commit 57b1700759.
 2024-11-07 12:42:44 +01:00
Patrik Lundin 9a73d8bdfe
Improve comment 2024-11-07 12:41:43 +01:00
Patrik Lundin 1164b59747
Install tool for managing ACME provisioner 2024-11-07 12:41:14 +01:00
Patrik Lundin f07e6708e3
Another update of certbot-sync dir 2024-11-05 15:37:05 +01:00
Patrik Lundin 8cd801bd64
Replace cp+chown with install 2024-11-05 14:45:37 +01:00
Patrik Lundin 0461a8f0b8
mqtt: fix certfile usage 
Use fullchain.pem instead of cert.pem which fixes "certificate signed by
unknown authority" problems.
Also point cafile to correct root cert.
 2024-11-05 14:39:13 +01:00
Patrik Lundin a858a1973f
Sync dc and hostname 2024-11-04 12:34:38 +01:00
Patrik Lundin 80df8d10ff
Add real client contents to mqtt server 2024-11-04 12:02:25 +01:00
Patrik Lundin 3413446ce4
Less stuttering in variable naming 2024-11-04 11:58:15 +01:00
Patrik Lundin efa269ab33
Add back $clients 
Should not have been removed in last commit
 2024-11-04 11:56:00 +01:00
Patrik Lundin a71a8f5639
mqtt: open local firewall for any clients 2024-11-04 11:52:31 +01:00
Patrik Lundin 9cee243af6
Allow ACME validation from step-ca to cache 2024-11-04 09:39:02 +01:00
Patrik Lundin e5a23593bf
Apply IP-specific certbot command to cache instead 2024-11-04 09:31:50 +01:00
Patrik Lundin 6f2dd2df0f
Revert "Only bind certbot to machine-specific IP" 
Incorrectly applied to MQTT class, was supposed to be done for cache servers.

This reverts commit b4261094a7.
 2024-11-04 09:30:39 +01:00
Patrik Lundin b4261094a7
Only bind certbot to machine-specific IP 
Because there will be haproxy instances running next to this service we
can only listen to the machine-local address not the default of "all addreses":

Error seen:
```
Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.
```
 2024-11-04 09:26:42 +01:00
Patrik Lundin d4f938770a
Get internal cert for hostname 
Used for client cert auth to MQTT server
 2024-11-04 09:14:42 +01:00
Patrik Lundin 101f11fdad
Use new synced certbot dir 2024-11-01 14:38:04 +01:00
Patrik Lundin 57b1700759
Test updated certbot sync script 2024-11-01 14:21:29 +01:00
Patrik Lundin a39f5cdbae
Remove "command" and fix indent 2024-10-31 15:39:11 +01:00
Patrik Lundin ca94d62c62
Make sure root owns sunet-cdnp binary 2024-10-31 15:38:17 +01:00
Patrik Lundin 740c5d29c1
Missing "," 2024-10-31 15:35:44 +01:00
Patrik Lundin 48d9866a7c
Call tar from command to make notify simpler 2024-10-31 15:33:48 +01:00
Patrik Lundin 0ad91d34d1
Missing "," 2024-10-31 15:30:36 +01:00
Patrik Lundin e15225d1b5
Extract sunet-cdnp and create symlink in PATH 
Store files in /var/lib/sunet-cdnp instead of /root
 2024-10-31 15:26:08 +01:00
Patrik Lundin 19aa10dc05
Missing "," 2024-10-31 12:56:33 +01:00
Patrik Lundin 395e67c918
Download CDN purger to cache 2024-10-31 12:55:07 +01:00
Patrik Lundin 196c1403e6
Allow decapsulated ip6ip6 packets 2024-10-30 09:25:12 +01:00
Patrik Lundin 41298df063
Setup interface for ip6ip6 tunneling 
Running into systemd-networkd bugs, don't be fooled by "Local=::1" and
"Remote=::1". This still results in the equivalent of setting them to
'any' or '::' because we are using the default interface name.
 2024-10-29 17:01:46 +01:00
Patrik Lundin 2ad7073858
Fix name 2024-10-29 14:23:34 +01:00
Patrik Lundin 0b3e9c48ff
Add nftables rule for ip6tnl packets 2024-10-29 14:21:34 +01:00
Patrik Lundin bd055b1ac8
Run puppet-lint 2024-10-29 08:30:49 +01:00
Patrik Lundin c4b9bef3c5
Set net.ipv4.vs.sloppy_tcp=1 
Needed if taking over packets for a connection that was established via
another node.
 2024-10-29 08:29:21 +01:00
Patrik Lundin c93846d03b
Use @ 2024-10-28 13:35:55 +01:00
Patrik Lundin c7b74c27fc
Use fact that exists 2024-10-28 13:34:59 +01:00
Patrik Lundin 6a8671fa3e
Add import filters for bgp 2024-10-28 13:26:13 +01:00