Add an internal route to the public swh network (VLAN1300)
via the firewall to bypass the VLAN210 -> VLAN1300 filters (DSI).
It's a temporary countermeasure for the monitoring until pergamon
is moved into the admin vlan (VLAN442)
Related to T2747
Details
Details
- Reviewers
ardumont - Group Reviewers
System administrators - Maniphest Tasks
- T2747: Create the reverse proxy to expose the staging services publicly
- Commits
- rSPSITEe25589e40654: network: Add an internal route to the public swh network
octocatalog-diff :
diff origin/production/pergamon.softwareheritage.org current/pergamon.softwareheritage.org
*******************************************
Concat::Fragment[eth1_stanza] =>
parameters =>
content =>
@@ -9,4 +9,5 @@
up ip route add 192.168.130.0/24 via 192.168.100.130
up ip route add 192.168.50.0/24 via 192.168.100.130
+ up ip route add 128.93.166.0/26 via 192.168.100.130
up ip rule add from 192.168.100.29 table private
up ip route add 192.168.100.0/24 src 192.168.100.29 dev eth1 table private
@@ -16,4 +17,5 @@
down ip route del 192.168.100.0/24 src 192.168.100.29 dev eth1 table private
down ip rule del from 192.168.100.29 table private
+ down ip route del 128.93.166.0/26 via 192.168.100.130
down ip route del 192.168.50.0/24 via 192.168.100.130
down ip route del 192.168.130.0/24 via 192.168.100.130
*******************************************
Concat_fragment[eth1_stanza] =>
parameters =>
content =>
@@ -9,4 +9,5 @@
up ip route add 192.168.130.0/24 via 192.168.100.130
up ip route add 192.168.50.0/24 via 192.168.100.130
+ up ip route add 128.93.166.0/26 via 192.168.100.130
up ip rule add from 192.168.100.29 table private
up ip route add 192.168.100.0/24 src 192.168.100.29 dev eth1 table private
@@ -16,4 +17,5 @@
down ip route del 192.168.100.0/24 src 192.168.100.29 dev eth1 table private
down ip rule del from 192.168.100.29 table private
+ down ip route del 128.93.166.0/26 via 192.168.100.130
down ip route del 192.168.50.0/24 via 192.168.100.130
down ip route del 192.168.130.0/24 via 192.168.100.130
*******************************************
Debnet::Iface[eth1] =>
parameters =>
downs =>
- ["ip route del default via 192.168.100.1 dev eth1 table private", "ip route del 192.168.100.0/24 src 192.168.100.29 dev eth1 table private", "ip rule del from 192.168.100.29 table private", "ip route del 192.168.50.0/24 via 192.168.100.130", "ip route del 192.168.130.0/24 via 192.168.100.130", "ip route del 192.168.128.0/24 via 192.168.100.125", "ip route del 192.168.200.0/21 via 192.168.100.1", "ip route del 192.168.101.0/24 via 192.168.100.1", "ip route flush cache"]
+ ["ip route del default via 192.168.100.1 dev eth1 table private", "ip route del 192.168.100.0/24 src 192.168.100.29 dev eth1 table private", "ip rule del from 192.168.100.29 table private", "ip route del 128.93.166.0/26 via 192.168.100.130", "ip route del 192.168.50.0/24 via 192.168.100.130", "ip route del 192.168.130.0/24 via 192.168.100.130", "ip route del 192.168.128.0/24 via 192.168.100.125", "ip route del 192.168.200.0/21 via 192.168.100.1", "ip route del 192.168.101.0/24 via 192.168.100.1", "ip route flush cache"]
ups =>
- ["ip route add 192.168.101.0/24 via 192.168.100.1", "ip route add 192.168.200.0/21 via 192.168.100.1", "ip route add 192.168.128.0/24 via 192.168.100.125", "ip route add 192.168.130.0/24 via 192.168.100.130", "ip route add 192.168.50.0/24 via 192.168.100.130", "ip rule add from 192.168.100.29 table private", "ip route add 192.168.100.0/24 src 192.168.100.29 dev eth1 table private", "ip route add default via 192.168.100.1 dev eth1 table private", "ip route flush cache"]
+ ["ip route add 192.168.101.0/24 via 192.168.100.1", "ip route add 192.168.200.0/21 via 192.168.100.1", "ip route add 192.168.128.0/24 via 192.168.100.125", "ip route add 192.168.130.0/24 via 192.168.100.130", "ip route add 192.168.50.0/24 via 192.168.100.130", "ip route add 128.93.166.0/26 via 192.168.100.130", "ip rule add from 192.168.100.29 table private", "ip route add 192.168.100.0/24 src 192.168.100.29 dev eth1 table private", "ip route add default via 192.168.100.1 dev eth1 table private", "ip route flush cache"]
*******************************************
File[/etc/bind/keys/local-update] =>
parameters =>
content =>
@@ -2,4 +2,4 @@
key local-update {
algorithm hmac-sha256;
- secret "eJBiUjI3H8Ifod9Tj3kaCGASOSRFvOIRla+9J+nlakIcuregIpwsbVjggJuVvpmT+tEVM3iW9bq2LzcXaq8VWA==";
+ secret "3JB1hZH89vs6UyjQrHiLcD7RJq394BlbYv6/MTNDMm8niTlaJxQVyVxk+O2S4GZ3JtN6L62A3SJOKzK/V6rIpQ==";
};
*******************************************
File[/etc/bind/rndc.key] =>
parameters =>
content =>
@@ -2,4 +2,4 @@
key rndc-key {
algorithm hmac-md5;
- secret "Jv/9cDQS5rFYgSieITC3VAzJGOh/B/Wlzd/izOty/0CdqQRRh1lfFRAfOy91qCsdnq/dJyxPQZ3MK0iH3/24Xg==";
+ secret "uin5zRq3gQFGPi8MiS88Fxra6hRfKCLhw1nXyQyVhafIPBb80fmShXC4fIjg0kd7SN9/EuqsYkQxxAB83doEUg==";
};
*******************************************
*** End octocatalog-diff on pergamon.softwareheritage.orgDiff Detail
Diff Detail
- Repository
- rSPSITE puppet-swh-site
- Lint
Automatic diff as part of commit; lint not applicable. - Unit
Automatic diff as part of commit; unit tests not applicable.