Page MenuHomeSoftware Heritage

network: Add an internal route to the public swh network
ClosedPublic

Authored by vsellier on Tue, Nov 10, 11:01 AM.

Details

Summary

Add an internal route to the public swh network (VLAN1300)
via the firewall to bypass the VLAN210 -> VLAN1300 filters (DSI).
It's a temporary countermeasure for the monitoring until pergamon
is moved into the admin vlan (VLAN442)

Related to T2747

Test Plan

octocatalog-diff :

diff origin/production/pergamon.softwareheritage.org current/pergamon.softwareheritage.org
*******************************************
  Concat::Fragment[eth1_stanza] =>
   parameters =>
     content =>
      @@ -9,4 +9,5 @@
         up ip route add 192.168.130.0/24 via 192.168.100.130
         up ip route add 192.168.50.0/24 via 192.168.100.130
      +  up ip route add 128.93.166.0/26 via 192.168.100.130
         up ip rule add from 192.168.100.29 table private
         up ip route add 192.168.100.0/24 src 192.168.100.29 dev eth1 table private
      @@ -16,4 +17,5 @@
         down ip route del 192.168.100.0/24 src 192.168.100.29 dev eth1 table private
         down ip rule del from 192.168.100.29 table private
      +  down ip route del 128.93.166.0/26 via 192.168.100.130
         down ip route del 192.168.50.0/24 via 192.168.100.130
         down ip route del 192.168.130.0/24 via 192.168.100.130
*******************************************
  Concat_fragment[eth1_stanza] =>
   parameters =>
     content =>
      @@ -9,4 +9,5 @@
         up ip route add 192.168.130.0/24 via 192.168.100.130
         up ip route add 192.168.50.0/24 via 192.168.100.130
      +  up ip route add 128.93.166.0/26 via 192.168.100.130
         up ip rule add from 192.168.100.29 table private
         up ip route add 192.168.100.0/24 src 192.168.100.29 dev eth1 table private
      @@ -16,4 +17,5 @@
         down ip route del 192.168.100.0/24 src 192.168.100.29 dev eth1 table private
         down ip rule del from 192.168.100.29 table private
      +  down ip route del 128.93.166.0/26 via 192.168.100.130
         down ip route del 192.168.50.0/24 via 192.168.100.130
         down ip route del 192.168.130.0/24 via 192.168.100.130
*******************************************
  Debnet::Iface[eth1] =>
   parameters =>
     downs =>
      - ["ip route del default via 192.168.100.1 dev eth1 table private", "ip route del 192.168.100.0/24 src 192.168.100.29 dev eth1 table private", "ip rule del from 192.168.100.29 table private", "ip route del 192.168.50.0/24 via 192.168.100.130", "ip route del 192.168.130.0/24 via 192.168.100.130", "ip route del 192.168.128.0/24 via 192.168.100.125", "ip route del 192.168.200.0/21 via 192.168.100.1", "ip route del 192.168.101.0/24 via 192.168.100.1", "ip route flush cache"]
      + ["ip route del default via 192.168.100.1 dev eth1 table private", "ip route del 192.168.100.0/24 src 192.168.100.29 dev eth1 table private", "ip rule del from 192.168.100.29 table private", "ip route del 128.93.166.0/26 via 192.168.100.130", "ip route del 192.168.50.0/24 via 192.168.100.130", "ip route del 192.168.130.0/24 via 192.168.100.130", "ip route del 192.168.128.0/24 via 192.168.100.125", "ip route del 192.168.200.0/21 via 192.168.100.1", "ip route del 192.168.101.0/24 via 192.168.100.1", "ip route flush cache"]
     ups =>
      - ["ip route add 192.168.101.0/24 via 192.168.100.1", "ip route add 192.168.200.0/21 via 192.168.100.1", "ip route add 192.168.128.0/24 via 192.168.100.125", "ip route add 192.168.130.0/24 via 192.168.100.130", "ip route add 192.168.50.0/24 via 192.168.100.130", "ip rule add from 192.168.100.29 table private", "ip route add 192.168.100.0/24 src 192.168.100.29 dev eth1 table private", "ip route add default via 192.168.100.1 dev eth1 table private", "ip route flush cache"]
      + ["ip route add 192.168.101.0/24 via 192.168.100.1", "ip route add 192.168.200.0/21 via 192.168.100.1", "ip route add 192.168.128.0/24 via 192.168.100.125", "ip route add 192.168.130.0/24 via 192.168.100.130", "ip route add 192.168.50.0/24 via 192.168.100.130", "ip route add 128.93.166.0/26 via 192.168.100.130", "ip rule add from 192.168.100.29 table private", "ip route add 192.168.100.0/24 src 192.168.100.29 dev eth1 table private", "ip route add default via 192.168.100.1 dev eth1 table private", "ip route flush cache"]
*******************************************
  File[/etc/bind/keys/local-update] =>
   parameters =>
     content =>
      @@ -2,4 +2,4 @@
       key local-update {
        algorithm hmac-sha256;
      - secret "eJBiUjI3H8Ifod9Tj3kaCGASOSRFvOIRla+9J+nlakIcuregIpwsbVjggJuVvpmT+tEVM3iW9bq2LzcXaq8VWA==";
      + secret "3JB1hZH89vs6UyjQrHiLcD7RJq394BlbYv6/MTNDMm8niTlaJxQVyVxk+O2S4GZ3JtN6L62A3SJOKzK/V6rIpQ==";
       };
*******************************************
  File[/etc/bind/rndc.key] =>
   parameters =>
     content =>
      @@ -2,4 +2,4 @@
       key rndc-key {
        algorithm hmac-md5;
      - secret "Jv/9cDQS5rFYgSieITC3VAzJGOh/B/Wlzd/izOty/0CdqQRRh1lfFRAfOy91qCsdnq/dJyxPQZ3MK0iH3/24Xg==";
      + secret "uin5zRq3gQFGPi8MiS88Fxra6hRfKCLhw1nXyQyVhafIPBb80fmShXC4fIjg0kd7SN9/EuqsYkQxxAB83doEUg==";
       };
*******************************************
*** End octocatalog-diff on pergamon.softwareheritage.org

Diff Detail

Repository
rSPSITE puppet-swh-site
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

vsellier created this revision.Tue, Nov 10, 11:01 AM
ardumont accepted this revision.Tue, Nov 10, 11:03 AM
ardumont added a subscriber: ardumont.

let's get rid of those icinga warnings \o/

This revision is now accepted and ready to land.Tue, Nov 10, 11:03 AM