Page MenuHomeSoftware Heritage
Create Task
Maniphest T1874

staging infra: Setup gateway vm
Closed, MigratedEdits Locked
Actions

Description

when vlan is ready:

  • proxmox: Add new network interface to access new vlan + bridge
  • Add new gateway vm (firewall, proxy, router) with public ip address

else (when vlan not ready):

  • instantiate new vm (+ puppet)
  • make it route 192.168.128.0/24 paquet to louvre

Related Objects
Search...

Event Timeline

ardumont triaged this task as High priority.Jul 3 2019, 2:08 PM
ardumont created this task.
ardumont edited parent tasks, added: T1872: staging infra: New vlan; removed: T1785: Setup staging infrastructure.Jul 3 2019, 2:11 PM
ardumont changed the task status from Open to Work in Progress.Jul 30 2019, 4:33 PM
ardumont added a comment.EditedJul 30 2019, 4:47 PM

louvre (as in vpn server and production gateway)

Make openvpn server push a new route to vpn clients, edit /etc/openvpn/louvre.conf:

push "route 192.168.128.0 255.255.255.0"

Restart vpn (notify people their client service might die).

root@louvre$ systemctl restart openvpn@louvre

Add route to the louvre gateway to forward traffic to the staging network:

root@louvre$ ip route add 192.168.128.0/24 via 192.168.100.125

Now to determine how to make that route persistent (edit /etc/network/interfaces for the right interface, i think)

Check it works

tony@myrkr% ssh root@192.168.128.1 'echo hello from $(hostname)'
hello from gateway
tony@myrkr% ssh root@192.168.128.2 'echo hello from $(hostname)'
hello from storage0

Note:

  • storage(128.2)/gateway(128.1) are nodes built from D1762
  • myrkr: vpn client machine

Document

https://intranet.softwareheritage.org/wiki/Network_configuration#192.168.128.1.2F24

ardumont added a comment.Jul 30 2019, 5:01 PM

Now to determine how to make that route persistent (edit /etc/network/interfaces for eth0, i think)

Added the post-up ip add route instruction in /etc/network/interfaces:

auto ens18
iface ens18 inet static
        address  192.168.100.1
        netmask  255.255.255.0
        post-up ip route add 192.168.128.0/24 via 192.168.100.125
ardumont mentioned this in D1792: network: Allow to override the ups/downs route for the network.Jul 31 2019, 4:04 PM
ardumont mentioned this in rSPSITE10b8fa42f41d: network: Allow to override the ups/downs route for the network.Jul 31 2019, 4:26 PM
ardumont mentioned this in rSPSITEcf2273c10b35: gateway.internal.staging: Add networks info up to the louvre route.
ardumont mentioned this in rSPSITEc07c011521ee: site.pp: Reference gateway.internal.staging's role.Jul 31 2019, 6:42 PM
ardumont updated the task description. (Show Details)Jul 31 2019, 9:22 PM
ardumont mentioned this in D1797: staging: Bootstrap infrastructure with the gateway node.Aug 1 2019, 10:20 AM
ardumont mentioned this in rSPREd0b12247c332: staging: Bootstrap infrastructure with the gateway node.Aug 1 2019, 11:53 AM
ardumont mentioned this in Unknown Object (Paste).Aug 1 2019, 12:55 PM
vlorentz added a project: Staging environment.Jan 22 2020, 4:29 PM
ardumont closed this task as Resolved.Apr 24 2020, 3:29 PM
ardumont claimed this task.
gitlab-migration changed the task status from Resolved to Migrated.Oct 19 2022, 5:56 PM
gitlab-migration claimed this task.
gitlab-migration added a subscriber: gitlab-migration.

This task has been migrated to GitLab.

About · Developer information · Legal