Timotej Lazar
036f7c8b74
Support custom allowed_ips field for services
...
Like allowed_prefixes, but for single IP addresses. Currently used
just for DHCP server to allow (only) packets from relays.
2024-08-03 11:44:03 +02:00
Timotej Lazar
29598ef4bb
Rework service handling
...
Allow running playbooks without NetBox access. Mainly to bootstrap
NetBox itself.
Would prefer not to access network from filter plugins, so maybe do
that at some point also.
2024-06-19 13:33:32 +02:00
Timotej Lazar
25bcddede1
Factor frr role from debian, ceph and proxmox
...
Consolidate base system and networking setup into debian role and BGP
configuration into frr role. Add facts role to collect data from NetBox
once to avoid many slow lookups. Also many other tweaks and cleanups.
2024-05-19 14:21:25 +02:00
Timotej Lazar
5762236ac2
ceph: fix nftables management rule
...
The mgmt VRF might not exist yet when nftables rules are loaded, so
use iifname instead of iif for dynamic interface lookup.
2024-05-09 12:30:42 +02:00
Timotej Lazar
8be55c2bde
ceph: set up firewall
...
Still need to drop the hardcoded allowed set.
2024-04-05 06:12:58 +02:00
Timotej Lazar
0c063a017b
ceph: allow some ICMP
2024-03-14 14:34:44 +01:00
Timotej Lazar
ce7903e43a
ceph: improve cluster setup
...
Remove separate NetBox lookups. Explicitly allow connections between
cluster nodes. Tigthen temporary allowed IPv6 ranges.
2024-03-01 08:45:51 +01:00
Timotej Lazar
c395fe22c7
ceph: allow connections from more addresses
...
Should unhardcode this at some point.
2024-01-17 19:19:55 +01:00
Timotej Lazar
5038411af3
Add ceph role
...
Just prepares the servers, all management is then done through cephadm.
2023-11-20 13:04:11 +01:00