036f7c8b74
Support custom allowed_ips field for services
...
Like allowed_prefixes, but for single IP addresses. Currently used
just for DHCP server to allow (only) packets from relays.
2024-08-03 11:44:03 +02:00
29598ef4bb
Rework service handling
...
Allow running playbooks without NetBox access. Mainly to bootstrap
NetBox itself.
Would prefer not to access network from filter plugins, so maybe do
that at some point also.
2024-06-19 13:33:32 +02:00
25bcddede1
Factor frr role from debian, ceph and proxmox
...
Consolidate base system and networking setup into debian role and BGP
configuration into frr role. Add facts role to collect data from NetBox
once to avoid many slow lookups. Also many other tweaks and cleanups.
2024-05-19 14:21:25 +02:00
5762236ac2
ceph: fix nftables management rule
...
The mgmt VRF might not exist yet when nftables rules are loaded, so
use iifname instead of iif for dynamic interface lookup.
2024-05-09 12:30:42 +02:00
8be55c2bde
ceph: set up firewall
...
Still need to drop the hardcoded allowed set.
2024-04-05 06:12:58 +02:00
0c063a017b
ceph: allow some ICMP
2024-03-14 14:34:44 +01:00
ce7903e43a
ceph: improve cluster setup
...
Remove separate NetBox lookups. Explicitly allow connections between
cluster nodes. Tigthen temporary allowed IPv6 ranges.
2024-03-01 08:45:51 +01:00
c395fe22c7
ceph: allow connections from more addresses
...
Should unhardcode this at some point.
2024-01-17 19:19:55 +01:00
5038411af3
Add ceph role
...
Just prepares the servers, all management is then done through cephadm.
2023-11-20 13:04:11 +01:00
