PXE/dhcp/firewall changes. Adding Matchbox.
This commit is contained in:
parent
40739df5b8
commit
0d24da08cf
SSH key fingerprint:
SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
3 changed files with 24 additions and 13 deletions
|
|
@ -136,3 +136,15 @@ set container name vnstat shared-memory '0'
|
|||
set container name vnstat volume vnstat-data destination '/var/lib/vnstat'
|
||||
set container name vnstat volume vnstat-data mode 'rw'
|
||||
set container name vnstat volume vnstat-data source '/config/containers/vnstat/data'
|
||||
|
||||
# matchbox
|
||||
set container name matchbox arguments '-address=0.0.0.0:80 -log-level=debug'
|
||||
set container name matchbox cap-add 'net-bind-service'
|
||||
set container name matchbox image 'quay.io/poseidon/matchbox:v0.10.0'
|
||||
set container name matchbox memory '0'
|
||||
set container name matchbox network containers address '10.5.0.7'
|
||||
set container name matchbox shared-memory '0'
|
||||
set container name matchbox volume matchbox-data destination '/var/lib/matchbox'
|
||||
set container name matchbox volume matchbox-data mode 'rw'
|
||||
set container name matchbox volume matchbox-data propagation 'private'
|
||||
set container name matchbox volume matchbox-data source '/config/containers/matchbox/data'
|
||||
|
|
@ -9,7 +9,7 @@ set firewall global-options all-ping 'enable'
|
|||
set firewall group address-group router-addresses address 10.0.0.1
|
||||
set firewall group address-group router-addresses address 127.0.0.1
|
||||
set firewall group address-group k8s_nodes address '10.1.1.61-10.1.1.63' # master nodes
|
||||
set firewall group address-group k8s_nodes address '10.1.1.41-10.1.1.46' # worker nodes
|
||||
set firewall group address-group k8s_nodes address '10.1.1.70-10.1.1.254' # worker nodes
|
||||
set firewall group address-group k8s_api address '10.5.0.2'
|
||||
set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx
|
||||
set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx
|
||||
|
|
|
|||
|
|
@ -43,7 +43,8 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-pa
|
|||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'allow booting;'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'next-server 10.1.1.1;'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'if exists user-class and option user-class = "iPXE" {'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "metal-amd64";'
|
||||
# set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "metal-amd64";'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "http://10.5.0.7/boot.ipxe";'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters '} else {'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "undionly.kpxe";'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters '}'
|
||||
|
|
@ -56,21 +57,11 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
|
|||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting ip-address '10.1.1.12'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting mac-address 'a8:a1:59:4a:d1:b3'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf ip-address '10.1.1.13'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf mac-address '90:e2:ba:dd:98:20'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf mac-address 'b4:96:91:20:2c:58'
|
||||
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax ip-address '10.1.1.30'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax mac-address '04:42:1a:ef:35:75'
|
||||
|
||||
# k8s prod workers
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address 'c8:1f:66:10:4d:b9'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elrond ip-address '10.1.1.43'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elrond mac-address 'BC:24:11:1D:24:93'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya ip-address '10.1.1.44'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya mac-address '80:e8:2c:db:68:a2'
|
||||
|
||||
|
||||
# Raspberry Pis
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping frodo ip-address '10.1.1.51'
|
||||
|
|
@ -97,6 +88,14 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
|
|||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping cirdan ip-address '10.1.1.63'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping cirdan mac-address '98:90:96:A2:04:B1'
|
||||
|
||||
# k8s prod workers
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping anduril ip-address '10.1.1.71'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping anduril mac-address 'd4:5d:64:91:b2:42'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf-01 ip-address '10.1.1.72'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf-01 mac-address '52:54:00:e5:08:8d'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax-01 ip-address '10.1.1.73'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax-01 mac-address '98:90:96:A2:04:B1'
|
||||
|
||||
# Trusted VLAN
|
||||
set service dhcp-server shared-network-name TRUSTED authoritative
|
||||
set service dhcp-server shared-network-name TRUSTED ping-check
|
||||
|
|
|
|||
Reference in a new issue