From 0d24da08cfb375929f746c1ea8a0ed2cf5040348 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Sat, 30 Mar 2024 06:15:20 -0500 Subject: [PATCH] PXE/dhcp/firewall changes. Adding Matchbox. --- config-parts/container.sh | 12 ++++++++++++ config-parts/firewall.sh | 2 +- config-parts/service-dhcp_server.sh | 23 +++++++++++------------ 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/config-parts/container.sh b/config-parts/container.sh index d9524ee..717d40d 100644 --- a/config-parts/container.sh +++ b/config-parts/container.sh @@ -136,3 +136,15 @@ set container name vnstat shared-memory '0' set container name vnstat volume vnstat-data destination '/var/lib/vnstat' set container name vnstat volume vnstat-data mode 'rw' set container name vnstat volume vnstat-data source '/config/containers/vnstat/data' + +# matchbox +set container name matchbox arguments '-address=0.0.0.0:80 -log-level=debug' +set container name matchbox cap-add 'net-bind-service' +set container name matchbox image 'quay.io/poseidon/matchbox:v0.10.0' +set container name matchbox memory '0' +set container name matchbox network containers address '10.5.0.7' +set container name matchbox shared-memory '0' +set container name matchbox volume matchbox-data destination '/var/lib/matchbox' +set container name matchbox volume matchbox-data mode 'rw' +set container name matchbox volume matchbox-data propagation 'private' +set container name matchbox volume matchbox-data source '/config/containers/matchbox/data' \ No newline at end of file diff --git a/config-parts/firewall.sh b/config-parts/firewall.sh index c566657..cdfa8c6 100644 --- a/config-parts/firewall.sh +++ b/config-parts/firewall.sh @@ -9,7 +9,7 @@ set firewall global-options all-ping 'enable' set firewall group address-group router-addresses address 10.0.0.1 set firewall group address-group router-addresses address 127.0.0.1 set firewall group address-group k8s_nodes address '10.1.1.61-10.1.1.63' # master nodes -set firewall group address-group k8s_nodes address '10.1.1.41-10.1.1.46' # worker nodes +set firewall group address-group k8s_nodes address '10.1.1.70-10.1.1.254' # worker nodes set firewall group address-group k8s_api address '10.5.0.2' set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx diff --git a/config-parts/service-dhcp_server.sh b/config-parts/service-dhcp_server.sh index 7e2730f..f6664ac 100644 --- a/config-parts/service-dhcp_server.sh +++ b/config-parts/service-dhcp_server.sh @@ -43,7 +43,8 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-pa set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'allow booting;' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'next-server 10.1.1.1;' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'if exists user-class and option user-class = "iPXE" {' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "metal-amd64";' +# set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "metal-amd64";' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "http://10.5.0.7/boot.ipxe";' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters '} else {' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "undionly.kpxe";' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters '}' @@ -56,21 +57,11 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting ip-address '10.1.1.12' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting mac-address 'a8:a1:59:4a:d1:b3' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf ip-address '10.1.1.13' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf mac-address '90:e2:ba:dd:98:20' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf mac-address 'b4:96:91:20:2c:58' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax ip-address '10.1.1.30' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax mac-address '04:42:1a:ef:35:75' -# k8s prod workers -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address 'c8:1f:66:10:4d:b9' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elrond ip-address '10.1.1.43' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elrond mac-address 'BC:24:11:1D:24:93' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya ip-address '10.1.1.44' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya mac-address '80:e8:2c:db:68:a2' - # Raspberry Pis set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping frodo ip-address '10.1.1.51' @@ -97,6 +88,14 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping cirdan ip-address '10.1.1.63' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping cirdan mac-address '98:90:96:A2:04:B1' +# k8s prod workers +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping anduril ip-address '10.1.1.71' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping anduril mac-address 'd4:5d:64:91:b2:42' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf-01 ip-address '10.1.1.72' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf-01 mac-address '52:54:00:e5:08:8d' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax-01 ip-address '10.1.1.73' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax-01 mac-address '98:90:96:A2:04:B1' + # Trusted VLAN set service dhcp-server shared-network-name TRUSTED authoritative set service dhcp-server shared-network-name TRUSTED ping-check