ipv6ify mgmt

2017-02-07 01:22:19 +01:00 · 2017-02-07 01:22:19 +01:00 · e969a9b105
parent 568fa2102d
commit e969a9b105
4 changed files with 51 additions and 0 deletions
--- a/salt-pillar/hosts/init.sls
+++ b/salt-pillar/hosts/init.sls
@ -147,6 +147,47 @@ hosts-inet:
    bgp: 172.22.99.250

 hosts-inet6:
+  mgmt:
+    server1: fd23:42:c3d2:580::1
+    server2: fd23:42:c3d2:580::2
+    switch-b1: fd23:42:c3d2:580::10
+    switch-b2: fd23:42:c3d2:580::11
+    switch-c1: fd23:42:c3d2:580::12
+    switch-d1: fd23:42:c3d2:580::13
+    ap1: fd23:42:c3d2:580::4:1
+    ap2: fd23:42:c3d2:580::4:2
+    ap3: fd23:42:c3d2:580::4:3
+    ap4: fd23:42:c3d2:580::4:4
+    ap5: fd23:42:c3d2:580::4:5
+    ap6: fd23:42:c3d2:580::4:6
+    ap7: fd23:42:c3d2:580::4:7
+    ap8: fd23:42:c3d2:580::4:8
+    ap9: fd23:42:c3d2:580::4:9
+    ap10: fd23:42:c3d2:580::4:a
+    ap11: fd23:42:c3d2:580::4:b
+    ap12: fd23:42:c3d2:580::4:c
+    ap13: fd23:42:c3d2:580::4:d
+    ap14: fd23:42:c3d2:580::4:e
+    ap15: fd23:42:c3d2:580::4:f
+    ap16: fd23:42:c3d2:580::4:10
+    ap17: fd23:42:c3d2:580::4:11
+    ap18: fd23:42:c3d2:580::4:12
+    ap19: fd23:42:c3d2:580::4:13
+    ap20: fd23:42:c3d2:580::4:14
+    ap21: fd23:42:c3d2:580::4:15
+    ap22: fd23:42:c3d2:580::4:16
+    ap23: fd23:42:c3d2:580::4:17
+    ap24: fd23:42:c3d2:580::4:18
+    ap25: fd23:42:c3d2:580::4:19
+    ap26: fd23:42:c3d2:580::4:1a
+    ap27: fd23:42:c3d2:580::4:1b
+    ap28: fd23:42:c3d2:580::4:1c
+    ap29: fd23:42:c3d2:580::4:1d
+    ap30: fd23:42:c3d2:580::4:1e
+    ap31: fd23:42:c3d2:580::4:1f
+    ap32: fd23:42:c3d2:580::4:20
+    mgmt-gw: fd23:42:c3d2:580:ffff:ffff:ffff:ffff
+
  core:
    server1: fd23:42:c3d2:581::1
    server2: fd23:42:c3d2:581::102
--- a/salt-pillar/subnets/init.sls
+++ b/salt-pillar/subnets/init.sls
@ -22,6 +22,7 @@ subnets-inet:
  mgmt: 10.0.0.0/24

 subnets-inet6:
+  mgmt: fd23:42:c3d2:580::/64
  core: fd23:42:c3d2:581::/64
  serv: fd23:42:c3d2:582::/64
  pub: fd23:42:c3d2:583::/64
--- a/salt/firewall/mgmt-gw.sh
+++ b/salt/firewall/mgmt-gw.sh
@ -2,12 +2,18 @@

 if [ "$IFACE" = "{{ interface }}" ]; then
    iptables -F FORWARD
+    ip6tables -F FORWARD
    iptables -P FORWARD REJECT
+    ip6tables -P FORWARD REJECT
    iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
+    ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
    # DNS
    iptables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
+    ip6tables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
    # NTP
    iptables -A FORWARD -i $IFACE -p udp --dport 123 -j ACCEPT
+    ip6tables -A FORWARD -i $IFACE -p udp --dport 123 -j ACCEPT
    # collectd
    iptables -A FORWARD -i $IFACE -p udp --dport 25826 -j ACCEPT
+    ip6tables -A FORWARD -i $IFACE -p udp --dport 25826 -j ACCEPT
 fi
--- a/salt/firewall/mgmt-gw.sls
+++ b/salt/firewall/mgmt-gw.sls
@ -1,3 +1,6 @@
+iptables:
+  pkg.installed: []
+
 /etc/network/if-pre-up.d/firewall:
  file.managed:
    - source: salt://upstream/mgmt-gw.sh