From 405dc156c7ad41fc7418bd42a5404c516ed261cb Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Tue, 26 Jul 2022 18:36:33 +0000 Subject: [PATCH 1/5] Updating the monitoring1 mac --- facts/servers/serverlist.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/facts/servers/serverlist.csv b/facts/servers/serverlist.csv index 377b12c2..07b53067 100644 --- a/facts/servers/serverlist.csv +++ b/facts/servers/serverlist.csv @@ -10,6 +10,6 @@ server8,4c:72:b9:7c:42:21,,, server9,4c:72:b9:7c:3e:1d,,, server10,4c:72:b9:7c:3f:bc,,, core1,58:9c:fc:00:38:5f,2001:470:f0fb:103::5,10.0.3.5,core -monitoring1,58:9c:fc:0a:a8:f3,2001:470:f0fb:103::6,10.0.3.6,monitoring +monitoring1,58:9c:fc:07:84:4b,2001:470:f0fb:103::6,10.0.3.6,monitoring automation1,58:9c:fc:05:4a:f9,2001:470:f0fb:103::7,10.0.3.7,automation pkgcache,02:d7:ea:6f:f5:0b,2001:470:f0fb:103::19,10.0.3.19,norole From ab1428909a061ba4ed6d348144fc236716cfbb1e Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Fri, 29 Jul 2022 02:23:24 +0000 Subject: [PATCH 2/5] Adding flash1 (autoflasher) to aplist --- facts/aps/aplist.csv | 1 + 1 file changed, 1 insertion(+) diff --git a/facts/aps/aplist.csv b/facts/aps/aplist.csv index 73886522..1623b425 100644 --- a/facts/aps/aplist.csv +++ b/facts/aps/aplist.csv @@ -99,3 +99,4 @@ santamonicac-3,n8c-0025,74:44:01:96:52:b2,10.0.3.28,6,36,0,0,50,50 spare1,n8t-0057,08:bd:43:c8:74:69,10.0.3.132,11,153,0,0,50,50 stairs,n8t-0053,c4:04:15:90:1b:d1,10.0.3.120,1,36,0,0,50,50 tt2e-1,n7a-0086,e0:46:9a:5a:c0:51,10.0.3.92,6,40,0,0,50,50 +flash1,n8c-0037,c4:04:15:9b:46:60,10.0.3.155,6,149,0,,, From 37125ce169db3cd46d0783be0afa26a9f0def661 Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Thu, 28 Jul 2022 19:51:32 -0700 Subject: [PATCH 3/5] Temp workaround for larger subnet for infra --- ansible/inventory.py | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/ansible/inventory.py b/ansible/inventory.py index c614d38a..8a1f66b7 100755 --- a/ansible/inventory.py +++ b/ansible/inventory.py @@ -178,13 +178,24 @@ def dhcp4ranges(prefix, bitmask): return ["", "", "", "", ""] ipsplit = re.split(r'\.', prefix) if bitmask == 24: - return [ - ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".80", - ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".165", - ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".166", - ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".254", - ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".1", - ] + # FIX: Hardcoding the hiInfra for larger pool to handle aplist.csv + # not accounting for the 2 buildings since hilton is solo + if prefix == "10.0.3.0": # pylint: disable=R1705 + return [ + ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".150", + ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".250", + ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".150", + ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".250", + ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".1", + ] + else: + return [ + ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".80", + ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".165", + ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".166", + ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".254", + ipsplit[0] + "." + ipsplit[1] + "." + ipsplit[2] + ".1", + ] numocs = 2**(24 - bitmask) midthird = int(int(ipsplit[2]) + (numocs / 2)) topthird = int(int(ipsplit[2]) + (numocs - 1)) From c70f34bc15696fb882419a4152f633f337b8dab8 Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Fri, 29 Jul 2022 10:16:57 -0700 Subject: [PATCH 4/5] Fix goldens for dlangs newer key --- tests/unit/openwrt/golden/ar71xx/root/.ssh/authorized_keys | 1 + tests/unit/openwrt/golden/ipq806x/root/.ssh/authorized_keys | 1 + 2 files changed, 2 insertions(+) diff --git a/tests/unit/openwrt/golden/ar71xx/root/.ssh/authorized_keys b/tests/unit/openwrt/golden/ar71xx/root/.ssh/authorized_keys index a4722317..a728f076 100644 --- a/tests/unit/openwrt/golden/ar71xx/root/.ssh/authorized_keys +++ b/tests/unit/openwrt/golden/ar71xx/root/.ssh/authorized_keys @@ -1,4 +1,5 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnRaYbdYsnVqTZNRpXxgK1LlEk9QWa/JwaYAbOZFXiC scale19x-04032022 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqPnzsYPKyURdnUpZx1nt9RFQjaz9q7m5wh525Crsho dlang@dlang-mobile ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtTtJZOyg/9/hbP6IuCyjpA1L0SqMR6wWOU8uJaoa3YlN2sqUkIGne1WYc+4jR+0F2uusDQ1Beb2a9Z0XGxP7nkEIGc5ontC6R/ZUHGf8axz5LXGk9VESR6sMdOjeotSYWwcuj6kPqa0XNXy0nG08dhe8Y+QkjiDQRhjMka4OOmcjMtRAjJyfhROEMpFM18M4Fh3+8j36TatzQQWO6wZ408dQYIc6ShleVfVCvEn5fZ0lm3BRe0UW3wfNs9qupk89VrfUWAEYqvh2uSz9SJBEkGAumreu6ASq7rfPC2DyI60vIT4uaRsqSzfQyT9o1n4v8WmgUKp4kRfZ+T8jWFoUXhj82+2WCCxUlq8D1SRcXDI1OQhHNmH7okorw7TgKJPdM0f96tvgdviH3As6xP/GdnEup8HL0nqKSX8dbRggS9xvmr5SKqGN8QSrclJ+cCsUOWRctgGasf7m+Q6XFNF/8LG6wbqBxxw7TLMLkjVdppHAFoewoBau5cRKGQ++G+BU= dlang@dlang-mobile ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB3ATAbZj/tJXZsRnlpvAXphtY487R4EgDzBiVAf3BQxDzBnJ2T8KFTUUT/SKvq98erW3sCCuEFTYM4CVEm1uDDqhVfWuRbihx8tECZf3AYix3jslZrRUOBkHENxfSIqIwdtwKMuhWUjOhUZY396HMEJ4Qgo+KajAxFC1o2qSBaHN5gsCdZBUd21zJ1+eZHanv6WvwbXQAd4SPjEr61FV4Nw7LWp/theyMVbLYQgpj8kyQK2O2aF08Ts5R7kVSVmZujlUtI4QhObucOdbpfHEc1W0mvrQ5RxNXLElw22OcypEY4/K7eCcb77PHpdBbqqwChBQjx19DBnz0jSuWSCMDwBd1Z68P227IGM8R6L5HLJJpGNWP1jiDvFoCs2YqNlMrMgOLwUnclKWrhppdHcOTvatgDE238XFjQrod2uXORVE3egcWYFqC2L2qilCCBdC3Mf6TRbREZlQ5G79QdLmBBzB8u0DnSFOcQNRFRitbQKUsvdNUeM+GzYciWwPc5tNhEWXlAoSoHYFgDNjzJrU67IuSTT0GJ10Ijs/gCJLX5ctfra3uvgkeXTI49SdD4PSaXYvAGotb7clB6IHb/zwdQFdLtpo54FDQAEOWM00soLd0F2aj2gTmZ/kI/KpBz7ZsJvN35SSudQOZk+PTECWgfQuJHJh5502UsuddgDxi7w== ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjjcUJLTENGrV6K/nrPOswcBVMMuS4sLSs0UyTRw8wU87PDUzJz8Ht2SgHqeEQJdRm1+b6iLsx2uKOf+/pU8qE= root@kiev.delong.com diff --git a/tests/unit/openwrt/golden/ipq806x/root/.ssh/authorized_keys b/tests/unit/openwrt/golden/ipq806x/root/.ssh/authorized_keys index a4722317..a728f076 100644 --- a/tests/unit/openwrt/golden/ipq806x/root/.ssh/authorized_keys +++ b/tests/unit/openwrt/golden/ipq806x/root/.ssh/authorized_keys @@ -1,4 +1,5 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnRaYbdYsnVqTZNRpXxgK1LlEk9QWa/JwaYAbOZFXiC scale19x-04032022 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqPnzsYPKyURdnUpZx1nt9RFQjaz9q7m5wh525Crsho dlang@dlang-mobile ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtTtJZOyg/9/hbP6IuCyjpA1L0SqMR6wWOU8uJaoa3YlN2sqUkIGne1WYc+4jR+0F2uusDQ1Beb2a9Z0XGxP7nkEIGc5ontC6R/ZUHGf8axz5LXGk9VESR6sMdOjeotSYWwcuj6kPqa0XNXy0nG08dhe8Y+QkjiDQRhjMka4OOmcjMtRAjJyfhROEMpFM18M4Fh3+8j36TatzQQWO6wZ408dQYIc6ShleVfVCvEn5fZ0lm3BRe0UW3wfNs9qupk89VrfUWAEYqvh2uSz9SJBEkGAumreu6ASq7rfPC2DyI60vIT4uaRsqSzfQyT9o1n4v8WmgUKp4kRfZ+T8jWFoUXhj82+2WCCxUlq8D1SRcXDI1OQhHNmH7okorw7TgKJPdM0f96tvgdviH3As6xP/GdnEup8HL0nqKSX8dbRggS9xvmr5SKqGN8QSrclJ+cCsUOWRctgGasf7m+Q6XFNF/8LG6wbqBxxw7TLMLkjVdppHAFoewoBau5cRKGQ++G+BU= dlang@dlang-mobile ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB3ATAbZj/tJXZsRnlpvAXphtY487R4EgDzBiVAf3BQxDzBnJ2T8KFTUUT/SKvq98erW3sCCuEFTYM4CVEm1uDDqhVfWuRbihx8tECZf3AYix3jslZrRUOBkHENxfSIqIwdtwKMuhWUjOhUZY396HMEJ4Qgo+KajAxFC1o2qSBaHN5gsCdZBUd21zJ1+eZHanv6WvwbXQAd4SPjEr61FV4Nw7LWp/theyMVbLYQgpj8kyQK2O2aF08Ts5R7kVSVmZujlUtI4QhObucOdbpfHEc1W0mvrQ5RxNXLElw22OcypEY4/K7eCcb77PHpdBbqqwChBQjx19DBnz0jSuWSCMDwBd1Z68P227IGM8R6L5HLJJpGNWP1jiDvFoCs2YqNlMrMgOLwUnclKWrhppdHcOTvatgDE238XFjQrod2uXORVE3egcWYFqC2L2qilCCBdC3Mf6TRbREZlQ5G79QdLmBBzB8u0DnSFOcQNRFRitbQKUsvdNUeM+GzYciWwPc5tNhEWXlAoSoHYFgDNjzJrU67IuSTT0GJ10Ijs/gCJLX5ctfra3uvgkeXTI49SdD4PSaXYvAGotb7clB6IHb/zwdQFdLtpo54FDQAEOWM00soLd0F2aj2gTmZ/kI/KpBz7ZsJvN35SSudQOZk+PTECWgfQuJHJh5502UsuddgDxi7w== ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjjcUJLTENGrV6K/nrPOswcBVMMuS4sLSs0UyTRw8wU87PDUzJz8Ht2SgHqeEQJdRm1+b6iLsx2uKOf+/pU8qE= root@kiev.delong.com From dec7a9b3d67f9ebf9c2a9880b96074e7dfdda6c7 Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Fri, 29 Jul 2022 10:26:17 -0700 Subject: [PATCH 5/5] Fix acls for bind --- .../templates/named.conf.scale-acls.j2 | 34 +++++-------------- 1 file changed, 9 insertions(+), 25 deletions(-) diff --git a/ansible/roles/dnsserver/templates/named.conf.scale-acls.j2 b/ansible/roles/dnsserver/templates/named.conf.scale-acls.j2 index d34beca1..220d499b 100644 --- a/ansible/roles/dnsserver/templates/named.conf.scale-acls.j2 +++ b/ansible/roles/dnsserver/templates/named.conf.scale-acls.j2 @@ -1,32 +1,16 @@ +// acls managed by ansible +// FIX: this makes assumes for the building and ip mapping acl conference { -{% if hostvars[ansible_hostname].building == "Conference" %} - localhost; -{% endif %} -{% for vlan in vlans %} - {% if vlan["building"] == "Conference" %} - {% if vlan["ipv6prefix"] != " " %} - {{ vlan["ipv6prefix"] }}/{{ vlan["ipv6bitmask"]}}; - {% endif %} - {% if vlan["ipv4prefix"] != " " %} - {{ vlan["ipv4prefix"] }}/{{ vlan["ipv4bitmask"] }}; - {% endif %} - {% endif -%} -{% endfor -%} + 10.128.0.0/16; + 2001:470:f0fb:500::/56; + 2001:470:f0fb:600::/55; + 2001:470:f0fb:800::/56; }; acl expo { -{% if hostvars[ansible_hostname].building != "Conference" %} localhost; -{% endif %} -{% for vlan in vlans %} - {% if vlan["building"] != "Conference" %} - {% if vlan["ipv6prefix"] != " " %} - {{ vlan["ipv6prefix"] }}/{{ vlan["ipv6bitmask"]}}; - {% endif %} - {% if vlan["ipv4prefix"] != " " %} - {{ vlan["ipv4prefix"] }}/{{ vlan["ipv4bitmask"] }}; - {% endif %} - {% endif -%} -{% endfor -%} + 10.0.0.0/16; + 2001:470:f0fb:0::/54; + 2001:470:f0fb:400::/56; };