Page MenuHomeDevCentral
Differential D3988

Configure strongSwan as IPsec implementation
Needs ReviewPublic
Actions

Authored by Duranzed on Mon, Mar 2, 19:29.
Tags
None
Referenced Files
F25007841: D3988.id10517.diff
Tue, Mar 24, 22:50
F25007840: D3988.id10514.diff
Tue, Mar 24, 22:50
F25007838: D3988.id10520.diff
Tue, Mar 24, 22:50
F25007837: D3988.id10518.diff
Tue, Mar 24, 22:50
F25007836: D3988.id10513.diff
Tue, Mar 24, 22:50
F25007835: D3988.id10519.diff
Tue, Mar 24, 22:50
F25007834: D3988.id10515.diff
Tue, Mar 24, 22:50
F25007236: D3988.id10453.diff
Tue, Mar 24, 21:53
View All Files
Subscribers
None

Details

Reviewers
dereckson
Duranzed

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
GRE-tunnel
Build Status
Buildable 6491
Build 6775: arc lint + arc unit

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Duranzed edited the summary of this revision. (Show Details)Tue, Mar 3, 08:26
Duranzed updated this revision to Diff 10353.Tue, Mar 3, 14:40
  • Added an init.sls pour strongswan
Harbormaster completed remote builds in B6401: Diff 10353.Tue, Mar 3, 14:40
dereckson added a comment.Tue, Mar 3, 17:59

No link to a task in description?

dereckson retitled this revision from IPsec strongswan configuration to Configure strongSwan as IPsec implementation.Wed, Mar 4, 06:49
dereckson edited the summary of this revision. (Show Details)
dereckson requested changes to this revision.Wed, Mar 4, 07:14

Service part OK.

Configuration needs a better strategy to allow to provision per machine.

_modules/credentials.py
304 ↗(On Diff #10353)

That's handled in D3987.

Perhaps you want to do an arc diff HEAD^ --update D3988 ?

pillar/core/network.sls
58 ↗(On Diff #10353)

We can use the banner format here, to be coherent with the repository style.

73 ↗(On Diff #10353)

You can provision them as a follow-up change, uncommented instead.

93 ↗(On Diff #10353)

That comment can be safely removed: the pillar name and the ike_ esp_ keys make that clear what is it.

roles/core/strongswan/config.sls
21 ↗(On Diff #10353)

Jinja syntax allows to use dots as separator to access dictionary keys.

We can use it, but in that case, it's really coherent to use it everywhere.

22 ↗(On Diff #10353)

Won't really work beyond the scope of a test tunnel between those two links. You need a more flexible way to pass the info according the node.

Besides, if you deploy this on both router-002 and router-003 you would get twice the config router-002 to router-003 it seems.

roles/core/strongswan/files/swanctl.conf
1 ↗(On Diff #10353)

Header missing, see https://devcentral.nasqueron.org/source/snippets/browse/main/salt/file.conf

roles/core/strongswan/init.sls
1 ↗(On Diff #10353)

Header missing

4 ↗(On Diff #10353)

That one doesn't exist in the change it seems

This revision now requires changes to proceed.Wed, Mar 4, 07:14
Duranzed updated this revision to Diff 10382.Thu, Mar 5, 11:58

Updated strongswan config files and using a for loop for a more readable code

Harbormaster completed remote builds in B6427: Diff 10382.Thu, Mar 5, 11:58
Duranzed updated this revision to Diff 10383.Thu, Mar 5, 12:38

Added service.sls file

Harbormaster completed remote builds in B6428: Diff 10383.Thu, Mar 5, 12:38
Duranzed updated this revision to Diff 10385.Thu, Mar 5, 14:50
Duranzed marked 4 inline comments as done.

Modified Ysul IP adress in network.sls

Harbormaster completed remote builds in B6429: Diff 10385.Thu, Mar 5, 14:50
Duranzed updated this revision to Diff 10395.Tue, Mar 10, 08:23

Updated config files to use node.resolve_gre_tunnels

Harbormaster completed remote builds in B6436: Diff 10395.Tue, Mar 10, 08:23
Duranzed updated this revision to Diff 10400.Tue, Mar 10, 14:57

Improved configuration files and headers

Harbormaster completed remote builds in B6441: Diff 10400.Tue, Mar 10, 14:57
Duranzed updated this revision to Diff 10401.Tue, Mar 10, 15:10

Added software.sls and modified init.sls

Harbormaster completed remote builds in B6442: Diff 10401.Tue, Mar 10, 15:10
Duranzed accepted this revision.Thu, Mar 12, 12:33
dereckson requested changes to this revision.Thu, Mar 12, 21:59
dereckson added inline comments.
roles/core/strongswan/files/swanctl.conf
50 ↗(On Diff #10401)
This revision now requires changes to proceed.Thu, Mar 12, 21:59
dereckson added a comment.Thu, Mar 12, 22:00

Test to deploy this final version on Complector with a test=True to see if it's still no-op.

Duranzed updated this revision to Diff 10425.Fri, Mar 13, 22:41
  • Modified to create tunnels from router-003
Harbormaster completed remote builds in B6461: Diff 10425.Fri, Mar 13, 22:41
Duranzed updated this revision to Diff 10426.Fri, Mar 13, 22:44
  • Roles: update network pillar
Harbormaster completed remote builds in B6462: Diff 10426.Fri, Mar 13, 22:44
Duranzed updated this revision to Diff 10427.Fri, Mar 13, 22:48

Cleaning diff

Harbormaster completed remote builds in B6463: Diff 10427.Fri, Mar 13, 22:48
Duranzed updated this revision to Diff 10453.Mon, Mar 16, 20:15

using for loop to create GRE tunnel on router-002 and 003

Harbormaster completed remote builds in B6483: Diff 10453.Mon, Mar 16, 20:15
Duranzed updated this revision to Diff 10456.Wed, Mar 18, 08:42
  • modified network.sls
Harbormaster completed remote builds in B6485: Diff 10456.Wed, Mar 18, 08:42
Duranzed updated this revision to Diff 10457.Wed, Mar 18, 09:23

testing

Harbormaster completed remote builds in B6486: Diff 10457.Wed, Mar 18, 09:23
Duranzed updated this revision to Diff 10459.Wed, Mar 18, 10:18

Added IP canonical IP addresses to router-002 and router-003

Harbormaster completed remote builds in B6488: Diff 10459.Wed, Mar 18, 10:18
Duranzed updated this revision to Diff 10462.Wed, Mar 18, 12:58

improved indentation

Harbormaster completed remote builds in B6491: Diff 10462.Wed, Mar 18, 12:58
Duranzed updated this revision to Diff 10513.Mon, Mar 23, 14:04
Duranzed marked an inline comment as done.

Removed cloudhugger

Harbormaster completed remote builds in B6526: Diff 10513.Mon, Mar 23, 14:04
dereckson added inline comments.Mon, Mar 23, 14:08
pillar/core/network.sls
37 ↗(On Diff #10513)

We can use explicit variable names.

One letter variables is an historical artefact, from the era where the maximal length for a specific code line was fixed.

See for example for COBOL this IBM documentation:
https://www.ibm.com/docs/en/developer-for-zos/15.0.x?topic=editing-setting-language-specific-maximum-line-length

Nowadays, best practice is to use clear variable name to facilitate reading the code.

9 ↗(On Diff #10453)

What's the role of the router? I think it's to get public IP for that node.

Duranzed updated this revision to Diff 10514.Mon, Mar 23, 14:14

Added router-002

Harbormaster completed remote builds in B6527: Diff 10514.Mon, Mar 23, 14:14
Duranzed updated this revision to Diff 10515.Mon, Mar 23, 14:23

updated for loop syntax

Harbormaster completed remote builds in B6528: Diff 10515.Mon, Mar 23, 14:23
Duranzed updated this revision to Diff 10517.Mon, Mar 23, 16:46

Light modifications

Harbormaster completed remote builds in B6530: Diff 10517.Mon, Mar 23, 16:46
Duranzed updated this revision to Diff 10518.Mon, Mar 23, 16:58

added router parameter

Harbormaster completed remote builds in B6531: Diff 10518.Mon, Mar 23, 16:58
Duranzed updated this revision to Diff 10519.Mon, Mar 23, 17:19

testing list format for routers

Harbormaster completed remote builds in B6532: Diff 10519.Mon, Mar 23, 17:19
Duranzed updated this revision to Diff 10520.Mon, Mar 23, 17:39

removed for loop

Harbormaster completed remote builds in B6533: Diff 10520.Mon, Mar 23, 17:39
Duranzed updated this revision to Diff 10521.Mon, Mar 23, 17:47

better variable name

Harbormaster completed remote builds in B6534: Diff 10521.Mon, Mar 23, 17:47
Duranzed updated this revision to Diff 10522.Mon, Mar 23, 18:42

removed canonical ipv4 from network.sls and corrected node function

Harbormaster completed remote builds in B6535: Diff 10522.Mon, Mar 23, 18:42

Revision Contents
Changeset List

PathSize
pillar/
nodes/
4 lines

Diff 10462

View Options

pillar/nodes/nodes.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator