GRE tunnel with IPSEC and CARP
Details
Details
Description
Yesterday
Yesterday
dereckson updated the task description for T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
dereckson added a comment to T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
Ah, that's now what we need, nice for the script!
yousra added a comment to T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
The file /usr/local/etc/devd/carp.conf :
dereckson added a comment to T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
You can directly use variables in the action to pass interface and state with $subsystem and $type
yousra added a comment to T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
notify 0 {
match "system" "CARP";
match "subsystem" "[0-9]+@[0-9a-z.]+";
match "type" "(MASTER|BACKUP)";
action "/usr/local/scripts/carp-test.sh";
};dereckson added a comment to T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
For all CARP external documentation, I think I've found the threshold where information is outdated in that man page:
dereckson added a comment to T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
According carp(4) (man carp) examples section, the name has changed.
yousra added a comment to T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
@dereckson I first tried to redefine the devd rule by matching specific IFNET event types such as LINK_UP, LINK_DOWN, UP and DOWN, but none of them were triggered during CARP state changes in my tests.
dereckson added a comment to T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
notify 0 {
match "system" "IFNET";
match "subsystem" "vmx1";
action "logger CARP state change detected";
};yousra added a comment to T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
A dedicated devd file was placed in /usr/local/etc/devd because this directory is usually used for custom configurations added by administrators, while /etc/devd contains the default system rules from FreeBSD. It makes the setup cleaner, avoids mixing custom logic with system configuration, and makes future maintenance or upgrades easier.
yousra updated the task description for T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
yousra updated the task description for T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
yousra updated the task description for T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
yousra updated the task description for T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
Sat, Mar 21
Sat, Mar 21
dereckson moved T2205: Enable CARP high-availability on router-002 and router-003 from Backlog to Servers config on the Salt board.
dereckson moved T2274: Configure CARP to send advertisements in unicast mode from Backlog to Servers config on the Salt board.
yousra moved T2274: Configure CARP to send advertisements in unicast mode from Working on to Done on the Secure HA tunnels board.
yousra moved T2205: Enable CARP high-availability on router-002 and router-003 from Working on to Done on the Secure HA tunnels board.
dereckson added a comment to P392 roles/router/carp/files/carp-ovh-switch.py.
Proof of concept to call OVH API from Python to define MAC address to router-002/003.
dereckson lowered the priority of T2277: Check DNS records with reference to router-001 from High to Normal.
Fri, Mar 20
Fri, Mar 20
dereckson added a comment to T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
OVH API credentials published to apps/network/carp-hyper-001-switch path,
under application_key, application_secret, consumer_key keys.
dereckson moved T2201: GRE tunnel creation from Backlog to Working on on the Secure HA tunnels board.
Thu, Mar 19
Thu, Mar 19
dereckson renamed T2279: Prometheus / IPsec exporter from Prometheus / ipsec exporter to Prometheus / IPsec exporter .
Wed, Mar 18
Wed, Mar 18
dereckson moved T2279: Prometheus / IPsec exporter from Backlog to Prometheus on the Monitoring and reporting board.
Duranzed created T2279: Prometheus / IPsec exporter .
yousra updated the task description for T2274: Configure CARP to send advertisements in unicast mode.
yousra updated the task description for T2274: Configure CARP to send advertisements in unicast mode.
yousra updated the task description for T2274: Configure CARP to send advertisements in unicast mode.
yousra updated the task description for T2274: Configure CARP to send advertisements in unicast mode.
yousra updated the task description for T2274: Configure CARP to send advertisements in unicast mode.
yousra updated the task description for T2274: Configure CARP to send advertisements in unicast mode.
yousra updated the task description for T2274: Configure CARP to send advertisements in unicast mode.
Tue, Mar 17
Tue, Mar 17
dereckson added a comment to T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
If we trigger the script through devd, we can provide a .conf configuration file in /usr/local/etc/devd.
dereckson renamed T2275: Decommission router-001 from Decomission router-001 to Decommission router-001.
dereckson added a parent task for T2277: Check DNS records with reference to router-001: T2275: Decommission router-001.