Details

Reviewers

dereckson
Duranzed

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Passed

Unit

No Test Coverage

Branch

strongswan

Build Status

Buildable 6530
Build 6814: arc lint + arc unit

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Duranzed edited the summary of this revision. (Show Details)Tue, Mar 3, 08:26

Added an init.sls pour strongswan

Harbormaster completed remote builds in B6401: Diff 10353.Tue, Mar 3, 14:40

No link to a task in description?

dereckson retitled this revision from IPsec strongswan configuration to Configure strongSwan as IPsec implementation.Wed, Mar 4, 06:49

dereckson edited the summary of this revision. (Show Details)

Service part OK.

Configuration needs a better strategy to allow to provision per machine.

_modules/credentials.py
304 ↗	(On Diff #10353)	That's handled in D3987. Perhaps you want to do an `arc diff HEAD^ --update D3988` ?
pillar/core/network.sls
55	We can use the banner format here, to be coherent with the repository style.
70	You can provision them as a follow-up change, uncommented instead.
90	That comment can be safely removed: the pillar name and the ike_ esp_ keys make that clear what is it.
roles/core/strongswan/config.sls
21	Jinja syntax allows to use dots as separator to access dictionary keys. We can use it, but in that case, it's really coherent to use it everywhere.
22	Won't really work beyond the scope of a test tunnel between those two links. You need a more flexible way to pass the info according the node. Besides, if you deploy this on both router-002 and router-003 you would get twice the config router-002 to router-003 it seems.
roles/core/strongswan/files/swanctl.conf
1	Header missing, see https://devcentral.nasqueron.org/source/snippets/browse/main/salt/file.conf
roles/core/strongswan/init.sls
2	Header missing
5	That one doesn't exist in the change it seems

This revision now requires changes to proceed.Wed, Mar 4, 07:14

Updated strongswan config files and using a for loop for a more readable code

Harbormaster completed remote builds in B6427: Diff 10382.Thu, Mar 5, 11:58

Added service.sls file

Harbormaster completed remote builds in B6428: Diff 10383.Thu, Mar 5, 12:38

Modified Ysul IP adress in network.sls

Harbormaster completed remote builds in B6429: Diff 10385.Thu, Mar 5, 14:50

Updated config files to use node.resolve_gre_tunnels

Harbormaster completed remote builds in B6436: Diff 10395.Tue, Mar 10, 08:23

Improved configuration files and headers

Harbormaster completed remote builds in B6441: Diff 10400.Tue, Mar 10, 14:57

Added software.sls and modified init.sls

Harbormaster completed remote builds in B6442: Diff 10401.Tue, Mar 10, 15:10

Duranzed accepted this revision.Thu, Mar 12, 12:33

dereckson requested changes to this revision.Thu, Mar 12, 21:59

dereckson added inline comments.

roles/core/strongswan/files/swanctl.conf
50–56

This revision now requires changes to proceed.Thu, Mar 12, 21:59

Test to deploy this final version on Complector with a test=True to see if it's still no-op.

Modified to create tunnels from router-003

Harbormaster completed remote builds in B6461: Diff 10425.Fri, Mar 13, 22:41

Roles: update network pillar

Harbormaster completed remote builds in B6462: Diff 10426.Fri, Mar 13, 22:44

Cleaning diff

Harbormaster completed remote builds in B6463: Diff 10427.Fri, Mar 13, 22:48

using for loop to create GRE tunnel on router-002 and 003

Harbormaster completed remote builds in B6483: Diff 10453.Mon, Mar 16, 20:15

modified network.sls

Harbormaster completed remote builds in B6485: Diff 10456.Wed, Mar 18, 08:42

testing

Harbormaster completed remote builds in B6486: Diff 10457.Wed, Mar 18, 09:23

Added IP canonical IP addresses to router-002 and router-003

Harbormaster completed remote builds in B6488: Diff 10459.Wed, Mar 18, 10:18

improved indentation

Harbormaster completed remote builds in B6491: Diff 10462.Wed, Mar 18, 12:58

Removed cloudhugger

Harbormaster completed remote builds in B6526: Diff 10513.Mon, Mar 23, 14:04

dereckson added inline comments.Mon, Mar 23, 14:08

pillar/core/network.sls
9–10	What's the role of the router? I think it's to get public IP for that node.
52–53	We can use explicit variable names. One letter variables is an historical artefact, from the era where the maximal length for a specific code line was fixed. See for example for COBOL this IBM documentation: https://www.ibm.com/docs/en/developer-for-zos/15.0.x?topic=editing-setting-language-specific-maximum-line-length Nowadays, best practice is to use clear variable name to facilitate reading the code.