Page MenuHomeDevCentral
Create Task
Maniphest T1619

Connect all baremetal servers to Drake network
Closed, ResolvedPublic
Actions

Description

Create GRE tunnels:

  • WindRiver -> router-001
  • Ysul -> router-001
  • CloudHugger -> router-001

Eglide can currently be ignored.

Hypervisors offers a small router server instance to use with a virtual card on each machine (e.g. IntraNought, see T1478). We can use one of them, let's pick router-001, to link baremetals.

Revisions and Commits

rOPS Nasqueron Operations
D2594rOPSdd9568c152dd Reconfigure GRE tunnels
D2596rOPS6deb32e01378 Set kernel state for router
D2303rOPS691c2f456811 Create GRE tunnel between WindRiver and Ysul

Related Objects
Search...

Event Timeline

dereckson triaged this task as Normal priority.Sep 20 2020, 00:57
dereckson created this task.
dereckson added a revision: D2303: Create GRE tunnel between WindRiver and Ysul.Sep 20 2020, 00:59
dereckson added a commit: rOPS691c2f456811: Create GRE tunnel between WindRiver and Ysul.Sep 20 2020, 02:11
dereckson moved this task from Backlog to Pending review on the Operations sprints (Consolidate them all) board.Sep 21 2020, 23:34
dereckson added a subtask: T1521: Restrict MySQL access.
dereckson added a comment.Sep 24 2020, 20:50

Let's rewire tunnels against router-001.nasqueron.org / 51.255.124.8 / 172.27.27.1

dereckson updated the task description. (Show Details)Mar 5 2022, 00:13
dereckson added a comment.Mar 5 2022, 00:25

There is a concurrent approach through tinc deployed on devserver WindRiver:

WindRiver
$ ifconfig tun0
tun0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet 172.27.27.27 netmask 0xfffffe00 broadcast 172.27.27.255
        groups: tun
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        Opened by PID 901

$ ps auxw | grep 901
root           901   0.0  0.0  17624  5988  -  Ss   18Jan22      2:29.96 /usr/local/sbin/tincd -n drake_wind

$ ls /usr/local/etc/tinc/drake_wind
ed25519_key.priv        invitation-data         tinc-up
hosts                   rsa_key.priv            tinc.conf
/usr/local/etc/tinc/drake_wind/tinc.conf
Name = drake_wind
ConnectTo = drake_router_001
/usr/local/etc/tinc/drake_wind/tinc-up
#!/bin/sh
ifconfig $INTERFACE 172.27.27.27 netmask 255.255.254.0
dereckson added a comment.Mar 14 2022, 23:32

If all we want are tunnels, Tinc could be overkill, as GRE tunnels work well at D2594 + D2595.

If we want tunnels communication to be encrypted, GRE don't encrypt traffic natively, so we can:

  • switch to Tinc
  • add IPSEC to GRE
dereckson added a parent task: T1702: Deploy Complector aka la source.Mar 15 2022, 00:44
dereckson added a commit: rOPS6deb32e01378: Set kernel state for router.Mar 22 2022, 18:19
dereckson added a revision: D2596: Set kernel state for router.
dereckson added a commit: rOPSdd9568c152dd: Reconfigure GRE tunnels.
dereckson added a revision: D2594: Reconfigure GRE tunnels.
dereckson closed this task as Resolved.Apr 15 2022, 19:20
dereckson updated the task description. (Show Details)

We're done here :)

If we want to use tinc, we can open a new issue.

dereckson mentioned this in Unknown Object (Maniphest Task).May 7 2023, 10:09
dereckson closed subtask T1521: Restrict MySQL access as Resolved.May 18 2023, 11:45
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator