Skip to content

Commit

Permalink
allow https to servers from wireless, amongst others
Browse files Browse the repository at this point in the history
  • Loading branch information
@carpenike
carpenike committed Dec 22, 2021
1 parent 33865cb commit 4482b15
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 16 deletions.
16 changes: 9 additions & 7 deletions ansible/inventory/group_vars/all/address_book.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,13 +139,6 @@ address_book:
ipv4_addr: 10.20.0.15
groups:
- pki
sm-0:
hostname: sm-0
network: servers
dhcp_client: false
ipv4_addr: 10.20.10.18
groups:
- utility
sidero:
hostname: sidero
network: servers
Expand All @@ -172,6 +165,15 @@ address_book:
####################
### DHCP Clients ###
####################

sm-0:
hostname: sm-0
mac_addr: 00:25:90:99:12:70
network: servers
dhcp_client: true
ipv4_addr: 10.20.10.18
groups:
- sidero
ubnt-upstairs:
hostname: ubnt-upstairs
mac_addr: 80:2a:a8:10:ed:da
Expand Down
2 changes: 2 additions & 0 deletions ansible/inventory/host_vars/fw/firewall_zones.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -271,6 +271,8 @@ vyos_firewall_zones:
- accept_related: null
- drop_invalid: null
- accept_icmp: null
- accept_http: null
- accept_https: null
- accept_k8s_api: null
- accept_dns: null
- accept_smb_from_smb_clients: null
Expand Down
5 changes: 5 additions & 0 deletions ansible/inventory/host_vars/fw/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,9 @@ vyos_managed_files:
- template: cloudflare-ipv4.sh.j2
dest: /config/scripts/cloudflare-ipv4.sh
mode: "0755"
- template: ipxe-metal.conf.j2
dest: /config/dhcp/ipxe-metal.conf
mode: "0755"

# -------------------------
# Interfaces configuration
Expand Down Expand Up @@ -158,11 +161,13 @@ vyos_dhcp_server:
hostfile-update: true
interfaces:
mgmt:
domain: "{{ vyos_domain }}"
subnet_parameters: "option omada-address 10.45.10.20;"
wired:
domain: "{{ vyos_domain }}"
servers:
domain: "{{ vyos_domain }}"
subnet_parameters: "include "/config/dhcp/ipxe-metal.conf";"
iot:
domain: "{{ vyos_domain }}"
video:
Expand Down
10 changes: 4 additions & 6 deletions ansible/playbooks/vyos/templates/ha_proxy.cfg.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,16 +51,14 @@ backend k8s_controlplane
mode tcp
option ssl-hello-chk
balance roundrobin
server master1 master1.cluster-0.{{ vyos_domain }}:6443 check
server master2 master2.cluster-0.{{ vyos_domain }}:6443 check
server master3 master3.cluster-0.{{ vyos_domain }}:6443 check
server cp-0 cp-0.{{ vyos_domain }}:6443 check
server cp-1 cp-1.{{ vyos_domain }}:6443 check
server cp-2 cp-2.{{ vyos_domain }}:6443 check

backend talos_controlplane
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server master1 master1.cluster-0.{{ vyos_domain }}:50000 check
server master2 master2.cluster-0.{{ vyos_domain }}:50000 check
server master3 master3.cluster-0.{{ vyos_domain }}:50000 check
server sidero sidero.{{ vyos_domain }}:50000 check
6 changes: 3 additions & 3 deletions ansible/playbooks/vyos/templates/ipxe-metal.conf.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@ allow bootp;
allow booting;

# IP address for PXE-based TFTP methods
next-server {{ vyos_address_book_enriched['hosts']['abraham']['ipv4_addr'] }};
next-server {{ vyos_address_book_enriched['hosts']['sm-0']['ipv4_addr'] }};

# Configuration for iPXE clients
class "ipxeclient" {
match if exists user-class and (option user-class = "iPXE");
filename "http://{{ vyos_address_book_enriched['hosts']['abraham']['ipv4_addr'] }}:8081/boot.ipxe";
filename "http://{{ vyos_address_book_enriched['hosts']['sm-0']['ipv4_addr'] }}:8081/boot.ipxe";
}

# Configuration for legacy BIOS-based PXE boot
Expand All @@ -26,5 +26,5 @@ class "pxeclients" {
class "httpclients" {
match if not exists user-class and substring (option vendor-class-identifier, 0, 10) = "HTTPClient";
option vendor-class-identifier "HTTPClient";
filename "http://{{ vyos_address_book_enriched['hosts']['abraham']['ipv4_addr'] }}:8081/tftp/ipxe.efi";
filename "http://{{ vyos_address_book_enriched['hosts']['sm-0']['ipv4_addr'] }}:8081/tftp/ipxe.efi";
}

0 comments on commit 4482b15

Please sign in to comment.