cymru management network VPN
setup a VPN to talk to the management interfaces in the cymru cluster.
-
renumber all the iDRACs to use a private IP from RFC1918 (172.30.140.x/24) -
flip the port to be in a private VLAN (done with dave!) -
update access instructions in the password manager -
update the network diagrams (in the wiki, not just here) -
add the management network range to the DNS -
explicitely allocate IPs for themoved to #40128 (closed)eth2
on the hosts (chi-3 and 4) in DNS (or maybe just have one floating IP configured in Puppet on the fly, as needed?) -
configure eth2 interfaces on chi-3 and 4 permanently? (or in Puppet?)moved to #40128 (closed) -
unconfigure eth2
on everything butchi-node-01
while we figure out the proper way to set a gateway (#40128 (closed)) -
document how to access the iDRAC (especially the web interface) remotely (SSH proxying? IPsec? sshuttle might remove the need for a floating IP) -
how to do IP address changes in the iDRAC -
renumber 38.229.82.10 (cymru's machine, dave will do it) -
refactor profile::ganeti::chi
in Puppet to make it easier to add new roaming clients -
something else? review the ticket comments here to make sure nothing fell through the cracks (e.g. net.ipv4.ip_forward=1
and SOCKS not covered by the above explicitly) -
renumber gateway from 172.30.140.1 (chi-node-01) to 172.30.140.100 (floating IP to be assigned to the gateway, see #40128 (closed) )
Edited by anarcat