cymru management network VPN

setup a VPN to talk to the management interfaces in the cymru cluster.

• renumber all the iDRACs to use a private IP from RFC1918 (172.30.140.x/24)
• flip the port to be in a private VLAN (done with dave!)
• update access instructions in the password manager
• update the network diagrams (in the wiki, not just here)
• add the management network range to the DNS
• explicitely allocate IPs for the eth2 on the hosts (chi-3 and 4) in DNS (or maybe just have one floating IP configured in Puppet on the fly, as needed?) moved to #40128 (closed)
• configure eth2 interfaces on chi-3 and 4 permanently? (or in Puppet?) moved to #40128 (closed)
• unconfigure eth2 on everything but chi-node-01 while we figure out the proper way to set a gateway (#40128 (closed))
• document how to access the iDRAC (especially the web interface) remotely (SSH proxying? IPsec? sshuttle might remove the need for a floating IP)
• how to do IP address changes in the iDRAC
• renumber 38.229.82.10 (cymru's machine, dave will do it)
• refactor profile::ganeti::chi in Puppet to make it easier to add new roaming clients
• something else? review the ticket comments here to make sure nothing fell through the cracks (e.g. net.ipv4.ip_forward=1 and SOCKS not covered by the above explicitly)
• renumber gateway from 172.30.140.1 (chi-node-01) to 172.30.140.100 (floating IP to be assigned to the gateway, see #40128 (closed) )