| 1 |
On Mon, 30 Jun 2014 12:46:38 -0700 C.J. Adams-Collier KF7BMP wrote: |
| 2 |
> Hello folks, |
| 3 |
> |
| 4 |
> I've got a project on my plate to automate and reduce the human error in |
| 5 |
> adding new VLANs, subnets, addresses, etc. to our production firewall |
| 6 |
> fleet. Today, we manually make modifications to the following on both |
| 7 |
> members of the VRRP pair: |
| 8 |
> |
| 9 |
> * /etc/conf.d/net.ext |
| 10 |
> * /etc/conf.d/net.int |
| 11 |
> * /etc/keepalived/keepalived.conf |
| 12 |
> * quagga OSPF running-config |
| 13 |
> |
| 14 |
> This leaves a lot of room for error. And occasionally, we let a thing |
| 15 |
> or two slip by us. This causes us enough headache to put some time and |
| 16 |
> energy in to improving the process. |
| 17 |
> |
| 18 |
> Which brings me to the question, does there exist a parser/generator for |
| 19 |
> the /etc/conf.d/net.* files? If not, would Gentoo like me to contribute |
| 20 |
> my work on the generator, and would one of you point me to the parser? |
| 21 |
|
| 22 |
If you're interested, we have developed a network init tool for |
| 23 |
mass control of vlans, bridges and so on. It is used on hosts with |
| 24 |
hundreds of production containers, where usual net.iface approach |
| 25 |
is too slow and cumbersome. It is based on plane ip (from iproute2) |
| 26 |
and called ipw (ip wrapper), bridges are managed via /sys/ |
| 27 |
interfare, so there are very litte dependencies: |
| 28 |
https://gitlab.ut.mephi.ru/ut/ipw/tree/master |
| 29 |
|
| 30 |
It looks like tuning it for your needs should be simple. |
| 31 |
|
| 32 |
Best regards, |
| 33 |
Andrew Savchenko |
Archives