Skip to content

Mikand acmec changes - sunet_prefix and dehydrated updates #418

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mickets1 merged 57 commits into from
Apr 21, 2026
Merged

Mikand acmec changes - sunet_prefix and dehydrated updates #418

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
57 commits
Select commit Hold shift + click to select a range
9677c15
Merge branch 'testing' into stable-2023v1
tuxdepend May 13, 2025
a057867
Merge branch 'stable-2023v1' of github.com:SUNET/puppet-sunet into st…
tuxdepend Aug 6, 2025
7aec025
Merge branch 'stable-2023v1' of github.com:SUNET/puppet-sunet into st…
tuxdepend Aug 13, 2025
578d961
Merge branch 'stable-2023v1' of github.com:SUNET/puppet-sunet into st…
tuxdepend Aug 25, 2025
d60210d
Merge branch 'main' into stable-2023v1
tuxdepend Aug 25, 2025
47af418
Bump tsm version to 8.1.27.
SpaceFarmer Aug 28, 2025
ea3740c
Merge branch 'main' into stable-2023v1
theseal Aug 28, 2025
76afbe4
Merge branch 'main' into stable-2023v1
theseal Sep 2, 2025
e17436e
Merge branch 'main' into stable-2023v1
theseal Sep 4, 2025
e4fa6c9
Merge branch 'main' into stable-2023v1
mikaelfrykholm Sep 5, 2025
141c73a
Merge branch 'main' into stable-2023v1
theseal Sep 9, 2025
e174683
Merge branch 'main' into stable-2023v1
mikaelfrykholm Sep 9, 2025
4547916
Merge branch 'main' into stable-2023v1
eest Sep 10, 2025
d762c9e
Merge branch 'main' into stable-2023v1
SpaceFarmer Sep 12, 2025
fd8e717
Merge branch 'main' into stable-2023v1
eest Sep 15, 2025
b56d281
Merge branch 'main' into stable-2023v1
eest Sep 15, 2025
49936bd
Merge branch 'main' into stable-2023v1
eest Sep 17, 2025
721b448
Merge branch 'main' into stable-2023v1
theseal Sep 22, 2025
02ad445
Merge remote-tracking branch 'refs/remotes/origin/stable-2023v1' into…
theseal Sep 22, 2025
7b5c45a
added new drive LBs in prod
mariahaider Sep 24, 2025
f1842fd
Merge branch 'main' into stable-2023v1
mariahaider Sep 25, 2025
0dd4afa
Merge branch 'main' into stable-2023v1
theseal Oct 2, 2025
21db7f4
Merge branch 'main' into stable-2023v1
theseal Oct 6, 2025
e3d0290
Merge branch 'main' into stable-2023v1
SpaceFarmer Oct 6, 2025
5b373e1
Merge branch 'main' into stable-2023v1
masv3971 Oct 14, 2025
b176921
Merge branch 'main' into stable-2023v1
masv3971 Oct 16, 2025
bf856e1
Merge branch 'main' into stable-2023v1
theseal Oct 27, 2025
33f1b52
Merge branch 'main' into stable-2023v1
theseal Oct 27, 2025
23ca56c
Merge branch 'main' into stable-2023v1
theseal Nov 3, 2025
24f6de4
Merge branch 'main' into stable-2023v1
theseal Nov 4, 2025
9260616
Merge branch 'main' into stable-2023v1
SpaceFarmer Nov 5, 2025
bd90e7b
Merge branch 'main' into stable-2023v1
theseal Nov 5, 2025
afe4551
Allow microk8s to have sudo, as a treat
mickenordin Nov 12, 2025
659073d
Merge branch 'main' into stable-2023v1
theseal Nov 17, 2025
d457e39
Merge branch 'main' into stable-2023v1
theseal Nov 18, 2025
5075c7b
Merge branch 'main' into stable-2023v1
theseal Nov 19, 2025
2cdf3c5
Merge branch 'main' into stable-2023v1
theseal Nov 24, 2025
7c7dcc1
Import redis tools
mickenordin Nov 27, 2025
507f74e
Merge branch 'testing' into stable-2023v1
theseal Dec 2, 2025
0ace2b2
Merge branch 'testing' into stable-2023v1
theseal Dec 3, 2025
2d94e96
Merge branch 'testing' into stable-2023v1
theseal Dec 4, 2025
c6ac4a5
Merge pull request #381 from SUNET/testing
tuxdepend Dec 15, 2025
03ae29b
Merge branch 'testing' into stable-2023v1
theseal Jan 12, 2026
b99f378
Merge branch 'testing' into stable-2023v1
theseal Jan 20, 2026
45a5511
Merge branch 'testing' into stable-2023v1
acrn Jan 21, 2026
c06d127
Merge branch 'testing' into stable-2023v1
theseal Feb 2, 2026
c6f87cc
Merge branch 'testing' into stable-2023v1
theseal Feb 9, 2026
5f53388
Merge branch 'testing' into stable-2023v1
theseal Feb 10, 2026
631232b
sunet prefixes
Feb 11, 2026
ecf3d77
sunet prefix fn call
Feb 11, 2026
c16fa9e
acmec tagging
Feb 11, 2026
6c12663
adding acmec tagging
Feb 11, 2026
08cacd5
small fixes
Feb 24, 2026
c34eb6f
adding sunet prefixes
Mar 11, 2026
d233cb5
changing resource_type
Mar 11, 2026
1c3f2ca
prefix changes
Apr 21, 2026
6b5943a
Merge branch 'testing' into mikand-acmec-changes
mickets1 Apr 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 44 additions & 39 deletions lib/puppet/functions/sunet_prefixes.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@
Puppet::Functions.create_function(:sunet_prefixes) do
dispatch :sunet_servers do
optional_param 'Struct[{
Optional[tags] => Array[Enum["knubbis","infraca"]],
Optional[family] => Enum["ip", "ip6", "inet"],
Optional[tags] => Array[Enum["knubbis","infraca", "acmec"]],
Optional[family] => Enum["ip", "ip6", "inet", "acmec"],

}]', :options
end

def sunet_servers(options = {})
requested_tags = options['tags'] || ["all"]
requested_tags = options['tags'] || ["all", "acmec"]
requested_family = options['family'] || "inet"

return_value = []
Expand All @@ -37,49 +37,54 @@ def sunet_servers(options = {})

def _data_source
[
{ "net": "3.71.178.160/32", "family": "ip", "comment": "ec2-3-71-178-160.eu-central-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "3.101.5.178/32", "family": "ip", "comment": "ec2-3-101-5-178.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "13.56.217.109/32", "family": "ip", "comment": "ec2-13-56-217-109.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "18.156.124.185/32", "family": "ip", "comment": "ec2-18-156-124-185.eu-central-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "18.157.244.215/32", "family": "ip", "comment": "ec2-18-157-244-215.eu-central-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "18.158.14.16/32", "family": "ip", "comment": "ec2-18-158-14-16.eu-central-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "18.158.37.246/32", "family": "ip", "comment": "ec2-18-158-37-246.eu-central-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "18.195.9.86/32", "family": "ip", "comment": "ec2-18-195-9-86.eu-central-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "54.177.34.135/32", "family": "ip", "comment": "ec2-54-177-34-135.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "54.193.162.123/32", "family": "ip", "comment": "ec2-54-193-162-123.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "54.219.108.181/32", "family": "ip", "comment": "ec2-54-219-108-181.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "86.105.116.0/22", "family": "ip", "comment": "SUNET Secured services and applications", "resource_type": "SUNET", "tags": ["knubbis", "infraca"] },
{ "net": "89.45.236.0/22", "family": "ip", "comment": "Safespring STO3", "resource_type": "safespring", "tags": ["knubbis", "infraca"] },
{ "net": "89.46.20.0/22", "family": "ip", "comment": "Safespring STO4", "resource_type": "safespring", "tags": ["knubbis", "infraca"] },
{ "net": "89.47.184.0/23", "family": "ip", "comment": "Safespring STO1", "resource_type": "safespring", "tags": ["knubbis", "infraca"] },
{ "net": "89.47.190.0/23", "family": "ip", "comment": "Safespring DCO", "resource_type": "safespring", "tags": ["knubbis", "infraca"] },
{ "net": "94.176.224.0/24", "family": "ip", "comment": "SwedenConnect TUG", "resource_type": "SUNET", "tags": ["knubbis", "infraca"] },
{ "net": "109.105.111.111", "family": "ip", "comment": "nagios.nordu.net", "resource_type": "nagiosxi", "tags": ["knubbis", "infraca"] },
{ "net": "3.71.178.160/32", "family": "ip", "comment": "ec2-3-71-178-160.eu-central-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "3.101.5.178/32", "family": "ip", "comment": "ec2-3-101-5-178.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "3.121.211.200/32", "family": "ip", "comment": "md-publisher-fra.inacademia.org", "resource_type": "inacademia", "tags": ["knubbis", "infraca", "acmec"]},
{ "net": "13.56.217.109/32", "family": "ip", "comment": "ec2-13-56-217-109.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "18.156.124.185/32", "family": "ip", "comment": "ec2-18-156-124-185.eu-central-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "18.157.244.215/32", "family": "ip", "comment": "ec2-18-157-244-215.eu-central-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "18.158.14.16/32", "family": "ip", "comment": "ec2-18-158-14-16.eu-central-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "18.158.37.246/32", "family": "ip", "comment": "ec2-18-158-37-246.eu-central-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "18.195.9.86/32", "family": "ip", "comment": "ec2-18-195-9-86.eu-central-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "52.210.104.234/32", "family": "ip", "comment": "rp.test.inacademia.org", "resource_type": "inacademia", "tags": ["knubbis", "infraca", "acmec"]},
{ "net": "54.177.34.135/32", "family": "ip", "comment": "ec2-54-177-34-135.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "54.193.162.123/32", "family": "ip", "comment": "ec2-54-193-162-123.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "54.219.108.181/32", "family": "ip", "comment": "ec2-54-219-108-181.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "86.105.116.0/22", "family": "ip", "comment": "SUNET Secured services and applications", "resource_type": "SUNET", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "89.45.236.0/22", "family": "ip", "comment": "Safespring STO3", "resource_type": "safespring", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "89.46.20.0/22", "family": "ip", "comment": "Safespring STO4", "resource_type": "safespring", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "89.47.184.0/23", "family": "ip", "comment": "Safespring STO1", "resource_type": "safespring", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "89.47.190.0/23", "family": "ip", "comment": "Safespring DCO", "resource_type": "safespring", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "94.176.224.0/24", "family": "ip", "comment": "SwedenConnect TUG", "resource_type": "SUNET", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "109.105.111.0/24", "family": "ip", "comment": "Nordunet", "resource_type": "Nordunet", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "109.105.116.119/32", "family": "ip", "comment": "md-publisher-bal.inacademia.org", "resource_type": "inacademia", "tags": ["knubbis", "infraca", "acmec"]},
{ "net": "130.242.3.49/32", "family": "ip", "comment": "sunic-node1.sunet.se", "resource_type": "SUNIC", "tags": ["knubbis"] },
{ "net": "130.242.3.125/32", "family": "ip", "comment": "sunic-node3.sunet.se", "resource_type": "SUNIC", "tags": ["knubbis"] },
{ "net": "130.242.3.241/32", "family": "ip", "comment": "sunic-node2.sunet.se", "resource_type": "SUNIC", "tags": ["knubbis"] },
{ "net": "130.242.121.23/32", "family": "ip", "comment": "vpn1.sunet.se", "resource_type": "VPN", "tags": ["knubbis", "infraca"] },
{ "net": "130.242.126.192/28", "family": "ip", "comment": "LB servers", "resource_type": "sunetfrontend", "tags": ["knubbis", "infraca"] },
{ "net": "130.242.130.0/24", "family": "ip", "comment": "eduID", "resource_type": "SUNET", "tags": ["knubbis", "infraca"] },
{ "net": "130.242.131.0/24", "family": "ip", "comment": "Reserved for EduID Dev", "resource_type": "SUNET", "tags": ["knubbis", "infraca"] },
{ "net": "130.242.132.0/24", "family": "ip", "comment": "SWAMID, eIDAS, FIDUS, eduid-dev", "resource_type": "SUNET", "tags": ["knubbis", "infraca"] },
{ "net": "184.72.45.62/32", "family": "ip", "comment": "ec2-184-72-45-62.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "184.169.227.115/32", "family": "ip", "comment": "ec2-184-169-227-115.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca"] },
{ "net": "192.36.171.64/26", "family": "ip", "comment": "Nutanix", "resource_type": "SUNET", "tags": ["knubbis", "infraca"] },
{ "net": "192.36.171.128/26", "family": "ip", "comment": "Nutanix", "resource_type": "SUNET", "tags": ["knubbis", "infraca"] },
{ "net": "192.36.171.192/26", "family": "ip", "comment": "Nutanix", "resource_type": "SUNET", "tags": ["knubbis", "infraca"] },
{ "net": "2001:6b0:1e::/48", "family": "ip6", "comment": "SUNET internal infrastructure", "resource_type": "SUNET", "tags": ["knubbis", "infraca"] },
{ "net": "130.242.126.192/28", "family": "ip", "comment": "Sunet LB servers", "resource_type": "sunetfrontend", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "130.242.130.0/24", "family": "ip", "comment": "eduID", "resource_type": "SUNET", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "130.242.131.0/24", "family": "ip", "comment": "Reserved for EduID Dev", "resource_type": "SUNET", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "130.242.132.0/24", "family": "ip", "comment": "SWAMID, eIDAS, FIDUS, eduid-dev", "resource_type": "SUNET", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "184.72.45.62/32", "family": "ip", "comment": "ec2-184-72-45-62.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "184.169.227.115/32", "family": "ip", "comment": "ec2-184-169-227-115.us-west-1.compute.amazonaws.com", "resource_type": "seamlessaccess", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "192.36.171.64/26", "family": "ip", "comment": "Nutanix", "resource_type": "SUNET", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "192.36.171.128/26", "family": "ip", "comment": "Nutanix", "resource_type": "SUNET", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "192.36.171.192/26", "family": "ip", "comment": "Nutanix", "resource_type": "SUNET", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "192.121.209.31/32", "family": "ip", "comment": "e-com.test.inacademia.org", "resource_type": "inacademia", "tags": ["knubbis", "infraca", "acmec"]},
{ "net": "193.140.63.114/32", "family": "ip", "comment": "md-publisher-ank.inacademia.org", "resource_type": "inacademia", "tags": ["knubbis", "infraca", "acmec"]},
{ "net": "2001:6b0:1e::/48", "family": "ip6", "comment": "SUNET internal infrastructure", "resource_type": "SUNET", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "2001:6b0:1e:2::22d/128","family": "ip6", "comment": "anycast1-link.sunet.se", "resource_type": "SUNIC", "tags": ["knubbis"] },
{ "net": "2001:6b0:1e:2::22f/128","family": "ip6", "comment": "anycast2-link.sunet.se", "resource_type": "SUNIC", "tags": ["knubbis"] },
{ "net": "2001:6b0:1e:2::231/128","family": "ip6", "comment": "sunic-node3.sunet.se", "resource_type": "SUNIC", "tags": ["knubbis"] },
{ "net": "2001:6b0:5a:4020::/64", "family": "ip6", "comment": "sunet.se-public (STO1)", "resource_type": "safespring", "tags": ["knubbis", "infraca"] },
{ "net": "2001:6b0:8::/48", "family": "ip6", "comment": "SUNET HOSTING", "resource_type": "SUNET", "tags": ["knubbis", "infraca"] },
{ "net": "2001:6b0:40::/48", "family": "ip6", "comment": "Safespring STO3", "resource_type": "safespring", "tags": ["knubbis", "infraca"] },
{ "net": "2001:6b0:63::/48", "family": "ip6", "comment": "eduID TUG", "resource_type": "SUNET", "tags": ["knubbis", "infraca"] },
{ "net": "2001:6b0:64::/48", "family": "ip6", "comment": "eduID STHB", "resource_type": "SUNET", "tags": ["knubbis", "infraca"] },
{ "net": "2001:6b0:6e::/48", "family": "ip6", "comment": "Safespring STO4", "resource_type": "safespring", "tags": ["knubbis", "infraca"] },
{ "net": "2001:6b0:7d:40::/64", "family": "ip6", "comment": "Safespring DCO", "resource_type": "safespring", "tags": ["knubbis", "infraca"] },
{ "net": "2001:948:4:6::111/128", "family": "ip6", "comment": "nagios.nordu.net", "resource_type": "nagiosxi", "tags": ["knubbis", "infraca"] },
{ "net": "2001:6b0:5a:4020::/64", "family": "ip6", "comment": "sunet.se-public (STO1)", "resource_type": "safespring", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "2001:6b0:8::/48", "family": "ip6", "comment": "SUNET HOSTING", "resource_type": "SUNET", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "2001:6b0:40::/48", "family": "ip6", "comment": "Safespring STO3", "resource_type": "safespring", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "2001:6b0:63::/48", "family": "ip6", "comment": "eduID TUG", "resource_type": "SUNET", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "2001:6b0:64::/48", "family": "ip6", "comment": "eduID STHB", "resource_type": "SUNET", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "2001:6b0:6e::/48", "family": "ip6", "comment": "Safespring STO4", "resource_type": "safespring", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "2001:6b0:7d:40::/64", "family": "ip6", "comment": "Safespring DCO", "resource_type": "safespring", "tags": ["knubbis", "infraca", "acmec"] },
{ "net": "2001:948:4:6::111/128", "family": "ip6", "comment": "nagios.nordu.net", "resource_type": "nagiosxi", "tags": ["knubbis", "infraca", "acmec"] },
]
end
end
11 changes: 9 additions & 2 deletions manifests/dehydrated.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
# dehydrated
class sunet::dehydrated(
String $version,
String $version,
Boolean $staging = false,
Boolean $cron = true,
Boolean $cleanup = true,
Array $allow_clients = [],
Integer $server_port = 80,
Integer $ssh_port = 22,
Array $allow_prefixes_by_tag = undef,
) {
$conf = lookup('dehydrated', undef, undef, undef)
if $conf !~ Hash {
Expand Down Expand Up @@ -148,8 +149,14 @@
warning("Unknown format of 'clients' - ignoring")
}

if $allow_prefixes_by_tag != undef {
$allow_clients_ssh = sunet_prefixes({tags => $allow_prefixes_by_tag, family=>'ip'}) + sunet_prefixes({tags => $allow_prefixes_by_tag, family=>'ip6'})

Check warning

Code scanning / Puppet Lint

line has more than 140 characters Warning

line has more than 140 characters
} else {
$allow_clients_ssh = $allow_clients
}

sunet::nftables::allow { 'allow-dehydrated-ssh':
from => $allow_clients,
from => $allow_clients_ssh,
port => $ssh_port,
}
}
Loading