Page MenuHomePhabricator
Create Task
Maniphest T337082

Replace Capirca with Aerleon
Open, LowPublic
Actions

Description

Quick placeholder task to not forget about the few resources linked

The tool we use to generate ACLs has been forked and greatly improved under the name Aerleon.

We should use that opportunity to improve the Netbox Capirca script as well.

Details

SubjectRepoBranchLines +/-
Update wheels to pickup Aerleon 1.7.0operations/software/homer/deploymaster+2 -2
Update wheelsoperations/software/homer/deploymaster+6 -6
Aerleon: workaround regression with includesoperations/homer/publicmaster+178 -2
Convert ACL policies to YAML for Aerleonoperations/homer/publicmaster+816 -917
Replace Capirca with Aerleonoperations/software/homermaster+12 -10
Customize query in gerrit

Related Objects

Event Timeline

ayounsi triaged this task as Low priority.May 20 2023, 7:07 AM
ayounsi created this task.
Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptMay 20 2023, 7:07 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
gerritbot added a comment.Jun 12 2023, 12:55 PM

Change 929330 had a related patch set uploaded (by Ayounsi; author: Ayounsi):

[operations/homer/public@master] Convert ACL policies to YAML for Aerleon

https://gerrit.wikimedia.org/r/929330

gerritbot added a project: Patch-For-Review.Jun 12 2023, 12:55 PM
gerritbot added a comment.Jun 12 2023, 12:59 PM

Change 929333 had a related patch set uploaded (by Ayounsi; author: Ayounsi):

[operations/software/homer@master] Replace Capirca with Aerleon

https://gerrit.wikimedia.org/r/929333

cmooney subscribed.Jun 13 2023, 12:15 PM
gerritbot added a comment.Jul 18 2023, 8:32 AM

Change 929333 merged by jenkins-bot:

[operations/software/homer@master] Replace Capirca with Aerleon

https://gerrit.wikimedia.org/r/929333

jenkins-bot mentioned this in rOSHO09c7547a3378: Replace Capirca with Aerleon.Jul 18 2023, 8:33 AM
gerritbot added a comment.Jul 18 2023, 2:40 PM

Change 929330 merged by jenkins-bot:

[operations/homer/public@master] Convert ACL policies to YAML for Aerleon

https://gerrit.wikimedia.org/r/929330

Maintenance_bot removed a project: Patch-For-Review.Jul 18 2023, 3:11 PM
gerritbot added a comment.Jul 18 2023, 4:29 PM

Change 939325 had a related patch set uploaded (by Ayounsi; author: Ayounsi):

[operations/homer/public@master] Aerleon: workaround regression with includes

https://gerrit.wikimedia.org/r/939325

gerritbot added a project: Patch-For-Review.Jul 18 2023, 4:29 PM

Change 939325 merged by jenkins-bot:

[operations/homer/public@master] Aerleon: workaround regression with includes

https://gerrit.wikimedia.org/r/939325

Maintenance_bot removed a project: Patch-For-Review.Jul 18 2023, 4:31 PM
ayounsi added a comment.EditedJul 19 2023, 7:04 AM

Found a few "regressions":

WARNING:absl:Term allow_ok_icmp6 will not be rendered, as it has icmpv6 match specified but the ACL is of inet address family.
WARNING:absl:Term allow_ok_icmp4 will not be rendered, as it has icmp match specified but the ACL is of inet6 address family.
WARNING:absl:Term allow_dhcp_request4 will not be rendered, as it has source address match specified but no source addresses of inet6 address family are present.
WARNING:absl:Term allow_dns will not be rendered, as it has source address match specified but no source addresses of inet6 address family are present.
WARNING:absl:Term allow_vmhost will not be rendered, as it has source address match specified but no source addresses of inet6 address family are present.
WARNING:absl:Term allow_dhcp4 will not be rendered, as it has source address match specified but no source addresses of inet6 address family are present.

Are flooding the logs. Those used to be DEBUG messages so it's mostly aesthetic, I'm discussing with the Aerleon team to know the best path forward, worse case we can bump https://phabricator.wikimedia.org/diffusion/OSHO/browse/master/homer/cli.py$59 to ERROR

Upstream ticket: https://github.com/aerleon/aerleon/issues/324

This one minor too: https://github.com/aerleon/aerleon/issues/323

And the last one: rOHPUf3ae2f3da805: Aerleon: workaround regression with includes also being discussed, but this specific use-case will go away once the knams migration is completed. - https://github.com/aerleon/aerleon/issues/325

gerritbot added a comment.Aug 4 2023, 7:45 AM

Change 945748 had a related patch set uploaded (by Ayounsi; author: Ayounsi):

[operations/software/homer/deploy@master] Update wheels

https://gerrit.wikimedia.org/r/945748

gerritbot added a project: Patch-For-Review.Aug 4 2023, 7:45 AM
gerritbot added a comment.Aug 7 2023, 6:08 AM

Change 945748 merged by Ayounsi:

[operations/software/homer/deploy@master] Update wheels

https://gerrit.wikimedia.org/r/945748

Maintenance_bot removed a project: Patch-For-Review.Aug 7 2023, 6:10 AM
ayounsi mentioned this in rOSHP1e0986f5e340: Update wheels.Aug 7 2023, 6:13 AM
gerritbot added a comment.Aug 21 2023, 6:51 AM

Change 951038 had a related patch set uploaded (by Ayounsi; author: Ayounsi):

[operations/software/homer/deploy@master] Update wheels to pickup Aerleon 1.7.0

https://gerrit.wikimedia.org/r/951038

gerritbot added a project: Patch-For-Review.Aug 21 2023, 6:51 AM

Change 951038 merged by Ayounsi:

[operations/software/homer/deploy@master] Update wheels to pickup Aerleon 1.7.0

https://gerrit.wikimedia.org/r/951038

Maintenance_bot removed a project: Patch-For-Review.Aug 21 2023, 7:10 AM
ayounsi mentioned this in rOSHPe80ea0abc052: Update wheels to pickup Aerleon 1.7.0.Aug 21 2023, 7:53 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL