Send traffic for RFC1918 addresses to the main routing table

[chef.git] / roles / equinix-dub.rb

diff --git a/roles/equinix-dub.rb b/roles/equinix-dub.rb
index 8bda3a86a3820824c9f88f19bfe46dce4d75b354..9652c2c8c19485bc2f13b304f2da5204706cb99a 100644 (file)
--- a/roles/equinix-dub.rb
+++ b/roles/equinix-dub.rb
@@ -2,6 +2,15 @@ name "equinix-dub"
 description "Role applied to all servers at Equinix Dublin"
 
 default_attributes(
+  :sysctl => {
+    :enable_bbr_10g => {
+      :comment => "Enable BBR. Equinix Dub has 10G uplink unlikely to buffer overrun",
+      :parameters => {
+        "net.ipv4.tcp_congestion_control" => "bbr",
+        "net.ipv4.tcp_notsent_lowat" => "16384"
+      }
+    }
+  },
   :networking => {
     :roles => {
       :internal => {
@@ -16,25 +25,36 @@ default_attributes(
       :external => {
         :zone => "dub",
         :inet => {
-          :prefix => "27",
-          :gateway => "184.104.226.97"
+          :rules => [
+            { :to => "10.0.0.0/8", :table => "main", :priority => 50 },
+            { :to => "172.16.0.0/12", :table => "main", :priority => 50 },
+            { :to => "192.168.0.0/16", :table => "main", :priority => 50 }
+          ]
         },
         :inet6 => {
-          :prefix => "64",
-          :gateway => "2001:470:1:b3b::1"
+          :rules => [
+            { :to => "2600:9000::/28", :table => 150, :priority => 100 }
+          ]
         }
       }
     }
   },
+  :prometheus => {
+    :metrics => {
+      :host_location => {
+        :help => "Host location",
+        :labels => { :site => "dublin" }
+      }
+    }
+  },
   :web => {
-    :fileserver => "fafnir",
     :readonly_database_host => "snap-03.dub.openstreetmap.org"
   }
 )
 
 override_attributes(
   :networking => {
-    :nameservers => ["10.0.64.2", "1.1.1.1", "1.0.0.1"],
+    :nameservers => ["10.0.64.2", "74.82.42.42", "2001:470:20::2"],
     :search => ["dub.openstreetmap.org", "openstreetmap.org"]
   },
   :ntp => {