Goodbye, 18.181.0.0/16

Signed-off-by: Anders Kaseorg <[email protected]>

Author: andersk

ansible/inventory.yml

@@ -18,34 +18,18 @@ all:
     - username: vasilvv
 
     vips:
-    - host: scripts-director.mit.edu
-      ip: 18.181.0.132
-      cidr_netmask: 16
-      nic: vlan181
     - host: scripts-director-new.mit.edu
       ip: 18.4.86.132
       cidr_netmask: 24
       nic: vlan486
-    - host: scripts.mit.edu
-      ip: 18.181.0.43
-      cidr_netmask: 16
-      nic: vlan181
     - host: scripts-new.mit.edu
       ip: 18.4.86.43
       cidr_netmask: 24
       nic: vlan486
-    - host: scripts-cert.mit.edu
-      ip: 18.181.0.50
-      cidr_netmask: 16
-      nic: vlan181
     - host: scripts-cert-new.mit.edu
       ip: 18.4.86.50
       cidr_netmask: 24
       nic: vlan486
-    - host: scripts-vhosts.mit.edu
-      ip: 18.181.0.46
-      cidr_netmask: 16
-      nic: vlan181
     - host: scripts-vhosts-new.mit.edu
       ip: 18.4.86.46
       cidr_netmask: 24
@@ -54,10 +38,6 @@ all:
       ip: 18.4.86.229
       cidr_netmask: 24
       nic: vlan486
-    - host: sipb.mit.edu
-      ip: 18.181.0.29
-      cidr_netmask: 16
-      nic: vlan181
     - host: sipb-new.mit.edu
       ip: 18.4.86.29
       cidr_netmask: 24
@@ -71,18 +51,12 @@ all:
     scripts-directors:
       hosts:
         george-lucas.mit.edu:
-          vlan181_address: 18.181.0.220
-          vlan181_hwaddr: 00:50:56:87:9b:7d
           vlan486_address: 18.4.86.220
           vlan486_hwaddr: 00:50:56:87:03:c5
         joss-whedon.mit.edu:
-          vlan181_address: 18.181.0.226
-          vlan181_hwaddr: 00:50:56:87:2c:8e
           vlan486_address: 18.4.86.226
           vlan486_hwaddr: 00:50:56:87:c2:23
         christopher-nolan.mit.edu:
-          vlan181_address: 18.181.0.111
-          vlan181_hwaddr: 00:50:56:87:07:a0
           vlan486_address: 18.4.86.111
           vlan486_hwaddr: 00:50:56:87:d4:4e
 

ansible/roles/lvs-iptables/files/scripts-iptables.rules.v4

@@ -13,13 +13,10 @@
 :scripts - [0:0]
 
 # scripts-vhosts.mit.edu
--A PREROUTING -d 18.181.0.46 -j scripts
 -A PREROUTING -d 18.4.86.46 -j scripts
 # scripts.mit.edu
--A PREROUTING -d 18.181.0.43 -j scripts
 -A PREROUTING -d 18.4.86.43 -j scripts
 # scripts-cert.mit.edu
--A PREROUTING -d 18.181.0.50 -j scripts
 -A PREROUTING -d 18.4.86.50 -j scripts
 
 # Send Apache-bound traffic to FWM 2 (load-balanced)
@@ -32,16 +29,13 @@
 -A scripts -m mark --mark 0 -j MARK --set-mark 1
 
 # scripts-primary.mit.edu goes to the primary (FWM 1) on all ports
--A PREROUTING -d 18.181.0.182 -j MARK --set-mark 1
 -A PREROUTING -d 18.4.86.182 -j MARK --set-mark 1
 
 # sipb.mit.edu acts like regular scripts for the web ports, everything else goes to i-hate-penguins.xvm.mit.edu (FWM 4)
--A PREROUTING -m tcp -m multiport -p tcp -d 18.181.0.29 --dports 80,443,444 -j MARK --set-mark 2
 -A PREROUTING -m tcp -m multiport -p tcp -d 18.4.86.29 --dports 80,443,444 -j MARK --set-mark 2
 # Also send port 25 there too because the IP is shared with rtfm.mit.edu (fix this after renaming the machine)
 #-A PREROUTING -m tcp -m multiport -p tcp -d 18.181.0.29 --dports 20,21,25 -j MARK --set-mark 4
 # All else to i-hate-penguins
--A PREROUTING -m mark --mark 0 -d 18.181.0.29 -j MARK --set-mark 4
 -A PREROUTING -m mark --mark 0 -d 18.4.86.29 -j MARK --set-mark 4
 
 COMMIT

ansible/scripts-directors.yml

@@ -3,16 +3,6 @@
   vars:
     network_allow_service_restart: false
     network_ether_interfaces:
-    - device: vlan181
-      hwaddr: "{{ vlan181_hwaddr }}"
-      cidr: "{{ vlan181_address }}/16"
-      gateway: 18.181.0.1
-      options:
-      - metric 2
-      - up ip route add 18.181.0.0/16 table 181 dev vlan181
-      - up ip route add default table 181 via 18.181.0.1 dev vlan181
-      - up ip rule add from 18.181.0.0/16 table 181
-      - down ip rule del table 181
     - device: vlan486
       hwaddr: "{{ vlan486_hwaddr }}"
       cidr: "{{ vlan486_address }}/24"

server/fedora/config/etc/hosts

@@ -35,35 +35,3 @@
 172.21.0.141	golden-egg.mit.edu
 172.21.0.203	miracle-cure.mit.edu
 172.21.0.204	lucky-star.mit.edu
-
-18.181.0.43	scripts-old.mit.edu scripts-old
-18.181.0.46	scripts-vhosts-old.mit.edu scripts-vhosts-old
-18.181.0.50	scripts-cert-old.mit.edu scripts-cert-old
-18.181.0.52	sql-old.mit.edu sql-old
-18.181.0.229	scripts-test-old.mit.edu scripts-test-old
-
-18.181.0.57	better-mousetrap-old.mit.edu better-mousetrap.mit.edu better-mousetrap-old
-18.181.0.53	old-faithful-old.mit.edu old-faithful.mit.edu old-faithful-old
-18.181.0.167	bees-knees-old.mit.edu bees-knees.mit.edu bees-knees-old
-18.181.0.228	cats-whiskers-old.mit.edu cats-whiskers.mit.edu cats-whiskers-old
-18.181.0.236	whole-enchilada-old.mit.edu whole-enchilada.mit.edu whole-enchilada-old
-18.181.0.237	pancake-bunny-old.mit.edu pancake-bunny.mit.edu pancake-bunny-old
-18.181.0.234	busy-beaver-old.mit.edu busy-beaver.mit.edu busy-beaver-old
-18.181.0.235	real-mccoy-old.mit.edu real-mccoy.mit.edu real-mccoy-old
-18.181.0.135	shining-armor-old.mit.edu shining-armor.mit.edu shining-armor-old
-18.181.0.141	golden-egg-old.mit.edu golden-egg.mit.edu golden-egg-old
-18.181.0.203	miracle-cure-old.mit.edu miracle-cure.mit.edu miracle-cure-old
-18.181.0.204	lucky-star-old.mit.edu lucky-star.mit.edu lucky-star-old
-
-172.21.0.57	better-mousetrap-old.mit.edu
-172.21.0.53	old-faithful-old.mit.edu
-172.21.0.167	bees-knees-old.mit.edu
-172.21.0.228	cats-whiskers-old.mit.edu
-172.21.0.236	whole-enchilada-old.mit.edu
-172.21.0.237	pancake-bunny-old.mit.edu
-172.21.0.234	busy-beaver-old.mit.edu
-172.21.0.235	real-mccoy-old.mit.edu
-172.21.0.135	shining-armor-old.mit.edu
-172.21.0.141	golden-egg-old.mit.edu
-172.21.0.203	miracle-cure-old.mit.edu
-172.21.0.204	lucky-star-old.mit.edu

server/fedora/config/etc/httpd/conf.d/181-interstitial.conf

@@ -55,12 +55,3 @@ ErrorDocument 403 /__scripts/forbidden.shtml
 
 # Generated from http://kb.mit.edu/confluence/x/F4DCAg, 2017-06-27
 SetEnvIf REMOTE_ADDR ^(10|18\.(\d\d?|1([0-2]\d|3[1-57-9]|4[0-369]|5[024-9]|6[135-9]|7[0-46-8]|8[013679]|9[02389])|2(29|3[089]|4[0-578]|5[0-245]))|128\.(3[01]|52))\. SCRIPTS_REMOTE_MITNET
-
-<Location /__scripts/dismiss-181-interstitial>
-    Header always set Set-Cookie "__scripts-dismiss-181-interstitial=1; Path=/; Max-Age=43200"
-    Redirect 303 /__scripts/dismiss-181-interstitial/ /
-</Location>
-
-<Location /__scripts/181-interstitial/>
-    Redirect 303 /__scripts/181-interstitial/ /
-</Location>

server/fedora/config/etc/httpd/conf.d/scripts-special.conf

@@ -1,20 +1,5 @@
 ServerName scripts.mit.edu
 ServerAlias \
-    scripts-old.mit.edu scripts-old 18.181.0.43 \
-    scripts-vhosts-old.mit.edu scripts-vhosts-old 18.181.0.46 \
-    scripts-test-old.mit.edu scripts-test-old 18.181.0.229 \
-    better-mousetrap-old.mit.edu better-mousetrap-old 18.181.0.57 \
-    old-faithful-old.mit.edu old-faithful-old 18.181.0.53 \
-    bees-knees-old.mit.edu bees-knees-old 18.181.0.167 \
-    cats-whiskers-old.mit.edu cats-whiskers-old 18.181.0.228 \
-    whole-enchilada-old.mit.edu whole-enchilada-old 18.181.0.236 \
-    pancake-bunny-old.mit.edu pancake-bunny-old 18.181.0.237 \
-    busy-beaver-old.mit.edu busy-beaver-old 18.181.0.234 \
-    real-mccoy-old.mit.edu real-mccoy-old 18.181.0.235 \
-    shining-armor-old.mit.edu shining-armor-old 18.181.0.135 \
-    golden-egg-old.mit.edu golden-egg-old 18.181.0.141 \
-    miracle-cure-old.mit.edu miracle-cure-old 18.181.0.203 \
-    lucky-star-old.mit.edu lucky-star-old 18.181.0.204 \
     scripts 18.4.86.43 \
     scripts-vhosts.mit.edu scripts-vhosts 18.4.86.46 \
     scripts-test.mit.edu scripts-test 18.4.86.229 \

server/fedora/config/etc/httpd/conf.d/scripts-vhost-names.conf

@@ -273,7 +273,7 @@ ProxyRequests Off
     ErrorDocument 404 "No favicon.ico.
 </Location>
 
-<VirtualHost 18.181.0.50:80 18.4.86.50:80>
+<VirtualHost 18.4.86.50:80>
     ServerName scripts-cert.mit.edu
     ServerAlias scripts-cert
     Include conf.d/scripts-vhost.conf
@@ -286,15 +286,8 @@ ProxyRequests Off
     Include conf.d/vhost_ldap.conf
     Include conf.d/vhosts-common.conf
 </VirtualHost>
-# LDAP vhost, w00t w00t
-<VirtualHost 18.181.0.46:80>
-    ServerName localhost
-    Include conf.d/vhost_ldap.conf
-    Include conf.d/vhosts-common.conf
-    Include conf.d/181-interstitial.conf
-</VirtualHost>
 
-<VirtualHost *:80 18.181.0.46:80>
+<VirtualHost *:80>
     Include conf.d/scripts-vhost-names.conf
     Include conf.d/scripts-vhost.conf
     Include conf.d/vhosts-common.conf
@@ -328,7 +321,7 @@ ProxyRequests Off
     SSLHonorCipherOrder on
     SSLCompression off
 
-    <VirtualHost 18.181.0.50:443 18.181.0.50:444 18.4.86.50:443 18.4.86.50:444>
+    <VirtualHost 18.4.86.50:443 18.4.86.50:444>
         ServerName scripts-cert.mit.edu
         ServerAlias scripts-cert
         Include conf.d/scripts-vhost.conf
@@ -337,14 +330,14 @@ ProxyRequests Off
         SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
         Include conf.d/vhosts-common-ssl-cert.conf
     </VirtualHost>
-    <VirtualHost 18.181.0.43:443 18.4.86.43:443>
+    <VirtualHost 18.4.86.43:443>
         Include conf.d/scripts-vhost-names.conf
         Include conf.d/scripts-vhost.conf
         Include conf.d/vhosts-common-ssl.conf
         SSLCertificateFile /etc/pki/tls/certs/scripts.pem
         SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
     </VirtualHost>
-    <VirtualHost 18.181.0.43:444 18.4.86.43:444>
+    <VirtualHost 18.4.86.43:444>
         Include conf.d/scripts-vhost-names.conf
         Include conf.d/scripts-vhost.conf
         Include conf.d/vhosts-common-ssl.conf
@@ -361,15 +354,6 @@ ProxyRequests Off
         Include conf.d/vhosts-common-ssl.conf
     </VirtualHost>
     # LDAP vhost, w00t w00t
-    <VirtualHost 18.181.0.46:443>
-        ServerName localhost
-        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
-        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
-        Include conf.d/vhost_ldap.conf
-        Include conf.d/vhosts-common-ssl.conf
-        Include conf.d/181-interstitial.conf
-    </VirtualHost>
-    # LDAP vhost, w00t w00t
     <VirtualHost *:444>
         ServerName localhost
         SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
@@ -378,24 +362,14 @@ ProxyRequests Off
         Include conf.d/vhosts-common-ssl.conf
         Include conf.d/vhosts-common-ssl-cert.conf
     </VirtualHost>
-    # LDAP vhost, w00t w00t
-    <VirtualHost 18.181.0.46:444>
-        ServerName localhost
-        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
-        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
-        Include conf.d/vhost_ldap.conf
-        Include conf.d/vhosts-common-ssl.conf
-        Include conf.d/vhosts-common-ssl-cert.conf
-        Include conf.d/181-interstitial.conf
-    </VirtualHost>
-    <VirtualHost *:443 18.181.0.46:443>
+    <VirtualHost *:443>
         SSLCertificateFile /etc/pki/tls/certs/scripts.pem
         SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
         Include conf.d/scripts-vhost-names.conf
         Include conf.d/scripts-vhost.conf
         Include conf.d/vhosts-common-ssl.conf
     </VirtualHost>
-    <VirtualHost *:444 18.181.0.46:444>
+    <VirtualHost *:444>
         SSLCertificateFile /etc/pki/tls/certs/scripts.pem
         SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
         Include conf.d/scripts-vhost-names.conf

server/fedora/config/etc/httpd/conf/httpd.conf

@@ -88,7 +88,7 @@ def conf(vhost):
             cert_file.write(certs_pem)
         os.rename(cert_path + '.new', cert_path)
 
-    for ip, port in itertools.product(['*', '18.181.0.46'], [443, 444]):
+    for ip, port in itertools.product(['*'], [443, 444]):
         yield '<VirtualHost {}:{}>\n'.format(ip, port)
         yield '\tServerName {}\n'.format(name)
         if aliases:
@@ -99,8 +99,6 @@ def conf(vhost):
             yield '\tInclude conf.d/vhosts-common-ssl-cert.conf\n'
         yield '\tSSLCertificateFile {}\n'.format(cert_path)
         yield '\tSSLCertificateKeyFile {}\n'.format(key_path)
-        if ip == '18.181.0.46':
-            yield '\tInclude conf.d/181-interstitial.conf\n'
         yield '</VirtualHost>\n'
 
 with open(os.path.join(CERTS_DIR, '.lock'), 'w') as lock_file: