CASMTRIAGE-4628 (#241)

* ACLs * Update README.md Signed-off-by: lukebates123 <[email protected]> * Version bump * Fix unchecked `bmc` port `3` error, enhance messaging and begin model refactoring. * version bump * correct misspelling Signed-off-by: lukebates123 <[email protected]> Signed-off-by: Russell Bunch <[email protected]> Co-authored-by: lukebates123 <[email protected]> Co-authored-by: Russell Bunch <[email protected]> Co-authored-by: Sean Lynn <[email protected]>
Cray-HPE · Jan 26, 2023 · 47e8d37 · 47e8d37
1 parent b706a1d
commit 47e8d37
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# 🛶 CANU v1.6.30
+# 🛶 CANU v1.6.31
 
 CANU (CSM Automatic Network Utility) will float through a Shasta network and make switch setup and validation a breeze.
 
@@ -27,7 +27,7 @@ To checkout a fresh system using CSI:
   ```
 
 1. Parse CSI files and save switch IP addresses
-   
+
     ```bash
     canu init --sls-file sls_input_file.json --out ips.txt`
     ```
@@ -208,7 +208,7 @@ In order to run CANU, both python3 and pip3 need to be installed.
   ```bash
   canu, version 1.6.20
   ```
-  
+
 - (unstable) Feature/bugfix branches will report an `X.Y.Z.postA` version:
 
   ```bash
@@ -346,7 +346,7 @@ To get the JSON output from a single switch, or from multiple switches, make sur
 ```bash
 canu network firmware --csm 1.2 --ips 192.168.1.1,192.168.1.2 --username USERNAME --password PASSWORD --json
 ```
-           
+
 Potential output:
 
 ```json
@@ -1365,6 +1365,10 @@ To reuse a session without reinstalling dependencies use the `-rs` flag instead
 
 # Changelog
 
+## [1.6.31]
+
+- Modify nmn-hmn ACL to block traffic between the NMNLB and HMNLB networks.
+
 ## [1.6.30]
 
 - Add the ability to generate NMN configs for application nodes (v1 architecture).
@@ -1386,7 +1390,7 @@ To reuse a session without reinstalling dependencies use the `-rs` flag instead
 
 ## [1.6.27]
 
-- Fix login node shasta name for v1 architecture
+- Fix login node shasta name for v1 architecture.
 
 ## [1.6.26]
 

diff --git a/network_modeling/configs/templates/1.3/aruba/common/acl.j2 b/network_modeling/configs/templates/1.3/aruba/common/acl.j2
@@ -40,6 +40,18 @@ access-list ip nmn-hmn
 {%- if variables.HMN_MTN and variables.NMN_MTN %}
 {% set sequence = sequence+10 %}    {{ sequence }} deny any {{ variables.HMN_MTN_NETWORK_IP }}/{{ variables.HMN_MTN_NETMASK }} {{ variables.NMN_MTN_NETWORK_IP }}/{{ variables.NMN_MTN_NETMASK }}
 {%- endif %}
+{%- if variables.NMNLB and variables.HMN %}
+{% set sequence = sequence+10 %}    {{ sequence }} deny any {{ variables.NMNLB_NETWORK_IP }}/{{ variables.NMNLB_NETMASK }} {{ variables.HMN_NETWORK_IP }}/{{ variables.HMN_NETMASK }}
+{%- endif %}
+{%- if variables.HMNLB and variables.NMN %}
+{% set sequence = sequence+10 %}    {{ sequence }} deny any {{ variables.HMNLB_NETWORK_IP }}/{{ variables.HMNLB_NETMASK }} {{ variables.NMN_NETWORK_IP }}/{{ variables.NMN_NETMASK }}
+{%- endif %}
+{%- if variables.HMN and variables.NMNLB %}
+{% set sequence = sequence+10 %}    {{ sequence }} deny any {{ variables.HMN_NETWORK_IP }}/{{ variables.HMN_NETMASK }} {{ variables.NMNLB_NETWORK_IP }}/{{ variables.NMNLB_NETMASK }}
+{%- endif %}
+{%- if variables.NMN and variables.HMNLB %}
+{% set sequence = sequence+10 %}    {{ sequence }} deny any {{ variables.NMN_NETWORK_IP }}/{{ variables.NMN_NETMASK }} {{ variables.HMNLB_NETWORK_IP }}/{{ variables.HMNLB_NETMASK }}
+{%- endif %}
 {% set sequence = sequence+10 %}    {{ sequence }} permit any any any
 access-list ip cmn-can
 {%- if variables.CMN and variables.CAN %}