Add config for new VMs
This commit is contained in:
parent
7c21275a11
commit
19c623ab0a
GPG key ID:
800882B66C0C3326
15 changed files with 389 additions and 308 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -1,3 +1,4 @@
|
||||||
*.retry
|
*.retry
|
||||||
tmp
|
tmp
|
||||||
ldap-password.txt
|
ldap-password.txt
|
||||||
|
__pycache__/
|
||||||
|
|
|
||||||
11
all.yml
Executable file
11
all.yml
Executable file
|
|
@ -0,0 +1,11 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- import_playbook: playbooks/base.yml
|
||||||
|
- import_playbook: playbooks/root.yml
|
||||||
|
- import_playbook: playbooks/ssh.yml
|
||||||
|
- import_playbook: playbooks/chronyd.yml
|
||||||
|
- import_playbook: playbooks/kresd.yml
|
||||||
|
- import_playbook: playbooks/resolvconf.yml
|
||||||
|
- import_playbook: playbooks/ifupdown2.yml
|
||||||
|
- import_playbook: playbooks/keepalived.yml
|
||||||
|
...
|
||||||
|
|
@ -1,3 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
# Deploy all playbooks
|
|
||||||
ansible-playbook playbooks/*.yml $@
|
|
||||||
|
|
@ -1,10 +1,8 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
# Put a common configuration on all servers
|
- hosts:
|
||||||
- hosts: all,!unifi
|
- pve_network
|
||||||
|
- vm_network
|
||||||
roles:
|
roles:
|
||||||
- baseconfig
|
- base_utils
|
||||||
- basesecurity
|
...
|
||||||
- ldap_client
|
|
||||||
- logrotate
|
|
||||||
- update_motd
|
|
||||||
|
|
|
||||||
|
|
@ -5,17 +5,9 @@
|
||||||
- isp-2.rtr.infra.auro.re
|
- isp-2.rtr.infra.auro.re
|
||||||
vars:
|
vars:
|
||||||
bird__router_ids:
|
bird__router_ids:
|
||||||
isp-1.rtr.infra.auro.re: 10.136.0.1
|
isp-1.rtr.infra.auro.re: 10.203.0.5
|
||||||
isp-2.rtr.infra.auro.re: 10.136.0.2
|
isp-2.rtr.infra.auro.re: 10.203.0.6
|
||||||
bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||||
bird__ospf_broadcast_interfaces:
|
|
||||||
ens20: null
|
|
||||||
bird__ospf_stub_interfaces:
|
|
||||||
- client-0
|
|
||||||
- client-1
|
|
||||||
- client-2
|
|
||||||
- client-3
|
|
||||||
- client-4
|
|
||||||
bird__radv_interfaces:
|
bird__radv_interfaces:
|
||||||
client-0:
|
client-0:
|
||||||
prefix:
|
prefix:
|
||||||
|
|
@ -43,7 +35,7 @@
|
||||||
domain_search:
|
domain_search:
|
||||||
- client-4.isp.auro.re
|
- client-4.isp.auro.re
|
||||||
bird__radv_dns_servers:
|
bird__radv_dns_servers:
|
||||||
- 2a09:6840:128::127
|
- 2a09:6840:128::10:3
|
||||||
roles:
|
roles:
|
||||||
- bird
|
- bird
|
||||||
|
|
||||||
|
|
@ -52,19 +44,9 @@
|
||||||
- infra-2.rtr.infra.auro.re
|
- infra-2.rtr.infra.auro.re
|
||||||
vars:
|
vars:
|
||||||
bird__router_ids:
|
bird__router_ids:
|
||||||
infra-1.rtr.infra.auro.re: 10.203.1.3
|
infra-1.rtr.infra.auro.re: 10.203.0.3
|
||||||
infra-2.rtr.infra.auro.re: 10.203.1.4
|
infra-2.rtr.infra.auro.re: 10.203.0.4
|
||||||
bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||||
bird__ospf_broadcast_interfaces:
|
|
||||||
ens19: null
|
|
||||||
bird__ospf_stub_interfaces:
|
|
||||||
- ens20
|
|
||||||
- ens21
|
|
||||||
- ens22
|
|
||||||
- ens23
|
|
||||||
- ens1
|
|
||||||
- ens2
|
|
||||||
- ens1s3
|
|
||||||
roles:
|
roles:
|
||||||
- bird
|
- bird
|
||||||
|
|
||||||
|
|
@ -73,8 +55,8 @@
|
||||||
- edge-2.rtr.infra.auro.re
|
- edge-2.rtr.infra.auro.re
|
||||||
vars:
|
vars:
|
||||||
bird__router_ids:
|
bird__router_ids:
|
||||||
edge-1.rtr.infra.auro.re: 10.203.1.1
|
edge-1.rtr.infra.auro.re: 10.203.0.1
|
||||||
edge-2.rtr.infra.auro.re: 10.203.1.2
|
edge-2.rtr.infra.auro.re: 10.203.0.2
|
||||||
bird__asn:
|
bird__asn:
|
||||||
aurore: 43619
|
aurore: 43619
|
||||||
crans: 204515
|
crans: 204515
|
||||||
|
|
|
||||||
|
|
@ -17,10 +17,10 @@
|
||||||
- chronyd
|
- chronyd
|
||||||
|
|
||||||
- hosts:
|
- hosts:
|
||||||
- all
|
- pve_network
|
||||||
|
- vm_network
|
||||||
- "!ntp-1.int.infra.auro.re"
|
- "!ntp-1.int.infra.auro.re"
|
||||||
- "!ntp-2.int.infra.auro.re"
|
- "!ntp-2.int.infra.auro.re"
|
||||||
- "!unifi"
|
|
||||||
vars:
|
vars:
|
||||||
chronyd__pools:
|
chronyd__pools:
|
||||||
- ntp-1.int.infra.auro.re
|
- ntp-1.int.infra.auro.re
|
||||||
|
|
|
||||||
|
|
@ -1,48 +1,261 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts:
|
- hosts:
|
||||||
- ntp-1.int.infra.auro.re
|
- vm_network
|
||||||
- dns-1.int.infra.auro.re
|
|
||||||
- dhcp-1.isp.auro.re
|
|
||||||
- dhcp-2.isp.auro.re
|
|
||||||
- isp-1.rtr.infra.auro.re
|
|
||||||
- isp-2.rtr.infra.auro.re
|
|
||||||
- edge-1.rtr.infra.auro.re
|
|
||||||
- edge-2.rtr.infra.auro.re
|
|
||||||
- infra-1.rtr.infra.auro.re
|
|
||||||
- infra-2.rtr.infra.auro.re
|
|
||||||
vars:
|
vars:
|
||||||
|
ifupdown2__gateways:
|
||||||
|
adm:
|
||||||
|
- 2a09:6840:128::254
|
||||||
|
- 10.128.0.254
|
||||||
# TODO: netbox
|
# TODO: netbox
|
||||||
ifupdown2__hosts:
|
ifupdown2__hosts:
|
||||||
ntp-1.int.infra.auro.re:
|
edge-1.rtr.infra.auro.re:
|
||||||
ens18:
|
ens18:
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
addresses:
|
||||||
- 2a09:6840:128::203/56
|
- 2a09:6840:128::10:2/56
|
||||||
- 10.128.0.203/16
|
- 10.128.10.2/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens20:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens21:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens22:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:203:0:1::1/56
|
||||||
|
- 10.203.0.1/16
|
||||||
|
forward: true
|
||||||
|
edge-2.rtr.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128:10:102/56
|
||||||
|
- 10.128.10.102/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens20:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens21:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens22:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:203:0:2::1/56
|
||||||
|
- 10.203.0.2/16
|
||||||
|
forward: true
|
||||||
dns-1.int.infra.auro.re:
|
dns-1.int.infra.auro.re:
|
||||||
ens18:
|
ens18:
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
addresses:
|
||||||
- 2a09:6840:128::127/56
|
- 2a09:6840:128::10:3/56
|
||||||
- 10.128.0.127/16
|
- 10.128.10.3/16
|
||||||
dhcp-1.isp.auro.re:
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:206:0:2::1/56
|
||||||
|
- 10.206.0.2/16
|
||||||
|
dns-2.int.infra.auro.re:
|
||||||
ens18:
|
ens18:
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
addresses:
|
||||||
- 2a09:6840:128::204/56
|
- 2a09:6840:128::10:103/56
|
||||||
- 10.128.0.204/16
|
- 10.128.10.103/16
|
||||||
ens19: null
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:206:0:3::1/56
|
||||||
|
- 10.206.0.3/16
|
||||||
|
ssh-1.mgmt.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:1/56
|
||||||
|
- 10.128.10.1/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
- 45.66.108.2/16
|
||||||
|
ssh-2.mgmt.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:101/56
|
||||||
|
- 10.128.10.101/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
- 45.66.108.3/16
|
||||||
|
infra-1.rtr.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:4/56
|
||||||
|
- 10.128.10.4/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:203:1:3::1/56
|
||||||
|
- 10.203.1.3/16
|
||||||
|
forward: true
|
||||||
|
ens20:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens21:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens22:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens23:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens1:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens2:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
enp1s3:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
infra-2.rtr.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:104/56
|
||||||
|
- 10.128.10.104/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:203:4::1/64
|
||||||
|
- 10.203.1.4/16
|
||||||
|
forward: true
|
||||||
|
ens20:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens21:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens22:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens23:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens1:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
ens2:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
enp1s3:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
isp-1.rtr.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:5/56
|
||||||
|
- 10.128.10.5/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:203:0:5::1/56
|
||||||
|
- 10.203.0.5/16
|
||||||
|
forward: true
|
||||||
|
ens20:
|
||||||
|
ipv6_addrgen: false
|
||||||
clients:
|
clients:
|
||||||
bridge_vlan_aware: true
|
bridge_vlan_aware: true
|
||||||
bridge_ports:
|
bridge_ports:
|
||||||
- ens19
|
- ens20
|
||||||
|
bridge_vids:
|
||||||
|
- 1000-1004
|
||||||
|
bridge_disable_pvid: true
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
client-0:
|
||||||
|
vlan_id: 1000
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
client-1:
|
||||||
|
vlan_id: 1001
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
client-2:
|
||||||
|
vlan_id: 1002
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
client-3:
|
||||||
|
vlan_id: 1003
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
client-4:
|
||||||
|
vlan_id: 1004
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
isp-2.rtr.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:105/56
|
||||||
|
- 10.128.10.105/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:203:0:5::1/56
|
||||||
|
- 10.203.0.5/16
|
||||||
|
forward: true
|
||||||
|
ens20:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
clients:
|
||||||
|
bridge_vlan_aware: true
|
||||||
|
bridge_ports:
|
||||||
|
- ens20
|
||||||
|
bridge_vids:
|
||||||
|
- 1000-1004
|
||||||
|
forward: true
|
||||||
|
client-0:
|
||||||
|
vlan_id: 1000
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
client-1:
|
||||||
|
vlan_id: 1001
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
client-2:
|
||||||
|
vlan_id: 1002
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
client-3:
|
||||||
|
vlan_id: 1003
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
client-4:
|
||||||
|
vlan_id: 1004
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
forward: true
|
||||||
|
dhcp-1.isp.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:6/56
|
||||||
|
- 10.128.10.6/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:210:1:1::1/56
|
||||||
|
- 10.210.1.1/16
|
||||||
|
ens20: null
|
||||||
|
clients:
|
||||||
|
bridge_vlan_aware: true
|
||||||
|
bridge_ports:
|
||||||
|
- ens20
|
||||||
bridge_vids:
|
bridge_vids:
|
||||||
- 1000-1004
|
- 1000-1004
|
||||||
client-0:
|
client-0:
|
||||||
|
|
@ -70,19 +283,21 @@
|
||||||
- 100.64.0.130/27
|
- 100.64.0.130/27
|
||||||
vlan_id: 1004
|
vlan_id: 1004
|
||||||
vlan_raw_device: clients
|
vlan_raw_device: clients
|
||||||
dhcp-2.isp.auro.re:
|
dhcp-2.isp.infra.auro.re:
|
||||||
ens18:
|
ens18:
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
addresses:
|
||||||
- 2a09:6840:128::91/56
|
- 2a09:6840:128::10:106/56
|
||||||
- 10.128.0.91/16
|
- 10.128.10.106/16
|
||||||
ens19: null
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:210:1:2::1/56
|
||||||
|
- 10.210.1.2/16
|
||||||
|
ens20: null
|
||||||
clients:
|
clients:
|
||||||
bridge_vlan_aware: true
|
bridge_vlan_aware: true
|
||||||
bridge_ports:
|
bridge_ports:
|
||||||
- ens19
|
- ens20
|
||||||
bridge_vids:
|
bridge_vids:
|
||||||
- 1000-1004
|
- 1000-1004
|
||||||
client-0:
|
client-0:
|
||||||
|
|
@ -110,204 +325,86 @@
|
||||||
- 100.64.0.131/27
|
- 100.64.0.131/27
|
||||||
vlan_id: 1004
|
vlan_id: 1004
|
||||||
vlan_raw_device: clients
|
vlan_raw_device: clients
|
||||||
isp-1.rtr.infra.auro.re:
|
radius-1.isp.infra.auro.re:
|
||||||
ens18:
|
ens18:
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
addresses:
|
||||||
- 2a09:6840:128::255/56
|
- 2a09:6840:128::10:7/56
|
||||||
- 10.128.0.255/16
|
- 10.128.10.7/16
|
||||||
ens19: null
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
ens20:
|
|
||||||
forward: true
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:136:0:1::1/56
|
|
||||||
- 10.136.0.1/16
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
bridge_disable_pvid: true
|
|
||||||
forward: true
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-0:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-1:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-2:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-3:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-4:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
isp-2.rtr.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::158/56
|
|
||||||
- 10.128.0.158/16
|
|
||||||
ens19: null
|
|
||||||
ens20:
|
|
||||||
forward: true
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:136:0:2::1/56
|
|
||||||
- 10.136.0.2/16
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
client-0:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-1:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-2:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-3:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-4:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
edge-1.rtr.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::186/56
|
|
||||||
- 10.128.0.186/16
|
|
||||||
ens19: null # crans
|
|
||||||
ens20: null # vr
|
|
||||||
ens21: null # zayo
|
|
||||||
ens22: # backbone
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:203:1:1::1/64
|
|
||||||
- 10.203.1.1/16
|
|
||||||
edge-2.rtr.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::228/56
|
|
||||||
- 10.128.0.228/16
|
|
||||||
ens19: null # crans
|
|
||||||
ens20: null # vr
|
|
||||||
ens21: null # zayo
|
|
||||||
ens22: # backbone
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:203:1:2::1/64
|
|
||||||
- 10.203.1.2/16
|
|
||||||
infra-1.rtr.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::2:76/56
|
|
||||||
- 10.128.2.76/16
|
|
||||||
ens19:
|
ens19:
|
||||||
addresses:
|
addresses:
|
||||||
- 2a09:6840:1:3::1/64
|
- 2a09:6840:210:1:1::1/56
|
||||||
- 10.203.1.3/16
|
- 10.210.1.1/16
|
||||||
ens20:
|
radius-2.isp.infra.auro.re:
|
||||||
ipv6_addrgen: false
|
|
||||||
ens21:
|
|
||||||
ipv6_addrgen: false
|
|
||||||
ens22:
|
|
||||||
ipv6_addrgen: false
|
|
||||||
ens23:
|
|
||||||
ipv6_addrgen: false
|
|
||||||
ens1:
|
|
||||||
ipv6_addrgen: false
|
|
||||||
ens2:
|
|
||||||
ipv6_addrgen: false
|
|
||||||
enp1s3:
|
|
||||||
ipv6_addrgen: false
|
|
||||||
infra-2.rtr.infra.auro.re:
|
|
||||||
ens18:
|
ens18:
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
addresses:
|
||||||
- 2a09:6840:128::2:27/56
|
- 2a09:6840:128::10:107/56
|
||||||
- 10.128.2.27/16
|
- 10.128.10.107/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
ens19:
|
ens19:
|
||||||
addresses:
|
addresses:
|
||||||
- 2a09:6840:1:4::1/64
|
- 2a09:6840:210:1:2::1/56
|
||||||
- 10.203.1.4/16
|
ldap-1.int.infra.auro.re:
|
||||||
ens20:
|
ens18:
|
||||||
ipv6_addrgen: false
|
addresses:
|
||||||
ens21:
|
- 2a09:6840:128::10:8/56
|
||||||
ipv6_addrgen: false
|
- 10.128.10.8/16
|
||||||
ens22:
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
ipv6_addrgen: false
|
ens19:
|
||||||
ens23:
|
addresses:
|
||||||
ipv6_addrgen: false
|
- 2a09:6840:206:1:3::1/56
|
||||||
ens1:
|
- 10.206.1.3/16
|
||||||
ipv6_addrgen: false
|
ldap-2.int.infra.auro.re:
|
||||||
ens2:
|
ens18:
|
||||||
ipv6_addrgen: false
|
addresses:
|
||||||
enp1s3:
|
- 2a09:6840:128::10:108/56
|
||||||
ipv6_addrgen: false
|
- 10.128.10.108/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:206:1:4::1/56
|
||||||
|
- 10.206.1.4/16
|
||||||
|
ntp-1.int.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:9/56
|
||||||
|
- 10.128.10.9/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:206:1:5::1/56
|
||||||
|
- 10.206.1.5/16
|
||||||
|
ntp-2.int.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:109/56
|
||||||
|
- 10.128.10.109/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:206:1:6::1/56
|
||||||
|
- 10.206.1.6/16
|
||||||
|
prometheus-1.monit.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:10/56
|
||||||
|
- 10.128.10.10/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:204:1:1::1/56
|
||||||
|
- 10.204.1.1/16
|
||||||
|
prometheus-2.monit.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:110/56
|
||||||
|
- 10.128.10.110/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
ens19:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:204:1:2::1/56
|
||||||
|
- 10.204.1.2/16
|
||||||
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
|
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
|
||||||
roles:
|
roles:
|
||||||
- ifupdown2
|
- ifupdown2
|
||||||
|
|
||||||
- hosts:
|
|
||||||
- ntp-1.int.infra.auro.re
|
|
||||||
- dns-1.int.infra.auro.re
|
|
||||||
- dhcp-1.isp.auro.re
|
|
||||||
- dhcp-2.isp.auro.re
|
|
||||||
- isp-1.rtr.infra.auro.re
|
|
||||||
- isp-2.rtr.infra.auro.re
|
|
||||||
- edge-1.rtr.infra.auro.re
|
|
||||||
- edge-2.rtr.infra.auro.re
|
|
||||||
- infra-1.rtr.infra.auro.re
|
|
||||||
- infra-2.rtr.infra.auro.re
|
|
||||||
vars:
|
|
||||||
resolvconf__nameservers:
|
|
||||||
- 2a09:6840:128::127
|
|
||||||
- 10.128.0.127
|
|
||||||
resolvconf__domain: auro.re
|
|
||||||
resolvconf__search:
|
|
||||||
- "{{ inventory_hostname | remove_domain_suffix }}"
|
|
||||||
- auro.re
|
|
||||||
roles:
|
|
||||||
- resolvconf
|
|
||||||
...
|
...
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@
|
||||||
- isp-2.rtr.infra.auro.re
|
- isp-2.rtr.infra.auro.re
|
||||||
vars:
|
vars:
|
||||||
keepalived__virtual_router_id: 80
|
keepalived__virtual_router_id: 80
|
||||||
keepalived__interface: ens20
|
keepalived__interface: ens19
|
||||||
keepalived__virtual_addresses:
|
keepalived__virtual_addresses:
|
||||||
client-0:
|
client-0:
|
||||||
- 100.64.0.1/27
|
- 100.64.0.1/27
|
||||||
|
|
@ -61,31 +61,31 @@
|
||||||
keepalived__virtual_addresses:
|
keepalived__virtual_addresses:
|
||||||
ens20:
|
ens20:
|
||||||
- 10.204.0.1/16
|
- 10.204.0.1/16
|
||||||
- 2a09:6840:204::1/64
|
- 2a09:6840:204::1/56
|
||||||
- fe80::1/10
|
- fe80::1/10
|
||||||
ens21:
|
ens21:
|
||||||
- 10.205.0.1/16
|
- 10.205.0.1/16
|
||||||
- 2a09:6840:205::1/64
|
- 2a09:6840:205::1/56
|
||||||
- fe80::1/10
|
- fe80::1/10
|
||||||
ens22:
|
ens22:
|
||||||
- 10.206.0.1/16
|
- 10.206.0.1/16
|
||||||
- 2a09:6840:206::1/64
|
- 2a09:6840:206::1/56
|
||||||
- fe80::1/10
|
- fe80::1/10
|
||||||
ens23:
|
ens23:
|
||||||
- 10.207.0.1/16
|
- 10.207.0.1/16
|
||||||
- 2a09:6840:207::1/64
|
- 2a09:6840:207::1/56
|
||||||
- fe80::1/10
|
- fe80::1/10
|
||||||
ens1:
|
ens1:
|
||||||
- 10.208.0.1/16
|
- 10.208.0.1/16
|
||||||
- 2a09:6840:208::1/64
|
- 2a09:6840:208::1/56
|
||||||
- fe80::1/10
|
- fe80::1/10
|
||||||
ens2:
|
ens2:
|
||||||
- 10.209.0.1/16
|
- 10.209.0.1/16
|
||||||
- 2a09:6840:209::1/64
|
- 2a09:6840:209::1/56
|
||||||
- fe80::1/10
|
- fe80::1/10
|
||||||
enp1s3:
|
enp1s3:
|
||||||
- 10.210.0.1/16
|
- 10.210.0.1/16
|
||||||
- 2a09:6840:210::1/64
|
- 2a09:6840:210::1/56
|
||||||
- fe80::1/10
|
- fe80::1/10
|
||||||
roles:
|
roles:
|
||||||
- keepalived
|
- keepalived
|
||||||
|
|
|
||||||
|
|
@ -361,8 +361,8 @@
|
||||||
- 10.128.10.1
|
- 10.128.10.1
|
||||||
- 2a09:6840:128::10:1
|
- 2a09:6840:128::10:1
|
||||||
ssh-2.mgmt:
|
ssh-2.mgmt:
|
||||||
- 10.128.10.2
|
- 10.128.10.101
|
||||||
- 2a09:6840:128::10:2
|
- 2a09:6840:128::10:101
|
||||||
infra-1.rtr:
|
infra-1.rtr:
|
||||||
- 10.128.10.4
|
- 10.128.10.4
|
||||||
- 2a09:6840:128::10:4
|
- 2a09:6840:128::10:4
|
||||||
|
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# Deploy Radius
|
|
||||||
- hosts: radius-*.adm.auro.re
|
|
||||||
vars:
|
|
||||||
update_motd:
|
|
||||||
unbound: FreeRADIUS est déployé.
|
|
||||||
roles:
|
|
||||||
- radius
|
|
||||||
- update_motd
|
|
||||||
16
playbooks/resolvconf.yml
Executable file
16
playbooks/resolvconf.yml
Executable file
|
|
@ -0,0 +1,16 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- vm_network
|
||||||
|
- pve_network
|
||||||
|
vars:
|
||||||
|
resolvconf__nameservers:
|
||||||
|
- 2a09:6840:128::10:3
|
||||||
|
- 10.128.10.3
|
||||||
|
resolvconf__domain: auro.re.
|
||||||
|
resolvconf__search:
|
||||||
|
- "{{ inventory_hostname | remove_domain_suffix }}"
|
||||||
|
- auro.re.
|
||||||
|
roles:
|
||||||
|
- resolvconf
|
||||||
|
...
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts: all,!unifi
|
- hosts:
|
||||||
|
- vm_network
|
||||||
|
- pve_network
|
||||||
vars:
|
vars:
|
||||||
root_shell: /bin/bash
|
root_shell: /bin/bash
|
||||||
root_password: "{{ vault_root_password }}"
|
root_password: "{{ vault_root_password }}"
|
||||||
|
|
|
||||||
|
|
@ -1,23 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# Deploy firewall and keepalived
|
|
||||||
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
|
|
||||||
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
|
|
||||||
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
|
|
||||||
vars:
|
|
||||||
update_motd:
|
|
||||||
unbound: Le routage (avec radvd) est déployé.
|
|
||||||
roles:
|
|
||||||
- router
|
|
||||||
- radvd
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
# No radvd here
|
|
||||||
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
|
||||||
vars:
|
|
||||||
update_motd:
|
|
||||||
unbound: Le routage (avec DHCPv6) est déployé.
|
|
||||||
roles:
|
|
||||||
- router
|
|
||||||
- ipv6_edge_router
|
|
||||||
- update_motd
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts: all,!unifi
|
- hosts:
|
||||||
|
- pve_network
|
||||||
|
- vm_network
|
||||||
vars:
|
vars:
|
||||||
openssh_users_ca_public_key:
|
openssh_users_ca_public_key:
|
||||||
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
|
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
|
||||||
|
|
|
||||||
8
roles/base_utils/tasks/main.yml
Normal file
8
roles/base_utils/tasks/main.yml
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
- name: Install base utils
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- htop
|
||||||
|
- vim
|
||||||
|
- dnsutils
|
||||||
|
...
|
||||||
Loading…
Reference in a new issue