aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

wip: begin updating 'router' role for IPv6

Browse source 
pending: update virtual routes
This commit is contained in:
Yohaï-Eliel BERREBY 2020-08-01 15:46:41 +02:00
parent 194c19fbf3
commit 56808e4e60
3 changed files with 17 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/router/tasks/main.yml
View file

@ -6,6 +6,12 @@
value: '1' value: '1'
sysctl_set: yes sysctl_set: yes
- name: Enable IPv6 packet forwarding
ansible.posix.sysctl:
name: net.ipv6.ip_forward
value: '1'
sysctl_set: yes
- name: Install aurore-firewall (re2o-service) - name: Install aurore-firewall (re2o-service)
import_role: import_role:
name: re2o-service name: re2o-service

2
roles/router/templates/firewall_config.py
View file

@ -25,7 +25,7 @@
### Give me a role ### Give me a role
# routeur4 = routeur IPv4 # routeur4 = routeur IPv4
role = ['routeur4'] role = ['routeur4', 'routeur6']
### Specify each interface role ### Specify each interface role

13
roles/router/templates/keepalived.conf
View file

@ -26,7 +26,6 @@ vrrp_instance VI_ROUT_{{ apartment_block }} {
# Timeout in seconds before failover kicks in. # Timeout in seconds before failover kicks in.
advert_int 2 advert_int 2
# Used to authenticate VRRP communication between master and backup. # Used to authenticate VRRP communication between master and backup.
authentication { authentication {
auth_type PASS auth_type PASS
@ -38,18 +37,26 @@ vrrp_instance VI_ROUT_{{ apartment_block }} {
virtual_ipaddress { virtual_ipaddress {
# Routing subnet # Routing subnet
10.129.{{ apartment_block_id }}.254/16 brd 10.129.255.255 dev ens19 scope global 10.129.{{ apartment_block_id }}.254/16 brd 10.129.255.255 dev ens19 scope global
{{ ipv6_base_prefix }}:129:0::{{ apartment_block_id }}:254/64 dev ens19 scope global
# Public subnet: wired
# NATed subnet: wired
45.66.108.25{{ apartment_block_id }}/24 brd 45.66.108.255 dev ens19 scope global 45.66.108.25{{ apartment_block_id }}/24 brd 45.66.108.255 dev ens19 scope global
# Public subnet: wifi
# NATed subnet: wifi
45.66.109.25{{ apartment_block_id }}/24 brd 45.66.109.255 dev ens19 scope global 45.66.109.25{{ apartment_block_id }}/24 brd 45.66.109.255 dev ens19 scope global
# Wired # Wired
10.{{ subnet_ids.users_wired }}.0.254/16 brd 10.{{ subnet_ids.users_wired }}.255.255 dev ens20 scope global 10.{{ subnet_ids.users_wired }}.0.254/16 brd 10.{{ subnet_ids.users_wired }}.255.255 dev ens20 scope global
{{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::0:254/64 dev ens20 scope global
# Wifi # Wifi
10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global 10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global
{{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::0:254/64 dev ens21 scope global
} }
# FIXME: update for IPv6
virtual_routes { virtual_routes {
# 10.129.0.1 is Yggdrasil # 10.129.0.1 is Yggdrasil
src 10.129.{{ apartment_block_id }}.254 to 0.0.0.0/0 via 10.129.0.1 dev ens19 src 10.129.{{ apartment_block_id }}.254 to 0.0.0.0/0 via 10.129.0.1 dev ens19