diff --git a/hosts b/hosts index 26e2665..52f5078 100644 --- a/hosts +++ b/hosts @@ -93,6 +93,11 @@ ntp-1.int.infra.auro.re prometheus-fleming.adm.auro.re #prometheus-fleming-fo.adm.auro.re radius-fleming.adm.auro.re +dns-1.int.infra.auro.re +isp-1.rtr.infra.auro.re +isp-2.rtr.infra.auro.re +dhcp-1.isp.auro.re +dhcp-2.isp.auro.re radius-fleming-backup.adm.auro.re unifi-fleming.adm.auro.re routeur-fleming.adm.auro.re diff --git a/playbooks/ifupdown2.yml b/playbooks/ifupdown2.yml index 01d72f0..fcd816c 100755 --- a/playbooks/ifupdown2.yml +++ b/playbooks/ifupdown2.yml @@ -2,6 +2,11 @@ --- - hosts: - ntp-1.int.infra.auro.re + - dns-1.int.infra.auro.re + - dhcp-1.isp.auro.re + - dhcp-2.isp.auro.re + - isp-1.rtr.infra.auro.re + - isp-2.rtr.infra.auro.re vars: # TODO: netbox ifupdown2__hosts: @@ -13,12 +18,188 @@ addresses: - 2a09:6840:128::203/56 - 10.128.0.203/16 + dns-1.int.infra.auro.re: + ens18: + gateways: + - 2a09:6840:128::254 + - 10.128.0.254 + addresses: + - 2a09:6840:128::127/56 + - 10.128.0.127/16 + dhcp-1.isp.auro.re: + ens18: + gateways: + - 2a09:6840:128::254 + - 10.128.0.254 + addresses: + - 2a09:6840:128::204/56 + - 10.128.0.204/16 + ens19: null + clients: + bridge_vlan_aware: true + bridge_ports: + - ens19 + bridge_vids: + - 1000-1004 + client-0: + addresses: + - 100.64.0.2/27 + vlan_id: 1000 + vlan_raw_device: clients + client-1: + addresses: + - 100.64.0.34/27 + vlan_id: 1001 + vlan_raw_device: clients + client-2: + addresses: + - 100.64.0.66/27 + vlan_id: 1002 + vlan_raw_device: clients + client-3: + addresses: + - 100.64.0.98/27 + vlan_id: 1003 + vlan_raw_device: clients + client-4: + addresses: + - 100.64.0.130/27 + vlan_id: 1004 + vlan_raw_device: clients + dhcp-2.isp.auro.re: + ens18: + gateways: + - 2a09:6840:128::254 + - 10.128.0.254 + addresses: + - 2a09:6840:128::91/56 + - 10.128.0.91/16 + ens19: null + clients: + bridge_vlan_aware: true + bridge_ports: + - ens19 + bridge_vids: + - 1000-1004 + client-0: + addresses: + - 100.64.0.3/27 + vlan_id: 1000 + vlan_raw_device: clients + client-1: + addresses: + - 100.64.0.35/27 + vlan_id: 1001 + vlan_raw_device: clients + client-2: + addresses: + - 100.64.0.67/27 + vlan_id: 1002 + vlan_raw_device: clients + client-3: + addresses: + - 100.64.0.99/27 + vlan_id: 1003 + vlan_raw_device: clients + client-4: + addresses: + - 100.64.0.131/27 + vlan_id: 1004 + vlan_raw_device: clients + isp-1.rtr.infra.auro.re: + ens18: + gateways: + - 2a09:6840:128::254 + - 10.128.0.254 + addresses: + - 2a09:6840:128::255/56 + - 10.128.0.255/16 + ens19: null + clients: + bridge_vlan_aware: true + bridge_ports: + - ens19 + bridge_vids: + - 1000-1004 + bridge_disable_pvid: true + forward: true + ipv6_addrgen: false + client-0: + forward: true + vlan_id: 1000 + vlan_raw_device: clients + ipv6_addrgen: false + client-1: + forward: true + vlan_id: 1001 + vlan_raw_device: clients + ipv6_addrgen: false + client-2: + forward: true + vlan_id: 1002 + vlan_raw_device: clients + ipv6_addrgen: false + client-3: + forward: true + vlan_id: 1003 + vlan_raw_device: clients + ipv6_addrgen: false + client-4: + forward: true + vlan_id: 1004 + vlan_raw_device: clients + ipv6_addrgen: false + isp-2.rtr.infra.auro.re: + ens18: + gateways: + - 2a09:6840:128::254 + - 10.128.0.254 + addresses: + - 2a09:6840:128::158/56 + - 10.128.0.158/16 + ens19: null + clients: + bridge_vlan_aware: true + bridge_ports: + - ens19 + bridge_vids: + - 1000-1004 + client-0: + forward: true + vlan_id: 1000 + vlan_raw_device: clients + ipv6_addrgen: false + client-1: + forward: true + vlan_id: 1001 + vlan_raw_device: clients + ipv6_addrgen: false + client-2: + forward: true + vlan_id: 1002 + vlan_raw_device: clients + ipv6_addrgen: false + client-3: + forward: true + vlan_id: 1003 + vlan_raw_device: clients + ipv6_addrgen: false + client-4: + forward: true + vlan_id: 1004 + vlan_raw_device: clients + ipv6_addrgen: false ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}" roles: - ifupdown2 - hosts: - ntp-1.int.infra.auro.re + - dns-1.int.infra.auro.re + - dhcp-1.isp.auro.re + - dhcp-2.isp.auro.re + - isp-1.rtr.infra.auro.re + - isp-2.rtr.infra.auro.re vars: resolvconf__nameservers: - 2a09:6840:128::127 diff --git a/roles/ifupdown2/templates/interfaces.j2 b/roles/ifupdown2/templates/interfaces.j2 index d61606c..a1e8f8a 100644 --- a/roles/ifupdown2/templates/interfaces.j2 +++ b/roles/ifupdown2/templates/interfaces.j2 @@ -3,11 +3,39 @@ {% for name, iface in ifupdown2__interfaces.items() %} auto {{ name }} iface {{ name }} -{% for address in iface.addresses %} +{% for address in iface.addresses | default([]) %} address {{ address | ipaddr }} {% endfor %} {% for gateway in iface.gateways | default([]) %} gateway {{ gateway | ipaddr }} {% endfor %} +{% if iface.bridge_ports is defined %} + bridge-ports {{ iface.bridge_ports | join(" ") }} +{% endif %} +{% if iface.bridge_vlan_aware is defined %} + bridge-vlan-aware {{ iface.bridge_vlan_aware + | ternary("yes", "no") }} +{% endif %} +{% if iface.bridge_vids is defined %} + bridge-vids {{ iface.bridge_vids | join(",") }} +{% endif %} +{% if iface.vlan_id is defined %} + vlan-id {{ iface.vlan_id | int }} +{% endif %} +{% if iface.vlan_raw_device is defined %} + vlan-raw-device {{ iface.vlan_raw_device }} +{% endif %} +{% if iface.bridge_disable_pvid | default(false) %} + bridge-pvid 0 + post-up bridge vlan del dev {{ name }} vid 1 self +{% endif %} +{% if iface.forward | default(false) %} + ip-forward yes + ip6-forward yes +{% endif %} +{% if iface.ipv6_addrgen is defined %} + ipv6-addrgen {{ iface.ipv6_addrgen + | ternary("yes", "no") }} +{% endif %} {% endfor %}