From b0c386507ab50dad83d429a3559aee8b22b4c381 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Fri, 2 Sep 2022 17:14:31 +0200 Subject: [PATCH] radvd: update role --- playbooks/radvd.yml | 30 ++++++++ roles/radvd/defaults/main.yml | 8 +++ roles/radvd/handlers/main.yml | 6 +- roles/radvd/tasks/main.yml | 27 +++---- roles/radvd/templates/radvd.conf.j2 | 105 +++++++++------------------- 5 files changed, 88 insertions(+), 88 deletions(-) create mode 100755 playbooks/radvd.yml create mode 100644 roles/radvd/defaults/main.yml diff --git a/playbooks/radvd.yml b/playbooks/radvd.yml new file mode 100755 index 0000000..750e652 --- /dev/null +++ b/playbooks/radvd.yml @@ -0,0 +1,30 @@ +#!/usr/bin/env ansible-playbook +--- +- hosts: + - isp-1.rtr.infra.auro.re + - isp-2.rtr.infra.auro.re + vars: + radvd__interfaces: + client-0: + prefix: + - 2a09:6841::/56 + client-1: + prefix: + - 2a09:6841:0:100::/56 + client-2: + prefix: + - 2a09:6841:0:200::/56 + client-3: + prefix: + - 2a09:6841:0:300::/56 + client-4: + prefix: + - 2a09:6841:0:400::/56 + radvd__domain_search: + - isp.auro.re + - auro.re + radvd__dns_servers: + - 2a09:6840:128::127 + roles: + - radvd +... diff --git a/roles/radvd/defaults/main.yml b/roles/radvd/defaults/main.yml new file mode 100644 index 0000000..e1bd3f6 --- /dev/null +++ b/roles/radvd/defaults/main.yml @@ -0,0 +1,8 @@ +--- +radvd__interfaces: {} +radvd__min_adv_interval: 3 +radvd__max_adv_interval: 600 +radvd__dns_servers: [] +radvd__domain_search: [] +radvd__ignore_if_missing: true +... diff --git a/roles/radvd/handlers/main.yml b/roles/radvd/handlers/main.yml index 6ed4ca7..6164fe7 100644 --- a/roles/radvd/handlers/main.yml +++ b/roles/radvd/handlers/main.yml @@ -1,6 +1,6 @@ --- -- name: restart radvd +- name: Restart radvd systemd: + name: radvd.service state: restarted - name: radvd - enabled: true +... diff --git a/roles/radvd/tasks/main.yml b/roles/radvd/tasks/main.yml index 47b1f9d..3be53af 100644 --- a/roles/radvd/tasks/main.yml +++ b/roles/radvd/tasks/main.yml @@ -1,19 +1,20 @@ --- -# Warning: radvd installation seems to fail if the configuration -# file doesn't already exist when the package is installed, -# so the order is important. +- name: Install radvd + apt: + name: radvd + - name: Configure radvd template: src: radvd.conf.j2 dest: /etc/radvd.conf - mode: 0644 - notify: restart radvd - tags: - - radconf + owner: root + group: root + mode: u=rw,g=r,o= + notify: Restart radvd -- name: Install radvd - apt: - update_cache: true - name: radvd - state: present - notify: restart radvd +- name: Enable and start radvd + systemd: + name: radvd.service + state: started + enabled: true +... diff --git a/roles/radvd/templates/radvd.conf.j2 b/roles/radvd/templates/radvd.conf.j2 index 300f50b..508d6a0 100644 --- a/roles/radvd/templates/radvd.conf.j2 +++ b/roles/radvd/templates/radvd.conf.j2 @@ -1,80 +1,41 @@ -# -*- mode: conf-unix; coding: utf-8 -*- +{{ ansible_managed | comment }} -## -# Bornes Wi-Fi -## - -# # Need to add an interface for this VLAN on "routeur-*" hosts. -# -# interface ens19 { -# AdvSendAdvert on; -# AdvLinkMTU {{ mtu }}; -# AdvDefaultPreference high; -# MaxRtrAdvInterval 30; -# -# AdvRASrcAddress { -# {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::0:250; # Unifi controller -# }; -# -# prefix {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::/64 { -# AdvRouterAddr on; -# }; -# -# # La zone DNS -# DNSSL borne.auro.re {}; -# -# # Les DNS récursifs -# RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::{{ dns_host_suffix_main }} {}; -# RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::{{ dns_host_suffix_backup }} {}; -# }; - -## -# Utilisateurs filaire -## -interface ens20 { - AdvSendAdvert on; - AdvLinkMTU {{ mtu }}; - AdvDefaultPreference high; - MaxRtrAdvInterval 30; - - AdvRASrcAddress { - fe80::1; # link-local virtual IP used with keepalived - }; - - prefix {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::/64 { - AdvRouterAddr on; - }; - - DNSSL fil.{{ apartment_block_dhcp }}.auro.re {}; # TODO: fix this shitty workaround. - - RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::{{ dns_host_suffix_main }} {}; - RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::{{ dns_host_suffix_backup }} {}; -}; - - -## -# Utilisateurs wifi -## -interface ens21 { +{% for name, iface in radvd__interfaces.items() %} +interface {{ name }} { AdvSendAdvert on; - AdvLinkMTU {{ mtu }}; - AdvDefaultPreference high; - MaxRtrAdvInterval 30; - + IgnoreIfMissing {{ iface.ignore_if_missing + | default(radvd__ignore_if_missing) + | ternary("yes", "no") }}; +{% if iface.mtu is defined %} + AdvLinkMTU {{ iface.mtu | int }}; +{% endif %} + AdvDefaultPreference high; # TODO + MinRtrAdvInterval {{ iface.min_adv_interval + | default(radvd__min_adv_interval) + | int }}; + MaxRtrAdvInterval {{ iface.max_adv_interval + | default(radvd__max_adv_interval) + | int }}; +{% if iface.src_address | default([]) %} AdvRASrcAddress { - fe80::1; +{% for addr in iface.src_address %} + {{ addr | ipv6 }} +{% endfor %} }; - - prefix {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::/64 { +{% endif %} +{% for prefix in iface.prefix | default([]) %} + prefix {{ prefix | ipv6 }} { + AdvOnLink on; + AdvAutonomous on; AdvRouterAddr on; }; - - DNSSL wifi.{{ apartment_block_dhcp }}.auro.re {}; # TODO: fix this shitty workaround. - - RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::{{ dns_host_suffix_main }} {}; - RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::{{ dns_host_suffix_backup }} {}; +{% endfor %} +{% for domain in iface.domain_search | default(radvd__domain_search) %} + DNSSL {{ domain }} {}; +{% endfor %} +{% for addr in iface.dns_servers | default(radvd__dns_servers) %} + RDNSS {{ addr | ipv6 }} {}; +{% endfor %} }; - - -# For public IPs: will use DHCPv6, deployed on routeur-aurore alone. +{% endfor %}