Compare commits
261 commits
Author | SHA1 | Date | |
---|---|---|---|
3b1ae6206f | |||
81f95aa14d | |||
708781b722 | |||
0782695471 | |||
1e1783fd59 | |||
4d0f820df0 | |||
48c4ecafae | |||
9aaa619173 | |||
54d227232b | |||
ba033f9099 | |||
8d0139925e | |||
7f9ccf3e59 | |||
4f18b6c8ef | |||
004a033606 | |||
d20c89defe | |||
97496ef4b8 | |||
0b40cc4b9b | |||
66e6c960d3 | |||
a004555681 | |||
7fe391c16f | |||
e660d8688a | |||
e5e6dd8056 | |||
67b29517e2 | |||
b141a1d955 | |||
f70e515769 | |||
806fa25b06 | |||
00dcf27614 | |||
029b001f9b | |||
39119a4ffa | |||
10087b354b | |||
3f02039de1 | |||
91d3087047 | |||
887aadb5fe | |||
02910a8fc0 | |||
061b6f1049 | |||
94ba30cc3b | |||
934137903a | |||
8359d2ebea | |||
5c8358ec95 | |||
261ccfeb5c | |||
9eb5793b38 | |||
68f36ae048 | |||
c2f2c03af6 | |||
19953b2951 | |||
3864b641eb | |||
c4744e9ab6 | |||
98f122bb69 | |||
41852b4ab8 | |||
a61c997366 | |||
3e16224213 | |||
136dcb693f | |||
db7729b3cb | |||
6949cc202f | |||
83ff27b856 | |||
16a0d95936 | |||
2928d7e809 | |||
071d82529d | |||
f9f278cb65 | |||
4c61d2bc18 | |||
3fa998ae68 | |||
071daad994 | |||
fc7f59b231 | |||
9e483d5285 | |||
4c33b77695 | |||
5e5d2268f3 | |||
51674bc1f6 | |||
190f31dffd | |||
a00a9b123f | |||
9524f29d1f | |||
14b1f47842 | |||
229a6617de | |||
69701f4875 | |||
6728d2bb00 | |||
be261ab257 | |||
13f22bc7b8 | |||
2e2e4995ed | |||
7d58a98bb4 | |||
45d380c641 | |||
35cdf782c8 | |||
fbdeddfc72 | |||
17b46bab5e | |||
93bccaddfd | |||
ddc0597e2a | |||
fa87d9789d | |||
078d9a3de9 | |||
e87de918db | |||
14288224b4 | |||
0e581e7d23 | |||
175e375682 | |||
cb6ef5dae0 | |||
15dda43f21 | |||
1a63ba3bea | |||
75f0ee785b | |||
9de88d0a28 | |||
655f744a11 | |||
0c7b5a2c68 | |||
e0c95b8f10 | |||
058fe0b3f5 | |||
2f4c6a53d8 | |||
ddd8c6dcc0 | |||
2c64d27fd3 | |||
b3d18e92b6 | |||
ace765b682 | |||
ca1c6c8040 | |||
f8b932014f | |||
a5b527ec0e | |||
20bce8a0da | |||
4a5b3bbfde | |||
4a9c0e6d8e | |||
aa1e422c58 | |||
455a0bdc2a | |||
452066fcfb | |||
669c7ec801 | |||
d455bbe00e | |||
6522a6f076 | |||
5391f2b956 | |||
bbaab0b767 | |||
676dabd76b | |||
1978f12794 | |||
8f51a2fb80 | |||
32ed73735f | |||
4ad25f7057 | |||
454f1d75cb | |||
cc1786eb2b | |||
8bf1f1a1fa | |||
dcd56413e8 | |||
e160b98f0e | |||
94953e1aa7 | |||
833d25078d | |||
8b5d587f26 | |||
6ee7a19f21 | |||
0807dc1d70 | |||
922b6894a7 | |||
7db15d9c63 | |||
b4fe111c91 | |||
67ac2a7618 | |||
fcb9ac9d17 | |||
9e24c5373e | |||
b36dd15d3c | |||
a2e181493d | |||
71befe1b44 | |||
9c41558d62 | |||
66a015c135 | |||
eb8368b2e6 | |||
67f0e4ccbc | |||
f3d67e93b4 | |||
45f5920cdd | |||
3294cde7a6 | |||
6eeb578d89 | |||
8b39a7f7dc | |||
dcc038bd7c | |||
0a621b53b4 | |||
8ec059ce55 | |||
621f39a8f2 | |||
f579e08e21 | |||
48deabba50 | |||
9f850aa4da | |||
1aba1e5606 | |||
6d66e56b15 | |||
e7c3a9c771 | |||
5eff05f8c5 | |||
eca5d1563d | |||
c32b949d04 | |||
19c623ab0a | |||
7c21275a11 | |||
95c812b101 | |||
830e5b103d | |||
873b5cc6f5 | |||
e995b06ea9 | |||
34b67791bd | |||
9c19e41afd | |||
5c17bc9664 | |||
d653432d18 | |||
5a43708a87 | |||
9cd983aa4c | |||
0a0fc8e52c | |||
2db69a8f1c | |||
ac9947c50f | |||
6773c5e90d | |||
cc82841560 | |||
b9fb9f377f | |||
f43775fc02 | |||
412a63dc6c | |||
a670cbaba4 | |||
ea78f609b5 | |||
aac9151280 | |||
1c47ccc4a8 | |||
64dcb4b282 | |||
99ba67f074 | |||
618cad720a | |||
8863eed924 | |||
0254b82356 | |||
d0175e961e | |||
e13e450a1f | |||
a15a05ce69 | |||
45ca2a3236 | |||
b0e12b19f8 | |||
61cdb980ea | |||
c7d7320367 | |||
866f175ed2 | |||
c4e9ecacd7 | |||
2d6ee91f93 | |||
e99f183743 | |||
231c3aac09 | |||
3f29960a04 | |||
67994d988b | |||
ea843e2f47 | |||
c6afab5728 | |||
553b371797 | |||
a816fb1f01 | |||
4bd54fe371 | |||
8f27164c17 | |||
8937e4f8e8 | |||
3d6e0f21b6 | |||
953403d0b3 | |||
5a7c8b280d | |||
8f452c76aa | |||
a505441f4d | |||
b894959c91 | |||
204ad7f2ce | |||
138ffd6097 | |||
526eaf84d2 | |||
ec01fbde95 | |||
35087971c3 | |||
2ff44c58b7 | |||
9fc0aa1fe8 | |||
cdc68cedd5 | |||
50b0e023dc | |||
3216307404 | |||
1938cc24da | |||
874f75d47d | |||
4d82018f62 | |||
69c3949ef8 | |||
6bb2bbb54f | |||
d5ab886dd4 | |||
426296d8bd | |||
2389367582 | |||
c1833e77b3 | |||
4446c2c47e | |||
8d92035a81 | |||
6f32c9bc2c | |||
5542e63d14 | |||
b34c232904 | |||
5740b64b1e | |||
bb2590358d | |||
c775a48ca8 | |||
126d0f49df | |||
4a29c317a5 | |||
e36e31d18b | |||
b1f26f2cd7 | |||
9f8dcecf63 | |||
b9dd74af40 | |||
86277d05c2 | |||
642b3eb801 | |||
2744b3b512 | |||
f321b12d2f | |||
43693c2fc8 | |||
961a2f1105 | |||
11939a6032 | |||
4dbe0e562d | |||
c97dca8fa8 |
283 changed files with 32308 additions and 4116 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,3 +1,4 @@
|
||||||
*.retry
|
*.retry
|
||||||
tmp
|
tmp
|
||||||
ldap-password.txt
|
ldap-password.txt
|
||||||
|
__pycache__/
|
||||||
|
|
18
all.yml
Executable file
18
all.yml
Executable file
|
@ -0,0 +1,18 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- import_playbook: playbooks/base.yml
|
||||||
|
- import_playbook: playbooks/root.yml
|
||||||
|
- import_playbook: playbooks/ssh.yml
|
||||||
|
- import_playbook: playbooks/chronyd.yml
|
||||||
|
- import_playbook: playbooks/kresd.yml
|
||||||
|
- import_playbook: playbooks/knotd.yml
|
||||||
|
- import_playbook: playbooks/resolvconf.yml
|
||||||
|
- import_playbook: playbooks/ifupdown2.yml
|
||||||
|
- import_playbook: playbooks/systemd_link.yml
|
||||||
|
- import_playbook: playbooks/keepalived.yml
|
||||||
|
- import_playbook: playbooks/ip_forward.yml
|
||||||
|
- import_playbook: playbooks/dhcpd.yml
|
||||||
|
- import_playbook: playbooks/bird.yml
|
||||||
|
- import_playbook: playbooks/pve.yml
|
||||||
|
- import_playbook: playbooks/prometheus.yml
|
||||||
|
...
|
|
@ -3,8 +3,10 @@ ask_vault_pass = True
|
||||||
roles_path = ./roles
|
roles_path = ./roles
|
||||||
retry_files_enabled = False
|
retry_files_enabled = False
|
||||||
inventory = ./hosts
|
inventory = ./hosts
|
||||||
|
stdout_callback = debug
|
||||||
|
library = ./library
|
||||||
filter_plugins = ./filter_plugins
|
filter_plugins = ./filter_plugins
|
||||||
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
|
ansible_managed = Ansible managed
|
||||||
nocows = 1
|
nocows = 1
|
||||||
forks = 15
|
forks = 15
|
||||||
timeout = 60
|
timeout = 60
|
||||||
|
@ -15,3 +17,4 @@ always = yes
|
||||||
|
|
||||||
[ssh_connection]
|
[ssh_connection]
|
||||||
pipelining = True
|
pipelining = True
|
||||||
|
retries = 3
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
# Deploy all playbooks
|
|
||||||
ansible-playbook playbooks/*.yml $@
|
|
16
filter_plugins/enquote.py
Normal file
16
filter_plugins/enquote.py
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
class FilterModule:
|
||||||
|
def filters(self):
|
||||||
|
return {
|
||||||
|
"enquote": enquote,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def enquote(string, delimiter='"', escape="\\"):
|
||||||
|
translation = str.maketrans(
|
||||||
|
{
|
||||||
|
delimiter: f"{escape}{delimiter}",
|
||||||
|
escape: f"{escape}{escape}",
|
||||||
|
}
|
||||||
|
)
|
||||||
|
escaped = string.translate(translation)
|
||||||
|
return f"{delimiter}{escaped}{delimiter}"
|
9
filter_plugins/format_rev.py
Normal file
9
filter_plugins/format_rev.py
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
class FilterModule:
|
||||||
|
def filters(self):
|
||||||
|
return {
|
||||||
|
"format_rev": format_rev,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def format_rev(text, fmt, *args, **kwargs):
|
||||||
|
return fmt.format(text, *args, **kwargs)
|
|
@ -7,11 +7,39 @@ import dns.name
|
||||||
class FilterModule:
|
class FilterModule:
|
||||||
def filters(self):
|
def filters(self):
|
||||||
return {
|
return {
|
||||||
|
"add_origin": add_origin,
|
||||||
|
"add_origin_keys": add_origin_keys,
|
||||||
|
"ip_filter": ip_filter,
|
||||||
"remove_domain_suffix": remove_domain_suffix,
|
"remove_domain_suffix": remove_domain_suffix,
|
||||||
"ipaddr_sort": ipaddr_sort,
|
"ipaddr_sort": ipaddr_sort,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def first_addr(addresses, ipv4 = True):
|
||||||
|
version = ipaddress.IPv4Address if ipv4 else ipaddress.IPv6Address
|
||||||
|
for addr in addresses:
|
||||||
|
parsed = ipaddress.ip_address(xx)
|
||||||
|
if isinstance(parsed, version):
|
||||||
|
return parsed
|
||||||
|
raise ValueError("missing address")
|
||||||
|
|
||||||
|
|
||||||
|
def ip_filter(addresses, networks):
|
||||||
|
if isinstance(addresses, dict):
|
||||||
|
return {k: ip_filter(v, networks) for k, v in addresses.items()}
|
||||||
|
ip_networks = [ipaddress.ip_network(n) for n in networks]
|
||||||
|
ip_addresses = [ipaddress.ip_address(a) for a in addresses]
|
||||||
|
return [str(a) for a in ip_addresses if any(a in n for n in ip_networks)]
|
||||||
|
|
||||||
|
|
||||||
|
def add_origin(name, origin="."):
|
||||||
|
return dns.name.from_text(name, dns.name.from_text(origin)).to_text()
|
||||||
|
|
||||||
|
|
||||||
|
def add_origin_keys(dct, origin="."):
|
||||||
|
return {add_origin(k, origin): v for k, v in dct.items()}
|
||||||
|
|
||||||
|
|
||||||
def remove_domain_suffix(name):
|
def remove_domain_suffix(name):
|
||||||
parent = dns.name.from_text(name).parent()
|
parent = dns.name.from_text(name).parent()
|
||||||
return parent.to_text()
|
return parent.to_text()
|
||||||
|
|
9
filter_plugins/suffix.py
Normal file
9
filter_plugins/suffix.py
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
class FilterModule:
|
||||||
|
def filters(self):
|
||||||
|
return {
|
||||||
|
"suffix": suffix,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def suffix(value, suffix):
|
||||||
|
return value + suffix
|
4
group_vars/all/bird.yml
Normal file
4
group_vars/all/bird.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
bird__as:
|
||||||
|
aurore: 43619
|
||||||
|
...
|
5
group_vars/all/chronyd.yml
Normal file
5
group_vars/all/chronyd.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
chronyd__pools:
|
||||||
|
- ntp-1.int.infra.auro.re
|
||||||
|
- ntp-2.int.infra.auro.re
|
||||||
|
...
|
24
group_vars/all/ifupdown2.yml
Normal file
24
group_vars/all/ifupdown2.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
ifupdown2__wireguard_proto: wireguard
|
||||||
|
ifupdown2__gateways:
|
||||||
|
adm:
|
||||||
|
- 2a09:6840:128::254
|
||||||
|
- 10.128.0.254
|
||||||
|
int:
|
||||||
|
- 2a09:6840:206::1
|
||||||
|
- 10.206.0.1
|
||||||
|
ext:
|
||||||
|
- 2a09:6840:211::1
|
||||||
|
- 10.211.0.1
|
||||||
|
monit:
|
||||||
|
- 2a09:6840:204::1
|
||||||
|
- 10.204.0.1
|
||||||
|
isp:
|
||||||
|
- 2a09:6840:210::1
|
||||||
|
- 10.210.0.1
|
||||||
|
pub:
|
||||||
|
- 2a09:6840:215::1
|
||||||
|
- 45.66.111.204
|
||||||
|
ovh:
|
||||||
|
- 92.222.211.254
|
||||||
|
...
|
10
group_vars/all/openssh.yml
Normal file
10
group_vars/all/openssh.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
openssh__users_ca_public_key:
|
||||||
|
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
|
||||||
|
hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
|
||||||
|
F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
|
||||||
|
|
||||||
|
openssh__authorized_principals:
|
||||||
|
- any
|
||||||
|
- "{{ inventory_hostname }}"
|
||||||
|
...
|
3
group_vars/all/prometheus.yml
Normal file
3
group_vars/all/prometheus.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
prometheus_node__text_dir: /var/run/prometheus-node-exporter
|
||||||
|
...
|
13
group_vars/all/resolvconf.yml
Normal file
13
group_vars/all/resolvconf.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
resolvconf__nameservers:
|
||||||
|
- 2a09:6840:206::1:1
|
||||||
|
- 2a09:6840:206::1:2
|
||||||
|
- 10.206.1.1
|
||||||
|
- 10.206.1.2
|
||||||
|
|
||||||
|
resolvconf__domain: auro.re.
|
||||||
|
|
||||||
|
resolvconf__search:
|
||||||
|
- "{{ inventory_hostname | remove_domain_suffix }}"
|
||||||
|
- auro.re.
|
||||||
|
...
|
5
group_vars/all/root.yml
Normal file
5
group_vars/all/root.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
root__shell: /bin/bash
|
||||||
|
|
||||||
|
root__password: "{{ vault_root_password }}"
|
||||||
|
...
|
|
@ -1,246 +1,298 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
64313161633263303464663933363265373935633862653634643862343232643432343966376438
|
61343966306561383238303434393933613538616662326430626564353466356235666537646263
|
||||||
6134633764383937373966346538306530316539303966320a363035303038616435383366656532
|
3464666132613834306435376533353564633634643931310a376435336364333437633633643537
|
||||||
39346463396563626166333362306464343836386365303836356461323663633831636562393039
|
30636165313433333039616337633765346232326362663834396462653637636438356638616263
|
||||||
3832636432626238350a666566323435623834396166656233306639333830343130326265616234
|
6333336530663764660a316331363464616132383835646362306635623261643333313639303132
|
||||||
61666365663963643437386530363261306438376665386463376366363662656161316263303831
|
66303137623563343066363933633939306432383331643662626130393865346237353432343035
|
||||||
61393136363934316462616131326463333736656136643038623061313363386538393833663637
|
39643562343231623539393833386461363362363566366339323066316463363334353430666564
|
||||||
36373565333566306632313865646538633532393731313430633462666334323762653337383338
|
62313039306234346663343934333435303636643632353336643638343532306330316238636663
|
||||||
63313433333835653366363061343839326131666139346563306366656365316663333438363837
|
39646366396136303663343662313264363831636232303466353536643362396139346138333934
|
||||||
33323165353936343165646464306434303161313139653561346461653537616164623434376534
|
65323463366438333838343265396261366136643662633733343737376466643636643265323964
|
||||||
33666662343734633766356230383761353239333632613031396365346536373432363433633564
|
63323735643965653637393031323166356335623838616562366238366337636131363333613666
|
||||||
61633762393033343336373864653438336436613630366539333731383336346665313732396265
|
64313963643138613831633436313262336431336563323337663035373138323439396231613361
|
||||||
32356138666135383562656366353131366436363464643630656130303437623131333239386363
|
33653538336633353432623632373730666437306265616631363235646633313565316663303435
|
||||||
66373866393064306565306565386230373638633733326661333065633136633130323963323765
|
38373933323439366664383334326364393838366436616563663062356635333635613966656262
|
||||||
30353262323835313365383562326363343965636634376133613331363133313030346561653931
|
32343063666132646638343965336336386265623566613662313634366235363235636139396362
|
||||||
39363636636235646131353034663861336362383263613165323230366439383561653165363764
|
33383334613032643030366433653164313538313239623062356161386535303163656637323639
|
||||||
65366130623362623539393461363832353435616266393036386439303834316635366438393936
|
34653162386338626430643662376263316264306133323038353362386239623939333365633964
|
||||||
33383933366262636232383066663130383965306137356363363539633661373664613738336539
|
61646264383834663038303464633334373639383961616665653362626464336136353662333630
|
||||||
31363131616135623039346465623530376533386263343836376662316562386530336266303062
|
38343033386361626339653239363266383866656466656335633763353539333732393438616365
|
||||||
64386531303938623939653635313163633261336339366139666135323130653862346132646636
|
31623030653365643166323230646533333563633935626436356165643036663530323331616461
|
||||||
30363065303235346331333434653331646333616337623562643564366435613938643235333664
|
32376265393139666161643330343530643036366666336639666265613138646561393931613661
|
||||||
30626164373030303237656366623631396138333265383566333664663061613536666363623630
|
35383839336539613738343638333636313063613935633833656564303535653831653033623131
|
||||||
61623362383439636239336234333161366635306432363230366630383836326330343932303863
|
61343466353461656338396364313531323865333338346364363463393666656265386166303834
|
||||||
39393232373831363863333332636362396639663831656266336430313837666463336439353332
|
36633164383839613830316434356632356436353630363666376330373762306632386533643636
|
||||||
63303036633433323439613535326663633332346565646338353761363733643766363132666365
|
33343934313936323439393530633563666463323761363737396537336666626639376562633833
|
||||||
34303865656262303563323665363730663062626537363461646363636461633762663237366366
|
38376434363662623136386238373339613235386361386566636563323433343431353234303732
|
||||||
64393133656464643065633634313261336662646435313735306266316132636530393631353830
|
65663530336261656466636536393763393537613665383261636234366263393039616337343235
|
||||||
61303939373363323131316463333136326365333430626266376636356130396239323464353937
|
31313636393166386634643635316135326264636134323032646462343861346231656237653131
|
||||||
64616232373532396334343433636332353530386662633164353235626361623164313039336666
|
61646662343330623266613064313632636238323166616463613132353761303662633163313562
|
||||||
31636434666437393839393133633961373139313663616366373239386163623064373836376164
|
63373361623935383466623236633232323130343064393765633038643638323437353735643832
|
||||||
62316638366366376134386231306435616138656461373633393339653532363434393834393430
|
30333763396565376266343434646263316333336130626463336365306132663036353133316266
|
||||||
37363335623934306661333135343266663464623438353665613330356236323036363139643064
|
39333962353862626638623464363634316239653233316435306332383934303239363930363363
|
||||||
62383934363465316338393065383935646134353230376131613935613431656333383565353134
|
36313931643730373865393665613633333064333530663937636438306164386533623138333665
|
||||||
34643866353131653061623236306536363163373639396564336434653839346263303930633663
|
30646239316633313164386339326132306666346633363865303861666536333662666263393034
|
||||||
39393935636235313431303032336361313730373238333732626465346662363038636361383631
|
38363638393435633238616232363763366237653530613763333762333330353531613036336164
|
||||||
65393433346363366337383233646166306339653533646632623262376630383265393438326135
|
36653536316532356337316262663863346333636336613830383363356537353038653065633163
|
||||||
31643039333835666338383762336163336337343532393063323165636531353361613731363065
|
63323937306431303435343135636562323939383434666363303631313461643038313235366437
|
||||||
65303637396332613432663636326334646635346237396461636366356133303333306239393739
|
34316563356365623130623664346435373066633832363639306237396233343531313965356232
|
||||||
34353966653662346230383865643231313239626533643761366162613164333132373636623237
|
65323537376535313261656663316265326661316237363336656536646535666334326663623237
|
||||||
32356335643766646266646266633366363165373861306433316561363166363865303133633939
|
64373234646261303463306362633762623735376465323536316638373165623264656135333761
|
||||||
34633132343438363034323638376666313061383965323566646463653163313235373364386666
|
62323761626231663263363764643465303133646531386165366266636266306338353665343732
|
||||||
62393865373137343237306637363536383939303833663532396333313931336162333837613935
|
36623765393538353139646362616638363365306565353662396638376133663761396663383533
|
||||||
66383266343735396337663936333162323738383264376533316536376563396333343263643931
|
35353165396261346665626431613838653763613331323262613864663437323235386337323961
|
||||||
65646535363337373865353265306434356432353066656665366638353331366334366339613538
|
34356564366230313062316139616366343132393261363564333632383934646435386261326131
|
||||||
32373637633564613861626538373365336362313434633137613966353861393462623862663330
|
33313438663631393466343633386637396463373838363938333131666137316235343136373936
|
||||||
64386431373066306334383863366133333564373163386433313231363366393830343230323734
|
65323235643130643638383661383837343636363266633165373436363165386264613631323261
|
||||||
61633962356637326538336663386330653563353763663236623539363630626363323237333237
|
66353133313637376638396465323533373934383135323831363266613931336361616139313766
|
||||||
30656139626561313064323330373032323031343137366638303966313832646365666238326337
|
61346436383330353265336330633234313334643566363066303835306263663630336439366164
|
||||||
63306363613361653933306234386163383837666430616663383664386563323839326232383761
|
62616139663666353861313265316463323932306364386637326438633861666231626539303638
|
||||||
35373539626438356539393266653864353066633365383437623437356464383335383039343137
|
33663361376131306365316537316637653661376637633438613366313230323138663030643061
|
||||||
61373539343631373932373033656233323964353666626162386537616333366562346265656238
|
61393965306133353434346531656632383735363232346531636338393561396461633431373133
|
||||||
35396130356166303564303036383664656435626534303064653363316464616335303965376330
|
35646166353538396534636663313564646339363866656336326131366465303239663363393464
|
||||||
61646638383138323265313631613037396561626162306661653231646230343139656135333236
|
31346130353139633363393161653637353838623131393536383235393161393562356239633038
|
||||||
63303838316266333665636335663361656262353066666430656162323236633564313337353665
|
65653933373130326466633163383066346332666662393862633334356333353032363135663834
|
||||||
35363565303736633564356632346632343832363934343962313030646132663566346664313632
|
36323638346134343131396538646334613463383362656261623834623162623664393261663562
|
||||||
38393061613163356265643434626166393366366634343032626637333332316361663639623534
|
37643238343461366531653761653466343165373838656566636664376435343665333534613766
|
||||||
62323239373639393337373537646232663531653835356165313264663561623633633830373734
|
36633763656563653363376462336336343530646166313333313064666264633337643733356364
|
||||||
31336234613633666538373961626430316530346462343061323661353564323938353338373961
|
33363865353232656464396562626530653833316233313562353137373038643165643465653430
|
||||||
64616637303734303333626166306330613238646265636136653939363936356165356232396436
|
62633865616265363036373737366336626436396133363062313032323634323864363465353361
|
||||||
65353731633836363433616534636330663565643561363233396538386430393964353433616437
|
32646431353733323134616162306337646332363631613563666334396131623764653463363634
|
||||||
36343936313936303165396236393463646363383338366238363961666530623335653234656139
|
35383732623164623532303036656337373166326366313037326133353465393937353266343765
|
||||||
65346337663437623134376137326166323933613861663032623965643538343638376234316232
|
37323965343632326361346632616161653261616333336561333730613664663133633933623835
|
||||||
36333065323234663263343630353739313661373536316162366532336438373263303730626464
|
61303037333739316333313763653466646436363239653361653864643335646435313362343632
|
||||||
38613136393166626663636631363064303736666235333036616435373063363762666565363136
|
35633931376562326165613236393134623235313961336332643936373835326238326633396563
|
||||||
38333966303831313333613831313132633062616235353365313533386236613338373130303836
|
64313937623034313738303764326337666239666266613131306133386265643039393864393465
|
||||||
61326262313833306437366364316433393931353265326131653563656131333436376338613266
|
66393964393437353965663764666338383033326633376232326565346236636136666464383861
|
||||||
39326632613366666136643137303635336631353230396435313537656366326239626362313833
|
39363265653166643239363861353839373038336636376366346430353263323136386565313865
|
||||||
62653039343261613265306362323234623264366664306561663839306631663465303962386462
|
62343730353265396338326463353535653939383336626630393838626132636230363139663536
|
||||||
39353934643562383762623937643034383534393962333466613636346637323235346438666636
|
38383962323763653464656233373163343463346638363334616534373235353334623732396565
|
||||||
31613838313535666166663063373333653439313035346266666463623666613837313933623837
|
31373162623035343938336564363964613135393435396430626232653230646239336635373735
|
||||||
63343565663739393764353761316432626237346234663032316131306262356233333439323961
|
62363931623235303839663433323236346633366465643961303730633865316536373938303339
|
||||||
38646664383030303832646563393836643135303731306435383338623633626638306165386637
|
63356165353538626337306130663035363432323836626136356466376362333834393937643463
|
||||||
65393238653464623032336437643838333932366131656332333165376261383539386466343139
|
30323036623239373031396237623964373037396462363833323565393230396636633963366564
|
||||||
65613733383837323832303738363664653138613830376333363038383839623463623631666237
|
30636330393735666563623730376336646462613365303330643634386236623436656666313862
|
||||||
63363263396533353763373934373034643763376665316638353435663635346135333265363235
|
61333334323230383061303730353963396466356335343532656533623264373462656265633635
|
||||||
62663432343935343964626432353563313036303761393039386231343530663737633466643035
|
32636437393866626434633066643566376334633963326465363763386665396530306462366664
|
||||||
65343835353037643539316439666666633866356530363237373230373439373133313337653237
|
39313533656536376435386438396666323963393663356331373435616532353139656561393161
|
||||||
66613631373637313534353862653437393234363365323032393035376438616264336661616262
|
64333838336365366164663864363263633630336162303866343434306433656263616432363735
|
||||||
37336435326135373065353564383637626637343532396331623334643139386364316431376435
|
33373136626230363234316534316230353836623033336639643235653731623934376639643435
|
||||||
36356566363033636539363430356565373039363863396565643730656531346364626334393436
|
36333037343636326438366531336165633064396334623334663835303736336564666132613839
|
||||||
33343839303538383530363231366166623233333730323163323432373831313639626337346230
|
30626239343930393864663635663765343233396134326364393236666636353630303561316263
|
||||||
30333930333064393337616564386163623436613933623466353933393733346339383534633239
|
62616639626666326631333734643665366262636531373138613930393366393762383637343435
|
||||||
30633365313364666566643533326163336330323232353533316633313739343035383465376330
|
63363365363062376339393966613134643731376531336230633536626330306633383834646266
|
||||||
65356139386463633565366132383832643032333234633964373437633836343435393631396166
|
34636363383734633065303336383362643130313732653436393133393963653361376561666334
|
||||||
34633439643764623936366536353931646132373539326238303761383339643661616266646130
|
33346664353861353136643733363335646336613637666236653765383235636233356533643930
|
||||||
30393166393465326365393130636136336433623262346435353936306133616135653734383635
|
35303361626634343565616361326233643135393963356632316663626137653733376433663565
|
||||||
65393530633836613937346430366337626365363361663533313837363063396538663766646566
|
63303865343032383364636431363736633463373739316662386663613139306638656664636234
|
||||||
63373639653732353135343562353266316164303863336365303635653464393232613939396131
|
35313562323234663730343162313364656231656164313766653635653961396330363536343062
|
||||||
30636361343932663233663566656131363938656161623966316366656561343166336532613666
|
31333065633665326132326532356632353931363735313134346362616562313839306539383139
|
||||||
65613534663762353662353262623634616264373964316336626166353330303539356130646166
|
38383463393035323462623035306464363631626361373439393632336436383931643861663263
|
||||||
63643435353765633766626165643465386331333637366562393861613834323464363932306430
|
63366238353732643365346462636364373739613364623939326337363437643965626365383934
|
||||||
32643836646266643031396262626136313363623663366430376432373036643835653863323631
|
62656661343538396461313634663030383336643362623637363631643766643762646364656331
|
||||||
30613164326430633664306630333632363931656135643465363439376263386561383534633666
|
39613763616464663866373732343431656331316231393234333163366561663665303634653938
|
||||||
64323763656466343064396639313264386239356664663461333166626332326536623132333434
|
61396161616131623166313266646632373338623966656635306635393730613238636339633734
|
||||||
62303261643164643330333662623935383037353338306135613737306563326336336162633138
|
37363838666137386637343261643733336134396233323761396333363761613634393833636433
|
||||||
33623066373265663362303133363032343933306336396466383034636131333837313333326531
|
33346230323066643136393165376638306235636635383632643137646335656565663039363337
|
||||||
39336163313633623639303462313763656632633030336236643030343262653366633939643536
|
37346264333232616462643332363736653439653764386663343933633966366631363739313731
|
||||||
31636535393864663363353930363761623264343630396336396431663330323436613462633136
|
63653532666165663161353065323866613461383162653639376666623739316361313139313935
|
||||||
37336464353730643566393432343762333336653932333366636265343663323462626232623635
|
65626633633732313562656332643735643663313334333566643632376261396364643334303865
|
||||||
34346136333630363539633666316561376266373032373961313437653564636537656630303261
|
30363462373036633839323833313930633862326263363634653736626330366235353635636631
|
||||||
37313639333233333365383763333061373730623939303530303832646365323739356564626137
|
65643532633239303061393332363264643336653365626634363339303538623230373035343837
|
||||||
35633366393636376463393961333830343232363266633931613332643134643234303733373466
|
61326662326631386234653833313663646232653939383833316266343530373166633339326135
|
||||||
35323831623931633436626636346431303965663639666566623433383736633834626330303265
|
63366235356334343130663832346238386133663364386266373932663036346565373964376433
|
||||||
37353337656233663938663839373931623137666662623266336537383631626631306235363064
|
65343931363538323734383339323131343337323332353163373338633634613036663331326533
|
||||||
33313564316438633139336261623736336336326239376630316335313631376132646563333430
|
62343663646537636534386631333230396235383961303538643433343037363065356137336133
|
||||||
33656432643130643832343065353834633366363339353964623762666564633835633636313731
|
61636462343335336431386538623037383639333735663465663864653337616534626634656138
|
||||||
63353637636165663136623736343234393038313235333363643237643566623766393838386635
|
31616634653863663935356432313839346666326361383631613936303231323930653666306331
|
||||||
33646233623032653233336266636335666233353032303837663162303939383262373761623261
|
36646265373538353038313563653739353030636637613930353866623433626633656532643039
|
||||||
35366661363966346233633739663635353361303264356534366235616164316138623730623632
|
65386563373064613263663935386337623938383936396336313538326131313530643565333065
|
||||||
62316362623736396264366632373661373835393434343364353431316362666235616635633566
|
36383334613961323237336362633833383438326331623565383966636330656163656431336537
|
||||||
64353530633334393737346663653562346335323065356665643132353738363132623031353664
|
32326238663236326536363862396134343565336432656233663631343264653639643732313734
|
||||||
66666639326238386634363664356664343161386435323736316636343536326435303066353035
|
30356537386439383639376165313639666237356433333964646662663032643834383930366565
|
||||||
37363731613138393333636562386363333932386362303139643262386237353863363764643139
|
36323063653366373132623664663664313434336463653361373636313964343939633036383730
|
||||||
64616561373239346464623165616332623434303433626638376232333733646136376431626438
|
33343261363334396639623035663436373431653366313866353263373036373733393035613531
|
||||||
66613134343639656331626630303030366133356636663735353466353834613430356265386162
|
35636433303132356333343539393236353331653932356530616662353939663961656137616634
|
||||||
66613332663232623438636661306332613162666561353537313336643134663664306630636639
|
61383538656363333437346535643132333163333936643361613835333861363561313930323862
|
||||||
61613363353264373831393962333631383236666130646333336431303735333165656438363432
|
64623439383335386565396130323366383962333833383238393361636562366361316563333731
|
||||||
38396530333631636135653534393531326434306362396237366430383166323832336434376364
|
62613037396236623461373432653261663261316530353434376665663339623464616265393931
|
||||||
38393431646338316232373431613930326532646333386435303034356564336665346133393866
|
35646463373262366564663034333038633733353032363331643265643836643136613233653065
|
||||||
61643533643361646265313334633463616437393437653935613261366635616430313064346532
|
32646537643562353565326332633230396235653234666637313535346530383766386130396539
|
||||||
32363831613565313836376338646466323130373032613863323037323566643164653132633735
|
65663661323934646630373361656262643231333465653138626266663161653831303230656561
|
||||||
65636562653535626461396666643330386333663137613333643165656336633038323036373162
|
37613431323333343936616430343434323366643535663562336535666536623365613361303861
|
||||||
31376338613862333334643561313332326237646565633934323032626662633631633033623063
|
33613035616139363537646239376563393165373363643037383639326362383963653736616631
|
||||||
63306664656437663732323339383735306132616531373865323835633264333639336163366466
|
63633239333265646430383630613462313933353566663765333533363863323861366566386331
|
||||||
33373433653839393638323034623835643531393266306331313563613265616633353763653438
|
34356133333635343866613063313738393733633965663739336663316231623038623736633264
|
||||||
65363532653163303861383531356639316331343531666666636336373634636134633331366364
|
35336631613165313532666161303265616365653038306333346136386162653861633036356664
|
||||||
62366230366435323435613964636533353236373935626632623536396664313264653031623062
|
64616136663430623562646132306262366362353861613239663563633234386366626564333537
|
||||||
33366166343630313839366262313234346262343336386538336335393835646138666330656361
|
65623439666139396634376534316630613461336666343162333139376461636235613639626663
|
||||||
61313936323838653832633130346539636363613838343363663431623063333933383466353938
|
34346232643764643065313130333765363766616631373265336234386664616334633261663631
|
||||||
65383361333561383631643938613862343236346233363466333237316339616362366565306639
|
62343439363163623731356538623061343935313366353839323665346266376631383234656135
|
||||||
39356563656132303463346138356435303038303165363935343266396462326365363262393336
|
37343536313136656633343938336465373131313033643136666164623338313063653262383961
|
||||||
37396235366639623761366239386165613065626431633733306234343866663266633631656237
|
61386336363932336131323735626162386264396236376330306336326331643834626537333164
|
||||||
63643430383433393835663635356265636635363137613064353066313338346436356632346265
|
62303237333538326432363137653261333937326234373665313135643465613734333065306463
|
||||||
38393730336465396263373137383238653337396364643061303234666266663064663265383434
|
66363662373165363337386534373965666466366566663832363433616334376139623937333435
|
||||||
36636138643432373633313038393737663735363838396164366234643533633762383062353831
|
62363433343330643763613435303839313665393162313737313439356331376137613635383630
|
||||||
66326231363337323666386263373438656630346336663239643030386434636264666634393631
|
38333032636564623236656236633031313838396131356431303133386364333763613534316264
|
||||||
39313364333761343532346165396365306463393037643935666363323630326664616638313338
|
66376665656535636331663333626163633035663332653139636262613031336532353336393131
|
||||||
39396336653738353333343835363861643166376565346463303135376439336134666235623230
|
66373861343332656131366265326230376662326162336638396365643532303666616630353537
|
||||||
32363031303732666133386164313437366164326539373564623236356432303132633436323563
|
35656433353765333531303464323166323538656437646564393039626337303361306564333234
|
||||||
36323634373538376133613736633133356638323861636434646465643432636366376138636232
|
62353666613439613565623932373937306130303730626332653333396631393031313031636535
|
||||||
63633830613462613831313938326339343632393038376639623131366364623536353338363439
|
31636263303632666466346263343232306262623231323161393866376165353938616536633662
|
||||||
32613331623863336165636364616634303264356630303665383638663737343836663831363263
|
39623962313465363561393434313331313065323665656266306338626665323863663362313264
|
||||||
63366562393734323030306436346534626530656465396535323835316139633562363830373437
|
32346136613339306539326561383333376632643365663834646465376364643965323934303835
|
||||||
63626530326530383538623165356532303862353763326432373966626436303465373431373762
|
39323935613463363431663333383638346665633434376232363163396664336335303866336563
|
||||||
38613539623164353732623636376630643465343839666531306438326633343362306665366132
|
37303435393962313061303365313261633037636165663339333534383461363335353533303133
|
||||||
39396537366266353864656232616334336130333337306463313932393832653661343036396261
|
65393834666431343630366461313563646162346232323838373834626334666532303062373236
|
||||||
64613461633433356334623631643861303133383963336635623138326139613564343838366565
|
64653662623362363535363962333561396131613638613237643164636335346231373539376232
|
||||||
36343130353462333162313736636139306233366466626231306561626335396262663531333839
|
61633731373632366461343630306662343130373665626138376434633963653932336233613336
|
||||||
61336437343137356335633764373730306466326133356331333530353537616661373062656438
|
32326237363063663233616533306337373331613234376264353531633034616638323462373264
|
||||||
35356235666464656466323937353837623535643937383866666133383633396563333338633034
|
66643238363838366430316135663161616663316165343334343533376637373632373634636339
|
||||||
38366531613164363966323137646237393135383164643230663331306335636432656565633636
|
64386230616139316435666661306237633434623638373235646161623538363132363833646532
|
||||||
34343031633632346533353666353034666266666561346464306665386634313263323333653330
|
65346431373439343434656630636164653766356439303530306432333931303539666131333332
|
||||||
66323033393531343633356466613837346164393332613037636465343230623731616361336338
|
31663039303133306436373531333831633461623635663332376438326133303538636137386263
|
||||||
61373332373636646435353734386366613334323161626437396232613534613330613532323534
|
37396263663737373264653863396233623333313930353661333264326230613466376535653933
|
||||||
65653065386432313733663165616333663666363733623162306536303833663136353334656466
|
32363232336531323034316637663061616136613038383966346337313534623738306662326533
|
||||||
64353931363838613761663561666639373865393438396565626661343934353662363834636535
|
34616464336239363431626537396164623562303662316564623964613630613065333630376633
|
||||||
65363664393433313036383438643864663339626331343230343337316437336634636363303563
|
36663864646463393333616539613731653339343332363061393664613563633836383331343836
|
||||||
35373539383535353235633730386232363539616632336566376264393832383637663330613133
|
66636538613265666430346634386561343538653730336130326333393733343866646430373930
|
||||||
37643261363966633138373935333438393536373938383265373261363232343030373539366335
|
36313730313338303538633739316365366364333563393432336565623330313734343030393364
|
||||||
61633162663137643061363366653135323639363838626266386262666133306461333432313738
|
32383434356330336234303666326464656537643664356565666661396161623234383262396465
|
||||||
30313332626166303630363839396663396564633961383863326663356230343938643833303933
|
31346130386635336136666335346431303061326538633361613763656166646266666330616266
|
||||||
34333032353935323565346633363537656639613663356130383264373739636231363364613066
|
36663662663739323032653935313766343330313133306661623237373836363863646135666434
|
||||||
36653664346434393933383337313630623131396461343930383537633536643365306564396665
|
64373036343639306337353465656631643566373561333464323630633466373462626131356234
|
||||||
31353861643335353538623838393335326364393738376239623431306231363739656438626265
|
38613231663833393732333663653162336466346130313833633630663965626130363065313031
|
||||||
37666532336661306262303761616238666239623265663231386165353437366631376234343035
|
32343465623932643036373830623965356437383864383037346430393065376530353133333030
|
||||||
33393037316563373534373765616238616639303031346430623561663430393536303163613338
|
61653032643238303338636638613464316539373761636662343935353363646434656131663435
|
||||||
65353062336164626335376235656235343637366438353334356436653266333062663838316263
|
65326135656366666436313661303065376137333462366537643666326664323735303939643961
|
||||||
32623732306462356162623437393035626433336631643833626463656634366332613936346465
|
37373764623733356633353236623534323734383664306166303762353135346237366462646131
|
||||||
34653331363133373635633330363564333264623566613432383439396537343963653239336265
|
63306533663930393665333864666530666232353562373436333034626236653462336638663438
|
||||||
33326132663434363065646265646130333935303662623037363938313464366564323734333437
|
64613564636537306530353839373366646136353039626264646463306539336261613735623461
|
||||||
36336335303738643634653164306332636130316161393335656536386131396662616366383139
|
38323735393166383861613065386466626534373034353130653731666138643837663662383130
|
||||||
36663863343736666665363337663537326330323437346565346465326231366563643136366365
|
66303363663635333530363630653937633332316535643261346238663932363963323932373266
|
||||||
37636361343961326261336437616266373962643765346438333766306537303137353764396330
|
66663436343361656464333533663633633564326234363062613433346536323731333438636633
|
||||||
39626635373631353635313935363834363730386132376363663462653330623130663266373432
|
37316464326432616432616661323635623236636361313166353230306362383437323231626237
|
||||||
65343237326535613535386363396236336536366165306463643162346638623638373433646163
|
62663338383461613239306339323336626361656165353532633834326337656533303334613661
|
||||||
62613935363636353639623839396231393838303135346536383037353636613563323234626131
|
65626565613337636238653031356635393062643739666661623463643633386233633634353265
|
||||||
64373666303436393861373164376564646235366131343433623733663832653039393738343537
|
37396363636339653765643435303535393738303637313835653564306463306637353132303735
|
||||||
65323534343464613230346532623966616462353532373064623566626563336464326336393364
|
65333236663733333262663336393266346134613435636535376462363033383062356263333263
|
||||||
39626237646431313135323036303065343138616632343237396136366332636132303037376132
|
39356561333435643639666562363338616133386338353837336230666232646135386436343265
|
||||||
33623031623635653162616265316366663262373666636638386130643336383130643232643662
|
35666537313862643466313635643834363138653735633364636138376162623463343330336163
|
||||||
34326663343562613962343033396332303261636230353331313730336630633461333736626333
|
30333832663438396531333136396362636263343430393732396433316132616238333034353634
|
||||||
66636430643330383032646634396133626339623036333963396662313234623466366634636334
|
62326133303466373662616237353865396363363932363161643939333564663335363661653939
|
||||||
33373762386662613966353664346239666133656435353365653536356331613632666132376264
|
35356362653163613966313063326630616339373133333236636138383662616236643262393332
|
||||||
62613433366633663065306166396166633836306139376533396165393966323465303638373563
|
39633962336366666331343537643032303337326637303466346435643730626361376132393962
|
||||||
63326330323161303065643365343363313338326238363137663139613463613434643834613662
|
33303932373136613261396639636264353832643531653635306231616531636462616238363038
|
||||||
64663365633965653363633165653038333335333232633434323037643936646561376431626230
|
38316439373637316465663833356539383839393236313639326364303861656333613663353231
|
||||||
66356138373136366134373533386634373061666330663364376336383433306331386162393633
|
62323533363534363165313462656230623930373361373039313362613861363832396638386630
|
||||||
33636330643531396464313736363061303466393861613730323563626363643731333633366532
|
65636266303661336331383562626561633035376135383164343265383432326438303163623338
|
||||||
64646130636234653566346533323962353332653335336239353630633535623935396638663366
|
63303432663664363232333838343937353535346131613762386338346131643865333139616161
|
||||||
37383661343636613261623833653032373764653164346634663431653664636233323734666166
|
66306237303331623339396162663966666336366632313034366130353762373031366664376639
|
||||||
36373664306566663930353338366431623563396166356638626166333165623263636336613138
|
34346432616334356565633438346134336363386434656238343830346661326465623235656165
|
||||||
34343936393964666564306637346561393538383137663162663630336462656663316338376236
|
30366565316666633433393663646139623234303735386430346132616239303365666432313533
|
||||||
63633666333263663734353861633164653132663334306664643133663736663766626639393236
|
34653336303334663433303438303137313939343535303332306163346562643033653632633639
|
||||||
32653430333163313363343731666135656662363838366132383732346130313130363365656263
|
33633632376433346333663665666339653334623934636231616637613837633731383963356434
|
||||||
32643533393163376264653632663262353966306630333064313932616262323134326361633764
|
65316566666666666233363965303961366338653632313265353137383332633138383133363166
|
||||||
63383837303936616434616630653833653833623263623532306363373836323431393335623530
|
37343262393330663130346361336233656361376334353332636566373339623133346264376430
|
||||||
34316562343035326265333164643163356230643639373431326431303538346363376332373434
|
36323334326633623430353837346638653931333033373230303238303132333838373835626130
|
||||||
31313666313663343363353130306561646136393732663164393232636330663635346434343134
|
30636639363936383236366130646331356333623132303630336263373062653230633034363431
|
||||||
33663138663336636430373763396435323138373633666438623234363631336232366635366532
|
65333037656332353930396461633938303534396464613433393566363136366232653363313636
|
||||||
62616239663934653462656163326134303261376635323864633435383666363065656665303538
|
31623637326163356236393732646361633134373330303166316138313630343535643863323163
|
||||||
62626538343638366236646136363232373437336630383739656438636465326531646664366462
|
63626237313131653838303035643863663863646561343463653331393762663336346362346135
|
||||||
36353663626634386538336239623734323234393463313034303837363164363263623065613061
|
38303134643233623134326434643534663637626466396533386464353038663561336236636237
|
||||||
38333162646232366339333662313965663336613238386530393162346266636532353433656136
|
62313562646365346531346331646537326534366137313230386663623537623465373834646438
|
||||||
66326436323836376432313238613165373565643233333435393361636637653361616435393438
|
35356539376565633065306134356366306563306235643132393763343164373633313463663136
|
||||||
32383763393561343734643438346635613663393736613839623263663866336165343235663933
|
39376663623963323063636631626264356230636434386666666366333561393430613264396164
|
||||||
66623137616561313462653631613830363666653635336534643935373739353138363934656134
|
36306436366366666461306239663438323764363130346534336334346265313631363033363134
|
||||||
35663063396162623432373534333463376231666466393963336231653939326663396336383735
|
32346434346263343933343236306432666434653035313638626637626664383836613964353761
|
||||||
34633763336163313432616163313638623963306666643432306661393632346339373963633265
|
66303539663239313766343661396233333236633763313037396235626136323432313236623339
|
||||||
32303862643661376433356661383335313365306534663534396638313531373538326236636363
|
65343931343035663636363062626432613836303861653236363736356163396264633032306132
|
||||||
37626138333437393363323261336663653163643565303063313231346131376261653763356631
|
32366238623464633031343261616665393530633264633664333063313736363331653032313164
|
||||||
62306262336337366134626632333663363139393131306666303235303761623665356431646234
|
35313939333035373663353063633066323137336233616131623565313365373563363563623861
|
||||||
33666461663035303066353137623762653565353533613435663839396238336337333463636465
|
38336532396531343834623330336264303964383564336664396139663765376635313333663034
|
||||||
38353135356634626137376232613330393235383432356436393030313564306537616363383136
|
35353961663562333137613864346234326261626630623861326533323435663561663165383132
|
||||||
66356463373138313661373565326565343066643133633630313031303132313031663739316631
|
30623631393235616136636536363032346363363032613730336238666366356131383862613862
|
||||||
66666631386163313034306532393862393930653931363235396662366262636466363464396466
|
31626134636637336361323435656365383261383235316136393032663338653032343065363637
|
||||||
61303962303066633764393831396632626233343633313061323838623134373036393164633139
|
61383764306630333765393533303238316466626361353937636339306666623134303565386632
|
||||||
30303861636335636131376334376239636235653233323435623262366132663934613661333135
|
64656636643334646665336532643436343132653461356339366431653037393737383533383564
|
||||||
61386136326435363337316363666330363431613135663661303438383664663930656564373730
|
62396663366332353735363030626165663664666465643238316237633538623664313533343062
|
||||||
32373731393666333364633835646431646662313232383136616238303264383438663766356462
|
33393363323762393130653665336161383935303336386531656133373665613332663736646137
|
||||||
32346664376430663934626661663039656461383738626265346162393861346163656161323333
|
32373139376263333731366164383834343365333837633736366632386139383563366131323666
|
||||||
39323666643031376530303230626166613233383731363766373634623430633635303963313466
|
65313862626335653630623262316563386331393236383633336133343062353031346435616339
|
||||||
34646331363539636133373134353535356265393265393635323532323134643034343663636362
|
30383534313865363162356130616130656434383133643365306462313361666361613836633763
|
||||||
38633261613433393634396234396265623063346138363133646532366638306632396464646432
|
37383933666264646163643033323836306333633264326335316163333464623737343465373961
|
||||||
61373961383438386535336131393633303430346162613738343839653038303035303033626535
|
35393661393664323335626639333361393034306339393164373132373665383036323566626363
|
||||||
37343030623530333332306265373539633735616634663666356437303862636338363866613861
|
30623733306363626237626466613462623362646664346533316362333037393736363161363133
|
||||||
38346130336338373865343866306665616530313938616366346131376262346135323537663137
|
63373539626232633565636362646637336465623734366164396663303037623333656161313331
|
||||||
39383366313766666234323234363937623264353532323033363966313135653163343036666262
|
62303139646130316263633165653063666366383964376535343232343363393062393336663538
|
||||||
34393832613034383239393930383063336131356364303231323966303633333331633666373764
|
36356362366665643365656566653638343361306663396661303735353536323737653338306534
|
||||||
65383137333965663234663933303231356165376233326233303035316536666563656363343933
|
35323139616563383339656235353230316436666534366362323631316263333435316531303766
|
||||||
36633039666432643135636331353932633164633964623661373739633665313433306561303637
|
62376263363439366236636133613634333238336237333665636662353132373134326230356133
|
||||||
62373534346562363132643063643732343462653838393635343266626535353864656437313434
|
32383537633764663538326466663936373266376232643131393732356361353864353235303162
|
||||||
34376538303965616539626534613431623834376337643936613137323031323139393762636463
|
32623038616231653965373538653036393864373064646366333162363639306364396363636337
|
||||||
66346664666361623636666533663037613434353135393862376633636233656330366136646434
|
36303533663862313133336533653439623663373463633162353638313434353766633765623938
|
||||||
30653735323961383130393763333630306131376430363436623238646632363462383739653636
|
35306432626562386331396534643261663362363861366532343831646463653330343037643832
|
||||||
37346566663039383866323639633565366338353438386461616239313639343766333661346435
|
36333433633761633765363531356439663861313936353863366164343163646239313830346364
|
||||||
33316538366463383733346663316564656566656165396465393461363061613239666165346661
|
65303632373335346231643662336564303764633239396232326366383662346637666336666366
|
||||||
62346639623163363762366431313831663135643062336363323336303737393437653863303665
|
38643937306561663839383933663035393664663531353961393138333330616663396338623763
|
||||||
36643466336566336236353166333063633830646461626262333937316162353365353130353535
|
63643165346532326565613466643066643366363237356337663239386437356234363861633066
|
||||||
30383164363532363532306364393236303537383139643431393962333063633162313033613561
|
63313763323064633030333338613565316362346338643439396532303635633337643931656363
|
||||||
32323434336364343061386666616639336566373461633462393130336461303531353436623065
|
34383365616364373530613864363934303837653639373831383139633765656337353764323261
|
||||||
65663430623066336533373662306566396263376562343936666166626666323964373334613835
|
36663738393863613263356230666636616534333036663964343862333763646636653063373235
|
||||||
64633535303365643564626562643562636363363834353865353765356665643965663861366436
|
39373639343138366530396136313435633163346264643566323537616330643639643230656430
|
||||||
63333736613232353130616466316637613966646139323565356537666331666564623832333439
|
33613637653033313135383332373433633639393564316337633764356565306130663237393533
|
||||||
36376131663431616430616265323039646432393166613631313762613264313765323231663961
|
65666632316562306366616536633535636635613566636336363462346533303537393132303932
|
||||||
65616636306362386534626130636261636566626365643630616135323634343935653033653433
|
38613934653363393437316261323931346633623632363863396365346562373964313237363130
|
||||||
3061
|
64333137396235303765643464353931636466376437626130336366653339306335656235336235
|
||||||
|
38636532393165346132313161316339616362623834636465396362373734646533646334313335
|
||||||
|
34613534643764663832666139666631316334653232613036306634643337666236353931326431
|
||||||
|
62363965663736653865373838326563363937313334373937353564363562323834383335663633
|
||||||
|
36393731366263353565646463646464613236663232333035376531333863343261383933363764
|
||||||
|
36303466353536633961633536333663393862396136353930333033373664616266646463333465
|
||||||
|
31333636333337656537353631656631376432376562386235346464323933303666616661313639
|
||||||
|
62646439633264623735343164613066623464613538666134316338356235363861643965343034
|
||||||
|
33656664373766616137383937363738313935616162326435616630373234613161333132323230
|
||||||
|
36366330343034646431343163626235313863376237353465373562363966366161636165353365
|
||||||
|
61336661376162396633383939323566643730613837313233623339656433303862336665393762
|
||||||
|
35616365343239376432363061626566653931643633373634396565623965323239396466313462
|
||||||
|
62393466636436353763336635306365373730626161363836663137646437343330326135393231
|
||||||
|
64343539613233353637323534306337643865623738633030373637636335626437373162336662
|
||||||
|
30313033373336363735393435383063303133636334303531343061333133343537373239313433
|
||||||
|
61303131353535303937636432633337323763363463366636396632663438396234343133643636
|
||||||
|
34343938323537356465613764656239663764363161663931666631643132393538613265353235
|
||||||
|
30326364346362353661346431316666363037633031343236363365336234353963303863636662
|
||||||
|
36323231393433623239613065326239323866323430646530376366353035336665383536313962
|
||||||
|
61303838376235333532643338323361356339323966343334353731373932656563306263646632
|
||||||
|
62343164353162313164373036393139353566396638356532633234396661656633313437313732
|
||||||
|
62396134663436663133376465636164306634343531393431383630376563343062313866363839
|
||||||
|
66393939383138396632313962613736343431643834646564353562343938313033636166623031
|
||||||
|
62383863613465656638646236356334346130623163333630323935326439636632663333393136
|
||||||
|
32373265373665386164333330366535383663623235336362653634656164643635396163363930
|
||||||
|
66346137313031636533386337653137336263323138313462343936643630383233323236613466
|
||||||
|
65313435386565366161336631333064383734616464356134383661613665623566346131303730
|
||||||
|
38653339643962616538373263373433396535623066373466326331323131623866613132363765
|
||||||
|
65373433336133303839383463663861383835336337303537306136666134393631393133306666
|
||||||
|
32353836623636343037383032663333333265393835623531323532376330326130613134396261
|
||||||
|
64303063393332393439323930376464333338626331643261326131636434343538343761643231
|
||||||
|
64616233376236373436396234383235343662343538383830633337373037326231313332653263
|
||||||
|
34333830353633626136633737303138363932303534343238333234626535313433666337376162
|
||||||
|
34366365353335396163313032663561643466393535366139626266363732633363343963383561
|
||||||
|
61626334303635383463636163306238653830366236396632653866636533613334653737646633
|
||||||
|
65626166323531353139313538386435363961386664653036336136636337653463376136336565
|
||||||
|
37623531636639363434393738373038376264626163363131383835653965323566356639323239
|
||||||
|
35396238323831356133393365666238663563333335373664313165373039373465323532333361
|
||||||
|
38623635313838626135303262653935653539646130306138363662626664623263303661366632
|
||||||
|
37623035336336396636383139373139353034373864653235336132626531666366653564373735
|
||||||
|
30666364623463386465366635643935393332306630313233653234326663376137663065653937
|
||||||
|
32306461396132313630646462363962316238363935386339333236653364643330356535646630
|
||||||
|
36353237343961303164616236613063333163303233316666313864666363396361316337326263
|
||||||
|
39613665366662313430306230663235393331626335623334303161643232656337313066363235
|
||||||
|
64376635653231343031323838363931396235383936373735303965636633323530306233336264
|
||||||
|
31343063653636616532343764623434393936363433356265633433633434343266303462626131
|
||||||
|
65663638373565613233643566373032376434646566613835376639366539386336396134353166
|
||||||
|
64663832343239383234393264383961663461376238373132613933643363393665663833356664
|
||||||
|
66323064623738326636343236306639656634373263356433303264386333363933343438623531
|
||||||
|
34306632323665613266626666623134303338306639633466356232333336363438623630303734
|
||||||
|
30336237316235363535396633313561373931623133373564383165643339613337616437353033
|
||||||
|
33303439616232366331393763326564613439383630316530646432353866303563643637373738
|
||||||
|
3764
|
||||||
|
|
69
group_vars/dhcp/dhcpd.yml
Normal file
69
group_vars/dhcp/dhcpd.yml
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
---
|
||||||
|
dhcpd__omapi_key:
|
||||||
|
algorithm: hmac-sha512
|
||||||
|
secret: 99XuJO0ofX3VAnWWlyixWbQ5YTagPfgxyh14IbLNBb3/JzEklkWopvQdj/PXVYbfb/sRyFJBhLexPag4dLh7PA==
|
||||||
|
|
||||||
|
dhcpd__interfaces:
|
||||||
|
- client0
|
||||||
|
- client1
|
||||||
|
- client2
|
||||||
|
- client3
|
||||||
|
- client4
|
||||||
|
|
||||||
|
dhcpd__dns_servers:
|
||||||
|
- 10.128.10.3
|
||||||
|
- 10.128.10.103
|
||||||
|
|
||||||
|
dhcpd__domain_search:
|
||||||
|
- isp.auro.re.
|
||||||
|
- auro.re.
|
||||||
|
|
||||||
|
dhcpd__subnets:
|
||||||
|
- network: 100.64.0.0/27
|
||||||
|
routers:
|
||||||
|
- 100.64.0.1
|
||||||
|
start: 100.64.0.4
|
||||||
|
end: 100.64.0.30
|
||||||
|
domain_name: client0.isp.auro.re
|
||||||
|
failover: true
|
||||||
|
- network: 100.64.0.32/27
|
||||||
|
routers:
|
||||||
|
- 100.64.0.31
|
||||||
|
start: 100.64.0.33
|
||||||
|
end: 100.64.0.63
|
||||||
|
domain_name: client1.isp.auro.re
|
||||||
|
failover: true
|
||||||
|
- network: 100.64.0.64/27
|
||||||
|
routers:
|
||||||
|
- 100.64.0.65
|
||||||
|
start: 100.64.0.67
|
||||||
|
end: 100.64.0.95
|
||||||
|
domain_name: client2.isp.auro.re
|
||||||
|
failover: true
|
||||||
|
- network: 100.64.0.96/27
|
||||||
|
routers:
|
||||||
|
- 100.64.0.97
|
||||||
|
start: 100.64.0.99
|
||||||
|
end: 100.64.0.127
|
||||||
|
domain_name: client3.isp.auro.re
|
||||||
|
failover: true
|
||||||
|
- network: 100.64.0.128/27
|
||||||
|
routers:
|
||||||
|
- 100.64.0.129
|
||||||
|
start: 100.64.0.131
|
||||||
|
end: 100.64.0.159
|
||||||
|
domain_name: client4.isp.auro.re
|
||||||
|
|
||||||
|
dhcpd__failover:
|
||||||
|
dhcp-1.isp.infra.auro.re: 10.210.1.1
|
||||||
|
dhcp-2.isp.infra.auro.re: 10.210.1.2
|
||||||
|
|
||||||
|
dhcpd__failover_address: "{{ dhcpd__failover[inventory_hostname] }}"
|
||||||
|
|
||||||
|
dhcpd__failover_peer_address: "{{ dhcpd__failover
|
||||||
|
| dict2items
|
||||||
|
| selectattr('key', '!=',
|
||||||
|
inventory_hostname)
|
||||||
|
| map(attribute='value')
|
||||||
|
| first }}"
|
||||||
|
...
|
24
group_vars/dns/kresd.yml
Normal file
24
group_vars/dns/kresd.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
kresd__listen:
|
||||||
|
- address: 0.0.0.0
|
||||||
|
port: 53
|
||||||
|
kind: dns
|
||||||
|
- address: "::"
|
||||||
|
port: 53
|
||||||
|
kind: dns
|
||||||
|
- address: 0.0.0.0
|
||||||
|
port: 853
|
||||||
|
kind: tls
|
||||||
|
- address: "::"
|
||||||
|
port: 853
|
||||||
|
kind: tls
|
||||||
|
- address: 0.0.0.0
|
||||||
|
port: 8453
|
||||||
|
kind: webmgmt
|
||||||
|
- address: "::"
|
||||||
|
port: 8453
|
||||||
|
kind: webmgmt
|
||||||
|
tls: false
|
||||||
|
|
||||||
|
kresd__cache_size: 512
|
||||||
|
...
|
21
group_vars/edge/keepalived.yml
Normal file
21
group_vars/edge/keepalived.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
keepalived__virtual_router_id: 81
|
||||||
|
|
||||||
|
keepalived__interface: back0
|
||||||
|
|
||||||
|
keepalived__virtual_addresses:
|
||||||
|
crans0:
|
||||||
|
- 185.230.79.254/29
|
||||||
|
- 2a0c:700:28::2/64
|
||||||
|
- fe80::1/10
|
||||||
|
zayo0:
|
||||||
|
- 2001:1b48:2:103::d7:2/126
|
||||||
|
- 83.167.52.69/31
|
||||||
|
- fe80::1/10
|
||||||
|
oti0:
|
||||||
|
- 2a00:a4c0:100c:1::b/127
|
||||||
|
- 77.95.70.11/31
|
||||||
|
- fe80::1/10
|
||||||
|
|
||||||
|
keepalived__main: "{{ inventory_hostname_short == 'edge-1' }}"
|
||||||
|
...
|
86
group_vars/infra/bird.yml
Normal file
86
group_vars/infra/bird.yml
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
---
|
||||||
|
bird__kernel:
|
||||||
|
kernel:
|
||||||
|
learn: true
|
||||||
|
import: accept
|
||||||
|
export: accept
|
||||||
|
|
||||||
|
bird__ospf:
|
||||||
|
limits:
|
||||||
|
import: 4000
|
||||||
|
export: 4000
|
||||||
|
import: accept
|
||||||
|
export:
|
||||||
|
protos: kernel
|
||||||
|
areas:
|
||||||
|
0:
|
||||||
|
broadcast:
|
||||||
|
- back0
|
||||||
|
stub:
|
||||||
|
- monit0
|
||||||
|
- wifi0
|
||||||
|
- int0
|
||||||
|
- sw0
|
||||||
|
- bmc0
|
||||||
|
- pve0
|
||||||
|
- isp0
|
||||||
|
- ext0
|
||||||
|
- pub0
|
||||||
|
- th30
|
||||||
|
- ups0
|
||||||
|
1:
|
||||||
|
broadcast:
|
||||||
|
- vpn0
|
||||||
|
|
||||||
|
bird__bgp:
|
||||||
|
edge1:
|
||||||
|
local:
|
||||||
|
address: "{{ bird__bgp_addr.back }}"
|
||||||
|
as: "{{ bird__as.aurore }}"
|
||||||
|
neighbor:
|
||||||
|
address:
|
||||||
|
- 2a09:6840:203::1:1
|
||||||
|
- 10.203.1.1
|
||||||
|
as: "{{ bird__as.aurore }}"
|
||||||
|
import:
|
||||||
|
- pref_src: "{{ bird__pref_src_addr }}"
|
||||||
|
- accept
|
||||||
|
export: reject
|
||||||
|
edge2:
|
||||||
|
local:
|
||||||
|
address: "{{ bird__bgp_addr.back }}"
|
||||||
|
as: "{{ bird__as.aurore }}"
|
||||||
|
neighbor:
|
||||||
|
address:
|
||||||
|
- 2a09:6840:203::1:2
|
||||||
|
- 10.203.1.2
|
||||||
|
as: "{{ bird__as.aurore }}"
|
||||||
|
import:
|
||||||
|
- pref_src: "{{ bird__pref_src_addr }}"
|
||||||
|
- accept
|
||||||
|
export: reject
|
||||||
|
#wg1:
|
||||||
|
#local:
|
||||||
|
#address: "{{ bird__bgp_addr.vpn }}"
|
||||||
|
#as: "{{ bird__as.aurore }}"
|
||||||
|
#neighbor:
|
||||||
|
#address:
|
||||||
|
# - 2a09:6840:213::1:3
|
||||||
|
# - 10.213.1.3
|
||||||
|
#as: "{{ bird__as.aurore }}"
|
||||||
|
#rr_cluster_client: 10.203.1.1
|
||||||
|
#import: reject
|
||||||
|
#export: accept
|
||||||
|
#wg2:
|
||||||
|
#local:
|
||||||
|
#address: "{{ bird__bgp_addr.vpn }}"
|
||||||
|
#as: "{{ bird__as.aurore }}"
|
||||||
|
#neighbor:
|
||||||
|
#address:
|
||||||
|
# - 2a09:6840:213::1:4
|
||||||
|
# - 10.203.1.4
|
||||||
|
#as: "{{ bird__as.aurore }}"
|
||||||
|
#rr_cluster_client: 10.203.1.1
|
||||||
|
#import: reject
|
||||||
|
#export: accept
|
||||||
|
...
|
365
group_vars/infra/firewall.yml
Normal file
365
group_vars/infra/firewall.yml
Normal file
|
@ -0,0 +1,365 @@
|
||||||
|
---
|
||||||
|
firewall__zones:
|
||||||
|
adm-legacy:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:128::/64
|
||||||
|
- 10.128.0.0/16
|
||||||
|
ups:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:201::/64
|
||||||
|
- 10.201.0.0/16
|
||||||
|
back:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:203::/64
|
||||||
|
- 10.203.0.0/16
|
||||||
|
monit:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:204::/64
|
||||||
|
- 10.204.0.0/16
|
||||||
|
wifi:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:205::/64
|
||||||
|
- 10.205.0.0/16
|
||||||
|
int:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:206::/64
|
||||||
|
- 10.206.0.0/16
|
||||||
|
sw:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:207::/64
|
||||||
|
- 10.207.0.0/16
|
||||||
|
bmc:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:208::/64
|
||||||
|
- 10.208.0.0/16
|
||||||
|
pve:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:209::/64
|
||||||
|
- 10.209.0.0/16
|
||||||
|
isp:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:210::/64
|
||||||
|
- 10.210.0.0/16
|
||||||
|
ext:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:211::/64
|
||||||
|
- 10.211.0.0/16
|
||||||
|
pub:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:215::/64
|
||||||
|
- 45.66.111.192/27
|
||||||
|
vpn-clients:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:212::/64
|
||||||
|
- 10.212.0.0/16
|
||||||
|
vpn:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:213::/64
|
||||||
|
- 10.213.0.0/16
|
||||||
|
infra:
|
||||||
|
zones:
|
||||||
|
- adm-legacy
|
||||||
|
- ups
|
||||||
|
- back
|
||||||
|
- monit
|
||||||
|
- wifi
|
||||||
|
- int
|
||||||
|
- sw
|
||||||
|
- bmc
|
||||||
|
- pve
|
||||||
|
- isp
|
||||||
|
- ext
|
||||||
|
- pub
|
||||||
|
- vpn
|
||||||
|
internet:
|
||||||
|
negate: true
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840::/32
|
||||||
|
- 2a09:6841::/32
|
||||||
|
- 2a09:6842::/32
|
||||||
|
- 45.66.108.0/22
|
||||||
|
- 10.0.0.0/8
|
||||||
|
- 100.64.0.0/10
|
||||||
|
prometheus.int:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:204::1:1
|
||||||
|
- 10.204.1.1
|
||||||
|
- 2a09:6840:204::1:2
|
||||||
|
- 10.204.1.2
|
||||||
|
grafana.adm:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:128::98
|
||||||
|
- 10.128.0.98
|
||||||
|
nextcloud.adm:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:128::58
|
||||||
|
- 10.128.0.58
|
||||||
|
dns.int:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:206::1:1
|
||||||
|
- 10.206.1.1
|
||||||
|
- 2a09:6840:206::1:2
|
||||||
|
- 10.206.1.2
|
||||||
|
ntp.int:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:206::1:5
|
||||||
|
- 10.206.1.5
|
||||||
|
- 2a09:6840:206::1:6
|
||||||
|
- 10.206.1.6
|
||||||
|
docker-ovh.adm:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:128::150
|
||||||
|
- 10.128.0.150
|
||||||
|
mx.test:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:211::1:5
|
||||||
|
- 45.66.111.208
|
||||||
|
- 10.128.1.5
|
||||||
|
proxy.pub:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:215::1:1
|
||||||
|
- 45.66.111.206
|
||||||
|
collabora.ext:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:211::1:1
|
||||||
|
- 10.211.1.1
|
||||||
|
ns-1.pub:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:215::1:2
|
||||||
|
- 45.66.111.205
|
||||||
|
ns-2.pub:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:215::1:3
|
||||||
|
- 45.66.111.207
|
||||||
|
ns-master.int:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:206::1:7
|
||||||
|
- 10.206.1.7
|
||||||
|
|
||||||
|
firewall__input:
|
||||||
|
- iif:
|
||||||
|
- back0 # FIXME link-local
|
||||||
|
- vpn0
|
||||||
|
verdict: accept
|
||||||
|
- src:
|
||||||
|
- back
|
||||||
|
- vpn
|
||||||
|
verdict: accept
|
||||||
|
- src: monit
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 9100
|
||||||
|
verdict: accept
|
||||||
|
- src: monit
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 9324
|
||||||
|
verdict: accept
|
||||||
|
- protocols:
|
||||||
|
icmp: true
|
||||||
|
verdict: accept
|
||||||
|
- protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 22
|
||||||
|
verdict: accept
|
||||||
|
- verdict: drop
|
||||||
|
|
||||||
|
firewall__output:
|
||||||
|
- verdict: accept
|
||||||
|
|
||||||
|
firewall__forward:
|
||||||
|
- src: back
|
||||||
|
dst: infra
|
||||||
|
verdict: accept
|
||||||
|
- src: infra # FIXME: temporary
|
||||||
|
dst: internet
|
||||||
|
verdict: accept
|
||||||
|
- src: monit
|
||||||
|
dst: bmc
|
||||||
|
protocols:
|
||||||
|
icmp: true
|
||||||
|
verdict: accept
|
||||||
|
- dst: mx.test
|
||||||
|
protocols:
|
||||||
|
icmp: true
|
||||||
|
verdict: accept
|
||||||
|
- dst: mx.test
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport:
|
||||||
|
- 25
|
||||||
|
- 465
|
||||||
|
- 993
|
||||||
|
verdict: accept
|
||||||
|
# NS
|
||||||
|
- dst:
|
||||||
|
- ns-1.pub
|
||||||
|
- ns-2.pub
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 53
|
||||||
|
verdict: accept
|
||||||
|
- dst:
|
||||||
|
- ns-1.pub
|
||||||
|
- ns-2.pub
|
||||||
|
protocols:
|
||||||
|
udp:
|
||||||
|
dport: 53
|
||||||
|
verdict: accept
|
||||||
|
- src:
|
||||||
|
- ns-1.pub
|
||||||
|
- ns-2.pub
|
||||||
|
dst: ns-master.int
|
||||||
|
protocols:
|
||||||
|
udp:
|
||||||
|
dport: 53
|
||||||
|
verdict: accept
|
||||||
|
- src:
|
||||||
|
- ns-1.pub
|
||||||
|
- ns-2.pub
|
||||||
|
dst: ns-master.int
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 53
|
||||||
|
verdict: accept
|
||||||
|
# SNMP
|
||||||
|
- src: monit
|
||||||
|
dst:
|
||||||
|
- sw
|
||||||
|
- ups
|
||||||
|
protocols:
|
||||||
|
udp:
|
||||||
|
dport: 161
|
||||||
|
verdict: accept
|
||||||
|
# Alertmanager
|
||||||
|
- src: monit
|
||||||
|
dst: docker-ovh.adm
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 9093
|
||||||
|
verdict: accept
|
||||||
|
- src: adm-legacy
|
||||||
|
dst: bmc
|
||||||
|
verdict: accept
|
||||||
|
# Prometheus for Grafana
|
||||||
|
- src: grafana.adm
|
||||||
|
dst: prometheus.int
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 9090
|
||||||
|
verdict: accept
|
||||||
|
# Admin VPN clients
|
||||||
|
- src: vpn-clients
|
||||||
|
dst: infra
|
||||||
|
verdict: accept
|
||||||
|
# Prometheus node
|
||||||
|
- src: monit
|
||||||
|
dst: infra
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 9100
|
||||||
|
verdict: accept
|
||||||
|
# Prometheus bird
|
||||||
|
- src: monit
|
||||||
|
dst: back
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 9324
|
||||||
|
verdict: accept
|
||||||
|
# Prometheus kresd
|
||||||
|
- src: monit
|
||||||
|
dst: dns.int
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 8453
|
||||||
|
verdict: accept
|
||||||
|
# Allow DNS from infra to dns-{1,2}
|
||||||
|
- src: infra
|
||||||
|
dst: dns.int
|
||||||
|
protocols:
|
||||||
|
udp:
|
||||||
|
dport: 53
|
||||||
|
verdict: accept
|
||||||
|
- src: infra
|
||||||
|
dst: dns.int
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 53
|
||||||
|
verdict: accept
|
||||||
|
# Allow NTP from infra to ntp-{1,2}
|
||||||
|
- src: infra
|
||||||
|
dst: ntp.int
|
||||||
|
protocols:
|
||||||
|
udp:
|
||||||
|
dport: 123
|
||||||
|
verdict: accept
|
||||||
|
# Admin Wireguard
|
||||||
|
- dst:
|
||||||
|
- 2a09:6840:211::1:1
|
||||||
|
- 45.66.111.204
|
||||||
|
- 10.211.1.1
|
||||||
|
protocols:
|
||||||
|
udp:
|
||||||
|
dport: 5121
|
||||||
|
verdict: accept
|
||||||
|
# Proxy web
|
||||||
|
- dst: proxy.pub
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport:
|
||||||
|
- 80
|
||||||
|
- 443
|
||||||
|
verdict: accept
|
||||||
|
- src: proxy.pub
|
||||||
|
dst: grafana.adm
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 3000
|
||||||
|
verdict: accept
|
||||||
|
- src: proxy.pub
|
||||||
|
dst: nextcloud.adm
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 8080
|
||||||
|
- src: proxy.pub
|
||||||
|
dst: adm-legacy
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport:
|
||||||
|
- 80
|
||||||
|
- 443
|
||||||
|
verdict: accept
|
||||||
|
# ICMP to public vlan
|
||||||
|
- dst: pub
|
||||||
|
protocols:
|
||||||
|
icmp: true
|
||||||
|
verdict: accept
|
||||||
|
# Proxy -> Collabora
|
||||||
|
- src: proxy.pub
|
||||||
|
dst: collabora.ext
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport: 9980
|
||||||
|
verdict: accept
|
||||||
|
# Collabora -> Proxy
|
||||||
|
- src: collabora.ext
|
||||||
|
dst: proxy.pub
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport:
|
||||||
|
- 80
|
||||||
|
- 443
|
||||||
|
verdict: accept
|
||||||
|
|
||||||
|
firewall__nat:
|
||||||
|
- src: 10.0.0.0/8
|
||||||
|
dst: internet
|
||||||
|
protocols: null
|
||||||
|
snat:
|
||||||
|
addr: 45.66.111.200/30
|
||||||
|
#- src: monit
|
||||||
|
# dst: adm-legacy
|
||||||
|
# protocols: null
|
||||||
|
# snat:
|
||||||
|
# addr: 10.203.1.3/32
|
||||||
|
...
|
59
group_vars/infra/keepalived.yml
Normal file
59
group_vars/infra/keepalived.yml
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
---
|
||||||
|
keepalived__virtual_router_id: 82
|
||||||
|
|
||||||
|
keepalived__interface: back0
|
||||||
|
|
||||||
|
keepalived__virtual_addresses:
|
||||||
|
ups0:
|
||||||
|
- 10.201.0.1/16
|
||||||
|
- 2a09:6840:201::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
monit0:
|
||||||
|
- 10.204.0.1/16
|
||||||
|
- 2a09:6840:204::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
wifi0:
|
||||||
|
- 10.205.0.1/16
|
||||||
|
- 2a09:6840:205::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
int0:
|
||||||
|
- 10.206.0.1/16
|
||||||
|
- 2a09:6840:206::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
sw0:
|
||||||
|
- 10.207.0.1/16
|
||||||
|
- 2a09:6840:207::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
bmc0:
|
||||||
|
- 10.208.0.1/16
|
||||||
|
- 2a09:6840:208::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
pve0:
|
||||||
|
- 10.209.0.1/16
|
||||||
|
- 2a09:6840:209::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
isp0:
|
||||||
|
- 10.210.0.1/16
|
||||||
|
- 2a09:6840:210::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
ext0:
|
||||||
|
- 10.211.0.1/16
|
||||||
|
- 2a09:6840:211::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
th30:
|
||||||
|
- 10.126.0.6/24
|
||||||
|
- fe80::1/10
|
||||||
|
pub0:
|
||||||
|
- 2a09:6840:215::1/64
|
||||||
|
- 45.66.111.204/27
|
||||||
|
- fe80::1/10
|
||||||
|
|
||||||
|
#keepalived__virtual_routes:
|
||||||
|
# ext0:
|
||||||
|
# - 45.66.111.204/30
|
||||||
|
|
||||||
|
keepalived__virtual_blackholes:
|
||||||
|
- 45.66.111.200/30 # NAT
|
||||||
|
|
||||||
|
keepalived__main: "{{ inventory_hostname_short == 'infra-1' }}"
|
||||||
|
...
|
53
group_vars/isp/bird.yml
Normal file
53
group_vars/isp/bird.yml
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
bird__kernel:
|
||||||
|
kernel:
|
||||||
|
learn: true
|
||||||
|
import: accept
|
||||||
|
export: accept
|
||||||
|
|
||||||
|
bird__ospf:
|
||||||
|
limits:
|
||||||
|
import: 4000
|
||||||
|
export: 4000
|
||||||
|
import: accept
|
||||||
|
export:
|
||||||
|
protos: kernel
|
||||||
|
areas:
|
||||||
|
0:
|
||||||
|
broadcast:
|
||||||
|
- back0
|
||||||
|
stub:
|
||||||
|
- client0
|
||||||
|
- client1
|
||||||
|
- client2
|
||||||
|
- client3
|
||||||
|
- client4
|
||||||
|
|
||||||
|
bird__bgp:
|
||||||
|
edge1:
|
||||||
|
local:
|
||||||
|
address: "{{ bird__bgp_addr.back }}"
|
||||||
|
as: "{{ bird__as.aurore }}"
|
||||||
|
neighbor:
|
||||||
|
address:
|
||||||
|
- 2a09:6840:203::1:1
|
||||||
|
- 10.203.1.1
|
||||||
|
as: "{{ bird__as.aurore }}"
|
||||||
|
import:
|
||||||
|
- pref_src: "{{ bird__pref_src_addr }}"
|
||||||
|
- accept
|
||||||
|
export: reject
|
||||||
|
|
||||||
|
bird__radv:
|
||||||
|
rdnss:
|
||||||
|
- 2a09:6840:206::1:1
|
||||||
|
- 2a09:6840:206::1:2
|
||||||
|
interfaces:
|
||||||
|
client0:
|
||||||
|
max_interval: 5
|
||||||
|
prefixes:
|
||||||
|
- 2a09:6841::/64
|
||||||
|
dnssl: client0.isp.auro.re
|
||||||
|
domain_search:
|
||||||
|
- auro.re
|
||||||
|
...
|
40
group_vars/isp/firewall.yml
Normal file
40
group_vars/isp/firewall.yml
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
---
|
||||||
|
firewall__zones:
|
||||||
|
internet:
|
||||||
|
negate: true
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840::/32
|
||||||
|
- 2a09:6841::/32
|
||||||
|
- 2a09:6842::/32
|
||||||
|
- 45.66.108.0/22
|
||||||
|
- 10.0.0.0/8
|
||||||
|
- 100.64.0.0/10
|
||||||
|
clients:
|
||||||
|
addrs:
|
||||||
|
- 100.64.0.0/10
|
||||||
|
non_clients:
|
||||||
|
negate: true
|
||||||
|
zones: clients
|
||||||
|
allowed_clients:
|
||||||
|
file:
|
||||||
|
path: /var/run/firewall/allowed_clients.yml
|
||||||
|
default: []
|
||||||
|
|
||||||
|
firewall__input:
|
||||||
|
- verdict: accept
|
||||||
|
|
||||||
|
firewall__output:
|
||||||
|
- verdict: accept
|
||||||
|
|
||||||
|
firewall__forward:
|
||||||
|
- src: allowed_clients
|
||||||
|
dst: non_clients
|
||||||
|
verdict: accept
|
||||||
|
|
||||||
|
firewall__nat:
|
||||||
|
- src: clients
|
||||||
|
dst: internet
|
||||||
|
protocols: null
|
||||||
|
snat:
|
||||||
|
addr: 45.66.111.220
|
||||||
|
...
|
32
group_vars/isp/keepalived.yml
Normal file
32
group_vars/isp/keepalived.yml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
---
|
||||||
|
keepalived__virtual_router_id: 80
|
||||||
|
|
||||||
|
keepalived__interface: back0
|
||||||
|
|
||||||
|
keepalived__virtual_addresses:
|
||||||
|
client0:
|
||||||
|
- 100.64.0.1/27
|
||||||
|
- 2a09:6841::1/56
|
||||||
|
- fe80::1/10
|
||||||
|
client1:
|
||||||
|
- 100.64.0.33/27
|
||||||
|
- 2a09:6841:0:1::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
client2:
|
||||||
|
- 100.64.0.65/27
|
||||||
|
- 2a09:6841:0:2::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
client3:
|
||||||
|
- 100.64.0.97/27
|
||||||
|
- 2a09:6841:0:3::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
client4:
|
||||||
|
- 100.64.0.129/27
|
||||||
|
- 2a09:6841:0:4::1/64
|
||||||
|
- fe80::1/10
|
||||||
|
|
||||||
|
keepalived__virtual_blackholes:
|
||||||
|
- 45.66.111.220/32
|
||||||
|
|
||||||
|
keepalived__main: "{{ inventory_hostname_short == 'isp-1' }}"
|
||||||
|
...
|
71
group_vars/ns/knotd.yml
Normal file
71
group_vars/ns/knotd.yml
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
---
|
||||||
|
knotd__listen:
|
||||||
|
- address: 0.0.0.0
|
||||||
|
- address: "::"
|
||||||
|
|
||||||
|
knotd__keys:
|
||||||
|
xfr:
|
||||||
|
algorithm: hmac-sha512
|
||||||
|
secret: "{{ vault_knotd_xfr_key }}"
|
||||||
|
|
||||||
|
knotd__remotes:
|
||||||
|
xfr-master:
|
||||||
|
address: 2a09:6840:206::1:7
|
||||||
|
key: xfr
|
||||||
|
|
||||||
|
knotd__acl:
|
||||||
|
notify-master:
|
||||||
|
address:
|
||||||
|
- 2a09:6840:206::1:7
|
||||||
|
- 10.206.1.7
|
||||||
|
key: xfr
|
||||||
|
action: notify
|
||||||
|
|
||||||
|
knotd__queryacl:
|
||||||
|
local:
|
||||||
|
addresses:
|
||||||
|
- 10.0.0.0/8
|
||||||
|
|
||||||
|
knotd__zones:
|
||||||
|
auro.re:
|
||||||
|
dnssec_validation: true
|
||||||
|
acl:
|
||||||
|
- notify-master
|
||||||
|
master: xfr-master
|
||||||
|
test.auro.re:
|
||||||
|
dnssec_validation: true
|
||||||
|
acl:
|
||||||
|
- notify-master
|
||||||
|
master: xfr-master
|
||||||
|
infra.auro.re:
|
||||||
|
dnssec_validation: true
|
||||||
|
acl:
|
||||||
|
- notify-master
|
||||||
|
#queryacl: local
|
||||||
|
master: xfr-master
|
||||||
|
108.66.45.in-addr.arpa:
|
||||||
|
dnssec_validation: false
|
||||||
|
acl:
|
||||||
|
- notify-master
|
||||||
|
master: xfr-master
|
||||||
|
109.66.45.in-addr.arpa:
|
||||||
|
dnssec_validation: false
|
||||||
|
acl:
|
||||||
|
- notify-master
|
||||||
|
master: xfr-master
|
||||||
|
110.66.45.in-addr.arpa:
|
||||||
|
dnssec_validation: false
|
||||||
|
acl:
|
||||||
|
- notify-master
|
||||||
|
master: xfr-master
|
||||||
|
111.66.45.in-addr.arpa:
|
||||||
|
dnssec_validation: false
|
||||||
|
acl:
|
||||||
|
- notify-master
|
||||||
|
master: xfr-master
|
||||||
|
0.4.8.6.9.0.a.2.ip6.arpa:
|
||||||
|
dnssec_validation: false
|
||||||
|
acl:
|
||||||
|
- notify-master
|
||||||
|
master: xfr-master
|
||||||
|
...
|
13
group_vars/ntp/chronyd.yml
Normal file
13
group_vars/ntp/chronyd.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
chronyd__allow_networks:
|
||||||
|
- 2a09:6840::/32
|
||||||
|
- 10.0.0.0/8
|
||||||
|
|
||||||
|
chronyd__pools:
|
||||||
|
- 0.pool.ntp.org
|
||||||
|
- 1.pool.ntp.org
|
||||||
|
- 2.pool.ntp.org
|
||||||
|
- 3.pool.ntp.org
|
||||||
|
|
||||||
|
chronyd__local_stratum: 10
|
||||||
|
...
|
144
group_vars/prom/prometheus/bird.yml
Normal file
144
group_vars/prom/prometheus/bird.yml
Normal file
|
@ -0,0 +1,144 @@
|
||||||
|
---
|
||||||
|
prometheus__scraping_bird:
|
||||||
|
targets: "{{ groups.router }}"
|
||||||
|
address:
|
||||||
|
port: 9324
|
||||||
|
|
||||||
|
prometheus__rules_bird:
|
||||||
|
- record: bird:protocol_up:bgp_all
|
||||||
|
expr:
|
||||||
|
label_replace(
|
||||||
|
bird_protocol_up{proto="BGP"},
|
||||||
|
"group", "$1",
|
||||||
|
"instance", "^([^0-9\\.]+)-[0-9]+.*"
|
||||||
|
)
|
||||||
|
# FIXME: sessions en cours d'installation, pas encore monitorées
|
||||||
|
- record: bird:protocol_up:bgp
|
||||||
|
expr:
|
||||||
|
bird:protocol_up:bgp_all
|
||||||
|
unless bird:protocol_up:bgp_all{
|
||||||
|
group="edge",
|
||||||
|
name=~"^(viarezo|isp[12]|rezel)[46]$"
|
||||||
|
}
|
||||||
|
# Sessions qui ne sont volontairement pas redondées
|
||||||
|
# au sein d'un groupe
|
||||||
|
- record: bird:protocol_up:bgp:non_redundant
|
||||||
|
expr:
|
||||||
|
bird:protocol_up:bgp{
|
||||||
|
group="edge",
|
||||||
|
name=~"^(oti|crans|legacy|edge)[46]$"
|
||||||
|
}
|
||||||
|
# Sessions qui le sont
|
||||||
|
- record: bird:protocol_up:bgp:redundant
|
||||||
|
expr:
|
||||||
|
bird:protocol_up:bgp
|
||||||
|
unless
|
||||||
|
bird:protocol_up:bgp:non_redundant
|
||||||
|
- alert: BirdBGPRedundancyDegraded
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
count by (group, name) (
|
||||||
|
bird:protocol_up:bgp:redundant{state="Established"}
|
||||||
|
) + (
|
||||||
|
count by (group, name) (
|
||||||
|
bird:protocol_up:bgp:redundant{state!="Established"} * 0
|
||||||
|
)
|
||||||
|
)
|
||||||
|
) < 2
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Session: !unsafe "{{ $labels.name }}"
|
||||||
|
Count: !unsafe "{{ $value }}"
|
||||||
|
Group: !unsafe "{{ $labels.group }}"
|
||||||
|
- alert: BirdBGPDown
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
count by (group, name) (
|
||||||
|
bird:protocol_up:bgp{state="Established"}
|
||||||
|
) + (
|
||||||
|
count by (group, name) (
|
||||||
|
bird:protocol_up:bgp{state!="Established"} * 0
|
||||||
|
)
|
||||||
|
)
|
||||||
|
) == 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Session: !unsafe "{{ $labels.name }}"
|
||||||
|
Group: !unsafe "{{ $labels.group }}"
|
||||||
|
# TODO: warning pour redondant ?
|
||||||
|
- alert: BirdBGPNoExportedPrefixRedundant
|
||||||
|
expr:
|
||||||
|
bird_protocol_prefix_export_count{
|
||||||
|
export_filter!="REJECT",
|
||||||
|
} * on (instance, name) group_left (group) (
|
||||||
|
bird:protocol_up:bgp:redundant{state="Established"}
|
||||||
|
) == 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Session: !unsafe "{{ $labels.name }}"
|
||||||
|
Group: !unsafe "{{ $labels.group }}"
|
||||||
|
- alert: BirdBGPNoImportedPrefixRedundant
|
||||||
|
expr:
|
||||||
|
bird_protocol_prefix_import_count{
|
||||||
|
import_filter!="REJECT",
|
||||||
|
} * on (instance, name) group_left (group) (
|
||||||
|
bird:protocol_up:bgp:redundant{state="Established"}
|
||||||
|
) == 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Session: !unsafe "{{ $labels.name }}"
|
||||||
|
Group: !unsafe "{{ $labels.group }}"
|
||||||
|
- alert: BirdBGPNoExportedPrefixNonRedundant
|
||||||
|
expr:
|
||||||
|
sum by (group) (
|
||||||
|
bird_protocol_prefix_export_count{
|
||||||
|
export_filter!="REJECT",
|
||||||
|
} * on (instance, name) group_left (group) (
|
||||||
|
bird:protocol_up:bgp:non_redundant{state="Established"}
|
||||||
|
)
|
||||||
|
) == 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Session: !unsafe "{{ $labels.name }}"
|
||||||
|
Group: !unsafe "{{ $labels.group }}"
|
||||||
|
- alert: BirdBGPNoImportedPrefixNonRedundant
|
||||||
|
expr:
|
||||||
|
sum by (group) (
|
||||||
|
bird_protocol_prefix_import_count{
|
||||||
|
import_filter!="REJECT",
|
||||||
|
} * on (instance, name) group_left (group) (
|
||||||
|
bird:protocol_up:bgp:non_redundant{state="Established"}
|
||||||
|
)
|
||||||
|
) == 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Session: !unsafe "{{ $labels.name }}"
|
||||||
|
Group: !unsafe "{{ $labels.group }}"
|
||||||
|
- alert: BirdOSPFNeighboursChange
|
||||||
|
expr:
|
||||||
|
changes(bird_ospf_neighbor_count[5m]) > 0
|
||||||
|
or changes(bird_ospfv3_neighbor_count[5m]) > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- alert: BirdOSPFDown
|
||||||
|
expr:
|
||||||
|
bird_ospf_running == 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Instance: !unsafe "{{ $labels.name }}"
|
||||||
|
...
|
11
group_vars/prom/prometheus/common.yml
Normal file
11
group_vars/prom/prometheus/common.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
prometheus__rules_common:
|
||||||
|
- alert: CollectorDown
|
||||||
|
expr:
|
||||||
|
up == 0
|
||||||
|
for: 3m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Job: !unsafe "{{ $labels.job }}"
|
||||||
|
...
|
11
group_vars/prom/prometheus/eaton.yml
Normal file
11
group_vars/prom/prometheus/eaton.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
prometheus__scraping_eaton:
|
||||||
|
targets: "{{ groups.eaton_ups }}"
|
||||||
|
address: 127.0.0.1:9116
|
||||||
|
path: /snmp
|
||||||
|
params:
|
||||||
|
module:
|
||||||
|
- eaton
|
||||||
|
|
||||||
|
prometheus__rules_eaton: {}
|
||||||
|
...
|
23
group_vars/prom/prometheus/keepalived.yml
Normal file
23
group_vars/prom/prometheus/keepalived.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
prometheus__rules_keepalived:
|
||||||
|
- alert: KeepalivedVrrpFault
|
||||||
|
expr:
|
||||||
|
keepalived_vrrp_state{state="fault"} > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Instance: !unsafe "{{ $labels.instance }}"
|
||||||
|
- alert: KeepalivedMasterChange
|
||||||
|
expr:
|
||||||
|
changes(
|
||||||
|
keepalived_vrrp_state{
|
||||||
|
keepalived_vvrp_state="master"
|
||||||
|
}[1m]
|
||||||
|
) > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Instance: !unsafe "{{ $labels.instance }}"
|
||||||
|
...
|
6
group_vars/prom/prometheus/kresd.yml
Normal file
6
group_vars/prom/prometheus/kresd.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
prometheus__scraping_kresd:
|
||||||
|
targets: "{{ groups.dns }}"
|
||||||
|
address:
|
||||||
|
port: 8453
|
||||||
|
...
|
25
group_vars/prom/prometheus/main.yml
Normal file
25
group_vars/prom/prometheus/main.yml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
---
|
||||||
|
prometheus__alertmanager_targets:
|
||||||
|
- docker-ovh.adm.auro.re:9093
|
||||||
|
|
||||||
|
prometheus__tsdb_retention_time: 90d
|
||||||
|
|
||||||
|
prometheus__scraping:
|
||||||
|
node: "{{ prometheus__scraping_node }}"
|
||||||
|
prometheus: "{{ prometheus__scraping_prometheus }}"
|
||||||
|
kresd: "{{ prometheus__scraping_kresd }}"
|
||||||
|
bird: "{{ prometheus__scraping_bird }}"
|
||||||
|
quanta: "{{ prometheus__scraping_quanta }}"
|
||||||
|
snmp: "{{ prometheus__scraping_snmp }}"
|
||||||
|
eaton: "{{ prometheus__scraping_eaton }}"
|
||||||
|
|
||||||
|
prometheus__rules:
|
||||||
|
common: "{{ prometheus__rules_common }}"
|
||||||
|
switch: "{{ prometheus__rules_switch }}"
|
||||||
|
prometheus: "{{ prometheus__rules_prometheus }}"
|
||||||
|
node: "{{ prometheus__rules_node }}"
|
||||||
|
keepalived: "{{ prometheus__rules_keepalived }}"
|
||||||
|
quanta: "{{ prometheus__rules_quanta }}"
|
||||||
|
bird: "{{ prometheus__rules_bird }}"
|
||||||
|
#eaton: "{{ prometheus__rules_eaton }}"
|
||||||
|
...
|
200
group_vars/prom/prometheus/node.yml
Normal file
200
group_vars/prom/prometheus/node.yml
Normal file
|
@ -0,0 +1,200 @@
|
||||||
|
---
|
||||||
|
prometheus__scraping_node:
|
||||||
|
targets: "{{ groups.vm + groups.pve }}"
|
||||||
|
address:
|
||||||
|
port: 9100
|
||||||
|
|
||||||
|
prometheus__rules_node:
|
||||||
|
- alert: OutOfMemory
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
node_memory_MemFree_bytes
|
||||||
|
+ node_memory_Cached_bytes
|
||||||
|
+ node_memory_Buffers_bytes
|
||||||
|
) / node_memory_MemTotal_bytes < 0.1
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
FreeMemory: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
- alert: HostSwapIsFillingUp
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
1 - (
|
||||||
|
node_memory_SwapFree_bytes
|
||||||
|
/ node_memory_SwapTotal_bytes
|
||||||
|
)
|
||||||
|
) >= 0.5
|
||||||
|
for: 3m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
UsedSwap: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
- alert: HostPhysicalComponentTooHot
|
||||||
|
expr:
|
||||||
|
node_hwmon_temp_celsius > 79
|
||||||
|
for: 3m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Temperature: !unsafe "{{ $value | humanize }} °C"
|
||||||
|
Chip: !unsafe "{{ $labels.chip }}"
|
||||||
|
Sensor: !unsafe "{{ $labels.sensor }}"
|
||||||
|
- alert: HostNodeOvertemperatureAlarm
|
||||||
|
expr:
|
||||||
|
node_hwmon_temp_crit_alarm_celsius == 1
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Chip: !unsafe "{{ $labels.chip }}"
|
||||||
|
Sensor: !unsafe "{{ $labels.sensor }}"
|
||||||
|
- alert: HostRaidArrayGotInactive
|
||||||
|
expr:
|
||||||
|
node_md_state{state="inactive"} > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Device: !unsafe "{{ $labels.device }}"
|
||||||
|
- alert: HostRaidDiskFailure
|
||||||
|
expr:
|
||||||
|
node_md_disks{state="failed"} > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
severity: !unsafe "{{ $labels.md_device }}"
|
||||||
|
- alert: HostOomKillDetected
|
||||||
|
expr:
|
||||||
|
increase(node_vmstat_oom_kill[1m]) > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
PID: !unsafe "{{ $value }}"
|
||||||
|
- alert: HostEdacCorrectableErrorsDetected
|
||||||
|
expr:
|
||||||
|
increase(node_edac_correctable_errors_total[1m]) > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
CorrectedErrors: !unsafe "{{ $value }}"
|
||||||
|
- alert: HostEdacUncorrectableErrorsDetected
|
||||||
|
expr:
|
||||||
|
increase(node_edac_uncorrectable_errors_total[1m]) > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
DetectedErrors: !unsafe "{{ $value }}"
|
||||||
|
- alert: OutOfDiskSpace
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
node_filesystem_free_bytes
|
||||||
|
/ node_filesystem_size_bytes < 0.1
|
||||||
|
)
|
||||||
|
and on (instance, device, mountpoint) (
|
||||||
|
node_filesystem_readonly
|
||||||
|
) == 0
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Mountpoint: !unsafe "{{ $labels.mountpoint }}"
|
||||||
|
FreeSpace: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
- alert: HostConntrackLimit
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
node_nf_conntrack_entries
|
||||||
|
/ node_nf_conntrack_entries_limit
|
||||||
|
) > 0.8
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Filled: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
- alert: HostClockSkew
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
node_timex_offset_seconds > 0.05
|
||||||
|
and deriv(node_timex_offset_seconds[5m]) >= 0
|
||||||
|
) or (
|
||||||
|
node_timex_offset_seconds < -0.05
|
||||||
|
and deriv(node_timex_offset_seconds[5m]) <= 0
|
||||||
|
)
|
||||||
|
for: 2m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- alert: HostClockNotSynchronising
|
||||||
|
expr:
|
||||||
|
min_over_time(node_timex_sync_status[1m]) == 0
|
||||||
|
and node_timex_maxerror_seconds >= 16
|
||||||
|
for: 2m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- alert: HostRequiresReboot
|
||||||
|
expr:
|
||||||
|
node_reboot_required > 0
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- alert: OutOfInodes
|
||||||
|
expr:
|
||||||
|
node_filesystem_files_free
|
||||||
|
/ node_filesystem_files < 0.1
|
||||||
|
for: 3m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Mountpoint: !unsafe "{{ $labels.mountpoint }}"
|
||||||
|
FreeInodes: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
- alert: CpuUsage
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
1 - avg by (instance) (
|
||||||
|
irate(node_cpu_seconds_total{mode="idle"}[5m])
|
||||||
|
)
|
||||||
|
) > 0.75
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Usage: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
- alert: SystemdServiceFailed
|
||||||
|
expr:
|
||||||
|
node_systemd_unit_state{state="failed"} == 1
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Service: !unsafe "{{ $labels.name }}"
|
||||||
|
- alert: LoadUsage
|
||||||
|
expr:
|
||||||
|
node_load1 > 5
|
||||||
|
for: 2m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Load1: !unsafe "{{ $value | humanize }}"
|
||||||
|
- alert: UnhealthyDisk
|
||||||
|
expr:
|
||||||
|
smartmon_device_smart_healthy < 1
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Disk: !unsafe "{{ $labels.disk }}"
|
||||||
|
- alert: HostCpuStealNoisyNeighbor
|
||||||
|
expr:
|
||||||
|
avg by (instance) (
|
||||||
|
rate(node_cpu_seconds_total{mode="steal"}[5m])
|
||||||
|
) > 0.1
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Disk: !unsafe "{{ $labels.disk }}"
|
||||||
|
Steal: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
...
|
14
group_vars/prom/prometheus/prometheus.yml
Normal file
14
group_vars/prom/prometheus/prometheus.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
prometheus__scraping_prometheus:
|
||||||
|
targets: "{{ groups.prom }}"
|
||||||
|
address:
|
||||||
|
port: 9090
|
||||||
|
|
||||||
|
prometheus__rules_prometheus:
|
||||||
|
- alert: PrometheusTsdbCompactionFailed
|
||||||
|
expr:
|
||||||
|
increase(prometheus_tsdb_compactions_failed_total[1m]) > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
...
|
97
group_vars/prom/prometheus/quanta.yml
Normal file
97
group_vars/prom/prometheus/quanta.yml
Normal file
|
@ -0,0 +1,97 @@
|
||||||
|
---
|
||||||
|
prometheus__scraping_quanta:
|
||||||
|
targets: "{{ groups.quanta }}"
|
||||||
|
address: 127.0.0.1:9116
|
||||||
|
path: /snmp
|
||||||
|
timeout: 60s
|
||||||
|
params:
|
||||||
|
module:
|
||||||
|
- quanta
|
||||||
|
|
||||||
|
prometheus__rules_quanta:
|
||||||
|
- alert: QuantaQueueOverflow
|
||||||
|
expr:
|
||||||
|
snAgGblQueueOverflow == 1
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
- alert: QuantaCpuUsage
|
||||||
|
expr:
|
||||||
|
snAgGblCpuUtil1MinAvg > 50
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Usage: !unsafe "{{ $value }} %"
|
||||||
|
- alert: QuantaCpuUsage
|
||||||
|
expr:
|
||||||
|
snAgGblCpuUtil1MinAvg > 80
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Usage: !unsafe "{{ $value }} %"
|
||||||
|
- alert: QuantaMemoryUsage
|
||||||
|
expr:
|
||||||
|
100 * (1 - (snAgGblDynMemFree / snAgGblDynMemTotal)) > 50
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
UsedMemory: !unsafe "{{ $value }} %"
|
||||||
|
- alert: QuantaMemoryUsage
|
||||||
|
expr:
|
||||||
|
100 * (1 - (snAgGblDynMemFree / snAgGblDynMemTotal)) > 80
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: alert
|
||||||
|
annotations:
|
||||||
|
UsedMemory: !unsafe "{{ $value }} %"
|
||||||
|
- alert: QuantaFanHealth
|
||||||
|
expr:
|
||||||
|
snChasFanOperStatus{snChasFanOperStatus="normal"} == 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Description: !unsafe "{{ $labels.shChasFanDescription }}"
|
||||||
|
Status: !unsafe "{{ $labels.snChasFanOperStatus }}"
|
||||||
|
- alert: QuantaMissingIntakeTemp
|
||||||
|
expr:
|
||||||
|
count by (instance) (
|
||||||
|
snAgentTempValue
|
||||||
|
) - count by (instance) (
|
||||||
|
snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"}
|
||||||
|
) == 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
- alert: QuantaIntakeTemp
|
||||||
|
expr:
|
||||||
|
0.5 * snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"} > 60
|
||||||
|
for: 10m
|
||||||
|
keep_firing_for: 30m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Temperature: !unsafe "{{ $value }} °C"
|
||||||
|
Description: !unsafe "{{ $labels.snAgentTempSensorDescr }}"
|
||||||
|
- alert: QuantaIntakeTemp
|
||||||
|
expr:
|
||||||
|
0.5 * snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"} > 70
|
||||||
|
for: 10m
|
||||||
|
keep_firing_for: 30m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Temperature: !unsafe "{{ $value }} °C"
|
||||||
|
Description: !unsafe "{{ $labels.snAgentTempSensorDescr }}"
|
||||||
|
- alert: QuantaPowerRedundancyFailure
|
||||||
|
expr:
|
||||||
|
count by (instance) (
|
||||||
|
snChasPwrSupplyOperStatus{snChasPwrSupplyOperStatus="normal"}
|
||||||
|
) < 2
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
...
|
6
group_vars/prom/prometheus/snmp.yml
Normal file
6
group_vars/prom/prometheus/snmp.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
prometheus__scraping_snmp:
|
||||||
|
targets: "{{ groups.prom }}"
|
||||||
|
address:
|
||||||
|
port: 9116
|
||||||
|
...
|
91
group_vars/prom/prometheus/switch.yml
Normal file
91
group_vars/prom/prometheus/switch.yml
Normal file
|
@ -0,0 +1,91 @@
|
||||||
|
---
|
||||||
|
prometheus__rules_switch:
|
||||||
|
- alert: SwitchPromiscuousChange
|
||||||
|
expr:
|
||||||
|
changes(ifPromiscuousMode[5m]) > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Interface: !unsafe "{{ $labels.ifName }}
|
||||||
|
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||||
|
- alert: SwitchInterfaceUpChange
|
||||||
|
expr:
|
||||||
|
changes(ifOperStatus{ifOperStatus="up"}[5m]) > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Interface: !unsafe "{{ $labels.ifName }}
|
||||||
|
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||||
|
- alert: SwitchInErrors
|
||||||
|
expr:
|
||||||
|
irate(ifInErrors[5m]) / (
|
||||||
|
irate(ifInUcastPkts[5m])
|
||||||
|
+ irate(ifInNUcastPkts[5m])
|
||||||
|
) > 0.0001
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
ErrorRate: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
Interface: !unsafe "{{ $labels.ifName }}
|
||||||
|
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||||
|
- alert: SwitchOutErrors
|
||||||
|
expr:
|
||||||
|
irate(ifOutErrors[5m]) / (
|
||||||
|
irate(ifOutUcastPkts[5m])
|
||||||
|
+ irate(ifOutNUcastPkts[5m])
|
||||||
|
) > 0.0001
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
ErrorRate: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
Interface: !unsafe "{{ $labels.ifName }}
|
||||||
|
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||||
|
- alert: SwitchInLinkUsage
|
||||||
|
expr:
|
||||||
|
rate(ifHCInOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.5
|
||||||
|
for: 5m
|
||||||
|
keep_firing_for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Usage: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
Interface: !unsafe "{{ $labels.ifName }}
|
||||||
|
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||||
|
- alert: SwitchInLinkUsage
|
||||||
|
expr:
|
||||||
|
rate(ifHCInOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.8
|
||||||
|
for: 5m
|
||||||
|
keep_firing_for: 10m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
Usage: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
Interface: !unsafe "{{ $labels.ifName }}
|
||||||
|
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||||
|
- alert: SwitchOutLinkUsage
|
||||||
|
expr:
|
||||||
|
rate(ifHCOutOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.5
|
||||||
|
for: 5m
|
||||||
|
keep_firing_for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Usage: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
Interface: !unsafe "{{ $labels.ifName }}
|
||||||
|
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||||
|
- alert: SwitchOutLinkUsage
|
||||||
|
expr:
|
||||||
|
rate(ifHCOutOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.8
|
||||||
|
for: 5m
|
||||||
|
keep_firing_for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
Usage: !unsafe "{{ $value | humanizePercentage }}"
|
||||||
|
Interface: !unsafe "{{ $labels.ifName }}
|
||||||
|
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||||
|
...
|
42
group_vars/prom/prometheus_snmp/eaton.yml
Normal file
42
group_vars/prom/prometheus_snmp/eaton.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
prometheus_snmp__modules_eaton:
|
||||||
|
version: 1
|
||||||
|
auth:
|
||||||
|
community: "{{ vault_snmp_eaton_community }}"
|
||||||
|
walk:
|
||||||
|
- sysUpTime
|
||||||
|
#- upsBattery
|
||||||
|
#- xupsBattery
|
||||||
|
#- xupsInput
|
||||||
|
- xupsInput
|
||||||
|
- xupsOutput
|
||||||
|
- xupsBypass
|
||||||
|
- xupsEnvironment
|
||||||
|
- xupsBattery
|
||||||
|
- xupsConfig
|
||||||
|
lookups:
|
||||||
|
- source_indexes:
|
||||||
|
- xupsInputPhase
|
||||||
|
lookup: xupsInputName
|
||||||
|
- source_indexes:
|
||||||
|
- xupsOutputPhase
|
||||||
|
lookup: xupsOutputName
|
||||||
|
- source_indexes:
|
||||||
|
- xupsBypassPhase
|
||||||
|
lookup: xupsBypassName
|
||||||
|
overrides:
|
||||||
|
#upsBatteryStatus:
|
||||||
|
# type: EnumAsStateSet
|
||||||
|
xupsInputId:
|
||||||
|
type: EnumAsStateSet
|
||||||
|
xupsOutputId:
|
||||||
|
type: EnumAsStateSet
|
||||||
|
xupsBypassId:
|
||||||
|
type: EnumAsStateSet
|
||||||
|
xupsOutputSource:
|
||||||
|
type: EnumAsStateSet
|
||||||
|
xupsBatteryAbmStatus:
|
||||||
|
type: EnumAsStateSet
|
||||||
|
xupsContactType:
|
||||||
|
type: EnumAsStateSet
|
||||||
|
...
|
5
group_vars/prom/prometheus_snmp/main.yml
Normal file
5
group_vars/prom/prometheus_snmp/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
prometheus_snmp__modules:
|
||||||
|
quanta: "{{ prometheus_snmp__modules_quanta }}"
|
||||||
|
eaton: "{{ prometheus_snmp__modules_eaton }}"
|
||||||
|
...
|
125
group_vars/prom/prometheus_snmp/quanta.yml
Normal file
125
group_vars/prom/prometheus_snmp/quanta.yml
Normal file
|
@ -0,0 +1,125 @@
|
||||||
|
---
|
||||||
|
prometheus_snmp__modules_quanta:
|
||||||
|
auth:
|
||||||
|
community: "{{ vault_snmp_quanta_community }}"
|
||||||
|
timeout: 60s
|
||||||
|
retries: 3
|
||||||
|
walk:
|
||||||
|
- interfaces
|
||||||
|
- ifXTable
|
||||||
|
- snAgGblQueueOverflow
|
||||||
|
- snAgGblDynMemTotal
|
||||||
|
- snAgGblDynMemFree
|
||||||
|
- snAgGblCpuUtil1SecAvg
|
||||||
|
- snAgGblCpuUtil5SecAvg
|
||||||
|
- snAgGblCpuUtil1MinAvg
|
||||||
|
- sysUpTime
|
||||||
|
- snAgentCpuUtilPercent
|
||||||
|
- snAgent
|
||||||
|
- snChasFan
|
||||||
|
- snChasPwr
|
||||||
|
- snAgentTemp
|
||||||
|
- snAgentCpu
|
||||||
|
- snSwInfo
|
||||||
|
- snSwIfInfoTable
|
||||||
|
- dot3StatsTable
|
||||||
|
- dot3HCStatsTable
|
||||||
|
- dot3Errors
|
||||||
|
- dot3Tests
|
||||||
|
- dot3CollTable
|
||||||
|
- lldpLocChassisId
|
||||||
|
- lldpRemTable
|
||||||
|
- lldpLocPortTable
|
||||||
|
- dot1dBasePort
|
||||||
|
lookups:
|
||||||
|
- source_indexes:
|
||||||
|
- ifIndex
|
||||||
|
lookup: ifAlias
|
||||||
|
- source_indexes:
|
||||||
|
- ifIndex
|
||||||
|
lookup: ifDescr
|
||||||
|
- source_indexes:
|
||||||
|
- ifIndex
|
||||||
|
lookup: ifName
|
||||||
|
- source_indexes:
|
||||||
|
- snChasFanIndex
|
||||||
|
lookup: snChasFanDescription
|
||||||
|
- source_indexes:
|
||||||
|
- snAgentTempSlotNum
|
||||||
|
- snAgentTempSensorId
|
||||||
|
lookup: snAgentTempSensorDescr
|
||||||
|
- source_indexes:
|
||||||
|
- snSwIfInfoPortNum
|
||||||
|
lookup: snSwIfName
|
||||||
|
- source_indexes:
|
||||||
|
- snSwIfInfoPortNum
|
||||||
|
lookup: snSwIfDescr
|
||||||
|
- source_indexes:
|
||||||
|
- dot3StatsIndex
|
||||||
|
lookup: ifAlias
|
||||||
|
- source_indexes:
|
||||||
|
- dot3StatsIndex
|
||||||
|
lookup: ifDescr
|
||||||
|
- source_indexes:
|
||||||
|
- dot3StatsIndex
|
||||||
|
lookup: ifName
|
||||||
|
- source_indexes:
|
||||||
|
- lldpRemTimeMark
|
||||||
|
- lldpRemLocalPortNum
|
||||||
|
- lldpRemIndex
|
||||||
|
lookup: lldpRemChassisId
|
||||||
|
#- source_indexes:
|
||||||
|
# - lldpLocPortNum
|
||||||
|
# lookup: lldpLocPortIdSubtype
|
||||||
|
overrides:
|
||||||
|
ifIndex:
|
||||||
|
ignore: true
|
||||||
|
ifAlias:
|
||||||
|
ignore: true
|
||||||
|
ifDescr:
|
||||||
|
ignore: true
|
||||||
|
ifName:
|
||||||
|
ignore: true
|
||||||
|
ifOperStatus:
|
||||||
|
type: EnumAsStateSet
|
||||||
|
ifAdminStatus:
|
||||||
|
type: EnumAsStateSet
|
||||||
|
snChasFanIndex:
|
||||||
|
ignore: true
|
||||||
|
snChasFanDescription:
|
||||||
|
ignore: true
|
||||||
|
snChasPwrSupplyIndex:
|
||||||
|
ignore: true
|
||||||
|
snAgentTempSensorDescr:
|
||||||
|
ignore: true
|
||||||
|
snChasFanOperStatus:
|
||||||
|
type: EnumAsStateSet
|
||||||
|
snChasPwrSupplyOperStatus:
|
||||||
|
type: EnumAsStateSet
|
||||||
|
snSwIfName:
|
||||||
|
ignore: true
|
||||||
|
snSwIfDescr:
|
||||||
|
ignore: true
|
||||||
|
snSwIfVlanId:
|
||||||
|
ignore: true
|
||||||
|
snSwIfInfoPortNum:
|
||||||
|
ignore: true
|
||||||
|
snSwIfInfoMonitorMode:
|
||||||
|
type: EnumAsStateSet
|
||||||
|
snSwIfInfoMirrorPorts:
|
||||||
|
ignore: true
|
||||||
|
snSwIfInfoMediaType:
|
||||||
|
type: EnumAsInfo
|
||||||
|
ifType:
|
||||||
|
type: EnumAsInfo
|
||||||
|
dot3StatsIndex:
|
||||||
|
ignore: true
|
||||||
|
dot3StatsEtherChipSet:
|
||||||
|
ignore: true
|
||||||
|
dot3StatsDuplexStatus:
|
||||||
|
type: EnumAsStateSet
|
||||||
|
lldpLocPortIdSubtype:
|
||||||
|
type: EnumAsInfo
|
||||||
|
lldpRemPortIdSubtype:
|
||||||
|
type: EnumAsInfo
|
||||||
|
...
|
35
group_vars/pve/pve_auth.yml
Normal file
35
group_vars/pve/pve_auth.yml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
pve_auth__groups:
|
||||||
|
admin:
|
||||||
|
- Administrator
|
||||||
|
|
||||||
|
pve_auth__pam_users:
|
||||||
|
root:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
pve_auth__users:
|
||||||
|
elkmaennchen:
|
||||||
|
password: "{{ vault_pve_passwords.elkmaennchen }}"
|
||||||
|
groups:
|
||||||
|
- admin
|
||||||
|
jeltz:
|
||||||
|
password: "{{ vault_pve_passwords.jeltz }}"
|
||||||
|
groups:
|
||||||
|
- admin
|
||||||
|
otthorn:
|
||||||
|
password: "{{ vault_pve_passwords.otthorn }}"
|
||||||
|
groups:
|
||||||
|
- admin
|
||||||
|
v-lafeychine:
|
||||||
|
password: "{{ vault_pve_passwords['v-lafeychine'] }}"
|
||||||
|
groups:
|
||||||
|
- admin
|
||||||
|
pz2891:
|
||||||
|
password: "{{ vault_pve_passwords.pz2891 }}"
|
||||||
|
groups:
|
||||||
|
- admin
|
||||||
|
loutr:
|
||||||
|
password: "{{ vault_pve_passwords.loutr }}"
|
||||||
|
groups:
|
||||||
|
- admin
|
||||||
|
...
|
17
group_vars/radius/freeradius.yml
Normal file
17
group_vars/radius/freeradius.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
radiusd__guest_vlan: 1000
|
||||||
|
|
||||||
|
radiusd__clients:
|
||||||
|
localhost:
|
||||||
|
addr: 127.0.0.1
|
||||||
|
secret: abcdef
|
||||||
|
type: aurore
|
||||||
|
wifi-ap-v4:
|
||||||
|
addr: 10.102.0.0/16
|
||||||
|
secret: abcdef
|
||||||
|
type: aurore
|
||||||
|
wifi-ap-v6:
|
||||||
|
addr: 2a09:6840:102::/56
|
||||||
|
secret: abcdef
|
||||||
|
type: aurore
|
||||||
|
...
|
3
group_vars/router/prometheus.yml
Normal file
3
group_vars/router/prometheus.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
prometheus_keepalived__dest: /var/run/prometheus-node-exporter/keepalived.prom
|
||||||
|
...
|
60
group_vars/vpn/bird.yml
Normal file
60
group_vars/vpn/bird.yml
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
---
|
||||||
|
bird__tables:
|
||||||
|
- wg
|
||||||
|
|
||||||
|
bird__kernel:
|
||||||
|
kernel:
|
||||||
|
learn: true
|
||||||
|
import: accept
|
||||||
|
export: accept
|
||||||
|
vrf:
|
||||||
|
learn: true
|
||||||
|
import:
|
||||||
|
sources:
|
||||||
|
- "{{ iproute2__custom_protos.wireguard }}"
|
||||||
|
export: accept
|
||||||
|
table: wg
|
||||||
|
kernel: "{{ iproute2__custom_tables.wireguard }}"
|
||||||
|
|
||||||
|
bird__ospf:
|
||||||
|
limits:
|
||||||
|
import: 4000
|
||||||
|
export: 4000
|
||||||
|
table: wg
|
||||||
|
import: accept
|
||||||
|
export:
|
||||||
|
sources:
|
||||||
|
- "{{ iproute2__custom_protos.wireguard }}"
|
||||||
|
areas:
|
||||||
|
1:
|
||||||
|
broadcast:
|
||||||
|
- vpn0
|
||||||
|
|
||||||
|
bird__bgp:
|
||||||
|
infra1:
|
||||||
|
local:
|
||||||
|
address: "{{ bird__bgp_addr.vpn }}"
|
||||||
|
as: "{{ bird__as.aurore }}"
|
||||||
|
neighbor:
|
||||||
|
address:
|
||||||
|
- 2a09:6840:213::1:1
|
||||||
|
- 10.213.1.1
|
||||||
|
as: "{{ bird__as.aurore }}"
|
||||||
|
table: wg
|
||||||
|
import: accept
|
||||||
|
export: reject
|
||||||
|
next_hop_self: true
|
||||||
|
infra2:
|
||||||
|
local:
|
||||||
|
address: "{{ bird__bgp_addr.vpn }}"
|
||||||
|
as: "{{ bird__as.aurore }}"
|
||||||
|
neighbor:
|
||||||
|
address:
|
||||||
|
- 2a09:6840:213::1:2
|
||||||
|
- 10.213.1.2
|
||||||
|
as: "{{ bird__as.aurore }}"
|
||||||
|
table: wg
|
||||||
|
import: accept
|
||||||
|
export: reject
|
||||||
|
next_hop_self: true
|
||||||
|
...
|
16
group_vars/vpn/ifupdown2.yml
Normal file
16
group_vars/vpn/ifupdown2.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
ifupdown2__vrf:
|
||||||
|
wg-vrf:
|
||||||
|
table: "{{ iproute2__custom_tables.wireguard }}"
|
||||||
|
|
||||||
|
ifupdown2__wireguard:
|
||||||
|
wg0:
|
||||||
|
private_key: "{{ vault_wireguard_wg0_private }}"
|
||||||
|
listen_port: 5121
|
||||||
|
vrf: wg-vrf
|
||||||
|
table: "{{ iproute2__custom_tables.wireguard }}"
|
||||||
|
peer_allowed_addresses:
|
||||||
|
- 2a09:6840:212::1:1/128
|
||||||
|
- 10.212.1.1/32
|
||||||
|
peer_public_key: 0kP/XjaGOpu4p9KHTAoAhkLwXzC8wJUdPIdhdpgeKhY=
|
||||||
|
...
|
7
group_vars/vpn/iproute2.yml
Normal file
7
group_vars/vpn/iproute2.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
iproute2__custom_tables:
|
||||||
|
wireguard: 2000
|
||||||
|
|
||||||
|
iproute2__custom_protos:
|
||||||
|
wireguard: 200
|
||||||
|
...
|
22
host_vars/collabora.ext.infra.auro.re.yml
Normal file
22
host_vars/collabora.ext.infra.auro.re.yml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
pub0: ae:ae:ae:2C:60:35
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
pub0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::220/64
|
||||||
|
- 10.128.0.220/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
|
||||||
|
collabora__server_name: office.auro.re
|
||||||
|
|
||||||
|
collabora__post_allow_addrs:
|
||||||
|
- 2a09:6840:215::1:1
|
||||||
|
- 45.66.111.206
|
||||||
|
|
||||||
|
collabora__wopi_groups:
|
||||||
|
- host: https://cloud.auro.re:443
|
||||||
|
aliases:
|
||||||
|
- https://nextcloud.auro.re:443
|
||||||
|
...
|
47
host_vars/dhcp-1.isp.infra.auro.re.yml
Normal file
47
host_vars/dhcp-1.isp.infra.auro.re.yml
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
isp0: 02:00:00:c6:3f:6f
|
||||||
|
trunk0: 02:00:00:b1:8d:d6
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
isp0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:210::1:1/64
|
||||||
|
- 10.210.1.1/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.isp }}"
|
||||||
|
trunk0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
clients0:
|
||||||
|
bridge_vlan_aware: true
|
||||||
|
bridge_ports:
|
||||||
|
- trunk0
|
||||||
|
bridge_vids:
|
||||||
|
- 1000-1004
|
||||||
|
bridge_disable_pvid: true
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client0:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.2/27
|
||||||
|
vlan_id: 1000
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
client1:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.34/27
|
||||||
|
vlan_id: 1001
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
client2:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.66/27
|
||||||
|
vlan_id: 1002
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
client3:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.98/27
|
||||||
|
vlan_id: 1003
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
client4:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.130/27
|
||||||
|
vlan_id: 1004
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
...
|
47
host_vars/dhcp-2.isp.infra.auro.re.yml
Normal file
47
host_vars/dhcp-2.isp.infra.auro.re.yml
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
isp0: 04:00:00:8c:d1:36
|
||||||
|
trunk0: 04:00:00:33:2c:3c
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
isp0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:210::1:2/64
|
||||||
|
- 10.210.1.2/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.isp }}"
|
||||||
|
trunk0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
clients0:
|
||||||
|
bridge_vlan_aware: true
|
||||||
|
bridge_ports:
|
||||||
|
- trunk0
|
||||||
|
bridge_vids:
|
||||||
|
- 1000-1004
|
||||||
|
bridge_disable_pvid: true
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client0:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.3/27
|
||||||
|
vlan_id: 1000
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
client1:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.35/27
|
||||||
|
vlan_id: 1001
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
client2:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.67/27
|
||||||
|
vlan_id: 1002
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
client3:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.99/27
|
||||||
|
vlan_id: 1003
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
client4:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.131/27
|
||||||
|
vlan_id: 1004
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
...
|
11
host_vars/dns-1.int.infra.auro.re.yml
Normal file
11
host_vars/dns-1.int.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
int0: 02:00:00:9f:d9:f9
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
int0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:206::1:1/64
|
||||||
|
- 10.206.1.1/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.int }}"
|
||||||
|
...
|
11
host_vars/dns-2.int.infra.auro.re.yml
Normal file
11
host_vars/dns-2.int.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
int0: 04:00:00:3c:c0:5a
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
int0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:206::1:2/64
|
||||||
|
- 10.206.1.2/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.int }}"
|
||||||
|
...
|
39
host_vars/edge-1.back.infra.auro.re.yml
Normal file
39
host_vars/edge-1.back.infra.auro.re.yml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
adm0: 02:00:00:9E:3E:21
|
||||||
|
crans0: 02:00:00:A2:7C:68
|
||||||
|
zayo0: 02:00:00:35:89:82
|
||||||
|
rezel0: 02:00:00:8F:4A:AD
|
||||||
|
back0: 02:00:00:1C:3A:2E
|
||||||
|
viarezo0: 02:00:00:ED:70:64
|
||||||
|
router0: 02:00:00:5A:17:7C
|
||||||
|
oti0: 02:00:00:05:0E:A6
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
adm0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:2/64
|
||||||
|
- 10.128.10.2/16
|
||||||
|
crans0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
zayo0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
rezel0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6842:19:9116::1/64
|
||||||
|
- 45.66.111.1/29
|
||||||
|
back0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:203::1:1/64
|
||||||
|
- 10.203.1.1/16
|
||||||
|
viarezo0:
|
||||||
|
addresses:
|
||||||
|
- 2a0c:b641:2ff::6/125
|
||||||
|
- 192.159.121.133/29
|
||||||
|
router0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:129::10:2/56
|
||||||
|
- 10.129.10.2/16
|
||||||
|
oti0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
...
|
39
host_vars/edge-2.back.infra.auro.re.yml
Normal file
39
host_vars/edge-2.back.infra.auro.re.yml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
adm0: 04:00:00:F5:69:B9
|
||||||
|
crans0: 04:00:00:CF:E1:D0
|
||||||
|
zayo0: 04:00:00:67:7B:12
|
||||||
|
rezel0: 04:00:00:C6:05:B7
|
||||||
|
back0: 04:00:00:DE:22:E6
|
||||||
|
viarezo0: 04:00:00:45:FA:E6
|
||||||
|
router0: 04:00:00:AD:D7:71
|
||||||
|
oti0: 02:00:00:05:0E:A6
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
adm0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:102/64
|
||||||
|
- 10.128.10.102/16
|
||||||
|
crans0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
zayo0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
rezel0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6842:19:9116::3/64
|
||||||
|
- 45.66.111.3/29
|
||||||
|
back0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:203::1:2/64
|
||||||
|
- 10.203.1.2/16
|
||||||
|
viarezo0:
|
||||||
|
addresses:
|
||||||
|
- 2a0c:b641:2ff::7/125
|
||||||
|
- 192.159.121.134/29
|
||||||
|
router0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:129::10:102/56
|
||||||
|
- 10.129.10.102/16
|
||||||
|
oti0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
...
|
63
host_vars/infra-1.back.infra.auro.re.yml
Normal file
63
host_vars/infra-1.back.infra.auro.re.yml
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
ups0: 02:00:00:fe:6f:0e
|
||||||
|
back0: 02:00:00:f8:93:22
|
||||||
|
monit0: 02:00:00:da:97:7f
|
||||||
|
wifi0: 02:00:00:8c:c5:bf
|
||||||
|
int0: 02:00:00:75:40:3e
|
||||||
|
sw0: 02:00:00:ca:e8:d1
|
||||||
|
bmc0: 02:00:00:47:d1:b9
|
||||||
|
pve0: 02:00:00:b3:35:e7
|
||||||
|
isp0: 02:00:00:6b:53:14
|
||||||
|
ext0: 02:00:00:32:86:60
|
||||||
|
vpn0: 02:00:00:52:5f:85
|
||||||
|
th30: 02:00:00:23:a7:d3
|
||||||
|
pub0: 02:00:00:7d:34:06
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
back0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:203::1:3/64
|
||||||
|
- 10.203.1.3/16
|
||||||
|
- 45.66.111.210/32 # secondary
|
||||||
|
ups0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
monit0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
wifi0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
int0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
sw0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
bmc0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
pve0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
isp0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
ext0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
pub0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
vpn0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:213::1:1/64
|
||||||
|
- 10.213.1.1/16
|
||||||
|
th30:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
|
||||||
|
bird__router_id: 10.203.1.3
|
||||||
|
|
||||||
|
bird__bgp_addr:
|
||||||
|
back:
|
||||||
|
- 2a09:6840:203::1:3
|
||||||
|
- 10.203.1.3
|
||||||
|
vpn:
|
||||||
|
- 2a09:6840:213::1:1
|
||||||
|
- 10.213.1.1
|
||||||
|
|
||||||
|
bird__pref_src_addr:
|
||||||
|
- 2a09:6840:203::1:3
|
||||||
|
- 45.66.111.210
|
||||||
|
...
|
63
host_vars/infra-2.back.infra.auro.re.yml
Normal file
63
host_vars/infra-2.back.infra.auro.re.yml
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
ups0: 04:00:00:6d:97:83
|
||||||
|
back0: 04:00:00:46:ba:f9
|
||||||
|
monit0: 04:00:00:72:0b:2d
|
||||||
|
wifi0: 04:00:00:ee:42:0f
|
||||||
|
int0: 04:00:00:21:fd:d0
|
||||||
|
sw0: 04:00:00:2e:5b:16
|
||||||
|
bmc0: 04:00:00:bb:5a:a6
|
||||||
|
pve0: 04:00:00:0b:2b:82
|
||||||
|
isp0: 04:00:00:f4:4c:5d
|
||||||
|
ext0: 04:00:00:1d:0e:83
|
||||||
|
vpn0: 04:00:00:02:ba:dd
|
||||||
|
th30: 04:00:00:9e:8d:4f
|
||||||
|
pub0: 04:00:00:f8:3b:9b
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
back0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:203::1:4/64
|
||||||
|
- 10.203.1.4/16
|
||||||
|
- 45.66.111.211/32 # secondary
|
||||||
|
ups0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
monit0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
wifi0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
int0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
sw0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
bmc0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
pve0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
isp0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
ext0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
vpn0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:213::1:2/64
|
||||||
|
- 10.213.1.2/16
|
||||||
|
th30:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
pub0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
|
||||||
|
bird__router_id: 10.203.1.4
|
||||||
|
|
||||||
|
bird__bgp_addr:
|
||||||
|
back:
|
||||||
|
- 2a09:6840:203::1:4
|
||||||
|
- 10.203.1.4
|
||||||
|
vpn:
|
||||||
|
- 2a09:6840:213:1:2
|
||||||
|
- 10.213.1.2
|
||||||
|
|
||||||
|
bird__pref_src_addr:
|
||||||
|
- 2a09:6840:203::1:4
|
||||||
|
- 45.66.111.211
|
||||||
|
...
|
59
host_vars/isp-1.back.infra.auro.re.yml
Normal file
59
host_vars/isp-1.back.infra.auro.re.yml
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
adm0: 02:00:00:D8:37:45
|
||||||
|
back0: 02:00:00:BF:10:4C
|
||||||
|
trunk0: 02:00:00:E9:BA:15
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
adm0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:5/64
|
||||||
|
- 10.128.10.5/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
back0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:203::1:5/64
|
||||||
|
- 45.66.111.211/32
|
||||||
|
- 10.203.1.5/16
|
||||||
|
trunk0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
clients0:
|
||||||
|
bridge_vlan_aware: true
|
||||||
|
bridge_ports:
|
||||||
|
- trunk0
|
||||||
|
bridge_vids:
|
||||||
|
- 1000-1004
|
||||||
|
bridge_disable_pvid: true
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client0:
|
||||||
|
vlan_id: 1000
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client1:
|
||||||
|
vlan_id: 1001
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client2:
|
||||||
|
vlan_id: 1002
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client3:
|
||||||
|
vlan_id: 1003
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client4:
|
||||||
|
vlan_id: 1004
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
ipv6_addrgen: false
|
||||||
|
|
||||||
|
bird__router_id: 10.203.1.5
|
||||||
|
|
||||||
|
bird__bgp_addr:
|
||||||
|
back:
|
||||||
|
- 2a09:6840:203::1:5
|
||||||
|
- 10.203.1.5
|
||||||
|
|
||||||
|
bird__pref_src_addr:
|
||||||
|
- 2a09:6840:203::1:5
|
||||||
|
- 45.66.111.211
|
||||||
|
...
|
47
host_vars/isp-2.back.infra.auro.re.yml
Normal file
47
host_vars/isp-2.back.infra.auro.re.yml
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
adm0: 04:00:00:85:C3:5D
|
||||||
|
back0: 04:00:00:FE:2D:67
|
||||||
|
trunk0: 04:00:00:D8:F5:4D
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
adm0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:105/64
|
||||||
|
- 10.128.10.105/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||||
|
back0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:203::1:6/64
|
||||||
|
- 10.203.1.6/16
|
||||||
|
trunk0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
clients0:
|
||||||
|
bridge_vlan_aware: true
|
||||||
|
bridge_ports:
|
||||||
|
- trunk0
|
||||||
|
bridge_vids:
|
||||||
|
- 1000-1004
|
||||||
|
bridge_disable_pvid: true
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client0:
|
||||||
|
vlan_id: 1000
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client1:
|
||||||
|
vlan_id: 1001
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client2:
|
||||||
|
vlan_id: 1002
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client3:
|
||||||
|
vlan_id: 1003
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client4:
|
||||||
|
vlan_id: 1004
|
||||||
|
vlan_raw_device: clients0
|
||||||
|
ipv6_addrgen: false
|
||||||
|
...
|
16
host_vars/ldap-1.int.infra.auro.re.yml
Normal file
16
host_vars/ldap-1.int.infra.auro.re.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
adm0: 02:00:00:38:c2:52
|
||||||
|
int0: 02:00:00:fe:a8:54
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
adm0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:8/64
|
||||||
|
- 10.128.10.8/16
|
||||||
|
int0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:206::1:3/64
|
||||||
|
- 10.206.1.7/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.int }}"
|
||||||
|
...
|
16
host_vars/ldap-2.int.infra.auro.re.yml
Normal file
16
host_vars/ldap-2.int.infra.auro.re.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
adm0: 04:00:00:f7:1c:47
|
||||||
|
int0: 04:00:00:e4:83:d2
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
adm0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::10:108/64
|
||||||
|
- 10.128.10.108/16
|
||||||
|
int0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:206::1:4/64
|
||||||
|
- 10.206.1.8/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.int }}"
|
||||||
|
...
|
38
host_vars/mx.test.infra.auro.re.yml
Normal file
38
host_vars/mx.test.infra.auro.re.yml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
dovecot__auth_default_realm: test.auro.re
|
||||||
|
dovecot__auth_users:
|
||||||
|
jeltz@test.auro.re: "{plain}password"
|
||||||
|
lafeych@test.auro.re: "{plain}password"
|
||||||
|
toto@test.auro.re: "{plain}password"
|
||||||
|
root@test.auro.re: "{plain}L9yXSrCbbafMlMls5q7WWMKC612XNbXL"
|
||||||
|
dovecot__lmtp_postmaster_address: postmaster@test.auro.re
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
ext0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:211::1:5/64
|
||||||
|
- 10.211.1.5/16
|
||||||
|
- 45.66.111.208/30
|
||||||
|
gateways: "{{ ifupdown2__gateways.ext }}"
|
||||||
|
|
||||||
|
postfix__hostname: mx.test.auro.re
|
||||||
|
|
||||||
|
postfix__sasl_local_domain: test.auro.re
|
||||||
|
|
||||||
|
postfix__virtual_aliases:
|
||||||
|
postmaster@test.auro.re: root@test.auro.re
|
||||||
|
dmarc@test.auro.re: root@test.auro.re
|
||||||
|
|
||||||
|
postfix__virtual_mailbox_domains:
|
||||||
|
- infra.test.auro.re
|
||||||
|
- test.auro.re
|
||||||
|
|
||||||
|
postfix__virtual_mailboxes:
|
||||||
|
jeltz@test.auro.re: jeltz@test.auro.re
|
||||||
|
root@test.auro.re: root@test.auro.re
|
||||||
|
toto@test.auro.re: toto@test.auro.re
|
||||||
|
vincent.lafeychine@test.auro.re: lafeych@test.auro.re
|
||||||
|
|
||||||
|
systemd_link__links:
|
||||||
|
ext0: ae:ae:ae:1d:c8:b2
|
||||||
|
...
|
11
host_vars/ns-1.pub.infra.auro.re.yml
Normal file
11
host_vars/ns-1.pub.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
pub0: 02:00:00:ad:62:64
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
pub0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:215::1:2/64
|
||||||
|
- 45.66.111.205/27
|
||||||
|
gateways: "{{ ifupdown2__gateways.pub }}"
|
||||||
|
...
|
11
host_vars/ns-2.pub.infra.auro.re.yml
Normal file
11
host_vars/ns-2.pub.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
pub0: 04:00:00:1b:0a:3a
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
pub0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:215::1:3/64
|
||||||
|
- 45.66.111.207/27
|
||||||
|
gateways: "{{ ifupdown2__gateways.pub }}"
|
||||||
|
...
|
29
host_vars/ns-3.ovh.infra.auro.re.yml
Normal file
29
host_vars/ns-3.ovh.infra.auro.re.yml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
adm0: 96:77:96:91:e3:6c
|
||||||
|
ovh0: 00:50:56:00:fd:c0
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
adm0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::109/64
|
||||||
|
- 10.128.0.109/16
|
||||||
|
ovh0:
|
||||||
|
addresses:
|
||||||
|
- 92.222.211.194/24
|
||||||
|
gateways: "{{ ifupdown2__gateways.ovh }}"
|
||||||
|
|
||||||
|
# TODO: remove as soon as the VPN works
|
||||||
|
knotd__remotes:
|
||||||
|
xfr-master:
|
||||||
|
address: 2a09:6840:128::110
|
||||||
|
key: xfr
|
||||||
|
|
||||||
|
knotd__acl:
|
||||||
|
notify-master:
|
||||||
|
address:
|
||||||
|
- 2a09:6840:128::110
|
||||||
|
- 10.128.0.110
|
||||||
|
key: xfr
|
||||||
|
action: notify
|
||||||
|
...
|
615
host_vars/ns-master.int.infra.auro.re/knotd.yml
Normal file
615
host_vars/ns-master.int.infra.auro.re/knotd.yml
Normal file
|
@ -0,0 +1,615 @@
|
||||||
|
---
|
||||||
|
knotd__listen:
|
||||||
|
- address: 0.0.0.0
|
||||||
|
- address: "::"
|
||||||
|
|
||||||
|
knotd__keys:
|
||||||
|
xfr:
|
||||||
|
algorithm: hmac-sha512
|
||||||
|
secret: "{{ vault_knotd_xfr_key }}"
|
||||||
|
ksk-infra:
|
||||||
|
algorithm: hmac-sha512
|
||||||
|
secret: "{{ vault_knotd_ksk_infra_key }}"
|
||||||
|
update-acme-challenge:
|
||||||
|
algorithm: hmac-sha512
|
||||||
|
secret: "{{ vault_certbot_dns_secret }}"
|
||||||
|
|
||||||
|
knotd__remotes:
|
||||||
|
xfr-ns-1:
|
||||||
|
address: 2a09:6840:215::1:2
|
||||||
|
key: xfr
|
||||||
|
xfr-ns-2:
|
||||||
|
address: 2a09:6840:215::1:3
|
||||||
|
key: xfr
|
||||||
|
xfr-ns-3:
|
||||||
|
address: 10.128.0.109
|
||||||
|
key: xfr
|
||||||
|
ksk-infra:
|
||||||
|
address: ::1
|
||||||
|
key: ksk-infra
|
||||||
|
|
||||||
|
knotd__policies:
|
||||||
|
public:
|
||||||
|
algorithm: ECDSAP256SHA256
|
||||||
|
reproducible_signing: true
|
||||||
|
# Je n'ai pas trouvé de façon de pousser les records automatiquement
|
||||||
|
# sur .re, donc pour éviter d'oublier de le faire manuellement, la
|
||||||
|
# KSK n'expire pas
|
||||||
|
ksk_lifetime: 0
|
||||||
|
zsk_lifetime: 30d
|
||||||
|
nsec3: true
|
||||||
|
infra:
|
||||||
|
algorithm: ECDSAP256SHA256
|
||||||
|
ksk_lifetime: 365d
|
||||||
|
zsk_lifetime: 30d
|
||||||
|
nsec3: on
|
||||||
|
ds-push: ksk-infra
|
||||||
|
cds-cdnskey-publish: rollover
|
||||||
|
ksk-submission: infra
|
||||||
|
ripe:
|
||||||
|
algorithm: ECDSAP256SHA256
|
||||||
|
ksk_lifetime: 365d
|
||||||
|
zsk_lifetime: 30d
|
||||||
|
nsec3: on
|
||||||
|
ds-push: ksk-ripe
|
||||||
|
cds-cdnskey-publish: rollover
|
||||||
|
ksk-submission: ripe
|
||||||
|
|
||||||
|
knotd__acl:
|
||||||
|
xfr:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::109
|
||||||
|
- 10.128.0.109
|
||||||
|
- 2a09:6840:215::1:2
|
||||||
|
- 45.66.111.205
|
||||||
|
- 2a09:6840:215::1:3
|
||||||
|
- 45.66.111.207
|
||||||
|
action: transfer
|
||||||
|
key: xfr
|
||||||
|
ksk-infra:
|
||||||
|
addresses:
|
||||||
|
- 127.0.0.1
|
||||||
|
- ::1
|
||||||
|
key: ksk-infra
|
||||||
|
action: update
|
||||||
|
update_types:
|
||||||
|
- DS
|
||||||
|
update_owner: name
|
||||||
|
update_owner_match: equal
|
||||||
|
update_owner_name:
|
||||||
|
- infra
|
||||||
|
update-acme-challenge:
|
||||||
|
addresses:
|
||||||
|
- 10.128.0.0/16
|
||||||
|
- 2a09:6840:128::/48
|
||||||
|
key: update-acme-challenge
|
||||||
|
action: update
|
||||||
|
update_types:
|
||||||
|
- TXT
|
||||||
|
update_owner: name
|
||||||
|
update_owner_match: equal
|
||||||
|
update_owner_name:
|
||||||
|
- _acme-challenge.auro.re.
|
||||||
|
|
||||||
|
knotd__queryacl:
|
||||||
|
local:
|
||||||
|
addresses:
|
||||||
|
- 10.0.0.0/8
|
||||||
|
|
||||||
|
knotd__soa_rname: root@auro.re.
|
||||||
|
|
||||||
|
knotd__hosts:
|
||||||
|
|
||||||
|
auro.re:
|
||||||
|
proxy-ovh:
|
||||||
|
- 92.222.211.195
|
||||||
|
horus:
|
||||||
|
- 92.23.218.136
|
||||||
|
ns-1:
|
||||||
|
- 45.66.111.205
|
||||||
|
- 2a09:6840:215::1:2
|
||||||
|
ns-2:
|
||||||
|
- 92.222.211.194
|
||||||
|
serge:
|
||||||
|
- 92.222.211.196
|
||||||
|
lama:
|
||||||
|
- 185.230.78.220
|
||||||
|
- 2a0c:700:12:0:67:e5ff:fee9:108
|
||||||
|
vpn-ovh:
|
||||||
|
- 92.222.211.197
|
||||||
|
passerelle:
|
||||||
|
- 45.66.111.254
|
||||||
|
- 2a09:6840:111::254
|
||||||
|
proxy:
|
||||||
|
- 45.66.111.61
|
||||||
|
- 2a09:6840:111::61
|
||||||
|
camelot:
|
||||||
|
- 45.66.111.59
|
||||||
|
- 2a09:6840:111::59
|
||||||
|
mail:
|
||||||
|
- 45.66.111.62
|
||||||
|
- 2a09:6840:111::62
|
||||||
|
galene:
|
||||||
|
- 45.66.111.65
|
||||||
|
- 2a09:6840:111::65
|
||||||
|
aclyas:
|
||||||
|
- 45.66.111.231
|
||||||
|
- 2a09:6840:111::231
|
||||||
|
jitsi:
|
||||||
|
- 45.66.111.55
|
||||||
|
- 2a09:6840:111::55
|
||||||
|
portail-fleming:
|
||||||
|
- 10.13.0.247
|
||||||
|
- 2a09:6840:13::247
|
||||||
|
portail-pacaterie:
|
||||||
|
- 10.23.0.247
|
||||||
|
- 2a09:6840:23::247
|
||||||
|
portail-rives:
|
||||||
|
- 10.33.0.247
|
||||||
|
- 2a09:6840:33::247
|
||||||
|
portail-edc:
|
||||||
|
- 10.43.0.247
|
||||||
|
- 2a09:6840:43::247
|
||||||
|
portail-gs:
|
||||||
|
- 10.53.0.247
|
||||||
|
- 2a09:6840:53::247
|
||||||
|
grocy.bric:
|
||||||
|
- 45.66.111.133
|
||||||
|
- 2a09:6840:111::133
|
||||||
|
|
||||||
|
adh.auro.re:
|
||||||
|
hoffman:
|
||||||
|
- 45.66.110.1
|
||||||
|
- 2a09:6840:110:0:2d8:61ff:fe56:d7eb
|
||||||
|
hindley:
|
||||||
|
- 45.66.110.3
|
||||||
|
- 2a09:6840:110:0:a6ba:dbff:fe03:1f36
|
||||||
|
yberreby:
|
||||||
|
- 45.66.110.5
|
||||||
|
- 2a09:6840:110:0:d896:1dff:fe59:8381
|
||||||
|
paon:
|
||||||
|
- 45.66.110.10
|
||||||
|
- 2a09:6840:110:0:231:92ff:fe1b:ae22
|
||||||
|
lovelace:
|
||||||
|
- 45.66.110.45
|
||||||
|
- 2a09:6840:110:0:c634:6bff:feb5:7bcc
|
||||||
|
switch-leo:
|
||||||
|
- 45.66.110.103
|
||||||
|
- 2a09:6840:110:0:82cc:9cff:fe82:ca3e
|
||||||
|
haskell:
|
||||||
|
- 45.66.110.112
|
||||||
|
- 2a09:6840:110:0:f4ac:cbff:fe81:7f48
|
||||||
|
lyshyga0:
|
||||||
|
- 45.66.110.113
|
||||||
|
- 2a09:6840:110:0:6af7:28ff:fe91:e8d9
|
||||||
|
pz28910:
|
||||||
|
- 45.66.110.114
|
||||||
|
vinsing0:
|
||||||
|
- 45.66.110.123
|
||||||
|
- 2a09:6840:110:0:1e1b:dff:fe90:7d81
|
||||||
|
osc-routeur:
|
||||||
|
- 45.66.110.125
|
||||||
|
- 2a09:6840:110:0:ba27:ebff:fe2d:c1a1
|
||||||
|
odroid:
|
||||||
|
- 45.66.110.154
|
||||||
|
- 2a09:6840:110:0:21e:6ff:fe49:e00
|
||||||
|
amau0:
|
||||||
|
- 45.66.110.164
|
||||||
|
- 2a09:6840:110:0:3e7c:3fff:fec3:27d1
|
||||||
|
regulus:
|
||||||
|
- 45.66.110.180
|
||||||
|
- 2a09:6840:110:0:2ef0:5dff:fe2a:1530
|
||||||
|
toaster:
|
||||||
|
- 45.66.110.188
|
||||||
|
- 2a09:6840:110:0:5246:5dff:fe9a:f70
|
||||||
|
rpijutax:
|
||||||
|
- 45.66.110.190
|
||||||
|
- 2a09:6840:110:0:ba27:ebff:fe76:a9bc
|
||||||
|
lafeychine:
|
||||||
|
- 45.66.110.200
|
||||||
|
- 2a09:6840:110:0:46a5:6eff:fe71:1
|
||||||
|
polaris:
|
||||||
|
- 45.66.110.245
|
||||||
|
- 2a09:6840:110:0:dea6:32ff:feb4:d033
|
||||||
|
|
||||||
|
knotd__zones:
|
||||||
|
|
||||||
|
auro.re:
|
||||||
|
dnssec_policy: public
|
||||||
|
notify:
|
||||||
|
- xfr-ns-1
|
||||||
|
- xfr-ns-2
|
||||||
|
- xfr-ns-3
|
||||||
|
acl:
|
||||||
|
- update-acme-challenge
|
||||||
|
- ksk-infra
|
||||||
|
- xfr
|
||||||
|
soa:
|
||||||
|
mname: ns-master.int.infra
|
||||||
|
ns:
|
||||||
|
- target:
|
||||||
|
- ns-1.pub.infra
|
||||||
|
- ns-2.pub.infra
|
||||||
|
- ns-3.ovh.infra
|
||||||
|
- name: infra
|
||||||
|
target:
|
||||||
|
- ns-1.pub.infra
|
||||||
|
- ns-2.pub.infra
|
||||||
|
- ns-3.ovh.infra
|
||||||
|
- name: test
|
||||||
|
target:
|
||||||
|
- ns-1.pub.infra
|
||||||
|
- ns-2.pub.infra
|
||||||
|
- ns-3.ovh.infra
|
||||||
|
- name: adm
|
||||||
|
target:
|
||||||
|
- serge
|
||||||
|
- lama
|
||||||
|
- name: ups
|
||||||
|
target:
|
||||||
|
- serge
|
||||||
|
- lama
|
||||||
|
- name: switch
|
||||||
|
target:
|
||||||
|
- serge
|
||||||
|
- lama
|
||||||
|
- name: borne
|
||||||
|
target:
|
||||||
|
- serge
|
||||||
|
- lama
|
||||||
|
mx:
|
||||||
|
- exchange: mail
|
||||||
|
preference: 5
|
||||||
|
- exchange: proxy-ovh
|
||||||
|
preference: 10
|
||||||
|
txt:
|
||||||
|
- data: v=spf1 mx -all
|
||||||
|
a:
|
||||||
|
- address: 92.222.211.195
|
||||||
|
cname:
|
||||||
|
- name:
|
||||||
|
- gisti
|
||||||
|
- gistiti
|
||||||
|
target: jitsi
|
||||||
|
- name:
|
||||||
|
- element
|
||||||
|
- riot
|
||||||
|
- auth
|
||||||
|
- rss
|
||||||
|
- codimd
|
||||||
|
- hedgedoc
|
||||||
|
- grist
|
||||||
|
- kanboard
|
||||||
|
- www
|
||||||
|
- pad
|
||||||
|
- privatebin
|
||||||
|
- zero
|
||||||
|
- paste
|
||||||
|
target: proxy-ovh
|
||||||
|
- name:
|
||||||
|
- grafana
|
||||||
|
- nextcloud
|
||||||
|
- cloud
|
||||||
|
- office
|
||||||
|
target: proxy.pub.infra
|
||||||
|
- name:
|
||||||
|
- netbox
|
||||||
|
- wiki
|
||||||
|
- matrix
|
||||||
|
- drone
|
||||||
|
- gitea
|
||||||
|
- re2o
|
||||||
|
- vote
|
||||||
|
target: proxy
|
||||||
|
- name: intranet
|
||||||
|
target: re2o
|
||||||
|
- name:
|
||||||
|
- smtp
|
||||||
|
- imap
|
||||||
|
target: mail
|
||||||
|
- name:
|
||||||
|
- prometheus-paul.adh
|
||||||
|
- pma-paul.adh
|
||||||
|
- nextcloud-paul.adh
|
||||||
|
- grafana-paul.adh
|
||||||
|
- jellyfin.adh
|
||||||
|
- monitoring.adh
|
||||||
|
- beta-mpp.adh
|
||||||
|
- pz28.adh
|
||||||
|
target: lucepaul.myvnc.com.
|
||||||
|
- name:
|
||||||
|
- services-1.pve
|
||||||
|
target: services-1.pve.infra
|
||||||
|
- name:
|
||||||
|
- services-2.pve
|
||||||
|
target: services-2.pve.infra
|
||||||
|
- name:
|
||||||
|
- services-3.pve
|
||||||
|
target: services-3.pve.infra
|
||||||
|
hosts: "{{ knotd__hosts['auro.re']
|
||||||
|
| combine(knotd__hosts['adh.auro.re']
|
||||||
|
| add_origin_keys('adh.auro.re.')) }}"
|
||||||
|
|
||||||
|
test.auro.re:
|
||||||
|
dnssec_policy: public
|
||||||
|
notify:
|
||||||
|
- xfr-ns-1
|
||||||
|
- xfr-ns-2
|
||||||
|
- xfr-ns-3
|
||||||
|
acl:
|
||||||
|
- xfr
|
||||||
|
soa:
|
||||||
|
mname: ns-master.int.infra.auro.re.
|
||||||
|
txt:
|
||||||
|
- data: v=spf1 mx -all
|
||||||
|
- name: _dmarc
|
||||||
|
data: v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@test.auro.re;ruf=mailto:postmaster@test.auro.re
|
||||||
|
ns:
|
||||||
|
- target:
|
||||||
|
- ns-1.pub.infra.auro.re.
|
||||||
|
- ns-2.pub.infra.auro.re.
|
||||||
|
- ns-3.ovh.infra.auro.re.
|
||||||
|
mx:
|
||||||
|
- exchange: mx
|
||||||
|
preference: 5
|
||||||
|
cname:
|
||||||
|
- name:
|
||||||
|
- www1
|
||||||
|
- www2
|
||||||
|
- www3
|
||||||
|
target: proxy.pub.infra.auro.re.
|
||||||
|
hosts:
|
||||||
|
mx:
|
||||||
|
- 2a09:6840:211::1:5
|
||||||
|
- 45.66.111.205
|
||||||
|
|
||||||
|
infra.auro.re:
|
||||||
|
dnssec_policy: infra
|
||||||
|
notify:
|
||||||
|
- xfr-ns-1
|
||||||
|
- xfr-ns-2
|
||||||
|
- xfr-ns-3
|
||||||
|
acl:
|
||||||
|
- xfr
|
||||||
|
#queryacl: local
|
||||||
|
soa:
|
||||||
|
mname: ns-master.int
|
||||||
|
ns:
|
||||||
|
- target:
|
||||||
|
- ns-1.pub.infra.auro.re.
|
||||||
|
- ns-2.pub.infra.auro.re.
|
||||||
|
- ns-3.ovh.infra.auro.re.
|
||||||
|
hosts:
|
||||||
|
services-1.ceph:
|
||||||
|
- 10.214.1.1
|
||||||
|
- "2a09:6840:214::1:1"
|
||||||
|
services-2.ceph:
|
||||||
|
- 10.214.1.2
|
||||||
|
- "2a09:6840:214::1:2"
|
||||||
|
services-3.ceph:
|
||||||
|
- 10.214.1.3
|
||||||
|
- "2a09:6840:209::1:3"
|
||||||
|
services-1.pve:
|
||||||
|
- 10.209.2.1
|
||||||
|
- 2a09:6840:209::2:1
|
||||||
|
services-2.pve:
|
||||||
|
- 10.209.2.2
|
||||||
|
- 2a09:6840:209::2:2
|
||||||
|
services-3.pve:
|
||||||
|
- 10.209.2.3
|
||||||
|
- 2a09:6840:209::2:3
|
||||||
|
ns-master.int:
|
||||||
|
- 10.128.0.110
|
||||||
|
- 2a09:6840:128:0::110
|
||||||
|
network-1.pve:
|
||||||
|
- 2a09:6840:209::1:1
|
||||||
|
- 10.209.1.1
|
||||||
|
network-2.pve:
|
||||||
|
- 2a09:6840:209::1:2
|
||||||
|
- 10.209.1.2
|
||||||
|
edge-1.back:
|
||||||
|
- 2a09:6840:203::1:1
|
||||||
|
- 10.203.1.1
|
||||||
|
edge-2.back:
|
||||||
|
- 2a09:6840:203::1:2
|
||||||
|
- 10.203.1.2
|
||||||
|
dns-1.int:
|
||||||
|
- 2a09:6840:206::1:1
|
||||||
|
- 10.206.1.1
|
||||||
|
dns-2.int:
|
||||||
|
- 2a09:6840:206::1:2
|
||||||
|
- 10.206.1.2
|
||||||
|
nis2.int:
|
||||||
|
- 2a09:6840:206::2:1
|
||||||
|
- 10.206.2.1
|
||||||
|
wg-1.vpn:
|
||||||
|
- 2a09:6840:213::1:3
|
||||||
|
- 10.213.1.3
|
||||||
|
wg-2.vpn:
|
||||||
|
- 2a09:6840:213::1:4
|
||||||
|
- 10.213.1.4
|
||||||
|
infra-1.back:
|
||||||
|
- 2a09:6840:203::1:3
|
||||||
|
- 10.203.1.3
|
||||||
|
infra-2.back:
|
||||||
|
- 2a09:6840:203::1:4
|
||||||
|
- 10.203.1.4
|
||||||
|
isp-1.back:
|
||||||
|
- 2a09:6840:203::1:5
|
||||||
|
- 10.203.1.5
|
||||||
|
isp-2.back:
|
||||||
|
- 2a09:6840:203::1:6
|
||||||
|
- 10.203.1.6
|
||||||
|
dhcp-1.isp:
|
||||||
|
- 2a09:6840:210::1:1
|
||||||
|
- 10.210.1.1
|
||||||
|
dhcp-2.isp:
|
||||||
|
- 2a09:6840:210::1:2
|
||||||
|
- 10.210.1.2
|
||||||
|
radius-1.isp:
|
||||||
|
- 2a09:6840:210::1:3
|
||||||
|
- 10.210.1.3
|
||||||
|
radius-2.isp:
|
||||||
|
- 2a09:6840:210::1:4
|
||||||
|
- 10.210.1.4
|
||||||
|
ldap-1.int:
|
||||||
|
- 10.128.10.8
|
||||||
|
- 2a09:6840:128::10:8
|
||||||
|
ldap-2.int:
|
||||||
|
- 10.128.10.108
|
||||||
|
- 2a09:6840:128::10:108
|
||||||
|
ntp-1.int:
|
||||||
|
- 2a09:6840:206::1:5
|
||||||
|
- 10.206.1.5
|
||||||
|
ntp-2.int:
|
||||||
|
- 2a09:6840:206::1:6
|
||||||
|
- 10.206.1.6
|
||||||
|
prometheus-1.monit:
|
||||||
|
- 2a09:6840:204::1:1
|
||||||
|
- 10.204.1.1
|
||||||
|
prometheus-2.monit:
|
||||||
|
- 2a09:6840:204::1:2
|
||||||
|
- 10.204.1.2
|
||||||
|
ff-1.core.sw:
|
||||||
|
#- 2a09:6840:207::1:1
|
||||||
|
- 10.207.1.1
|
||||||
|
ff-2.core.sw:
|
||||||
|
#- 2a09:6840:207::1:2
|
||||||
|
- 10.207.1.2
|
||||||
|
fl-1.core.sw:
|
||||||
|
#- 2a09:6840:207::1:3
|
||||||
|
- 10.207.1.3
|
||||||
|
fl-2.core.sw:
|
||||||
|
#- 2a09:6840:207::1:4
|
||||||
|
- 10.207.1.4
|
||||||
|
fd-1.core.sw:
|
||||||
|
#- 2a09:6840:207::1:5
|
||||||
|
- 10.207.1.5
|
||||||
|
ff-3.core.sw:
|
||||||
|
#- 2a09:6840:207::1:6
|
||||||
|
- 10.207.1.6
|
||||||
|
gk-1.core.sw:
|
||||||
|
#- 2a09:6840:207::2:1
|
||||||
|
- 10.207.2.1
|
||||||
|
eb-1.core.sw:
|
||||||
|
#- 2a09:6840:207::3:1
|
||||||
|
- 10.207.3.1
|
||||||
|
r3-1.core.sw:
|
||||||
|
#- 2a09:6840:207::4:1
|
||||||
|
- 10.207.4.1
|
||||||
|
eb-1.ups:
|
||||||
|
- 2a09:6840:201::3:1
|
||||||
|
- 10.201.3.1
|
||||||
|
ec-1.ups:
|
||||||
|
- 2a09:6840:201::3:2
|
||||||
|
- 10.201.3.2
|
||||||
|
mx.test:
|
||||||
|
- 2a09:6840:211::1:5
|
||||||
|
- 10.211.1.5
|
||||||
|
collabora.ext:
|
||||||
|
- 2a09:6840:211::1:1
|
||||||
|
- 10.211.1.1
|
||||||
|
proxy.pub:
|
||||||
|
- 2a09:6840:215::1:1
|
||||||
|
- 45.66.111.206
|
||||||
|
ns-1.pub:
|
||||||
|
- 2a09:6840:215::1:2
|
||||||
|
- 45.66.111.205
|
||||||
|
ns-2.pub:
|
||||||
|
- 2a09:6840:215::1:3
|
||||||
|
- 45.66.111.207
|
||||||
|
ns-3.ovh:
|
||||||
|
- 92.222.211.194
|
||||||
|
|
||||||
|
108.66.45.in-addr.arpa:
|
||||||
|
dnssec_policy: ripe
|
||||||
|
notify:
|
||||||
|
- xfr-ns-1
|
||||||
|
- xfr-ns-2
|
||||||
|
- xfr-ns-3
|
||||||
|
acl:
|
||||||
|
- xfr
|
||||||
|
soa:
|
||||||
|
mname: ns-master.int.infra.auro.re.
|
||||||
|
ns:
|
||||||
|
- target:
|
||||||
|
- ns-1.pub.infra.auro.re.
|
||||||
|
- ns-2.pub.infra.auro.re.
|
||||||
|
- ns-3.ovh.infra.auro.re.
|
||||||
|
|
||||||
|
109.66.45.in-addr.arpa:
|
||||||
|
dnssec_policy: ripe
|
||||||
|
notify:
|
||||||
|
- xfr-ns-1
|
||||||
|
- xfr-ns-2
|
||||||
|
- xfr-ns-3
|
||||||
|
acl:
|
||||||
|
- xfr
|
||||||
|
soa:
|
||||||
|
mname: ns-master.int.infra.auro.re.
|
||||||
|
ns:
|
||||||
|
- target:
|
||||||
|
- ns-1.pub.infra.auro.re.
|
||||||
|
- ns-2.pub.infra.auro.re.
|
||||||
|
- ns-3.ovh.infra.auro.re.
|
||||||
|
|
||||||
|
110.66.45.in-addr.arpa:
|
||||||
|
dnssec_policy: ripe
|
||||||
|
notify:
|
||||||
|
- xfr-ns-1
|
||||||
|
- xfr-ns-2
|
||||||
|
- xfr-ns-3
|
||||||
|
acl:
|
||||||
|
- xfr
|
||||||
|
soa:
|
||||||
|
mname: ns-master.int.infra.auro.re.
|
||||||
|
ns:
|
||||||
|
- target:
|
||||||
|
- ns-1.pub.infra.auro.re.
|
||||||
|
- ns-2.pub.infra.auro.re.
|
||||||
|
- ns-3.ovh.infra.auro.re.
|
||||||
|
reverse_hosts: "{{ knotd__hosts['adh.auro.re']
|
||||||
|
| ip_filter(['45.66.110.0/24'])
|
||||||
|
| add_origin_keys('adh.auro.re.') }}"
|
||||||
|
|
||||||
|
111.66.45.in-addr.arpa:
|
||||||
|
dnssec_policy: ripe
|
||||||
|
notify:
|
||||||
|
- xfr-ns-1
|
||||||
|
- xfr-ns-2
|
||||||
|
- xfr-ns-3
|
||||||
|
acl:
|
||||||
|
- xfr
|
||||||
|
soa:
|
||||||
|
mname: ns-master.int.infra.auro.re.
|
||||||
|
ns:
|
||||||
|
- target:
|
||||||
|
- ns-1.pub.infra.auro.re.
|
||||||
|
- ns-2.pub.infra.auro.re.
|
||||||
|
- ns-3.ovh.infra.auro.re.
|
||||||
|
reverse_hosts: "{{ knotd__hosts['auro.re']
|
||||||
|
| ip_filter(['45.66.111.0/24'])
|
||||||
|
| add_origin_keys('auro.re.') }}"
|
||||||
|
|
||||||
|
0.4.8.6.9.0.a.2.ip6.arpa:
|
||||||
|
dnssec_policy: ripe
|
||||||
|
notify:
|
||||||
|
- xfr-ns-1
|
||||||
|
- xfr-ns-2
|
||||||
|
- xfr-ns-3
|
||||||
|
acl:
|
||||||
|
- xfr
|
||||||
|
soa:
|
||||||
|
mname: ns-master.int.infra.auro.re.
|
||||||
|
ns:
|
||||||
|
- target:
|
||||||
|
- ns-1.pub.infra.auro.re.
|
||||||
|
- ns-2.pub.infra.auro.re.
|
||||||
|
- ns-3.ovh.infra.auro.re.
|
||||||
|
reverse_hosts: "{{ knotd__hosts['auro.re']
|
||||||
|
| ip_filter(['2a09:6840::/32'])
|
||||||
|
| add_origin_keys('auro.re.')
|
||||||
|
| combine(knotd__hosts['adh.auro.re']
|
||||||
|
| ip_filter(['2a09:6840::/32'])
|
||||||
|
| add_origin_keys('adh.auro.re.')) }}"
|
||||||
|
...
|
16
host_vars/ns-master.int.infra.auro.re/main.yml
Normal file
16
host_vars/ns-master.int.infra.auro.re/main.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
int0: 02:00:00:e3:36:c8
|
||||||
|
adm0: 42:17:a7:d1:bd:6a
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
adm0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::110/64
|
||||||
|
- 10.128.0.110/16
|
||||||
|
int0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:206::1:7/64
|
||||||
|
- 10.206.1.7/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.int }}"
|
||||||
|
...
|
11
host_vars/ntp-1.int.infra.auro.re.yml
Normal file
11
host_vars/ntp-1.int.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
int0: 02:00:00:74:71:83
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
int0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:206::1:5/64
|
||||||
|
- 10.206.1.5/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.int }}"
|
||||||
|
...
|
11
host_vars/ntp-2.int.infra.auro.re.yml
Normal file
11
host_vars/ntp-2.int.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
int0: 04:00:00:31:be:50
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
int0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:206::1:6/64
|
||||||
|
- 10.206.1.6/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.int }}"
|
||||||
|
...
|
11
host_vars/prometheus-1.monit.infra.auro.re.yml
Normal file
11
host_vars/prometheus-1.monit.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
monit0: 02:00:00:a8:6b:51
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
monit0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:204::1:1/64
|
||||||
|
- 10.204.1.1/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.monit }}"
|
||||||
|
...
|
11
host_vars/prometheus-2.monit.infra.auro.re.yml
Normal file
11
host_vars/prometheus-2.monit.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
monit0: 04:00:00:a6:93:5a
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
monit0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:204::1:2/64
|
||||||
|
- 10.204.1.2/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.monit }}"
|
||||||
|
...
|
|
@ -70,3 +70,6 @@ loc_reverseproxy:
|
||||||
|
|
||||||
- from: grafana.auro.re
|
- from: grafana.auro.re
|
||||||
to: "10.128.0.98:3000"
|
to: "10.128.0.98:3000"
|
||||||
|
|
||||||
|
- from: office.auro.re
|
||||||
|
to: "10.128.0.220"
|
||||||
|
|
99
host_vars/proxy.pub.infra.auro.re.yml
Normal file
99
host_vars/proxy.pub.infra.auro.re.yml
Normal file
|
@ -0,0 +1,99 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
pub0: ae:ae:ae:3a:71:0b
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
pub0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:215::1:1/64
|
||||||
|
- 45.66.111.206/27
|
||||||
|
gateways: "{{ ifupdown2__gateways.pub }}"
|
||||||
|
|
||||||
|
caddy__matrix_headers:
|
||||||
|
access-control-allow-headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
||||||
|
access-control-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
|
||||||
|
access-control-allow-origin: "*"
|
||||||
|
|
||||||
|
caddy__routes_https:
|
||||||
|
www1.test.auro.re:
|
||||||
|
- root: /var/www/auro.re
|
||||||
|
- path: /.well-known/matrix/server
|
||||||
|
headers: "{{ caddy__matrix_headers }}"
|
||||||
|
body: '{"m.server": "matrix.auro.re:8448"}'
|
||||||
|
status: 200
|
||||||
|
- path: /.well-known/matrix/client
|
||||||
|
headers: "{{ caddy__matrix_headers }}"
|
||||||
|
body: '{"m.homeserver": {"base_url": "https://matrix.auro.re"}}'
|
||||||
|
status: 200
|
||||||
|
www2.test.auro.re:
|
||||||
|
headers:
|
||||||
|
location: "https://auro.re{http.request.uri}"
|
||||||
|
status: 301
|
||||||
|
www3.test.auro.re:
|
||||||
|
reverse:
|
||||||
|
- "[2a09:6840:128::198]:3000"
|
||||||
|
- 10.128.0.198:3000
|
||||||
|
grafana.auro.re:
|
||||||
|
reverse:
|
||||||
|
- "[2a09:6840:128::98]:3000"
|
||||||
|
- 10.128.0.98:3000
|
||||||
|
office.auro.re:
|
||||||
|
reverse:
|
||||||
|
- "[2a09:6840:211::1:1]:9980"
|
||||||
|
- 10.211.1.1:9980
|
||||||
|
nextcloud.auro.re:
|
||||||
|
headers:
|
||||||
|
location: "https://cloud.auro.re{http.request.uri}"
|
||||||
|
status: 301
|
||||||
|
cloud.auro.re:
|
||||||
|
- path: /.well-known/carddav
|
||||||
|
headers:
|
||||||
|
location: /remote.php/dav/
|
||||||
|
status: 301
|
||||||
|
- path: /.well-known/caldav
|
||||||
|
headers:
|
||||||
|
location: /remote.php/dav/
|
||||||
|
status: 301
|
||||||
|
- path: /.well-known/webfinger
|
||||||
|
headers:
|
||||||
|
location: /index.php/.well-known/webfinger
|
||||||
|
status: 301
|
||||||
|
- path: /.well-known/nodeinfo
|
||||||
|
headers:
|
||||||
|
location: /index.php/.well-known/nodeinfo
|
||||||
|
status: 301
|
||||||
|
- path: /remote/*
|
||||||
|
rewrite: /remote.php
|
||||||
|
- path: /ocm-provider/*
|
||||||
|
rewrite: /index.php
|
||||||
|
- path: "*.mjs"
|
||||||
|
headers:
|
||||||
|
content-type: text/javascript
|
||||||
|
- reverse:
|
||||||
|
- "[2a09:6840:128::58]:8080"
|
||||||
|
- 10.128.0.58:8080
|
||||||
|
headers:
|
||||||
|
x-robots-tag: noindex, nofollow
|
||||||
|
referrer-policy: no-referrer
|
||||||
|
x-content-type-options: nosniff
|
||||||
|
x-frame-options: SAMEORIGIN
|
||||||
|
x-permitted-cross-domain-policies: none
|
||||||
|
x-xss-protection: "1; mode=block"
|
||||||
|
|
||||||
|
caddy__contact_email: tech.aurore@lists.crans.org
|
||||||
|
|
||||||
|
caddy__errors:
|
||||||
|
- root: "{{ caddy__error_dir }}"
|
||||||
|
- rewrite: /error.html
|
||||||
|
- file_server: true
|
||||||
|
templates: true
|
||||||
|
|
||||||
|
caddy__servers:
|
||||||
|
https:
|
||||||
|
listen: ":443"
|
||||||
|
routes: "{{ caddy__routes_https }}"
|
||||||
|
errors: "{{ caddy__errors }}"
|
||||||
|
http:
|
||||||
|
listen: ":80"
|
||||||
|
|
||||||
|
...
|
11
host_vars/radius-1.isp.infra.auro.re.yml
Normal file
11
host_vars/radius-1.isp.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
isp0: 02:00:00:6a:3e:f4
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
isp0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:210::1:3/64
|
||||||
|
- 10.210.1.3/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.isp }}"
|
||||||
|
...
|
11
host_vars/radius-2.isp.infra.auro.re.yml
Normal file
11
host_vars/radius-2.isp.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
isp0: 04:00:00:29:6d:c9
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
isp0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:210::1:4/64
|
||||||
|
- 10.210.1.4/16
|
||||||
|
gateways: "{{ ifupdown2__gateways.isp }}"
|
||||||
|
...
|
44
host_vars/wg-1.vpn.infra.auro.re.yml
Normal file
44
host_vars/wg-1.vpn.infra.auro.re.yml
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
vpn0:
|
||||||
|
enabled: false
|
||||||
|
vpn: 02:00:00:b5:ca:c7
|
||||||
|
ext0:
|
||||||
|
enabled: false
|
||||||
|
ext: 02:00:00:e3:65:49
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
ext0:
|
||||||
|
gateways: "{{ ifupdown2__gateways.ext }}"
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:211::1:1/64
|
||||||
|
- 10.211.1.1/16
|
||||||
|
- 45.66.111.204/30
|
||||||
|
vpn0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:213::1:3/64
|
||||||
|
- 10.213.1.3/16
|
||||||
|
# FIXME: move to group_vars
|
||||||
|
goto_table: "{{ iproute2__custom_tables.wireguard }}"
|
||||||
|
#vrf: wg-vrf
|
||||||
|
ext:
|
||||||
|
gateways: "{{ ifupdown2__gateways.ext }}"
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:211::1:1/64
|
||||||
|
- 10.211.1.1/16
|
||||||
|
- 45.66.111.204/30
|
||||||
|
vpn:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:213::1:3/64
|
||||||
|
- 10.213.1.3/16
|
||||||
|
# FIXME: move to group_vars
|
||||||
|
goto_table: "{{ iproute2__custom_tables.wireguard }}"
|
||||||
|
#vrf: wg-vrf
|
||||||
|
|
||||||
|
bird__router_id: 10.213.1.3
|
||||||
|
|
||||||
|
bird__bgp_addr:
|
||||||
|
vpn:
|
||||||
|
- 2a09:6840:213::1:3
|
||||||
|
- 10.213.1.3
|
||||||
|
...
|
138
hosts
138
hosts
|
@ -1,9 +1,104 @@
|
||||||
# Aurore servers inventory
|
# Aurore servers inventory
|
||||||
|
|
||||||
# How to name your server ?
|
[vm_test]
|
||||||
# > We name servers according to location, then type, then function.
|
mx.test.infra.auro.re
|
||||||
# > Then we regroup everything in global geographic, type and function groups.
|
|
||||||
|
|
||||||
|
[vm_services]
|
||||||
|
collabora.ext.infra.auro.re
|
||||||
|
proxy.pub.infra.auro.re
|
||||||
|
|
||||||
|
[aruba]
|
||||||
|
eb-1.acs.sw.infra.auro.re
|
||||||
|
|
||||||
|
[quanta]
|
||||||
|
ff-1.core.sw.infra.auro.re
|
||||||
|
ff-2.core.sw.infra.auro.re
|
||||||
|
fl-1.core.sw.infra.auro.re
|
||||||
|
fl-2.core.sw.infra.auro.re
|
||||||
|
fd-1.core.sw.infra.auro.re
|
||||||
|
gk-1.core.sw.infra.auro.re
|
||||||
|
eb-1.core.sw.infra.auro.re
|
||||||
|
r3-1.core.sw.infra.auro.re
|
||||||
|
|
||||||
|
[eaton_ups]
|
||||||
|
eb-1.ups.infra.auro.re
|
||||||
|
ec-1.ups.infra.auro.re
|
||||||
|
|
||||||
|
[vpn]
|
||||||
|
wg-[1:2].vpn.infra.auro.re
|
||||||
|
|
||||||
|
[dns]
|
||||||
|
dns-[1:2].int.infra.auro.re
|
||||||
|
|
||||||
|
[dhcp]
|
||||||
|
dhcp-[1:2].isp.infra.auro.re
|
||||||
|
|
||||||
|
[edge]
|
||||||
|
edge-[1:2].back.infra.auro.re
|
||||||
|
|
||||||
|
[isp]
|
||||||
|
isp-1.back.infra.auro.re
|
||||||
|
#isp-[1:2].back.infra.auro.re
|
||||||
|
|
||||||
|
[infra]
|
||||||
|
infra-[1:2].back.infra.auro.re
|
||||||
|
|
||||||
|
[prom]
|
||||||
|
prometheus-[1:2].monit.infra.auro.re
|
||||||
|
|
||||||
|
[router:children]
|
||||||
|
isp
|
||||||
|
infra
|
||||||
|
edge
|
||||||
|
|
||||||
|
[ns]
|
||||||
|
ns-[1:2].pub.infra.auro.re
|
||||||
|
ns-3.ovh.infra.auro.re
|
||||||
|
|
||||||
|
[ldap]
|
||||||
|
#ldap-[1:2].int.infra.auro.re
|
||||||
|
|
||||||
|
[ntp]
|
||||||
|
ntp-[1:2].int.infra.auro.re
|
||||||
|
|
||||||
|
[radiusng]
|
||||||
|
radius-[1:2].isp.infra.auro.re
|
||||||
|
|
||||||
|
[vm:children]
|
||||||
|
vm_network
|
||||||
|
vm_services
|
||||||
|
vm_ovh
|
||||||
|
|
||||||
|
[vm_ovh]
|
||||||
|
ns-3.ovh.infra.auro.re
|
||||||
|
|
||||||
|
[vm_network:children]
|
||||||
|
vpn
|
||||||
|
edge
|
||||||
|
dhcp
|
||||||
|
dns
|
||||||
|
radiusng
|
||||||
|
ntp
|
||||||
|
#ldap
|
||||||
|
isp
|
||||||
|
infra
|
||||||
|
prom
|
||||||
|
ns
|
||||||
|
nsmaster
|
||||||
|
|
||||||
|
[nsmaster]
|
||||||
|
ns-master.int.infra.auro.re
|
||||||
|
|
||||||
|
[pve:children]
|
||||||
|
pve_network
|
||||||
|
pve_services
|
||||||
|
|
||||||
|
[pve_network]
|
||||||
|
network-1.pve.infra.auro.re ansible_ssh_host=10.209.1.1
|
||||||
|
network-2.pve.infra.auro.re
|
||||||
|
|
||||||
|
[pve_services]
|
||||||
|
services-[1:3].pve.infra.auro.re
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Aurore : main services
|
# Aurore : main services
|
||||||
|
@ -69,6 +164,7 @@ switchs-manager.adm.auro.re
|
||||||
ldap-replica-ovh.adm.auro.re
|
ldap-replica-ovh.adm.auro.re
|
||||||
prometheus-ovh.adm.auro.re
|
prometheus-ovh.adm.auro.re
|
||||||
prometheus-federate.adm.auro.re
|
prometheus-federate.adm.auro.re
|
||||||
|
ns-2.auro.re
|
||||||
|
|
||||||
[ovh_testing_vm]
|
[ovh_testing_vm]
|
||||||
#re2o-test.adm.auro.re
|
#re2o-test.adm.auro.re
|
||||||
|
@ -89,15 +185,9 @@ dhcp-fleming.adm.auro.re
|
||||||
dhcp-fleming-backup.adm.auro.re
|
dhcp-fleming-backup.adm.auro.re
|
||||||
dns-fleming.adm.auro.re
|
dns-fleming.adm.auro.re
|
||||||
dns-fleming-backup.adm.auro.re
|
dns-fleming-backup.adm.auro.re
|
||||||
ntp-1.int.infra.auro.re
|
|
||||||
prometheus-fleming.adm.auro.re
|
prometheus-fleming.adm.auro.re
|
||||||
#prometheus-fleming-fo.adm.auro.re
|
ns-1.auro.re
|
||||||
radius-fleming.adm.auro.re
|
radius-fleming.adm.auro.re
|
||||||
dns-1.int.infra.auro.re
|
|
||||||
isp-1.rtr.infra.auro.re
|
|
||||||
isp-2.rtr.infra.auro.re
|
|
||||||
dhcp-1.isp.auro.re
|
|
||||||
dhcp-2.isp.auro.re
|
|
||||||
radius-fleming-backup.adm.auro.re
|
radius-fleming-backup.adm.auro.re
|
||||||
unifi-fleming.adm.auro.re
|
unifi-fleming.adm.auro.re
|
||||||
routeur-fleming.adm.auro.re
|
routeur-fleming.adm.auro.re
|
||||||
|
@ -505,13 +595,13 @@ rives_unifi
|
||||||
ovh_container
|
ovh_container
|
||||||
|
|
||||||
# every virtual machine
|
# every virtual machine
|
||||||
[vm:children]
|
#[vm:children]
|
||||||
ovh_vm
|
#ovh_vm
|
||||||
fleming_vm
|
#fleming_vm
|
||||||
pacaterie_vm
|
#pacaterie_vm
|
||||||
edc_vm
|
#edc_vm
|
||||||
gs_vm
|
#gs_vm
|
||||||
rives_vm
|
#rives_vm
|
||||||
|
|
||||||
# every server
|
# every server
|
||||||
[server:children]
|
[server:children]
|
||||||
|
@ -519,13 +609,13 @@ fleming_server
|
||||||
edc_server
|
edc_server
|
||||||
|
|
||||||
# every PVE
|
# every PVE
|
||||||
[pve:children]
|
#[pve:children]
|
||||||
ovh_pve
|
#ovh_pve
|
||||||
fleming_pve
|
#fleming_pve
|
||||||
pacaterie_pve
|
#pacaterie_pve
|
||||||
edc_pve
|
#edc_pve
|
||||||
gs_pve
|
#gs_pve
|
||||||
rives_pve
|
#rives_pve
|
||||||
|
|
||||||
# every unifi
|
# every unifi
|
||||||
[unifi:children]
|
[unifi:children]
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
# Put a common configuration on all servers
|
- hosts:
|
||||||
- hosts: all,!unifi
|
- pve
|
||||||
|
- vm
|
||||||
roles:
|
roles:
|
||||||
- baseconfig
|
- base_utils
|
||||||
- basesecurity
|
- unattended_upgrades
|
||||||
- ldap_client
|
...
|
||||||
- logrotate
|
|
||||||
- update_motd
|
|
||||||
|
|
484
playbooks/bird.yml
Executable file
484
playbooks/bird.yml
Executable file
|
@ -0,0 +1,484 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- infra
|
||||||
|
- isp
|
||||||
|
- vpn
|
||||||
|
roles:
|
||||||
|
- bird
|
||||||
|
|
||||||
|
#- hosts:
|
||||||
|
# - isp-1.back.infra.auro.re
|
||||||
|
# - isp-2.back.infra.auro.re
|
||||||
|
# vars:
|
||||||
|
# bird__router_ids:
|
||||||
|
# isp-1.back.infra.auro.re: 10.203.1.5
|
||||||
|
# isp-2.back.infra.auro.re: 10.203.1.6
|
||||||
|
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||||
|
# bird__radv_interfaces:
|
||||||
|
# client0:
|
||||||
|
# prefix:
|
||||||
|
# - 2a09:6841::/64
|
||||||
|
# domain_search:
|
||||||
|
# - client0.isp.auro.re
|
||||||
|
# client1:
|
||||||
|
# prefix:
|
||||||
|
# - 2a09:6841:0:1::/64
|
||||||
|
# domain_search:
|
||||||
|
# - client1.isp.auro.re
|
||||||
|
# client2:
|
||||||
|
# prefix:
|
||||||
|
# - 2a09:6841:0:2::/64
|
||||||
|
# domain_search:
|
||||||
|
# - client2.isp.auro.re
|
||||||
|
# client3:
|
||||||
|
# prefix:
|
||||||
|
# - 2a09:6841:0:3::/64
|
||||||
|
# domain_search:
|
||||||
|
# - client3.isp.auro.re
|
||||||
|
# client4:
|
||||||
|
# prefix:
|
||||||
|
# - 2a09:6841:0:400::/64
|
||||||
|
# domain_search:
|
||||||
|
# - client4.isp.auro.re
|
||||||
|
# bird__radv_dns_servers:
|
||||||
|
# - 2a09:6840:128::10:103
|
||||||
|
# - 2a09:6840:128::10:3
|
||||||
|
# bird__asn:
|
||||||
|
# aurore: 43619
|
||||||
|
# bird__bgp_addresses:
|
||||||
|
# isp-1.back.infra.auro.re:
|
||||||
|
# - 2a09:6840:203::1:5
|
||||||
|
# - 10.203.1.5
|
||||||
|
# isp-2.back.infra.auro.re:
|
||||||
|
# - 2a09:6840:203::1:6
|
||||||
|
# - 10.203.1.6
|
||||||
|
# bird__bgp_sessions:
|
||||||
|
# edge1:
|
||||||
|
# local:
|
||||||
|
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 2a09:6840:203::1:1
|
||||||
|
# - 10.203.1.1
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# import:
|
||||||
|
# - accept: true
|
||||||
|
# export:
|
||||||
|
# - accept: false
|
||||||
|
# edge2:
|
||||||
|
# local:
|
||||||
|
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 2a09:6840:203::1:2
|
||||||
|
# - 10.203.1.2
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# import:
|
||||||
|
# - accept: true
|
||||||
|
# export:
|
||||||
|
# - accept: false
|
||||||
|
# bird__ospf_broadcast_interfaces:
|
||||||
|
# back0: null
|
||||||
|
# bird__ospf_stub_interfaces:
|
||||||
|
# - client0
|
||||||
|
# - client1
|
||||||
|
# - client2
|
||||||
|
# - client3
|
||||||
|
# - client4
|
||||||
|
# roles:
|
||||||
|
# - bird
|
||||||
|
|
||||||
|
|
||||||
|
#- hosts:
|
||||||
|
# - infra-1.back.infra.auro.re
|
||||||
|
# - infra-2.back.infra.auro.re
|
||||||
|
# vars:
|
||||||
|
# bird__router_ids:
|
||||||
|
# infra-1.back.infra.auro.re: 10.203.1.3
|
||||||
|
# infra-2.back.infra.auro.re: 10.203.1.4
|
||||||
|
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||||
|
# bird__ospf_broadcast_interfaces:
|
||||||
|
# back0: null
|
||||||
|
# bird__ospf_stub_interfaces:
|
||||||
|
# - monit0
|
||||||
|
# - wifi0
|
||||||
|
# - int0
|
||||||
|
# - pub0
|
||||||
|
# - bmc0
|
||||||
|
# - pve0
|
||||||
|
# - isp0
|
||||||
|
# - mgmt0
|
||||||
|
# bird__asn:
|
||||||
|
# aurore: 43619
|
||||||
|
# bird__bgp_addresses:
|
||||||
|
# infra-1.back.infra.auro.re:
|
||||||
|
# - 2a09:6840:203::1:3
|
||||||
|
# - 10.203.1.3
|
||||||
|
# infra-2.back.infra.auro.re:
|
||||||
|
# - 2a09:6840:203::1:4
|
||||||
|
# - 10.203.1.4
|
||||||
|
# bird__bgp_sessions:
|
||||||
|
# edge1:
|
||||||
|
# local:
|
||||||
|
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 2a09:6840:203::1:1
|
||||||
|
# - 10.203.1.1
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# import:
|
||||||
|
# - accept: true
|
||||||
|
# export:
|
||||||
|
# - accept: false
|
||||||
|
# edge2:
|
||||||
|
# local:
|
||||||
|
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
## address:
|
||||||
|
# - 2a09:6840:203::1:2
|
||||||
|
# - 10.203.1.2
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# import:
|
||||||
|
# - accept: true
|
||||||
|
# export:
|
||||||
|
# - accept: false
|
||||||
|
# roles:
|
||||||
|
# - bird
|
||||||
|
|
||||||
|
#- hosts:
|
||||||
|
# - edge-1.back.infra.auro.re
|
||||||
|
# - edge-2.back.infra.auro.re
|
||||||
|
# vars:
|
||||||
|
# bird__router_ids:
|
||||||
|
# edge-1.back.infra.auro.re: 10.203.1.1
|
||||||
|
# edge-2.back.infra.auro.re: 10.203.1.2
|
||||||
|
# bird__asn:
|
||||||
|
# aurore: 43619
|
||||||
|
# crans: 204515
|
||||||
|
# zayo: 8218
|
||||||
|
# viarezo: 212424
|
||||||
|
# rezel: 199116
|
||||||
|
# bird__orig_prefixes:
|
||||||
|
# aurore:
|
||||||
|
# - 45.66.108.0/22
|
||||||
|
# - 2a09:6840::/32
|
||||||
|
# - 2a09:6841::/32
|
||||||
|
# - 2a09:6842::/32
|
||||||
|
# crans:
|
||||||
|
# - 185.230.76.0/22
|
||||||
|
# - 2a0c:700::/32
|
||||||
|
# viarezo:
|
||||||
|
# - 138.195.144.0/20
|
||||||
|
# - 192.159.121.0/24
|
||||||
|
# - 2a0c:b641:2f0::/44
|
||||||
|
# rezel:
|
||||||
|
# - 137.194.8.0/22
|
||||||
|
# - 2a09:6847::/32
|
||||||
|
# martians:
|
||||||
|
# - 10.0.0.0/8
|
||||||
|
# - 172.16.0.0/12
|
||||||
|
# - 192.168.0.0/16
|
||||||
|
# - 100.64.0.0/10
|
||||||
|
# - 127.0.0.0/8
|
||||||
|
# - 169.254.0.0/16
|
||||||
|
# - 192.0.0.0/24
|
||||||
|
# - 192.0.2.0/24
|
||||||
|
# - 198.18.0.0/15
|
||||||
|
# - 198.51.100.0/24
|
||||||
|
# - 203.0.113.0/24
|
||||||
|
# - 224.0.0.0/4
|
||||||
|
# - 240.0.0.0/4
|
||||||
|
# - ::/128
|
||||||
|
# - ::1/128
|
||||||
|
# - ::ffff:0:0/96
|
||||||
|
# - ::/96
|
||||||
|
# - 100::/64
|
||||||
|
# - 2001:10::/28
|
||||||
|
# - 2001:db8::/32
|
||||||
|
# - fc00::/7
|
||||||
|
# - fe80::/10
|
||||||
|
# - fec0::/10
|
||||||
|
# - ff00::/8
|
||||||
|
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||||
|
# bird__bgp_addresses:
|
||||||
|
# edge:
|
||||||
|
# edge-1.back.infra.auro.re:
|
||||||
|
# - 2a09:6840:203::1:1
|
||||||
|
# - 10.203.1.1
|
||||||
|
# edge-2.back.infra.auro.re:
|
||||||
|
# - 2a09:6840:203::1:2
|
||||||
|
# - 10.203.1.2
|
||||||
|
# legacy:
|
||||||
|
# edge-1.back.infra.auro.re:
|
||||||
|
# - 2a09:6840:129::10:2
|
||||||
|
# - 10.129.10.2
|
||||||
|
# edge-2.back.infra.auro.re:
|
||||||
|
# - 2a09:6840:129::10:102
|
||||||
|
# - 10.129.10.102
|
||||||
|
# rezel:
|
||||||
|
# edge-1.back.infra.auro.re:
|
||||||
|
# - 2a09:6842:19:9116::1
|
||||||
|
# - 45.66.111.1
|
||||||
|
# edge-2.back.infra.auro.re:
|
||||||
|
# - 2a09:6842:19:9116::3
|
||||||
|
# - 45.66.111.3
|
||||||
|
# bird__bgp_sessions:
|
||||||
|
# edge:
|
||||||
|
# local:
|
||||||
|
# address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address: "{{ bird__bgp_addresses.edge
|
||||||
|
# | dict2items
|
||||||
|
# | selectattr('key', '!=', inventory_hostname)
|
||||||
|
# | map(attribute='value')
|
||||||
|
# | first }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# import:
|
||||||
|
# - accept: true
|
||||||
|
# export:
|
||||||
|
# - local_pref: 75
|
||||||
|
# accept: true
|
||||||
|
# vpn1:
|
||||||
|
# local:
|
||||||
|
# address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 2a09:6840:203::1:7
|
||||||
|
# - 10.203.1.7
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# import:
|
||||||
|
# - accept: false
|
||||||
|
# export:
|
||||||
|
# - accept: true
|
||||||
|
# vpn2:
|
||||||
|
# local:
|
||||||
|
# address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 2a09:6840:203::1:8
|
||||||
|
# - 10.203.1.8
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# import:
|
||||||
|
# - accept: false
|
||||||
|
# export:
|
||||||
|
# - accept: false
|
||||||
|
# legacy:
|
||||||
|
# next_hop_self: true
|
||||||
|
# local:
|
||||||
|
# address: "{{ bird__bgp_addresses.legacy[inventory_hostname] }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 2a09:6840:129::240
|
||||||
|
# - 10.129.0.240
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# import:
|
||||||
|
# - accept: false
|
||||||
|
# export:
|
||||||
|
# - bgp_proto:
|
||||||
|
# - crans
|
||||||
|
# - zayo
|
||||||
|
# - rezel1
|
||||||
|
# - rezel2
|
||||||
|
# accept: true
|
||||||
|
# - accept: false
|
||||||
|
# zayo:
|
||||||
|
# local:
|
||||||
|
# address:
|
||||||
|
# - 83.167.52.69
|
||||||
|
# - 2001:1b48:2:103::d7:2
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 83.167.52.68
|
||||||
|
# - 2001:1b48:2:103::d7:1
|
||||||
|
# as: "{{ bird__asn.zayo }}"
|
||||||
|
# import:
|
||||||
|
# - prefix: "{{ bird__orig_prefixes.martians }}"
|
||||||
|
# sub: true
|
||||||
|
# accept: false
|
||||||
|
# - accept: true
|
||||||
|
# export:
|
||||||
|
# - prefix: "{{ ['aurore', 'crans', 'viarezo', 'rezel']
|
||||||
|
# | map('extract', bird__orig_prefixes)
|
||||||
|
# | flatten }}"
|
||||||
|
# sub: true
|
||||||
|
# accept: true
|
||||||
|
## - accept: false
|
||||||
|
# crans:
|
||||||
|
# local:
|
||||||
|
# address:
|
||||||
|
# - 185.230.79.254
|
||||||
|
# - 2a0c:700:28::2
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 185.230.79.253
|
||||||
|
# - 2a0c:700:28::1
|
||||||
|
# as: "{{ bird__asn.crans }}"
|
||||||
|
# import:
|
||||||
|
# - prefix: "{{ bird__orig_prefixes.crans }}"
|
||||||
|
# sub: true
|
||||||
|
# accept: true
|
||||||
|
# - accept: false
|
||||||
|
# export:
|
||||||
|
# - bgp_proto:
|
||||||
|
# - viarezo
|
||||||
|
# - rezel1
|
||||||
|
# - rezel2
|
||||||
|
# - zayo
|
||||||
|
# accept: true
|
||||||
|
# - prefix: "{{ bird__orig_prefixes.aurore }}"
|
||||||
|
# sub: true
|
||||||
|
# accept: true
|
||||||
|
# - accept: false
|
||||||
|
# rezel1:
|
||||||
|
# local:
|
||||||
|
# address: "{{ bird__bgp_addresses.rezel[inventory_hostname] }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 2a09:6842:19:9116::2
|
||||||
|
# - 45.66.111.2
|
||||||
|
# as: "{{ bird__asn.rezel }}"
|
||||||
|
# import:
|
||||||
|
# - prefix: "{{ bird__orig_prefixes.rezel }}"
|
||||||
|
# sub: true
|
||||||
|
# accept: true
|
||||||
|
# - accept: false
|
||||||
|
# export:
|
||||||
|
# - bgp_proto:
|
||||||
|
# - edge
|
||||||
|
# - viarezo
|
||||||
|
# - crans
|
||||||
|
# - zayo
|
||||||
|
# accept: true
|
||||||
|
# - prefix: "{{ bird__orig_prefixes.aurore }}"
|
||||||
|
# sub: true
|
||||||
|
# accept: true
|
||||||
|
# - accept: false
|
||||||
|
# rezel2:
|
||||||
|
# local:
|
||||||
|
# address: "{{ bird__bgp_addresses.rezel[inventory_hostname] }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 2a09:6842:19:9116::4
|
||||||
|
# - 45.66.111.4
|
||||||
|
# as: "{{ bird__asn.rezel }}"
|
||||||
|
# import:
|
||||||
|
# - local_pref: 75
|
||||||
|
# - prefix: "{{ bird__orig_prefixes.rezel }}"
|
||||||
|
# sub: true
|
||||||
|
# accept: true
|
||||||
|
# - accept: false
|
||||||
|
# export:
|
||||||
|
# - bgp_proto:
|
||||||
|
# - edge
|
||||||
|
# - viarezo
|
||||||
|
# - crans
|
||||||
|
# - zayo
|
||||||
|
# accept: true
|
||||||
|
# - prefix: "{{ bird__orig_prefixes.aurore }}"
|
||||||
|
# sub: true
|
||||||
|
# accept: true
|
||||||
|
# - accept: false
|
||||||
|
# viarezo:
|
||||||
|
# local:
|
||||||
|
# address:
|
||||||
|
# - 192.159.121.134
|
||||||
|
# - 2a0c:b641:2ff::6
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 192.159.121.133
|
||||||
|
# - 2a0c:b641:2ff::5
|
||||||
|
# as: "{{ bird__asn.viarezo }}"
|
||||||
|
# import:
|
||||||
|
# - prefix: "{{ bird__orig_prefixes.martians }}"
|
||||||
|
# accept: false
|
||||||
|
# - prefix: "{{ bird__orig_prefixes.viarezo }}"
|
||||||
|
# sub: true
|
||||||
|
# negate: true
|
||||||
|
# local_pref: 50
|
||||||
|
# - accept: true
|
||||||
|
# export:
|
||||||
|
# - prefix: "{{ bird__orig_prefixes.aurore }}"
|
||||||
|
# as_prepend:
|
||||||
|
# asn: "{{ bird__asn.aurore }}"
|
||||||
|
# size: 5
|
||||||
|
# - bgp_proto:
|
||||||
|
# - crans
|
||||||
|
# - zayo
|
||||||
|
# accept: true
|
||||||
|
# - accept: false
|
||||||
|
# bird__ospf_broadcast_interfaces:
|
||||||
|
# back0: null
|
||||||
|
# bird__ospf_stub_interfaces:
|
||||||
|
# - crans0
|
||||||
|
# - zayo0
|
||||||
|
# - rezel0
|
||||||
|
# - viarezo0
|
||||||
|
# bird__static_unreachable: "{{ bird__orig_prefixes.aurore }}"
|
||||||
|
# roles:
|
||||||
|
# - bird
|
||||||
|
|
||||||
|
#- hosts:
|
||||||
|
# - vpn-1.back.infra.auro.re
|
||||||
|
# - vpn-2.back.infra.auro.re
|
||||||
|
# vars:
|
||||||
|
# bird__asn:
|
||||||
|
# aurore: 43619
|
||||||
|
# bird__router_ids:
|
||||||
|
# vpn-1.back.infra.auro.re: 10.203.1.7
|
||||||
|
# vpn-2.back.infra.auro.re: 10.203.1.8
|
||||||
|
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||||
|
# bird__bgp_addresses:
|
||||||
|
# vpn-1.back.infra.auro.re:
|
||||||
|
# - 2a09:6840:203::1:7
|
||||||
|
# - 10.203.1.7
|
||||||
|
# vpn-2.back.infra.auro.re:
|
||||||
|
# - 2a09:6840:203::1:8
|
||||||
|
# - 10.203.1.8
|
||||||
|
# bird__bgp_sessions:
|
||||||
|
# edge1:
|
||||||
|
# local:
|
||||||
|
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 2a09:6840:203::1:1
|
||||||
|
# - 10.203.1.1
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# import:
|
||||||
|
# - accept: true
|
||||||
|
# export:
|
||||||
|
# - accept: false
|
||||||
|
# edge2:
|
||||||
|
# local:
|
||||||
|
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# remote:
|
||||||
|
# address:
|
||||||
|
# - 2a09:6840:203::1:2
|
||||||
|
# - 10.203.1.2
|
||||||
|
# as: "{{ bird__asn.aurore }}"
|
||||||
|
# import:
|
||||||
|
# - accept: true
|
||||||
|
# export:
|
||||||
|
# - accept: false
|
||||||
|
# bird__ospf_broadcast_interfaces:
|
||||||
|
# back0: null
|
||||||
|
# bird__ospf_stub_interfaces:
|
||||||
|
## - wg0
|
||||||
|
# roles:
|
||||||
|
# - bird
|
||||||
|
...
|
7
playbooks/caddy.yml
Executable file
7
playbooks/caddy.yml
Executable file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- proxy.pub.infra.auro.re
|
||||||
|
roles:
|
||||||
|
- caddy
|
||||||
|
...
|
|
@ -1,27 +1,10 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts:
|
- hosts:
|
||||||
- ntp-1.int.infra.auro.re
|
- pve_network
|
||||||
vars:
|
- vm_network
|
||||||
chronyd__allow_networks:
|
- vm_services
|
||||||
- 10.128.0.0/16
|
- ntp
|
||||||
- 2a09:6840:128::/48
|
|
||||||
chronyd__pools:
|
|
||||||
- 0.pool.ntp.org
|
|
||||||
- 1.pool.ntp.org
|
|
||||||
- 2.pool.ntp.org
|
|
||||||
- 3.pool.ntp.org
|
|
||||||
chronyd__local_stratum: 10
|
|
||||||
roles:
|
|
||||||
- chronyd
|
|
||||||
|
|
||||||
- hosts:
|
|
||||||
- all
|
|
||||||
- "!ntp-1.int.infra.auro.re"
|
|
||||||
- "!unifi"
|
|
||||||
vars:
|
|
||||||
chronyd__pools:
|
|
||||||
- ntp-1.int.infra.auro.re
|
|
||||||
roles:
|
roles:
|
||||||
- chronyd
|
- chronyd
|
||||||
...
|
...
|
||||||
|
|
7
playbooks/collabora.yml
Executable file
7
playbooks/collabora.yml
Executable file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- collabora.ext.infra.auro.re
|
||||||
|
roles:
|
||||||
|
- collabora
|
||||||
|
...
|
7
playbooks/dhcpd.yml
Executable file
7
playbooks/dhcpd.yml
Executable file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- dhcp
|
||||||
|
roles:
|
||||||
|
- dhcpd
|
||||||
|
...
|
8
playbooks/firewall.yml
Executable file
8
playbooks/firewall.yml
Executable file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- infra
|
||||||
|
- isp
|
||||||
|
roles:
|
||||||
|
- firewall
|
||||||
|
...
|
7
playbooks/freeradius.yml
Executable file
7
playbooks/freeradius.yml
Executable file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- radius
|
||||||
|
roles:
|
||||||
|
- freeradius
|
||||||
|
...
|
|
@ -17,8 +17,9 @@
|
||||||
bind_password: "{{ vault_ldap_grafana_password }}"
|
bind_password: "{{ vault_ldap_grafana_password }}"
|
||||||
search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
|
search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
|
||||||
group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
|
group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
|
||||||
editors_group_dn:
|
admins_group_dn:
|
||||||
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
|
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
|
||||||
|
editors_group_dn:
|
||||||
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
|
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
|
||||||
update_motd:
|
update_motd:
|
||||||
grafana: Grafana est déployé (/etc/grafana).
|
grafana: Grafana est déployé (/etc/grafana).
|
||||||
|
|
8
playbooks/hostname.yml
Executable file
8
playbooks/hostname.yml
Executable file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- vm
|
||||||
|
- pve
|
||||||
|
roles:
|
||||||
|
- hostname
|
||||||
|
...
|
|
@ -1,213 +1,7 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts:
|
- hosts:
|
||||||
- ntp-1.int.infra.auro.re
|
- vm
|
||||||
- dns-1.int.infra.auro.re
|
|
||||||
- dhcp-1.isp.auro.re
|
|
||||||
- dhcp-2.isp.auro.re
|
|
||||||
- isp-1.rtr.infra.auro.re
|
|
||||||
- isp-2.rtr.infra.auro.re
|
|
||||||
vars:
|
|
||||||
# TODO: netbox
|
|
||||||
ifupdown2__hosts:
|
|
||||||
ntp-1.int.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::203/56
|
|
||||||
- 10.128.0.203/16
|
|
||||||
dns-1.int.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::127/56
|
|
||||||
- 10.128.0.127/16
|
|
||||||
dhcp-1.isp.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::204/56
|
|
||||||
- 10.128.0.204/16
|
|
||||||
ens19: null
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
client-0:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.2/27
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-1:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.34/27
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-2:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.66/27
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-3:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.98/27
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-4:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.130/27
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
dhcp-2.isp.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::91/56
|
|
||||||
- 10.128.0.91/16
|
|
||||||
ens19: null
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
client-0:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.3/27
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-1:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.35/27
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-2:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.67/27
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-3:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.99/27
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-4:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.131/27
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
isp-1.rtr.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::255/56
|
|
||||||
- 10.128.0.255/16
|
|
||||||
ens19: null
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
bridge_disable_pvid: true
|
|
||||||
forward: true
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-0:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-1:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-2:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-3:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-4:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
isp-2.rtr.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::158/56
|
|
||||||
- 10.128.0.158/16
|
|
||||||
ens19: null
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
client-0:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-1:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-2:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-3:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-4:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
|
|
||||||
roles:
|
roles:
|
||||||
- ifupdown2
|
- ifupdown2
|
||||||
|
|
||||||
- hosts:
|
|
||||||
- ntp-1.int.infra.auro.re
|
|
||||||
- dns-1.int.infra.auro.re
|
|
||||||
- dhcp-1.isp.auro.re
|
|
||||||
- dhcp-2.isp.auro.re
|
|
||||||
- isp-1.rtr.infra.auro.re
|
|
||||||
- isp-2.rtr.infra.auro.re
|
|
||||||
vars:
|
|
||||||
resolvconf__nameservers:
|
|
||||||
- 2a09:6840:128::127
|
|
||||||
- 10.128.0.127
|
|
||||||
resolvconf__domain: auro.re
|
|
||||||
resolvconf__search:
|
|
||||||
- "{{ inventory_hostname | remove_domain_suffix }}"
|
|
||||||
- auro.re
|
|
||||||
roles:
|
|
||||||
- resolvconf
|
|
||||||
...
|
...
|
||||||
|
|
10
playbooks/ip_forward.yml
Executable file
10
playbooks/ip_forward.yml
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- edge
|
||||||
|
- infra
|
||||||
|
- isp
|
||||||
|
- vpn
|
||||||
|
roles:
|
||||||
|
- ip_forward
|
||||||
|
...
|
10
playbooks/iproute2.yml
Executable file
10
playbooks/iproute2.yml
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- edge
|
||||||
|
- isp
|
||||||
|
- infra
|
||||||
|
- vpn
|
||||||
|
roles:
|
||||||
|
- iproute2
|
||||||
|
...
|
|
@ -1,9 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts: dhcp-*.adm.auro.re
|
|
||||||
vars:
|
|
||||||
update_motd:
|
|
||||||
unbound: isc-dhcp-server est déployé.
|
|
||||||
roles:
|
|
||||||
- isc_dhcp_server
|
|
||||||
- update_motd
|
|
|
@ -1,32 +1,9 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts:
|
- hosts:
|
||||||
- isp-1.rtr.infra.auro.re
|
- isp
|
||||||
- isp-2.rtr.infra.auro.re
|
- edge
|
||||||
vars:
|
- infra
|
||||||
keepalived__virtual_router_id: 80
|
|
||||||
keepalived__interface: ens18
|
|
||||||
keepalived__virtual_addresses:
|
|
||||||
client-0:
|
|
||||||
- 100.64.0.1/27
|
|
||||||
- 2a09:6841::/56
|
|
||||||
- fe80::1/10
|
|
||||||
client-1:
|
|
||||||
- 100.64.0.33/27
|
|
||||||
- 2a09:6841:0:100::/56
|
|
||||||
- fe80::1/10
|
|
||||||
client-2:
|
|
||||||
- 100.64.0.65/27
|
|
||||||
- 2a09:6841:0:100::/56
|
|
||||||
- fe80::1/10
|
|
||||||
client-3:
|
|
||||||
- 100.64.0.97/27
|
|
||||||
- 2a09:6841:0:200::/56
|
|
||||||
- fe80::1/10
|
|
||||||
client-4:
|
|
||||||
- 100.64.0.129/27
|
|
||||||
- 2a09:6841:0:300::/56
|
|
||||||
- fe80::1/10
|
|
||||||
roles:
|
roles:
|
||||||
- keepalived
|
- keepalived
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles: []
|
|
||||||
|
|
||||||
# WIP: Deploy authoritative DNS servers
|
|
||||||
# - hosts: authoritative_dns
|
|
||||||
# vars:
|
|
||||||
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
|
|
||||||
# service_name: dns
|
|
||||||
# service_version: crans
|
|
||||||
# service_config:
|
|
||||||
# hostname: re2o-server.adm.auro.re
|
|
||||||
# username: service-user
|
|
||||||
# password: "{{ vault_serviceuser_passwd }}"
|
|
||||||
# roles:
|
|
||||||
# - re2o_service
|
|
8
playbooks/knotd.yml
Executable file
8
playbooks/knotd.yml
Executable file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- ns-master.int.infra.auro.re
|
||||||
|
- ns
|
||||||
|
roles:
|
||||||
|
- knotd
|
||||||
|
...
|
6
playbooks/kresd.yml
Executable file
6
playbooks/kresd.yml
Executable file
|
@ -0,0 +1,6 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: dns
|
||||||
|
roles:
|
||||||
|
- kresd
|
||||||
|
...
|
8
playbooks/locales.yml
Executable file
8
playbooks/locales.yml
Executable file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- pve
|
||||||
|
- vm
|
||||||
|
roles:
|
||||||
|
- locales
|
||||||
|
...
|
8
playbooks/mail.yml
Executable file
8
playbooks/mail.yml
Executable file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- vm_test
|
||||||
|
roles:
|
||||||
|
- postfix
|
||||||
|
- dovecot
|
||||||
|
...
|
10
playbooks/openssh.yml
Executable file
10
playbooks/openssh.yml
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- pve_network
|
||||||
|
- vm_test
|
||||||
|
- vm_services
|
||||||
|
- vm_network
|
||||||
|
roles:
|
||||||
|
- openssh_server
|
||||||
|
...
|
|
@ -1,241 +1,228 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts: prometheus-fleming.adm.auro.re
|
- hosts:
|
||||||
vars:
|
- pve
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
- vm
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets: |
|
|
||||||
{{ groups['fleming_unifi'] | list | sort }}
|
|
||||||
prometheus_ilo_snmp_targets: |
|
|
||||||
{{ groups['fleming_ilo'] | list | sort }}
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration fleming) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-pacaterie.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets: |
|
|
||||||
{{ groups['pacaterie_unifi'] | list | sort }}
|
|
||||||
prometheus_ups_snmp_targets:
|
|
||||||
- ups-pn-1.ups.auro.re
|
|
||||||
- ups-ps-1.ups.auro.re
|
|
||||||
prometheus_ilo_snmp_targets: |
|
|
||||||
{{ groups['pacaterie_ilo'] | list | sort }}
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-edc.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_ups_snmp_targets:
|
|
||||||
- ups-ec-1.ups.auro.re
|
|
||||||
# - ups-ec-2.ups.auro.re
|
|
||||||
- ups-ec-3.ups.auro.re
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets: |
|
|
||||||
{{ groups['edc_unifi'] | list | sort }}
|
|
||||||
prometheus_ilo_snmp_targets: |
|
|
||||||
{{ groups['edc_ilo'] | list | sort }}
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration edc) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-gs.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets: |
|
|
||||||
{{ groups['gs_unifi'] | list | sort }}
|
|
||||||
prometheus_ups_snmp_targets:
|
|
||||||
- ups-gk-1.ups.auro.re
|
|
||||||
prometheus_apc_pdu_snmp_targets:
|
|
||||||
- pdu-ga-1.ups.auro.re
|
|
||||||
prometheus_ilo_snmp_targets: |
|
|
||||||
{{ groups['gs_ilo'] | list | sort }}
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration gs) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-rives.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_ups_snmp_targets:
|
|
||||||
- ups-r3-1.ups.auro.re
|
|
||||||
- ups-r1-1.ups.auro.re
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets: |
|
|
||||||
{{ groups['rives_unifi'] | list | sort }}
|
|
||||||
prometheus_ilo_snmp_targets: |
|
|
||||||
{{ groups['rives_ilo'] | list | sort }}
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration rives) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-aurore.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
|
|
||||||
prometheus_postgresql_targets: |
|
|
||||||
{{ groups['bdd'] + groups['radius'] | list | sort }}
|
|
||||||
prometheus_switch_snmp_targets:
|
|
||||||
- yggdrasil.switch.auro.re
|
|
||||||
- sw-pn-serveurs.switch.auro.re
|
|
||||||
- sw-ec-serveurs.switch.auro.re
|
|
||||||
- sw-gk-serveurs.switch.auro.re
|
|
||||||
- sw-fl-serveurs.switch.auro.re
|
|
||||||
- sw-ff-uplink.switch.auro.re
|
|
||||||
- sw-fl-core.switch.auro.re
|
|
||||||
- sw-fd-vcore.switch.auro.re
|
|
||||||
- sw-fl-vcore.switch.auro.re
|
|
||||||
- sw-ff-vcore.switch.auro.re
|
|
||||||
- sw-pn-core.switch.auro.re
|
|
||||||
- sw-ec-core.switch.auro.re
|
|
||||||
- sw-gk-core.switch.auro.re
|
|
||||||
- sw-r3-core.switch.auro.re
|
|
||||||
prometheus_ilo_snmp_targets: |
|
|
||||||
{{ groups['aurore_ilo'] | list | sort }}
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration aurore) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-ovh.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
|
||||||
prometheus_postgresql_targets:
|
|
||||||
- bdd-ovh.adm.auro.re
|
|
||||||
prometheus_docker_targets:
|
|
||||||
- docker-ovh.adm.auro.re
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration ovh) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-federate.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_servers_targets:
|
|
||||||
- prometheus-edc.adm.auro.re
|
|
||||||
- prometheus-gs.adm.auro.re
|
|
||||||
- prometheus-fleming.adm.auro.re
|
|
||||||
- prometheus-pacaterie.adm.auro.re
|
|
||||||
- prometheus-rives.adm.auro.re
|
|
||||||
- prometheus-aurore.adm.auro.re
|
|
||||||
- prometheus-ovh.adm.auro.re
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus_federate: >-
|
|
||||||
Prometheus (en configuration fédération) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus_federate
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
# Postgres Exporters
|
|
||||||
- hosts: bdd,radius
|
|
||||||
roles:
|
|
||||||
- prometheus_postgres
|
|
||||||
|
|
||||||
# Monitor all hosts
|
|
||||||
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
|
|
||||||
roles:
|
roles:
|
||||||
- prometheus_node
|
- prometheus_node
|
||||||
|
|
||||||
|
- hosts:
|
||||||
|
- router
|
||||||
|
roles:
|
||||||
|
- prometheus_keepalived
|
||||||
|
- prometheus_bird
|
||||||
|
|
||||||
|
- hosts:
|
||||||
|
- prom
|
||||||
|
roles:
|
||||||
|
- prometheus_snmp
|
||||||
|
- prometheus
|
||||||
|
|
||||||
|
#- hosts: prometheus-fleming.adm.auro.re
|
||||||
|
# vars:
|
||||||
|
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
# snmp_ilo_user: aurore
|
||||||
|
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
#
|
||||||
|
# prometheus_servers_targets: |
|
||||||
|
# {{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
||||||
|
# prometheus_unifi_snmp_targets: |
|
||||||
|
# {{ groups['fleming_unifi'] | list | sort }}
|
||||||
|
# prometheus_ilo_snmp_targets: |
|
||||||
|
# {{ groups['fleming_ilo'] | list | sort }}
|
||||||
|
#
|
||||||
|
# update_motd:
|
||||||
|
# prometheus: >-
|
||||||
|
# Prometheus (en configuration fleming) est déployé (/etc/prometheus).
|
||||||
|
# roles:
|
||||||
|
# - prometheus
|
||||||
|
# - update_motd
|
||||||
|
#
|
||||||
|
#- hosts: prometheus-pacaterie.adm.auro.re
|
||||||
|
# vars:
|
||||||
|
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
# snmp_ilo_user: aurore
|
||||||
|
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
#
|
||||||
|
# prometheus_servers_targets: |
|
||||||
|
# {{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
|
||||||
|
# prometheus_unifi_snmp_targets: |
|
||||||
|
# {{ groups['pacaterie_unifi'] | list | sort }}
|
||||||
|
# prometheus_ups_snmp_targets:
|
||||||
|
# - ups-pn-1.ups.auro.re
|
||||||
|
# - ups-ps-1.ups.auro.re
|
||||||
|
# prometheus_ilo_snmp_targets: |
|
||||||
|
# {{ groups['pacaterie_ilo'] | list | sort }}
|
||||||
|
#
|
||||||
|
# update_motd:
|
||||||
|
# prometheus: >-
|
||||||
|
# Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
|
||||||
|
# roles:
|
||||||
|
# - prometheus
|
||||||
|
# - update_motd
|
||||||
|
#
|
||||||
|
#- hosts: prometheus-edc.adm.auro.re
|
||||||
|
# vars:
|
||||||
|
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
# snmp_ilo_user: aurore
|
||||||
|
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
#
|
||||||
|
# prometheus_ups_snmp_targets:
|
||||||
|
# - ups-ec-1.ups.auro.re
|
||||||
|
# # - ups-ec-2.ups.auro.re
|
||||||
|
# - ups-ec-3.ups.auro.re
|
||||||
|
# prometheus_servers_targets: |
|
||||||
|
# {{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
|
||||||
|
# prometheus_unifi_snmp_targets: |
|
||||||
|
# {{ groups['edc_unifi'] | list | sort }}
|
||||||
|
# prometheus_ilo_snmp_targets: |
|
||||||
|
# {{ groups['edc_ilo'] | list | sort }}
|
||||||
|
#
|
||||||
|
# update_motd:
|
||||||
|
# prometheus: >-
|
||||||
|
# Prometheus (en configuration edc) est déployé (/etc/prometheus).
|
||||||
|
# roles:
|
||||||
|
# - prometheus
|
||||||
|
# - update_motd
|
||||||
|
#
|
||||||
|
#- hosts: prometheus-gs.adm.auro.re
|
||||||
|
# vars:
|
||||||
|
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
# snmp_ilo_user: aurore
|
||||||
|
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
#
|
||||||
|
# prometheus_servers_targets: |
|
||||||
|
# {{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
|
||||||
|
# prometheus_unifi_snmp_targets: |
|
||||||
|
# {{ groups['gs_unifi'] | list | sort }}
|
||||||
|
# prometheus_ups_snmp_targets:
|
||||||
|
# - ups-gk-1.ups.auro.re
|
||||||
|
# prometheus_apc_pdu_snmp_targets:
|
||||||
|
# - pdu-ga-1.ups.auro.re
|
||||||
|
# prometheus_ilo_snmp_targets: |
|
||||||
|
# {{ groups['gs_ilo'] | list | sort }}
|
||||||
|
#
|
||||||
|
# update_motd:
|
||||||
|
# prometheus: >-
|
||||||
|
# Prometheus (en configuration gs) est déployé (/etc/prometheus).
|
||||||
|
# roles:
|
||||||
|
# - prometheus
|
||||||
|
# - update_motd
|
||||||
|
#
|
||||||
|
#- hosts: prometheus-rives.adm.auro.re
|
||||||
|
# vars:
|
||||||
|
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
# snmp_ilo_user: aurore
|
||||||
|
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
#
|
||||||
|
# prometheus_ups_snmp_targets:
|
||||||
|
# - ups-r3-1.ups.auro.re
|
||||||
|
# - ups-r1-1.ups.auro.re
|
||||||
|
# prometheus_servers_targets: |
|
||||||
|
# {{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
|
||||||
|
# prometheus_unifi_snmp_targets: |
|
||||||
|
# {{ groups['rives_unifi'] | list | sort }}
|
||||||
|
# prometheus_ilo_snmp_targets: |
|
||||||
|
# {{ groups['rives_ilo'] | list | sort }}
|
||||||
|
#
|
||||||
|
# update_motd:
|
||||||
|
# prometheus: >-
|
||||||
|
# Prometheus (en configuration rives) est déployé (/etc/prometheus).
|
||||||
|
# roles:
|
||||||
|
# - prometheus
|
||||||
|
# - update_motd
|
||||||
|
#
|
||||||
|
#- hosts: prometheus-aurore.adm.auro.re
|
||||||
|
# vars:
|
||||||
|
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
# snmp_ilo_user: aurore
|
||||||
|
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
#
|
||||||
|
# prometheus_servers_targets: |
|
||||||
|
# {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
|
||||||
|
# prometheus_postgresql_targets: |
|
||||||
|
# {{ groups['bdd'] + groups['radius'] | list | sort }}
|
||||||
|
# prometheus_switch_snmp_targets:
|
||||||
|
# - yggdrasil.switch.auro.re
|
||||||
|
# - sw-pn-serveurs.switch.auro.re
|
||||||
|
# - sw-ec-serveurs.switch.auro.re
|
||||||
|
# - sw-gk-serveurs.switch.auro.re
|
||||||
|
# - sw-fl-serveurs.switch.auro.re
|
||||||
|
# - sw-ff-uplink.switch.auro.re
|
||||||
|
# - sw-fl-core.switch.auro.re
|
||||||
|
# - sw-fd-vcore.switch.auro.re
|
||||||
|
# - sw-fl-vcore.switch.auro.re
|
||||||
|
# - sw-ff-vcore.switch.auro.re
|
||||||
|
# - sw-pn-core.switch.auro.re
|
||||||
|
# - sw-ec-core.switch.auro.re
|
||||||
|
# - sw-gk-core.switch.auro.re
|
||||||
|
# - sw-r3-core.switch.auro.re
|
||||||
|
# prometheus_ilo_snmp_targets: |
|
||||||
|
# {{ groups['aurore_ilo'] | list | sort }}
|
||||||
|
#
|
||||||
|
# update_motd:
|
||||||
|
# prometheus: >-
|
||||||
|
# Prometheus (en configuration aurore) est déployé (/etc/prometheus).
|
||||||
|
# roles:
|
||||||
|
# - prometheus
|
||||||
|
# - update_motd
|
||||||
|
#
|
||||||
|
#- hosts: prometheus-ovh.adm.auro.re
|
||||||
|
# vars:
|
||||||
|
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
# snmp_ilo_user: aurore
|
||||||
|
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
#
|
||||||
|
# prometheus_servers_targets: |
|
||||||
|
# {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
||||||
|
# prometheus_postgresql_targets:
|
||||||
|
# - bdd-ovh.adm.auro.re
|
||||||
|
# prometheus_docker_targets:
|
||||||
|
# - docker-ovh.adm.auro.re
|
||||||
|
#
|
||||||
|
# update_motd:
|
||||||
|
# prometheus: >-
|
||||||
|
# Prometheus (en configuration ovh) est déployé (/etc/prometheus).
|
||||||
|
# roles:
|
||||||
|
# - prometheus
|
||||||
|
# - update_motd
|
||||||
|
#
|
||||||
|
## Postgres Exporters
|
||||||
|
#- hosts: bdd,radius
|
||||||
|
# roles:
|
||||||
|
# - prometheus_postgres
|
||||||
|
|
8
playbooks/pve.yml
Executable file
8
playbooks/pve.yml
Executable file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- pve
|
||||||
|
- vm
|
||||||
|
roles:
|
||||||
|
- locales
|
||||||
|
...
|
9
playbooks/qemu_guest.yml
Executable file
9
playbooks/qemu_guest.yml
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- vm_network
|
||||||
|
- vm_services
|
||||||
|
- vm_test
|
||||||
|
roles:
|
||||||
|
- qemu_guest
|
||||||
|
...
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue