Compare commits
261 commits
Author | SHA1 | Date | |
---|---|---|---|
3b1ae6206f | |||
81f95aa14d | |||
708781b722 | |||
0782695471 | |||
1e1783fd59 | |||
4d0f820df0 | |||
48c4ecafae | |||
9aaa619173 | |||
54d227232b | |||
ba033f9099 | |||
8d0139925e | |||
7f9ccf3e59 | |||
4f18b6c8ef | |||
004a033606 | |||
d20c89defe | |||
97496ef4b8 | |||
0b40cc4b9b | |||
66e6c960d3 | |||
a004555681 | |||
7fe391c16f | |||
e660d8688a | |||
e5e6dd8056 | |||
67b29517e2 | |||
b141a1d955 | |||
f70e515769 | |||
806fa25b06 | |||
00dcf27614 | |||
029b001f9b | |||
39119a4ffa | |||
10087b354b | |||
3f02039de1 | |||
91d3087047 | |||
887aadb5fe | |||
02910a8fc0 | |||
061b6f1049 | |||
94ba30cc3b | |||
934137903a | |||
8359d2ebea | |||
5c8358ec95 | |||
261ccfeb5c | |||
9eb5793b38 | |||
68f36ae048 | |||
c2f2c03af6 | |||
19953b2951 | |||
3864b641eb | |||
c4744e9ab6 | |||
98f122bb69 | |||
41852b4ab8 | |||
a61c997366 | |||
3e16224213 | |||
136dcb693f | |||
db7729b3cb | |||
6949cc202f | |||
83ff27b856 | |||
16a0d95936 | |||
2928d7e809 | |||
071d82529d | |||
f9f278cb65 | |||
4c61d2bc18 | |||
3fa998ae68 | |||
071daad994 | |||
fc7f59b231 | |||
9e483d5285 | |||
4c33b77695 | |||
5e5d2268f3 | |||
51674bc1f6 | |||
190f31dffd | |||
a00a9b123f | |||
9524f29d1f | |||
14b1f47842 | |||
229a6617de | |||
69701f4875 | |||
6728d2bb00 | |||
be261ab257 | |||
13f22bc7b8 | |||
2e2e4995ed | |||
7d58a98bb4 | |||
45d380c641 | |||
35cdf782c8 | |||
fbdeddfc72 | |||
17b46bab5e | |||
93bccaddfd | |||
ddc0597e2a | |||
fa87d9789d | |||
078d9a3de9 | |||
e87de918db | |||
14288224b4 | |||
0e581e7d23 | |||
175e375682 | |||
cb6ef5dae0 | |||
15dda43f21 | |||
1a63ba3bea | |||
75f0ee785b | |||
9de88d0a28 | |||
655f744a11 | |||
0c7b5a2c68 | |||
e0c95b8f10 | |||
058fe0b3f5 | |||
2f4c6a53d8 | |||
ddd8c6dcc0 | |||
2c64d27fd3 | |||
b3d18e92b6 | |||
ace765b682 | |||
ca1c6c8040 | |||
f8b932014f | |||
a5b527ec0e | |||
20bce8a0da | |||
4a5b3bbfde | |||
4a9c0e6d8e | |||
aa1e422c58 | |||
455a0bdc2a | |||
452066fcfb | |||
669c7ec801 | |||
d455bbe00e | |||
6522a6f076 | |||
5391f2b956 | |||
bbaab0b767 | |||
676dabd76b | |||
1978f12794 | |||
8f51a2fb80 | |||
32ed73735f | |||
4ad25f7057 | |||
454f1d75cb | |||
cc1786eb2b | |||
8bf1f1a1fa | |||
dcd56413e8 | |||
e160b98f0e | |||
94953e1aa7 | |||
833d25078d | |||
8b5d587f26 | |||
6ee7a19f21 | |||
0807dc1d70 | |||
922b6894a7 | |||
7db15d9c63 | |||
b4fe111c91 | |||
67ac2a7618 | |||
fcb9ac9d17 | |||
9e24c5373e | |||
b36dd15d3c | |||
a2e181493d | |||
71befe1b44 | |||
9c41558d62 | |||
66a015c135 | |||
eb8368b2e6 | |||
67f0e4ccbc | |||
f3d67e93b4 | |||
45f5920cdd | |||
3294cde7a6 | |||
6eeb578d89 | |||
8b39a7f7dc | |||
dcc038bd7c | |||
0a621b53b4 | |||
8ec059ce55 | |||
621f39a8f2 | |||
f579e08e21 | |||
48deabba50 | |||
9f850aa4da | |||
1aba1e5606 | |||
6d66e56b15 | |||
e7c3a9c771 | |||
5eff05f8c5 | |||
eca5d1563d | |||
c32b949d04 | |||
19c623ab0a | |||
7c21275a11 | |||
95c812b101 | |||
830e5b103d | |||
873b5cc6f5 | |||
e995b06ea9 | |||
34b67791bd | |||
9c19e41afd | |||
5c17bc9664 | |||
d653432d18 | |||
5a43708a87 | |||
9cd983aa4c | |||
0a0fc8e52c | |||
2db69a8f1c | |||
ac9947c50f | |||
6773c5e90d | |||
cc82841560 | |||
b9fb9f377f | |||
f43775fc02 | |||
412a63dc6c | |||
a670cbaba4 | |||
ea78f609b5 | |||
aac9151280 | |||
1c47ccc4a8 | |||
64dcb4b282 | |||
99ba67f074 | |||
618cad720a | |||
8863eed924 | |||
0254b82356 | |||
d0175e961e | |||
e13e450a1f | |||
a15a05ce69 | |||
45ca2a3236 | |||
b0e12b19f8 | |||
61cdb980ea | |||
c7d7320367 | |||
866f175ed2 | |||
c4e9ecacd7 | |||
2d6ee91f93 | |||
e99f183743 | |||
231c3aac09 | |||
3f29960a04 | |||
67994d988b | |||
ea843e2f47 | |||
c6afab5728 | |||
553b371797 | |||
a816fb1f01 | |||
4bd54fe371 | |||
8f27164c17 | |||
8937e4f8e8 | |||
3d6e0f21b6 | |||
953403d0b3 | |||
5a7c8b280d | |||
8f452c76aa | |||
a505441f4d | |||
b894959c91 | |||
204ad7f2ce | |||
138ffd6097 | |||
526eaf84d2 | |||
ec01fbde95 | |||
35087971c3 | |||
2ff44c58b7 | |||
9fc0aa1fe8 | |||
cdc68cedd5 | |||
50b0e023dc | |||
3216307404 | |||
1938cc24da | |||
874f75d47d | |||
4d82018f62 | |||
69c3949ef8 | |||
6bb2bbb54f | |||
d5ab886dd4 | |||
426296d8bd | |||
2389367582 | |||
c1833e77b3 | |||
4446c2c47e | |||
8d92035a81 | |||
6f32c9bc2c | |||
5542e63d14 | |||
b34c232904 | |||
5740b64b1e | |||
bb2590358d | |||
c775a48ca8 | |||
126d0f49df | |||
4a29c317a5 | |||
e36e31d18b | |||
b1f26f2cd7 | |||
9f8dcecf63 | |||
b9dd74af40 | |||
86277d05c2 | |||
642b3eb801 | |||
2744b3b512 | |||
f321b12d2f | |||
43693c2fc8 | |||
961a2f1105 | |||
11939a6032 | |||
4dbe0e562d | |||
c97dca8fa8 |
283 changed files with 32308 additions and 4116 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,3 +1,4 @@
|
|||
*.retry
|
||||
tmp
|
||||
ldap-password.txt
|
||||
__pycache__/
|
||||
|
|
18
all.yml
Executable file
18
all.yml
Executable file
|
@ -0,0 +1,18 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- import_playbook: playbooks/base.yml
|
||||
- import_playbook: playbooks/root.yml
|
||||
- import_playbook: playbooks/ssh.yml
|
||||
- import_playbook: playbooks/chronyd.yml
|
||||
- import_playbook: playbooks/kresd.yml
|
||||
- import_playbook: playbooks/knotd.yml
|
||||
- import_playbook: playbooks/resolvconf.yml
|
||||
- import_playbook: playbooks/ifupdown2.yml
|
||||
- import_playbook: playbooks/systemd_link.yml
|
||||
- import_playbook: playbooks/keepalived.yml
|
||||
- import_playbook: playbooks/ip_forward.yml
|
||||
- import_playbook: playbooks/dhcpd.yml
|
||||
- import_playbook: playbooks/bird.yml
|
||||
- import_playbook: playbooks/pve.yml
|
||||
- import_playbook: playbooks/prometheus.yml
|
||||
...
|
|
@ -3,8 +3,10 @@ ask_vault_pass = True
|
|||
roles_path = ./roles
|
||||
retry_files_enabled = False
|
||||
inventory = ./hosts
|
||||
stdout_callback = debug
|
||||
library = ./library
|
||||
filter_plugins = ./filter_plugins
|
||||
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
|
||||
ansible_managed = Ansible managed
|
||||
nocows = 1
|
||||
forks = 15
|
||||
timeout = 60
|
||||
|
@ -15,3 +17,4 @@ always = yes
|
|||
|
||||
[ssh_connection]
|
||||
pipelining = True
|
||||
retries = 3
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
# Deploy all playbooks
|
||||
ansible-playbook playbooks/*.yml $@
|
16
filter_plugins/enquote.py
Normal file
16
filter_plugins/enquote.py
Normal file
|
@ -0,0 +1,16 @@
|
|||
class FilterModule:
|
||||
def filters(self):
|
||||
return {
|
||||
"enquote": enquote,
|
||||
}
|
||||
|
||||
|
||||
def enquote(string, delimiter='"', escape="\\"):
|
||||
translation = str.maketrans(
|
||||
{
|
||||
delimiter: f"{escape}{delimiter}",
|
||||
escape: f"{escape}{escape}",
|
||||
}
|
||||
)
|
||||
escaped = string.translate(translation)
|
||||
return f"{delimiter}{escaped}{delimiter}"
|
9
filter_plugins/format_rev.py
Normal file
9
filter_plugins/format_rev.py
Normal file
|
@ -0,0 +1,9 @@
|
|||
class FilterModule:
|
||||
def filters(self):
|
||||
return {
|
||||
"format_rev": format_rev,
|
||||
}
|
||||
|
||||
|
||||
def format_rev(text, fmt, *args, **kwargs):
|
||||
return fmt.format(text, *args, **kwargs)
|
|
@ -7,11 +7,39 @@ import dns.name
|
|||
class FilterModule:
|
||||
def filters(self):
|
||||
return {
|
||||
"add_origin": add_origin,
|
||||
"add_origin_keys": add_origin_keys,
|
||||
"ip_filter": ip_filter,
|
||||
"remove_domain_suffix": remove_domain_suffix,
|
||||
"ipaddr_sort": ipaddr_sort,
|
||||
}
|
||||
|
||||
|
||||
def first_addr(addresses, ipv4 = True):
|
||||
version = ipaddress.IPv4Address if ipv4 else ipaddress.IPv6Address
|
||||
for addr in addresses:
|
||||
parsed = ipaddress.ip_address(xx)
|
||||
if isinstance(parsed, version):
|
||||
return parsed
|
||||
raise ValueError("missing address")
|
||||
|
||||
|
||||
def ip_filter(addresses, networks):
|
||||
if isinstance(addresses, dict):
|
||||
return {k: ip_filter(v, networks) for k, v in addresses.items()}
|
||||
ip_networks = [ipaddress.ip_network(n) for n in networks]
|
||||
ip_addresses = [ipaddress.ip_address(a) for a in addresses]
|
||||
return [str(a) for a in ip_addresses if any(a in n for n in ip_networks)]
|
||||
|
||||
|
||||
def add_origin(name, origin="."):
|
||||
return dns.name.from_text(name, dns.name.from_text(origin)).to_text()
|
||||
|
||||
|
||||
def add_origin_keys(dct, origin="."):
|
||||
return {add_origin(k, origin): v for k, v in dct.items()}
|
||||
|
||||
|
||||
def remove_domain_suffix(name):
|
||||
parent = dns.name.from_text(name).parent()
|
||||
return parent.to_text()
|
||||
|
|
9
filter_plugins/suffix.py
Normal file
9
filter_plugins/suffix.py
Normal file
|
@ -0,0 +1,9 @@
|
|||
class FilterModule:
|
||||
def filters(self):
|
||||
return {
|
||||
"suffix": suffix,
|
||||
}
|
||||
|
||||
|
||||
def suffix(value, suffix):
|
||||
return value + suffix
|
4
group_vars/all/bird.yml
Normal file
4
group_vars/all/bird.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
bird__as:
|
||||
aurore: 43619
|
||||
...
|
5
group_vars/all/chronyd.yml
Normal file
5
group_vars/all/chronyd.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
chronyd__pools:
|
||||
- ntp-1.int.infra.auro.re
|
||||
- ntp-2.int.infra.auro.re
|
||||
...
|
24
group_vars/all/ifupdown2.yml
Normal file
24
group_vars/all/ifupdown2.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
ifupdown2__wireguard_proto: wireguard
|
||||
ifupdown2__gateways:
|
||||
adm:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
int:
|
||||
- 2a09:6840:206::1
|
||||
- 10.206.0.1
|
||||
ext:
|
||||
- 2a09:6840:211::1
|
||||
- 10.211.0.1
|
||||
monit:
|
||||
- 2a09:6840:204::1
|
||||
- 10.204.0.1
|
||||
isp:
|
||||
- 2a09:6840:210::1
|
||||
- 10.210.0.1
|
||||
pub:
|
||||
- 2a09:6840:215::1
|
||||
- 45.66.111.204
|
||||
ovh:
|
||||
- 92.222.211.254
|
||||
...
|
10
group_vars/all/openssh.yml
Normal file
10
group_vars/all/openssh.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
openssh__users_ca_public_key:
|
||||
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
|
||||
hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
|
||||
F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
|
||||
|
||||
openssh__authorized_principals:
|
||||
- any
|
||||
- "{{ inventory_hostname }}"
|
||||
...
|
3
group_vars/all/prometheus.yml
Normal file
3
group_vars/all/prometheus.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
prometheus_node__text_dir: /var/run/prometheus-node-exporter
|
||||
...
|
13
group_vars/all/resolvconf.yml
Normal file
13
group_vars/all/resolvconf.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
resolvconf__nameservers:
|
||||
- 2a09:6840:206::1:1
|
||||
- 2a09:6840:206::1:2
|
||||
- 10.206.1.1
|
||||
- 10.206.1.2
|
||||
|
||||
resolvconf__domain: auro.re.
|
||||
|
||||
resolvconf__search:
|
||||
- "{{ inventory_hostname | remove_domain_suffix }}"
|
||||
- auro.re.
|
||||
...
|
5
group_vars/all/root.yml
Normal file
5
group_vars/all/root.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
root__shell: /bin/bash
|
||||
|
||||
root__password: "{{ vault_root_password }}"
|
||||
...
|
|
@ -1,246 +1,298 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
64313161633263303464663933363265373935633862653634643862343232643432343966376438
|
||||
6134633764383937373966346538306530316539303966320a363035303038616435383366656532
|
||||
39346463396563626166333362306464343836386365303836356461323663633831636562393039
|
||||
3832636432626238350a666566323435623834396166656233306639333830343130326265616234
|
||||
61666365663963643437386530363261306438376665386463376366363662656161316263303831
|
||||
61393136363934316462616131326463333736656136643038623061313363386538393833663637
|
||||
36373565333566306632313865646538633532393731313430633462666334323762653337383338
|
||||
63313433333835653366363061343839326131666139346563306366656365316663333438363837
|
||||
33323165353936343165646464306434303161313139653561346461653537616164623434376534
|
||||
33666662343734633766356230383761353239333632613031396365346536373432363433633564
|
||||
61633762393033343336373864653438336436613630366539333731383336346665313732396265
|
||||
32356138666135383562656366353131366436363464643630656130303437623131333239386363
|
||||
66373866393064306565306565386230373638633733326661333065633136633130323963323765
|
||||
30353262323835313365383562326363343965636634376133613331363133313030346561653931
|
||||
39363636636235646131353034663861336362383263613165323230366439383561653165363764
|
||||
65366130623362623539393461363832353435616266393036386439303834316635366438393936
|
||||
33383933366262636232383066663130383965306137356363363539633661373664613738336539
|
||||
31363131616135623039346465623530376533386263343836376662316562386530336266303062
|
||||
64386531303938623939653635313163633261336339366139666135323130653862346132646636
|
||||
30363065303235346331333434653331646333616337623562643564366435613938643235333664
|
||||
30626164373030303237656366623631396138333265383566333664663061613536666363623630
|
||||
61623362383439636239336234333161366635306432363230366630383836326330343932303863
|
||||
39393232373831363863333332636362396639663831656266336430313837666463336439353332
|
||||
63303036633433323439613535326663633332346565646338353761363733643766363132666365
|
||||
34303865656262303563323665363730663062626537363461646363636461633762663237366366
|
||||
64393133656464643065633634313261336662646435313735306266316132636530393631353830
|
||||
61303939373363323131316463333136326365333430626266376636356130396239323464353937
|
||||
64616232373532396334343433636332353530386662633164353235626361623164313039336666
|
||||
31636434666437393839393133633961373139313663616366373239386163623064373836376164
|
||||
62316638366366376134386231306435616138656461373633393339653532363434393834393430
|
||||
37363335623934306661333135343266663464623438353665613330356236323036363139643064
|
||||
62383934363465316338393065383935646134353230376131613935613431656333383565353134
|
||||
34643866353131653061623236306536363163373639396564336434653839346263303930633663
|
||||
39393935636235313431303032336361313730373238333732626465346662363038636361383631
|
||||
65393433346363366337383233646166306339653533646632623262376630383265393438326135
|
||||
31643039333835666338383762336163336337343532393063323165636531353361613731363065
|
||||
65303637396332613432663636326334646635346237396461636366356133303333306239393739
|
||||
34353966653662346230383865643231313239626533643761366162613164333132373636623237
|
||||
32356335643766646266646266633366363165373861306433316561363166363865303133633939
|
||||
34633132343438363034323638376666313061383965323566646463653163313235373364386666
|
||||
62393865373137343237306637363536383939303833663532396333313931336162333837613935
|
||||
66383266343735396337663936333162323738383264376533316536376563396333343263643931
|
||||
65646535363337373865353265306434356432353066656665366638353331366334366339613538
|
||||
32373637633564613861626538373365336362313434633137613966353861393462623862663330
|
||||
64386431373066306334383863366133333564373163386433313231363366393830343230323734
|
||||
61633962356637326538336663386330653563353763663236623539363630626363323237333237
|
||||
30656139626561313064323330373032323031343137366638303966313832646365666238326337
|
||||
63306363613361653933306234386163383837666430616663383664386563323839326232383761
|
||||
35373539626438356539393266653864353066633365383437623437356464383335383039343137
|
||||
61373539343631373932373033656233323964353666626162386537616333366562346265656238
|
||||
35396130356166303564303036383664656435626534303064653363316464616335303965376330
|
||||
61646638383138323265313631613037396561626162306661653231646230343139656135333236
|
||||
63303838316266333665636335663361656262353066666430656162323236633564313337353665
|
||||
35363565303736633564356632346632343832363934343962313030646132663566346664313632
|
||||
38393061613163356265643434626166393366366634343032626637333332316361663639623534
|
||||
62323239373639393337373537646232663531653835356165313264663561623633633830373734
|
||||
31336234613633666538373961626430316530346462343061323661353564323938353338373961
|
||||
64616637303734303333626166306330613238646265636136653939363936356165356232396436
|
||||
65353731633836363433616534636330663565643561363233396538386430393964353433616437
|
||||
36343936313936303165396236393463646363383338366238363961666530623335653234656139
|
||||
65346337663437623134376137326166323933613861663032623965643538343638376234316232
|
||||
36333065323234663263343630353739313661373536316162366532336438373263303730626464
|
||||
38613136393166626663636631363064303736666235333036616435373063363762666565363136
|
||||
38333966303831313333613831313132633062616235353365313533386236613338373130303836
|
||||
61326262313833306437366364316433393931353265326131653563656131333436376338613266
|
||||
39326632613366666136643137303635336631353230396435313537656366326239626362313833
|
||||
62653039343261613265306362323234623264366664306561663839306631663465303962386462
|
||||
39353934643562383762623937643034383534393962333466613636346637323235346438666636
|
||||
31613838313535666166663063373333653439313035346266666463623666613837313933623837
|
||||
63343565663739393764353761316432626237346234663032316131306262356233333439323961
|
||||
38646664383030303832646563393836643135303731306435383338623633626638306165386637
|
||||
65393238653464623032336437643838333932366131656332333165376261383539386466343139
|
||||
65613733383837323832303738363664653138613830376333363038383839623463623631666237
|
||||
63363263396533353763373934373034643763376665316638353435663635346135333265363235
|
||||
62663432343935343964626432353563313036303761393039386231343530663737633466643035
|
||||
65343835353037643539316439666666633866356530363237373230373439373133313337653237
|
||||
66613631373637313534353862653437393234363365323032393035376438616264336661616262
|
||||
37336435326135373065353564383637626637343532396331623334643139386364316431376435
|
||||
36356566363033636539363430356565373039363863396565643730656531346364626334393436
|
||||
33343839303538383530363231366166623233333730323163323432373831313639626337346230
|
||||
30333930333064393337616564386163623436613933623466353933393733346339383534633239
|
||||
30633365313364666566643533326163336330323232353533316633313739343035383465376330
|
||||
65356139386463633565366132383832643032333234633964373437633836343435393631396166
|
||||
34633439643764623936366536353931646132373539326238303761383339643661616266646130
|
||||
30393166393465326365393130636136336433623262346435353936306133616135653734383635
|
||||
65393530633836613937346430366337626365363361663533313837363063396538663766646566
|
||||
63373639653732353135343562353266316164303863336365303635653464393232613939396131
|
||||
30636361343932663233663566656131363938656161623966316366656561343166336532613666
|
||||
65613534663762353662353262623634616264373964316336626166353330303539356130646166
|
||||
63643435353765633766626165643465386331333637366562393861613834323464363932306430
|
||||
32643836646266643031396262626136313363623663366430376432373036643835653863323631
|
||||
30613164326430633664306630333632363931656135643465363439376263386561383534633666
|
||||
64323763656466343064396639313264386239356664663461333166626332326536623132333434
|
||||
62303261643164643330333662623935383037353338306135613737306563326336336162633138
|
||||
33623066373265663362303133363032343933306336396466383034636131333837313333326531
|
||||
39336163313633623639303462313763656632633030336236643030343262653366633939643536
|
||||
31636535393864663363353930363761623264343630396336396431663330323436613462633136
|
||||
37336464353730643566393432343762333336653932333366636265343663323462626232623635
|
||||
34346136333630363539633666316561376266373032373961313437653564636537656630303261
|
||||
37313639333233333365383763333061373730623939303530303832646365323739356564626137
|
||||
35633366393636376463393961333830343232363266633931613332643134643234303733373466
|
||||
35323831623931633436626636346431303965663639666566623433383736633834626330303265
|
||||
37353337656233663938663839373931623137666662623266336537383631626631306235363064
|
||||
33313564316438633139336261623736336336326239376630316335313631376132646563333430
|
||||
33656432643130643832343065353834633366363339353964623762666564633835633636313731
|
||||
63353637636165663136623736343234393038313235333363643237643566623766393838386635
|
||||
33646233623032653233336266636335666233353032303837663162303939383262373761623261
|
||||
35366661363966346233633739663635353361303264356534366235616164316138623730623632
|
||||
62316362623736396264366632373661373835393434343364353431316362666235616635633566
|
||||
64353530633334393737346663653562346335323065356665643132353738363132623031353664
|
||||
66666639326238386634363664356664343161386435323736316636343536326435303066353035
|
||||
37363731613138393333636562386363333932386362303139643262386237353863363764643139
|
||||
64616561373239346464623165616332623434303433626638376232333733646136376431626438
|
||||
66613134343639656331626630303030366133356636663735353466353834613430356265386162
|
||||
66613332663232623438636661306332613162666561353537313336643134663664306630636639
|
||||
61613363353264373831393962333631383236666130646333336431303735333165656438363432
|
||||
38396530333631636135653534393531326434306362396237366430383166323832336434376364
|
||||
38393431646338316232373431613930326532646333386435303034356564336665346133393866
|
||||
61643533643361646265313334633463616437393437653935613261366635616430313064346532
|
||||
32363831613565313836376338646466323130373032613863323037323566643164653132633735
|
||||
65636562653535626461396666643330386333663137613333643165656336633038323036373162
|
||||
31376338613862333334643561313332326237646565633934323032626662633631633033623063
|
||||
63306664656437663732323339383735306132616531373865323835633264333639336163366466
|
||||
33373433653839393638323034623835643531393266306331313563613265616633353763653438
|
||||
65363532653163303861383531356639316331343531666666636336373634636134633331366364
|
||||
62366230366435323435613964636533353236373935626632623536396664313264653031623062
|
||||
33366166343630313839366262313234346262343336386538336335393835646138666330656361
|
||||
61313936323838653832633130346539636363613838343363663431623063333933383466353938
|
||||
65383361333561383631643938613862343236346233363466333237316339616362366565306639
|
||||
39356563656132303463346138356435303038303165363935343266396462326365363262393336
|
||||
37396235366639623761366239386165613065626431633733306234343866663266633631656237
|
||||
63643430383433393835663635356265636635363137613064353066313338346436356632346265
|
||||
38393730336465396263373137383238653337396364643061303234666266663064663265383434
|
||||
36636138643432373633313038393737663735363838396164366234643533633762383062353831
|
||||
66326231363337323666386263373438656630346336663239643030386434636264666634393631
|
||||
39313364333761343532346165396365306463393037643935666363323630326664616638313338
|
||||
39396336653738353333343835363861643166376565346463303135376439336134666235623230
|
||||
32363031303732666133386164313437366164326539373564623236356432303132633436323563
|
||||
36323634373538376133613736633133356638323861636434646465643432636366376138636232
|
||||
63633830613462613831313938326339343632393038376639623131366364623536353338363439
|
||||
32613331623863336165636364616634303264356630303665383638663737343836663831363263
|
||||
63366562393734323030306436346534626530656465396535323835316139633562363830373437
|
||||
63626530326530383538623165356532303862353763326432373966626436303465373431373762
|
||||
38613539623164353732623636376630643465343839666531306438326633343362306665366132
|
||||
39396537366266353864656232616334336130333337306463313932393832653661343036396261
|
||||
64613461633433356334623631643861303133383963336635623138326139613564343838366565
|
||||
36343130353462333162313736636139306233366466626231306561626335396262663531333839
|
||||
61336437343137356335633764373730306466326133356331333530353537616661373062656438
|
||||
35356235666464656466323937353837623535643937383866666133383633396563333338633034
|
||||
38366531613164363966323137646237393135383164643230663331306335636432656565633636
|
||||
34343031633632346533353666353034666266666561346464306665386634313263323333653330
|
||||
66323033393531343633356466613837346164393332613037636465343230623731616361336338
|
||||
61373332373636646435353734386366613334323161626437396232613534613330613532323534
|
||||
65653065386432313733663165616333663666363733623162306536303833663136353334656466
|
||||
64353931363838613761663561666639373865393438396565626661343934353662363834636535
|
||||
65363664393433313036383438643864663339626331343230343337316437336634636363303563
|
||||
35373539383535353235633730386232363539616632336566376264393832383637663330613133
|
||||
37643261363966633138373935333438393536373938383265373261363232343030373539366335
|
||||
61633162663137643061363366653135323639363838626266386262666133306461333432313738
|
||||
30313332626166303630363839396663396564633961383863326663356230343938643833303933
|
||||
34333032353935323565346633363537656639613663356130383264373739636231363364613066
|
||||
36653664346434393933383337313630623131396461343930383537633536643365306564396665
|
||||
31353861643335353538623838393335326364393738376239623431306231363739656438626265
|
||||
37666532336661306262303761616238666239623265663231386165353437366631376234343035
|
||||
33393037316563373534373765616238616639303031346430623561663430393536303163613338
|
||||
65353062336164626335376235656235343637366438353334356436653266333062663838316263
|
||||
32623732306462356162623437393035626433336631643833626463656634366332613936346465
|
||||
34653331363133373635633330363564333264623566613432383439396537343963653239336265
|
||||
33326132663434363065646265646130333935303662623037363938313464366564323734333437
|
||||
36336335303738643634653164306332636130316161393335656536386131396662616366383139
|
||||
36663863343736666665363337663537326330323437346565346465326231366563643136366365
|
||||
37636361343961326261336437616266373962643765346438333766306537303137353764396330
|
||||
39626635373631353635313935363834363730386132376363663462653330623130663266373432
|
||||
65343237326535613535386363396236336536366165306463643162346638623638373433646163
|
||||
62613935363636353639623839396231393838303135346536383037353636613563323234626131
|
||||
64373666303436393861373164376564646235366131343433623733663832653039393738343537
|
||||
65323534343464613230346532623966616462353532373064623566626563336464326336393364
|
||||
39626237646431313135323036303065343138616632343237396136366332636132303037376132
|
||||
33623031623635653162616265316366663262373666636638386130643336383130643232643662
|
||||
34326663343562613962343033396332303261636230353331313730336630633461333736626333
|
||||
66636430643330383032646634396133626339623036333963396662313234623466366634636334
|
||||
33373762386662613966353664346239666133656435353365653536356331613632666132376264
|
||||
62613433366633663065306166396166633836306139376533396165393966323465303638373563
|
||||
63326330323161303065643365343363313338326238363137663139613463613434643834613662
|
||||
64663365633965653363633165653038333335333232633434323037643936646561376431626230
|
||||
66356138373136366134373533386634373061666330663364376336383433306331386162393633
|
||||
33636330643531396464313736363061303466393861613730323563626363643731333633366532
|
||||
64646130636234653566346533323962353332653335336239353630633535623935396638663366
|
||||
37383661343636613261623833653032373764653164346634663431653664636233323734666166
|
||||
36373664306566663930353338366431623563396166356638626166333165623263636336613138
|
||||
34343936393964666564306637346561393538383137663162663630336462656663316338376236
|
||||
63633666333263663734353861633164653132663334306664643133663736663766626639393236
|
||||
32653430333163313363343731666135656662363838366132383732346130313130363365656263
|
||||
32643533393163376264653632663262353966306630333064313932616262323134326361633764
|
||||
63383837303936616434616630653833653833623263623532306363373836323431393335623530
|
||||
34316562343035326265333164643163356230643639373431326431303538346363376332373434
|
||||
31313666313663343363353130306561646136393732663164393232636330663635346434343134
|
||||
33663138663336636430373763396435323138373633666438623234363631336232366635366532
|
||||
62616239663934653462656163326134303261376635323864633435383666363065656665303538
|
||||
62626538343638366236646136363232373437336630383739656438636465326531646664366462
|
||||
36353663626634386538336239623734323234393463313034303837363164363263623065613061
|
||||
38333162646232366339333662313965663336613238386530393162346266636532353433656136
|
||||
66326436323836376432313238613165373565643233333435393361636637653361616435393438
|
||||
32383763393561343734643438346635613663393736613839623263663866336165343235663933
|
||||
66623137616561313462653631613830363666653635336534643935373739353138363934656134
|
||||
35663063396162623432373534333463376231666466393963336231653939326663396336383735
|
||||
34633763336163313432616163313638623963306666643432306661393632346339373963633265
|
||||
32303862643661376433356661383335313365306534663534396638313531373538326236636363
|
||||
37626138333437393363323261336663653163643565303063313231346131376261653763356631
|
||||
62306262336337366134626632333663363139393131306666303235303761623665356431646234
|
||||
33666461663035303066353137623762653565353533613435663839396238336337333463636465
|
||||
38353135356634626137376232613330393235383432356436393030313564306537616363383136
|
||||
66356463373138313661373565326565343066643133633630313031303132313031663739316631
|
||||
66666631386163313034306532393862393930653931363235396662366262636466363464396466
|
||||
61303962303066633764393831396632626233343633313061323838623134373036393164633139
|
||||
30303861636335636131376334376239636235653233323435623262366132663934613661333135
|
||||
61386136326435363337316363666330363431613135663661303438383664663930656564373730
|
||||
32373731393666333364633835646431646662313232383136616238303264383438663766356462
|
||||
32346664376430663934626661663039656461383738626265346162393861346163656161323333
|
||||
39323666643031376530303230626166613233383731363766373634623430633635303963313466
|
||||
34646331363539636133373134353535356265393265393635323532323134643034343663636362
|
||||
38633261613433393634396234396265623063346138363133646532366638306632396464646432
|
||||
61373961383438386535336131393633303430346162613738343839653038303035303033626535
|
||||
37343030623530333332306265373539633735616634663666356437303862636338363866613861
|
||||
38346130336338373865343866306665616530313938616366346131376262346135323537663137
|
||||
39383366313766666234323234363937623264353532323033363966313135653163343036666262
|
||||
34393832613034383239393930383063336131356364303231323966303633333331633666373764
|
||||
65383137333965663234663933303231356165376233326233303035316536666563656363343933
|
||||
36633039666432643135636331353932633164633964623661373739633665313433306561303637
|
||||
62373534346562363132643063643732343462653838393635343266626535353864656437313434
|
||||
34376538303965616539626534613431623834376337643936613137323031323139393762636463
|
||||
66346664666361623636666533663037613434353135393862376633636233656330366136646434
|
||||
30653735323961383130393763333630306131376430363436623238646632363462383739653636
|
||||
37346566663039383866323639633565366338353438386461616239313639343766333661346435
|
||||
33316538366463383733346663316564656566656165396465393461363061613239666165346661
|
||||
62346639623163363762366431313831663135643062336363323336303737393437653863303665
|
||||
36643466336566336236353166333063633830646461626262333937316162353365353130353535
|
||||
30383164363532363532306364393236303537383139643431393962333063633162313033613561
|
||||
32323434336364343061386666616639336566373461633462393130336461303531353436623065
|
||||
65663430623066336533373662306566396263376562343936666166626666323964373334613835
|
||||
64633535303365643564626562643562636363363834353865353765356665643965663861366436
|
||||
63333736613232353130616466316637613966646139323565356537666331666564623832333439
|
||||
36376131663431616430616265323039646432393166613631313762613264313765323231663961
|
||||
65616636306362386534626130636261636566626365643630616135323634343935653033653433
|
||||
3061
|
||||
61343966306561383238303434393933613538616662326430626564353466356235666537646263
|
||||
3464666132613834306435376533353564633634643931310a376435336364333437633633643537
|
||||
30636165313433333039616337633765346232326362663834396462653637636438356638616263
|
||||
6333336530663764660a316331363464616132383835646362306635623261643333313639303132
|
||||
66303137623563343066363933633939306432383331643662626130393865346237353432343035
|
||||
39643562343231623539393833386461363362363566366339323066316463363334353430666564
|
||||
62313039306234346663343934333435303636643632353336643638343532306330316238636663
|
||||
39646366396136303663343662313264363831636232303466353536643362396139346138333934
|
||||
65323463366438333838343265396261366136643662633733343737376466643636643265323964
|
||||
63323735643965653637393031323166356335623838616562366238366337636131363333613666
|
||||
64313963643138613831633436313262336431336563323337663035373138323439396231613361
|
||||
33653538336633353432623632373730666437306265616631363235646633313565316663303435
|
||||
38373933323439366664383334326364393838366436616563663062356635333635613966656262
|
||||
32343063666132646638343965336336386265623566613662313634366235363235636139396362
|
||||
33383334613032643030366433653164313538313239623062356161386535303163656637323639
|
||||
34653162386338626430643662376263316264306133323038353362386239623939333365633964
|
||||
61646264383834663038303464633334373639383961616665653362626464336136353662333630
|
||||
38343033386361626339653239363266383866656466656335633763353539333732393438616365
|
||||
31623030653365643166323230646533333563633935626436356165643036663530323331616461
|
||||
32376265393139666161643330343530643036366666336639666265613138646561393931613661
|
||||
35383839336539613738343638333636313063613935633833656564303535653831653033623131
|
||||
61343466353461656338396364313531323865333338346364363463393666656265386166303834
|
||||
36633164383839613830316434356632356436353630363666376330373762306632386533643636
|
||||
33343934313936323439393530633563666463323761363737396537336666626639376562633833
|
||||
38376434363662623136386238373339613235386361386566636563323433343431353234303732
|
||||
65663530336261656466636536393763393537613665383261636234366263393039616337343235
|
||||
31313636393166386634643635316135326264636134323032646462343861346231656237653131
|
||||
61646662343330623266613064313632636238323166616463613132353761303662633163313562
|
||||
63373361623935383466623236633232323130343064393765633038643638323437353735643832
|
||||
30333763396565376266343434646263316333336130626463336365306132663036353133316266
|
||||
39333962353862626638623464363634316239653233316435306332383934303239363930363363
|
||||
36313931643730373865393665613633333064333530663937636438306164386533623138333665
|
||||
30646239316633313164386339326132306666346633363865303861666536333662666263393034
|
||||
38363638393435633238616232363763366237653530613763333762333330353531613036336164
|
||||
36653536316532356337316262663863346333636336613830383363356537353038653065633163
|
||||
63323937306431303435343135636562323939383434666363303631313461643038313235366437
|
||||
34316563356365623130623664346435373066633832363639306237396233343531313965356232
|
||||
65323537376535313261656663316265326661316237363336656536646535666334326663623237
|
||||
64373234646261303463306362633762623735376465323536316638373165623264656135333761
|
||||
62323761626231663263363764643465303133646531386165366266636266306338353665343732
|
||||
36623765393538353139646362616638363365306565353662396638376133663761396663383533
|
||||
35353165396261346665626431613838653763613331323262613864663437323235386337323961
|
||||
34356564366230313062316139616366343132393261363564333632383934646435386261326131
|
||||
33313438663631393466343633386637396463373838363938333131666137316235343136373936
|
||||
65323235643130643638383661383837343636363266633165373436363165386264613631323261
|
||||
66353133313637376638396465323533373934383135323831363266613931336361616139313766
|
||||
61346436383330353265336330633234313334643566363066303835306263663630336439366164
|
||||
62616139663666353861313265316463323932306364386637326438633861666231626539303638
|
||||
33663361376131306365316537316637653661376637633438613366313230323138663030643061
|
||||
61393965306133353434346531656632383735363232346531636338393561396461633431373133
|
||||
35646166353538396534636663313564646339363866656336326131366465303239663363393464
|
||||
31346130353139633363393161653637353838623131393536383235393161393562356239633038
|
||||
65653933373130326466633163383066346332666662393862633334356333353032363135663834
|
||||
36323638346134343131396538646334613463383362656261623834623162623664393261663562
|
||||
37643238343461366531653761653466343165373838656566636664376435343665333534613766
|
||||
36633763656563653363376462336336343530646166313333313064666264633337643733356364
|
||||
33363865353232656464396562626530653833316233313562353137373038643165643465653430
|
||||
62633865616265363036373737366336626436396133363062313032323634323864363465353361
|
||||
32646431353733323134616162306337646332363631613563666334396131623764653463363634
|
||||
35383732623164623532303036656337373166326366313037326133353465393937353266343765
|
||||
37323965343632326361346632616161653261616333336561333730613664663133633933623835
|
||||
61303037333739316333313763653466646436363239653361653864643335646435313362343632
|
||||
35633931376562326165613236393134623235313961336332643936373835326238326633396563
|
||||
64313937623034313738303764326337666239666266613131306133386265643039393864393465
|
||||
66393964393437353965663764666338383033326633376232326565346236636136666464383861
|
||||
39363265653166643239363861353839373038336636376366346430353263323136386565313865
|
||||
62343730353265396338326463353535653939383336626630393838626132636230363139663536
|
||||
38383962323763653464656233373163343463346638363334616534373235353334623732396565
|
||||
31373162623035343938336564363964613135393435396430626232653230646239336635373735
|
||||
62363931623235303839663433323236346633366465643961303730633865316536373938303339
|
||||
63356165353538626337306130663035363432323836626136356466376362333834393937643463
|
||||
30323036623239373031396237623964373037396462363833323565393230396636633963366564
|
||||
30636330393735666563623730376336646462613365303330643634386236623436656666313862
|
||||
61333334323230383061303730353963396466356335343532656533623264373462656265633635
|
||||
32636437393866626434633066643566376334633963326465363763386665396530306462366664
|
||||
39313533656536376435386438396666323963393663356331373435616532353139656561393161
|
||||
64333838336365366164663864363263633630336162303866343434306433656263616432363735
|
||||
33373136626230363234316534316230353836623033336639643235653731623934376639643435
|
||||
36333037343636326438366531336165633064396334623334663835303736336564666132613839
|
||||
30626239343930393864663635663765343233396134326364393236666636353630303561316263
|
||||
62616639626666326631333734643665366262636531373138613930393366393762383637343435
|
||||
63363365363062376339393966613134643731376531336230633536626330306633383834646266
|
||||
34636363383734633065303336383362643130313732653436393133393963653361376561666334
|
||||
33346664353861353136643733363335646336613637666236653765383235636233356533643930
|
||||
35303361626634343565616361326233643135393963356632316663626137653733376433663565
|
||||
63303865343032383364636431363736633463373739316662386663613139306638656664636234
|
||||
35313562323234663730343162313364656231656164313766653635653961396330363536343062
|
||||
31333065633665326132326532356632353931363735313134346362616562313839306539383139
|
||||
38383463393035323462623035306464363631626361373439393632336436383931643861663263
|
||||
63366238353732643365346462636364373739613364623939326337363437643965626365383934
|
||||
62656661343538396461313634663030383336643362623637363631643766643762646364656331
|
||||
39613763616464663866373732343431656331316231393234333163366561663665303634653938
|
||||
61396161616131623166313266646632373338623966656635306635393730613238636339633734
|
||||
37363838666137386637343261643733336134396233323761396333363761613634393833636433
|
||||
33346230323066643136393165376638306235636635383632643137646335656565663039363337
|
||||
37346264333232616462643332363736653439653764386663343933633966366631363739313731
|
||||
63653532666165663161353065323866613461383162653639376666623739316361313139313935
|
||||
65626633633732313562656332643735643663313334333566643632376261396364643334303865
|
||||
30363462373036633839323833313930633862326263363634653736626330366235353635636631
|
||||
65643532633239303061393332363264643336653365626634363339303538623230373035343837
|
||||
61326662326631386234653833313663646232653939383833316266343530373166633339326135
|
||||
63366235356334343130663832346238386133663364386266373932663036346565373964376433
|
||||
65343931363538323734383339323131343337323332353163373338633634613036663331326533
|
||||
62343663646537636534386631333230396235383961303538643433343037363065356137336133
|
||||
61636462343335336431386538623037383639333735663465663864653337616534626634656138
|
||||
31616634653863663935356432313839346666326361383631613936303231323930653666306331
|
||||
36646265373538353038313563653739353030636637613930353866623433626633656532643039
|
||||
65386563373064613263663935386337623938383936396336313538326131313530643565333065
|
||||
36383334613961323237336362633833383438326331623565383966636330656163656431336537
|
||||
32326238663236326536363862396134343565336432656233663631343264653639643732313734
|
||||
30356537386439383639376165313639666237356433333964646662663032643834383930366565
|
||||
36323063653366373132623664663664313434336463653361373636313964343939633036383730
|
||||
33343261363334396639623035663436373431653366313866353263373036373733393035613531
|
||||
35636433303132356333343539393236353331653932356530616662353939663961656137616634
|
||||
61383538656363333437346535643132333163333936643361613835333861363561313930323862
|
||||
64623439383335386565396130323366383962333833383238393361636562366361316563333731
|
||||
62613037396236623461373432653261663261316530353434376665663339623464616265393931
|
||||
35646463373262366564663034333038633733353032363331643265643836643136613233653065
|
||||
32646537643562353565326332633230396235653234666637313535346530383766386130396539
|
||||
65663661323934646630373361656262643231333465653138626266663161653831303230656561
|
||||
37613431323333343936616430343434323366643535663562336535666536623365613361303861
|
||||
33613035616139363537646239376563393165373363643037383639326362383963653736616631
|
||||
63633239333265646430383630613462313933353566663765333533363863323861366566386331
|
||||
34356133333635343866613063313738393733633965663739336663316231623038623736633264
|
||||
35336631613165313532666161303265616365653038306333346136386162653861633036356664
|
||||
64616136663430623562646132306262366362353861613239663563633234386366626564333537
|
||||
65623439666139396634376534316630613461336666343162333139376461636235613639626663
|
||||
34346232643764643065313130333765363766616631373265336234386664616334633261663631
|
||||
62343439363163623731356538623061343935313366353839323665346266376631383234656135
|
||||
37343536313136656633343938336465373131313033643136666164623338313063653262383961
|
||||
61386336363932336131323735626162386264396236376330306336326331643834626537333164
|
||||
62303237333538326432363137653261333937326234373665313135643465613734333065306463
|
||||
66363662373165363337386534373965666466366566663832363433616334376139623937333435
|
||||
62363433343330643763613435303839313665393162313737313439356331376137613635383630
|
||||
38333032636564623236656236633031313838396131356431303133386364333763613534316264
|
||||
66376665656535636331663333626163633035663332653139636262613031336532353336393131
|
||||
66373861343332656131366265326230376662326162336638396365643532303666616630353537
|
||||
35656433353765333531303464323166323538656437646564393039626337303361306564333234
|
||||
62353666613439613565623932373937306130303730626332653333396631393031313031636535
|
||||
31636263303632666466346263343232306262623231323161393866376165353938616536633662
|
||||
39623962313465363561393434313331313065323665656266306338626665323863663362313264
|
||||
32346136613339306539326561383333376632643365663834646465376364643965323934303835
|
||||
39323935613463363431663333383638346665633434376232363163396664336335303866336563
|
||||
37303435393962313061303365313261633037636165663339333534383461363335353533303133
|
||||
65393834666431343630366461313563646162346232323838373834626334666532303062373236
|
||||
64653662623362363535363962333561396131613638613237643164636335346231373539376232
|
||||
61633731373632366461343630306662343130373665626138376434633963653932336233613336
|
||||
32326237363063663233616533306337373331613234376264353531633034616638323462373264
|
||||
66643238363838366430316135663161616663316165343334343533376637373632373634636339
|
||||
64386230616139316435666661306237633434623638373235646161623538363132363833646532
|
||||
65346431373439343434656630636164653766356439303530306432333931303539666131333332
|
||||
31663039303133306436373531333831633461623635663332376438326133303538636137386263
|
||||
37396263663737373264653863396233623333313930353661333264326230613466376535653933
|
||||
32363232336531323034316637663061616136613038383966346337313534623738306662326533
|
||||
34616464336239363431626537396164623562303662316564623964613630613065333630376633
|
||||
36663864646463393333616539613731653339343332363061393664613563633836383331343836
|
||||
66636538613265666430346634386561343538653730336130326333393733343866646430373930
|
||||
36313730313338303538633739316365366364333563393432336565623330313734343030393364
|
||||
32383434356330336234303666326464656537643664356565666661396161623234383262396465
|
||||
31346130386635336136666335346431303061326538633361613763656166646266666330616266
|
||||
36663662663739323032653935313766343330313133306661623237373836363863646135666434
|
||||
64373036343639306337353465656631643566373561333464323630633466373462626131356234
|
||||
38613231663833393732333663653162336466346130313833633630663965626130363065313031
|
||||
32343465623932643036373830623965356437383864383037346430393065376530353133333030
|
||||
61653032643238303338636638613464316539373761636662343935353363646434656131663435
|
||||
65326135656366666436313661303065376137333462366537643666326664323735303939643961
|
||||
37373764623733356633353236623534323734383664306166303762353135346237366462646131
|
||||
63306533663930393665333864666530666232353562373436333034626236653462336638663438
|
||||
64613564636537306530353839373366646136353039626264646463306539336261613735623461
|
||||
38323735393166383861613065386466626534373034353130653731666138643837663662383130
|
||||
66303363663635333530363630653937633332316535643261346238663932363963323932373266
|
||||
66663436343361656464333533663633633564326234363062613433346536323731333438636633
|
||||
37316464326432616432616661323635623236636361313166353230306362383437323231626237
|
||||
62663338383461613239306339323336626361656165353532633834326337656533303334613661
|
||||
65626565613337636238653031356635393062643739666661623463643633386233633634353265
|
||||
37396363636339653765643435303535393738303637313835653564306463306637353132303735
|
||||
65333236663733333262663336393266346134613435636535376462363033383062356263333263
|
||||
39356561333435643639666562363338616133386338353837336230666232646135386436343265
|
||||
35666537313862643466313635643834363138653735633364636138376162623463343330336163
|
||||
30333832663438396531333136396362636263343430393732396433316132616238333034353634
|
||||
62326133303466373662616237353865396363363932363161643939333564663335363661653939
|
||||
35356362653163613966313063326630616339373133333236636138383662616236643262393332
|
||||
39633962336366666331343537643032303337326637303466346435643730626361376132393962
|
||||
33303932373136613261396639636264353832643531653635306231616531636462616238363038
|
||||
38316439373637316465663833356539383839393236313639326364303861656333613663353231
|
||||
62323533363534363165313462656230623930373361373039313362613861363832396638386630
|
||||
65636266303661336331383562626561633035376135383164343265383432326438303163623338
|
||||
63303432663664363232333838343937353535346131613762386338346131643865333139616161
|
||||
66306237303331623339396162663966666336366632313034366130353762373031366664376639
|
||||
34346432616334356565633438346134336363386434656238343830346661326465623235656165
|
||||
30366565316666633433393663646139623234303735386430346132616239303365666432313533
|
||||
34653336303334663433303438303137313939343535303332306163346562643033653632633639
|
||||
33633632376433346333663665666339653334623934636231616637613837633731383963356434
|
||||
65316566666666666233363965303961366338653632313265353137383332633138383133363166
|
||||
37343262393330663130346361336233656361376334353332636566373339623133346264376430
|
||||
36323334326633623430353837346638653931333033373230303238303132333838373835626130
|
||||
30636639363936383236366130646331356333623132303630336263373062653230633034363431
|
||||
65333037656332353930396461633938303534396464613433393566363136366232653363313636
|
||||
31623637326163356236393732646361633134373330303166316138313630343535643863323163
|
||||
63626237313131653838303035643863663863646561343463653331393762663336346362346135
|
||||
38303134643233623134326434643534663637626466396533386464353038663561336236636237
|
||||
62313562646365346531346331646537326534366137313230386663623537623465373834646438
|
||||
35356539376565633065306134356366306563306235643132393763343164373633313463663136
|
||||
39376663623963323063636631626264356230636434386666666366333561393430613264396164
|
||||
36306436366366666461306239663438323764363130346534336334346265313631363033363134
|
||||
32346434346263343933343236306432666434653035313638626637626664383836613964353761
|
||||
66303539663239313766343661396233333236633763313037396235626136323432313236623339
|
||||
65343931343035663636363062626432613836303861653236363736356163396264633032306132
|
||||
32366238623464633031343261616665393530633264633664333063313736363331653032313164
|
||||
35313939333035373663353063633066323137336233616131623565313365373563363563623861
|
||||
38336532396531343834623330336264303964383564336664396139663765376635313333663034
|
||||
35353961663562333137613864346234326261626630623861326533323435663561663165383132
|
||||
30623631393235616136636536363032346363363032613730336238666366356131383862613862
|
||||
31626134636637336361323435656365383261383235316136393032663338653032343065363637
|
||||
61383764306630333765393533303238316466626361353937636339306666623134303565386632
|
||||
64656636643334646665336532643436343132653461356339366431653037393737383533383564
|
||||
62396663366332353735363030626165663664666465643238316237633538623664313533343062
|
||||
33393363323762393130653665336161383935303336386531656133373665613332663736646137
|
||||
32373139376263333731366164383834343365333837633736366632386139383563366131323666
|
||||
65313862626335653630623262316563386331393236383633336133343062353031346435616339
|
||||
30383534313865363162356130616130656434383133643365306462313361666361613836633763
|
||||
37383933666264646163643033323836306333633264326335316163333464623737343465373961
|
||||
35393661393664323335626639333361393034306339393164373132373665383036323566626363
|
||||
30623733306363626237626466613462623362646664346533316362333037393736363161363133
|
||||
63373539626232633565636362646637336465623734366164396663303037623333656161313331
|
||||
62303139646130316263633165653063666366383964376535343232343363393062393336663538
|
||||
36356362366665643365656566653638343361306663396661303735353536323737653338306534
|
||||
35323139616563383339656235353230316436666534366362323631316263333435316531303766
|
||||
62376263363439366236636133613634333238336237333665636662353132373134326230356133
|
||||
32383537633764663538326466663936373266376232643131393732356361353864353235303162
|
||||
32623038616231653965373538653036393864373064646366333162363639306364396363636337
|
||||
36303533663862313133336533653439623663373463633162353638313434353766633765623938
|
||||
35306432626562386331396534643261663362363861366532343831646463653330343037643832
|
||||
36333433633761633765363531356439663861313936353863366164343163646239313830346364
|
||||
65303632373335346231643662336564303764633239396232326366383662346637666336666366
|
||||
38643937306561663839383933663035393664663531353961393138333330616663396338623763
|
||||
63643165346532326565613466643066643366363237356337663239386437356234363861633066
|
||||
63313763323064633030333338613565316362346338643439396532303635633337643931656363
|
||||
34383365616364373530613864363934303837653639373831383139633765656337353764323261
|
||||
36663738393863613263356230666636616534333036663964343862333763646636653063373235
|
||||
39373639343138366530396136313435633163346264643566323537616330643639643230656430
|
||||
33613637653033313135383332373433633639393564316337633764356565306130663237393533
|
||||
65666632316562306366616536633535636635613566636336363462346533303537393132303932
|
||||
38613934653363393437316261323931346633623632363863396365346562373964313237363130
|
||||
64333137396235303765643464353931636466376437626130336366653339306335656235336235
|
||||
38636532393165346132313161316339616362623834636465396362373734646533646334313335
|
||||
34613534643764663832666139666631316334653232613036306634643337666236353931326431
|
||||
62363965663736653865373838326563363937313334373937353564363562323834383335663633
|
||||
36393731366263353565646463646464613236663232333035376531333863343261383933363764
|
||||
36303466353536633961633536333663393862396136353930333033373664616266646463333465
|
||||
31333636333337656537353631656631376432376562386235346464323933303666616661313639
|
||||
62646439633264623735343164613066623464613538666134316338356235363861643965343034
|
||||
33656664373766616137383937363738313935616162326435616630373234613161333132323230
|
||||
36366330343034646431343163626235313863376237353465373562363966366161636165353365
|
||||
61336661376162396633383939323566643730613837313233623339656433303862336665393762
|
||||
35616365343239376432363061626566653931643633373634396565623965323239396466313462
|
||||
62393466636436353763336635306365373730626161363836663137646437343330326135393231
|
||||
64343539613233353637323534306337643865623738633030373637636335626437373162336662
|
||||
30313033373336363735393435383063303133636334303531343061333133343537373239313433
|
||||
61303131353535303937636432633337323763363463366636396632663438396234343133643636
|
||||
34343938323537356465613764656239663764363161663931666631643132393538613265353235
|
||||
30326364346362353661346431316666363037633031343236363365336234353963303863636662
|
||||
36323231393433623239613065326239323866323430646530376366353035336665383536313962
|
||||
61303838376235333532643338323361356339323966343334353731373932656563306263646632
|
||||
62343164353162313164373036393139353566396638356532633234396661656633313437313732
|
||||
62396134663436663133376465636164306634343531393431383630376563343062313866363839
|
||||
66393939383138396632313962613736343431643834646564353562343938313033636166623031
|
||||
62383863613465656638646236356334346130623163333630323935326439636632663333393136
|
||||
32373265373665386164333330366535383663623235336362653634656164643635396163363930
|
||||
66346137313031636533386337653137336263323138313462343936643630383233323236613466
|
||||
65313435386565366161336631333064383734616464356134383661613665623566346131303730
|
||||
38653339643962616538373263373433396535623066373466326331323131623866613132363765
|
||||
65373433336133303839383463663861383835336337303537306136666134393631393133306666
|
||||
32353836623636343037383032663333333265393835623531323532376330326130613134396261
|
||||
64303063393332393439323930376464333338626331643261326131636434343538343761643231
|
||||
64616233376236373436396234383235343662343538383830633337373037326231313332653263
|
||||
34333830353633626136633737303138363932303534343238333234626535313433666337376162
|
||||
34366365353335396163313032663561643466393535366139626266363732633363343963383561
|
||||
61626334303635383463636163306238653830366236396632653866636533613334653737646633
|
||||
65626166323531353139313538386435363961386664653036336136636337653463376136336565
|
||||
37623531636639363434393738373038376264626163363131383835653965323566356639323239
|
||||
35396238323831356133393365666238663563333335373664313165373039373465323532333361
|
||||
38623635313838626135303262653935653539646130306138363662626664623263303661366632
|
||||
37623035336336396636383139373139353034373864653235336132626531666366653564373735
|
||||
30666364623463386465366635643935393332306630313233653234326663376137663065653937
|
||||
32306461396132313630646462363962316238363935386339333236653364643330356535646630
|
||||
36353237343961303164616236613063333163303233316666313864666363396361316337326263
|
||||
39613665366662313430306230663235393331626335623334303161643232656337313066363235
|
||||
64376635653231343031323838363931396235383936373735303965636633323530306233336264
|
||||
31343063653636616532343764623434393936363433356265633433633434343266303462626131
|
||||
65663638373565613233643566373032376434646566613835376639366539386336396134353166
|
||||
64663832343239383234393264383961663461376238373132613933643363393665663833356664
|
||||
66323064623738326636343236306639656634373263356433303264386333363933343438623531
|
||||
34306632323665613266626666623134303338306639633466356232333336363438623630303734
|
||||
30336237316235363535396633313561373931623133373564383165643339613337616437353033
|
||||
33303439616232366331393763326564613439383630316530646432353866303563643637373738
|
||||
3764
|
||||
|
|
69
group_vars/dhcp/dhcpd.yml
Normal file
69
group_vars/dhcp/dhcpd.yml
Normal file
|
@ -0,0 +1,69 @@
|
|||
---
|
||||
dhcpd__omapi_key:
|
||||
algorithm: hmac-sha512
|
||||
secret: 99XuJO0ofX3VAnWWlyixWbQ5YTagPfgxyh14IbLNBb3/JzEklkWopvQdj/PXVYbfb/sRyFJBhLexPag4dLh7PA==
|
||||
|
||||
dhcpd__interfaces:
|
||||
- client0
|
||||
- client1
|
||||
- client2
|
||||
- client3
|
||||
- client4
|
||||
|
||||
dhcpd__dns_servers:
|
||||
- 10.128.10.3
|
||||
- 10.128.10.103
|
||||
|
||||
dhcpd__domain_search:
|
||||
- isp.auro.re.
|
||||
- auro.re.
|
||||
|
||||
dhcpd__subnets:
|
||||
- network: 100.64.0.0/27
|
||||
routers:
|
||||
- 100.64.0.1
|
||||
start: 100.64.0.4
|
||||
end: 100.64.0.30
|
||||
domain_name: client0.isp.auro.re
|
||||
failover: true
|
||||
- network: 100.64.0.32/27
|
||||
routers:
|
||||
- 100.64.0.31
|
||||
start: 100.64.0.33
|
||||
end: 100.64.0.63
|
||||
domain_name: client1.isp.auro.re
|
||||
failover: true
|
||||
- network: 100.64.0.64/27
|
||||
routers:
|
||||
- 100.64.0.65
|
||||
start: 100.64.0.67
|
||||
end: 100.64.0.95
|
||||
domain_name: client2.isp.auro.re
|
||||
failover: true
|
||||
- network: 100.64.0.96/27
|
||||
routers:
|
||||
- 100.64.0.97
|
||||
start: 100.64.0.99
|
||||
end: 100.64.0.127
|
||||
domain_name: client3.isp.auro.re
|
||||
failover: true
|
||||
- network: 100.64.0.128/27
|
||||
routers:
|
||||
- 100.64.0.129
|
||||
start: 100.64.0.131
|
||||
end: 100.64.0.159
|
||||
domain_name: client4.isp.auro.re
|
||||
|
||||
dhcpd__failover:
|
||||
dhcp-1.isp.infra.auro.re: 10.210.1.1
|
||||
dhcp-2.isp.infra.auro.re: 10.210.1.2
|
||||
|
||||
dhcpd__failover_address: "{{ dhcpd__failover[inventory_hostname] }}"
|
||||
|
||||
dhcpd__failover_peer_address: "{{ dhcpd__failover
|
||||
| dict2items
|
||||
| selectattr('key', '!=',
|
||||
inventory_hostname)
|
||||
| map(attribute='value')
|
||||
| first }}"
|
||||
...
|
24
group_vars/dns/kresd.yml
Normal file
24
group_vars/dns/kresd.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
kresd__listen:
|
||||
- address: 0.0.0.0
|
||||
port: 53
|
||||
kind: dns
|
||||
- address: "::"
|
||||
port: 53
|
||||
kind: dns
|
||||
- address: 0.0.0.0
|
||||
port: 853
|
||||
kind: tls
|
||||
- address: "::"
|
||||
port: 853
|
||||
kind: tls
|
||||
- address: 0.0.0.0
|
||||
port: 8453
|
||||
kind: webmgmt
|
||||
- address: "::"
|
||||
port: 8453
|
||||
kind: webmgmt
|
||||
tls: false
|
||||
|
||||
kresd__cache_size: 512
|
||||
...
|
21
group_vars/edge/keepalived.yml
Normal file
21
group_vars/edge/keepalived.yml
Normal file
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
keepalived__virtual_router_id: 81
|
||||
|
||||
keepalived__interface: back0
|
||||
|
||||
keepalived__virtual_addresses:
|
||||
crans0:
|
||||
- 185.230.79.254/29
|
||||
- 2a0c:700:28::2/64
|
||||
- fe80::1/10
|
||||
zayo0:
|
||||
- 2001:1b48:2:103::d7:2/126
|
||||
- 83.167.52.69/31
|
||||
- fe80::1/10
|
||||
oti0:
|
||||
- 2a00:a4c0:100c:1::b/127
|
||||
- 77.95.70.11/31
|
||||
- fe80::1/10
|
||||
|
||||
keepalived__main: "{{ inventory_hostname_short == 'edge-1' }}"
|
||||
...
|
86
group_vars/infra/bird.yml
Normal file
86
group_vars/infra/bird.yml
Normal file
|
@ -0,0 +1,86 @@
|
|||
---
|
||||
bird__kernel:
|
||||
kernel:
|
||||
learn: true
|
||||
import: accept
|
||||
export: accept
|
||||
|
||||
bird__ospf:
|
||||
limits:
|
||||
import: 4000
|
||||
export: 4000
|
||||
import: accept
|
||||
export:
|
||||
protos: kernel
|
||||
areas:
|
||||
0:
|
||||
broadcast:
|
||||
- back0
|
||||
stub:
|
||||
- monit0
|
||||
- wifi0
|
||||
- int0
|
||||
- sw0
|
||||
- bmc0
|
||||
- pve0
|
||||
- isp0
|
||||
- ext0
|
||||
- pub0
|
||||
- th30
|
||||
- ups0
|
||||
1:
|
||||
broadcast:
|
||||
- vpn0
|
||||
|
||||
bird__bgp:
|
||||
edge1:
|
||||
local:
|
||||
address: "{{ bird__bgp_addr.back }}"
|
||||
as: "{{ bird__as.aurore }}"
|
||||
neighbor:
|
||||
address:
|
||||
- 2a09:6840:203::1:1
|
||||
- 10.203.1.1
|
||||
as: "{{ bird__as.aurore }}"
|
||||
import:
|
||||
- pref_src: "{{ bird__pref_src_addr }}"
|
||||
- accept
|
||||
export: reject
|
||||
edge2:
|
||||
local:
|
||||
address: "{{ bird__bgp_addr.back }}"
|
||||
as: "{{ bird__as.aurore }}"
|
||||
neighbor:
|
||||
address:
|
||||
- 2a09:6840:203::1:2
|
||||
- 10.203.1.2
|
||||
as: "{{ bird__as.aurore }}"
|
||||
import:
|
||||
- pref_src: "{{ bird__pref_src_addr }}"
|
||||
- accept
|
||||
export: reject
|
||||
#wg1:
|
||||
#local:
|
||||
#address: "{{ bird__bgp_addr.vpn }}"
|
||||
#as: "{{ bird__as.aurore }}"
|
||||
#neighbor:
|
||||
#address:
|
||||
# - 2a09:6840:213::1:3
|
||||
# - 10.213.1.3
|
||||
#as: "{{ bird__as.aurore }}"
|
||||
#rr_cluster_client: 10.203.1.1
|
||||
#import: reject
|
||||
#export: accept
|
||||
#wg2:
|
||||
#local:
|
||||
#address: "{{ bird__bgp_addr.vpn }}"
|
||||
#as: "{{ bird__as.aurore }}"
|
||||
#neighbor:
|
||||
#address:
|
||||
# - 2a09:6840:213::1:4
|
||||
# - 10.203.1.4
|
||||
#as: "{{ bird__as.aurore }}"
|
||||
#rr_cluster_client: 10.203.1.1
|
||||
#import: reject
|
||||
#export: accept
|
||||
...
|
365
group_vars/infra/firewall.yml
Normal file
365
group_vars/infra/firewall.yml
Normal file
|
@ -0,0 +1,365 @@
|
|||
---
|
||||
firewall__zones:
|
||||
adm-legacy:
|
||||
addrs:
|
||||
- 2a09:6840:128::/64
|
||||
- 10.128.0.0/16
|
||||
ups:
|
||||
addrs:
|
||||
- 2a09:6840:201::/64
|
||||
- 10.201.0.0/16
|
||||
back:
|
||||
addrs:
|
||||
- 2a09:6840:203::/64
|
||||
- 10.203.0.0/16
|
||||
monit:
|
||||
addrs:
|
||||
- 2a09:6840:204::/64
|
||||
- 10.204.0.0/16
|
||||
wifi:
|
||||
addrs:
|
||||
- 2a09:6840:205::/64
|
||||
- 10.205.0.0/16
|
||||
int:
|
||||
addrs:
|
||||
- 2a09:6840:206::/64
|
||||
- 10.206.0.0/16
|
||||
sw:
|
||||
addrs:
|
||||
- 2a09:6840:207::/64
|
||||
- 10.207.0.0/16
|
||||
bmc:
|
||||
addrs:
|
||||
- 2a09:6840:208::/64
|
||||
- 10.208.0.0/16
|
||||
pve:
|
||||
addrs:
|
||||
- 2a09:6840:209::/64
|
||||
- 10.209.0.0/16
|
||||
isp:
|
||||
addrs:
|
||||
- 2a09:6840:210::/64
|
||||
- 10.210.0.0/16
|
||||
ext:
|
||||
addrs:
|
||||
- 2a09:6840:211::/64
|
||||
- 10.211.0.0/16
|
||||
pub:
|
||||
addrs:
|
||||
- 2a09:6840:215::/64
|
||||
- 45.66.111.192/27
|
||||
vpn-clients:
|
||||
addrs:
|
||||
- 2a09:6840:212::/64
|
||||
- 10.212.0.0/16
|
||||
vpn:
|
||||
addrs:
|
||||
- 2a09:6840:213::/64
|
||||
- 10.213.0.0/16
|
||||
infra:
|
||||
zones:
|
||||
- adm-legacy
|
||||
- ups
|
||||
- back
|
||||
- monit
|
||||
- wifi
|
||||
- int
|
||||
- sw
|
||||
- bmc
|
||||
- pve
|
||||
- isp
|
||||
- ext
|
||||
- pub
|
||||
- vpn
|
||||
internet:
|
||||
negate: true
|
||||
addrs:
|
||||
- 2a09:6840::/32
|
||||
- 2a09:6841::/32
|
||||
- 2a09:6842::/32
|
||||
- 45.66.108.0/22
|
||||
- 10.0.0.0/8
|
||||
- 100.64.0.0/10
|
||||
prometheus.int:
|
||||
addrs:
|
||||
- 2a09:6840:204::1:1
|
||||
- 10.204.1.1
|
||||
- 2a09:6840:204::1:2
|
||||
- 10.204.1.2
|
||||
grafana.adm:
|
||||
addrs:
|
||||
- 2a09:6840:128::98
|
||||
- 10.128.0.98
|
||||
nextcloud.adm:
|
||||
addrs:
|
||||
- 2a09:6840:128::58
|
||||
- 10.128.0.58
|
||||
dns.int:
|
||||
addrs:
|
||||
- 2a09:6840:206::1:1
|
||||
- 10.206.1.1
|
||||
- 2a09:6840:206::1:2
|
||||
- 10.206.1.2
|
||||
ntp.int:
|
||||
addrs:
|
||||
- 2a09:6840:206::1:5
|
||||
- 10.206.1.5
|
||||
- 2a09:6840:206::1:6
|
||||
- 10.206.1.6
|
||||
docker-ovh.adm:
|
||||
addrs:
|
||||
- 2a09:6840:128::150
|
||||
- 10.128.0.150
|
||||
mx.test:
|
||||
addrs:
|
||||
- 2a09:6840:211::1:5
|
||||
- 45.66.111.208
|
||||
- 10.128.1.5
|
||||
proxy.pub:
|
||||
addrs:
|
||||
- 2a09:6840:215::1:1
|
||||
- 45.66.111.206
|
||||
collabora.ext:
|
||||
addrs:
|
||||
- 2a09:6840:211::1:1
|
||||
- 10.211.1.1
|
||||
ns-1.pub:
|
||||
addrs:
|
||||
- 2a09:6840:215::1:2
|
||||
- 45.66.111.205
|
||||
ns-2.pub:
|
||||
addrs:
|
||||
- 2a09:6840:215::1:3
|
||||
- 45.66.111.207
|
||||
ns-master.int:
|
||||
addrs:
|
||||
- 2a09:6840:206::1:7
|
||||
- 10.206.1.7
|
||||
|
||||
firewall__input:
|
||||
- iif:
|
||||
- back0 # FIXME link-local
|
||||
- vpn0
|
||||
verdict: accept
|
||||
- src:
|
||||
- back
|
||||
- vpn
|
||||
verdict: accept
|
||||
- src: monit
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 9100
|
||||
verdict: accept
|
||||
- src: monit
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 9324
|
||||
verdict: accept
|
||||
- protocols:
|
||||
icmp: true
|
||||
verdict: accept
|
||||
- protocols:
|
||||
tcp:
|
||||
dport: 22
|
||||
verdict: accept
|
||||
- verdict: drop
|
||||
|
||||
firewall__output:
|
||||
- verdict: accept
|
||||
|
||||
firewall__forward:
|
||||
- src: back
|
||||
dst: infra
|
||||
verdict: accept
|
||||
- src: infra # FIXME: temporary
|
||||
dst: internet
|
||||
verdict: accept
|
||||
- src: monit
|
||||
dst: bmc
|
||||
protocols:
|
||||
icmp: true
|
||||
verdict: accept
|
||||
- dst: mx.test
|
||||
protocols:
|
||||
icmp: true
|
||||
verdict: accept
|
||||
- dst: mx.test
|
||||
protocols:
|
||||
tcp:
|
||||
dport:
|
||||
- 25
|
||||
- 465
|
||||
- 993
|
||||
verdict: accept
|
||||
# NS
|
||||
- dst:
|
||||
- ns-1.pub
|
||||
- ns-2.pub
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 53
|
||||
verdict: accept
|
||||
- dst:
|
||||
- ns-1.pub
|
||||
- ns-2.pub
|
||||
protocols:
|
||||
udp:
|
||||
dport: 53
|
||||
verdict: accept
|
||||
- src:
|
||||
- ns-1.pub
|
||||
- ns-2.pub
|
||||
dst: ns-master.int
|
||||
protocols:
|
||||
udp:
|
||||
dport: 53
|
||||
verdict: accept
|
||||
- src:
|
||||
- ns-1.pub
|
||||
- ns-2.pub
|
||||
dst: ns-master.int
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 53
|
||||
verdict: accept
|
||||
# SNMP
|
||||
- src: monit
|
||||
dst:
|
||||
- sw
|
||||
- ups
|
||||
protocols:
|
||||
udp:
|
||||
dport: 161
|
||||
verdict: accept
|
||||
# Alertmanager
|
||||
- src: monit
|
||||
dst: docker-ovh.adm
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 9093
|
||||
verdict: accept
|
||||
- src: adm-legacy
|
||||
dst: bmc
|
||||
verdict: accept
|
||||
# Prometheus for Grafana
|
||||
- src: grafana.adm
|
||||
dst: prometheus.int
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 9090
|
||||
verdict: accept
|
||||
# Admin VPN clients
|
||||
- src: vpn-clients
|
||||
dst: infra
|
||||
verdict: accept
|
||||
# Prometheus node
|
||||
- src: monit
|
||||
dst: infra
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 9100
|
||||
verdict: accept
|
||||
# Prometheus bird
|
||||
- src: monit
|
||||
dst: back
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 9324
|
||||
verdict: accept
|
||||
# Prometheus kresd
|
||||
- src: monit
|
||||
dst: dns.int
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 8453
|
||||
verdict: accept
|
||||
# Allow DNS from infra to dns-{1,2}
|
||||
- src: infra
|
||||
dst: dns.int
|
||||
protocols:
|
||||
udp:
|
||||
dport: 53
|
||||
verdict: accept
|
||||
- src: infra
|
||||
dst: dns.int
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 53
|
||||
verdict: accept
|
||||
# Allow NTP from infra to ntp-{1,2}
|
||||
- src: infra
|
||||
dst: ntp.int
|
||||
protocols:
|
||||
udp:
|
||||
dport: 123
|
||||
verdict: accept
|
||||
# Admin Wireguard
|
||||
- dst:
|
||||
- 2a09:6840:211::1:1
|
||||
- 45.66.111.204
|
||||
- 10.211.1.1
|
||||
protocols:
|
||||
udp:
|
||||
dport: 5121
|
||||
verdict: accept
|
||||
# Proxy web
|
||||
- dst: proxy.pub
|
||||
protocols:
|
||||
tcp:
|
||||
dport:
|
||||
- 80
|
||||
- 443
|
||||
verdict: accept
|
||||
- src: proxy.pub
|
||||
dst: grafana.adm
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 3000
|
||||
verdict: accept
|
||||
- src: proxy.pub
|
||||
dst: nextcloud.adm
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 8080
|
||||
- src: proxy.pub
|
||||
dst: adm-legacy
|
||||
protocols:
|
||||
tcp:
|
||||
dport:
|
||||
- 80
|
||||
- 443
|
||||
verdict: accept
|
||||
# ICMP to public vlan
|
||||
- dst: pub
|
||||
protocols:
|
||||
icmp: true
|
||||
verdict: accept
|
||||
# Proxy -> Collabora
|
||||
- src: proxy.pub
|
||||
dst: collabora.ext
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 9980
|
||||
verdict: accept
|
||||
# Collabora -> Proxy
|
||||
- src: collabora.ext
|
||||
dst: proxy.pub
|
||||
protocols:
|
||||
tcp:
|
||||
dport:
|
||||
- 80
|
||||
- 443
|
||||
verdict: accept
|
||||
|
||||
firewall__nat:
|
||||
- src: 10.0.0.0/8
|
||||
dst: internet
|
||||
protocols: null
|
||||
snat:
|
||||
addr: 45.66.111.200/30
|
||||
#- src: monit
|
||||
# dst: adm-legacy
|
||||
# protocols: null
|
||||
# snat:
|
||||
# addr: 10.203.1.3/32
|
||||
...
|
59
group_vars/infra/keepalived.yml
Normal file
59
group_vars/infra/keepalived.yml
Normal file
|
@ -0,0 +1,59 @@
|
|||
---
|
||||
keepalived__virtual_router_id: 82
|
||||
|
||||
keepalived__interface: back0
|
||||
|
||||
keepalived__virtual_addresses:
|
||||
ups0:
|
||||
- 10.201.0.1/16
|
||||
- 2a09:6840:201::1/64
|
||||
- fe80::1/10
|
||||
monit0:
|
||||
- 10.204.0.1/16
|
||||
- 2a09:6840:204::1/64
|
||||
- fe80::1/10
|
||||
wifi0:
|
||||
- 10.205.0.1/16
|
||||
- 2a09:6840:205::1/64
|
||||
- fe80::1/10
|
||||
int0:
|
||||
- 10.206.0.1/16
|
||||
- 2a09:6840:206::1/64
|
||||
- fe80::1/10
|
||||
sw0:
|
||||
- 10.207.0.1/16
|
||||
- 2a09:6840:207::1/64
|
||||
- fe80::1/10
|
||||
bmc0:
|
||||
- 10.208.0.1/16
|
||||
- 2a09:6840:208::1/64
|
||||
- fe80::1/10
|
||||
pve0:
|
||||
- 10.209.0.1/16
|
||||
- 2a09:6840:209::1/64
|
||||
- fe80::1/10
|
||||
isp0:
|
||||
- 10.210.0.1/16
|
||||
- 2a09:6840:210::1/64
|
||||
- fe80::1/10
|
||||
ext0:
|
||||
- 10.211.0.1/16
|
||||
- 2a09:6840:211::1/64
|
||||
- fe80::1/10
|
||||
th30:
|
||||
- 10.126.0.6/24
|
||||
- fe80::1/10
|
||||
pub0:
|
||||
- 2a09:6840:215::1/64
|
||||
- 45.66.111.204/27
|
||||
- fe80::1/10
|
||||
|
||||
#keepalived__virtual_routes:
|
||||
# ext0:
|
||||
# - 45.66.111.204/30
|
||||
|
||||
keepalived__virtual_blackholes:
|
||||
- 45.66.111.200/30 # NAT
|
||||
|
||||
keepalived__main: "{{ inventory_hostname_short == 'infra-1' }}"
|
||||
...
|
53
group_vars/isp/bird.yml
Normal file
53
group_vars/isp/bird.yml
Normal file
|
@ -0,0 +1,53 @@
|
|||
---
|
||||
bird__kernel:
|
||||
kernel:
|
||||
learn: true
|
||||
import: accept
|
||||
export: accept
|
||||
|
||||
bird__ospf:
|
||||
limits:
|
||||
import: 4000
|
||||
export: 4000
|
||||
import: accept
|
||||
export:
|
||||
protos: kernel
|
||||
areas:
|
||||
0:
|
||||
broadcast:
|
||||
- back0
|
||||
stub:
|
||||
- client0
|
||||
- client1
|
||||
- client2
|
||||
- client3
|
||||
- client4
|
||||
|
||||
bird__bgp:
|
||||
edge1:
|
||||
local:
|
||||
address: "{{ bird__bgp_addr.back }}"
|
||||
as: "{{ bird__as.aurore }}"
|
||||
neighbor:
|
||||
address:
|
||||
- 2a09:6840:203::1:1
|
||||
- 10.203.1.1
|
||||
as: "{{ bird__as.aurore }}"
|
||||
import:
|
||||
- pref_src: "{{ bird__pref_src_addr }}"
|
||||
- accept
|
||||
export: reject
|
||||
|
||||
bird__radv:
|
||||
rdnss:
|
||||
- 2a09:6840:206::1:1
|
||||
- 2a09:6840:206::1:2
|
||||
interfaces:
|
||||
client0:
|
||||
max_interval: 5
|
||||
prefixes:
|
||||
- 2a09:6841::/64
|
||||
dnssl: client0.isp.auro.re
|
||||
domain_search:
|
||||
- auro.re
|
||||
...
|
40
group_vars/isp/firewall.yml
Normal file
40
group_vars/isp/firewall.yml
Normal file
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
firewall__zones:
|
||||
internet:
|
||||
negate: true
|
||||
addrs:
|
||||
- 2a09:6840::/32
|
||||
- 2a09:6841::/32
|
||||
- 2a09:6842::/32
|
||||
- 45.66.108.0/22
|
||||
- 10.0.0.0/8
|
||||
- 100.64.0.0/10
|
||||
clients:
|
||||
addrs:
|
||||
- 100.64.0.0/10
|
||||
non_clients:
|
||||
negate: true
|
||||
zones: clients
|
||||
allowed_clients:
|
||||
file:
|
||||
path: /var/run/firewall/allowed_clients.yml
|
||||
default: []
|
||||
|
||||
firewall__input:
|
||||
- verdict: accept
|
||||
|
||||
firewall__output:
|
||||
- verdict: accept
|
||||
|
||||
firewall__forward:
|
||||
- src: allowed_clients
|
||||
dst: non_clients
|
||||
verdict: accept
|
||||
|
||||
firewall__nat:
|
||||
- src: clients
|
||||
dst: internet
|
||||
protocols: null
|
||||
snat:
|
||||
addr: 45.66.111.220
|
||||
...
|
32
group_vars/isp/keepalived.yml
Normal file
32
group_vars/isp/keepalived.yml
Normal file
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
keepalived__virtual_router_id: 80
|
||||
|
||||
keepalived__interface: back0
|
||||
|
||||
keepalived__virtual_addresses:
|
||||
client0:
|
||||
- 100.64.0.1/27
|
||||
- 2a09:6841::1/56
|
||||
- fe80::1/10
|
||||
client1:
|
||||
- 100.64.0.33/27
|
||||
- 2a09:6841:0:1::1/64
|
||||
- fe80::1/10
|
||||
client2:
|
||||
- 100.64.0.65/27
|
||||
- 2a09:6841:0:2::1/64
|
||||
- fe80::1/10
|
||||
client3:
|
||||
- 100.64.0.97/27
|
||||
- 2a09:6841:0:3::1/64
|
||||
- fe80::1/10
|
||||
client4:
|
||||
- 100.64.0.129/27
|
||||
- 2a09:6841:0:4::1/64
|
||||
- fe80::1/10
|
||||
|
||||
keepalived__virtual_blackholes:
|
||||
- 45.66.111.220/32
|
||||
|
||||
keepalived__main: "{{ inventory_hostname_short == 'isp-1' }}"
|
||||
...
|
71
group_vars/ns/knotd.yml
Normal file
71
group_vars/ns/knotd.yml
Normal file
|
@ -0,0 +1,71 @@
|
|||
---
|
||||
knotd__listen:
|
||||
- address: 0.0.0.0
|
||||
- address: "::"
|
||||
|
||||
knotd__keys:
|
||||
xfr:
|
||||
algorithm: hmac-sha512
|
||||
secret: "{{ vault_knotd_xfr_key }}"
|
||||
|
||||
knotd__remotes:
|
||||
xfr-master:
|
||||
address: 2a09:6840:206::1:7
|
||||
key: xfr
|
||||
|
||||
knotd__acl:
|
||||
notify-master:
|
||||
address:
|
||||
- 2a09:6840:206::1:7
|
||||
- 10.206.1.7
|
||||
key: xfr
|
||||
action: notify
|
||||
|
||||
knotd__queryacl:
|
||||
local:
|
||||
addresses:
|
||||
- 10.0.0.0/8
|
||||
|
||||
knotd__zones:
|
||||
auro.re:
|
||||
dnssec_validation: true
|
||||
acl:
|
||||
- notify-master
|
||||
master: xfr-master
|
||||
test.auro.re:
|
||||
dnssec_validation: true
|
||||
acl:
|
||||
- notify-master
|
||||
master: xfr-master
|
||||
infra.auro.re:
|
||||
dnssec_validation: true
|
||||
acl:
|
||||
- notify-master
|
||||
#queryacl: local
|
||||
master: xfr-master
|
||||
108.66.45.in-addr.arpa:
|
||||
dnssec_validation: false
|
||||
acl:
|
||||
- notify-master
|
||||
master: xfr-master
|
||||
109.66.45.in-addr.arpa:
|
||||
dnssec_validation: false
|
||||
acl:
|
||||
- notify-master
|
||||
master: xfr-master
|
||||
110.66.45.in-addr.arpa:
|
||||
dnssec_validation: false
|
||||
acl:
|
||||
- notify-master
|
||||
master: xfr-master
|
||||
111.66.45.in-addr.arpa:
|
||||
dnssec_validation: false
|
||||
acl:
|
||||
- notify-master
|
||||
master: xfr-master
|
||||
0.4.8.6.9.0.a.2.ip6.arpa:
|
||||
dnssec_validation: false
|
||||
acl:
|
||||
- notify-master
|
||||
master: xfr-master
|
||||
...
|
13
group_vars/ntp/chronyd.yml
Normal file
13
group_vars/ntp/chronyd.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
chronyd__allow_networks:
|
||||
- 2a09:6840::/32
|
||||
- 10.0.0.0/8
|
||||
|
||||
chronyd__pools:
|
||||
- 0.pool.ntp.org
|
||||
- 1.pool.ntp.org
|
||||
- 2.pool.ntp.org
|
||||
- 3.pool.ntp.org
|
||||
|
||||
chronyd__local_stratum: 10
|
||||
...
|
144
group_vars/prom/prometheus/bird.yml
Normal file
144
group_vars/prom/prometheus/bird.yml
Normal file
|
@ -0,0 +1,144 @@
|
|||
---
|
||||
prometheus__scraping_bird:
|
||||
targets: "{{ groups.router }}"
|
||||
address:
|
||||
port: 9324
|
||||
|
||||
prometheus__rules_bird:
|
||||
- record: bird:protocol_up:bgp_all
|
||||
expr:
|
||||
label_replace(
|
||||
bird_protocol_up{proto="BGP"},
|
||||
"group", "$1",
|
||||
"instance", "^([^0-9\\.]+)-[0-9]+.*"
|
||||
)
|
||||
# FIXME: sessions en cours d'installation, pas encore monitorées
|
||||
- record: bird:protocol_up:bgp
|
||||
expr:
|
||||
bird:protocol_up:bgp_all
|
||||
unless bird:protocol_up:bgp_all{
|
||||
group="edge",
|
||||
name=~"^(viarezo|isp[12]|rezel)[46]$"
|
||||
}
|
||||
# Sessions qui ne sont volontairement pas redondées
|
||||
# au sein d'un groupe
|
||||
- record: bird:protocol_up:bgp:non_redundant
|
||||
expr:
|
||||
bird:protocol_up:bgp{
|
||||
group="edge",
|
||||
name=~"^(oti|crans|legacy|edge)[46]$"
|
||||
}
|
||||
# Sessions qui le sont
|
||||
- record: bird:protocol_up:bgp:redundant
|
||||
expr:
|
||||
bird:protocol_up:bgp
|
||||
unless
|
||||
bird:protocol_up:bgp:non_redundant
|
||||
- alert: BirdBGPRedundancyDegraded
|
||||
expr:
|
||||
(
|
||||
count by (group, name) (
|
||||
bird:protocol_up:bgp:redundant{state="Established"}
|
||||
) + (
|
||||
count by (group, name) (
|
||||
bird:protocol_up:bgp:redundant{state!="Established"} * 0
|
||||
)
|
||||
)
|
||||
) < 2
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Session: !unsafe "{{ $labels.name }}"
|
||||
Count: !unsafe "{{ $value }}"
|
||||
Group: !unsafe "{{ $labels.group }}"
|
||||
- alert: BirdBGPDown
|
||||
expr:
|
||||
(
|
||||
count by (group, name) (
|
||||
bird:protocol_up:bgp{state="Established"}
|
||||
) + (
|
||||
count by (group, name) (
|
||||
bird:protocol_up:bgp{state!="Established"} * 0
|
||||
)
|
||||
)
|
||||
) == 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Session: !unsafe "{{ $labels.name }}"
|
||||
Group: !unsafe "{{ $labels.group }}"
|
||||
# TODO: warning pour redondant ?
|
||||
- alert: BirdBGPNoExportedPrefixRedundant
|
||||
expr:
|
||||
bird_protocol_prefix_export_count{
|
||||
export_filter!="REJECT",
|
||||
} * on (instance, name) group_left (group) (
|
||||
bird:protocol_up:bgp:redundant{state="Established"}
|
||||
) == 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Session: !unsafe "{{ $labels.name }}"
|
||||
Group: !unsafe "{{ $labels.group }}"
|
||||
- alert: BirdBGPNoImportedPrefixRedundant
|
||||
expr:
|
||||
bird_protocol_prefix_import_count{
|
||||
import_filter!="REJECT",
|
||||
} * on (instance, name) group_left (group) (
|
||||
bird:protocol_up:bgp:redundant{state="Established"}
|
||||
) == 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Session: !unsafe "{{ $labels.name }}"
|
||||
Group: !unsafe "{{ $labels.group }}"
|
||||
- alert: BirdBGPNoExportedPrefixNonRedundant
|
||||
expr:
|
||||
sum by (group) (
|
||||
bird_protocol_prefix_export_count{
|
||||
export_filter!="REJECT",
|
||||
} * on (instance, name) group_left (group) (
|
||||
bird:protocol_up:bgp:non_redundant{state="Established"}
|
||||
)
|
||||
) == 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Session: !unsafe "{{ $labels.name }}"
|
||||
Group: !unsafe "{{ $labels.group }}"
|
||||
- alert: BirdBGPNoImportedPrefixNonRedundant
|
||||
expr:
|
||||
sum by (group) (
|
||||
bird_protocol_prefix_import_count{
|
||||
import_filter!="REJECT",
|
||||
} * on (instance, name) group_left (group) (
|
||||
bird:protocol_up:bgp:non_redundant{state="Established"}
|
||||
)
|
||||
) == 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Session: !unsafe "{{ $labels.name }}"
|
||||
Group: !unsafe "{{ $labels.group }}"
|
||||
- alert: BirdOSPFNeighboursChange
|
||||
expr:
|
||||
changes(bird_ospf_neighbor_count[5m]) > 0
|
||||
or changes(bird_ospfv3_neighbor_count[5m]) > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: BirdOSPFDown
|
||||
expr:
|
||||
bird_ospf_running == 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Instance: !unsafe "{{ $labels.name }}"
|
||||
...
|
11
group_vars/prom/prometheus/common.yml
Normal file
11
group_vars/prom/prometheus/common.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
prometheus__rules_common:
|
||||
- alert: CollectorDown
|
||||
expr:
|
||||
up == 0
|
||||
for: 3m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Job: !unsafe "{{ $labels.job }}"
|
||||
...
|
11
group_vars/prom/prometheus/eaton.yml
Normal file
11
group_vars/prom/prometheus/eaton.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
prometheus__scraping_eaton:
|
||||
targets: "{{ groups.eaton_ups }}"
|
||||
address: 127.0.0.1:9116
|
||||
path: /snmp
|
||||
params:
|
||||
module:
|
||||
- eaton
|
||||
|
||||
prometheus__rules_eaton: {}
|
||||
...
|
23
group_vars/prom/prometheus/keepalived.yml
Normal file
23
group_vars/prom/prometheus/keepalived.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
prometheus__rules_keepalived:
|
||||
- alert: KeepalivedVrrpFault
|
||||
expr:
|
||||
keepalived_vrrp_state{state="fault"} > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Instance: !unsafe "{{ $labels.instance }}"
|
||||
- alert: KeepalivedMasterChange
|
||||
expr:
|
||||
changes(
|
||||
keepalived_vrrp_state{
|
||||
keepalived_vvrp_state="master"
|
||||
}[1m]
|
||||
) > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Instance: !unsafe "{{ $labels.instance }}"
|
||||
...
|
6
group_vars/prom/prometheus/kresd.yml
Normal file
6
group_vars/prom/prometheus/kresd.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
prometheus__scraping_kresd:
|
||||
targets: "{{ groups.dns }}"
|
||||
address:
|
||||
port: 8453
|
||||
...
|
25
group_vars/prom/prometheus/main.yml
Normal file
25
group_vars/prom/prometheus/main.yml
Normal file
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
prometheus__alertmanager_targets:
|
||||
- docker-ovh.adm.auro.re:9093
|
||||
|
||||
prometheus__tsdb_retention_time: 90d
|
||||
|
||||
prometheus__scraping:
|
||||
node: "{{ prometheus__scraping_node }}"
|
||||
prometheus: "{{ prometheus__scraping_prometheus }}"
|
||||
kresd: "{{ prometheus__scraping_kresd }}"
|
||||
bird: "{{ prometheus__scraping_bird }}"
|
||||
quanta: "{{ prometheus__scraping_quanta }}"
|
||||
snmp: "{{ prometheus__scraping_snmp }}"
|
||||
eaton: "{{ prometheus__scraping_eaton }}"
|
||||
|
||||
prometheus__rules:
|
||||
common: "{{ prometheus__rules_common }}"
|
||||
switch: "{{ prometheus__rules_switch }}"
|
||||
prometheus: "{{ prometheus__rules_prometheus }}"
|
||||
node: "{{ prometheus__rules_node }}"
|
||||
keepalived: "{{ prometheus__rules_keepalived }}"
|
||||
quanta: "{{ prometheus__rules_quanta }}"
|
||||
bird: "{{ prometheus__rules_bird }}"
|
||||
#eaton: "{{ prometheus__rules_eaton }}"
|
||||
...
|
200
group_vars/prom/prometheus/node.yml
Normal file
200
group_vars/prom/prometheus/node.yml
Normal file
|
@ -0,0 +1,200 @@
|
|||
---
|
||||
prometheus__scraping_node:
|
||||
targets: "{{ groups.vm + groups.pve }}"
|
||||
address:
|
||||
port: 9100
|
||||
|
||||
prometheus__rules_node:
|
||||
- alert: OutOfMemory
|
||||
expr:
|
||||
(
|
||||
node_memory_MemFree_bytes
|
||||
+ node_memory_Cached_bytes
|
||||
+ node_memory_Buffers_bytes
|
||||
) / node_memory_MemTotal_bytes < 0.1
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
FreeMemory: !unsafe "{{ $value | humanizePercentage }}"
|
||||
- alert: HostSwapIsFillingUp
|
||||
expr:
|
||||
(
|
||||
1 - (
|
||||
node_memory_SwapFree_bytes
|
||||
/ node_memory_SwapTotal_bytes
|
||||
)
|
||||
) >= 0.5
|
||||
for: 3m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
UsedSwap: !unsafe "{{ $value | humanizePercentage }}"
|
||||
- alert: HostPhysicalComponentTooHot
|
||||
expr:
|
||||
node_hwmon_temp_celsius > 79
|
||||
for: 3m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Temperature: !unsafe "{{ $value | humanize }} °C"
|
||||
Chip: !unsafe "{{ $labels.chip }}"
|
||||
Sensor: !unsafe "{{ $labels.sensor }}"
|
||||
- alert: HostNodeOvertemperatureAlarm
|
||||
expr:
|
||||
node_hwmon_temp_crit_alarm_celsius == 1
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Chip: !unsafe "{{ $labels.chip }}"
|
||||
Sensor: !unsafe "{{ $labels.sensor }}"
|
||||
- alert: HostRaidArrayGotInactive
|
||||
expr:
|
||||
node_md_state{state="inactive"} > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Device: !unsafe "{{ $labels.device }}"
|
||||
- alert: HostRaidDiskFailure
|
||||
expr:
|
||||
node_md_disks{state="failed"} > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
severity: !unsafe "{{ $labels.md_device }}"
|
||||
- alert: HostOomKillDetected
|
||||
expr:
|
||||
increase(node_vmstat_oom_kill[1m]) > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
PID: !unsafe "{{ $value }}"
|
||||
- alert: HostEdacCorrectableErrorsDetected
|
||||
expr:
|
||||
increase(node_edac_correctable_errors_total[1m]) > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
CorrectedErrors: !unsafe "{{ $value }}"
|
||||
- alert: HostEdacUncorrectableErrorsDetected
|
||||
expr:
|
||||
increase(node_edac_uncorrectable_errors_total[1m]) > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
DetectedErrors: !unsafe "{{ $value }}"
|
||||
- alert: OutOfDiskSpace
|
||||
expr:
|
||||
(
|
||||
node_filesystem_free_bytes
|
||||
/ node_filesystem_size_bytes < 0.1
|
||||
)
|
||||
and on (instance, device, mountpoint) (
|
||||
node_filesystem_readonly
|
||||
) == 0
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Mountpoint: !unsafe "{{ $labels.mountpoint }}"
|
||||
FreeSpace: !unsafe "{{ $value | humanizePercentage }}"
|
||||
- alert: HostConntrackLimit
|
||||
expr:
|
||||
(
|
||||
node_nf_conntrack_entries
|
||||
/ node_nf_conntrack_entries_limit
|
||||
) > 0.8
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Filled: !unsafe "{{ $value | humanizePercentage }}"
|
||||
- alert: HostClockSkew
|
||||
expr:
|
||||
(
|
||||
node_timex_offset_seconds > 0.05
|
||||
and deriv(node_timex_offset_seconds[5m]) >= 0
|
||||
) or (
|
||||
node_timex_offset_seconds < -0.05
|
||||
and deriv(node_timex_offset_seconds[5m]) <= 0
|
||||
)
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: HostClockNotSynchronising
|
||||
expr:
|
||||
min_over_time(node_timex_sync_status[1m]) == 0
|
||||
and node_timex_maxerror_seconds >= 16
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: HostRequiresReboot
|
||||
expr:
|
||||
node_reboot_required > 0
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: OutOfInodes
|
||||
expr:
|
||||
node_filesystem_files_free
|
||||
/ node_filesystem_files < 0.1
|
||||
for: 3m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Mountpoint: !unsafe "{{ $labels.mountpoint }}"
|
||||
FreeInodes: !unsafe "{{ $value | humanizePercentage }}"
|
||||
- alert: CpuUsage
|
||||
expr:
|
||||
(
|
||||
1 - avg by (instance) (
|
||||
irate(node_cpu_seconds_total{mode="idle"}[5m])
|
||||
)
|
||||
) > 0.75
|
||||
for: 10m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Usage: !unsafe "{{ $value | humanizePercentage }}"
|
||||
- alert: SystemdServiceFailed
|
||||
expr:
|
||||
node_systemd_unit_state{state="failed"} == 1
|
||||
for: 10m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Service: !unsafe "{{ $labels.name }}"
|
||||
- alert: LoadUsage
|
||||
expr:
|
||||
node_load1 > 5
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Load1: !unsafe "{{ $value | humanize }}"
|
||||
- alert: UnhealthyDisk
|
||||
expr:
|
||||
smartmon_device_smart_healthy < 1
|
||||
for: 10m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Disk: !unsafe "{{ $labels.disk }}"
|
||||
- alert: HostCpuStealNoisyNeighbor
|
||||
expr:
|
||||
avg by (instance) (
|
||||
rate(node_cpu_seconds_total{mode="steal"}[5m])
|
||||
) > 0.1
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Disk: !unsafe "{{ $labels.disk }}"
|
||||
Steal: !unsafe "{{ $value | humanizePercentage }}"
|
||||
...
|
14
group_vars/prom/prometheus/prometheus.yml
Normal file
14
group_vars/prom/prometheus/prometheus.yml
Normal file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
prometheus__scraping_prometheus:
|
||||
targets: "{{ groups.prom }}"
|
||||
address:
|
||||
port: 9090
|
||||
|
||||
prometheus__rules_prometheus:
|
||||
- alert: PrometheusTsdbCompactionFailed
|
||||
expr:
|
||||
increase(prometheus_tsdb_compactions_failed_total[1m]) > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
...
|
97
group_vars/prom/prometheus/quanta.yml
Normal file
97
group_vars/prom/prometheus/quanta.yml
Normal file
|
@ -0,0 +1,97 @@
|
|||
---
|
||||
prometheus__scraping_quanta:
|
||||
targets: "{{ groups.quanta }}"
|
||||
address: 127.0.0.1:9116
|
||||
path: /snmp
|
||||
timeout: 60s
|
||||
params:
|
||||
module:
|
||||
- quanta
|
||||
|
||||
prometheus__rules_quanta:
|
||||
- alert: QuantaQueueOverflow
|
||||
expr:
|
||||
snAgGblQueueOverflow == 1
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
- alert: QuantaCpuUsage
|
||||
expr:
|
||||
snAgGblCpuUtil1MinAvg > 50
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Usage: !unsafe "{{ $value }} %"
|
||||
- alert: QuantaCpuUsage
|
||||
expr:
|
||||
snAgGblCpuUtil1MinAvg > 80
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Usage: !unsafe "{{ $value }} %"
|
||||
- alert: QuantaMemoryUsage
|
||||
expr:
|
||||
100 * (1 - (snAgGblDynMemFree / snAgGblDynMemTotal)) > 50
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
UsedMemory: !unsafe "{{ $value }} %"
|
||||
- alert: QuantaMemoryUsage
|
||||
expr:
|
||||
100 * (1 - (snAgGblDynMemFree / snAgGblDynMemTotal)) > 80
|
||||
for: 5m
|
||||
labels:
|
||||
severity: alert
|
||||
annotations:
|
||||
UsedMemory: !unsafe "{{ $value }} %"
|
||||
- alert: QuantaFanHealth
|
||||
expr:
|
||||
snChasFanOperStatus{snChasFanOperStatus="normal"} == 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Description: !unsafe "{{ $labels.shChasFanDescription }}"
|
||||
Status: !unsafe "{{ $labels.snChasFanOperStatus }}"
|
||||
- alert: QuantaMissingIntakeTemp
|
||||
expr:
|
||||
count by (instance) (
|
||||
snAgentTempValue
|
||||
) - count by (instance) (
|
||||
snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"}
|
||||
) == 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
- alert: QuantaIntakeTemp
|
||||
expr:
|
||||
0.5 * snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"} > 60
|
||||
for: 10m
|
||||
keep_firing_for: 30m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Temperature: !unsafe "{{ $value }} °C"
|
||||
Description: !unsafe "{{ $labels.snAgentTempSensorDescr }}"
|
||||
- alert: QuantaIntakeTemp
|
||||
expr:
|
||||
0.5 * snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"} > 70
|
||||
for: 10m
|
||||
keep_firing_for: 30m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Temperature: !unsafe "{{ $value }} °C"
|
||||
Description: !unsafe "{{ $labels.snAgentTempSensorDescr }}"
|
||||
- alert: QuantaPowerRedundancyFailure
|
||||
expr:
|
||||
count by (instance) (
|
||||
snChasPwrSupplyOperStatus{snChasPwrSupplyOperStatus="normal"}
|
||||
) < 2
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
...
|
6
group_vars/prom/prometheus/snmp.yml
Normal file
6
group_vars/prom/prometheus/snmp.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
prometheus__scraping_snmp:
|
||||
targets: "{{ groups.prom }}"
|
||||
address:
|
||||
port: 9116
|
||||
...
|
91
group_vars/prom/prometheus/switch.yml
Normal file
91
group_vars/prom/prometheus/switch.yml
Normal file
|
@ -0,0 +1,91 @@
|
|||
---
|
||||
prometheus__rules_switch:
|
||||
- alert: SwitchPromiscuousChange
|
||||
expr:
|
||||
changes(ifPromiscuousMode[5m]) > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Interface: !unsafe "{{ $labels.ifName }}
|
||||
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||
- alert: SwitchInterfaceUpChange
|
||||
expr:
|
||||
changes(ifOperStatus{ifOperStatus="up"}[5m]) > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Interface: !unsafe "{{ $labels.ifName }}
|
||||
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||
- alert: SwitchInErrors
|
||||
expr:
|
||||
irate(ifInErrors[5m]) / (
|
||||
irate(ifInUcastPkts[5m])
|
||||
+ irate(ifInNUcastPkts[5m])
|
||||
) > 0.0001
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
ErrorRate: !unsafe "{{ $value | humanizePercentage }}"
|
||||
Interface: !unsafe "{{ $labels.ifName }}
|
||||
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||
- alert: SwitchOutErrors
|
||||
expr:
|
||||
irate(ifOutErrors[5m]) / (
|
||||
irate(ifOutUcastPkts[5m])
|
||||
+ irate(ifOutNUcastPkts[5m])
|
||||
) > 0.0001
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
ErrorRate: !unsafe "{{ $value | humanizePercentage }}"
|
||||
Interface: !unsafe "{{ $labels.ifName }}
|
||||
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||
- alert: SwitchInLinkUsage
|
||||
expr:
|
||||
rate(ifHCInOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.5
|
||||
for: 5m
|
||||
keep_firing_for: 10m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Usage: !unsafe "{{ $value | humanizePercentage }}"
|
||||
Interface: !unsafe "{{ $labels.ifName }}
|
||||
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||
- alert: SwitchInLinkUsage
|
||||
expr:
|
||||
rate(ifHCInOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.8
|
||||
for: 5m
|
||||
keep_firing_for: 10m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
Usage: !unsafe "{{ $value | humanizePercentage }}"
|
||||
Interface: !unsafe "{{ $labels.ifName }}
|
||||
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||
- alert: SwitchOutLinkUsage
|
||||
expr:
|
||||
rate(ifHCOutOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.5
|
||||
for: 5m
|
||||
keep_firing_for: 10m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Usage: !unsafe "{{ $value | humanizePercentage }}"
|
||||
Interface: !unsafe "{{ $labels.ifName }}
|
||||
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||
- alert: SwitchOutLinkUsage
|
||||
expr:
|
||||
rate(ifHCOutOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.8
|
||||
for: 5m
|
||||
keep_firing_for: 10m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
Usage: !unsafe "{{ $value | humanizePercentage }}"
|
||||
Interface: !unsafe "{{ $labels.ifName }}
|
||||
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
|
||||
...
|
42
group_vars/prom/prometheus_snmp/eaton.yml
Normal file
42
group_vars/prom/prometheus_snmp/eaton.yml
Normal file
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
prometheus_snmp__modules_eaton:
|
||||
version: 1
|
||||
auth:
|
||||
community: "{{ vault_snmp_eaton_community }}"
|
||||
walk:
|
||||
- sysUpTime
|
||||
#- upsBattery
|
||||
#- xupsBattery
|
||||
#- xupsInput
|
||||
- xupsInput
|
||||
- xupsOutput
|
||||
- xupsBypass
|
||||
- xupsEnvironment
|
||||
- xupsBattery
|
||||
- xupsConfig
|
||||
lookups:
|
||||
- source_indexes:
|
||||
- xupsInputPhase
|
||||
lookup: xupsInputName
|
||||
- source_indexes:
|
||||
- xupsOutputPhase
|
||||
lookup: xupsOutputName
|
||||
- source_indexes:
|
||||
- xupsBypassPhase
|
||||
lookup: xupsBypassName
|
||||
overrides:
|
||||
#upsBatteryStatus:
|
||||
# type: EnumAsStateSet
|
||||
xupsInputId:
|
||||
type: EnumAsStateSet
|
||||
xupsOutputId:
|
||||
type: EnumAsStateSet
|
||||
xupsBypassId:
|
||||
type: EnumAsStateSet
|
||||
xupsOutputSource:
|
||||
type: EnumAsStateSet
|
||||
xupsBatteryAbmStatus:
|
||||
type: EnumAsStateSet
|
||||
xupsContactType:
|
||||
type: EnumAsStateSet
|
||||
...
|
5
group_vars/prom/prometheus_snmp/main.yml
Normal file
5
group_vars/prom/prometheus_snmp/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
prometheus_snmp__modules:
|
||||
quanta: "{{ prometheus_snmp__modules_quanta }}"
|
||||
eaton: "{{ prometheus_snmp__modules_eaton }}"
|
||||
...
|
125
group_vars/prom/prometheus_snmp/quanta.yml
Normal file
125
group_vars/prom/prometheus_snmp/quanta.yml
Normal file
|
@ -0,0 +1,125 @@
|
|||
---
|
||||
prometheus_snmp__modules_quanta:
|
||||
auth:
|
||||
community: "{{ vault_snmp_quanta_community }}"
|
||||
timeout: 60s
|
||||
retries: 3
|
||||
walk:
|
||||
- interfaces
|
||||
- ifXTable
|
||||
- snAgGblQueueOverflow
|
||||
- snAgGblDynMemTotal
|
||||
- snAgGblDynMemFree
|
||||
- snAgGblCpuUtil1SecAvg
|
||||
- snAgGblCpuUtil5SecAvg
|
||||
- snAgGblCpuUtil1MinAvg
|
||||
- sysUpTime
|
||||
- snAgentCpuUtilPercent
|
||||
- snAgent
|
||||
- snChasFan
|
||||
- snChasPwr
|
||||
- snAgentTemp
|
||||
- snAgentCpu
|
||||
- snSwInfo
|
||||
- snSwIfInfoTable
|
||||
- dot3StatsTable
|
||||
- dot3HCStatsTable
|
||||
- dot3Errors
|
||||
- dot3Tests
|
||||
- dot3CollTable
|
||||
- lldpLocChassisId
|
||||
- lldpRemTable
|
||||
- lldpLocPortTable
|
||||
- dot1dBasePort
|
||||
lookups:
|
||||
- source_indexes:
|
||||
- ifIndex
|
||||
lookup: ifAlias
|
||||
- source_indexes:
|
||||
- ifIndex
|
||||
lookup: ifDescr
|
||||
- source_indexes:
|
||||
- ifIndex
|
||||
lookup: ifName
|
||||
- source_indexes:
|
||||
- snChasFanIndex
|
||||
lookup: snChasFanDescription
|
||||
- source_indexes:
|
||||
- snAgentTempSlotNum
|
||||
- snAgentTempSensorId
|
||||
lookup: snAgentTempSensorDescr
|
||||
- source_indexes:
|
||||
- snSwIfInfoPortNum
|
||||
lookup: snSwIfName
|
||||
- source_indexes:
|
||||
- snSwIfInfoPortNum
|
||||
lookup: snSwIfDescr
|
||||
- source_indexes:
|
||||
- dot3StatsIndex
|
||||
lookup: ifAlias
|
||||
- source_indexes:
|
||||
- dot3StatsIndex
|
||||
lookup: ifDescr
|
||||
- source_indexes:
|
||||
- dot3StatsIndex
|
||||
lookup: ifName
|
||||
- source_indexes:
|
||||
- lldpRemTimeMark
|
||||
- lldpRemLocalPortNum
|
||||
- lldpRemIndex
|
||||
lookup: lldpRemChassisId
|
||||
#- source_indexes:
|
||||
# - lldpLocPortNum
|
||||
# lookup: lldpLocPortIdSubtype
|
||||
overrides:
|
||||
ifIndex:
|
||||
ignore: true
|
||||
ifAlias:
|
||||
ignore: true
|
||||
ifDescr:
|
||||
ignore: true
|
||||
ifName:
|
||||
ignore: true
|
||||
ifOperStatus:
|
||||
type: EnumAsStateSet
|
||||
ifAdminStatus:
|
||||
type: EnumAsStateSet
|
||||
snChasFanIndex:
|
||||
ignore: true
|
||||
snChasFanDescription:
|
||||
ignore: true
|
||||
snChasPwrSupplyIndex:
|
||||
ignore: true
|
||||
snAgentTempSensorDescr:
|
||||
ignore: true
|
||||
snChasFanOperStatus:
|
||||
type: EnumAsStateSet
|
||||
snChasPwrSupplyOperStatus:
|
||||
type: EnumAsStateSet
|
||||
snSwIfName:
|
||||
ignore: true
|
||||
snSwIfDescr:
|
||||
ignore: true
|
||||
snSwIfVlanId:
|
||||
ignore: true
|
||||
snSwIfInfoPortNum:
|
||||
ignore: true
|
||||
snSwIfInfoMonitorMode:
|
||||
type: EnumAsStateSet
|
||||
snSwIfInfoMirrorPorts:
|
||||
ignore: true
|
||||
snSwIfInfoMediaType:
|
||||
type: EnumAsInfo
|
||||
ifType:
|
||||
type: EnumAsInfo
|
||||
dot3StatsIndex:
|
||||
ignore: true
|
||||
dot3StatsEtherChipSet:
|
||||
ignore: true
|
||||
dot3StatsDuplexStatus:
|
||||
type: EnumAsStateSet
|
||||
lldpLocPortIdSubtype:
|
||||
type: EnumAsInfo
|
||||
lldpRemPortIdSubtype:
|
||||
type: EnumAsInfo
|
||||
...
|
35
group_vars/pve/pve_auth.yml
Normal file
35
group_vars/pve/pve_auth.yml
Normal file
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
pve_auth__groups:
|
||||
admin:
|
||||
- Administrator
|
||||
|
||||
pve_auth__pam_users:
|
||||
root:
|
||||
enabled: false
|
||||
|
||||
pve_auth__users:
|
||||
elkmaennchen:
|
||||
password: "{{ vault_pve_passwords.elkmaennchen }}"
|
||||
groups:
|
||||
- admin
|
||||
jeltz:
|
||||
password: "{{ vault_pve_passwords.jeltz }}"
|
||||
groups:
|
||||
- admin
|
||||
otthorn:
|
||||
password: "{{ vault_pve_passwords.otthorn }}"
|
||||
groups:
|
||||
- admin
|
||||
v-lafeychine:
|
||||
password: "{{ vault_pve_passwords['v-lafeychine'] }}"
|
||||
groups:
|
||||
- admin
|
||||
pz2891:
|
||||
password: "{{ vault_pve_passwords.pz2891 }}"
|
||||
groups:
|
||||
- admin
|
||||
loutr:
|
||||
password: "{{ vault_pve_passwords.loutr }}"
|
||||
groups:
|
||||
- admin
|
||||
...
|
17
group_vars/radius/freeradius.yml
Normal file
17
group_vars/radius/freeradius.yml
Normal file
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
radiusd__guest_vlan: 1000
|
||||
|
||||
radiusd__clients:
|
||||
localhost:
|
||||
addr: 127.0.0.1
|
||||
secret: abcdef
|
||||
type: aurore
|
||||
wifi-ap-v4:
|
||||
addr: 10.102.0.0/16
|
||||
secret: abcdef
|
||||
type: aurore
|
||||
wifi-ap-v6:
|
||||
addr: 2a09:6840:102::/56
|
||||
secret: abcdef
|
||||
type: aurore
|
||||
...
|
3
group_vars/router/prometheus.yml
Normal file
3
group_vars/router/prometheus.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
prometheus_keepalived__dest: /var/run/prometheus-node-exporter/keepalived.prom
|
||||
...
|
60
group_vars/vpn/bird.yml
Normal file
60
group_vars/vpn/bird.yml
Normal file
|
@ -0,0 +1,60 @@
|
|||
---
|
||||
bird__tables:
|
||||
- wg
|
||||
|
||||
bird__kernel:
|
||||
kernel:
|
||||
learn: true
|
||||
import: accept
|
||||
export: accept
|
||||
vrf:
|
||||
learn: true
|
||||
import:
|
||||
sources:
|
||||
- "{{ iproute2__custom_protos.wireguard }}"
|
||||
export: accept
|
||||
table: wg
|
||||
kernel: "{{ iproute2__custom_tables.wireguard }}"
|
||||
|
||||
bird__ospf:
|
||||
limits:
|
||||
import: 4000
|
||||
export: 4000
|
||||
table: wg
|
||||
import: accept
|
||||
export:
|
||||
sources:
|
||||
- "{{ iproute2__custom_protos.wireguard }}"
|
||||
areas:
|
||||
1:
|
||||
broadcast:
|
||||
- vpn0
|
||||
|
||||
bird__bgp:
|
||||
infra1:
|
||||
local:
|
||||
address: "{{ bird__bgp_addr.vpn }}"
|
||||
as: "{{ bird__as.aurore }}"
|
||||
neighbor:
|
||||
address:
|
||||
- 2a09:6840:213::1:1
|
||||
- 10.213.1.1
|
||||
as: "{{ bird__as.aurore }}"
|
||||
table: wg
|
||||
import: accept
|
||||
export: reject
|
||||
next_hop_self: true
|
||||
infra2:
|
||||
local:
|
||||
address: "{{ bird__bgp_addr.vpn }}"
|
||||
as: "{{ bird__as.aurore }}"
|
||||
neighbor:
|
||||
address:
|
||||
- 2a09:6840:213::1:2
|
||||
- 10.213.1.2
|
||||
as: "{{ bird__as.aurore }}"
|
||||
table: wg
|
||||
import: accept
|
||||
export: reject
|
||||
next_hop_self: true
|
||||
...
|
16
group_vars/vpn/ifupdown2.yml
Normal file
16
group_vars/vpn/ifupdown2.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
ifupdown2__vrf:
|
||||
wg-vrf:
|
||||
table: "{{ iproute2__custom_tables.wireguard }}"
|
||||
|
||||
ifupdown2__wireguard:
|
||||
wg0:
|
||||
private_key: "{{ vault_wireguard_wg0_private }}"
|
||||
listen_port: 5121
|
||||
vrf: wg-vrf
|
||||
table: "{{ iproute2__custom_tables.wireguard }}"
|
||||
peer_allowed_addresses:
|
||||
- 2a09:6840:212::1:1/128
|
||||
- 10.212.1.1/32
|
||||
peer_public_key: 0kP/XjaGOpu4p9KHTAoAhkLwXzC8wJUdPIdhdpgeKhY=
|
||||
...
|
7
group_vars/vpn/iproute2.yml
Normal file
7
group_vars/vpn/iproute2.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
iproute2__custom_tables:
|
||||
wireguard: 2000
|
||||
|
||||
iproute2__custom_protos:
|
||||
wireguard: 200
|
||||
...
|
22
host_vars/collabora.ext.infra.auro.re.yml
Normal file
22
host_vars/collabora.ext.infra.auro.re.yml
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
pub0: ae:ae:ae:2C:60:35
|
||||
|
||||
ifupdown2__interfaces:
|
||||
pub0:
|
||||
addresses:
|
||||
- 2a09:6840:128::220/64
|
||||
- 10.128.0.220/16
|
||||
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||
|
||||
collabora__server_name: office.auro.re
|
||||
|
||||
collabora__post_allow_addrs:
|
||||
- 2a09:6840:215::1:1
|
||||
- 45.66.111.206
|
||||
|
||||
collabora__wopi_groups:
|
||||
- host: https://cloud.auro.re:443
|
||||
aliases:
|
||||
- https://nextcloud.auro.re:443
|
||||
...
|
47
host_vars/dhcp-1.isp.infra.auro.re.yml
Normal file
47
host_vars/dhcp-1.isp.infra.auro.re.yml
Normal file
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
isp0: 02:00:00:c6:3f:6f
|
||||
trunk0: 02:00:00:b1:8d:d6
|
||||
|
||||
ifupdown2__interfaces:
|
||||
isp0:
|
||||
addresses:
|
||||
- 2a09:6840:210::1:1/64
|
||||
- 10.210.1.1/16
|
||||
gateways: "{{ ifupdown2__gateways.isp }}"
|
||||
trunk0:
|
||||
ipv6_addrgen: false
|
||||
clients0:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- trunk0
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
bridge_disable_pvid: true
|
||||
ipv6_addrgen: false
|
||||
client0:
|
||||
addresses:
|
||||
- 100.64.0.2/27
|
||||
vlan_id: 1000
|
||||
vlan_raw_device: clients0
|
||||
client1:
|
||||
addresses:
|
||||
- 100.64.0.34/27
|
||||
vlan_id: 1001
|
||||
vlan_raw_device: clients0
|
||||
client2:
|
||||
addresses:
|
||||
- 100.64.0.66/27
|
||||
vlan_id: 1002
|
||||
vlan_raw_device: clients0
|
||||
client3:
|
||||
addresses:
|
||||
- 100.64.0.98/27
|
||||
vlan_id: 1003
|
||||
vlan_raw_device: clients0
|
||||
client4:
|
||||
addresses:
|
||||
- 100.64.0.130/27
|
||||
vlan_id: 1004
|
||||
vlan_raw_device: clients0
|
||||
...
|
47
host_vars/dhcp-2.isp.infra.auro.re.yml
Normal file
47
host_vars/dhcp-2.isp.infra.auro.re.yml
Normal file
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
isp0: 04:00:00:8c:d1:36
|
||||
trunk0: 04:00:00:33:2c:3c
|
||||
|
||||
ifupdown2__interfaces:
|
||||
isp0:
|
||||
addresses:
|
||||
- 2a09:6840:210::1:2/64
|
||||
- 10.210.1.2/16
|
||||
gateways: "{{ ifupdown2__gateways.isp }}"
|
||||
trunk0:
|
||||
ipv6_addrgen: false
|
||||
clients0:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- trunk0
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
bridge_disable_pvid: true
|
||||
ipv6_addrgen: false
|
||||
client0:
|
||||
addresses:
|
||||
- 100.64.0.3/27
|
||||
vlan_id: 1000
|
||||
vlan_raw_device: clients0
|
||||
client1:
|
||||
addresses:
|
||||
- 100.64.0.35/27
|
||||
vlan_id: 1001
|
||||
vlan_raw_device: clients0
|
||||
client2:
|
||||
addresses:
|
||||
- 100.64.0.67/27
|
||||
vlan_id: 1002
|
||||
vlan_raw_device: clients0
|
||||
client3:
|
||||
addresses:
|
||||
- 100.64.0.99/27
|
||||
vlan_id: 1003
|
||||
vlan_raw_device: clients0
|
||||
client4:
|
||||
addresses:
|
||||
- 100.64.0.131/27
|
||||
vlan_id: 1004
|
||||
vlan_raw_device: clients0
|
||||
...
|
11
host_vars/dns-1.int.infra.auro.re.yml
Normal file
11
host_vars/dns-1.int.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
int0: 02:00:00:9f:d9:f9
|
||||
|
||||
ifupdown2__interfaces:
|
||||
int0:
|
||||
addresses:
|
||||
- 2a09:6840:206::1:1/64
|
||||
- 10.206.1.1/16
|
||||
gateways: "{{ ifupdown2__gateways.int }}"
|
||||
...
|
11
host_vars/dns-2.int.infra.auro.re.yml
Normal file
11
host_vars/dns-2.int.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
int0: 04:00:00:3c:c0:5a
|
||||
|
||||
ifupdown2__interfaces:
|
||||
int0:
|
||||
addresses:
|
||||
- 2a09:6840:206::1:2/64
|
||||
- 10.206.1.2/16
|
||||
gateways: "{{ ifupdown2__gateways.int }}"
|
||||
...
|
39
host_vars/edge-1.back.infra.auro.re.yml
Normal file
39
host_vars/edge-1.back.infra.auro.re.yml
Normal file
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
adm0: 02:00:00:9E:3E:21
|
||||
crans0: 02:00:00:A2:7C:68
|
||||
zayo0: 02:00:00:35:89:82
|
||||
rezel0: 02:00:00:8F:4A:AD
|
||||
back0: 02:00:00:1C:3A:2E
|
||||
viarezo0: 02:00:00:ED:70:64
|
||||
router0: 02:00:00:5A:17:7C
|
||||
oti0: 02:00:00:05:0E:A6
|
||||
|
||||
ifupdown2__interfaces:
|
||||
adm0:
|
||||
addresses:
|
||||
- 2a09:6840:128::10:2/64
|
||||
- 10.128.10.2/16
|
||||
crans0:
|
||||
ipv6_addrgen: false
|
||||
zayo0:
|
||||
ipv6_addrgen: false
|
||||
rezel0:
|
||||
addresses:
|
||||
- 2a09:6842:19:9116::1/64
|
||||
- 45.66.111.1/29
|
||||
back0:
|
||||
addresses:
|
||||
- 2a09:6840:203::1:1/64
|
||||
- 10.203.1.1/16
|
||||
viarezo0:
|
||||
addresses:
|
||||
- 2a0c:b641:2ff::6/125
|
||||
- 192.159.121.133/29
|
||||
router0:
|
||||
addresses:
|
||||
- 2a09:6840:129::10:2/56
|
||||
- 10.129.10.2/16
|
||||
oti0:
|
||||
ipv6_addrgen: false
|
||||
...
|
39
host_vars/edge-2.back.infra.auro.re.yml
Normal file
39
host_vars/edge-2.back.infra.auro.re.yml
Normal file
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
adm0: 04:00:00:F5:69:B9
|
||||
crans0: 04:00:00:CF:E1:D0
|
||||
zayo0: 04:00:00:67:7B:12
|
||||
rezel0: 04:00:00:C6:05:B7
|
||||
back0: 04:00:00:DE:22:E6
|
||||
viarezo0: 04:00:00:45:FA:E6
|
||||
router0: 04:00:00:AD:D7:71
|
||||
oti0: 02:00:00:05:0E:A6
|
||||
|
||||
ifupdown2__interfaces:
|
||||
adm0:
|
||||
addresses:
|
||||
- 2a09:6840:128::10:102/64
|
||||
- 10.128.10.102/16
|
||||
crans0:
|
||||
ipv6_addrgen: false
|
||||
zayo0:
|
||||
ipv6_addrgen: false
|
||||
rezel0:
|
||||
addresses:
|
||||
- 2a09:6842:19:9116::3/64
|
||||
- 45.66.111.3/29
|
||||
back0:
|
||||
addresses:
|
||||
- 2a09:6840:203::1:2/64
|
||||
- 10.203.1.2/16
|
||||
viarezo0:
|
||||
addresses:
|
||||
- 2a0c:b641:2ff::7/125
|
||||
- 192.159.121.134/29
|
||||
router0:
|
||||
addresses:
|
||||
- 2a09:6840:129::10:102/56
|
||||
- 10.129.10.102/16
|
||||
oti0:
|
||||
ipv6_addrgen: false
|
||||
...
|
63
host_vars/infra-1.back.infra.auro.re.yml
Normal file
63
host_vars/infra-1.back.infra.auro.re.yml
Normal file
|
@ -0,0 +1,63 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
ups0: 02:00:00:fe:6f:0e
|
||||
back0: 02:00:00:f8:93:22
|
||||
monit0: 02:00:00:da:97:7f
|
||||
wifi0: 02:00:00:8c:c5:bf
|
||||
int0: 02:00:00:75:40:3e
|
||||
sw0: 02:00:00:ca:e8:d1
|
||||
bmc0: 02:00:00:47:d1:b9
|
||||
pve0: 02:00:00:b3:35:e7
|
||||
isp0: 02:00:00:6b:53:14
|
||||
ext0: 02:00:00:32:86:60
|
||||
vpn0: 02:00:00:52:5f:85
|
||||
th30: 02:00:00:23:a7:d3
|
||||
pub0: 02:00:00:7d:34:06
|
||||
|
||||
ifupdown2__interfaces:
|
||||
back0:
|
||||
addresses:
|
||||
- 2a09:6840:203::1:3/64
|
||||
- 10.203.1.3/16
|
||||
- 45.66.111.210/32 # secondary
|
||||
ups0:
|
||||
ipv6_addrgen: false
|
||||
monit0:
|
||||
ipv6_addrgen: false
|
||||
wifi0:
|
||||
ipv6_addrgen: false
|
||||
int0:
|
||||
ipv6_addrgen: false
|
||||
sw0:
|
||||
ipv6_addrgen: false
|
||||
bmc0:
|
||||
ipv6_addrgen: false
|
||||
pve0:
|
||||
ipv6_addrgen: false
|
||||
isp0:
|
||||
ipv6_addrgen: false
|
||||
ext0:
|
||||
ipv6_addrgen: false
|
||||
pub0:
|
||||
ipv6_addrgen: false
|
||||
vpn0:
|
||||
addresses:
|
||||
- 2a09:6840:213::1:1/64
|
||||
- 10.213.1.1/16
|
||||
th30:
|
||||
ipv6_addrgen: false
|
||||
|
||||
bird__router_id: 10.203.1.3
|
||||
|
||||
bird__bgp_addr:
|
||||
back:
|
||||
- 2a09:6840:203::1:3
|
||||
- 10.203.1.3
|
||||
vpn:
|
||||
- 2a09:6840:213::1:1
|
||||
- 10.213.1.1
|
||||
|
||||
bird__pref_src_addr:
|
||||
- 2a09:6840:203::1:3
|
||||
- 45.66.111.210
|
||||
...
|
63
host_vars/infra-2.back.infra.auro.re.yml
Normal file
63
host_vars/infra-2.back.infra.auro.re.yml
Normal file
|
@ -0,0 +1,63 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
ups0: 04:00:00:6d:97:83
|
||||
back0: 04:00:00:46:ba:f9
|
||||
monit0: 04:00:00:72:0b:2d
|
||||
wifi0: 04:00:00:ee:42:0f
|
||||
int0: 04:00:00:21:fd:d0
|
||||
sw0: 04:00:00:2e:5b:16
|
||||
bmc0: 04:00:00:bb:5a:a6
|
||||
pve0: 04:00:00:0b:2b:82
|
||||
isp0: 04:00:00:f4:4c:5d
|
||||
ext0: 04:00:00:1d:0e:83
|
||||
vpn0: 04:00:00:02:ba:dd
|
||||
th30: 04:00:00:9e:8d:4f
|
||||
pub0: 04:00:00:f8:3b:9b
|
||||
|
||||
ifupdown2__interfaces:
|
||||
back0:
|
||||
addresses:
|
||||
- 2a09:6840:203::1:4/64
|
||||
- 10.203.1.4/16
|
||||
- 45.66.111.211/32 # secondary
|
||||
ups0:
|
||||
ipv6_addrgen: false
|
||||
monit0:
|
||||
ipv6_addrgen: false
|
||||
wifi0:
|
||||
ipv6_addrgen: false
|
||||
int0:
|
||||
ipv6_addrgen: false
|
||||
sw0:
|
||||
ipv6_addrgen: false
|
||||
bmc0:
|
||||
ipv6_addrgen: false
|
||||
pve0:
|
||||
ipv6_addrgen: false
|
||||
isp0:
|
||||
ipv6_addrgen: false
|
||||
ext0:
|
||||
ipv6_addrgen: false
|
||||
vpn0:
|
||||
addresses:
|
||||
- 2a09:6840:213::1:2/64
|
||||
- 10.213.1.2/16
|
||||
th30:
|
||||
ipv6_addrgen: false
|
||||
pub0:
|
||||
ipv6_addrgen: false
|
||||
|
||||
bird__router_id: 10.203.1.4
|
||||
|
||||
bird__bgp_addr:
|
||||
back:
|
||||
- 2a09:6840:203::1:4
|
||||
- 10.203.1.4
|
||||
vpn:
|
||||
- 2a09:6840:213:1:2
|
||||
- 10.213.1.2
|
||||
|
||||
bird__pref_src_addr:
|
||||
- 2a09:6840:203::1:4
|
||||
- 45.66.111.211
|
||||
...
|
59
host_vars/isp-1.back.infra.auro.re.yml
Normal file
59
host_vars/isp-1.back.infra.auro.re.yml
Normal file
|
@ -0,0 +1,59 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
adm0: 02:00:00:D8:37:45
|
||||
back0: 02:00:00:BF:10:4C
|
||||
trunk0: 02:00:00:E9:BA:15
|
||||
|
||||
ifupdown2__interfaces:
|
||||
adm0:
|
||||
addresses:
|
||||
- 2a09:6840:128::10:5/64
|
||||
- 10.128.10.5/16
|
||||
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||
back0:
|
||||
addresses:
|
||||
- 2a09:6840:203::1:5/64
|
||||
- 45.66.111.211/32
|
||||
- 10.203.1.5/16
|
||||
trunk0:
|
||||
ipv6_addrgen: false
|
||||
clients0:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- trunk0
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
bridge_disable_pvid: true
|
||||
ipv6_addrgen: false
|
||||
client0:
|
||||
vlan_id: 1000
|
||||
vlan_raw_device: clients0
|
||||
ipv6_addrgen: false
|
||||
client1:
|
||||
vlan_id: 1001
|
||||
vlan_raw_device: clients0
|
||||
ipv6_addrgen: false
|
||||
client2:
|
||||
vlan_id: 1002
|
||||
vlan_raw_device: clients0
|
||||
ipv6_addrgen: false
|
||||
client3:
|
||||
vlan_id: 1003
|
||||
vlan_raw_device: clients0
|
||||
ipv6_addrgen: false
|
||||
client4:
|
||||
vlan_id: 1004
|
||||
vlan_raw_device: clients0
|
||||
ipv6_addrgen: false
|
||||
|
||||
bird__router_id: 10.203.1.5
|
||||
|
||||
bird__bgp_addr:
|
||||
back:
|
||||
- 2a09:6840:203::1:5
|
||||
- 10.203.1.5
|
||||
|
||||
bird__pref_src_addr:
|
||||
- 2a09:6840:203::1:5
|
||||
- 45.66.111.211
|
||||
...
|
47
host_vars/isp-2.back.infra.auro.re.yml
Normal file
47
host_vars/isp-2.back.infra.auro.re.yml
Normal file
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
adm0: 04:00:00:85:C3:5D
|
||||
back0: 04:00:00:FE:2D:67
|
||||
trunk0: 04:00:00:D8:F5:4D
|
||||
|
||||
ifupdown2__interfaces:
|
||||
adm0:
|
||||
addresses:
|
||||
- 2a09:6840:128::10:105/64
|
||||
- 10.128.10.105/16
|
||||
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||
back0:
|
||||
addresses:
|
||||
- 2a09:6840:203::1:6/64
|
||||
- 10.203.1.6/16
|
||||
trunk0:
|
||||
ipv6_addrgen: false
|
||||
clients0:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- trunk0
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
bridge_disable_pvid: true
|
||||
ipv6_addrgen: false
|
||||
client0:
|
||||
vlan_id: 1000
|
||||
vlan_raw_device: clients0
|
||||
ipv6_addrgen: false
|
||||
client1:
|
||||
vlan_id: 1001
|
||||
vlan_raw_device: clients0
|
||||
ipv6_addrgen: false
|
||||
client2:
|
||||
vlan_id: 1002
|
||||
vlan_raw_device: clients0
|
||||
ipv6_addrgen: false
|
||||
client3:
|
||||
vlan_id: 1003
|
||||
vlan_raw_device: clients0
|
||||
ipv6_addrgen: false
|
||||
client4:
|
||||
vlan_id: 1004
|
||||
vlan_raw_device: clients0
|
||||
ipv6_addrgen: false
|
||||
...
|
16
host_vars/ldap-1.int.infra.auro.re.yml
Normal file
16
host_vars/ldap-1.int.infra.auro.re.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
adm0: 02:00:00:38:c2:52
|
||||
int0: 02:00:00:fe:a8:54
|
||||
|
||||
ifupdown2__interfaces:
|
||||
adm0:
|
||||
addresses:
|
||||
- 2a09:6840:128::10:8/64
|
||||
- 10.128.10.8/16
|
||||
int0:
|
||||
addresses:
|
||||
- 2a09:6840:206::1:3/64
|
||||
- 10.206.1.7/16
|
||||
gateways: "{{ ifupdown2__gateways.int }}"
|
||||
...
|
16
host_vars/ldap-2.int.infra.auro.re.yml
Normal file
16
host_vars/ldap-2.int.infra.auro.re.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
adm0: 04:00:00:f7:1c:47
|
||||
int0: 04:00:00:e4:83:d2
|
||||
|
||||
ifupdown2__interfaces:
|
||||
adm0:
|
||||
addresses:
|
||||
- 2a09:6840:128::10:108/64
|
||||
- 10.128.10.108/16
|
||||
int0:
|
||||
addresses:
|
||||
- 2a09:6840:206::1:4/64
|
||||
- 10.206.1.8/16
|
||||
gateways: "{{ ifupdown2__gateways.int }}"
|
||||
...
|
38
host_vars/mx.test.infra.auro.re.yml
Normal file
38
host_vars/mx.test.infra.auro.re.yml
Normal file
|
@ -0,0 +1,38 @@
|
|||
---
|
||||
dovecot__auth_default_realm: test.auro.re
|
||||
dovecot__auth_users:
|
||||
jeltz@test.auro.re: "{plain}password"
|
||||
lafeych@test.auro.re: "{plain}password"
|
||||
toto@test.auro.re: "{plain}password"
|
||||
root@test.auro.re: "{plain}L9yXSrCbbafMlMls5q7WWMKC612XNbXL"
|
||||
dovecot__lmtp_postmaster_address: postmaster@test.auro.re
|
||||
|
||||
ifupdown2__interfaces:
|
||||
ext0:
|
||||
addresses:
|
||||
- 2a09:6840:211::1:5/64
|
||||
- 10.211.1.5/16
|
||||
- 45.66.111.208/30
|
||||
gateways: "{{ ifupdown2__gateways.ext }}"
|
||||
|
||||
postfix__hostname: mx.test.auro.re
|
||||
|
||||
postfix__sasl_local_domain: test.auro.re
|
||||
|
||||
postfix__virtual_aliases:
|
||||
postmaster@test.auro.re: root@test.auro.re
|
||||
dmarc@test.auro.re: root@test.auro.re
|
||||
|
||||
postfix__virtual_mailbox_domains:
|
||||
- infra.test.auro.re
|
||||
- test.auro.re
|
||||
|
||||
postfix__virtual_mailboxes:
|
||||
jeltz@test.auro.re: jeltz@test.auro.re
|
||||
root@test.auro.re: root@test.auro.re
|
||||
toto@test.auro.re: toto@test.auro.re
|
||||
vincent.lafeychine@test.auro.re: lafeych@test.auro.re
|
||||
|
||||
systemd_link__links:
|
||||
ext0: ae:ae:ae:1d:c8:b2
|
||||
...
|
11
host_vars/ns-1.pub.infra.auro.re.yml
Normal file
11
host_vars/ns-1.pub.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
pub0: 02:00:00:ad:62:64
|
||||
|
||||
ifupdown2__interfaces:
|
||||
pub0:
|
||||
addresses:
|
||||
- 2a09:6840:215::1:2/64
|
||||
- 45.66.111.205/27
|
||||
gateways: "{{ ifupdown2__gateways.pub }}"
|
||||
...
|
11
host_vars/ns-2.pub.infra.auro.re.yml
Normal file
11
host_vars/ns-2.pub.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
pub0: 04:00:00:1b:0a:3a
|
||||
|
||||
ifupdown2__interfaces:
|
||||
pub0:
|
||||
addresses:
|
||||
- 2a09:6840:215::1:3/64
|
||||
- 45.66.111.207/27
|
||||
gateways: "{{ ifupdown2__gateways.pub }}"
|
||||
...
|
29
host_vars/ns-3.ovh.infra.auro.re.yml
Normal file
29
host_vars/ns-3.ovh.infra.auro.re.yml
Normal file
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
adm0: 96:77:96:91:e3:6c
|
||||
ovh0: 00:50:56:00:fd:c0
|
||||
|
||||
ifupdown2__interfaces:
|
||||
adm0:
|
||||
addresses:
|
||||
- 2a09:6840:128::109/64
|
||||
- 10.128.0.109/16
|
||||
ovh0:
|
||||
addresses:
|
||||
- 92.222.211.194/24
|
||||
gateways: "{{ ifupdown2__gateways.ovh }}"
|
||||
|
||||
# TODO: remove as soon as the VPN works
|
||||
knotd__remotes:
|
||||
xfr-master:
|
||||
address: 2a09:6840:128::110
|
||||
key: xfr
|
||||
|
||||
knotd__acl:
|
||||
notify-master:
|
||||
address:
|
||||
- 2a09:6840:128::110
|
||||
- 10.128.0.110
|
||||
key: xfr
|
||||
action: notify
|
||||
...
|
615
host_vars/ns-master.int.infra.auro.re/knotd.yml
Normal file
615
host_vars/ns-master.int.infra.auro.re/knotd.yml
Normal file
|
@ -0,0 +1,615 @@
|
|||
---
|
||||
knotd__listen:
|
||||
- address: 0.0.0.0
|
||||
- address: "::"
|
||||
|
||||
knotd__keys:
|
||||
xfr:
|
||||
algorithm: hmac-sha512
|
||||
secret: "{{ vault_knotd_xfr_key }}"
|
||||
ksk-infra:
|
||||
algorithm: hmac-sha512
|
||||
secret: "{{ vault_knotd_ksk_infra_key }}"
|
||||
update-acme-challenge:
|
||||
algorithm: hmac-sha512
|
||||
secret: "{{ vault_certbot_dns_secret }}"
|
||||
|
||||
knotd__remotes:
|
||||
xfr-ns-1:
|
||||
address: 2a09:6840:215::1:2
|
||||
key: xfr
|
||||
xfr-ns-2:
|
||||
address: 2a09:6840:215::1:3
|
||||
key: xfr
|
||||
xfr-ns-3:
|
||||
address: 10.128.0.109
|
||||
key: xfr
|
||||
ksk-infra:
|
||||
address: ::1
|
||||
key: ksk-infra
|
||||
|
||||
knotd__policies:
|
||||
public:
|
||||
algorithm: ECDSAP256SHA256
|
||||
reproducible_signing: true
|
||||
# Je n'ai pas trouvé de façon de pousser les records automatiquement
|
||||
# sur .re, donc pour éviter d'oublier de le faire manuellement, la
|
||||
# KSK n'expire pas
|
||||
ksk_lifetime: 0
|
||||
zsk_lifetime: 30d
|
||||
nsec3: true
|
||||
infra:
|
||||
algorithm: ECDSAP256SHA256
|
||||
ksk_lifetime: 365d
|
||||
zsk_lifetime: 30d
|
||||
nsec3: on
|
||||
ds-push: ksk-infra
|
||||
cds-cdnskey-publish: rollover
|
||||
ksk-submission: infra
|
||||
ripe:
|
||||
algorithm: ECDSAP256SHA256
|
||||
ksk_lifetime: 365d
|
||||
zsk_lifetime: 30d
|
||||
nsec3: on
|
||||
ds-push: ksk-ripe
|
||||
cds-cdnskey-publish: rollover
|
||||
ksk-submission: ripe
|
||||
|
||||
knotd__acl:
|
||||
xfr:
|
||||
addresses:
|
||||
- 2a09:6840:128::109
|
||||
- 10.128.0.109
|
||||
- 2a09:6840:215::1:2
|
||||
- 45.66.111.205
|
||||
- 2a09:6840:215::1:3
|
||||
- 45.66.111.207
|
||||
action: transfer
|
||||
key: xfr
|
||||
ksk-infra:
|
||||
addresses:
|
||||
- 127.0.0.1
|
||||
- ::1
|
||||
key: ksk-infra
|
||||
action: update
|
||||
update_types:
|
||||
- DS
|
||||
update_owner: name
|
||||
update_owner_match: equal
|
||||
update_owner_name:
|
||||
- infra
|
||||
update-acme-challenge:
|
||||
addresses:
|
||||
- 10.128.0.0/16
|
||||
- 2a09:6840:128::/48
|
||||
key: update-acme-challenge
|
||||
action: update
|
||||
update_types:
|
||||
- TXT
|
||||
update_owner: name
|
||||
update_owner_match: equal
|
||||
update_owner_name:
|
||||
- _acme-challenge.auro.re.
|
||||
|
||||
knotd__queryacl:
|
||||
local:
|
||||
addresses:
|
||||
- 10.0.0.0/8
|
||||
|
||||
knotd__soa_rname: root@auro.re.
|
||||
|
||||
knotd__hosts:
|
||||
|
||||
auro.re:
|
||||
proxy-ovh:
|
||||
- 92.222.211.195
|
||||
horus:
|
||||
- 92.23.218.136
|
||||
ns-1:
|
||||
- 45.66.111.205
|
||||
- 2a09:6840:215::1:2
|
||||
ns-2:
|
||||
- 92.222.211.194
|
||||
serge:
|
||||
- 92.222.211.196
|
||||
lama:
|
||||
- 185.230.78.220
|
||||
- 2a0c:700:12:0:67:e5ff:fee9:108
|
||||
vpn-ovh:
|
||||
- 92.222.211.197
|
||||
passerelle:
|
||||
- 45.66.111.254
|
||||
- 2a09:6840:111::254
|
||||
proxy:
|
||||
- 45.66.111.61
|
||||
- 2a09:6840:111::61
|
||||
camelot:
|
||||
- 45.66.111.59
|
||||
- 2a09:6840:111::59
|
||||
mail:
|
||||
- 45.66.111.62
|
||||
- 2a09:6840:111::62
|
||||
galene:
|
||||
- 45.66.111.65
|
||||
- 2a09:6840:111::65
|
||||
aclyas:
|
||||
- 45.66.111.231
|
||||
- 2a09:6840:111::231
|
||||
jitsi:
|
||||
- 45.66.111.55
|
||||
- 2a09:6840:111::55
|
||||
portail-fleming:
|
||||
- 10.13.0.247
|
||||
- 2a09:6840:13::247
|
||||
portail-pacaterie:
|
||||
- 10.23.0.247
|
||||
- 2a09:6840:23::247
|
||||
portail-rives:
|
||||
- 10.33.0.247
|
||||
- 2a09:6840:33::247
|
||||
portail-edc:
|
||||
- 10.43.0.247
|
||||
- 2a09:6840:43::247
|
||||
portail-gs:
|
||||
- 10.53.0.247
|
||||
- 2a09:6840:53::247
|
||||
grocy.bric:
|
||||
- 45.66.111.133
|
||||
- 2a09:6840:111::133
|
||||
|
||||
adh.auro.re:
|
||||
hoffman:
|
||||
- 45.66.110.1
|
||||
- 2a09:6840:110:0:2d8:61ff:fe56:d7eb
|
||||
hindley:
|
||||
- 45.66.110.3
|
||||
- 2a09:6840:110:0:a6ba:dbff:fe03:1f36
|
||||
yberreby:
|
||||
- 45.66.110.5
|
||||
- 2a09:6840:110:0:d896:1dff:fe59:8381
|
||||
paon:
|
||||
- 45.66.110.10
|
||||
- 2a09:6840:110:0:231:92ff:fe1b:ae22
|
||||
lovelace:
|
||||
- 45.66.110.45
|
||||
- 2a09:6840:110:0:c634:6bff:feb5:7bcc
|
||||
switch-leo:
|
||||
- 45.66.110.103
|
||||
- 2a09:6840:110:0:82cc:9cff:fe82:ca3e
|
||||
haskell:
|
||||
- 45.66.110.112
|
||||
- 2a09:6840:110:0:f4ac:cbff:fe81:7f48
|
||||
lyshyga0:
|
||||
- 45.66.110.113
|
||||
- 2a09:6840:110:0:6af7:28ff:fe91:e8d9
|
||||
pz28910:
|
||||
- 45.66.110.114
|
||||
vinsing0:
|
||||
- 45.66.110.123
|
||||
- 2a09:6840:110:0:1e1b:dff:fe90:7d81
|
||||
osc-routeur:
|
||||
- 45.66.110.125
|
||||
- 2a09:6840:110:0:ba27:ebff:fe2d:c1a1
|
||||
odroid:
|
||||
- 45.66.110.154
|
||||
- 2a09:6840:110:0:21e:6ff:fe49:e00
|
||||
amau0:
|
||||
- 45.66.110.164
|
||||
- 2a09:6840:110:0:3e7c:3fff:fec3:27d1
|
||||
regulus:
|
||||
- 45.66.110.180
|
||||
- 2a09:6840:110:0:2ef0:5dff:fe2a:1530
|
||||
toaster:
|
||||
- 45.66.110.188
|
||||
- 2a09:6840:110:0:5246:5dff:fe9a:f70
|
||||
rpijutax:
|
||||
- 45.66.110.190
|
||||
- 2a09:6840:110:0:ba27:ebff:fe76:a9bc
|
||||
lafeychine:
|
||||
- 45.66.110.200
|
||||
- 2a09:6840:110:0:46a5:6eff:fe71:1
|
||||
polaris:
|
||||
- 45.66.110.245
|
||||
- 2a09:6840:110:0:dea6:32ff:feb4:d033
|
||||
|
||||
knotd__zones:
|
||||
|
||||
auro.re:
|
||||
dnssec_policy: public
|
||||
notify:
|
||||
- xfr-ns-1
|
||||
- xfr-ns-2
|
||||
- xfr-ns-3
|
||||
acl:
|
||||
- update-acme-challenge
|
||||
- ksk-infra
|
||||
- xfr
|
||||
soa:
|
||||
mname: ns-master.int.infra
|
||||
ns:
|
||||
- target:
|
||||
- ns-1.pub.infra
|
||||
- ns-2.pub.infra
|
||||
- ns-3.ovh.infra
|
||||
- name: infra
|
||||
target:
|
||||
- ns-1.pub.infra
|
||||
- ns-2.pub.infra
|
||||
- ns-3.ovh.infra
|
||||
- name: test
|
||||
target:
|
||||
- ns-1.pub.infra
|
||||
- ns-2.pub.infra
|
||||
- ns-3.ovh.infra
|
||||
- name: adm
|
||||
target:
|
||||
- serge
|
||||
- lama
|
||||
- name: ups
|
||||
target:
|
||||
- serge
|
||||
- lama
|
||||
- name: switch
|
||||
target:
|
||||
- serge
|
||||
- lama
|
||||
- name: borne
|
||||
target:
|
||||
- serge
|
||||
- lama
|
||||
mx:
|
||||
- exchange: mail
|
||||
preference: 5
|
||||
- exchange: proxy-ovh
|
||||
preference: 10
|
||||
txt:
|
||||
- data: v=spf1 mx -all
|
||||
a:
|
||||
- address: 92.222.211.195
|
||||
cname:
|
||||
- name:
|
||||
- gisti
|
||||
- gistiti
|
||||
target: jitsi
|
||||
- name:
|
||||
- element
|
||||
- riot
|
||||
- auth
|
||||
- rss
|
||||
- codimd
|
||||
- hedgedoc
|
||||
- grist
|
||||
- kanboard
|
||||
- www
|
||||
- pad
|
||||
- privatebin
|
||||
- zero
|
||||
- paste
|
||||
target: proxy-ovh
|
||||
- name:
|
||||
- grafana
|
||||
- nextcloud
|
||||
- cloud
|
||||
- office
|
||||
target: proxy.pub.infra
|
||||
- name:
|
||||
- netbox
|
||||
- wiki
|
||||
- matrix
|
||||
- drone
|
||||
- gitea
|
||||
- re2o
|
||||
- vote
|
||||
target: proxy
|
||||
- name: intranet
|
||||
target: re2o
|
||||
- name:
|
||||
- smtp
|
||||
- imap
|
||||
target: mail
|
||||
- name:
|
||||
- prometheus-paul.adh
|
||||
- pma-paul.adh
|
||||
- nextcloud-paul.adh
|
||||
- grafana-paul.adh
|
||||
- jellyfin.adh
|
||||
- monitoring.adh
|
||||
- beta-mpp.adh
|
||||
- pz28.adh
|
||||
target: lucepaul.myvnc.com.
|
||||
- name:
|
||||
- services-1.pve
|
||||
target: services-1.pve.infra
|
||||
- name:
|
||||
- services-2.pve
|
||||
target: services-2.pve.infra
|
||||
- name:
|
||||
- services-3.pve
|
||||
target: services-3.pve.infra
|
||||
hosts: "{{ knotd__hosts['auro.re']
|
||||
| combine(knotd__hosts['adh.auro.re']
|
||||
| add_origin_keys('adh.auro.re.')) }}"
|
||||
|
||||
test.auro.re:
|
||||
dnssec_policy: public
|
||||
notify:
|
||||
- xfr-ns-1
|
||||
- xfr-ns-2
|
||||
- xfr-ns-3
|
||||
acl:
|
||||
- xfr
|
||||
soa:
|
||||
mname: ns-master.int.infra.auro.re.
|
||||
txt:
|
||||
- data: v=spf1 mx -all
|
||||
- name: _dmarc
|
||||
data: v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@test.auro.re;ruf=mailto:postmaster@test.auro.re
|
||||
ns:
|
||||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
mx:
|
||||
- exchange: mx
|
||||
preference: 5
|
||||
cname:
|
||||
- name:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
target: proxy.pub.infra.auro.re.
|
||||
hosts:
|
||||
mx:
|
||||
- 2a09:6840:211::1:5
|
||||
- 45.66.111.205
|
||||
|
||||
infra.auro.re:
|
||||
dnssec_policy: infra
|
||||
notify:
|
||||
- xfr-ns-1
|
||||
- xfr-ns-2
|
||||
- xfr-ns-3
|
||||
acl:
|
||||
- xfr
|
||||
#queryacl: local
|
||||
soa:
|
||||
mname: ns-master.int
|
||||
ns:
|
||||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
hosts:
|
||||
services-1.ceph:
|
||||
- 10.214.1.1
|
||||
- "2a09:6840:214::1:1"
|
||||
services-2.ceph:
|
||||
- 10.214.1.2
|
||||
- "2a09:6840:214::1:2"
|
||||
services-3.ceph:
|
||||
- 10.214.1.3
|
||||
- "2a09:6840:209::1:3"
|
||||
services-1.pve:
|
||||
- 10.209.2.1
|
||||
- 2a09:6840:209::2:1
|
||||
services-2.pve:
|
||||
- 10.209.2.2
|
||||
- 2a09:6840:209::2:2
|
||||
services-3.pve:
|
||||
- 10.209.2.3
|
||||
- 2a09:6840:209::2:3
|
||||
ns-master.int:
|
||||
- 10.128.0.110
|
||||
- 2a09:6840:128:0::110
|
||||
network-1.pve:
|
||||
- 2a09:6840:209::1:1
|
||||
- 10.209.1.1
|
||||
network-2.pve:
|
||||
- 2a09:6840:209::1:2
|
||||
- 10.209.1.2
|
||||
edge-1.back:
|
||||
- 2a09:6840:203::1:1
|
||||
- 10.203.1.1
|
||||
edge-2.back:
|
||||
- 2a09:6840:203::1:2
|
||||
- 10.203.1.2
|
||||
dns-1.int:
|
||||
- 2a09:6840:206::1:1
|
||||
- 10.206.1.1
|
||||
dns-2.int:
|
||||
- 2a09:6840:206::1:2
|
||||
- 10.206.1.2
|
||||
nis2.int:
|
||||
- 2a09:6840:206::2:1
|
||||
- 10.206.2.1
|
||||
wg-1.vpn:
|
||||
- 2a09:6840:213::1:3
|
||||
- 10.213.1.3
|
||||
wg-2.vpn:
|
||||
- 2a09:6840:213::1:4
|
||||
- 10.213.1.4
|
||||
infra-1.back:
|
||||
- 2a09:6840:203::1:3
|
||||
- 10.203.1.3
|
||||
infra-2.back:
|
||||
- 2a09:6840:203::1:4
|
||||
- 10.203.1.4
|
||||
isp-1.back:
|
||||
- 2a09:6840:203::1:5
|
||||
- 10.203.1.5
|
||||
isp-2.back:
|
||||
- 2a09:6840:203::1:6
|
||||
- 10.203.1.6
|
||||
dhcp-1.isp:
|
||||
- 2a09:6840:210::1:1
|
||||
- 10.210.1.1
|
||||
dhcp-2.isp:
|
||||
- 2a09:6840:210::1:2
|
||||
- 10.210.1.2
|
||||
radius-1.isp:
|
||||
- 2a09:6840:210::1:3
|
||||
- 10.210.1.3
|
||||
radius-2.isp:
|
||||
- 2a09:6840:210::1:4
|
||||
- 10.210.1.4
|
||||
ldap-1.int:
|
||||
- 10.128.10.8
|
||||
- 2a09:6840:128::10:8
|
||||
ldap-2.int:
|
||||
- 10.128.10.108
|
||||
- 2a09:6840:128::10:108
|
||||
ntp-1.int:
|
||||
- 2a09:6840:206::1:5
|
||||
- 10.206.1.5
|
||||
ntp-2.int:
|
||||
- 2a09:6840:206::1:6
|
||||
- 10.206.1.6
|
||||
prometheus-1.monit:
|
||||
- 2a09:6840:204::1:1
|
||||
- 10.204.1.1
|
||||
prometheus-2.monit:
|
||||
- 2a09:6840:204::1:2
|
||||
- 10.204.1.2
|
||||
ff-1.core.sw:
|
||||
#- 2a09:6840:207::1:1
|
||||
- 10.207.1.1
|
||||
ff-2.core.sw:
|
||||
#- 2a09:6840:207::1:2
|
||||
- 10.207.1.2
|
||||
fl-1.core.sw:
|
||||
#- 2a09:6840:207::1:3
|
||||
- 10.207.1.3
|
||||
fl-2.core.sw:
|
||||
#- 2a09:6840:207::1:4
|
||||
- 10.207.1.4
|
||||
fd-1.core.sw:
|
||||
#- 2a09:6840:207::1:5
|
||||
- 10.207.1.5
|
||||
ff-3.core.sw:
|
||||
#- 2a09:6840:207::1:6
|
||||
- 10.207.1.6
|
||||
gk-1.core.sw:
|
||||
#- 2a09:6840:207::2:1
|
||||
- 10.207.2.1
|
||||
eb-1.core.sw:
|
||||
#- 2a09:6840:207::3:1
|
||||
- 10.207.3.1
|
||||
r3-1.core.sw:
|
||||
#- 2a09:6840:207::4:1
|
||||
- 10.207.4.1
|
||||
eb-1.ups:
|
||||
- 2a09:6840:201::3:1
|
||||
- 10.201.3.1
|
||||
ec-1.ups:
|
||||
- 2a09:6840:201::3:2
|
||||
- 10.201.3.2
|
||||
mx.test:
|
||||
- 2a09:6840:211::1:5
|
||||
- 10.211.1.5
|
||||
collabora.ext:
|
||||
- 2a09:6840:211::1:1
|
||||
- 10.211.1.1
|
||||
proxy.pub:
|
||||
- 2a09:6840:215::1:1
|
||||
- 45.66.111.206
|
||||
ns-1.pub:
|
||||
- 2a09:6840:215::1:2
|
||||
- 45.66.111.205
|
||||
ns-2.pub:
|
||||
- 2a09:6840:215::1:3
|
||||
- 45.66.111.207
|
||||
ns-3.ovh:
|
||||
- 92.222.211.194
|
||||
|
||||
108.66.45.in-addr.arpa:
|
||||
dnssec_policy: ripe
|
||||
notify:
|
||||
- xfr-ns-1
|
||||
- xfr-ns-2
|
||||
- xfr-ns-3
|
||||
acl:
|
||||
- xfr
|
||||
soa:
|
||||
mname: ns-master.int.infra.auro.re.
|
||||
ns:
|
||||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
|
||||
109.66.45.in-addr.arpa:
|
||||
dnssec_policy: ripe
|
||||
notify:
|
||||
- xfr-ns-1
|
||||
- xfr-ns-2
|
||||
- xfr-ns-3
|
||||
acl:
|
||||
- xfr
|
||||
soa:
|
||||
mname: ns-master.int.infra.auro.re.
|
||||
ns:
|
||||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
|
||||
110.66.45.in-addr.arpa:
|
||||
dnssec_policy: ripe
|
||||
notify:
|
||||
- xfr-ns-1
|
||||
- xfr-ns-2
|
||||
- xfr-ns-3
|
||||
acl:
|
||||
- xfr
|
||||
soa:
|
||||
mname: ns-master.int.infra.auro.re.
|
||||
ns:
|
||||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
reverse_hosts: "{{ knotd__hosts['adh.auro.re']
|
||||
| ip_filter(['45.66.110.0/24'])
|
||||
| add_origin_keys('adh.auro.re.') }}"
|
||||
|
||||
111.66.45.in-addr.arpa:
|
||||
dnssec_policy: ripe
|
||||
notify:
|
||||
- xfr-ns-1
|
||||
- xfr-ns-2
|
||||
- xfr-ns-3
|
||||
acl:
|
||||
- xfr
|
||||
soa:
|
||||
mname: ns-master.int.infra.auro.re.
|
||||
ns:
|
||||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
reverse_hosts: "{{ knotd__hosts['auro.re']
|
||||
| ip_filter(['45.66.111.0/24'])
|
||||
| add_origin_keys('auro.re.') }}"
|
||||
|
||||
0.4.8.6.9.0.a.2.ip6.arpa:
|
||||
dnssec_policy: ripe
|
||||
notify:
|
||||
- xfr-ns-1
|
||||
- xfr-ns-2
|
||||
- xfr-ns-3
|
||||
acl:
|
||||
- xfr
|
||||
soa:
|
||||
mname: ns-master.int.infra.auro.re.
|
||||
ns:
|
||||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
reverse_hosts: "{{ knotd__hosts['auro.re']
|
||||
| ip_filter(['2a09:6840::/32'])
|
||||
| add_origin_keys('auro.re.')
|
||||
| combine(knotd__hosts['adh.auro.re']
|
||||
| ip_filter(['2a09:6840::/32'])
|
||||
| add_origin_keys('adh.auro.re.')) }}"
|
||||
...
|
16
host_vars/ns-master.int.infra.auro.re/main.yml
Normal file
16
host_vars/ns-master.int.infra.auro.re/main.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
int0: 02:00:00:e3:36:c8
|
||||
adm0: 42:17:a7:d1:bd:6a
|
||||
|
||||
ifupdown2__interfaces:
|
||||
adm0:
|
||||
addresses:
|
||||
- 2a09:6840:128::110/64
|
||||
- 10.128.0.110/16
|
||||
int0:
|
||||
addresses:
|
||||
- 2a09:6840:206::1:7/64
|
||||
- 10.206.1.7/16
|
||||
gateways: "{{ ifupdown2__gateways.int }}"
|
||||
...
|
11
host_vars/ntp-1.int.infra.auro.re.yml
Normal file
11
host_vars/ntp-1.int.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
int0: 02:00:00:74:71:83
|
||||
|
||||
ifupdown2__interfaces:
|
||||
int0:
|
||||
addresses:
|
||||
- 2a09:6840:206::1:5/64
|
||||
- 10.206.1.5/16
|
||||
gateways: "{{ ifupdown2__gateways.int }}"
|
||||
...
|
11
host_vars/ntp-2.int.infra.auro.re.yml
Normal file
11
host_vars/ntp-2.int.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
int0: 04:00:00:31:be:50
|
||||
|
||||
ifupdown2__interfaces:
|
||||
int0:
|
||||
addresses:
|
||||
- 2a09:6840:206::1:6/64
|
||||
- 10.206.1.6/16
|
||||
gateways: "{{ ifupdown2__gateways.int }}"
|
||||
...
|
11
host_vars/prometheus-1.monit.infra.auro.re.yml
Normal file
11
host_vars/prometheus-1.monit.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
monit0: 02:00:00:a8:6b:51
|
||||
|
||||
ifupdown2__interfaces:
|
||||
monit0:
|
||||
addresses:
|
||||
- 2a09:6840:204::1:1/64
|
||||
- 10.204.1.1/16
|
||||
gateways: "{{ ifupdown2__gateways.monit }}"
|
||||
...
|
11
host_vars/prometheus-2.monit.infra.auro.re.yml
Normal file
11
host_vars/prometheus-2.monit.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
monit0: 04:00:00:a6:93:5a
|
||||
|
||||
ifupdown2__interfaces:
|
||||
monit0:
|
||||
addresses:
|
||||
- 2a09:6840:204::1:2/64
|
||||
- 10.204.1.2/16
|
||||
gateways: "{{ ifupdown2__gateways.monit }}"
|
||||
...
|
|
@ -70,3 +70,6 @@ loc_reverseproxy:
|
|||
|
||||
- from: grafana.auro.re
|
||||
to: "10.128.0.98:3000"
|
||||
|
||||
- from: office.auro.re
|
||||
to: "10.128.0.220"
|
||||
|
|
99
host_vars/proxy.pub.infra.auro.re.yml
Normal file
99
host_vars/proxy.pub.infra.auro.re.yml
Normal file
|
@ -0,0 +1,99 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
pub0: ae:ae:ae:3a:71:0b
|
||||
|
||||
ifupdown2__interfaces:
|
||||
pub0:
|
||||
addresses:
|
||||
- 2a09:6840:215::1:1/64
|
||||
- 45.66.111.206/27
|
||||
gateways: "{{ ifupdown2__gateways.pub }}"
|
||||
|
||||
caddy__matrix_headers:
|
||||
access-control-allow-headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
||||
access-control-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
|
||||
access-control-allow-origin: "*"
|
||||
|
||||
caddy__routes_https:
|
||||
www1.test.auro.re:
|
||||
- root: /var/www/auro.re
|
||||
- path: /.well-known/matrix/server
|
||||
headers: "{{ caddy__matrix_headers }}"
|
||||
body: '{"m.server": "matrix.auro.re:8448"}'
|
||||
status: 200
|
||||
- path: /.well-known/matrix/client
|
||||
headers: "{{ caddy__matrix_headers }}"
|
||||
body: '{"m.homeserver": {"base_url": "https://matrix.auro.re"}}'
|
||||
status: 200
|
||||
www2.test.auro.re:
|
||||
headers:
|
||||
location: "https://auro.re{http.request.uri}"
|
||||
status: 301
|
||||
www3.test.auro.re:
|
||||
reverse:
|
||||
- "[2a09:6840:128::198]:3000"
|
||||
- 10.128.0.198:3000
|
||||
grafana.auro.re:
|
||||
reverse:
|
||||
- "[2a09:6840:128::98]:3000"
|
||||
- 10.128.0.98:3000
|
||||
office.auro.re:
|
||||
reverse:
|
||||
- "[2a09:6840:211::1:1]:9980"
|
||||
- 10.211.1.1:9980
|
||||
nextcloud.auro.re:
|
||||
headers:
|
||||
location: "https://cloud.auro.re{http.request.uri}"
|
||||
status: 301
|
||||
cloud.auro.re:
|
||||
- path: /.well-known/carddav
|
||||
headers:
|
||||
location: /remote.php/dav/
|
||||
status: 301
|
||||
- path: /.well-known/caldav
|
||||
headers:
|
||||
location: /remote.php/dav/
|
||||
status: 301
|
||||
- path: /.well-known/webfinger
|
||||
headers:
|
||||
location: /index.php/.well-known/webfinger
|
||||
status: 301
|
||||
- path: /.well-known/nodeinfo
|
||||
headers:
|
||||
location: /index.php/.well-known/nodeinfo
|
||||
status: 301
|
||||
- path: /remote/*
|
||||
rewrite: /remote.php
|
||||
- path: /ocm-provider/*
|
||||
rewrite: /index.php
|
||||
- path: "*.mjs"
|
||||
headers:
|
||||
content-type: text/javascript
|
||||
- reverse:
|
||||
- "[2a09:6840:128::58]:8080"
|
||||
- 10.128.0.58:8080
|
||||
headers:
|
||||
x-robots-tag: noindex, nofollow
|
||||
referrer-policy: no-referrer
|
||||
x-content-type-options: nosniff
|
||||
x-frame-options: SAMEORIGIN
|
||||
x-permitted-cross-domain-policies: none
|
||||
x-xss-protection: "1; mode=block"
|
||||
|
||||
caddy__contact_email: tech.aurore@lists.crans.org
|
||||
|
||||
caddy__errors:
|
||||
- root: "{{ caddy__error_dir }}"
|
||||
- rewrite: /error.html
|
||||
- file_server: true
|
||||
templates: true
|
||||
|
||||
caddy__servers:
|
||||
https:
|
||||
listen: ":443"
|
||||
routes: "{{ caddy__routes_https }}"
|
||||
errors: "{{ caddy__errors }}"
|
||||
http:
|
||||
listen: ":80"
|
||||
|
||||
...
|
11
host_vars/radius-1.isp.infra.auro.re.yml
Normal file
11
host_vars/radius-1.isp.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
isp0: 02:00:00:6a:3e:f4
|
||||
|
||||
ifupdown2__interfaces:
|
||||
isp0:
|
||||
addresses:
|
||||
- 2a09:6840:210::1:3/64
|
||||
- 10.210.1.3/16
|
||||
gateways: "{{ ifupdown2__gateways.isp }}"
|
||||
...
|
11
host_vars/radius-2.isp.infra.auro.re.yml
Normal file
11
host_vars/radius-2.isp.infra.auro.re.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
isp0: 04:00:00:29:6d:c9
|
||||
|
||||
ifupdown2__interfaces:
|
||||
isp0:
|
||||
addresses:
|
||||
- 2a09:6840:210::1:4/64
|
||||
- 10.210.1.4/16
|
||||
gateways: "{{ ifupdown2__gateways.isp }}"
|
||||
...
|
44
host_vars/wg-1.vpn.infra.auro.re.yml
Normal file
44
host_vars/wg-1.vpn.infra.auro.re.yml
Normal file
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
systemd_link__links:
|
||||
vpn0:
|
||||
enabled: false
|
||||
vpn: 02:00:00:b5:ca:c7
|
||||
ext0:
|
||||
enabled: false
|
||||
ext: 02:00:00:e3:65:49
|
||||
|
||||
ifupdown2__interfaces:
|
||||
ext0:
|
||||
gateways: "{{ ifupdown2__gateways.ext }}"
|
||||
addresses:
|
||||
- 2a09:6840:211::1:1/64
|
||||
- 10.211.1.1/16
|
||||
- 45.66.111.204/30
|
||||
vpn0:
|
||||
addresses:
|
||||
- 2a09:6840:213::1:3/64
|
||||
- 10.213.1.3/16
|
||||
# FIXME: move to group_vars
|
||||
goto_table: "{{ iproute2__custom_tables.wireguard }}"
|
||||
#vrf: wg-vrf
|
||||
ext:
|
||||
gateways: "{{ ifupdown2__gateways.ext }}"
|
||||
addresses:
|
||||
- 2a09:6840:211::1:1/64
|
||||
- 10.211.1.1/16
|
||||
- 45.66.111.204/30
|
||||
vpn:
|
||||
addresses:
|
||||
- 2a09:6840:213::1:3/64
|
||||
- 10.213.1.3/16
|
||||
# FIXME: move to group_vars
|
||||
goto_table: "{{ iproute2__custom_tables.wireguard }}"
|
||||
#vrf: wg-vrf
|
||||
|
||||
bird__router_id: 10.213.1.3
|
||||
|
||||
bird__bgp_addr:
|
||||
vpn:
|
||||
- 2a09:6840:213::1:3
|
||||
- 10.213.1.3
|
||||
...
|
138
hosts
138
hosts
|
@ -1,9 +1,104 @@
|
|||
# Aurore servers inventory
|
||||
|
||||
# How to name your server ?
|
||||
# > We name servers according to location, then type, then function.
|
||||
# > Then we regroup everything in global geographic, type and function groups.
|
||||
[vm_test]
|
||||
mx.test.infra.auro.re
|
||||
|
||||
[vm_services]
|
||||
collabora.ext.infra.auro.re
|
||||
proxy.pub.infra.auro.re
|
||||
|
||||
[aruba]
|
||||
eb-1.acs.sw.infra.auro.re
|
||||
|
||||
[quanta]
|
||||
ff-1.core.sw.infra.auro.re
|
||||
ff-2.core.sw.infra.auro.re
|
||||
fl-1.core.sw.infra.auro.re
|
||||
fl-2.core.sw.infra.auro.re
|
||||
fd-1.core.sw.infra.auro.re
|
||||
gk-1.core.sw.infra.auro.re
|
||||
eb-1.core.sw.infra.auro.re
|
||||
r3-1.core.sw.infra.auro.re
|
||||
|
||||
[eaton_ups]
|
||||
eb-1.ups.infra.auro.re
|
||||
ec-1.ups.infra.auro.re
|
||||
|
||||
[vpn]
|
||||
wg-[1:2].vpn.infra.auro.re
|
||||
|
||||
[dns]
|
||||
dns-[1:2].int.infra.auro.re
|
||||
|
||||
[dhcp]
|
||||
dhcp-[1:2].isp.infra.auro.re
|
||||
|
||||
[edge]
|
||||
edge-[1:2].back.infra.auro.re
|
||||
|
||||
[isp]
|
||||
isp-1.back.infra.auro.re
|
||||
#isp-[1:2].back.infra.auro.re
|
||||
|
||||
[infra]
|
||||
infra-[1:2].back.infra.auro.re
|
||||
|
||||
[prom]
|
||||
prometheus-[1:2].monit.infra.auro.re
|
||||
|
||||
[router:children]
|
||||
isp
|
||||
infra
|
||||
edge
|
||||
|
||||
[ns]
|
||||
ns-[1:2].pub.infra.auro.re
|
||||
ns-3.ovh.infra.auro.re
|
||||
|
||||
[ldap]
|
||||
#ldap-[1:2].int.infra.auro.re
|
||||
|
||||
[ntp]
|
||||
ntp-[1:2].int.infra.auro.re
|
||||
|
||||
[radiusng]
|
||||
radius-[1:2].isp.infra.auro.re
|
||||
|
||||
[vm:children]
|
||||
vm_network
|
||||
vm_services
|
||||
vm_ovh
|
||||
|
||||
[vm_ovh]
|
||||
ns-3.ovh.infra.auro.re
|
||||
|
||||
[vm_network:children]
|
||||
vpn
|
||||
edge
|
||||
dhcp
|
||||
dns
|
||||
radiusng
|
||||
ntp
|
||||
#ldap
|
||||
isp
|
||||
infra
|
||||
prom
|
||||
ns
|
||||
nsmaster
|
||||
|
||||
[nsmaster]
|
||||
ns-master.int.infra.auro.re
|
||||
|
||||
[pve:children]
|
||||
pve_network
|
||||
pve_services
|
||||
|
||||
[pve_network]
|
||||
network-1.pve.infra.auro.re ansible_ssh_host=10.209.1.1
|
||||
network-2.pve.infra.auro.re
|
||||
|
||||
[pve_services]
|
||||
services-[1:3].pve.infra.auro.re
|
||||
|
||||
###############################################################################
|
||||
# Aurore : main services
|
||||
|
@ -69,6 +164,7 @@ switchs-manager.adm.auro.re
|
|||
ldap-replica-ovh.adm.auro.re
|
||||
prometheus-ovh.adm.auro.re
|
||||
prometheus-federate.adm.auro.re
|
||||
ns-2.auro.re
|
||||
|
||||
[ovh_testing_vm]
|
||||
#re2o-test.adm.auro.re
|
||||
|
@ -89,15 +185,9 @@ dhcp-fleming.adm.auro.re
|
|||
dhcp-fleming-backup.adm.auro.re
|
||||
dns-fleming.adm.auro.re
|
||||
dns-fleming-backup.adm.auro.re
|
||||
ntp-1.int.infra.auro.re
|
||||
prometheus-fleming.adm.auro.re
|
||||
#prometheus-fleming-fo.adm.auro.re
|
||||
ns-1.auro.re
|
||||
radius-fleming.adm.auro.re
|
||||
dns-1.int.infra.auro.re
|
||||
isp-1.rtr.infra.auro.re
|
||||
isp-2.rtr.infra.auro.re
|
||||
dhcp-1.isp.auro.re
|
||||
dhcp-2.isp.auro.re
|
||||
radius-fleming-backup.adm.auro.re
|
||||
unifi-fleming.adm.auro.re
|
||||
routeur-fleming.adm.auro.re
|
||||
|
@ -505,13 +595,13 @@ rives_unifi
|
|||
ovh_container
|
||||
|
||||
# every virtual machine
|
||||
[vm:children]
|
||||
ovh_vm
|
||||
fleming_vm
|
||||
pacaterie_vm
|
||||
edc_vm
|
||||
gs_vm
|
||||
rives_vm
|
||||
#[vm:children]
|
||||
#ovh_vm
|
||||
#fleming_vm
|
||||
#pacaterie_vm
|
||||
#edc_vm
|
||||
#gs_vm
|
||||
#rives_vm
|
||||
|
||||
# every server
|
||||
[server:children]
|
||||
|
@ -519,13 +609,13 @@ fleming_server
|
|||
edc_server
|
||||
|
||||
# every PVE
|
||||
[pve:children]
|
||||
ovh_pve
|
||||
fleming_pve
|
||||
pacaterie_pve
|
||||
edc_pve
|
||||
gs_pve
|
||||
rives_pve
|
||||
#[pve:children]
|
||||
#ovh_pve
|
||||
#fleming_pve
|
||||
#pacaterie_pve
|
||||
#edc_pve
|
||||
#gs_pve
|
||||
#rives_pve
|
||||
|
||||
# every unifi
|
||||
[unifi:children]
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Put a common configuration on all servers
|
||||
- hosts: all,!unifi
|
||||
- hosts:
|
||||
- pve
|
||||
- vm
|
||||
roles:
|
||||
- baseconfig
|
||||
- basesecurity
|
||||
- ldap_client
|
||||
- logrotate
|
||||
- update_motd
|
||||
- base_utils
|
||||
- unattended_upgrades
|
||||
...
|
||||
|
|
484
playbooks/bird.yml
Executable file
484
playbooks/bird.yml
Executable file
|
@ -0,0 +1,484 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- infra
|
||||
- isp
|
||||
- vpn
|
||||
roles:
|
||||
- bird
|
||||
|
||||
#- hosts:
|
||||
# - isp-1.back.infra.auro.re
|
||||
# - isp-2.back.infra.auro.re
|
||||
# vars:
|
||||
# bird__router_ids:
|
||||
# isp-1.back.infra.auro.re: 10.203.1.5
|
||||
# isp-2.back.infra.auro.re: 10.203.1.6
|
||||
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||
# bird__radv_interfaces:
|
||||
# client0:
|
||||
# prefix:
|
||||
# - 2a09:6841::/64
|
||||
# domain_search:
|
||||
# - client0.isp.auro.re
|
||||
# client1:
|
||||
# prefix:
|
||||
# - 2a09:6841:0:1::/64
|
||||
# domain_search:
|
||||
# - client1.isp.auro.re
|
||||
# client2:
|
||||
# prefix:
|
||||
# - 2a09:6841:0:2::/64
|
||||
# domain_search:
|
||||
# - client2.isp.auro.re
|
||||
# client3:
|
||||
# prefix:
|
||||
# - 2a09:6841:0:3::/64
|
||||
# domain_search:
|
||||
# - client3.isp.auro.re
|
||||
# client4:
|
||||
# prefix:
|
||||
# - 2a09:6841:0:400::/64
|
||||
# domain_search:
|
||||
# - client4.isp.auro.re
|
||||
# bird__radv_dns_servers:
|
||||
# - 2a09:6840:128::10:103
|
||||
# - 2a09:6840:128::10:3
|
||||
# bird__asn:
|
||||
# aurore: 43619
|
||||
# bird__bgp_addresses:
|
||||
# isp-1.back.infra.auro.re:
|
||||
# - 2a09:6840:203::1:5
|
||||
# - 10.203.1.5
|
||||
# isp-2.back.infra.auro.re:
|
||||
# - 2a09:6840:203::1:6
|
||||
# - 10.203.1.6
|
||||
# bird__bgp_sessions:
|
||||
# edge1:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6840:203::1:1
|
||||
# - 10.203.1.1
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: true
|
||||
# export:
|
||||
# - accept: false
|
||||
# edge2:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6840:203::1:2
|
||||
# - 10.203.1.2
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: true
|
||||
# export:
|
||||
# - accept: false
|
||||
# bird__ospf_broadcast_interfaces:
|
||||
# back0: null
|
||||
# bird__ospf_stub_interfaces:
|
||||
# - client0
|
||||
# - client1
|
||||
# - client2
|
||||
# - client3
|
||||
# - client4
|
||||
# roles:
|
||||
# - bird
|
||||
|
||||
|
||||
#- hosts:
|
||||
# - infra-1.back.infra.auro.re
|
||||
# - infra-2.back.infra.auro.re
|
||||
# vars:
|
||||
# bird__router_ids:
|
||||
# infra-1.back.infra.auro.re: 10.203.1.3
|
||||
# infra-2.back.infra.auro.re: 10.203.1.4
|
||||
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||
# bird__ospf_broadcast_interfaces:
|
||||
# back0: null
|
||||
# bird__ospf_stub_interfaces:
|
||||
# - monit0
|
||||
# - wifi0
|
||||
# - int0
|
||||
# - pub0
|
||||
# - bmc0
|
||||
# - pve0
|
||||
# - isp0
|
||||
# - mgmt0
|
||||
# bird__asn:
|
||||
# aurore: 43619
|
||||
# bird__bgp_addresses:
|
||||
# infra-1.back.infra.auro.re:
|
||||
# - 2a09:6840:203::1:3
|
||||
# - 10.203.1.3
|
||||
# infra-2.back.infra.auro.re:
|
||||
# - 2a09:6840:203::1:4
|
||||
# - 10.203.1.4
|
||||
# bird__bgp_sessions:
|
||||
# edge1:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6840:203::1:1
|
||||
# - 10.203.1.1
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: true
|
||||
# export:
|
||||
# - accept: false
|
||||
# edge2:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
## address:
|
||||
# - 2a09:6840:203::1:2
|
||||
# - 10.203.1.2
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: true
|
||||
# export:
|
||||
# - accept: false
|
||||
# roles:
|
||||
# - bird
|
||||
|
||||
#- hosts:
|
||||
# - edge-1.back.infra.auro.re
|
||||
# - edge-2.back.infra.auro.re
|
||||
# vars:
|
||||
# bird__router_ids:
|
||||
# edge-1.back.infra.auro.re: 10.203.1.1
|
||||
# edge-2.back.infra.auro.re: 10.203.1.2
|
||||
# bird__asn:
|
||||
# aurore: 43619
|
||||
# crans: 204515
|
||||
# zayo: 8218
|
||||
# viarezo: 212424
|
||||
# rezel: 199116
|
||||
# bird__orig_prefixes:
|
||||
# aurore:
|
||||
# - 45.66.108.0/22
|
||||
# - 2a09:6840::/32
|
||||
# - 2a09:6841::/32
|
||||
# - 2a09:6842::/32
|
||||
# crans:
|
||||
# - 185.230.76.0/22
|
||||
# - 2a0c:700::/32
|
||||
# viarezo:
|
||||
# - 138.195.144.0/20
|
||||
# - 192.159.121.0/24
|
||||
# - 2a0c:b641:2f0::/44
|
||||
# rezel:
|
||||
# - 137.194.8.0/22
|
||||
# - 2a09:6847::/32
|
||||
# martians:
|
||||
# - 10.0.0.0/8
|
||||
# - 172.16.0.0/12
|
||||
# - 192.168.0.0/16
|
||||
# - 100.64.0.0/10
|
||||
# - 127.0.0.0/8
|
||||
# - 169.254.0.0/16
|
||||
# - 192.0.0.0/24
|
||||
# - 192.0.2.0/24
|
||||
# - 198.18.0.0/15
|
||||
# - 198.51.100.0/24
|
||||
# - 203.0.113.0/24
|
||||
# - 224.0.0.0/4
|
||||
# - 240.0.0.0/4
|
||||
# - ::/128
|
||||
# - ::1/128
|
||||
# - ::ffff:0:0/96
|
||||
# - ::/96
|
||||
# - 100::/64
|
||||
# - 2001:10::/28
|
||||
# - 2001:db8::/32
|
||||
# - fc00::/7
|
||||
# - fe80::/10
|
||||
# - fec0::/10
|
||||
# - ff00::/8
|
||||
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||
# bird__bgp_addresses:
|
||||
# edge:
|
||||
# edge-1.back.infra.auro.re:
|
||||
# - 2a09:6840:203::1:1
|
||||
# - 10.203.1.1
|
||||
# edge-2.back.infra.auro.re:
|
||||
# - 2a09:6840:203::1:2
|
||||
# - 10.203.1.2
|
||||
# legacy:
|
||||
# edge-1.back.infra.auro.re:
|
||||
# - 2a09:6840:129::10:2
|
||||
# - 10.129.10.2
|
||||
# edge-2.back.infra.auro.re:
|
||||
# - 2a09:6840:129::10:102
|
||||
# - 10.129.10.102
|
||||
# rezel:
|
||||
# edge-1.back.infra.auro.re:
|
||||
# - 2a09:6842:19:9116::1
|
||||
# - 45.66.111.1
|
||||
# edge-2.back.infra.auro.re:
|
||||
# - 2a09:6842:19:9116::3
|
||||
# - 45.66.111.3
|
||||
# bird__bgp_sessions:
|
||||
# edge:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address: "{{ bird__bgp_addresses.edge
|
||||
# | dict2items
|
||||
# | selectattr('key', '!=', inventory_hostname)
|
||||
# | map(attribute='value')
|
||||
# | first }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: true
|
||||
# export:
|
||||
# - local_pref: 75
|
||||
# accept: true
|
||||
# vpn1:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6840:203::1:7
|
||||
# - 10.203.1.7
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: false
|
||||
# export:
|
||||
# - accept: true
|
||||
# vpn2:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6840:203::1:8
|
||||
# - 10.203.1.8
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: false
|
||||
# export:
|
||||
# - accept: false
|
||||
# legacy:
|
||||
# next_hop_self: true
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses.legacy[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6840:129::240
|
||||
# - 10.129.0.240
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: false
|
||||
# export:
|
||||
# - bgp_proto:
|
||||
# - crans
|
||||
# - zayo
|
||||
# - rezel1
|
||||
# - rezel2
|
||||
# accept: true
|
||||
# - accept: false
|
||||
# zayo:
|
||||
# local:
|
||||
# address:
|
||||
# - 83.167.52.69
|
||||
# - 2001:1b48:2:103::d7:2
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 83.167.52.68
|
||||
# - 2001:1b48:2:103::d7:1
|
||||
# as: "{{ bird__asn.zayo }}"
|
||||
# import:
|
||||
# - prefix: "{{ bird__orig_prefixes.martians }}"
|
||||
# sub: true
|
||||
# accept: false
|
||||
# - accept: true
|
||||
# export:
|
||||
# - prefix: "{{ ['aurore', 'crans', 'viarezo', 'rezel']
|
||||
# | map('extract', bird__orig_prefixes)
|
||||
# | flatten }}"
|
||||
# sub: true
|
||||
# accept: true
|
||||
## - accept: false
|
||||
# crans:
|
||||
# local:
|
||||
# address:
|
||||
# - 185.230.79.254
|
||||
# - 2a0c:700:28::2
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 185.230.79.253
|
||||
# - 2a0c:700:28::1
|
||||
# as: "{{ bird__asn.crans }}"
|
||||
# import:
|
||||
# - prefix: "{{ bird__orig_prefixes.crans }}"
|
||||
# sub: true
|
||||
# accept: true
|
||||
# - accept: false
|
||||
# export:
|
||||
# - bgp_proto:
|
||||
# - viarezo
|
||||
# - rezel1
|
||||
# - rezel2
|
||||
# - zayo
|
||||
# accept: true
|
||||
# - prefix: "{{ bird__orig_prefixes.aurore }}"
|
||||
# sub: true
|
||||
# accept: true
|
||||
# - accept: false
|
||||
# rezel1:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses.rezel[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6842:19:9116::2
|
||||
# - 45.66.111.2
|
||||
# as: "{{ bird__asn.rezel }}"
|
||||
# import:
|
||||
# - prefix: "{{ bird__orig_prefixes.rezel }}"
|
||||
# sub: true
|
||||
# accept: true
|
||||
# - accept: false
|
||||
# export:
|
||||
# - bgp_proto:
|
||||
# - edge
|
||||
# - viarezo
|
||||
# - crans
|
||||
# - zayo
|
||||
# accept: true
|
||||
# - prefix: "{{ bird__orig_prefixes.aurore }}"
|
||||
# sub: true
|
||||
# accept: true
|
||||
# - accept: false
|
||||
# rezel2:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses.rezel[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6842:19:9116::4
|
||||
# - 45.66.111.4
|
||||
# as: "{{ bird__asn.rezel }}"
|
||||
# import:
|
||||
# - local_pref: 75
|
||||
# - prefix: "{{ bird__orig_prefixes.rezel }}"
|
||||
# sub: true
|
||||
# accept: true
|
||||
# - accept: false
|
||||
# export:
|
||||
# - bgp_proto:
|
||||
# - edge
|
||||
# - viarezo
|
||||
# - crans
|
||||
# - zayo
|
||||
# accept: true
|
||||
# - prefix: "{{ bird__orig_prefixes.aurore }}"
|
||||
# sub: true
|
||||
# accept: true
|
||||
# - accept: false
|
||||
# viarezo:
|
||||
# local:
|
||||
# address:
|
||||
# - 192.159.121.134
|
||||
# - 2a0c:b641:2ff::6
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 192.159.121.133
|
||||
# - 2a0c:b641:2ff::5
|
||||
# as: "{{ bird__asn.viarezo }}"
|
||||
# import:
|
||||
# - prefix: "{{ bird__orig_prefixes.martians }}"
|
||||
# accept: false
|
||||
# - prefix: "{{ bird__orig_prefixes.viarezo }}"
|
||||
# sub: true
|
||||
# negate: true
|
||||
# local_pref: 50
|
||||
# - accept: true
|
||||
# export:
|
||||
# - prefix: "{{ bird__orig_prefixes.aurore }}"
|
||||
# as_prepend:
|
||||
# asn: "{{ bird__asn.aurore }}"
|
||||
# size: 5
|
||||
# - bgp_proto:
|
||||
# - crans
|
||||
# - zayo
|
||||
# accept: true
|
||||
# - accept: false
|
||||
# bird__ospf_broadcast_interfaces:
|
||||
# back0: null
|
||||
# bird__ospf_stub_interfaces:
|
||||
# - crans0
|
||||
# - zayo0
|
||||
# - rezel0
|
||||
# - viarezo0
|
||||
# bird__static_unreachable: "{{ bird__orig_prefixes.aurore }}"
|
||||
# roles:
|
||||
# - bird
|
||||
|
||||
#- hosts:
|
||||
# - vpn-1.back.infra.auro.re
|
||||
# - vpn-2.back.infra.auro.re
|
||||
# vars:
|
||||
# bird__asn:
|
||||
# aurore: 43619
|
||||
# bird__router_ids:
|
||||
# vpn-1.back.infra.auro.re: 10.203.1.7
|
||||
# vpn-2.back.infra.auro.re: 10.203.1.8
|
||||
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||
# bird__bgp_addresses:
|
||||
# vpn-1.back.infra.auro.re:
|
||||
# - 2a09:6840:203::1:7
|
||||
# - 10.203.1.7
|
||||
# vpn-2.back.infra.auro.re:
|
||||
# - 2a09:6840:203::1:8
|
||||
# - 10.203.1.8
|
||||
# bird__bgp_sessions:
|
||||
# edge1:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6840:203::1:1
|
||||
# - 10.203.1.1
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: true
|
||||
# export:
|
||||
# - accept: false
|
||||
# edge2:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6840:203::1:2
|
||||
# - 10.203.1.2
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: true
|
||||
# export:
|
||||
# - accept: false
|
||||
# bird__ospf_broadcast_interfaces:
|
||||
# back0: null
|
||||
# bird__ospf_stub_interfaces:
|
||||
## - wg0
|
||||
# roles:
|
||||
# - bird
|
||||
...
|
7
playbooks/caddy.yml
Executable file
7
playbooks/caddy.yml
Executable file
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- proxy.pub.infra.auro.re
|
||||
roles:
|
||||
- caddy
|
||||
...
|
|
@ -1,27 +1,10 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- ntp-1.int.infra.auro.re
|
||||
vars:
|
||||
chronyd__allow_networks:
|
||||
- 10.128.0.0/16
|
||||
- 2a09:6840:128::/48
|
||||
chronyd__pools:
|
||||
- 0.pool.ntp.org
|
||||
- 1.pool.ntp.org
|
||||
- 2.pool.ntp.org
|
||||
- 3.pool.ntp.org
|
||||
chronyd__local_stratum: 10
|
||||
roles:
|
||||
- chronyd
|
||||
|
||||
- hosts:
|
||||
- all
|
||||
- "!ntp-1.int.infra.auro.re"
|
||||
- "!unifi"
|
||||
vars:
|
||||
chronyd__pools:
|
||||
- ntp-1.int.infra.auro.re
|
||||
- pve_network
|
||||
- vm_network
|
||||
- vm_services
|
||||
- ntp
|
||||
roles:
|
||||
- chronyd
|
||||
...
|
||||
|
|
7
playbooks/collabora.yml
Executable file
7
playbooks/collabora.yml
Executable file
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- collabora.ext.infra.auro.re
|
||||
roles:
|
||||
- collabora
|
||||
...
|
7
playbooks/dhcpd.yml
Executable file
7
playbooks/dhcpd.yml
Executable file
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- dhcp
|
||||
roles:
|
||||
- dhcpd
|
||||
...
|
8
playbooks/firewall.yml
Executable file
8
playbooks/firewall.yml
Executable file
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- infra
|
||||
- isp
|
||||
roles:
|
||||
- firewall
|
||||
...
|
7
playbooks/freeradius.yml
Executable file
7
playbooks/freeradius.yml
Executable file
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- radius
|
||||
roles:
|
||||
- freeradius
|
||||
...
|
|
@ -17,8 +17,9 @@
|
|||
bind_password: "{{ vault_ldap_grafana_password }}"
|
||||
search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
|
||||
group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
|
||||
editors_group_dn:
|
||||
admins_group_dn:
|
||||
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
|
||||
editors_group_dn:
|
||||
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
|
||||
update_motd:
|
||||
grafana: Grafana est déployé (/etc/grafana).
|
||||
|
|
8
playbooks/hostname.yml
Executable file
8
playbooks/hostname.yml
Executable file
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- vm
|
||||
- pve
|
||||
roles:
|
||||
- hostname
|
||||
...
|
|
@ -1,213 +1,7 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- ntp-1.int.infra.auro.re
|
||||
- dns-1.int.infra.auro.re
|
||||
- dhcp-1.isp.auro.re
|
||||
- dhcp-2.isp.auro.re
|
||||
- isp-1.rtr.infra.auro.re
|
||||
- isp-2.rtr.infra.auro.re
|
||||
vars:
|
||||
# TODO: netbox
|
||||
ifupdown2__hosts:
|
||||
ntp-1.int.infra.auro.re:
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
addresses:
|
||||
- 2a09:6840:128::203/56
|
||||
- 10.128.0.203/16
|
||||
dns-1.int.infra.auro.re:
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
addresses:
|
||||
- 2a09:6840:128::127/56
|
||||
- 10.128.0.127/16
|
||||
dhcp-1.isp.auro.re:
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
addresses:
|
||||
- 2a09:6840:128::204/56
|
||||
- 10.128.0.204/16
|
||||
ens19: null
|
||||
clients:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- ens19
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
client-0:
|
||||
addresses:
|
||||
- 100.64.0.2/27
|
||||
vlan_id: 1000
|
||||
vlan_raw_device: clients
|
||||
client-1:
|
||||
addresses:
|
||||
- 100.64.0.34/27
|
||||
vlan_id: 1001
|
||||
vlan_raw_device: clients
|
||||
client-2:
|
||||
addresses:
|
||||
- 100.64.0.66/27
|
||||
vlan_id: 1002
|
||||
vlan_raw_device: clients
|
||||
client-3:
|
||||
addresses:
|
||||
- 100.64.0.98/27
|
||||
vlan_id: 1003
|
||||
vlan_raw_device: clients
|
||||
client-4:
|
||||
addresses:
|
||||
- 100.64.0.130/27
|
||||
vlan_id: 1004
|
||||
vlan_raw_device: clients
|
||||
dhcp-2.isp.auro.re:
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
addresses:
|
||||
- 2a09:6840:128::91/56
|
||||
- 10.128.0.91/16
|
||||
ens19: null
|
||||
clients:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- ens19
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
client-0:
|
||||
addresses:
|
||||
- 100.64.0.3/27
|
||||
vlan_id: 1000
|
||||
vlan_raw_device: clients
|
||||
client-1:
|
||||
addresses:
|
||||
- 100.64.0.35/27
|
||||
vlan_id: 1001
|
||||
vlan_raw_device: clients
|
||||
client-2:
|
||||
addresses:
|
||||
- 100.64.0.67/27
|
||||
vlan_id: 1002
|
||||
vlan_raw_device: clients
|
||||
client-3:
|
||||
addresses:
|
||||
- 100.64.0.99/27
|
||||
vlan_id: 1003
|
||||
vlan_raw_device: clients
|
||||
client-4:
|
||||
addresses:
|
||||
- 100.64.0.131/27
|
||||
vlan_id: 1004
|
||||
vlan_raw_device: clients
|
||||
isp-1.rtr.infra.auro.re:
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
addresses:
|
||||
- 2a09:6840:128::255/56
|
||||
- 10.128.0.255/16
|
||||
ens19: null
|
||||
clients:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- ens19
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
bridge_disable_pvid: true
|
||||
forward: true
|
||||
ipv6_addrgen: false
|
||||
client-0:
|
||||
forward: true
|
||||
vlan_id: 1000
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-1:
|
||||
forward: true
|
||||
vlan_id: 1001
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-2:
|
||||
forward: true
|
||||
vlan_id: 1002
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-3:
|
||||
forward: true
|
||||
vlan_id: 1003
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-4:
|
||||
forward: true
|
||||
vlan_id: 1004
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
isp-2.rtr.infra.auro.re:
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
addresses:
|
||||
- 2a09:6840:128::158/56
|
||||
- 10.128.0.158/16
|
||||
ens19: null
|
||||
clients:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- ens19
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
client-0:
|
||||
forward: true
|
||||
vlan_id: 1000
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-1:
|
||||
forward: true
|
||||
vlan_id: 1001
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-2:
|
||||
forward: true
|
||||
vlan_id: 1002
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-3:
|
||||
forward: true
|
||||
vlan_id: 1003
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-4:
|
||||
forward: true
|
||||
vlan_id: 1004
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
|
||||
- vm
|
||||
roles:
|
||||
- ifupdown2
|
||||
|
||||
- hosts:
|
||||
- ntp-1.int.infra.auro.re
|
||||
- dns-1.int.infra.auro.re
|
||||
- dhcp-1.isp.auro.re
|
||||
- dhcp-2.isp.auro.re
|
||||
- isp-1.rtr.infra.auro.re
|
||||
- isp-2.rtr.infra.auro.re
|
||||
vars:
|
||||
resolvconf__nameservers:
|
||||
- 2a09:6840:128::127
|
||||
- 10.128.0.127
|
||||
resolvconf__domain: auro.re
|
||||
resolvconf__search:
|
||||
- "{{ inventory_hostname | remove_domain_suffix }}"
|
||||
- auro.re
|
||||
roles:
|
||||
- resolvconf
|
||||
...
|
||||
|
|
10
playbooks/ip_forward.yml
Executable file
10
playbooks/ip_forward.yml
Executable file
|
@ -0,0 +1,10 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- edge
|
||||
- infra
|
||||
- isp
|
||||
- vpn
|
||||
roles:
|
||||
- ip_forward
|
||||
...
|
10
playbooks/iproute2.yml
Executable file
10
playbooks/iproute2.yml
Executable file
|
@ -0,0 +1,10 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- edge
|
||||
- isp
|
||||
- infra
|
||||
- vpn
|
||||
roles:
|
||||
- iproute2
|
||||
...
|
|
@ -1,9 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: dhcp-*.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
unbound: isc-dhcp-server est déployé.
|
||||
roles:
|
||||
- isc_dhcp_server
|
||||
- update_motd
|
|
@ -1,32 +1,9 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- isp-1.rtr.infra.auro.re
|
||||
- isp-2.rtr.infra.auro.re
|
||||
vars:
|
||||
keepalived__virtual_router_id: 80
|
||||
keepalived__interface: ens18
|
||||
keepalived__virtual_addresses:
|
||||
client-0:
|
||||
- 100.64.0.1/27
|
||||
- 2a09:6841::/56
|
||||
- fe80::1/10
|
||||
client-1:
|
||||
- 100.64.0.33/27
|
||||
- 2a09:6841:0:100::/56
|
||||
- fe80::1/10
|
||||
client-2:
|
||||
- 100.64.0.65/27
|
||||
- 2a09:6841:0:100::/56
|
||||
- fe80::1/10
|
||||
client-3:
|
||||
- 100.64.0.97/27
|
||||
- 2a09:6841:0:200::/56
|
||||
- fe80::1/10
|
||||
client-4:
|
||||
- 100.64.0.129/27
|
||||
- 2a09:6841:0:300::/56
|
||||
- fe80::1/10
|
||||
- isp
|
||||
- edge
|
||||
- infra
|
||||
roles:
|
||||
- keepalived
|
||||
...
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: all
|
||||
roles: []
|
||||
|
||||
# WIP: Deploy authoritative DNS servers
|
||||
# - hosts: authoritative_dns
|
||||
# vars:
|
||||
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
|
||||
# service_name: dns
|
||||
# service_version: crans
|
||||
# service_config:
|
||||
# hostname: re2o-server.adm.auro.re
|
||||
# username: service-user
|
||||
# password: "{{ vault_serviceuser_passwd }}"
|
||||
# roles:
|
||||
# - re2o_service
|
8
playbooks/knotd.yml
Executable file
8
playbooks/knotd.yml
Executable file
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- ns-master.int.infra.auro.re
|
||||
- ns
|
||||
roles:
|
||||
- knotd
|
||||
...
|
6
playbooks/kresd.yml
Executable file
6
playbooks/kresd.yml
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: dns
|
||||
roles:
|
||||
- kresd
|
||||
...
|
8
playbooks/locales.yml
Executable file
8
playbooks/locales.yml
Executable file
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- pve
|
||||
- vm
|
||||
roles:
|
||||
- locales
|
||||
...
|
8
playbooks/mail.yml
Executable file
8
playbooks/mail.yml
Executable file
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- vm_test
|
||||
roles:
|
||||
- postfix
|
||||
- dovecot
|
||||
...
|
10
playbooks/openssh.yml
Executable file
10
playbooks/openssh.yml
Executable file
|
@ -0,0 +1,10 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- pve_network
|
||||
- vm_test
|
||||
- vm_services
|
||||
- vm_network
|
||||
roles:
|
||||
- openssh_server
|
||||
...
|
|
@ -1,241 +1,228 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: prometheus-fleming.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets: |
|
||||
{{ groups['fleming_unifi'] | list | sort }}
|
||||
prometheus_ilo_snmp_targets: |
|
||||
{{ groups['fleming_ilo'] | list | sort }}
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration fleming) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-pacaterie.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets: |
|
||||
{{ groups['pacaterie_unifi'] | list | sort }}
|
||||
prometheus_ups_snmp_targets:
|
||||
- ups-pn-1.ups.auro.re
|
||||
- ups-ps-1.ups.auro.re
|
||||
prometheus_ilo_snmp_targets: |
|
||||
{{ groups['pacaterie_ilo'] | list | sort }}
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-edc.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_ups_snmp_targets:
|
||||
- ups-ec-1.ups.auro.re
|
||||
# - ups-ec-2.ups.auro.re
|
||||
- ups-ec-3.ups.auro.re
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets: |
|
||||
{{ groups['edc_unifi'] | list | sort }}
|
||||
prometheus_ilo_snmp_targets: |
|
||||
{{ groups['edc_ilo'] | list | sort }}
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration edc) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-gs.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets: |
|
||||
{{ groups['gs_unifi'] | list | sort }}
|
||||
prometheus_ups_snmp_targets:
|
||||
- ups-gk-1.ups.auro.re
|
||||
prometheus_apc_pdu_snmp_targets:
|
||||
- pdu-ga-1.ups.auro.re
|
||||
prometheus_ilo_snmp_targets: |
|
||||
{{ groups['gs_ilo'] | list | sort }}
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration gs) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-rives.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_ups_snmp_targets:
|
||||
- ups-r3-1.ups.auro.re
|
||||
- ups-r1-1.ups.auro.re
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets: |
|
||||
{{ groups['rives_unifi'] | list | sort }}
|
||||
prometheus_ilo_snmp_targets: |
|
||||
{{ groups['rives_ilo'] | list | sort }}
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration rives) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-aurore.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
|
||||
prometheus_postgresql_targets: |
|
||||
{{ groups['bdd'] + groups['radius'] | list | sort }}
|
||||
prometheus_switch_snmp_targets:
|
||||
- yggdrasil.switch.auro.re
|
||||
- sw-pn-serveurs.switch.auro.re
|
||||
- sw-ec-serveurs.switch.auro.re
|
||||
- sw-gk-serveurs.switch.auro.re
|
||||
- sw-fl-serveurs.switch.auro.re
|
||||
- sw-ff-uplink.switch.auro.re
|
||||
- sw-fl-core.switch.auro.re
|
||||
- sw-fd-vcore.switch.auro.re
|
||||
- sw-fl-vcore.switch.auro.re
|
||||
- sw-ff-vcore.switch.auro.re
|
||||
- sw-pn-core.switch.auro.re
|
||||
- sw-ec-core.switch.auro.re
|
||||
- sw-gk-core.switch.auro.re
|
||||
- sw-r3-core.switch.auro.re
|
||||
prometheus_ilo_snmp_targets: |
|
||||
{{ groups['aurore_ilo'] | list | sort }}
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration aurore) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-ovh.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
||||
prometheus_postgresql_targets:
|
||||
- bdd-ovh.adm.auro.re
|
||||
prometheus_docker_targets:
|
||||
- docker-ovh.adm.auro.re
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration ovh) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-federate.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_servers_targets:
|
||||
- prometheus-edc.adm.auro.re
|
||||
- prometheus-gs.adm.auro.re
|
||||
- prometheus-fleming.adm.auro.re
|
||||
- prometheus-pacaterie.adm.auro.re
|
||||
- prometheus-rives.adm.auro.re
|
||||
- prometheus-aurore.adm.auro.re
|
||||
- prometheus-ovh.adm.auro.re
|
||||
|
||||
update_motd:
|
||||
prometheus_federate: >-
|
||||
Prometheus (en configuration fédération) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus_federate
|
||||
- update_motd
|
||||
|
||||
# Postgres Exporters
|
||||
- hosts: bdd,radius
|
||||
roles:
|
||||
- prometheus_postgres
|
||||
|
||||
# Monitor all hosts
|
||||
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
|
||||
- hosts:
|
||||
- pve
|
||||
- vm
|
||||
roles:
|
||||
- prometheus_node
|
||||
|
||||
- hosts:
|
||||
- router
|
||||
roles:
|
||||
- prometheus_keepalived
|
||||
- prometheus_bird
|
||||
|
||||
- hosts:
|
||||
- prom
|
||||
roles:
|
||||
- prometheus_snmp
|
||||
- prometheus
|
||||
|
||||
#- hosts: prometheus-fleming.adm.auro.re
|
||||
# vars:
|
||||
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
# snmp_ilo_user: aurore
|
||||
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
#
|
||||
# prometheus_servers_targets: |
|
||||
# {{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
||||
# prometheus_unifi_snmp_targets: |
|
||||
# {{ groups['fleming_unifi'] | list | sort }}
|
||||
# prometheus_ilo_snmp_targets: |
|
||||
# {{ groups['fleming_ilo'] | list | sort }}
|
||||
#
|
||||
# update_motd:
|
||||
# prometheus: >-
|
||||
# Prometheus (en configuration fleming) est déployé (/etc/prometheus).
|
||||
# roles:
|
||||
# - prometheus
|
||||
# - update_motd
|
||||
#
|
||||
#- hosts: prometheus-pacaterie.adm.auro.re
|
||||
# vars:
|
||||
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
# snmp_ilo_user: aurore
|
||||
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
#
|
||||
# prometheus_servers_targets: |
|
||||
# {{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
|
||||
# prometheus_unifi_snmp_targets: |
|
||||
# {{ groups['pacaterie_unifi'] | list | sort }}
|
||||
# prometheus_ups_snmp_targets:
|
||||
# - ups-pn-1.ups.auro.re
|
||||
# - ups-ps-1.ups.auro.re
|
||||
# prometheus_ilo_snmp_targets: |
|
||||
# {{ groups['pacaterie_ilo'] | list | sort }}
|
||||
#
|
||||
# update_motd:
|
||||
# prometheus: >-
|
||||
# Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
|
||||
# roles:
|
||||
# - prometheus
|
||||
# - update_motd
|
||||
#
|
||||
#- hosts: prometheus-edc.adm.auro.re
|
||||
# vars:
|
||||
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
# snmp_ilo_user: aurore
|
||||
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
#
|
||||
# prometheus_ups_snmp_targets:
|
||||
# - ups-ec-1.ups.auro.re
|
||||
# # - ups-ec-2.ups.auro.re
|
||||
# - ups-ec-3.ups.auro.re
|
||||
# prometheus_servers_targets: |
|
||||
# {{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
|
||||
# prometheus_unifi_snmp_targets: |
|
||||
# {{ groups['edc_unifi'] | list | sort }}
|
||||
# prometheus_ilo_snmp_targets: |
|
||||
# {{ groups['edc_ilo'] | list | sort }}
|
||||
#
|
||||
# update_motd:
|
||||
# prometheus: >-
|
||||
# Prometheus (en configuration edc) est déployé (/etc/prometheus).
|
||||
# roles:
|
||||
# - prometheus
|
||||
# - update_motd
|
||||
#
|
||||
#- hosts: prometheus-gs.adm.auro.re
|
||||
# vars:
|
||||
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
# snmp_ilo_user: aurore
|
||||
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
#
|
||||
# prometheus_servers_targets: |
|
||||
# {{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
|
||||
# prometheus_unifi_snmp_targets: |
|
||||
# {{ groups['gs_unifi'] | list | sort }}
|
||||
# prometheus_ups_snmp_targets:
|
||||
# - ups-gk-1.ups.auro.re
|
||||
# prometheus_apc_pdu_snmp_targets:
|
||||
# - pdu-ga-1.ups.auro.re
|
||||
# prometheus_ilo_snmp_targets: |
|
||||
# {{ groups['gs_ilo'] | list | sort }}
|
||||
#
|
||||
# update_motd:
|
||||
# prometheus: >-
|
||||
# Prometheus (en configuration gs) est déployé (/etc/prometheus).
|
||||
# roles:
|
||||
# - prometheus
|
||||
# - update_motd
|
||||
#
|
||||
#- hosts: prometheus-rives.adm.auro.re
|
||||
# vars:
|
||||
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
# snmp_ilo_user: aurore
|
||||
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
#
|
||||
# prometheus_ups_snmp_targets:
|
||||
# - ups-r3-1.ups.auro.re
|
||||
# - ups-r1-1.ups.auro.re
|
||||
# prometheus_servers_targets: |
|
||||
# {{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
|
||||
# prometheus_unifi_snmp_targets: |
|
||||
# {{ groups['rives_unifi'] | list | sort }}
|
||||
# prometheus_ilo_snmp_targets: |
|
||||
# {{ groups['rives_ilo'] | list | sort }}
|
||||
#
|
||||
# update_motd:
|
||||
# prometheus: >-
|
||||
# Prometheus (en configuration rives) est déployé (/etc/prometheus).
|
||||
# roles:
|
||||
# - prometheus
|
||||
# - update_motd
|
||||
#
|
||||
#- hosts: prometheus-aurore.adm.auro.re
|
||||
# vars:
|
||||
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
# snmp_ilo_user: aurore
|
||||
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
#
|
||||
# prometheus_servers_targets: |
|
||||
# {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
|
||||
# prometheus_postgresql_targets: |
|
||||
# {{ groups['bdd'] + groups['radius'] | list | sort }}
|
||||
# prometheus_switch_snmp_targets:
|
||||
# - yggdrasil.switch.auro.re
|
||||
# - sw-pn-serveurs.switch.auro.re
|
||||
# - sw-ec-serveurs.switch.auro.re
|
||||
# - sw-gk-serveurs.switch.auro.re
|
||||
# - sw-fl-serveurs.switch.auro.re
|
||||
# - sw-ff-uplink.switch.auro.re
|
||||
# - sw-fl-core.switch.auro.re
|
||||
# - sw-fd-vcore.switch.auro.re
|
||||
# - sw-fl-vcore.switch.auro.re
|
||||
# - sw-ff-vcore.switch.auro.re
|
||||
# - sw-pn-core.switch.auro.re
|
||||
# - sw-ec-core.switch.auro.re
|
||||
# - sw-gk-core.switch.auro.re
|
||||
# - sw-r3-core.switch.auro.re
|
||||
# prometheus_ilo_snmp_targets: |
|
||||
# {{ groups['aurore_ilo'] | list | sort }}
|
||||
#
|
||||
# update_motd:
|
||||
# prometheus: >-
|
||||
# Prometheus (en configuration aurore) est déployé (/etc/prometheus).
|
||||
# roles:
|
||||
# - prometheus
|
||||
# - update_motd
|
||||
#
|
||||
#- hosts: prometheus-ovh.adm.auro.re
|
||||
# vars:
|
||||
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
# snmp_ilo_user: aurore
|
||||
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
#
|
||||
# prometheus_servers_targets: |
|
||||
# {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
||||
# prometheus_postgresql_targets:
|
||||
# - bdd-ovh.adm.auro.re
|
||||
# prometheus_docker_targets:
|
||||
# - docker-ovh.adm.auro.re
|
||||
#
|
||||
# update_motd:
|
||||
# prometheus: >-
|
||||
# Prometheus (en configuration ovh) est déployé (/etc/prometheus).
|
||||
# roles:
|
||||
# - prometheus
|
||||
# - update_motd
|
||||
#
|
||||
## Postgres Exporters
|
||||
#- hosts: bdd,radius
|
||||
# roles:
|
||||
# - prometheus_postgres
|
||||
|
|
8
playbooks/pve.yml
Executable file
8
playbooks/pve.yml
Executable file
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- pve
|
||||
- vm
|
||||
roles:
|
||||
- locales
|
||||
...
|
9
playbooks/qemu_guest.yml
Executable file
9
playbooks/qemu_guest.yml
Executable file
|
@ -0,0 +1,9 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- vm_network
|
||||
- vm_services
|
||||
- vm_test
|
||||
roles:
|
||||
- qemu_guest
|
||||
...
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue