Compare commits
4 commits
| Author | SHA1 | Date | |
|---|---|---|---|
10acf10c47
|
|||
|
a64dbf9aec
|
|||
|
bc98517c77
|
|||
|
3a202b4566
|
18 changed files with 107 additions and 237 deletions
|
|
@ -1,6 +1,3 @@
|
|||
import ipaddress
|
||||
from operator import attrgetter
|
||||
|
||||
import dns.name
|
||||
|
||||
|
||||
|
|
@ -8,33 +5,9 @@ class FilterModule:
|
|||
def filters(self):
|
||||
return {
|
||||
"remove_domain_suffix": remove_domain_suffix,
|
||||
"ipaddr_sort": ipaddr_sort,
|
||||
}
|
||||
|
||||
|
||||
def remove_domain_suffix(name):
|
||||
parent = dns.name.from_text(name).parent()
|
||||
return parent.to_text()
|
||||
|
||||
|
||||
def ipaddr_sort(addrs, types, unknown_after=True):
|
||||
check_types = {
|
||||
"global": attrgetter("is_global"),
|
||||
"link-local": attrgetter("is_link_local"),
|
||||
"loopback": attrgetter("is_loopback"),
|
||||
"multicast": attrgetter("is_multicast"),
|
||||
"private": attrgetter("is_private"),
|
||||
"reserved": attrgetter("is_reserved"),
|
||||
"site_local": attrgetter("is_site_local"),
|
||||
"unspecified": attrgetter("is_unspecified"),
|
||||
}
|
||||
|
||||
def addr_weight(addr):
|
||||
if isinstance(addr, str):
|
||||
addr = ipaddress.ip_address(addr.split("/")[0])
|
||||
for index, ty in enumerate(types):
|
||||
if check_types[ty](ipaddress.ip_address(addr)):
|
||||
return index
|
||||
return len(types) if unknown_after else -1
|
||||
|
||||
return sorted(addrs, key=addr_weight)
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@
|
|||
- 1.pool.ntp.org
|
||||
- 2.pool.ntp.org
|
||||
- 3.pool.ntp.org
|
||||
chronyd__local_stratum: 10
|
||||
roles:
|
||||
- chronyd
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@
|
|||
# TODO: netbox
|
||||
ifupdown2__hosts:
|
||||
ntp-1.int.infra.auro.re:
|
||||
lo: auto
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
|
|
@ -19,6 +20,7 @@
|
|||
- 2a09:6840:128::203/56
|
||||
- 10.128.0.203/16
|
||||
dns-1.int.infra.auro.re:
|
||||
lo: auto
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
|
|
@ -27,6 +29,7 @@
|
|||
- 2a09:6840:128::127/56
|
||||
- 10.128.0.127/16
|
||||
dhcp-1.isp.auro.re:
|
||||
lo: auto
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
|
|
@ -67,6 +70,7 @@
|
|||
vlan_id: 1004
|
||||
vlan_raw_device: clients
|
||||
dhcp-2.isp.auro.re:
|
||||
lo: auto
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
|
|
@ -107,6 +111,7 @@
|
|||
vlan_id: 1004
|
||||
vlan_raw_device: clients
|
||||
isp-1.rtr.infra.auro.re:
|
||||
lo: auto
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
|
|
@ -115,10 +120,25 @@
|
|||
- 2a09:6840:128::255/56
|
||||
- 10.128.0.255/16
|
||||
ens19: null
|
||||
ens20:
|
||||
addresses:
|
||||
- 2a09:6840:136:0:1::/56
|
||||
- 10.136.0.1/16
|
||||
vxlan:
|
||||
mtu: 1450
|
||||
vxlan_learning: true
|
||||
vxlan_physdev: ens20
|
||||
vxlan_port: 4789
|
||||
#vxlan_mcastgrp: ff02::15c
|
||||
bridge_vlan_vni_map: 1000-1004=1000-1004
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
bridge_learning: false
|
||||
clients:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- ens19
|
||||
- vxlan
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
bridge_disable_pvid: true
|
||||
|
|
@ -150,6 +170,7 @@
|
|||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
isp-2.rtr.infra.auro.re:
|
||||
lo: auto
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
|
|
@ -158,12 +179,30 @@
|
|||
- 2a09:6840:128::158/56
|
||||
- 10.128.0.158/16
|
||||
ens19: null
|
||||
ens20:
|
||||
addresses:
|
||||
- 2a09:6840:136:0:2::/56
|
||||
- 10.136.0.2/16
|
||||
vxlan:
|
||||
mtu: 1450
|
||||
vxlan_learning: true
|
||||
vxlan_physdev: ens20
|
||||
vxlan_port: 4789
|
||||
#vxlan_mcastgrp: ff02::15c
|
||||
bridge_vlan_vni_map: 1000-1004=1000-1004
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
bridge_learning: false
|
||||
clients:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- ens19
|
||||
- vxlan
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
bridge_disable_pvid: true
|
||||
forward: true
|
||||
ipv6_addrgen: false
|
||||
client-0:
|
||||
forward: true
|
||||
vlan_id: 1000
|
||||
|
|
@ -189,7 +228,11 @@
|
|||
vlan_id: 1004
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
ifupdown2__need_upstream_version_hosts:
|
||||
- isp-1.rtr.infra.auro.re
|
||||
- isp-2.rtr.infra.auro.re
|
||||
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
|
||||
ifupdown2__need_upstream_version: "{{ inventory_hostname in ifupdown2__need_upstream_version_hosts }}"
|
||||
roles:
|
||||
- ifupdown2
|
||||
|
||||
|
|
|
|||
|
|
@ -1,32 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- isp-1.rtr.infra.auro.re
|
||||
- isp-2.rtr.infra.auro.re
|
||||
vars:
|
||||
keepalived__virtual_router_id: 80
|
||||
keepalived__interface: ens18
|
||||
keepalived__virtual_addresses:
|
||||
client-0:
|
||||
- 100.64.0.1/27
|
||||
- 2a09:6841::/56
|
||||
- fe80::1/10
|
||||
client-1:
|
||||
- 100.64.0.33/27
|
||||
- 2a09:6841:0:100::/56
|
||||
- fe80::1/10
|
||||
client-2:
|
||||
- 100.64.0.65/27
|
||||
- 2a09:6841:0:100::/56
|
||||
- fe80::1/10
|
||||
client-3:
|
||||
- 100.64.0.97/27
|
||||
- 2a09:6841:0:200::/56
|
||||
- fe80::1/10
|
||||
client-4:
|
||||
- 100.64.0.129/27
|
||||
- 2a09:6841:0:300::/56
|
||||
- fe80::1/10
|
||||
roles:
|
||||
- keepalived
|
||||
...
|
||||
7
playbooks/ldap_accounts.yml
Normal file
7
playbooks/ldap_accounts.yml
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
- hosts: camelot.adm.auro.re
|
||||
roles:
|
||||
- sssd
|
||||
vars:
|
||||
xxx
|
||||
...
|
||||
16
playbooks/radvd.yml
Executable file
16
playbooks/radvd.yml
Executable file
|
|
@ -0,0 +1,16 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- dhcp-1.isp.auro.re
|
||||
- dhcp-2.isp.auro.re
|
||||
vars:
|
||||
radvd__interfaces:
|
||||
ens19:
|
||||
routes:
|
||||
- network: 2a09:6841:1::/56
|
||||
ens20:
|
||||
routes:
|
||||
- network: 2a09:6841:2::/56
|
||||
roles:
|
||||
- radvd
|
||||
...
|
||||
|
|
@ -3,9 +3,7 @@ chronyd__pools: []
|
|||
chronyd__key_file: /etc/chrony/chrony.keys
|
||||
chronyd__drift_file: /var/lib/chrony/chrony.drift
|
||||
chronyd__nts_dump_dir: /var/lib/chrony
|
||||
chronyd__log_dir: /var/log/chrony
|
||||
chronyd__max_update_skew: 100.0
|
||||
chronyd__rtcsync: true
|
||||
chronyd__allow_networks: []
|
||||
chronyd__log_change_seconds: 0.5
|
||||
...
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ pool {{ pool }} iburst
|
|||
keyfile {{ chronyd__key_file }}
|
||||
driftfile {{ chronyd__drift_file }}
|
||||
ntsdumpdir {{ chronyd__nts_dump_dir }}
|
||||
logdir {{ chronyd__log_dir }}
|
||||
|
||||
log tracking measurements statistics
|
||||
|
||||
|
|
@ -17,12 +16,6 @@ maxupdateskew {{ chronyd__max_update_skew | float }}
|
|||
rtcsync
|
||||
{% endif %}
|
||||
|
||||
{% if chronyd__local_stratum is defined %}
|
||||
local stratum {{ chronyd__local_stratum | int }}
|
||||
{% endif %}
|
||||
|
||||
logchange {{ chronyd__log_change_seconds | float }}
|
||||
|
||||
leapsectz right/UTC
|
||||
|
||||
{% for network in chronyd__allow_networks %}
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
ifupdown2__interfaces: {}
|
||||
ifupdown2__need_upstream_version: False
|
||||
...
|
||||
|
|
|
|||
BIN
roles/ifupdown2/files/ifupdown2_3.1.0-1_all.deb
Normal file
BIN
roles/ifupdown2/files/ifupdown2_3.1.0-1_all.deb
Normal file
Binary file not shown.
|
|
@ -5,5 +5,5 @@
|
|||
state: restarted
|
||||
|
||||
- name: Bring all interfaces up
|
||||
shell: /usr/sbin/ifup -a
|
||||
command: /usr/sbin/ifup -a
|
||||
...
|
||||
|
|
|
|||
|
|
@ -13,9 +13,24 @@
|
|||
masked: true
|
||||
when: must_mask
|
||||
|
||||
- name: Install ifupdown2
|
||||
- name: Install ifupdown2 (debian version)
|
||||
apt:
|
||||
name: ifupdown2
|
||||
when: "not ifupdown2__need_upstream_version"
|
||||
|
||||
# FIXME: ifupdown2 3.1.0-1 is not yet available, but is needed for its
|
||||
# better VxLAN support
|
||||
# See https://github.com/CumulusNetworks/ifupdown2/issues/211
|
||||
- name: Install upstream version of ifupdown2
|
||||
block:
|
||||
- name: Upload .deb file
|
||||
copy:
|
||||
src: ifupdown2_3.1.0-1_all.deb
|
||||
dest: /tmp/ifupdown2_3.1.0-1_all.deb
|
||||
- name: Install .deb file
|
||||
apt:
|
||||
deb: /tmp/ifupdown2_3.1.0-1_all.deb
|
||||
when: "ifupdown2__need_upstream_version"
|
||||
|
||||
- name: Unmask networking now that ifupdown2 is installed
|
||||
systemd:
|
||||
|
|
|
|||
|
|
@ -37,5 +37,28 @@ iface {{ name }}
|
|||
ipv6-addrgen {{ iface.ipv6_addrgen
|
||||
| ternary("yes", "no") }}
|
||||
{% endif %}
|
||||
{% if iface.mtu is defined %}
|
||||
mtu {{ iface.mtu | int }}
|
||||
{% endif %}
|
||||
{% if iface.vxlan_learning is defined %}
|
||||
vxlan-learning {{ iface.vxlan_learning
|
||||
| ternary("yes", "no") }}
|
||||
{% endif %}
|
||||
{% if iface.vxlan_physdev is defined %}
|
||||
vxlan-physdev {{ iface.vxlan_physdev }}
|
||||
{% endif %}
|
||||
{% if iface.vxlan_port is defined %}
|
||||
vxlan-port {{ iface.vxlan_port | int }}
|
||||
{% endif %}
|
||||
{% if iface.vxlan_mcastgrp is defined %}
|
||||
vxlan-mcastgrp {{ iface.vxlan_mcastgrp }}
|
||||
{% endif %}
|
||||
{% if iface.bridge_vlan_vni_map is defined %}
|
||||
bridge-vlan-vni-map {{ iface.bridge_vlan_vni_map }}
|
||||
{% endif %}
|
||||
{% if iface.bridge_learning is defined %}
|
||||
bridge-learning {{ iface.bridge_learning
|
||||
| ternary("yes", "no") }}
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
keepalived__virtual_addresses: {}
|
||||
keepalived__notify_master: []
|
||||
keepalived__notify_backup: []
|
||||
keepalived__notify_fault: []
|
||||
keepalived__max_auto_priority: -1
|
||||
...
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
- name: Reload keepalived
|
||||
systemd:
|
||||
name: keepalived.service
|
||||
state: reloaded
|
||||
...
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
---
|
||||
- name: Install keepalived
|
||||
apt:
|
||||
name: keepalived
|
||||
|
||||
- name: Configure keepalived
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "{{ item.mode }}"
|
||||
loop:
|
||||
- src: keepalived.conf.j2
|
||||
dest: /etc/keepalived/keepalived.conf
|
||||
mode: u=rw,g=,o=
|
||||
- src: notify.sh.j2
|
||||
dest: /etc/keepalived/notify.sh
|
||||
mode: u=rwx,g=,o=
|
||||
notify:
|
||||
- Reload keepalived
|
||||
|
||||
- name: Enable and start keepalived
|
||||
systemd:
|
||||
name: keepalived
|
||||
enabled: true
|
||||
state: started
|
||||
...
|
||||
|
|
@ -1,92 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
global_defs {
|
||||
dynamic_interfaces
|
||||
script_user root
|
||||
enable_script_security
|
||||
vrrp_version 3
|
||||
{% if keepalived__max_auto_priority is defined %}
|
||||
max_auto_priority {{ keepalived__max_auto_priority | int }}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{%
|
||||
set ipv4_enabled =
|
||||
keepalived__ipv4_enabled
|
||||
| default(keepalived__virtual_addresses.values()
|
||||
| flatten | ansible.utils.ipv4)
|
||||
%}
|
||||
{%
|
||||
set ipv6_enabled =
|
||||
keepalived__ipv6_enabled
|
||||
| default(keepalived__virtual_addresses.values()
|
||||
| flatten | ansible.utils.ipv6)
|
||||
%}
|
||||
|
||||
{% if ipv4_enabled and ipv6_enabled %}
|
||||
vrrp_sync_group group {
|
||||
group {
|
||||
{% if ipv4_enabled %}
|
||||
instance_v4
|
||||
{% endif %}
|
||||
{% if ipv6_enabled %}
|
||||
instance_v6
|
||||
{% endif %}
|
||||
}
|
||||
notify_master "/etc/keepalived/notify.sh master"
|
||||
notify_backup "/etc/keepalived/notify.sh backup"
|
||||
notify_fault "/etc/keepalived/notify.sh fault"
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if ipv4_enabled %}
|
||||
vrrp_instance instance_v4 {
|
||||
virtual_router_id {{ keepalived__virtual_router_id | int }}
|
||||
interface {{ keepalived__interface }}
|
||||
state BACKUP
|
||||
priority 250
|
||||
nopreempt
|
||||
advert_int 1
|
||||
accept
|
||||
virtual_ipaddress {
|
||||
{% for dev, addresses in keepalived__virtual_addresses.items() %}
|
||||
{% for address in addresses %}
|
||||
{% if address | ansible.utils.ipv4 %}
|
||||
{{ address }} dev {{ dev }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
}
|
||||
{% if not (ipv4_enabled and ipv6_enabled) %}
|
||||
notify_master "/etc/keepalived/notify.sh master"
|
||||
notify_backup "/etc/keepalived/notify.sh backup"
|
||||
notify_fault "/etc/keepalived/notify.sh fault"
|
||||
{% endif %}
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if ipv6_enabled %}
|
||||
vrrp_instance instance_v6 {
|
||||
virtual_router_id {{ keepalived__virtual_router_id | int }}
|
||||
interface {{ keepalived__interface }}
|
||||
state BACKUP
|
||||
priority 250
|
||||
nopreempt
|
||||
advert_int 1
|
||||
accept
|
||||
virtual_ipaddress {
|
||||
{% for dev, addresses in keepalived__virtual_addresses.items() %}
|
||||
{% for address in addresses | ipaddr_sort(["link-local"]) %}
|
||||
{% if address | ansible.utils.ipv6 %}
|
||||
{{ address }} dev {{ dev }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
}
|
||||
{% if not (ipv4_enabled and ipv6_enabled) %}
|
||||
notify_master "/etc/keepalived/notify.sh master"
|
||||
notify_backup "/etc/keepalived/notify.sh backup"
|
||||
notify_fault "/etc/keepalived/notify.sh fault"
|
||||
{% endif %}
|
||||
}
|
||||
{% endif %}
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
master=(
|
||||
{% for notify in keepalived__notify_master %}
|
||||
{{ notify | quote }}
|
||||
{% endfor %}
|
||||
)
|
||||
|
||||
backup=(
|
||||
{% for notify in keepalived__notify_backup %}
|
||||
{{ notify | quote }}
|
||||
{% endfor %}
|
||||
)
|
||||
|
||||
fault=(
|
||||
{% for notify in keepalived__notify_fault %}
|
||||
{{ notify | quote }}
|
||||
{% endfor %}
|
||||
)
|
||||
|
||||
case "$1" in
|
||||
master | backup | fault)
|
||||
scripts="$1[@]"
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 (master|backup|fault)" >&2
|
||||
exit 1
|
||||
esac
|
||||
|
||||
for script in "${!scripts}"
|
||||
do
|
||||
eval "${script}"
|
||||
done
|
||||
Loading…
Reference in a new issue