Compare commits
15 commits
master
...
infra_rout
Author | SHA1 | Date | |
---|---|---|---|
237a47b4f3 | |||
4d85cd7e4b | |||
f4acc8949c | |||
64772b76e4 | |||
9316313f1f | |||
8883e672bd | |||
907816af06 | |||
d112c1df91 | |||
4ca24ac99c | |||
1a193e5dfb | |||
20274b596f | |||
9c0bf190e2 | |||
91743e598b | |||
a616065513 | |||
0d705bc922 |
54 changed files with 1417 additions and 958 deletions
21
ansible.cfg
21
ansible.cfg
|
@ -1,16 +1,33 @@
|
||||||
|
# Ansible configuration
|
||||||
|
|
||||||
[defaults]
|
[defaults]
|
||||||
ask_vault_pass = True
|
|
||||||
|
# Explicitly redefine some defaults to make subfolder execution work
|
||||||
roles_path = ./roles
|
roles_path = ./roles
|
||||||
|
|
||||||
|
# Do not create .retry files
|
||||||
retry_files_enabled = False
|
retry_files_enabled = False
|
||||||
|
|
||||||
|
# Use inventory
|
||||||
inventory = ./hosts
|
inventory = ./hosts
|
||||||
filter_plugins = ./filter_plugins
|
|
||||||
|
# Custom header in templates
|
||||||
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
|
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
|
||||||
|
|
||||||
|
# Do not use cows (with cowsay)
|
||||||
nocows = 1
|
nocows = 1
|
||||||
|
|
||||||
|
# Do more parallelism
|
||||||
forks = 15
|
forks = 15
|
||||||
|
|
||||||
|
# Some SSH connection will take time
|
||||||
timeout = 60
|
timeout = 60
|
||||||
|
|
||||||
remote_user = root
|
remote_user = root
|
||||||
|
|
||||||
[diff]
|
[diff]
|
||||||
|
|
||||||
|
# TO know what changed
|
||||||
always = yes
|
always = yes
|
||||||
|
|
||||||
[ssh_connection]
|
[ssh_connection]
|
||||||
|
|
20
copy-keys.sh
Executable file
20
copy-keys.sh
Executable file
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Grab valid unique hostnames from the Ansible inventory.
|
||||||
|
HOSTS=$(grep -ve '^[#\[]' hosts \
|
||||||
|
| grep -F adm.auro.re \
|
||||||
|
| sort -u)
|
||||||
|
|
||||||
|
# Ask password
|
||||||
|
read -s -p "Hello adventurer, what is your LDAP password? " passwd
|
||||||
|
echo
|
||||||
|
|
||||||
|
for host in $HOSTS; do
|
||||||
|
echo "[+] Handling host $host"
|
||||||
|
|
||||||
|
# sshpass can be used for non-interactive password authentication.
|
||||||
|
# place your password in ldap-password.txt.
|
||||||
|
SSHPASS=${passwd} sshpass -v -e ssh-copy-id "$host"
|
||||||
|
done
|
||||||
|
|
|
@ -1,40 +0,0 @@
|
||||||
import ipaddress
|
|
||||||
from operator import attrgetter
|
|
||||||
|
|
||||||
import dns.name
|
|
||||||
|
|
||||||
|
|
||||||
class FilterModule:
|
|
||||||
def filters(self):
|
|
||||||
return {
|
|
||||||
"remove_domain_suffix": remove_domain_suffix,
|
|
||||||
"ipaddr_sort": ipaddr_sort,
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def remove_domain_suffix(name):
|
|
||||||
parent = dns.name.from_text(name).parent()
|
|
||||||
return parent.to_text()
|
|
||||||
|
|
||||||
|
|
||||||
def ipaddr_sort(addrs, types, unknown_after=True):
|
|
||||||
check_types = {
|
|
||||||
"global": attrgetter("is_global"),
|
|
||||||
"link-local": attrgetter("is_link_local"),
|
|
||||||
"loopback": attrgetter("is_loopback"),
|
|
||||||
"multicast": attrgetter("is_multicast"),
|
|
||||||
"private": attrgetter("is_private"),
|
|
||||||
"reserved": attrgetter("is_reserved"),
|
|
||||||
"site_local": attrgetter("is_site_local"),
|
|
||||||
"unspecified": attrgetter("is_unspecified"),
|
|
||||||
}
|
|
||||||
|
|
||||||
def addr_weight(addr):
|
|
||||||
if isinstance(addr, str):
|
|
||||||
addr = ipaddress.ip_address(addr.split("/")[0])
|
|
||||||
for index, ty in enumerate(types):
|
|
||||||
if check_types[ty](ipaddress.ip_address(addr)):
|
|
||||||
return index
|
|
||||||
return len(types) if unknown_after else -1
|
|
||||||
|
|
||||||
return sorted(addrs, key=addr_weight)
|
|
|
@ -1,246 +1,235 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
64313161633263303464663933363265373935633862653634643862343232643432343966376438
|
63383865663866376238613638306139363461386331363764306166386664653238353761383565
|
||||||
6134633764383937373966346538306530316539303966320a363035303038616435383366656532
|
6336653265613463646139666236646362303463373731610a333537313431363366616665643462
|
||||||
39346463396563626166333362306464343836386365303836356461323663633831636562393039
|
66303839346238306234643139313835643339633963626338316163336365306462353830343536
|
||||||
3832636432626238350a666566323435623834396166656233306639333830343130326265616234
|
3231373236633066330a303236653238356330636332633139623134663039303935666566336531
|
||||||
61666365663963643437386530363261306438376665386463376366363662656161316263303831
|
36303937303231663232653534666639656232303231313836303834306436323463653635303830
|
||||||
61393136363934316462616131326463333736656136643038623061313363386538393833663637
|
38393533363762663863326434633266613265663930363432623234376235326637346338333761
|
||||||
36373565333566306632313865646538633532393731313430633462666334323762653337383338
|
35363165643464623131313031383938353664373133616365613237383937376332353239636233
|
||||||
63313433333835653366363061343839326131666139346563306366656365316663333438363837
|
36393063333164346262356364626332303531373935613633326366383165336637323933656263
|
||||||
33323165353936343165646464306434303161313139653561346461653537616164623434376534
|
63376363623132393837363837656538323135316636333235656561383234393763303862626361
|
||||||
33666662343734633766356230383761353239333632613031396365346536373432363433633564
|
63613130326336626630393338373630653437333039376633663963373666383137303038376364
|
||||||
61633762393033343336373864653438336436613630366539333731383336346665313732396265
|
39313466353565316633356362623264356231613933656336323933373635636664383164323964
|
||||||
32356138666135383562656366353131366436363464643630656130303437623131333239386363
|
31633130353330376532313131373933393366313637356236623634653630393130363561656562
|
||||||
66373866393064306565306565386230373638633733326661333065633136633130323963323765
|
33333732343131656133353065313864653064633261643262633538643162383863323336316330
|
||||||
30353262323835313365383562326363343965636634376133613331363133313030346561653931
|
39333035643738313939353262353632303636386533623164623538323466653237373531376562
|
||||||
39363636636235646131353034663861336362383263613165323230366439383561653165363764
|
61363732366463393364383761663137343836383636366132663063383833396231326366346465
|
||||||
65366130623362623539393461363832353435616266393036386439303834316635366438393936
|
35323766663666383832663935633062633864646534363763643534363831336361306633636632
|
||||||
33383933366262636232383066663130383965306137356363363539633661373664613738336539
|
66313561613330363064393430643436363738623436353734353733613462326561326462363031
|
||||||
31363131616135623039346465623530376533386263343836376662316562386530336266303062
|
37666665383539626166373865323439356533323333343035636665323738633038386337343036
|
||||||
64386531303938623939653635313163633261336339366139666135323130653862346132646636
|
38653732663062333165616632316361363666393036643564356131383261646630393131613964
|
||||||
30363065303235346331333434653331646333616337623562643564366435613938643235333664
|
37376532636237373666396162666237663861356263633331326461386265316666383037613235
|
||||||
30626164373030303237656366623631396138333265383566333664663061613536666363623630
|
64303237363436383138303431613236633562303062393737623131343133383666373033333663
|
||||||
61623362383439636239336234333161366635306432363230366630383836326330343932303863
|
37646137303036303361386663653738666334616534623232346666653165636232326530633635
|
||||||
39393232373831363863333332636362396639663831656266336430313837666463336439353332
|
31333738366635623862353834366266643732386535356361323839623630663139373963656636
|
||||||
63303036633433323439613535326663633332346565646338353761363733643766363132666365
|
37393965356638656637366261303536306466373938313462383639366233386230393762646238
|
||||||
34303865656262303563323665363730663062626537363461646363636461633762663237366366
|
36633066623737633463643963383131393765303838373439393432633833366263643462333533
|
||||||
64393133656464643065633634313261336662646435313735306266316132636530393631353830
|
30626334663432636264326338643063313431306631376439303562363733313366396331636262
|
||||||
61303939373363323131316463333136326365333430626266376636356130396239323464353937
|
31313836613737366330393137656332333437633639383066363534363363386364323936623931
|
||||||
64616232373532396334343433636332353530386662633164353235626361623164313039336666
|
39666338393236346634613239383964353262633239633232326433343436623038323131303436
|
||||||
31636434666437393839393133633961373139313663616366373239386163623064373836376164
|
62373536633233383937343266613164333561623031383432323662396336646534383430393730
|
||||||
62316638366366376134386231306435616138656461373633393339653532363434393834393430
|
30636662623734616139353433336336323361393061363339333165616630336333663561353632
|
||||||
37363335623934306661333135343266663464623438353665613330356236323036363139643064
|
62626533653734323662653434353562346162613837373465646239376437663337353030303866
|
||||||
62383934363465316338393065383935646134353230376131613935613431656333383565353134
|
61323836643463343236633438366236613630363038323230353263373563643535313765303738
|
||||||
34643866353131653061623236306536363163373639396564336434653839346263303930633663
|
62373230643762386165363833336238313234343530333165313762383663343236383063303762
|
||||||
39393935636235313431303032336361313730373238333732626465346662363038636361383631
|
33653761613837396434353230356166326339646136353830343365623863336230373564643862
|
||||||
65393433346363366337383233646166306339653533646632623262376630383265393438326135
|
38653063363832323266346466356132396265323463626435363839383061363964323736393635
|
||||||
31643039333835666338383762336163336337343532393063323165636531353361613731363065
|
37633136663166653238313061386464353239346630323062633531393061373136326238323632
|
||||||
65303637396332613432663636326334646635346237396461636366356133303333306239393739
|
30323366373433623861306138306265393934613039313936613639626636343434653932373363
|
||||||
34353966653662346230383865643231313239626533643761366162613164333132373636623237
|
37343931623862386434623335666139666462353165643237396432376532373034333434346132
|
||||||
32356335643766646266646266633366363165373861306433316561363166363865303133633939
|
37643439656332643961393661656365346339626163343638616438643461333535623231333764
|
||||||
34633132343438363034323638376666313061383965323566646463653163313235373364386666
|
37346663626537643366633461373764313331383264373237653834313030616533353736326334
|
||||||
62393865373137343237306637363536383939303833663532396333313931336162333837613935
|
36316139613061633331343736643961303164376366383362623538616432373062303762323138
|
||||||
66383266343735396337663936333162323738383264376533316536376563396333343263643931
|
36303566393135383339356433653164663664393533333565343766363362623838333566373735
|
||||||
65646535363337373865353265306434356432353066656665366638353331366334366339613538
|
64643235323633343938636238373930316562336363313733373530303834623564376239303362
|
||||||
32373637633564613861626538373365336362313434633137613966353861393462623862663330
|
61313566613763613433333132333965363335346463383735393061376139386231386338313735
|
||||||
64386431373066306334383863366133333564373163386433313231363366393830343230323734
|
63643566336531623566626239613437346162663334636630333139393063636133333064656437
|
||||||
61633962356637326538336663386330653563353763663236623539363630626363323237333237
|
66663938656532663031663636643937633638386332303733316161663464613933366231613831
|
||||||
30656139626561313064323330373032323031343137366638303966313832646365666238326337
|
37333565336535326464393561386135386638613565663733323266303736333561316663613432
|
||||||
63306363613361653933306234386163383837666430616663383664386563323839326232383761
|
66373661623964343937343162646530346439343665396139616135663536653837363838343235
|
||||||
35373539626438356539393266653864353066633365383437623437356464383335383039343137
|
66636337376138666463336430363234323334313663663735383363623934346665313236303731
|
||||||
61373539343631373932373033656233323964353666626162386537616333366562346265656238
|
32316532626666633462393233643733303737343265366637346261643366303232316664323561
|
||||||
35396130356166303564303036383664656435626534303064653363316464616335303965376330
|
31363038306233373339353131343038643130313330373161373665636163333130613435303236
|
||||||
61646638383138323265313631613037396561626162306661653231646230343139656135333236
|
61383932313734363638303761366263313036663939663735313931363139376231366639653133
|
||||||
63303838316266333665636335663361656262353066666430656162323236633564313337353665
|
36306264623533393334303138656238656363363033353531663262336432613839363763633238
|
||||||
35363565303736633564356632346632343832363934343962313030646132663566346664313632
|
63306238366332363137653066353231323533653231626561333766373636393164623362346139
|
||||||
38393061613163356265643434626166393366366634343032626637333332316361663639623534
|
64653862363530373766333432383630313935313966353463346333623365643133376635316662
|
||||||
62323239373639393337373537646232663531653835356165313264663561623633633830373734
|
61356261303633656432333535656266663038393034313439363464633934316238343332343361
|
||||||
31336234613633666538373961626430316530346462343061323661353564323938353338373961
|
64323539396262623338373435656363363732643337623762623762326261303132643336323537
|
||||||
64616637303734303333626166306330613238646265636136653939363936356165356232396436
|
65663664663035613738346639393739396433623763643532393461663833323634376634633032
|
||||||
65353731633836363433616534636330663565643561363233396538386430393964353433616437
|
37313935633737363061653831646632326635633362326533316530363833376436663030663239
|
||||||
36343936313936303165396236393463646363383338366238363961666530623335653234656139
|
37356539663038386334353834663839613934653638376538623330366634363765656266643833
|
||||||
65346337663437623134376137326166323933613861663032623965643538343638376234316232
|
31303530363434363765313339363639626466323837366262373935343537363565616134353465
|
||||||
36333065323234663263343630353739313661373536316162366532336438373263303730626464
|
38316432653166366431363064656437313830393936663431313934643133373539366531373865
|
||||||
38613136393166626663636631363064303736666235333036616435373063363762666565363136
|
34353334396139666130633562663031336232653335326437356262663231373536613937343334
|
||||||
38333966303831313333613831313132633062616235353365313533386236613338373130303836
|
37646339663033616361303563356666383431303339643930383734303863333032396637663162
|
||||||
61326262313833306437366364316433393931353265326131653563656131333436376338613266
|
64386338323633326262316337353736623431346232353732613764323463333366376161636437
|
||||||
39326632613366666136643137303635336631353230396435313537656366326239626362313833
|
35343432616362643665356463616636353031636135666664356139383138636135356639353839
|
||||||
62653039343261613265306362323234623264366664306561663839306631663465303962386462
|
36356366393932303433373534306239653531346264386663333434616464316362643534653734
|
||||||
39353934643562383762623937643034383534393962333466613636346637323235346438666636
|
63303331663131633838646465313935636162343431663539643461326135653931633332643830
|
||||||
31613838313535666166663063373333653439313035346266666463623666613837313933623837
|
35346435646561616436356537643065396230623634316431306461353230356639396134303935
|
||||||
63343565663739393764353761316432626237346234663032316131306262356233333439323961
|
37356236373366396132313236366366353164643432643539333734616230633637633536623630
|
||||||
38646664383030303832646563393836643135303731306435383338623633626638306165386637
|
35303634386139333835326236383162643639626435386130663937323033663837366363336461
|
||||||
65393238653464623032336437643838333932366131656332333165376261383539386466343139
|
64643762393265626536663566643465643762393438343638363863346134633439306231306132
|
||||||
65613733383837323832303738363664653138613830376333363038383839623463623631666237
|
38333463646639373264653133653436303738336639373261396261323332656639323763386463
|
||||||
63363263396533353763373934373034643763376665316638353435663635346135333265363235
|
61313165336230306437353661306166303837336330336162633662373834396261373230316164
|
||||||
62663432343935343964626432353563313036303761393039386231343530663737633466643035
|
39346664643230616434653339333061323661616238373038663266643664383135326561306339
|
||||||
65343835353037643539316439666666633866356530363237373230373439373133313337653237
|
35373964343334323633333537386264663066633362373934386163626431393138663265343538
|
||||||
66613631373637313534353862653437393234363365323032393035376438616264336661616262
|
61303334646363316332636639626662386339363737393263646161333038363739373536383264
|
||||||
37336435326135373065353564383637626637343532396331623334643139386364316431376435
|
35623461313435353832396239626636396461336133323366306233633861366538303062663238
|
||||||
36356566363033636539363430356565373039363863396565643730656531346364626334393436
|
31393663346633386665303731653162373136653235626435306136333562353733303462623665
|
||||||
33343839303538383530363231366166623233333730323163323432373831313639626337346230
|
63653762353736313763353631313265393761366638613532623566336230626332616665336137
|
||||||
30333930333064393337616564386163623436613933623466353933393733346339383534633239
|
39633461646266376530656666366636623763643863646461323131333361376631383461326137
|
||||||
30633365313364666566643533326163336330323232353533316633313739343035383465376330
|
38666433323665626662333434623136346337633137303331333235336462636237643165653236
|
||||||
65356139386463633565366132383832643032333234633964373437633836343435393631396166
|
62316661356334653739633430303766646537316634386365623635383938303166666234303037
|
||||||
34633439643764623936366536353931646132373539326238303761383339643661616266646130
|
62323432633937616532336165366564393532346361323936623762386466393638323935323039
|
||||||
30393166393465326365393130636136336433623262346435353936306133616135653734383635
|
34646661653661626433373332363530653532343836333135396332386435373163373463626532
|
||||||
65393530633836613937346430366337626365363361663533313837363063396538663766646566
|
38343731633564656337626136376365613135326265633066356262323334386265386436616463
|
||||||
63373639653732353135343562353266316164303863336365303635653464393232613939396131
|
64303961663533666531303930326462353638356364343330393031656234333833613530633866
|
||||||
30636361343932663233663566656131363938656161623966316366656561343166336532613666
|
63303939396464643533373966353464616364326166363738646539343137363861616337363631
|
||||||
65613534663762353662353262623634616264373964316336626166353330303539356130646166
|
37306161316461613238333531346432366631666335623163323764383238643665356561366435
|
||||||
63643435353765633766626165643465386331333637366562393861613834323464363932306430
|
36323662326531313862633730663162313932623033303637653461366639636538306433633266
|
||||||
32643836646266643031396262626136313363623663366430376432373036643835653863323631
|
36323234313937313838643063323165333765663962303736333939333763326135623230613332
|
||||||
30613164326430633664306630333632363931656135643465363439376263386561383534633666
|
65343934633532623730336230616565313733363836373233313534313165373639656435636433
|
||||||
64323763656466343064396639313264386239356664663461333166626332326536623132333434
|
66356663633931366135303962666531383639376335396534386438663536623066363862646365
|
||||||
62303261643164643330333662623935383037353338306135613737306563326336336162633138
|
30653735383131336637383261316238393838353335306366343761386361623631396465656635
|
||||||
33623066373265663362303133363032343933306336396466383034636131333837313333326531
|
36646661373933663530653363613634373966613131353437346533613062356434353033333431
|
||||||
39336163313633623639303462313763656632633030336236643030343262653366633939643536
|
36393337353431353165613538646631393366366335316533626265313438643338323434393866
|
||||||
31636535393864663363353930363761623264343630396336396431663330323436613462633136
|
64373263316564393966343865383764343564356666346637303165326538643532643737343130
|
||||||
37336464353730643566393432343762333336653932333366636265343663323462626232623635
|
64393137636261363161396232653463646263346663323162386466653066633332646137343035
|
||||||
34346136333630363539633666316561376266373032373961313437653564636537656630303261
|
36326336626462363931626464653035343933336634323762653130623266666533656635633533
|
||||||
37313639333233333365383763333061373730623939303530303832646365323739356564626137
|
35643133316135303835356539393532326564653761326230306137326132333932646666373361
|
||||||
35633366393636376463393961333830343232363266633931613332643134643234303733373466
|
38353531393835653536356663373433333766323534653139666365636336386138366231643437
|
||||||
35323831623931633436626636346431303965663639666566623433383736633834626330303265
|
65343635616465383666303063656235613234323132653264656463613065346139313661663234
|
||||||
37353337656233663938663839373931623137666662623266336537383631626631306235363064
|
61373933656362306563396131363739666536353564393230343735626465623265323464333065
|
||||||
33313564316438633139336261623736336336326239376630316335313631376132646563333430
|
36333863613436653531353334316162396632363038323734313961636436343830343761636430
|
||||||
33656432643130643832343065353834633366363339353964623762666564633835633636313731
|
63353661653737346563646439613039353465303862383264656535646335393139623931616533
|
||||||
63353637636165663136623736343234393038313235333363643237643566623766393838386635
|
39636235366636313136366166356265326136393439313334633939343561323465366139393539
|
||||||
33646233623032653233336266636335666233353032303837663162303939383262373761623261
|
33616363646237353632366231336431393236336330306562343761646339396430373937633831
|
||||||
35366661363966346233633739663635353361303264356534366235616164316138623730623632
|
31323565343932333234613566313933636130336335343331383166616463663138383231393463
|
||||||
62316362623736396264366632373661373835393434343364353431316362666235616635633566
|
62663231656461626264393762376234643763646263313334303065323766353863366531633138
|
||||||
64353530633334393737346663653562346335323065356665643132353738363132623031353664
|
65373236316461303865613064626231636261626237633936386238353633633139646162323265
|
||||||
66666639326238386634363664356664343161386435323736316636343536326435303066353035
|
62613162646239386366316161323538323437346433336661383938383332616562616234653331
|
||||||
37363731613138393333636562386363333932386362303139643262386237353863363764643139
|
66306634613162633234363838313264663337653737656337613030343564353939366536376339
|
||||||
64616561373239346464623165616332623434303433626638376232333733646136376431626438
|
62666166343034323534646463643933663333653032323130366435356238353966363961616664
|
||||||
66613134343639656331626630303030366133356636663735353466353834613430356265386162
|
65336237376566393330643432363466653538623330366533616632396334356535336633306266
|
||||||
66613332663232623438636661306332613162666561353537313336643134663664306630636639
|
33373139343333353838633436356237613632323233353861383438386466326139306337363632
|
||||||
61613363353264373831393962333631383236666130646333336431303735333165656438363432
|
31613738333766663139353836356531376332656365633665346632666533643162363639343830
|
||||||
38396530333631636135653534393531326434306362396237366430383166323832336434376364
|
36336137313863613835393166623235366563373431386562363064393938313033323633633263
|
||||||
38393431646338316232373431613930326532646333386435303034356564336665346133393866
|
61373937653931623962633266633233343563623064386636353231363337636437396438356333
|
||||||
61643533643361646265313334633463616437393437653935613261366635616430313064346532
|
35343137333332646462663462396437323433373339393439633363376535393230656561353461
|
||||||
32363831613565313836376338646466323130373032613863323037323566643164653132633735
|
65373565396530333164396666333561633835376232643262653630643666653534316565393562
|
||||||
65636562653535626461396666643330386333663137613333643165656336633038323036373162
|
30633933333635346337376365386332613032393764656661663562316561373536306237626138
|
||||||
31376338613862333334643561313332326237646565633934323032626662633631633033623063
|
36316561336235343434643962623138343032663864323862326164326164613830633439313065
|
||||||
63306664656437663732323339383735306132616531373865323835633264333639336163366466
|
35303738633731613234653066353035363239383936303662633563326563386334353766386137
|
||||||
33373433653839393638323034623835643531393266306331313563613265616633353763653438
|
34643663373032336135386561663963343161613938343762363162313932363538616361613330
|
||||||
65363532653163303861383531356639316331343531666666636336373634636134633331366364
|
63653638626636646362393938333965616162396430346463376332363066373831643633383139
|
||||||
62366230366435323435613964636533353236373935626632623536396664313264653031623062
|
39613936303033353536326133396331303435313432326366316337653935396662393463663739
|
||||||
33366166343630313839366262313234346262343336386538336335393835646138666330656361
|
30326565616666363534306238613138303031383562356633316434363666626632616233653533
|
||||||
61313936323838653832633130346539636363613838343363663431623063333933383466353938
|
31333665313930366463636630373363333565613835353935333936303961333764396361626530
|
||||||
65383361333561383631643938613862343236346233363466333237316339616362366565306639
|
64386534626166356130333161643339383064633965323463313861303364633937646264373565
|
||||||
39356563656132303463346138356435303038303165363935343266396462326365363262393336
|
61326330343833333761656537643565663536616133363465643131396338653764653165336539
|
||||||
37396235366639623761366239386165613065626431633733306234343866663266633631656237
|
63396536383330336531656434303862333639363031633436366665646565613934663838363832
|
||||||
63643430383433393835663635356265636635363137613064353066313338346436356632346265
|
63663761303837306234623632613834613464326663313133626166613334336539333662383934
|
||||||
38393730336465396263373137383238653337396364643061303234666266663064663265383434
|
30316134643661326463376434313137333133353934353363663433373066663366633066663139
|
||||||
36636138643432373633313038393737663735363838396164366234643533633762383062353831
|
30303163313532623664393939663730373230663338343030336232333163336365393138343532
|
||||||
66326231363337323666386263373438656630346336663239643030386434636264666634393631
|
31313732306430626537363866653065383561316262353434346137616362626638363136346639
|
||||||
39313364333761343532346165396365306463393037643935666363323630326664616638313338
|
66623231393835623063343637613531626161346638326637663237383562663231306464306463
|
||||||
39396336653738353333343835363861643166376565346463303135376439336134666235623230
|
35613763346135343839383234646134313939346139653031666463613032663036663662663361
|
||||||
32363031303732666133386164313437366164326539373564623236356432303132633436323563
|
39636461663864623432386330623939323361653934303266626466333365336533353566633036
|
||||||
36323634373538376133613736633133356638323861636434646465643432636366376138636232
|
30393836333061633939613865373166306263643461663336353335646632616232663135356362
|
||||||
63633830613462613831313938326339343632393038376639623131366364623536353338363439
|
63346664666639353166316661336563383835616364366131356264353362323137623536356138
|
||||||
32613331623863336165636364616634303264356630303665383638663737343836663831363263
|
64353135346333343234396433353234303365633535333731393264656434336232373934323731
|
||||||
63366562393734323030306436346534626530656465396535323835316139633562363830373437
|
65653435663931363333623432316136386665646334346636373335613833353034376335393131
|
||||||
63626530326530383538623165356532303862353763326432373966626436303465373431373762
|
62636634626666313431323064636262623061343539353431396262643036666132333338626637
|
||||||
38613539623164353732623636376630643465343839666531306438326633343362306665366132
|
37393538343361613832306163373065663661393439386163326238656461383237313331383163
|
||||||
39396537366266353864656232616334336130333337306463313932393832653661343036396261
|
62336634333139303165613964306663373931613364613263356634633134626632643564653937
|
||||||
64613461633433356334623631643861303133383963336635623138326139613564343838366565
|
32303139623164313731303830656333383731623634313566656362666236326634616466313762
|
||||||
36343130353462333162313736636139306233366466626231306561626335396262663531333839
|
61376238326561333562373430323364613332306265643262653332353362636563303835356434
|
||||||
61336437343137356335633764373730306466326133356331333530353537616661373062656438
|
39653237363339643830373732663339616236646135353865333465623066336261666433666433
|
||||||
35356235666464656466323937353837623535643937383866666133383633396563333338633034
|
30333435353436613935343266623863623262623737666233363464653364316634373563353138
|
||||||
38366531613164363966323137646237393135383164643230663331306335636432656565633636
|
66616162663436393636376434306366376638366561323761666533373239353630623863646439
|
||||||
34343031633632346533353666353034666266666561346464306665386634313263323333653330
|
30393838383432396636356330666636643638616262386661363766313434303230376135396132
|
||||||
66323033393531343633356466613837346164393332613037636465343230623731616361336338
|
61363061656538373336383463616665626565343630613235303932316165343930633163303039
|
||||||
61373332373636646435353734386366613334323161626437396232613534613330613532323534
|
32306663353337623335326265316463646439343063366338666237323130343665633434343130
|
||||||
65653065386432313733663165616333663666363733623162306536303833663136353334656466
|
65323739313336656266646163356331643238336339303133353430393164316135616238333463
|
||||||
64353931363838613761663561666639373865393438396565626661343934353662363834636535
|
37633736303039653132623961386339636530343130663333663639343764343233313362313366
|
||||||
65363664393433313036383438643864663339626331343230343337316437336634636363303563
|
63656363346363633564313764383938373861336435646265613065616639333630333532303761
|
||||||
35373539383535353235633730386232363539616632336566376264393832383637663330613133
|
37373466346235356166623432333333653236383531623036626363346263613439636131646664
|
||||||
37643261363966633138373935333438393536373938383265373261363232343030373539366335
|
66353165613466616664653534313235633765323566313865383532303062623335353462393364
|
||||||
61633162663137643061363366653135323639363838626266386262666133306461333432313738
|
64376466356362306565663535363162663339643662323837626135313161346363313862353366
|
||||||
30313332626166303630363839396663396564633961383863326663356230343938643833303933
|
38666635373131653263643964326265626431663539653731376363323064616363643036386565
|
||||||
34333032353935323565346633363537656639613663356130383264373739636231363364613066
|
61383263616664353535643862646366613561653731316239643935653462356363383162623463
|
||||||
36653664346434393933383337313630623131396461343930383537633536643365306564396665
|
37623562616563653931663762376235333939356336633739323334336637633231323631643366
|
||||||
31353861643335353538623838393335326364393738376239623431306231363739656438626265
|
61613537633135366164636666613263613731316539666365303035626166623133373865303939
|
||||||
37666532336661306262303761616238666239623265663231386165353437366631376234343035
|
61353632623465386536616364303863386166623162303830646632613362663832353365643366
|
||||||
33393037316563373534373765616238616639303031346430623561663430393536303163613338
|
61346161363732646135623235316365313161323531343435323865303733343736313030323530
|
||||||
65353062336164626335376235656235343637366438353334356436653266333062663838316263
|
39646239626234656334626331393532656436346130643135656462353966393733363132666638
|
||||||
32623732306462356162623437393035626433336631643833626463656634366332613936346465
|
61346261323264363262316231303932393535306134323361633934353938333330666339376332
|
||||||
34653331363133373635633330363564333264623566613432383439396537343963653239336265
|
36623838623933643839303039326136376634333936303066306231626337353637336165373136
|
||||||
33326132663434363065646265646130333935303662623037363938313464366564323734333437
|
65336233393538663634653962323633626461306430393434393536333262666132333936313039
|
||||||
36336335303738643634653164306332636130316161393335656536386131396662616366383139
|
30363737323965616463353534393930643330643730316262313264616431633339646333373765
|
||||||
36663863343736666665363337663537326330323437346565346465326231366563643136366365
|
61623237623231313863353261633830363562633838663534343764663038666231313435663936
|
||||||
37636361343961326261336437616266373962643765346438333766306537303137353764396330
|
66643532306231363766323538653534356135393631363031326462336337376138316366613565
|
||||||
39626635373631353635313935363834363730386132376363663462653330623130663266373432
|
37353464383662383663306130336234323534346661633235643065313130303236313530323831
|
||||||
65343237326535613535386363396236336536366165306463643162346638623638373433646163
|
35633761343161396361653430313266353264373433616435393065366232313865306131373433
|
||||||
62613935363636353639623839396231393838303135346536383037353636613563323234626131
|
37633666396135656233343330666332666432333464346566646161373966623266363230633137
|
||||||
64373666303436393861373164376564646235366131343433623733663832653039393738343537
|
36663366306334313762333661306462386333656335653161396266393238313366613339313861
|
||||||
65323534343464613230346532623966616462353532373064623566626563336464326336393364
|
30663566663633323733343531346430313266336663356437383038623936316238343263316362
|
||||||
39626237646431313135323036303065343138616632343237396136366332636132303037376132
|
62363336626564333138356463316336336139303131353835623238343836356436306461616463
|
||||||
33623031623635653162616265316366663262373666636638386130643336383130643232643662
|
34353539626535663735663130643962323630386138383130313932303534346236643437336664
|
||||||
34326663343562613962343033396332303261636230353331313730336630633461333736626333
|
65656232653065323462356631363363313530363164366630303031383231343438346264666161
|
||||||
66636430643330383032646634396133626339623036333963396662313234623466366634636334
|
39633466353632666564623138353565356633396532373562393631343834346566386435343232
|
||||||
33373762386662613966353664346239666133656435353365653536356331613632666132376264
|
30386336333064393739626332633135346266373630363834636466346338386531666439366130
|
||||||
62613433366633663065306166396166633836306139376533396165393966323465303638373563
|
35623737353664666366373366333438613939353761386138636461313433663236663338346431
|
||||||
63326330323161303065643365343363313338326238363137663139613463613434643834613662
|
34663938663233376631333432663335663238303762626463366430656635333332343230383965
|
||||||
64663365633965653363633165653038333335333232633434323037643936646561376431626230
|
32326435346537343964643165383438323861386138633037333738393536633336393333626663
|
||||||
66356138373136366134373533386634373061666330663364376336383433306331386162393633
|
61303932616531386233666365653736323934646633626431626630633262376333356530386331
|
||||||
33636330643531396464313736363061303466393861613730323563626363643731333633366532
|
62366666353935313762346333663739373134373339383131653132656635346233343162366238
|
||||||
64646130636234653566346533323962353332653335336239353630633535623935396638663366
|
65313034396532623439616665613737386461626131653437303837636166636130303234633131
|
||||||
37383661343636613261623833653032373764653164346634663431653664636233323734666166
|
36333238393031646238396339346362333261393634626436343239633465623831323031613131
|
||||||
36373664306566663930353338366431623563396166356638626166333165623263636336613138
|
39613336306337346337633835326433653433633439333635376231333562313462646166313237
|
||||||
34343936393964666564306637346561393538383137663162663630336462656663316338376236
|
64336536363130346161373133326334363762303366383862373836613631663861393364316631
|
||||||
63633666333263663734353861633164653132663334306664643133663736663766626639393236
|
64346134373132313861653833386230363333343333666663653964336362356235396637346535
|
||||||
32653430333163313363343731666135656662363838366132383732346130313130363365656263
|
36316235663136303663663439623939383536306562346236623830363162336164333532313961
|
||||||
32643533393163376264653632663262353966306630333064313932616262323134326361633764
|
31633761326562633538316337313464373763663464663063613035373063623031663865326662
|
||||||
63383837303936616434616630653833653833623263623532306363373836323431393335623530
|
37353031336663393762313539626339663638666263336637653862303665656632646333363332
|
||||||
34316562343035326265333164643163356230643639373431326431303538346363376332373434
|
31656161313739366638343332356463363031623564376265333036633662666531313164383963
|
||||||
31313666313663343363353130306561646136393732663164393232636330663635346434343134
|
64353532373230333637383937626433623531353637323666626234636637373765623233376138
|
||||||
33663138663336636430373763396435323138373633666438623234363631336232366635366532
|
37383632643134626437323337643639386465393634643434386233343062393862363231613934
|
||||||
62616239663934653462656163326134303261376635323864633435383666363065656665303538
|
33366132383061333832346136626336366235613431373435306561356438616364373138633539
|
||||||
62626538343638366236646136363232373437336630383739656438636465326531646664366462
|
36323033303736633562363137373164663032346430623561353761316637353463613832393333
|
||||||
36353663626634386538336239623734323234393463313034303837363164363263623065613061
|
62306132356465366135373563373038306335646338346263653137306233353662313834626635
|
||||||
38333162646232366339333662313965663336613238386530393162346266636532353433656136
|
35636433363036626539303463653762326139396533306236636636336535353061343235303962
|
||||||
66326436323836376432313238613165373565643233333435393361636637653361616435393438
|
35363431666335393730663433316435666562663462356532376232376665363337303262303839
|
||||||
32383763393561343734643438346635613663393736613839623263663866336165343235663933
|
32656238363264626464383261313534356233393939323865663561316138666639386237646165
|
||||||
66623137616561313462653631613830363666653635336534643935373739353138363934656134
|
32666261653465333130333635336532366666623739666663303565353234663833386632653538
|
||||||
35663063396162623432373534333463376231666466393963336231653939326663396336383735
|
66643338306662363634306331633737393834383264393361633139663163316262316534653861
|
||||||
34633763336163313432616163313638623963306666643432306661393632346339373963633265
|
35376631396361333239633930616133656130326166643366636338306462303839376264376634
|
||||||
32303862643661376433356661383335313365306534663534396638313531373538326236636363
|
37323263643137326535383565633930623464386131613236306363336662383731636465373463
|
||||||
37626138333437393363323261336663653163643565303063313231346131376261653763356631
|
39376165323031633739313135656565313163656564376634666464353766373361316464376164
|
||||||
62306262336337366134626632333663363139393131306666303235303761623665356431646234
|
62323066363566303338363739653862613337386663366462653365376235303437306264656363
|
||||||
33666461663035303066353137623762653565353533613435663839396238336337333463636465
|
32343435613232613865663732613963303765633536373330366633393933643764636564316135
|
||||||
38353135356634626137376232613330393235383432356436393030313564306537616363383136
|
32313230396430363739363735623264376363383565393863323766353937333661326264313665
|
||||||
66356463373138313661373565326565343066643133633630313031303132313031663739316631
|
32343063353335613236393231333761653835343530333734373631343838386465393131656663
|
||||||
66666631386163313034306532393862393930653931363235396662366262636466363464396466
|
35373631356666663032633734333562613862383864303262653063356436663261633964343931
|
||||||
61303962303066633764393831396632626233343633313061323838623134373036393164633139
|
62366661656536626137396432343038343935363130623266383061363664383531613064613432
|
||||||
30303861636335636131376334376239636235653233323435623262366132663934613661333135
|
39623738376634646636663332346364623834303736613231313863636537643063346332623864
|
||||||
61386136326435363337316363666330363431613135663661303438383664663930656564373730
|
34303539633434643137326537623663353630396137326666616231323239323231343635656138
|
||||||
32373731393666333364633835646431646662313232383136616238303264383438663766356462
|
37626230636337363564303666616233383936323335383234626134346339396562336561356530
|
||||||
32346664376430663934626661663039656461383738626265346162393861346163656161323333
|
64373635326563366132376539646331383239626131366230373461626532353065386131343631
|
||||||
39323666643031376530303230626166613233383731363766373634623430633635303963313466
|
31343733343863343339616361623636643936653131363762343966323233323430616633626133
|
||||||
34646331363539636133373134353535356265393265393635323532323134643034343663636362
|
35313539653939363033313736316331336562373162333035313837643832393633333136343363
|
||||||
38633261613433393634396234396265623063346138363133646532366638306632396464646432
|
32303731326335393833633063643533303161623262366433623938393165366265633034353337
|
||||||
61373961383438386535336131393633303430346162613738343839653038303035303033626535
|
35383864396164623963626333396335356431383662356261303137343565633863376233616664
|
||||||
37343030623530333332306265373539633735616634663666356437303862636338363866613861
|
36373432333432373265613837633831306266323330616532396236643463333231326165343035
|
||||||
38346130336338373865343866306665616530313938616366346131376262346135323537663137
|
35363965306133636539626436343437366462626632633931666236373864303465663239396330
|
||||||
39383366313766666234323234363937623264353532323033363966313135653163343036666262
|
63613434306362303338343937396566356163653338343463393435336165336137336665383461
|
||||||
34393832613034383239393930383063336131356364303231323966303633333331633666373764
|
35393332613038336264663233383233333731633432386133326361303436663963383833306564
|
||||||
65383137333965663234663933303231356165376233326233303035316536666563656363343933
|
32646635646535313366386534313461383037373761333030396166346330353134363330373364
|
||||||
36633039666432643135636331353932633164633964623661373739633665313433306561303637
|
33666632323036363739313362333333363030336330306236383438636336663939353063643363
|
||||||
62373534346562363132643063643732343462653838393635343266626535353864656437313434
|
31616566313934353133363234653563303036383863356665393338363361343532313738616333
|
||||||
34376538303965616539626534613431623834376337643936613137323031323139393762636463
|
32643661316362326265343161623639626165313534346162306435303464363564323265323065
|
||||||
66346664666361623636666533663037613434353135393862376633636233656330366136646434
|
61663632393839383464626135356331666664373563363434323437323564383830393034363639
|
||||||
30653735323961383130393763333630306131376430363436623238646632363462383739653636
|
32343037653736636333336338636537363666323633333735383736633735306362633131343234
|
||||||
37346566663039383866323639633565366338353438386461616239313639343766333661346435
|
6262643530656461613363616637623037393230303130316338
|
||||||
33316538366463383733346663316564656566656165396465393461363061613239666165346661
|
|
||||||
62346639623163363762366431313831663135643062336363323336303737393437653863303665
|
|
||||||
36643466336566336236353166333063633830646461626262333937316162353365353130353535
|
|
||||||
30383164363532363532306364393236303537383139643431393962333063633162313033613561
|
|
||||||
32323434336364343061386666616639336566373461633462393130336461303531353436623065
|
|
||||||
65663430623066336533373662306566396263376562343936666166626666323964373334613835
|
|
||||||
64633535303365643564626562643562636363363834353865353765356665643965663861366436
|
|
||||||
63333736613232353130616466316637613966646139323565356537666331666564623832333439
|
|
||||||
36376131663431616430616265323039646432393166613631313762613264313765323231663961
|
|
||||||
65616636306362386534626130636261636566626365643630616135323634343935653033653433
|
|
||||||
3061
|
|
||||||
|
|
27
host_vars/infra-1.router.auro.re.yml
Normal file
27
host_vars/infra-1.router.auro.re.yml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
network:
|
||||||
|
vlan111:
|
||||||
|
mac_addr: 96:5a:21:48:4a:e5
|
||||||
|
vlan128:
|
||||||
|
mac_addr: 9e:9a:f3:37:a6:2e
|
||||||
|
vlan129:
|
||||||
|
mac_addr: 46:dd:ed:55:70:2f
|
||||||
|
ipv4_addrs:
|
||||||
|
- 10.129.0.245/16
|
||||||
|
ipv6_addrs:
|
||||||
|
- 2a09:6840:129:0:245::/48
|
||||||
|
vlan130:
|
||||||
|
mac_addr: 8a:ad:f7:04:82:2e
|
||||||
|
vlan131:
|
||||||
|
mac_addr: 16:6d:4f:53:fc:28
|
||||||
|
vlan133:
|
||||||
|
mac_addr: 12:ad:28:d5:31:fa
|
||||||
|
vlan134:
|
||||||
|
mac_addr: 0e:54:e9:97:c0:5b
|
||||||
|
vlan135:
|
||||||
|
mac_addr: ea:f6:32:c3:8b:2c
|
||||||
|
ipv4_addrs:
|
||||||
|
- 10.135.0.1/16
|
||||||
|
ipv6_addrs:
|
||||||
|
- 2a09:6840:135:0:1::/48
|
||||||
|
...
|
27
host_vars/infra-2.router.auro.re.yml
Normal file
27
host_vars/infra-2.router.auro.re.yml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
network:
|
||||||
|
vlan111:
|
||||||
|
mac_addr: 02:ec:c1:23:5d:a3
|
||||||
|
vlan128:
|
||||||
|
mac_addr: a2:24:08:dc:b6:cc
|
||||||
|
vlan129:
|
||||||
|
mac_addr: 92:29:ba:00:26:e2
|
||||||
|
ipv4_addrs:
|
||||||
|
- 10.129.0.246/16
|
||||||
|
ipv6_addrs:
|
||||||
|
- 2a09:6840:129:0:246::/48
|
||||||
|
vlan130:
|
||||||
|
mac_addr: 4a:b6:84:e1:8e:4a
|
||||||
|
vlan131:
|
||||||
|
mac_addr: ca:10:8d:cc:87:9d
|
||||||
|
vlan133:
|
||||||
|
mac_addr: 1e:08:7c:41:1a:bd
|
||||||
|
vlan134:
|
||||||
|
mac_addr: 2e:5f:f9:55:07:d2
|
||||||
|
vlan135:
|
||||||
|
mac_addr: 6e:f2:b5:05:fc:c3
|
||||||
|
ipv4_addrs:
|
||||||
|
- 10.135.0.2/16
|
||||||
|
ipv6_addrs:
|
||||||
|
- 2a09:6840:135:0:2::/48
|
||||||
|
...
|
|
@ -13,8 +13,6 @@ loc_reverseproxy:
|
||||||
to: auro.re
|
to: auro.re
|
||||||
- from: 92.222.211.195
|
- from: 92.222.211.195
|
||||||
to: auro.re
|
to: auro.re
|
||||||
- from: codimd.auro.re
|
|
||||||
to: hedgedoc.auro.re
|
|
||||||
|
|
||||||
reverseproxy_sites:
|
reverseproxy_sites:
|
||||||
- from: phabricator.auro.re
|
- from: phabricator.auro.re
|
||||||
|
@ -29,9 +27,6 @@ loc_reverseproxy:
|
||||||
- from: passbolt.auro.re
|
- from: passbolt.auro.re
|
||||||
to: 10.128.0.53
|
to: 10.128.0.53
|
||||||
|
|
||||||
- from: auth.auro.re
|
|
||||||
to: 10.128.0.150:8089
|
|
||||||
|
|
||||||
- from: riot.auro.re
|
- from: riot.auro.re
|
||||||
to: "10.128.0.150:8080"
|
to: "10.128.0.150:8080"
|
||||||
- from: element.auro.re
|
- from: element.auro.re
|
||||||
|
@ -39,6 +34,8 @@ loc_reverseproxy:
|
||||||
- from: chat.auro.re
|
- from: chat.auro.re
|
||||||
to: "10.128.0.150:8080"
|
to: "10.128.0.150:8080"
|
||||||
|
|
||||||
|
- from: codimd.auro.re
|
||||||
|
to: "10.128.0.150:8081"
|
||||||
- from: hedgedoc.auro.re
|
- from: hedgedoc.auro.re
|
||||||
to: "10.128.0.150:8081"
|
to: "10.128.0.150:8081"
|
||||||
|
|
||||||
|
@ -59,8 +56,6 @@ loc_reverseproxy:
|
||||||
|
|
||||||
- from: cas.auro.re
|
- from: cas.auro.re
|
||||||
to: "10.128.0.150:8085"
|
to: "10.128.0.150:8085"
|
||||||
- from: rss.auro.re
|
|
||||||
to: 10.128.0.150:8090
|
|
||||||
- from: status.auro.re
|
- from: status.auro.re
|
||||||
to: "10.128.0.150:8086"
|
to: "10.128.0.150:8086"
|
||||||
- from: "kanboard.auro.re"
|
- from: "kanboard.auro.re"
|
||||||
|
|
9
hosts
9
hosts
|
@ -42,9 +42,6 @@ litl.adm.auro.re
|
||||||
log.adm.auro.re
|
log.adm.auro.re
|
||||||
netbox.adm.auro.re
|
netbox.adm.auro.re
|
||||||
grafana.adm.auro.re
|
grafana.adm.auro.re
|
||||||
dolibarr.adm.auro.re
|
|
||||||
infra-1.router.auro.re ansible_host=10.129.0.245
|
|
||||||
infra-2.router.auro.re ansible_host=10.129.0.246
|
|
||||||
|
|
||||||
[aurore_testing_vm]
|
[aurore_testing_vm]
|
||||||
|
|
||||||
|
@ -89,15 +86,9 @@ dhcp-fleming.adm.auro.re
|
||||||
dhcp-fleming-backup.adm.auro.re
|
dhcp-fleming-backup.adm.auro.re
|
||||||
dns-fleming.adm.auro.re
|
dns-fleming.adm.auro.re
|
||||||
dns-fleming-backup.adm.auro.re
|
dns-fleming-backup.adm.auro.re
|
||||||
ntp-1.int.infra.auro.re
|
|
||||||
prometheus-fleming.adm.auro.re
|
prometheus-fleming.adm.auro.re
|
||||||
#prometheus-fleming-fo.adm.auro.re
|
#prometheus-fleming-fo.adm.auro.re
|
||||||
radius-fleming.adm.auro.re
|
radius-fleming.adm.auro.re
|
||||||
dns-1.int.infra.auro.re
|
|
||||||
isp-1.rtr.infra.auro.re
|
|
||||||
isp-2.rtr.infra.auro.re
|
|
||||||
dhcp-1.isp.auro.re
|
|
||||||
dhcp-2.isp.auro.re
|
|
||||||
radius-fleming-backup.adm.auro.re
|
radius-fleming-backup.adm.auro.re
|
||||||
unifi-fleming.adm.auro.re
|
unifi-fleming.adm.auro.re
|
||||||
routeur-fleming.adm.auro.re
|
routeur-fleming.adm.auro.re
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts:
|
|
||||||
- ntp-1.int.infra.auro.re
|
|
||||||
vars:
|
|
||||||
chronyd__allow_networks:
|
|
||||||
- 10.128.0.0/16
|
|
||||||
- 2a09:6840:128::/48
|
|
||||||
chronyd__pools:
|
|
||||||
- 0.pool.ntp.org
|
|
||||||
- 1.pool.ntp.org
|
|
||||||
- 2.pool.ntp.org
|
|
||||||
- 3.pool.ntp.org
|
|
||||||
chronyd__local_stratum: 10
|
|
||||||
roles:
|
|
||||||
- chronyd
|
|
||||||
|
|
||||||
- hosts:
|
|
||||||
- all
|
|
||||||
- "!ntp-1.int.infra.auro.re"
|
|
||||||
- "!unifi"
|
|
||||||
vars:
|
|
||||||
chronyd__pools:
|
|
||||||
- ntp-1.int.infra.auro.re
|
|
||||||
roles:
|
|
||||||
- chronyd
|
|
||||||
...
|
|
|
@ -1,213 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts:
|
|
||||||
- ntp-1.int.infra.auro.re
|
|
||||||
- dns-1.int.infra.auro.re
|
|
||||||
- dhcp-1.isp.auro.re
|
|
||||||
- dhcp-2.isp.auro.re
|
|
||||||
- isp-1.rtr.infra.auro.re
|
|
||||||
- isp-2.rtr.infra.auro.re
|
|
||||||
vars:
|
|
||||||
# TODO: netbox
|
|
||||||
ifupdown2__hosts:
|
|
||||||
ntp-1.int.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::203/56
|
|
||||||
- 10.128.0.203/16
|
|
||||||
dns-1.int.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::127/56
|
|
||||||
- 10.128.0.127/16
|
|
||||||
dhcp-1.isp.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::204/56
|
|
||||||
- 10.128.0.204/16
|
|
||||||
ens19: null
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
client-0:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.2/27
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-1:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.34/27
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-2:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.66/27
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-3:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.98/27
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-4:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.130/27
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
dhcp-2.isp.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::91/56
|
|
||||||
- 10.128.0.91/16
|
|
||||||
ens19: null
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
client-0:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.3/27
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-1:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.35/27
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-2:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.67/27
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-3:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.99/27
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-4:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.131/27
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
isp-1.rtr.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::255/56
|
|
||||||
- 10.128.0.255/16
|
|
||||||
ens19: null
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
bridge_disable_pvid: true
|
|
||||||
forward: true
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-0:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-1:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-2:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-3:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-4:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
isp-2.rtr.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::158/56
|
|
||||||
- 10.128.0.158/16
|
|
||||||
ens19: null
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
client-0:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-1:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-2:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-3:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-4:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
|
|
||||||
roles:
|
|
||||||
- ifupdown2
|
|
||||||
|
|
||||||
- hosts:
|
|
||||||
- ntp-1.int.infra.auro.re
|
|
||||||
- dns-1.int.infra.auro.re
|
|
||||||
- dhcp-1.isp.auro.re
|
|
||||||
- dhcp-2.isp.auro.re
|
|
||||||
- isp-1.rtr.infra.auro.re
|
|
||||||
- isp-2.rtr.infra.auro.re
|
|
||||||
vars:
|
|
||||||
resolvconf__nameservers:
|
|
||||||
- 2a09:6840:128::127
|
|
||||||
- 10.128.0.127
|
|
||||||
resolvconf__domain: auro.re
|
|
||||||
resolvconf__search:
|
|
||||||
- "{{ inventory_hostname | remove_domain_suffix }}"
|
|
||||||
- auro.re
|
|
||||||
roles:
|
|
||||||
- resolvconf
|
|
||||||
...
|
|
|
@ -1,32 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts:
|
|
||||||
- isp-1.rtr.infra.auro.re
|
|
||||||
- isp-2.rtr.infra.auro.re
|
|
||||||
vars:
|
|
||||||
keepalived__virtual_router_id: 80
|
|
||||||
keepalived__interface: ens18
|
|
||||||
keepalived__virtual_addresses:
|
|
||||||
client-0:
|
|
||||||
- 100.64.0.1/27
|
|
||||||
- 2a09:6841::/56
|
|
||||||
- fe80::1/10
|
|
||||||
client-1:
|
|
||||||
- 100.64.0.33/27
|
|
||||||
- 2a09:6841:0:100::/56
|
|
||||||
- fe80::1/10
|
|
||||||
client-2:
|
|
||||||
- 100.64.0.65/27
|
|
||||||
- 2a09:6841:0:100::/56
|
|
||||||
- fe80::1/10
|
|
||||||
client-3:
|
|
||||||
- 100.64.0.97/27
|
|
||||||
- 2a09:6841:0:200::/56
|
|
||||||
- fe80::1/10
|
|
||||||
client-4:
|
|
||||||
- 100.64.0.129/27
|
|
||||||
- 2a09:6841:0:300::/56
|
|
||||||
- fe80::1/10
|
|
||||||
roles:
|
|
||||||
- keepalived
|
|
||||||
...
|
|
|
@ -30,14 +30,6 @@
|
||||||
user: grafana
|
user: grafana
|
||||||
net: 10.128.0.98/32
|
net: 10.128.0.98/32
|
||||||
method: md5
|
method: md5
|
||||||
- database: dolibarr
|
|
||||||
user: dolibarr
|
|
||||||
net: 10.128.0.236/32
|
|
||||||
method: md5
|
|
||||||
- database: rt5
|
|
||||||
user: rt5
|
|
||||||
net: 10.128.0.123/32
|
|
||||||
method: md5
|
|
||||||
databases:
|
databases:
|
||||||
- nextcloud
|
- nextcloud
|
||||||
- gitea
|
- gitea
|
||||||
|
@ -45,8 +37,6 @@
|
||||||
- drone
|
- drone
|
||||||
- netbox
|
- netbox
|
||||||
- grafana
|
- grafana
|
||||||
- dolibarr
|
|
||||||
- rt5
|
|
||||||
users:
|
users:
|
||||||
- name: nextcloud
|
- name: nextcloud
|
||||||
database: nextcloud
|
database: nextcloud
|
||||||
|
@ -78,16 +68,6 @@
|
||||||
password: "{{ vault_postgresql_grafana_passwd }}"
|
password: "{{ vault_postgresql_grafana_passwd }}"
|
||||||
privs:
|
privs:
|
||||||
- ALL
|
- ALL
|
||||||
- name: dolibarr
|
|
||||||
database: dolibarr
|
|
||||||
password: "{{ vault_postgresql_dolibarr_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: rt5
|
|
||||||
database: rt5
|
|
||||||
password: "{{ vault_postgresql_rt5_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
update_motd:
|
update_motd:
|
||||||
postgresql: PostgreSQL est déployé.
|
postgresql: PostgreSQL est déployé.
|
||||||
roles:
|
roles:
|
||||||
|
@ -120,17 +100,12 @@
|
||||||
user: cas
|
user: cas
|
||||||
net: 10.128.0.150/32
|
net: 10.128.0.150/32
|
||||||
method: md5
|
method: md5
|
||||||
- database: appservice-discord
|
|
||||||
user: appservice-discord
|
|
||||||
net: 10.128.0.150/32
|
|
||||||
method: md5
|
|
||||||
databases:
|
databases:
|
||||||
- synapse
|
- synapse
|
||||||
- codimd
|
- codimd
|
||||||
- etherpad
|
- etherpad
|
||||||
- kanboard
|
- kanboard
|
||||||
- cas
|
- cas
|
||||||
- appservice-discord
|
|
||||||
users:
|
users:
|
||||||
- name: synapse
|
- name: synapse
|
||||||
database: synapse
|
database: synapse
|
||||||
|
@ -157,11 +132,6 @@
|
||||||
password: "{{ vault_postgresql_cas_passwd }}"
|
password: "{{ vault_postgresql_cas_passwd }}"
|
||||||
privs:
|
privs:
|
||||||
- ALL
|
- ALL
|
||||||
- name: appservice-discord
|
|
||||||
database: appservice-discord
|
|
||||||
password: "{{ vault_postgresql_appservice_discord_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
update_motd:
|
update_motd:
|
||||||
postgresql: PostgreSQL est déployé.
|
postgresql: PostgreSQL est déployé.
|
||||||
roles:
|
roles:
|
||||||
|
|
|
@ -1,23 +1,185 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
# Deploy firewall and keepalived
|
- hosts:
|
||||||
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
|
- infra-1.router.auro.re
|
||||||
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
|
- infra-2.router.auro.re
|
||||||
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
|
|
||||||
vars:
|
vars:
|
||||||
update_motd:
|
networkd_interfaces:
|
||||||
unbound: Le routage (avec radvd) est déployé.
|
vlan111:
|
||||||
|
mac_addr: "{{ network.vlan111.mac_addr }}"
|
||||||
|
link_local: false
|
||||||
|
forward: true
|
||||||
|
vlan128:
|
||||||
|
mac_addr: "{{ network.vlan128.mac_addr }}"
|
||||||
|
link_local: false
|
||||||
|
forward: true
|
||||||
|
vlan129:
|
||||||
|
mac_addr: "{{ network.vlan129.mac_addr }}"
|
||||||
|
ip_addrs: "{{ network.vlan129.ipv4_addrs
|
||||||
|
+ network.vlan129.ipv6_addrs }}"
|
||||||
|
forward: true
|
||||||
|
vlan130:
|
||||||
|
mac_addr: "{{ network.vlan130.mac_addr }}"
|
||||||
|
link_local: false
|
||||||
|
forward: true
|
||||||
|
vlan131:
|
||||||
|
mac_addr: "{{ network.vlan131.mac_addr }}"
|
||||||
|
link_local: false
|
||||||
|
forward: true
|
||||||
|
vlan133:
|
||||||
|
mac_addr: "{{ network.vlan133.mac_addr }}"
|
||||||
|
link_local: false
|
||||||
|
forward: true
|
||||||
|
vlan134:
|
||||||
|
mac_addr: "{{ network.vlan134.mac_addr }}"
|
||||||
|
link_local: false
|
||||||
|
forward: true
|
||||||
|
vlan135:
|
||||||
|
mac_addr: "{{ network.vlan135.mac_addr }}"
|
||||||
|
ip_addrs: "{{ network.vlan135.ipv4_addrs
|
||||||
|
+ network.vlan135.ipv6_addrs }}"
|
||||||
|
forward: true
|
||||||
roles:
|
roles:
|
||||||
- router
|
- systemd_networkd
|
||||||
- radvd
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
# No radvd here
|
- hosts:
|
||||||
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
- infra-1.router.auro.re
|
||||||
|
- infra-2.router.auro.re
|
||||||
vars:
|
vars:
|
||||||
update_motd:
|
bird_router_id: "{{ network.vlan129.ipv4_addrs[0] | ipaddr('address') }}"
|
||||||
unbound: Le routage (avec DHCPv6) est déployé.
|
bird_ospf_src: "{{ network.vlan135.ipv4_addrs[0] | ipaddr('address') }}"
|
||||||
|
bird_ospf_src_v6: "{{ network.vlan135.ipv6_addrs[0] | ipaddr('address') }}"
|
||||||
|
bird_ospf_interfaces:
|
||||||
|
vlan111:
|
||||||
|
stub: true
|
||||||
|
vlan128:
|
||||||
|
stub: true
|
||||||
|
vlan129:
|
||||||
|
broadcast: true
|
||||||
|
vlan130:
|
||||||
|
stub: true
|
||||||
|
vlan131:
|
||||||
|
stub: true
|
||||||
|
vlan133:
|
||||||
|
stub: true
|
||||||
|
vlan134:
|
||||||
|
stub: true
|
||||||
roles:
|
roles:
|
||||||
- router
|
- bird
|
||||||
- ipv6_edge_router
|
|
||||||
- update_motd
|
- hosts:
|
||||||
|
- infra-1.router.auro.re
|
||||||
|
- infra-2.router.auro.re
|
||||||
|
vars:
|
||||||
|
keepalived_notify_master: "/usr/local/sbin/conntrackd_vrrp primary"
|
||||||
|
keepalived_notify_backup: "/usr/local/sbin/conntrackd_vrrp backup"
|
||||||
|
keepalived_notify_fault: "/usr/local/sbin/conntrackd_vrrp fault"
|
||||||
|
keepalived_virtual_router_id: 42
|
||||||
|
keepalived_interface: vlan129
|
||||||
|
keepalived_virtual_ipv4_addrs:
|
||||||
|
vlan111:
|
||||||
|
- 45.66.111.10/24 # 45.66.111.1/24
|
||||||
|
vlan128:
|
||||||
|
- 10.128.0.16/16 # 10.128.0.1/16
|
||||||
|
vlan130:
|
||||||
|
- 10.130.0.185/16 # 10.130.0.1/16
|
||||||
|
vlan131:
|
||||||
|
- 10.131.0.1/16
|
||||||
|
vlan133:
|
||||||
|
- 10.133.0.1/16
|
||||||
|
vlan134:
|
||||||
|
- 10.134.0.1/16
|
||||||
|
keepalived_virtual_ipv6_addrs:
|
||||||
|
vlan111:
|
||||||
|
- fe80::200:02ff:fe23:ae26/64
|
||||||
|
- 2a09:6840:111:0:10::/56 # 2a09:6840:111:0:1::/56
|
||||||
|
vlan128:
|
||||||
|
- fe80::200:02ff:fe9f:d67a/64
|
||||||
|
- 2a09:6840:128:0:16::/48 # 2a09:6840:128:0:1::/48
|
||||||
|
vlan130:
|
||||||
|
- fe80::200:02ff:fee2:9782/64
|
||||||
|
- 2a09:6840:130:0:185::/48 # 2a09:6840:130:0:1::/48
|
||||||
|
vlan131:
|
||||||
|
- fe80::200:02ff:fee2:9782/64
|
||||||
|
- 2a09:6840:131:0:1::/48
|
||||||
|
vlan133:
|
||||||
|
- fe80::200:02ff:fe8a:0cbc/64
|
||||||
|
- 2a09:6840:133:0:1::/48
|
||||||
|
vlan134:
|
||||||
|
- fe80::200:02ff:fe09:38f7/64
|
||||||
|
- 2a09:6840:134:0:1::/48
|
||||||
|
roles:
|
||||||
|
- keepalived
|
||||||
|
|
||||||
|
- hosts:
|
||||||
|
- infra-1.router.auro.re
|
||||||
|
vars:
|
||||||
|
conntrackd_ignore_addrs_ipv6:
|
||||||
|
- ::/128
|
||||||
|
- 2a09:6840:111:0:10::/64
|
||||||
|
- 2a09:6840:128:0:16::/64
|
||||||
|
- 2a09:6840:129:0:245::/64
|
||||||
|
- 2a09:6840:129:0:246::/64
|
||||||
|
- 2a09:6840:130:0:185::/64
|
||||||
|
- 2a09:6840:131:0:248::/64
|
||||||
|
- 2a09:6840:133:0:1::/64
|
||||||
|
- 2a09:6840:134:0:1::/64
|
||||||
|
- 2a09:6840:135:0:1::/64
|
||||||
|
- 2a09:6840:135:0:2::/64
|
||||||
|
conntrackd_ignore_addrs_ipv4:
|
||||||
|
- 127.0.0.1/8
|
||||||
|
- 45.66.111.10
|
||||||
|
- 10.128.0.16
|
||||||
|
- 10.129.0.245
|
||||||
|
- 10.129.0.246
|
||||||
|
- 10.130.0.185
|
||||||
|
- 10.131.0.248
|
||||||
|
- 10.133.0.1
|
||||||
|
- 10.134.0.1
|
||||||
|
- 10.135.0.1
|
||||||
|
- 10.135.0.2
|
||||||
|
conntrackd_udp_dest_ipv6: 10.129.0.246
|
||||||
|
conntrackd_udp_listen_ipv6: 10.129.0.245
|
||||||
|
conntrackd_udp_iface: vlan129
|
||||||
|
roles:
|
||||||
|
- conntrackd
|
||||||
|
|
||||||
|
- hosts:
|
||||||
|
- infra-2.router.auro.re
|
||||||
|
vars:
|
||||||
|
conntrackd_ignore_addrs_ipv6:
|
||||||
|
- ::/128
|
||||||
|
- 2a09:6840:111:0:10::/64
|
||||||
|
- 2a09:6840:128:0:16::/64
|
||||||
|
- 2a09:6840:129:0:245::/64
|
||||||
|
- 2a09:6840:129:0:246::/64
|
||||||
|
- 2a09:6840:130:0:185::/64
|
||||||
|
- 2a09:6840:131:0:248::/64
|
||||||
|
- 2a09:6840:133:0:1::/64
|
||||||
|
- 2a09:6840:134:0:1::/64
|
||||||
|
- 2a09:6840:135:0:1::/64
|
||||||
|
- 2a09:6840:135:0:2::/64
|
||||||
|
conntrackd_ignore_addrs_ipv4:
|
||||||
|
- 127.0.0.1/8
|
||||||
|
- 45.66.111.10
|
||||||
|
- 10.128.0.16
|
||||||
|
- 10.129.0.245
|
||||||
|
- 10.129.0.246
|
||||||
|
- 10.130.0.185
|
||||||
|
- 10.131.0.248
|
||||||
|
- 10.133.0.1
|
||||||
|
- 10.134.0.1
|
||||||
|
- 10.135.0.1
|
||||||
|
- 10.135.0.2
|
||||||
|
conntrackd_udp_dest_ipv6: 10.129.0.245
|
||||||
|
conntrackd_udp_listen_ipv6: 10.129.0.246
|
||||||
|
conntrackd_udp_iface: vlan129
|
||||||
|
roles:
|
||||||
|
- conntrackd
|
||||||
|
|
||||||
|
- hosts:
|
||||||
|
- infra-1.router.auro.re
|
||||||
|
- infra-2.router.auro.re
|
||||||
|
roles:
|
||||||
|
- nftables_infra
|
||||||
|
...
|
||||||
|
|
23
playbooks/router_old.yml
Executable file
23
playbooks/router_old.yml
Executable file
|
@ -0,0 +1,23 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Deploy firewall and keepalived
|
||||||
|
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
|
||||||
|
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
|
||||||
|
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
unbound: Le routage (avec radvd) est déployé.
|
||||||
|
roles:
|
||||||
|
- router
|
||||||
|
- radvd
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
# No radvd here
|
||||||
|
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
unbound: Le routage (avec DHCPv6) est déployé.
|
||||||
|
roles:
|
||||||
|
- router
|
||||||
|
- ipv6_edge_router
|
||||||
|
- update_motd
|
3
roles/bird/defaults/main.yml
Normal file
3
roles/bird/defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
bird_ospf_interfaces: {}
|
||||||
|
...
|
11
roles/bird/handlers/main.yml
Normal file
11
roles/bird/handlers/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
- name: Reload bird
|
||||||
|
systemd:
|
||||||
|
name: bird.service
|
||||||
|
state: reloaded
|
||||||
|
|
||||||
|
- name: Reload bird6
|
||||||
|
systemd:
|
||||||
|
name: bird6.service
|
||||||
|
state: reloaded
|
||||||
|
...
|
37
roles/bird/tasks/main.yml
Normal file
37
roles/bird/tasks/main.yml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
---
|
||||||
|
- name: Install bird
|
||||||
|
apt:
|
||||||
|
name: bird
|
||||||
|
|
||||||
|
- name: Configure bird
|
||||||
|
template:
|
||||||
|
src: bird.conf
|
||||||
|
dest: /etc/bird/bird.conf
|
||||||
|
owner: root
|
||||||
|
group: bird
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
notify:
|
||||||
|
- Reload bird
|
||||||
|
|
||||||
|
- name: Configure bird6
|
||||||
|
template:
|
||||||
|
src: bird6.conf
|
||||||
|
dest: /etc/bird/bird6.conf
|
||||||
|
owner: root
|
||||||
|
group: bird
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
notify:
|
||||||
|
- Reload bird6
|
||||||
|
|
||||||
|
- name: Enable and start bird
|
||||||
|
systemd:
|
||||||
|
name: bird.service
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Enable and start bird6
|
||||||
|
systemd:
|
||||||
|
name: bird6.service
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
...
|
37
roles/bird/templates/bird.conf
Normal file
37
roles/bird/templates/bird.conf
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
log syslog all;
|
||||||
|
|
||||||
|
router id {{ bird_router_id }};
|
||||||
|
|
||||||
|
protocol kernel {
|
||||||
|
scan time 60;
|
||||||
|
import none;
|
||||||
|
export all;
|
||||||
|
persist;
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol device {
|
||||||
|
scan time 60;
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol ospf backbone {
|
||||||
|
import filter {
|
||||||
|
{% if bird_ospf_src_v6 is defined %}
|
||||||
|
krt_prefsrc = {{ bird_ospf_src }};
|
||||||
|
{% endif %}
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
export all;
|
||||||
|
area 0 {
|
||||||
|
{% for name, iface in bird_ospf_interfaces.items() %}
|
||||||
|
interface "{{ name }}" {
|
||||||
|
{% if iface.stub | default(false) %}
|
||||||
|
stub;
|
||||||
|
{% elif iface.broadcast | default(false) %}
|
||||||
|
type broadcast;
|
||||||
|
{% endif %}
|
||||||
|
};
|
||||||
|
{% endfor %}
|
||||||
|
};
|
||||||
|
}
|
37
roles/bird/templates/bird6.conf
Normal file
37
roles/bird/templates/bird6.conf
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
log syslog all;
|
||||||
|
|
||||||
|
router id {{ bird_router_id }};
|
||||||
|
|
||||||
|
protocol kernel {
|
||||||
|
scan time 60;
|
||||||
|
import none;
|
||||||
|
export all;
|
||||||
|
persist;
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol device {
|
||||||
|
scan time 60;
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol ospf backbone {
|
||||||
|
import filter {
|
||||||
|
{% if bird_ospf_src_v6 is defined %}
|
||||||
|
krt_prefsrc = {{ bird_ospf_src_v6 }};
|
||||||
|
{% endif %}
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
export all;
|
||||||
|
area 0 {
|
||||||
|
{% for name, iface in bird_ospf_interfaces.items() %}
|
||||||
|
interface "{{ name }}" {
|
||||||
|
{% if iface.stub | default(false) %}
|
||||||
|
stub;
|
||||||
|
{% elif iface.broadcast | default(false) %}
|
||||||
|
type broadcast;
|
||||||
|
{% endif %}
|
||||||
|
};
|
||||||
|
{% endfor %}
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,11 +0,0 @@
|
||||||
---
|
|
||||||
chronyd__pools: []
|
|
||||||
chronyd__key_file: /etc/chrony/chrony.keys
|
|
||||||
chronyd__drift_file: /var/lib/chrony/chrony.drift
|
|
||||||
chronyd__nts_dump_dir: /var/lib/chrony
|
|
||||||
chronyd__log_dir: /var/log/chrony
|
|
||||||
chronyd__max_update_skew: 100.0
|
|
||||||
chronyd__rtcsync: true
|
|
||||||
chronyd__allow_networks: []
|
|
||||||
chronyd__log_change_seconds: 0.5
|
|
||||||
...
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
- name: Restart chronyd
|
|
||||||
systemd:
|
|
||||||
name: chrony.service
|
|
||||||
state: restarted
|
|
||||||
...
|
|
|
@ -1,32 +0,0 @@
|
||||||
---
|
|
||||||
- name: Uninstall ntp and sntp
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- sntp
|
|
||||||
- ntp
|
|
||||||
- systemd-timesyncd
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: Install chronyd
|
|
||||||
apt:
|
|
||||||
name: chrony
|
|
||||||
|
|
||||||
- name: Configure chronyd
|
|
||||||
template:
|
|
||||||
src: "{{ item }}.j2"
|
|
||||||
dest: "/etc/chrony/{{ item }}"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=rw,g=r,o=
|
|
||||||
loop:
|
|
||||||
- chrony.conf
|
|
||||||
- chrony.keys
|
|
||||||
notify:
|
|
||||||
- Restart chronyd
|
|
||||||
|
|
||||||
- name: Enable and start chronyd
|
|
||||||
systemd:
|
|
||||||
name: chrony.service
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
||||||
...
|
|
|
@ -1,30 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
{% for pool in chronyd__pools %}
|
|
||||||
pool {{ pool }} iburst
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
keyfile {{ chronyd__key_file }}
|
|
||||||
driftfile {{ chronyd__drift_file }}
|
|
||||||
ntsdumpdir {{ chronyd__nts_dump_dir }}
|
|
||||||
logdir {{ chronyd__log_dir }}
|
|
||||||
|
|
||||||
log tracking measurements statistics
|
|
||||||
|
|
||||||
maxupdateskew {{ chronyd__max_update_skew | float }}
|
|
||||||
|
|
||||||
{% if chronyd__rtcsync %}
|
|
||||||
rtcsync
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if chronyd__local_stratum is defined %}
|
|
||||||
local stratum {{ chronyd__local_stratum | int }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
logchange {{ chronyd__log_change_seconds | float }}
|
|
||||||
|
|
||||||
leapsectz right/UTC
|
|
||||||
|
|
||||||
{% for network in chronyd__allow_networks %}
|
|
||||||
allow {{ network | ipaddr }}
|
|
||||||
{% endfor %}
|
|
|
@ -1 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
13
roles/conntrackd/defaults/main.yml
Normal file
13
roles/conntrackd/defaults/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
conntrackd_hash_size: 8192
|
||||||
|
conntrackd_hash_limit: 65535
|
||||||
|
conntrackd_socket_buffer_size: 262142
|
||||||
|
conntrackd_socket_buffer_size_max: 655355
|
||||||
|
conntrackd_ignore_addrs_ipv6: []
|
||||||
|
conntrackd_ignore_addrs_ipv4: []
|
||||||
|
conntrackd_ftfw_commit_timeout: 1800
|
||||||
|
conntrackd_ftfw_purge_timeout: 5
|
||||||
|
conntrackd_udp_listen_port: 3780
|
||||||
|
conntrackd_udp_send_buffer: 1249280
|
||||||
|
conntrackd_udp_receive_buffer: 1249280
|
||||||
|
...
|
6
roles/conntrackd/handlers/main.yml
Normal file
6
roles/conntrackd/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: Restart conntrackd
|
||||||
|
systemd:
|
||||||
|
name: conntrackd
|
||||||
|
state: restarted
|
||||||
|
...
|
29
roles/conntrackd/tasks/main.yml
Normal file
29
roles/conntrackd/tasks/main.yml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
- name: Install conntrackd
|
||||||
|
apt:
|
||||||
|
name: conntrackd
|
||||||
|
|
||||||
|
- name: Configure conntrackd
|
||||||
|
template:
|
||||||
|
src: conntrackd.conf.j2
|
||||||
|
dest: /etc/conntrackd/conntrackd.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
notify:
|
||||||
|
- Restart conntrackd
|
||||||
|
|
||||||
|
- name: Install conntrackd_vrrp script
|
||||||
|
template:
|
||||||
|
src: conntrackd_vrrp.j2
|
||||||
|
dest: /usr/local/sbin/conntrackd_vrrp
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rwx,g=r,o=r
|
||||||
|
|
||||||
|
- name: Enable and start conntrackd
|
||||||
|
systemd:
|
||||||
|
name: conntrackd
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
...
|
53
roles/conntrackd/templates/conntrackd.conf.j2
Normal file
53
roles/conntrackd/templates/conntrackd.conf.j2
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{{ ansible_managed | comment}}
|
||||||
|
|
||||||
|
General {
|
||||||
|
HashSize {{ conntrackd_hash_size }}
|
||||||
|
HashLimit {{ conntrackd_hash_limit }}
|
||||||
|
|
||||||
|
Syslog on
|
||||||
|
|
||||||
|
LockFile /var/log/conntrackd.lock
|
||||||
|
|
||||||
|
UNIX {
|
||||||
|
Path /var/run/conntrackd.sock
|
||||||
|
}
|
||||||
|
|
||||||
|
SocketBufferSize {{ conntrackd_socket_buffer_size }}
|
||||||
|
SocketBufferSizeMaxGrown {{ conntrackd_socket_buffer_size_max }}
|
||||||
|
|
||||||
|
Systemd on
|
||||||
|
|
||||||
|
Filter From Userspace {
|
||||||
|
Protocol Accept {
|
||||||
|
TCP
|
||||||
|
UDP
|
||||||
|
}
|
||||||
|
Address Ignore {
|
||||||
|
{% for addr in conntrackd_ignore_addrs_ipv6 %}
|
||||||
|
IPv6_address {{ addr }}
|
||||||
|
{% endfor %}
|
||||||
|
{% for addr in conntrackd_ignore_addrs_ipv4 %}
|
||||||
|
IPv4_address {{ addr }}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Sync {
|
||||||
|
Mode FTFW {
|
||||||
|
DisableExternalCache off
|
||||||
|
StartupResync on
|
||||||
|
CommitTimeout {{ conntrackd_ftfw_commit_timeout }}
|
||||||
|
PurgeTimeout {{ conntrackd_ftfw_purge_timeout }}
|
||||||
|
}
|
||||||
|
|
||||||
|
UDP {
|
||||||
|
IPv6_address {{ conntrackd_udp_listen_ipv6 }}
|
||||||
|
IPv4_Destination_Address {{ conntrackd_udp_dest_ipv6 }}
|
||||||
|
Port {{ conntrackd_udp_listen_port }}
|
||||||
|
Interface {{ conntrackd_udp_iface }}
|
||||||
|
SndSocketBuffer {{ conntrackd_udp_send_buffer }}
|
||||||
|
RcvSocketBuffer {{ conntrackd_udp_receive_buffer }}
|
||||||
|
Checksum on
|
||||||
|
}
|
||||||
|
}
|
129
roles/conntrackd/templates/conntrackd_vrrp.j2
Normal file
129
roles/conntrackd/templates/conntrackd_vrrp.j2
Normal file
|
@ -0,0 +1,129 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
#
|
||||||
|
# (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# Description:
|
||||||
|
#
|
||||||
|
# This is the script for primary-backup setups for keepalived
|
||||||
|
# (http://www.keepalived.org). You may adapt it to make it work with other
|
||||||
|
# high-availability managers.
|
||||||
|
#
|
||||||
|
# Do not forget to include the required modifications to your keepalived.conf
|
||||||
|
# file to invoke this script during keepalived's state transitions.
|
||||||
|
#
|
||||||
|
# Contributions to improve this script are welcome :).
|
||||||
|
#
|
||||||
|
|
||||||
|
CONNTRACKD_BIN=/usr/sbin/conntrackd
|
||||||
|
CONNTRACKD_LOCK=/var/lock/conntrack.lock
|
||||||
|
CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
primary)
|
||||||
|
#
|
||||||
|
# commit the external cache into the kernel table
|
||||||
|
#
|
||||||
|
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c
|
||||||
|
if [ $? -eq 1 ]
|
||||||
|
then
|
||||||
|
logger "ERROR: failed to invoke conntrackd -c"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# flush the internal and the external caches
|
||||||
|
#
|
||||||
|
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f
|
||||||
|
if [ $? -eq 1 ]
|
||||||
|
then
|
||||||
|
logger "ERROR: failed to invoke conntrackd -f"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# resynchronize my internal cache to the kernel table
|
||||||
|
#
|
||||||
|
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R
|
||||||
|
if [ $? -eq 1 ]
|
||||||
|
then
|
||||||
|
logger "ERROR: failed to invoke conntrackd -R"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# send a bulk update to backups
|
||||||
|
#
|
||||||
|
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -B
|
||||||
|
if [ $? -eq 1 ]
|
||||||
|
then
|
||||||
|
logger "ERROR: failed to invoke conntrackd -B"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
backup)
|
||||||
|
#
|
||||||
|
# is conntrackd running? request some statistics to check it
|
||||||
|
#
|
||||||
|
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s
|
||||||
|
if [ $? -eq 1 ]
|
||||||
|
then
|
||||||
|
#
|
||||||
|
# something's wrong, do we have a lock file?
|
||||||
|
#
|
||||||
|
if [ -f $CONNTRACKD_LOCK ]
|
||||||
|
then
|
||||||
|
logger "WARNING: conntrackd was not cleanly stopped."
|
||||||
|
logger "If you suspect that it has crashed:"
|
||||||
|
logger "1) Enable coredumps"
|
||||||
|
logger "2) Try to reproduce the problem"
|
||||||
|
logger "3) Post the coredump to netfilter-devel@vger.kernel.org"
|
||||||
|
rm -f $CONNTRACKD_LOCK
|
||||||
|
fi
|
||||||
|
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d
|
||||||
|
if [ $? -eq 1 ]
|
||||||
|
then
|
||||||
|
logger "ERROR: cannot launch conntrackd"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
#
|
||||||
|
# shorten kernel conntrack timers to remove the zombie entries.
|
||||||
|
#
|
||||||
|
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
|
||||||
|
if [ $? -eq 1 ]
|
||||||
|
then
|
||||||
|
logger "ERROR: failed to invoke conntrackd -t"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# request resynchronization with master firewall replica (if any)
|
||||||
|
# Note: this does nothing in the alarm approach.
|
||||||
|
#
|
||||||
|
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n
|
||||||
|
if [ $? -eq 1 ]
|
||||||
|
then
|
||||||
|
logger "ERROR: failed to invoke conntrackd -n"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
fault)
|
||||||
|
#
|
||||||
|
# shorten kernel conntrack timers to remove the zombie entries.
|
||||||
|
#
|
||||||
|
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
|
||||||
|
if [ $? -eq 1 ]
|
||||||
|
then
|
||||||
|
logger "ERROR: failed to invoke conntrackd -t"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
logger "ERROR: unknown state transition"
|
||||||
|
echo "Usage: $0 {primary|backup|fault}"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
exit 0
|
|
@ -1,3 +0,0 @@
|
||||||
---
|
|
||||||
ifupdown2__interfaces: {}
|
|
||||||
...
|
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
- name: Restart networking
|
|
||||||
systemd:
|
|
||||||
name: networking.service
|
|
||||||
state: restarted
|
|
||||||
|
|
||||||
- name: Bring all interfaces up
|
|
||||||
shell: /usr/sbin/ifup -a
|
|
||||||
...
|
|
|
@ -1,42 +0,0 @@
|
||||||
---
|
|
||||||
- name: Gather package facts
|
|
||||||
package_facts:
|
|
||||||
manager: apt
|
|
||||||
|
|
||||||
- name: Check if ifupdown2 is installed
|
|
||||||
set_fact:
|
|
||||||
must_mask: "{{ 'ifupdown2' not in ansible_facts.packages }}"
|
|
||||||
|
|
||||||
- name: Mask networking before installing ifupdown2
|
|
||||||
systemd:
|
|
||||||
name: networking.service
|
|
||||||
masked: true
|
|
||||||
when: must_mask
|
|
||||||
|
|
||||||
- name: Install ifupdown2
|
|
||||||
apt:
|
|
||||||
name: ifupdown2
|
|
||||||
|
|
||||||
- name: Unmask networking now that ifupdown2 is installed
|
|
||||||
systemd:
|
|
||||||
name: networking.service
|
|
||||||
masked: false
|
|
||||||
when: must_mask
|
|
||||||
|
|
||||||
- name: Configure ifupdown2
|
|
||||||
template:
|
|
||||||
src: interfaces.j2
|
|
||||||
dest: /etc/network/interfaces
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=rw,g=r,o=
|
|
||||||
notify:
|
|
||||||
- Restart networking
|
|
||||||
- Bring all interfaces up
|
|
||||||
|
|
||||||
- name: Enable and start networking
|
|
||||||
systemd:
|
|
||||||
name: networking.service
|
|
||||||
state: started
|
|
||||||
enabled: true
|
|
||||||
...
|
|
|
@ -1,41 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
{% for name, iface in ifupdown2__interfaces.items() %}
|
|
||||||
auto {{ name }}
|
|
||||||
iface {{ name }}
|
|
||||||
{% for address in iface.addresses | default([]) %}
|
|
||||||
address {{ address | ipaddr }}
|
|
||||||
{% endfor %}
|
|
||||||
{% for gateway in iface.gateways | default([]) %}
|
|
||||||
gateway {{ gateway | ipaddr }}
|
|
||||||
{% endfor %}
|
|
||||||
{% if iface.bridge_ports is defined %}
|
|
||||||
bridge-ports {{ iface.bridge_ports | join(" ") }}
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.bridge_vlan_aware is defined %}
|
|
||||||
bridge-vlan-aware {{ iface.bridge_vlan_aware
|
|
||||||
| ternary("yes", "no") }}
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.bridge_vids is defined %}
|
|
||||||
bridge-vids {{ iface.bridge_vids | join(",") }}
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.vlan_id is defined %}
|
|
||||||
vlan-id {{ iface.vlan_id | int }}
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.vlan_raw_device is defined %}
|
|
||||||
vlan-raw-device {{ iface.vlan_raw_device }}
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.bridge_disable_pvid | default(false) %}
|
|
||||||
bridge-pvid 0
|
|
||||||
post-up bridge vlan del dev {{ name }} vid 1 self
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.forward | default(false) %}
|
|
||||||
ip-forward yes
|
|
||||||
ip6-forward yes
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.ipv6_addrgen is defined %}
|
|
||||||
ipv6-addrgen {{ iface.ipv6_addrgen
|
|
||||||
| ternary("yes", "no") }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% endfor %}
|
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
keepalived__virtual_addresses: {}
|
|
||||||
keepalived__notify_master: []
|
|
||||||
keepalived__notify_backup: []
|
|
||||||
keepalived__notify_fault: []
|
|
||||||
keepalived__max_auto_priority: -1
|
|
||||||
...
|
|
|
@ -5,18 +5,11 @@
|
||||||
|
|
||||||
- name: Configure keepalived
|
- name: Configure keepalived
|
||||||
template:
|
template:
|
||||||
src: "{{ item.src }}"
|
src: keepalived.conf
|
||||||
dest: "{{ item.dest }}"
|
dest: /etc/keepalived/keepalived.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "{{ item.mode }}"
|
mode: u=rw,g=,o=
|
||||||
loop:
|
|
||||||
- src: keepalived.conf.j2
|
|
||||||
dest: /etc/keepalived/keepalived.conf
|
|
||||||
mode: u=rw,g=,o=
|
|
||||||
- src: notify.sh.j2
|
|
||||||
dest: /etc/keepalived/notify.sh
|
|
||||||
mode: u=rwx,g=,o=
|
|
||||||
notify:
|
notify:
|
||||||
- Reload keepalived
|
- Reload keepalived
|
||||||
|
|
||||||
|
|
58
roles/keepalived/templates/keepalived.conf
Normal file
58
roles/keepalived/templates/keepalived.conf
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
global_defs {
|
||||||
|
dynamic_interfaces
|
||||||
|
script_user root
|
||||||
|
enable_script_security
|
||||||
|
vrrp_version 3
|
||||||
|
}
|
||||||
|
|
||||||
|
vrrp_sync_group group {
|
||||||
|
group {
|
||||||
|
instance_v4
|
||||||
|
instance_v6
|
||||||
|
}
|
||||||
|
{% if keepalived_notify_master %}
|
||||||
|
notify_master "{{ keepalived_notify_master }}"
|
||||||
|
{% endif %}
|
||||||
|
{% if keepalived_notify_backup is defined %}
|
||||||
|
notify_backup "{{ keepalived_notify_backup }}"
|
||||||
|
{% endif %}
|
||||||
|
{% if keepalived_notify_fault is defined %}
|
||||||
|
notify_fault "{{ keepalived_notify_fault }}"
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
vrrp_instance instance_v4 {
|
||||||
|
virtual_router_id {{ keepalived_virtual_router_id }}
|
||||||
|
interface {{ keepalived_interface }}
|
||||||
|
state BACKUP
|
||||||
|
priority 250
|
||||||
|
nopreempt
|
||||||
|
advert_int 1
|
||||||
|
accept
|
||||||
|
virtual_ipaddress {
|
||||||
|
{% for dev, addrs in keepalived_virtual_ipv4_addrs.items() %}
|
||||||
|
{% for addr in addrs %}
|
||||||
|
{{ addr }} dev {{ dev }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
vrrp_instance instance_v6 {
|
||||||
|
virtual_router_id {{ keepalived_virtual_router_id }}
|
||||||
|
interface {{ keepalived_interface }}
|
||||||
|
state BACKUP
|
||||||
|
priority 250
|
||||||
|
nopreempt
|
||||||
|
advert_int 1
|
||||||
|
accept
|
||||||
|
virtual_ipaddress {
|
||||||
|
{% for dev, addrs in keepalived_virtual_ipv6_addrs.items() %}
|
||||||
|
{% for addr in addrs %}
|
||||||
|
{{ addr }} dev {{ dev }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,92 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
global_defs {
|
|
||||||
dynamic_interfaces
|
|
||||||
script_user root
|
|
||||||
enable_script_security
|
|
||||||
vrrp_version 3
|
|
||||||
{% if keepalived__max_auto_priority is defined %}
|
|
||||||
max_auto_priority {{ keepalived__max_auto_priority | int }}
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
|
|
||||||
{%
|
|
||||||
set ipv4_enabled =
|
|
||||||
keepalived__ipv4_enabled
|
|
||||||
| default(keepalived__virtual_addresses.values()
|
|
||||||
| flatten | ansible.utils.ipv4)
|
|
||||||
%}
|
|
||||||
{%
|
|
||||||
set ipv6_enabled =
|
|
||||||
keepalived__ipv6_enabled
|
|
||||||
| default(keepalived__virtual_addresses.values()
|
|
||||||
| flatten | ansible.utils.ipv6)
|
|
||||||
%}
|
|
||||||
|
|
||||||
{% if ipv4_enabled and ipv6_enabled %}
|
|
||||||
vrrp_sync_group group {
|
|
||||||
group {
|
|
||||||
{% if ipv4_enabled %}
|
|
||||||
instance_v4
|
|
||||||
{% endif %}
|
|
||||||
{% if ipv6_enabled %}
|
|
||||||
instance_v6
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
notify_master "/etc/keepalived/notify.sh master"
|
|
||||||
notify_backup "/etc/keepalived/notify.sh backup"
|
|
||||||
notify_fault "/etc/keepalived/notify.sh fault"
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if ipv4_enabled %}
|
|
||||||
vrrp_instance instance_v4 {
|
|
||||||
virtual_router_id {{ keepalived__virtual_router_id | int }}
|
|
||||||
interface {{ keepalived__interface }}
|
|
||||||
state BACKUP
|
|
||||||
priority 250
|
|
||||||
nopreempt
|
|
||||||
advert_int 1
|
|
||||||
accept
|
|
||||||
virtual_ipaddress {
|
|
||||||
{% for dev, addresses in keepalived__virtual_addresses.items() %}
|
|
||||||
{% for address in addresses %}
|
|
||||||
{% if address | ansible.utils.ipv4 %}
|
|
||||||
{{ address }} dev {{ dev }}
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
{% endfor %}
|
|
||||||
}
|
|
||||||
{% if not (ipv4_enabled and ipv6_enabled) %}
|
|
||||||
notify_master "/etc/keepalived/notify.sh master"
|
|
||||||
notify_backup "/etc/keepalived/notify.sh backup"
|
|
||||||
notify_fault "/etc/keepalived/notify.sh fault"
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if ipv6_enabled %}
|
|
||||||
vrrp_instance instance_v6 {
|
|
||||||
virtual_router_id {{ keepalived__virtual_router_id | int }}
|
|
||||||
interface {{ keepalived__interface }}
|
|
||||||
state BACKUP
|
|
||||||
priority 250
|
|
||||||
nopreempt
|
|
||||||
advert_int 1
|
|
||||||
accept
|
|
||||||
virtual_ipaddress {
|
|
||||||
{% for dev, addresses in keepalived__virtual_addresses.items() %}
|
|
||||||
{% for address in addresses | ipaddr_sort(["link-local"]) %}
|
|
||||||
{% if address | ansible.utils.ipv6 %}
|
|
||||||
{{ address }} dev {{ dev }}
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
{% endfor %}
|
|
||||||
}
|
|
||||||
{% if not (ipv4_enabled and ipv6_enabled) %}
|
|
||||||
notify_master "/etc/keepalived/notify.sh master"
|
|
||||||
notify_backup "/etc/keepalived/notify.sh backup"
|
|
||||||
notify_fault "/etc/keepalived/notify.sh fault"
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
|
@ -1,33 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
master=(
|
|
||||||
{% for notify in keepalived__notify_master %}
|
|
||||||
{{ notify | quote }}
|
|
||||||
{% endfor %}
|
|
||||||
)
|
|
||||||
|
|
||||||
backup=(
|
|
||||||
{% for notify in keepalived__notify_backup %}
|
|
||||||
{{ notify | quote }}
|
|
||||||
{% endfor %}
|
|
||||||
)
|
|
||||||
|
|
||||||
fault=(
|
|
||||||
{% for notify in keepalived__notify_fault %}
|
|
||||||
{{ notify | quote }}
|
|
||||||
{% endfor %}
|
|
||||||
)
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
master | backup | fault)
|
|
||||||
scripts="$1[@]"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Usage: $0 (master|backup|fault)" >&2
|
|
||||||
exit 1
|
|
||||||
esac
|
|
||||||
|
|
||||||
for script in "${!scripts}"
|
|
||||||
do
|
|
||||||
eval "${script}"
|
|
||||||
done
|
|
6
roles/nftables_infra/handlers/main.yml
Normal file
6
roles/nftables_infra/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: Reload nftables
|
||||||
|
systemd:
|
||||||
|
name: nftables
|
||||||
|
state: reloaded
|
||||||
|
...
|
38
roles/nftables_infra/tasks/main.yml
Normal file
38
roles/nftables_infra/tasks/main.yml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
- name: Install nftables
|
||||||
|
apt:
|
||||||
|
name: nftables
|
||||||
|
|
||||||
|
- name: Create configuration directory
|
||||||
|
file:
|
||||||
|
path: /etc/nftables.d
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
|
- name: Configure nftables
|
||||||
|
template:
|
||||||
|
src: "{{ item }}.j2"
|
||||||
|
dest: "/etc/{{ item }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
loop:
|
||||||
|
- nftables.conf
|
||||||
|
- nftables.d/10-vars.conf
|
||||||
|
- nftables.d/20-blacklist.conf
|
||||||
|
- nftables.d/30-reverse-path-filter.conf
|
||||||
|
- nftables.d/40-input.conf
|
||||||
|
- nftables.d/50-output.conf
|
||||||
|
- nftables.d/60-forward.conf
|
||||||
|
- nftables.d/70-nat.conf
|
||||||
|
notify:
|
||||||
|
- Reload nftables
|
||||||
|
|
||||||
|
- name: Enable and start nftables
|
||||||
|
systemd:
|
||||||
|
name: nftables.service
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
...
|
7
roles/nftables_infra/templates/nftables.conf.j2
Normal file
7
roles/nftables_infra/templates/nftables.conf.j2
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/usr/sbin/nft -f
|
||||||
|
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
flush ruleset
|
||||||
|
|
||||||
|
include "/etc/nftables.d/*.conf"
|
79
roles/nftables_infra/templates/nftables.d/10-vars.conf.j2
Normal file
79
roles/nftables_infra/templates/nftables.d/10-vars.conf.j2
Normal file
|
@ -0,0 +1,79 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
define public_server_ipv6 = 2a09:6840:111::/56
|
||||||
|
define public_server_ipv4 = 45.66.111.0/24
|
||||||
|
|
||||||
|
define server_ipv6 = 2a09:6840:128::/48
|
||||||
|
define server_ipv4 = 10.128.0.0/16
|
||||||
|
|
||||||
|
define backbone_ipv6 = 2a09:6840:129::/48
|
||||||
|
define backbone_ipv4 = 10.129.0.0/16
|
||||||
|
|
||||||
|
define ups_ipv6 = 2a09:6840:131::/48
|
||||||
|
define ups_ipv4 = 10.131.0.0/16
|
||||||
|
|
||||||
|
define bmc_ipv6 = 2a09:6840:133::/48
|
||||||
|
define bmc_ipv4 = 10.133.0.0/16
|
||||||
|
|
||||||
|
define pve_ipv6 = 2a09:6840:134::/48
|
||||||
|
define pve_ipv4 = 10.134.0.0/16
|
||||||
|
|
||||||
|
define router_ipv6 = 2a09:6840:135::/48
|
||||||
|
define router_ipv4 = 10.135.0.0/16
|
||||||
|
|
||||||
|
define bastion_ipv6 = 2a09:6840:136::/48
|
||||||
|
define bastion_ipv4 = 10.136.0.0/16
|
||||||
|
|
||||||
|
define infra_ipv6 = {
|
||||||
|
$public_server_ipv6,
|
||||||
|
$server_ipv6,
|
||||||
|
$backbone_ipv6,
|
||||||
|
$ups_ipv6,
|
||||||
|
$bmc_ipv6,
|
||||||
|
$pve_ipv6,
|
||||||
|
$router_ipv6,
|
||||||
|
$bastion_ipv6,
|
||||||
|
}
|
||||||
|
define infra_ipv4 = {
|
||||||
|
$public_server_ipv4,
|
||||||
|
$server_ipv4,
|
||||||
|
$backbone_ipv4,
|
||||||
|
$ups_ipv4,
|
||||||
|
$bmc_ipv4,
|
||||||
|
$pve_ipv4,
|
||||||
|
$router_ipv4,
|
||||||
|
$bastion_ipv4,
|
||||||
|
}
|
||||||
|
|
||||||
|
# FIXME: temporary
|
||||||
|
define egress_internet_ipv6 = {
|
||||||
|
$server_ipv6,
|
||||||
|
$pve_ipv6,
|
||||||
|
$router_ipv6,
|
||||||
|
$bastion_ipv6,
|
||||||
|
}
|
||||||
|
define egress_internet_ipv4 = {
|
||||||
|
$server_ipv4,
|
||||||
|
$pve_ipv4,
|
||||||
|
$router_ipv4,
|
||||||
|
$bastion_ipv4,
|
||||||
|
}
|
||||||
|
|
||||||
|
define aurore_ipv4 = {
|
||||||
|
10.0.0.0/8,
|
||||||
|
45.66.108.0/22,
|
||||||
|
}
|
||||||
|
|
||||||
|
define need_nat_ipv4 = {
|
||||||
|
10.0.0.0/8,
|
||||||
|
}
|
||||||
|
|
||||||
|
define nat_public_ipv4 = 45.66.111.10
|
||||||
|
|
||||||
|
# FIXME: bad ipv6 address
|
||||||
|
define log_infra_ipv6 = 2a09:6840:128::241/128
|
||||||
|
define log_infra_ipv4 = 10.128.0.241
|
||||||
|
|
||||||
|
# FIXME: bad ipv6 address
|
||||||
|
define prom_infra_ipv6 = 2a09:6840:128::67/128
|
||||||
|
define prom_infra_ipv4 = 10.128.0.67
|
|
@ -0,0 +1,25 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
table inet blacklist {
|
||||||
|
|
||||||
|
set blacklist_ipv4 {
|
||||||
|
type ipv4_addr
|
||||||
|
flags interval
|
||||||
|
}
|
||||||
|
|
||||||
|
set blacklist_ipv6 {
|
||||||
|
type ipv6_addr
|
||||||
|
flags interval
|
||||||
|
}
|
||||||
|
|
||||||
|
counter blacklist {}
|
||||||
|
|
||||||
|
chain filter {
|
||||||
|
type filter hook prerouting priority raw - 10
|
||||||
|
policy accept
|
||||||
|
|
||||||
|
ip6 saddr @blacklist_ipv6 counter name blacklist drop
|
||||||
|
ip saddr @blacklist_ipv4 counter name blacklist drop
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
table inet reverse_path_filter {
|
||||||
|
|
||||||
|
chain filter {
|
||||||
|
type filter hook prerouting priority raw
|
||||||
|
policy accept
|
||||||
|
|
||||||
|
fib saddr . iif oif missing \
|
||||||
|
log prefix "reverse-path-filter" group 1 \
|
||||||
|
counter drop
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
70
roles/nftables_infra/templates/nftables.d/40-input.conf.j2
Normal file
70
roles/nftables_infra/templates/nftables.d/40-input.conf.j2
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
table inet input {
|
||||||
|
|
||||||
|
chain conntrack {
|
||||||
|
ct state vmap {
|
||||||
|
established: accept,
|
||||||
|
related: accept,
|
||||||
|
invalid: drop,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
chain input_from_server {
|
||||||
|
jump conntrack
|
||||||
|
|
||||||
|
ip6 saddr $prom_infra_ipv6 tcp dport 9100 accept
|
||||||
|
ip saddr $prom_infra_ipv4 tcp dport 9100 accept
|
||||||
|
}
|
||||||
|
|
||||||
|
chain input_from_backbone {
|
||||||
|
ip6 nexthdr { ospf, vrrp } accept
|
||||||
|
ip protocol { ospf, vrrp } accept
|
||||||
|
counter accept # FIXME: temporary
|
||||||
|
}
|
||||||
|
|
||||||
|
chain input_from_router {
|
||||||
|
jump conntrack
|
||||||
|
|
||||||
|
tcp dport ssh counter accept
|
||||||
|
}
|
||||||
|
|
||||||
|
chain input_from_bastion {
|
||||||
|
jump conntrack
|
||||||
|
|
||||||
|
tcp dport ssh counter accept
|
||||||
|
}
|
||||||
|
|
||||||
|
chain input_from_anywhere {
|
||||||
|
jump conntrack
|
||||||
|
|
||||||
|
# FIXME: limit
|
||||||
|
ip6 nexthdr icmpv6 counter accept
|
||||||
|
ip protocol icmp counter accept
|
||||||
|
}
|
||||||
|
|
||||||
|
chain input {
|
||||||
|
type filter hook input priority filter
|
||||||
|
policy drop
|
||||||
|
|
||||||
|
iif lo accept
|
||||||
|
|
||||||
|
jump input_from_anywhere
|
||||||
|
|
||||||
|
# FIXME: temporary
|
||||||
|
tcp dport ssh accept
|
||||||
|
|
||||||
|
ip6 saddr vmap {
|
||||||
|
$backbone_ipv6: jump input_from_backbone,
|
||||||
|
$router_ipv6: jump input_from_router,
|
||||||
|
}
|
||||||
|
|
||||||
|
ip saddr vmap {
|
||||||
|
$backbone_ipv4: jump input_from_backbone,
|
||||||
|
$router_ipv4: jump input_from_router,
|
||||||
|
}
|
||||||
|
|
||||||
|
reject with icmpx type admin-prohibited
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
22
roles/nftables_infra/templates/nftables.d/50-output.conf.j2
Normal file
22
roles/nftables_infra/templates/nftables.d/50-output.conf.j2
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
table inet output {
|
||||||
|
|
||||||
|
chain conntrack {
|
||||||
|
ct state vmap {
|
||||||
|
established: accept,
|
||||||
|
related: accept,
|
||||||
|
invalid: drop,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
chain output {
|
||||||
|
type filter hook output priority filter
|
||||||
|
policy accept
|
||||||
|
|
||||||
|
jump conntrack
|
||||||
|
|
||||||
|
counter
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
116
roles/nftables_infra/templates/nftables.d/60-forward.conf.j2
Normal file
116
roles/nftables_infra/templates/nftables.d/60-forward.conf.j2
Normal file
|
@ -0,0 +1,116 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
table inet forward {
|
||||||
|
|
||||||
|
chain conntrack {
|
||||||
|
ct state vmap {
|
||||||
|
established: accept,
|
||||||
|
related: accept,
|
||||||
|
invalid: drop,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
chain forward_to_public_server {
|
||||||
|
jump conntrack
|
||||||
|
}
|
||||||
|
|
||||||
|
chain forward_to_server {
|
||||||
|
jump conntrack
|
||||||
|
|
||||||
|
ip6 saddr $infra_ipv6 ip6 daddr $log_infra_ipv6 jump {
|
||||||
|
tcp dport 2514 counter accept
|
||||||
|
udp dport 514 counter accept
|
||||||
|
}
|
||||||
|
|
||||||
|
ip saddr $infra_ipv4 ip daddr $log_infra_ipv4 jump {
|
||||||
|
tcp dport 2514 counter accept
|
||||||
|
udp dport 514 counter accept
|
||||||
|
}
|
||||||
|
|
||||||
|
ip6 saddr $prom_infra_ipv6 tcp dport 9100 counter accept
|
||||||
|
ip saddr $prom_infra_ipv4 udp dport 161 counter accept
|
||||||
|
|
||||||
|
ip6 saddr $bastion_ipv6 tcp dport ssh accept
|
||||||
|
ip saddr $bastion_ipv4 tcp dport ssh accept
|
||||||
|
}
|
||||||
|
|
||||||
|
chain forward_to_backbone {
|
||||||
|
}
|
||||||
|
|
||||||
|
chain forward_to_ups {
|
||||||
|
jump conntrack
|
||||||
|
|
||||||
|
ip6 saddr $prom_infra_ipv6 udp dport 161 counter accept
|
||||||
|
ip saddr $prom_infra_ipv4 udp dport 161 counter accept
|
||||||
|
|
||||||
|
ip6 saddr $bastion_ipv6 tcp dport ssh accept
|
||||||
|
ip saddr $bastion_ipv4 tcp dport ssh accept
|
||||||
|
}
|
||||||
|
|
||||||
|
chain forward_to_bmc {
|
||||||
|
jump conntrack
|
||||||
|
|
||||||
|
ip6 saddr $prom_infra_ipv6 udp dport 161 counter accept
|
||||||
|
ip saddr $prom_infra_ipv4 udp dport 161 counter accept
|
||||||
|
|
||||||
|
ip6 saddr $bastion_ipv6 tcp dport ssh accept
|
||||||
|
ip saddr $bastion_ipv4 tcp dport ssh accept
|
||||||
|
}
|
||||||
|
|
||||||
|
chain forward_to_pve {
|
||||||
|
jump conntrack
|
||||||
|
|
||||||
|
ip6 saddr $prom_infra_ipv6 tcp dport 9100 counter accept
|
||||||
|
ip saddr $prom_infra_ipv4 tcp dport 9100 counter accept
|
||||||
|
|
||||||
|
ip6 saddr $bastion_ipv6 tcp dport ssh accept
|
||||||
|
ip saddr $bastion_ipv4 tcp dport ssh accept
|
||||||
|
}
|
||||||
|
|
||||||
|
chain forward_to_router {
|
||||||
|
jump conntrack
|
||||||
|
|
||||||
|
ip6 saddr $prom_infra_ipv6 tcp dport 9100 counter accept
|
||||||
|
ip saddr $prom_infra_ipv4 tcp dport 9100 counter accept
|
||||||
|
|
||||||
|
ip6 saddr $bastion_ipv6 tcp dport ssh accept
|
||||||
|
ip saddr $bastion_ipv4 tcp dport ssh accept
|
||||||
|
}
|
||||||
|
|
||||||
|
chain forward_to_internet {
|
||||||
|
jump conntrack
|
||||||
|
|
||||||
|
ip6 saddr $egress_internet_ipv6 counter accept
|
||||||
|
ip saddr $egress_internet_ipv4 counter accept
|
||||||
|
}
|
||||||
|
|
||||||
|
chain forward {
|
||||||
|
type filter hook forward priority filter
|
||||||
|
policy drop
|
||||||
|
|
||||||
|
iif lo accept
|
||||||
|
|
||||||
|
ip6 daddr vmap {
|
||||||
|
$public_server_ipv6: goto forward_to_public_server,
|
||||||
|
$server_ipv6: goto forward_to_server,
|
||||||
|
$backbone_ipv6: goto forward_to_backbone,
|
||||||
|
$ups_ipv6: goto forward_to_ups,
|
||||||
|
$bmc_ipv6: goto forward_to_bmc,
|
||||||
|
$pve_ipv6: goto forward_to_pve,
|
||||||
|
$router_ipv6: goto forward_to_router,
|
||||||
|
}
|
||||||
|
|
||||||
|
ip daddr vmap {
|
||||||
|
$public_server_ipv4: goto forward_to_public_server,
|
||||||
|
$server_ipv4: goto forward_to_server,
|
||||||
|
$backbone_ipv4: goto forward_to_backbone,
|
||||||
|
$ups_ipv4: goto forward_to_ups,
|
||||||
|
$bmc_ipv4: goto forward_to_bmc,
|
||||||
|
$pve_ipv4: goto forward_to_pve,
|
||||||
|
$router_ipv4: goto forward_to_router,
|
||||||
|
}
|
||||||
|
|
||||||
|
goto forward_to_internet
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
19
roles/nftables_infra/templates/nftables.d/70-nat.conf.j2
Normal file
19
roles/nftables_infra/templates/nftables.d/70-nat.conf.j2
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
table ip nat {
|
||||||
|
|
||||||
|
chain postrouting {
|
||||||
|
type nat hook postrouting priority srcnat
|
||||||
|
policy accept
|
||||||
|
|
||||||
|
iif lo return
|
||||||
|
|
||||||
|
# Is there any other way to do that?
|
||||||
|
meta pkttype { multicast, broadcast } return
|
||||||
|
ip daddr 224.0.0.0/24 return
|
||||||
|
|
||||||
|
ip saddr $need_nat_ipv4 ip daddr != $aurore_ipv4 \
|
||||||
|
snat $nat_public_ipv4 persistent
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install resolv.conf
|
|
||||||
template:
|
|
||||||
src: resolv.conf.j2
|
|
||||||
dest: /etc/resolv.conf
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=rw,g=r,o=r
|
|
||||||
...
|
|
|
@ -1,11 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
{% for nameserver in resolvconf__nameservers %}
|
|
||||||
nameserver {{ nameserver | ipaddr }}
|
|
||||||
{% endfor %}
|
|
||||||
{% if resolvconf__domain is defined %}
|
|
||||||
domain {{ resolvconf__domain }}
|
|
||||||
{% endif %}
|
|
||||||
{% if resolvconf__search is defined %}
|
|
||||||
search {{ resolvconf__search | join(" ") }}
|
|
||||||
{% endif %}
|
|
20
roles/systemd_networkd/handlers/main.yml
Normal file
20
roles/systemd_networkd/handlers/main.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
- name: Update initramfs
|
||||||
|
command:
|
||||||
|
cmd: update-initramfs -u
|
||||||
|
|
||||||
|
- name: Restart systemd-networkd
|
||||||
|
systemd:
|
||||||
|
name: systemd-networkd.service
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Reboot required
|
||||||
|
file:
|
||||||
|
path: /var/run/reboot-required
|
||||||
|
state: touch
|
||||||
|
modification_time: preserve
|
||||||
|
access_time: preserve
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
...
|
30
roles/systemd_networkd/tasks/main.yml
Normal file
30
roles/systemd_networkd/tasks/main.yml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
- name: Configure interfaces links
|
||||||
|
template:
|
||||||
|
src: link.j2
|
||||||
|
dest: "/etc/systemd/network/10-{{ item.key }}.link"
|
||||||
|
owner: root
|
||||||
|
group: systemd-network
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
loop: "{{ networkd_interfaces | dict2items }}"
|
||||||
|
notify:
|
||||||
|
- Update initramfs
|
||||||
|
- Reboot required
|
||||||
|
|
||||||
|
- name: Configure interfaces networks
|
||||||
|
template:
|
||||||
|
src: network.j2
|
||||||
|
dest: "/etc/systemd/network/10-{{ item.key }}.network"
|
||||||
|
owner: root
|
||||||
|
group: systemd-network
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
loop: "{{ networkd_interfaces | dict2items }}"
|
||||||
|
notify:
|
||||||
|
- Restart systemd-networkd
|
||||||
|
|
||||||
|
- name: Enable and start systemd-networkd
|
||||||
|
systemd:
|
||||||
|
name: systemd-networkd.service
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
...
|
7
roles/systemd_networkd/templates/link.j2
Normal file
7
roles/systemd_networkd/templates/link.j2
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
[Match]
|
||||||
|
MACAddress={{ item.value.mac_addr }}
|
||||||
|
|
||||||
|
[Link]
|
||||||
|
Name={{ item.key }}
|
18
roles/systemd_networkd/templates/network.j2
Normal file
18
roles/systemd_networkd/templates/network.j2
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
[Match]
|
||||||
|
Name={{ item.key }}
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
LinkLocalAddressing={{ item.value.link_local | default(true)
|
||||||
|
| ternary("ipv6", "no") }}
|
||||||
|
IPForward={{ item.value.forward | default(false)
|
||||||
|
| ternary("yes", "no") }}
|
||||||
|
|
||||||
|
{% for addr in item.value.ip_addrs | default([]) %}
|
||||||
|
[Address]
|
||||||
|
Address={{ addr }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
[FairQueueingControlledDelay]
|
||||||
|
Parent=root
|
Loading…
Reference in a new issue