aurore/ansible
aurore/ansible
10
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

Compare commits

merge into: aurore:new-infra
Branches Tags
aurore:new-infra
aurore:connection_aruba
aurore:switch_rest
aurore:zfs-backup
aurore:bird
aurore:dns
aurore:aruba
aurore:radius
aurore:on-en-a-litteralement-rien-a-foutre
aurore:radvd
aurore:keepalived
aurore:ifupdown2
aurore:master
aurore:dhcp
aurore:cleanup_no_ldap_for_servers
aurore:infra_router
aurore:ask_vault_pass
aurore:borgfix
aurore:auditd
aurore:prometheus_apt_pending_and_reboot
aurore:move_host_vars
aurore:prometheus-ipmi-exporter
aurore:fix-portail
aurore:crans
aurore:apt
aurore:remove_old_db_servers
aurore:rspamd
aurore:wireguard-ovh
aurore:pass
aurore:nullmailer
aurore:logs
aurore:mailserver
aurore:re2o-master
aurore:mail_server
...
pull from: aurore:ifupdown2
Branches Tags
aurore:new-infra
aurore:connection_aruba
aurore:switch_rest
aurore:zfs-backup
aurore:bird
aurore:dns
aurore:aruba
aurore:radius
aurore:on-en-a-litteralement-rien-a-foutre
aurore:radvd
aurore:keepalived
aurore:ifupdown2
aurore:master
aurore:dhcp
aurore:cleanup_no_ldap_for_servers
aurore:infra_router
aurore:ask_vault_pass
aurore:borgfix
aurore:auditd
aurore:prometheus_apt_pending_and_reboot
aurore:move_host_vars
aurore:prometheus-ipmi-exporter
aurore:fix-portail
aurore:crans
aurore:apt
aurore:remove_old_db_servers
aurore:rspamd
aurore:wireguard-ovh
aurore:pass
aurore:nullmailer
aurore:logs
aurore:mailserver
aurore:re2o-master
aurore:mail_server

4 commits
new-infra ... ifupdown2

Author SHA1 Message Date
Jeltz
10acf10c47
ifupdown2: use 'command' instead of 'shell' 2022-09-01 08:20:25 +02:00
Jeltz
a64dbf9aec
ifupdown2: update sample playbook for vxlan + upstream package 2022-08-28 04:26:36 +02:00
Jeltz
bc98517c77
ifupdown2: add support for vxlan 2022-08-28 04:26:09 +02:00
Jeltz
3a202b4566
ifupdown2: install upstream version (3.1.0-1) if required 2022-08-27 21:04:36 +02:00
8 changed files with 107 additions and 2 deletions
Show stats Expand all files Collapse all files

43
playbooks/ifupdown2.yml
View file

@ -11,6 +11,7 @@
# TODO: netbox # TODO: netbox
ifupdown2__hosts: ifupdown2__hosts:
ntp-1.int.infra.auro.re: ntp-1.int.infra.auro.re:
lo: auto
ens18: ens18:
gateways: gateways:
- 2a09:6840:128::254 - 2a09:6840:128::254
@ -19,6 +20,7 @@
- 2a09:6840:128::203/56 - 2a09:6840:128::203/56
- 10.128.0.203/16 - 10.128.0.203/16
dns-1.int.infra.auro.re: dns-1.int.infra.auro.re:
lo: auto
ens18: ens18:
gateways: gateways:
- 2a09:6840:128::254 - 2a09:6840:128::254
@ -27,6 +29,7 @@
- 2a09:6840:128::127/56 - 2a09:6840:128::127/56
- 10.128.0.127/16 - 10.128.0.127/16
dhcp-1.isp.auro.re: dhcp-1.isp.auro.re:
lo: auto
ens18: ens18:
gateways: gateways:
- 2a09:6840:128::254 - 2a09:6840:128::254
@ -67,6 +70,7 @@
vlan_id: 1004 vlan_id: 1004
vlan_raw_device: clients vlan_raw_device: clients
dhcp-2.isp.auro.re: dhcp-2.isp.auro.re:
lo: auto
ens18: ens18:
gateways: gateways:
- 2a09:6840:128::254 - 2a09:6840:128::254
@ -107,6 +111,7 @@
vlan_id: 1004 vlan_id: 1004
vlan_raw_device: clients vlan_raw_device: clients
isp-1.rtr.infra.auro.re: isp-1.rtr.infra.auro.re:
lo: auto
ens18: ens18:
gateways: gateways:
- 2a09:6840:128::254 - 2a09:6840:128::254
@ -115,10 +120,25 @@
- 2a09:6840:128::255/56 - 2a09:6840:128::255/56
- 10.128.0.255/16 - 10.128.0.255/16
ens19: null ens19: null
ens20:
addresses:
- 2a09:6840:136:0:1::/56
- 10.136.0.1/16
vxlan:
mtu: 1450
vxlan_learning: true
vxlan_physdev: ens20
vxlan_port: 4789
#vxlan_mcastgrp: ff02::15c
bridge_vlan_vni_map: 1000-1004=1000-1004
bridge_vids:
- 1000-1004
bridge_learning: false
clients: clients:
bridge_vlan_aware: true bridge_vlan_aware: true
bridge_ports: bridge_ports:
- ens19 - ens19
- vxlan
bridge_vids: bridge_vids:
- 1000-1004 - 1000-1004
bridge_disable_pvid: true bridge_disable_pvid: true
@ -150,6 +170,7 @@
vlan_raw_device: clients vlan_raw_device: clients
ipv6_addrgen: false ipv6_addrgen: false
isp-2.rtr.infra.auro.re: isp-2.rtr.infra.auro.re:
lo: auto
ens18: ens18:
gateways: gateways:
- 2a09:6840:128::254 - 2a09:6840:128::254
@ -158,12 +179,30 @@
- 2a09:6840:128::158/56 - 2a09:6840:128::158/56
- 10.128.0.158/16 - 10.128.0.158/16
ens19: null ens19: null
ens20:
addresses:
- 2a09:6840:136:0:2::/56
- 10.136.0.2/16
vxlan:
mtu: 1450
vxlan_learning: true
vxlan_physdev: ens20
vxlan_port: 4789
#vxlan_mcastgrp: ff02::15c
bridge_vlan_vni_map: 1000-1004=1000-1004
bridge_vids:
- 1000-1004
bridge_learning: false
clients: clients:
bridge_vlan_aware: true bridge_vlan_aware: true
bridge_ports: bridge_ports:
- ens19 - ens19
- vxlan
bridge_vids: bridge_vids:
- 1000-1004 - 1000-1004
bridge_disable_pvid: true
forward: true
ipv6_addrgen: false
client-0: client-0:
forward: true forward: true
vlan_id: 1000 vlan_id: 1000
@ -189,7 +228,11 @@
vlan_id: 1004 vlan_id: 1004
vlan_raw_device: clients vlan_raw_device: clients
ipv6_addrgen: false ipv6_addrgen: false
ifupdown2__need_upstream_version_hosts:
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}" ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
ifupdown2__need_upstream_version: "{{ inventory_hostname in ifupdown2__need_upstream_version_hosts }}"
roles: roles:
- ifupdown2 - ifupdown2

7
playbooks/ldap_accounts.yml Normal file
View file

@ -0,0 +1,7 @@
---
- hosts: camelot.adm.auro.re
roles:
- sssd
vars:
xxx
...

16
playbooks/radvd.yml Executable file
View file

@ -0,0 +1,16 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- dhcp-1.isp.auro.re
- dhcp-2.isp.auro.re
vars:
radvd__interfaces:
ens19:
routes:
- network: 2a09:6841:1::/56
ens20:
routes:
- network: 2a09:6841:2::/56
roles:
- radvd
...

1
roles/ifupdown2/defaults/main.yml
View file

@ -1,3 +1,4 @@
--- ---
ifupdown2__interfaces: {} ifupdown2__interfaces: {}
ifupdown2__need_upstream_version: False
... ...

BIN
roles/ifupdown2/files/ifupdown2_3.1.0-1_all.deb Normal file
View file

Binary file not shown.

2
roles/ifupdown2/handlers/main.yml
View file

@ -5,5 +5,5 @@
state: restarted state: restarted
- name: Bring all interfaces up - name: Bring all interfaces up
shell: /usr/sbin/ifup -a command: /usr/sbin/ifup -a
... ...

17
roles/ifupdown2/tasks/main.yml
View file

@ -13,9 +13,24 @@
masked: true masked: true
when: must_mask when: must_mask
- name: Install ifupdown2 - name: Install ifupdown2 (debian version)
apt: apt:
name: ifupdown2 name: ifupdown2
when: "not ifupdown2__need_upstream_version"
# FIXME: ifupdown2 3.1.0-1 is not yet available, but is needed for its
# better VxLAN support
# See https://github.com/CumulusNetworks/ifupdown2/issues/211
- name: Install upstream version of ifupdown2
block:
- name: Upload .deb file
copy:
src: ifupdown2_3.1.0-1_all.deb
dest: /tmp/ifupdown2_3.1.0-1_all.deb
- name: Install .deb file
apt:
deb: /tmp/ifupdown2_3.1.0-1_all.deb
when: "ifupdown2__need_upstream_version"
- name: Unmask networking now that ifupdown2 is installed - name: Unmask networking now that ifupdown2 is installed
systemd: systemd:

23
roles/ifupdown2/templates/interfaces.j2
View file

@ -37,5 +37,28 @@ iface {{ name }}
ipv6-addrgen {{ iface.ipv6_addrgen ipv6-addrgen {{ iface.ipv6_addrgen
| ternary("yes", "no") }} | ternary("yes", "no") }}
{% endif %} {% endif %}
{% if iface.mtu is defined %}
mtu {{ iface.mtu | int }}
{% endif %}
{% if iface.vxlan_learning is defined %}
vxlan-learning {{ iface.vxlan_learning
| ternary("yes", "no") }}
{% endif %}
{% if iface.vxlan_physdev is defined %}
vxlan-physdev {{ iface.vxlan_physdev }}
{% endif %}
{% if iface.vxlan_port is defined %}
vxlan-port {{ iface.vxlan_port | int }}
{% endif %}
{% if iface.vxlan_mcastgrp is defined %}
vxlan-mcastgrp {{ iface.vxlan_mcastgrp }}
{% endif %}
{% if iface.bridge_vlan_vni_map is defined %}
bridge-vlan-vni-map {{ iface.bridge_vlan_vni_map }}
{% endif %}
{% if iface.bridge_learning is defined %}
bridge-learning {{ iface.bridge_learning
| ternary("yes", "no") }}
{% endif %}
{% endfor %} {% endfor %}