Radvd: update role #102

Open
jeltz wants to merge 1 commit from radvd into master
5 changed files with 88 additions and 88 deletions

30
playbooks/radvd.yml Executable file
View file

@ -0,0 +1,30 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
radvd__interfaces:
client-0:
prefix:
- 2a09:6841::/56
client-1:
prefix:
- 2a09:6841:0:100::/56
client-2:
prefix:
- 2a09:6841:0:200::/56
client-3:
prefix:
- 2a09:6841:0:300::/56
client-4:
prefix:
- 2a09:6841:0:400::/56
radvd__domain_search:
- isp.auro.re
- auro.re
radvd__dns_servers:
- 2a09:6840:128::127
roles:
- radvd
...

View file

@ -0,0 +1,8 @@
---
radvd__interfaces: {}
radvd__min_adv_interval: 3
radvd__max_adv_interval: 600
radvd__dns_servers: []
radvd__domain_search: []
radvd__ignore_if_missing: true
...

View file

@ -1,6 +1,6 @@
---
- name: restart radvd
- name: Restart radvd
systemd:
name: radvd.service
state: restarted
name: radvd
enabled: true
...

View file

@ -1,19 +1,20 @@
---
# Warning: radvd installation seems to fail if the configuration
# file doesn't already exist when the package is installed,
# so the order is important.
- name: Install radvd
apt:
name: radvd
- name: Configure radvd
template:
src: radvd.conf.j2
dest: /etc/radvd.conf
mode: 0644
notify: restart radvd
tags:
- radconf
owner: root
group: root
mode: u=rw,g=r,o=
notify: Restart radvd
- name: Install radvd
apt:
update_cache: true
name: radvd
state: present
notify: restart radvd
- name: Enable and start radvd
systemd:
name: radvd.service
state: started
enabled: true
...

View file

@ -1,80 +1,41 @@
# -*- mode: conf-unix; coding: utf-8 -*-
{{ ansible_managed | comment }}
##
# Bornes Wi-Fi
##
# # Need to add an interface for this VLAN on "routeur-*" hosts.
#
# interface ens19 {
# AdvSendAdvert on;
# AdvLinkMTU {{ mtu }};
# AdvDefaultPreference high;
# MaxRtrAdvInterval 30;
#
# AdvRASrcAddress {
# {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::0:250; # Unifi controller
# };
#
# prefix {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::/64 {
# AdvRouterAddr on;
# };
#
# # La zone DNS
# DNSSL borne.auro.re {};
#
# # Les DNS récursifs
# RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::{{ dns_host_suffix_main }} {};
# RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::{{ dns_host_suffix_backup }} {};
# };
##
# Utilisateurs filaire
##
interface ens20 {
{% for name, iface in radvd__interfaces.items() %}
interface {{ name }} {
AdvSendAdvert on;
AdvLinkMTU {{ mtu }};
AdvDefaultPreference high;
MaxRtrAdvInterval 30;
IgnoreIfMissing {{ iface.ignore_if_missing
| default(radvd__ignore_if_missing)
| ternary("yes", "no") }};
{% if iface.mtu is defined %}
AdvLinkMTU {{ iface.mtu | int }};
{% endif %}
AdvDefaultPreference high; # TODO
MinRtrAdvInterval {{ iface.min_adv_interval
| default(radvd__min_adv_interval)
| int }};
MaxRtrAdvInterval {{ iface.max_adv_interval
| default(radvd__max_adv_interval)
| int }};
{% if iface.src_address | default([]) %}
AdvRASrcAddress {
fe80::1; # link-local virtual IP used with keepalived
{% for addr in iface.src_address %}
{{ addr | ipv6 }}
{% endfor %}
};
prefix {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::/64 {
{% endif %}
{% for prefix in iface.prefix | default([]) %}
prefix {{ prefix | ipv6 }} {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
DNSSL fil.{{ apartment_block_dhcp }}.auro.re {}; # TODO: fix this shitty workaround.
RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::{{ dns_host_suffix_main }} {};
RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::{{ dns_host_suffix_backup }} {};
{% endfor %}
{% for domain in iface.domain_search | default(radvd__domain_search) %}
DNSSL {{ domain }} {};
{% endfor %}
{% for addr in iface.dns_servers | default(radvd__dns_servers) %}
RDNSS {{ addr | ipv6 }} {};
{% endfor %}
};
##
# Utilisateurs wifi
##
interface ens21 {
AdvSendAdvert on;
AdvLinkMTU {{ mtu }};
AdvDefaultPreference high;
MaxRtrAdvInterval 30;
AdvRASrcAddress {
fe80::1;
};
prefix {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::/64 {
AdvRouterAddr on;
};
DNSSL wifi.{{ apartment_block_dhcp }}.auro.re {}; # TODO: fix this shitty workaround.
RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::{{ dns_host_suffix_main }} {};
RDNSS {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::{{ dns_host_suffix_backup }} {};
};
# For public IPs: will use DHCPv6, deployed on routeur-aurore alone.
{% endfor %}