185 lines
4.8 KiB
YAML
Executable file
185 lines
4.8 KiB
YAML
Executable file
#!/usr/bin/env ansible-playbook
|
|
---
|
|
- hosts:
|
|
- infra-1.router.auro.re
|
|
- infra-2.router.auro.re
|
|
vars:
|
|
networkd_interfaces:
|
|
vlan111:
|
|
mac_addr: "{{ network.vlan111.mac_addr }}"
|
|
link_local: false
|
|
forward: true
|
|
vlan128:
|
|
mac_addr: "{{ network.vlan128.mac_addr }}"
|
|
link_local: false
|
|
forward: true
|
|
vlan129:
|
|
mac_addr: "{{ network.vlan129.mac_addr }}"
|
|
ip_addrs: "{{ network.vlan129.ipv4_addrs
|
|
+ network.vlan129.ipv6_addrs }}"
|
|
forward: true
|
|
vlan130:
|
|
mac_addr: "{{ network.vlan130.mac_addr }}"
|
|
link_local: false
|
|
forward: true
|
|
vlan131:
|
|
mac_addr: "{{ network.vlan131.mac_addr }}"
|
|
link_local: false
|
|
forward: true
|
|
vlan133:
|
|
mac_addr: "{{ network.vlan133.mac_addr }}"
|
|
link_local: false
|
|
forward: true
|
|
vlan134:
|
|
mac_addr: "{{ network.vlan134.mac_addr }}"
|
|
link_local: false
|
|
forward: true
|
|
vlan135:
|
|
mac_addr: "{{ network.vlan135.mac_addr }}"
|
|
ip_addrs: "{{ network.vlan135.ipv4_addrs
|
|
+ network.vlan135.ipv6_addrs }}"
|
|
forward: true
|
|
roles:
|
|
- systemd_networkd
|
|
|
|
- hosts:
|
|
- infra-1.router.auro.re
|
|
- infra-2.router.auro.re
|
|
vars:
|
|
bird_router_id: "{{ network.vlan129.ipv4_addrs[0] | ipaddr('address') }}"
|
|
bird_ospf_src: "{{ network.vlan135.ipv4_addrs[0] | ipaddr('address') }}"
|
|
bird_ospf_src_v6: "{{ network.vlan135.ipv6_addrs[0] | ipaddr('address') }}"
|
|
bird_ospf_interfaces:
|
|
vlan111:
|
|
stub: true
|
|
vlan128:
|
|
stub: true
|
|
vlan129:
|
|
broadcast: true
|
|
vlan130:
|
|
stub: true
|
|
vlan131:
|
|
stub: true
|
|
vlan133:
|
|
stub: true
|
|
vlan134:
|
|
stub: true
|
|
roles:
|
|
- bird
|
|
|
|
- hosts:
|
|
- infra-1.router.auro.re
|
|
- infra-2.router.auro.re
|
|
vars:
|
|
keepalived_notify_master: "/usr/local/sbin/conntrackd_vrrp primary"
|
|
keepalived_notify_backup: "/usr/local/sbin/conntrackd_vrrp backup"
|
|
keepalived_notify_fault: "/usr/local/sbin/conntrackd_vrrp fault"
|
|
keepalived_virtual_router_id: 42
|
|
keepalived_interface: vlan129
|
|
keepalived_virtual_ipv4_addrs:
|
|
vlan111:
|
|
- 45.66.111.10/24 # 45.66.111.1/24
|
|
vlan128:
|
|
- 10.128.0.16/16 # 10.128.0.1/16
|
|
vlan130:
|
|
- 10.130.0.185/16 # 10.130.0.1/16
|
|
vlan131:
|
|
- 10.131.0.1/16
|
|
vlan133:
|
|
- 10.133.0.1/16
|
|
vlan134:
|
|
- 10.134.0.1/16
|
|
keepalived_virtual_ipv6_addrs:
|
|
vlan111:
|
|
- fe80::200:02ff:fe23:ae26/64
|
|
- 2a09:6840:111:0:10::/56 # 2a09:6840:111:0:1::/56
|
|
vlan128:
|
|
- fe80::200:02ff:fe9f:d67a/64
|
|
- 2a09:6840:128:0:16::/48 # 2a09:6840:128:0:1::/48
|
|
vlan130:
|
|
- fe80::200:02ff:fee2:9782/64
|
|
- 2a09:6840:130:0:185::/48 # 2a09:6840:130:0:1::/48
|
|
vlan131:
|
|
- fe80::200:02ff:fee2:9782/64
|
|
- 2a09:6840:131:0:1::/48
|
|
vlan133:
|
|
- fe80::200:02ff:fe8a:0cbc/64
|
|
- 2a09:6840:133:0:1::/48
|
|
vlan134:
|
|
- fe80::200:02ff:fe09:38f7/64
|
|
- 2a09:6840:134:0:1::/48
|
|
roles:
|
|
- keepalived
|
|
|
|
- hosts:
|
|
- infra-1.router.auro.re
|
|
vars:
|
|
conntrackd_ignore_addrs_ipv6:
|
|
- ::/128
|
|
- 2a09:6840:111:0:10::/64
|
|
- 2a09:6840:128:0:16::/64
|
|
- 2a09:6840:129:0:245::/64
|
|
- 2a09:6840:129:0:246::/64
|
|
- 2a09:6840:130:0:185::/64
|
|
- 2a09:6840:131:0:248::/64
|
|
- 2a09:6840:133:0:1::/64
|
|
- 2a09:6840:134:0:1::/64
|
|
- 2a09:6840:135:0:1::/64
|
|
- 2a09:6840:135:0:2::/64
|
|
conntrackd_ignore_addrs_ipv4:
|
|
- 127.0.0.1/8
|
|
- 45.66.111.10
|
|
- 10.128.0.16
|
|
- 10.129.0.245
|
|
- 10.129.0.246
|
|
- 10.130.0.185
|
|
- 10.131.0.248
|
|
- 10.133.0.1
|
|
- 10.134.0.1
|
|
- 10.135.0.1
|
|
- 10.135.0.2
|
|
conntrackd_udp_dest_ipv6: 10.129.0.246
|
|
conntrackd_udp_listen_ipv6: 10.129.0.245
|
|
conntrackd_udp_iface: vlan129
|
|
roles:
|
|
- conntrackd
|
|
|
|
- hosts:
|
|
- infra-2.router.auro.re
|
|
vars:
|
|
conntrackd_ignore_addrs_ipv6:
|
|
- ::/128
|
|
- 2a09:6840:111:0:10::/64
|
|
- 2a09:6840:128:0:16::/64
|
|
- 2a09:6840:129:0:245::/64
|
|
- 2a09:6840:129:0:246::/64
|
|
- 2a09:6840:130:0:185::/64
|
|
- 2a09:6840:131:0:248::/64
|
|
- 2a09:6840:133:0:1::/64
|
|
- 2a09:6840:134:0:1::/64
|
|
- 2a09:6840:135:0:1::/64
|
|
- 2a09:6840:135:0:2::/64
|
|
conntrackd_ignore_addrs_ipv4:
|
|
- 127.0.0.1/8
|
|
- 45.66.111.10
|
|
- 10.128.0.16
|
|
- 10.129.0.245
|
|
- 10.129.0.246
|
|
- 10.130.0.185
|
|
- 10.131.0.248
|
|
- 10.133.0.1
|
|
- 10.134.0.1
|
|
- 10.135.0.1
|
|
- 10.135.0.2
|
|
conntrackd_udp_dest_ipv6: 10.129.0.245
|
|
conntrackd_udp_listen_ipv6: 10.129.0.246
|
|
conntrackd_udp_iface: vlan129
|
|
roles:
|
|
- conntrackd
|
|
|
|
- hosts:
|
|
- infra-1.router.auro.re
|
|
- infra-2.router.auro.re
|
|
roles:
|
|
- nftables_infra
|
|
...
|