diff --git a/group_vars/bird.yml b/group_vars/bird.yml
index 439692f733d5668e64bba32f84ef0a5cc8b18b70..640499de501d78eb0b97038d7224ef8969afb331 100644
--- a/group_vars/bird.yml
+++ b/group_vars/bird.yml
@@ -1,19 +1,2 @@
---
-glob_bird:
- bgp:
- as: 204515
- remote_as: 8218
- ipv4:
- router_id: 158.255.113.73
- bind_address: 158.255.113.73
- network:
- - 185.230.76.0/22
- neighbor: 158.255.113.72
- ipv6:
- router_id: 185.230.79.62
- bind_address: 2001:1b48:2:103::bb:2
- network:
- - 2a0c:700::/36
- - 2a0c:700:3000::/36
- neighbor: 2001:1b48:2:103::bb:1
-
+glob_bird: {}
diff --git a/group_vars/dhcp.yml b/group_vars/dhcp.yml
index a05f810a747e8fa73e74d1cac40a51ca87a147d1..0583a5a1adf8c13c8680c6ad5f03c9561b0b2490 100644
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@@ -1,73 +1,10 @@
---
glob_dhcp:
- authoritative: True
global_options:
- { key: "interface-mtu", value: "1500" }
global_parameters: []
- subnets:
- - network: "185.230.78.0/24"
- deny_unknown: True
- vlan: "adh"
- default_lease_time: "600"
- max_lease_time: "7200"
- routers: "185.230.78.99"
- dns: ["185.230.78.99"]
- domain_name: "adh.crans.org"
- domain_search: "adh.crans.org"
- options: []
- lease_file: "/var/local/services/dhcp/generated/dhcp.adh.crans.org.list"
- - network: "100.64.0.0/16"
- deny_unknown: True
- vlan: "adh_nat"
- default_lease_time: "600"
- max_lease_time: "7200"
- routers: "100.64.0.99"
- dns: ["100.64.0.99"]
- domain_name: "adh-nat.crans.org"
- domain_search: "adh-nat.crans.org"
- options: []
- lease_file: "/var/local/services/dhcp/generated/dhcp.adh-nat.crans.org.list"
- - network: "172.16.32.0/22"
- deny_unknown: True
- vlan: "infra"
- default_lease_time: "600"
- max_lease_time: "7200"
- dns: ["172.16.32.99"]
- domain_name: "infra.crans.org"
- domain_search: "infra.crans.org"
- options: []
- lease_file: "/var/local/services/dhcp/generated/dhcp.infra.crans.org.list"
- - network: "172.16.14.0/24"
- vlan: "accueil"
- default_lease_time: "600"
- max_lease_time: "7200"
- dns: ["172.16.14.99"]
- domain_name: "accueil.crans.org"
- domain_search: "accueil.crans.org"
- ranges:
- - min: 172.16.14.1
- max: 172.16.14.98
- - min: 172.16.14.100
- max: 172.16.14.254
- options: []
- - network: 100.65.0.0/16
- vlan: "federez"
- default_lease_time: "600"
- max_lease_time: "7200"
- routers: "100.65.0.99"
- dns: ["100.65.0.99"]
- domain_name: "federez.net"
- domain_search: "federez.net"
- ranges:
- - min: 100.65.1.0
- max: 100.65.255.254
- options: []
glob_service_dhcp:
- re2o:
- hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
- user: services
- password: "{{ vault.re2o_service_password }}"
name: dhcp
install_dir: /var/local/services/dhcp
generated: yes
@@ -75,11 +12,3 @@ glob_service_dhcp:
options: -q
dependencies:
- python3-jinja2
- git:
- remote: https://gitlab.adm.crans.org/nounous/dhcp.git
- version: master
- config:
- extensions:
- - adh.crans.org
- - adh-nat.crans.org
- - infra.crans.org
diff --git a/group_vars/firewall.yml b/group_vars/firewall.yml
index 483ade3aaee162ad53dd1cfea8bd34da1919ea53..e0d691290bb16a6bfa77ffb56df48036f38911a1 100644
--- a/group_vars/firewall.yml
+++ b/group_vars/firewall.yml
@@ -1,8 +1,4 @@
glob_service_firewall:
- re2o:
- hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
- user: services
- password: "{{ vault.re2o_service_password }}"
name: firewall
install_dir: /var/local/services/firewall
frequency: "*/2 * * * *"
@@ -11,6 +7,3 @@ glob_service_firewall:
- python3-iso8601
- python3-jinja2
- python3-ldap
- git:
- remote: https://gitlab.adm.crans.org/nounous/firewall.git
- version: cachan
diff --git a/group_vars/radius.yml b/group_vars/radius.yml
index b77f214b7b6d4d0d1634c297e858c26b04ce1c83..b68111f2ae290a5c45a9e1bac03a3d4bdb83b4b8 100644
--- a/group_vars/radius.yml
+++ b/group_vars/radius.yml
@@ -5,7 +5,7 @@ glob_freeradius:
infra_switch: "172.16.33.0/24"
infra_bornes: "172.16.34.0/24"
secret_switch: "{{ vault.radius_secret.switch }}"
- secret_bornes: "ploptotobornes" # "{{ vault.radius_secret.bornes }}"
+ secret_bornes: "{{ vault.radius_secret.bornes }}"
delegations:
- name: parangon
ipv4: 185.230.78.47
diff --git a/group_vars/radvd.yml b/group_vars/radvd.yml
index e89ae22ed76c321c03165df817eb1d8422996b6d..7714cbacf703ade4eb777026384ac28d579b5821 100644
--- a/group_vars/radvd.yml
+++ b/group_vars/radvd.yml
@@ -1,23 +1 @@
-glob_radvd:
- subnets:
- - name: infra
- prefix: fd00:0:0:11::/64
- no_gateway: yes
- dnssl: infra.crans.org
- dns:
- - fd00::11:0:ff:fe00:9911
- - name: adh
- prefix: 2a0c:700:12::/64
- dnssl: adh.crans.org
- dns:
- - 2a0c:700:12::ff:fe00:9912
- - name: adh_nat
- prefix: 2a0c:700:13::/64
- dnssl: adh-nat.crans.org
- dns:
- - 2a0c:700:13::ff:fe00:9913
- - name: federez
- prefix: 2a0c:700:254::/64
- dnssl: federez.net
- dns:
- - 2a0c:700:254::ff:fe00:99fe
+glob_radvd: {}
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ad65b91343c926e7a3a6857f730c18c15809c22e
--- /dev/null
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
@@ -0,0 +1,20 @@
+---
+loc_bird:
+ bgp:
+ as: 204515
+ remote_as: 8218
+ ipv4:
+ router_id: 158.255.113.73
+ bind_address: 158.255.113.73
+ network:
+ - 185.230.76.0/24
+ - 185.230.78.0/23
+ neighbor: 158.255.113.72
+ ipv6:
+ router_id: 185.230.79.62
+ bind_address: 2001:1b48:2:103::bb:2
+ network:
+ - 2a0c:700::/36
+ - 2a0c:700:3000::/36
+ neighbor: 2001:1b48:2:103::bb:1
+
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
index 4f0072bfb10a56469a1f165b180c09165562a979..bd58f52ae0a4ae2463148f534546cd11970c9fbd 100644
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
@@ -1,13 +1,10 @@
---
loc_dhcp:
authoritative: True
- global_options:
- - { key: "interface-mtu", value: "1500" }
- global_parameters: []
subnets:
- network: "185.230.76.0/26"
deny_unknown: True
- vlan: "cachan-adh"
+ vlan: "cachan_adh"
default_lease_time: "600"
max_lease_time: "7200"
routers: "185.230.76.62"
@@ -27,16 +24,16 @@ loc_dhcp:
domain_search: "adh-nat.crans.org"
options: []
lease_file: "/var/local/services/dhcp/generated/dhcp.adh-nat.crans.org.list"
-# - network: "172.16.32.0/22"
-# deny_unknown: True
-# vlan: "infra"
-# default_lease_time: "600"
-# max_lease_time: "7200"
-# dns: ["172.16.32.99"]
-# domain_name: "infra.crans.org"
-# domain_search: "infra.crans.org"
-# options: []
-# lease_file: "/var/local/services/dhcp/generated/dhcp.infra.crans.org.list"
+ - network: "172.16.32.0/22"
+ deny_unknown: True
+ vlan: "infra"
+ default_lease_time: "600"
+ max_lease_time: "7200"
+ dns: ["172.16.32.99"]
+ domain_name: "infra.crans.org"
+ domain_search: "infra.crans.org"
+ options: []
+ lease_file: "/var/local/services/dhcp/generated/dhcp.infra.crans.org.list"
- network: 100.65.0.0/16
vlan: "federez"
default_lease_time: "600"
@@ -52,16 +49,9 @@ loc_dhcp:
loc_service_dhcp:
re2o:
- hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
+ hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
- name: dhcp
- install_dir: /var/local/services/dhcp
- generated: yes
- frequency: "*/2 * * * *"
- options: -q
- dependencies:
- - python3-jinja2
git:
remote: https://gitlab.adm.crans.org/nounous/dhcp.git
version: cachan
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml
index f575e3cde38ab89c38ede711a321844d29001a30..71e8b80865564ee125cef0c78aa8471f171ed318 100644
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml
@@ -1,17 +1,9 @@
---
loc_service_firewall:
re2o:
- hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
+ hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
- name: firewall
- install_dir: /var/local/services/firewall
- frequency: "*/2 * * * *"
- options: -q
- dependencies:
- - python3-iso8601
- - python3-jinja2
- - python3-ldap
git:
remote: https://gitlab.adm.crans.org/nounous/firewall.git
version: gulp
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/prefix_delegation.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/prefix_delegation.yml
index 8ca165e7573584145d1004dbf6bccdaf2b2f5379..6397cbad094a3ad9e3f2d5ffaf455b605f179c85 100644
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/prefix_delegation.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/prefix_delegation.yml
@@ -2,7 +2,7 @@
loc_service_prefix_delegation:
re2o:
- hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
+ hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
name: prefix_delegation
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
index 504daa5b798947aa800a936c3eb2df426cdbdcbc..8074ed0714592aef4413e717997e18f0efa37356 100644
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
@@ -16,9 +16,9 @@ loc_radvd:
dnssl: federez.net
dns:
- 2a0c:700:254::ff:fe00:99fe
-# - name: infra
-# prefix: fd00:0:0:11::/64
-# no_gateway: yes
-# dnssl: infra.crans.org
-# dns:
-# - fd00::11:0:ff:fe00:9911
+ - name: infra
+ prefix: fd00:0:0:11::/64
+ no_gateway: yes
+ dnssl: infra.crans.org
+ dns:
+ - fd00::11:0:ff:fe00:9911
diff --git a/host_vars/routeur-sam.adm.crans.org.yml b/host_vars/routeur-sam.adm.crans.org.yml
deleted file mode 100644
index e794940d334b30207c7c8268c4a1c08cff93d885..0000000000000000000000000000000000000000
--- a/host_vars/routeur-sam.adm.crans.org.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-interfaces:
- srv: ens19
- srv_nat: ens20
- adm: ens18
- infra: ens21
- adh: ens22
- adh_nat: ens23
- zayo: enp1s3
- federez: enp1s4
- accueil: ens1
-
-firewall:
- version: HEAD
-
-loc_keepalived:
- instances:
- - name: all
- tag: VI_ALL
- state: MASTER
- priority: 150
-
-loc_re2o:
- owner: freerad
- group: _nounou
- version: master_freeradius_python3
- settings_local_owner: freerad
- settings_local_group: _nounou
diff --git a/host_vars/routeur-sam.adm.crans.org/dhcp.yml b/host_vars/routeur-sam.adm.crans.org/dhcp.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6c59aa7f8b8510eb79630ff596c00dd3575defd6
--- /dev/null
+++ b/host_vars/routeur-sam.adm.crans.org/dhcp.yml
@@ -0,0 +1,27 @@
+---
+loc_dhcp:
+ authoritative: True
+ subnets:
+ - network: "185.230.78.0/24"
+ deny_unknown: True
+ vlan: "adh"
+ default_lease_time: "600"
+ max_lease_time: "7200"
+ routers: "185.230.78.99"
+ dns: ["185.230.78.99"]
+ domain_name: "adh.crans.org"
+ domain_search: "adh.crans.org"
+ options: []
+ lease_file: "/var/local/services/dhcp/generated/dhcp.adh.crans.org.list"
+
+loc_service_dhcp:
+ re2o:
+ hostname: "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
+ user: services
+ password: "{{ vault.re2o_service_password }}"
+ git:
+ remote: https://gitlab.adm.crans.org/nounous/dhcp.git
+ version: master
+ config:
+ extensions:
+ - adh.crans.org
diff --git a/host_vars/routeur-sam.adm.crans.org/firewall.yml b/host_vars/routeur-sam.adm.crans.org/firewall.yml
new file mode 100644
index 0000000000000000000000000000000000000000..700d0185c85126c8539f4d50519795edad50b180
--- /dev/null
+++ b/host_vars/routeur-sam.adm.crans.org/firewall.yml
@@ -0,0 +1,9 @@
+---
+loc_service_firewall:
+ re2o:
+ hostname: "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
+ user: services
+ password: "{{ vault.re2o_service_password }}"
+ git:
+ remote: https://gitlab.adm.crans.org/nounous/firewall.git
+ version: cachan
diff --git a/host_vars/routeur-sam.adm.crans.org/radvd.yml b/host_vars/routeur-sam.adm.crans.org/radvd.yml
new file mode 100644
index 0000000000000000000000000000000000000000..32fb8db2fbd1c20d30854279e9602856b9455ee3
--- /dev/null
+++ b/host_vars/routeur-sam.adm.crans.org/radvd.yml
@@ -0,0 +1,7 @@
+loc_radvd:
+ subnets:
+ - name: adh
+ prefix: 2a0c:700:12::/64
+ dnssl: adh.crans.org
+ dns:
+ - 2a0c:700:12::ff:fe00:9912
diff --git a/host_vars/routeur-sam.adm.crans.org/vars.yml b/host_vars/routeur-sam.adm.crans.org/vars.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f6aa0c2309c7f0e32f3e9cdd4fbee9ebdddfcc4e
--- /dev/null
+++ b/host_vars/routeur-sam.adm.crans.org/vars.yml
@@ -0,0 +1,6 @@
+---
+interfaces:
+ adm: ens18
+ srv: ens19
+ srv_nat: ens20
+ adh: ens22
diff --git a/hosts b/hosts
index 08780870702fb47dd7befabfceacf046443955c2..1831902679a960415004cfff157ca0926ea02ebc 100644
--- a/hosts
+++ b/hosts
@@ -27,8 +27,8 @@ virtu
[belenios]
belenios.adm.crans.org
-[bird:children]
-routeurs_vm
+[bird]
+routeur-gulp.cachan-adm.crans.org
[certbot]
sputnik.adm.crans.org
@@ -141,8 +141,8 @@ ovh_physical
[prefix_delegation]
routeur-gulp.cachan-adm.crans.org
-[radius:children]
-routeurs_vm
+[radius]
+routeur-gulp.cachan-adm.crans.org
[radvd:children]
routeurs_vm
diff --git a/plays/firewall.yml b/plays/firewall.yml
index f88b2bd85621af8b8e537d795be8f927ebd405d9..85c94543833f90d0b53f802789b9ce2fcdc79bae 100755
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@@ -1,6 +1,6 @@
#!/usr/bin/env ansible-playbook
---
-- hosts: routeurs_vms !routeur-gulp.cachan-adm.crans.org
+- hosts: routeurs_vm !routeur-gulp.cachan-adm.crans.org
roles:
- logall