From b14fd01ce00b255584e199d7a1138a81740f42ee Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Fri, 28 May 2021 09:52:58 +0200
Subject: [PATCH] migration routage
---
group_vars/bird.yml | 19 +----
group_vars/dhcp.yml | 71 -------------------
group_vars/firewall.yml | 7 --
group_vars/radius.yml | 2 +-
group_vars/radvd.yml | 24 +------
.../bird.yml | 20 ++++++
.../dhcp.yml | 34 ++++-----
.../firewall.yml | 10 +--
.../prefix_delegation.yml | 2 +-
.../radvd.yml | 12 ++--
host_vars/routeur-sam.adm.crans.org.yml | 28 --------
host_vars/routeur-sam.adm.crans.org/dhcp.yml | 27 +++++++
.../routeur-sam.adm.crans.org/firewall.yml | 9 +++
host_vars/routeur-sam.adm.crans.org/radvd.yml | 7 ++
host_vars/routeur-sam.adm.crans.org/vars.yml | 6 ++
hosts | 8 +--
plays/firewall.yml | 2 +-
17 files changed, 97 insertions(+), 191 deletions(-)
create mode 100644 host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
delete mode 100644 host_vars/routeur-sam.adm.crans.org.yml
create mode 100644 host_vars/routeur-sam.adm.crans.org/dhcp.yml
create mode 100644 host_vars/routeur-sam.adm.crans.org/firewall.yml
create mode 100644 host_vars/routeur-sam.adm.crans.org/radvd.yml
create mode 100644 host_vars/routeur-sam.adm.crans.org/vars.yml
diff --git a/group_vars/bird.yml b/group_vars/bird.yml
index 439692f7..640499de 100644
--- a/group_vars/bird.yml
+++ b/group_vars/bird.yml
@@ -1,19 +1,2 @@
---
-glob_bird:
- bgp:
- as: 204515
- remote_as: 8218
- ipv4:
- router_id: 158.255.113.73
- bind_address: 158.255.113.73
- network:
- - 185.230.76.0/22
- neighbor: 158.255.113.72
- ipv6:
- router_id: 185.230.79.62
- bind_address: 2001:1b48:2:103::bb:2
- network:
- - 2a0c:700::/36
- - 2a0c:700:3000::/36
- neighbor: 2001:1b48:2:103::bb:1
-
+glob_bird: {}
diff --git a/group_vars/dhcp.yml b/group_vars/dhcp.yml
index a05f810a..0583a5a1 100644
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@@ -1,73 +1,10 @@
---
glob_dhcp:
- authoritative: True
global_options:
- { key: "interface-mtu", value: "1500" }
global_parameters: []
- subnets:
- - network: "185.230.78.0/24"
- deny_unknown: True
- vlan: "adh"
- default_lease_time: "600"
- max_lease_time: "7200"
- routers: "185.230.78.99"
- dns: ["185.230.78.99"]
- domain_name: "adh.crans.org"
- domain_search: "adh.crans.org"
- options: []
- lease_file: "/var/local/services/dhcp/generated/dhcp.adh.crans.org.list"
- - network: "100.64.0.0/16"
- deny_unknown: True
- vlan: "adh_nat"
- default_lease_time: "600"
- max_lease_time: "7200"
- routers: "100.64.0.99"
- dns: ["100.64.0.99"]
- domain_name: "adh-nat.crans.org"
- domain_search: "adh-nat.crans.org"
- options: []
- lease_file: "/var/local/services/dhcp/generated/dhcp.adh-nat.crans.org.list"
- - network: "172.16.32.0/22"
- deny_unknown: True
- vlan: "infra"
- default_lease_time: "600"
- max_lease_time: "7200"
- dns: ["172.16.32.99"]
- domain_name: "infra.crans.org"
- domain_search: "infra.crans.org"
- options: []
- lease_file: "/var/local/services/dhcp/generated/dhcp.infra.crans.org.list"
- - network: "172.16.14.0/24"
- vlan: "accueil"
- default_lease_time: "600"
- max_lease_time: "7200"
- dns: ["172.16.14.99"]
- domain_name: "accueil.crans.org"
- domain_search: "accueil.crans.org"
- ranges:
- - min: 172.16.14.1
- max: 172.16.14.98
- - min: 172.16.14.100
- max: 172.16.14.254
- options: []
- - network: 100.65.0.0/16
- vlan: "federez"
- default_lease_time: "600"
- max_lease_time: "7200"
- routers: "100.65.0.99"
- dns: ["100.65.0.99"]
- domain_name: "federez.net"
- domain_search: "federez.net"
- ranges:
- - min: 100.65.1.0
- max: 100.65.255.254
- options: []
glob_service_dhcp:
- re2o:
- hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
- user: services
- password: "{{ vault.re2o_service_password }}"
name: dhcp
install_dir: /var/local/services/dhcp
generated: yes
@@ -75,11 +12,3 @@ glob_service_dhcp:
options: -q
dependencies:
- python3-jinja2
- git:
- remote: https://gitlab.adm.crans.org/nounous/dhcp.git
- version: master
- config:
- extensions:
- - adh.crans.org
- - adh-nat.crans.org
- - infra.crans.org
diff --git a/group_vars/firewall.yml b/group_vars/firewall.yml
index 483ade3a..e0d69129 100644
--- a/group_vars/firewall.yml
+++ b/group_vars/firewall.yml
@@ -1,8 +1,4 @@
glob_service_firewall:
- re2o:
- hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
- user: services
- password: "{{ vault.re2o_service_password }}"
name: firewall
install_dir: /var/local/services/firewall
frequency: "*/2 * * * *"
@@ -11,6 +7,3 @@ glob_service_firewall:
- python3-iso8601
- python3-jinja2
- python3-ldap
- git:
- remote: https://gitlab.adm.crans.org/nounous/firewall.git
- version: cachan
diff --git a/group_vars/radius.yml b/group_vars/radius.yml
index b77f214b..b68111f2 100644
--- a/group_vars/radius.yml
+++ b/group_vars/radius.yml
@@ -5,7 +5,7 @@ glob_freeradius:
infra_switch: "172.16.33.0/24"
infra_bornes: "172.16.34.0/24"
secret_switch: "{{ vault.radius_secret.switch }}"
- secret_bornes: "ploptotobornes" # "{{ vault.radius_secret.bornes }}"
+ secret_bornes: "{{ vault.radius_secret.bornes }}"
delegations:
- name: parangon
ipv4: 185.230.78.47
diff --git a/group_vars/radvd.yml b/group_vars/radvd.yml
index e89ae22e..7714cbac 100644
--- a/group_vars/radvd.yml
+++ b/group_vars/radvd.yml
@@ -1,23 +1 @@
-glob_radvd:
- subnets:
- - name: infra
- prefix: fd00:0:0:11::/64
- no_gateway: yes
- dnssl: infra.crans.org
- dns:
- - fd00::11:0:ff:fe00:9911
- - name: adh
- prefix: 2a0c:700:12::/64
- dnssl: adh.crans.org
- dns:
- - 2a0c:700:12::ff:fe00:9912
- - name: adh_nat
- prefix: 2a0c:700:13::/64
- dnssl: adh-nat.crans.org
- dns:
- - 2a0c:700:13::ff:fe00:9913
- - name: federez
- prefix: 2a0c:700:254::/64
- dnssl: federez.net
- dns:
- - 2a0c:700:254::ff:fe00:99fe
+glob_radvd: {}
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
new file mode 100644
index 00000000..ad65b913
--- /dev/null
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
@@ -0,0 +1,20 @@
+---
+loc_bird:
+ bgp:
+ as: 204515
+ remote_as: 8218
+ ipv4:
+ router_id: 158.255.113.73
+ bind_address: 158.255.113.73
+ network:
+ - 185.230.76.0/24
+ - 185.230.78.0/23
+ neighbor: 158.255.113.72
+ ipv6:
+ router_id: 185.230.79.62
+ bind_address: 2001:1b48:2:103::bb:2
+ network:
+ - 2a0c:700::/36
+ - 2a0c:700:3000::/36
+ neighbor: 2001:1b48:2:103::bb:1
+
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
index 4f0072bf..bd58f52a 100644
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
@@ -1,13 +1,10 @@
---
loc_dhcp:
authoritative: True
- global_options:
- - { key: "interface-mtu", value: "1500" }
- global_parameters: []
subnets:
- network: "185.230.76.0/26"
deny_unknown: True
- vlan: "cachan-adh"
+ vlan: "cachan_adh"
default_lease_time: "600"
max_lease_time: "7200"
routers: "185.230.76.62"
@@ -27,16 +24,16 @@ loc_dhcp:
domain_search: "adh-nat.crans.org"
options: []
lease_file: "/var/local/services/dhcp/generated/dhcp.adh-nat.crans.org.list"
-# - network: "172.16.32.0/22"
-# deny_unknown: True
-# vlan: "infra"
-# default_lease_time: "600"
-# max_lease_time: "7200"
-# dns: ["172.16.32.99"]
-# domain_name: "infra.crans.org"
-# domain_search: "infra.crans.org"
-# options: []
-# lease_file: "/var/local/services/dhcp/generated/dhcp.infra.crans.org.list"
+ - network: "172.16.32.0/22"
+ deny_unknown: True
+ vlan: "infra"
+ default_lease_time: "600"
+ max_lease_time: "7200"
+ dns: ["172.16.32.99"]
+ domain_name: "infra.crans.org"
+ domain_search: "infra.crans.org"
+ options: []
+ lease_file: "/var/local/services/dhcp/generated/dhcp.infra.crans.org.list"
- network: 100.65.0.0/16
vlan: "federez"
default_lease_time: "600"
@@ -52,16 +49,9 @@ loc_dhcp:
loc_service_dhcp:
re2o:
- hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
+ hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
- name: dhcp
- install_dir: /var/local/services/dhcp
- generated: yes
- frequency: "*/2 * * * *"
- options: -q
- dependencies:
- - python3-jinja2
git:
remote: https://gitlab.adm.crans.org/nounous/dhcp.git
version: cachan
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml
index f575e3cd..71e8b808 100644
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml
@@ -1,17 +1,9 @@
---
loc_service_firewall:
re2o:
- hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
+ hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
- name: firewall
- install_dir: /var/local/services/firewall
- frequency: "*/2 * * * *"
- options: -q
- dependencies:
- - python3-iso8601
- - python3-jinja2
- - python3-ldap
git:
remote: https://gitlab.adm.crans.org/nounous/firewall.git
version: gulp
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/prefix_delegation.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/prefix_delegation.yml
index 8ca165e7..6397cbad 100644
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/prefix_delegation.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/prefix_delegation.yml
@@ -2,7 +2,7 @@
loc_service_prefix_delegation:
re2o:
- hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
+ hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
name: prefix_delegation
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
index 504daa5b..8074ed07 100644
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
@@ -16,9 +16,9 @@ loc_radvd:
dnssl: federez.net
dns:
- 2a0c:700:254::ff:fe00:99fe
-# - name: infra
-# prefix: fd00:0:0:11::/64
-# no_gateway: yes
-# dnssl: infra.crans.org
-# dns:
-# - fd00::11:0:ff:fe00:9911
+ - name: infra
+ prefix: fd00:0:0:11::/64
+ no_gateway: yes
+ dnssl: infra.crans.org
+ dns:
+ - fd00::11:0:ff:fe00:9911
diff --git a/host_vars/routeur-sam.adm.crans.org.yml b/host_vars/routeur-sam.adm.crans.org.yml
deleted file mode 100644
index e794940d..00000000
--- a/host_vars/routeur-sam.adm.crans.org.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-interfaces:
- srv: ens19
- srv_nat: ens20
- adm: ens18
- infra: ens21
- adh: ens22
- adh_nat: ens23
- zayo: enp1s3
- federez: enp1s4
- accueil: ens1
-
-firewall:
- version: HEAD
-
-loc_keepalived:
- instances:
- - name: all
- tag: VI_ALL
- state: MASTER
- priority: 150
-
-loc_re2o:
- owner: freerad
- group: _nounou
- version: master_freeradius_python3
- settings_local_owner: freerad
- settings_local_group: _nounou
diff --git a/host_vars/routeur-sam.adm.crans.org/dhcp.yml b/host_vars/routeur-sam.adm.crans.org/dhcp.yml
new file mode 100644
index 00000000..6c59aa7f
--- /dev/null
+++ b/host_vars/routeur-sam.adm.crans.org/dhcp.yml
@@ -0,0 +1,27 @@
+---
+loc_dhcp:
+ authoritative: True
+ subnets:
+ - network: "185.230.78.0/24"
+ deny_unknown: True
+ vlan: "adh"
+ default_lease_time: "600"
+ max_lease_time: "7200"
+ routers: "185.230.78.99"
+ dns: ["185.230.78.99"]
+ domain_name: "adh.crans.org"
+ domain_search: "adh.crans.org"
+ options: []
+ lease_file: "/var/local/services/dhcp/generated/dhcp.adh.crans.org.list"
+
+loc_service_dhcp:
+ re2o:
+ hostname: "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
+ user: services
+ password: "{{ vault.re2o_service_password }}"
+ git:
+ remote: https://gitlab.adm.crans.org/nounous/dhcp.git
+ version: master
+ config:
+ extensions:
+ - adh.crans.org
diff --git a/host_vars/routeur-sam.adm.crans.org/firewall.yml b/host_vars/routeur-sam.adm.crans.org/firewall.yml
new file mode 100644
index 00000000..700d0185
--- /dev/null
+++ b/host_vars/routeur-sam.adm.crans.org/firewall.yml
@@ -0,0 +1,9 @@
+---
+loc_service_firewall:
+ re2o:
+ hostname: "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
+ user: services
+ password: "{{ vault.re2o_service_password }}"
+ git:
+ remote: https://gitlab.adm.crans.org/nounous/firewall.git
+ version: cachan
diff --git a/host_vars/routeur-sam.adm.crans.org/radvd.yml b/host_vars/routeur-sam.adm.crans.org/radvd.yml
new file mode 100644
index 00000000..32fb8db2
--- /dev/null
+++ b/host_vars/routeur-sam.adm.crans.org/radvd.yml
@@ -0,0 +1,7 @@
+loc_radvd:
+ subnets:
+ - name: adh
+ prefix: 2a0c:700:12::/64
+ dnssl: adh.crans.org
+ dns:
+ - 2a0c:700:12::ff:fe00:9912
diff --git a/host_vars/routeur-sam.adm.crans.org/vars.yml b/host_vars/routeur-sam.adm.crans.org/vars.yml
new file mode 100644
index 00000000..f6aa0c23
--- /dev/null
+++ b/host_vars/routeur-sam.adm.crans.org/vars.yml
@@ -0,0 +1,6 @@
+---
+interfaces:
+ adm: ens18
+ srv: ens19
+ srv_nat: ens20
+ adh: ens22
diff --git a/hosts b/hosts
index 08780870..18319026 100644
--- a/hosts
+++ b/hosts
@@ -27,8 +27,8 @@ virtu
[belenios]
belenios.adm.crans.org
-[bird:children]
-routeurs_vm
+[bird]
+routeur-gulp.cachan-adm.crans.org
[certbot]
sputnik.adm.crans.org
@@ -141,8 +141,8 @@ ovh_physical
[prefix_delegation]
routeur-gulp.cachan-adm.crans.org
-[radius:children]
-routeurs_vm
+[radius]
+routeur-gulp.cachan-adm.crans.org
[radvd:children]
routeurs_vm
diff --git a/plays/firewall.yml b/plays/firewall.yml
index f88b2bd8..85c94543 100755
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@@ -1,6 +1,6 @@
#!/usr/bin/env ansible-playbook
---
-- hosts: routeurs_vms !routeur-gulp.cachan-adm.crans.org
+- hosts: routeurs_vm !routeur-gulp.cachan-adm.crans.org
roles:
- logall
--
GitLab