[oldinfra] cleanup

fc76317a · shirenn · 26269697 · fc76317a · 26269697 · 26269697
Commit fc76317a authored 4 years ago by shirenn 🌊
--- a/re2o.yml
+++ b/re2o.yml
@@ -18,36 +18,16 @@
  roles:
    - re2o-dns

-# Deploy re2o home service on nfs server
- hosts: zbee.adm.crans.org
-  roles:
-    - re2o-home
-
 # Deploy re2o notif-users service on zamok
 - hosts: zamok.adm.crans.org
  roles:
    - re2o-notif-users

-# Deploy re2o dhcp on dhcp servers
- hosts: odlyd.adm.crans.org,dhcp.adm.crans.org
-  roles:
-    - re2o-dhcp
-
 # Deploy re2o firewall on servers
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org,zamok.adm.crans.org,routeur.adm.crans.org
+- hosts: zamok.adm.crans.org
  roles:
    - re2o-firewall

-# Re2o firewall specific configuration for gulp
- hosts: gulp.adm.crans.org
-  roles:
-    - re2o-firewall-gulp
-
-# Re2o firewall specific configuration for odlyd
- hosts: odlyd.adm.crans.org
-  roles:
-    - re2o-firewall-odlyd
-
 # Re2o firewall specific configuration for ipv6-zayo
 - hosts: ipv6-zayo.adm.crans.org
  roles:
@@ -58,11 +38,6 @@
  roles:
    - re2o-firewall-zamok

-# Re2o firewall specific configuration for routeur
- hosts: routeur.adm.crans.org
-  roles:
-    - re2o-firewall-routeur
-
 # Deploy re2o mail-server on MTA and MDA
 - hosts: titanic.adm.crans.org,sputnik.adm.crans.org
  roles:

--- a/roles/re2o-firewall-gulp/tasks/main.yml
+++ b/roles/re2o-firewall-gulp/tasks/main.yml
---
- name: Deploy firewall configuration for gulp
-  template:
-    src: re2o-services/firewall/firewall_config.py.j2
-    dest: /var/local/re2o-services/firewall/firewall_config.py
-    mode: '644'
-    owner: root
-    group: root
--- a/roles/re2o-firewall-gulp/templates/re2o-services/firewall/firewall_config.py.j2
+++ b/roles/re2o-firewall-gulp/templates/re2o-services/firewall/firewall_config.py.j2
-# -*- mode: python; coding: utf-8 -*-
-{{ ansible_header | comment }}
-
-### Give me a role
-
-role = ['routeur4']
-
-
-### Specify each interface role
-
-interfaces_type = {
-    'routable' : ['eno1.1', 'ens1f0.21', 'ens1f0.22', 'ens1f0.23', 'ens1f0.24'],
-    'sortie' : ['ens1f0.26', 'ens1f0.1132'],
-    'admin' : ['eno1.2', 'eno1.3'],
-    '6in4' : [('ens1f0.23', 'ens1f0.26')]
-}
-
-### Specify nat settings: name, interfaces with range, and global range for nat
-### WARNING : "interface_ip_to_nat' MUST contain /24 ranges, and ip_sources MUST
-### contain /16 range
-
-nat = [
-    {
-        'name' : 'Wifi',
-        'interfaces_ip_to_nat' : {
-            'ens1f0.26' : '185.230.76.0/24',
-            'eno1.1' : '138.231.144.0/24',
-            'ens1f0.1132' : '138.231.144.0/24',
-        },
-        'ip_sources' : '10.53.0.0/16'
-    },
-    {
-        'name' : 'Filaire',
-        'interfaces_ip_to_nat' : {
-            'ens1f0.26' : '185.230.77.0/24',
-            'eno1.1' : '138.231.145.0/24',
-            'ens1f0.1132' : '138.231.145.0/24',
-        },
-        'ip_sources' : '10.54.0.0/16'
-    }
-]
--- a/roles/re2o-firewall-ipv6-zayo/tasks/main.yml
+++ b/roles/re2o-firewall-ipv6-zayo/tasks/main.yml
---
- name: Deploy firewall configuration for ipv6-zayo
-  template:
-    src: re2o-services/firewall/firewall_config.py.j2
-    dest: /var/local/re2o-services/firewall/firewall_config.py
-    mode: '644'
-    owner: root
-    group: root
--- a/roles/re2o-firewall-ipv6-zayo/templates/re2o-services/firewall/firewall_config.py.j2
+++ b/roles/re2o-firewall-ipv6-zayo/templates/re2o-services/firewall/firewall_config.py.j2
-# -*- mode: python; coding: utf-8 -*-
-{{ ansible_header | comment }}
-
-### Give me a role
-
-role = ['routeur6']
-
-
-### Specify each interface role
-
-interfaces_type = {
-    'routable' : ['ens18', 'ens20', 'ens21', 'ens1', 'ens2'],
-    'sortie' : ['ens22'],
-    'admin' : ['ens19', 'ens23']
-}
--- a/roles/re2o-firewall-odlyd/tasks/main.yml
+++ b/roles/re2o-firewall-odlyd/tasks/main.yml
---
- name: Deploy firewall configuration for odlyd
-  template:
-    src: re2o-services/firewall/firewall_config.py.j2
-    dest: /var/local/re2o-services/firewall/firewall_config.py
-    mode: '644'
-    owner: root
-    group: root
--- a/roles/re2o-firewall-odlyd/templates/re2o-services/firewall/firewall_config.py.j2
+++ b/roles/re2o-firewall-odlyd/templates/re2o-services/firewall/firewall_config.py.j2
-# -*- mode: python; coding: utf-8 -*-
-{{ ansible_header | comment }}
-
-### Give me a role
-
-role = ['routeur4']
-
-
-### Specify each interface role
-
-interfaces_type = {
-    'routable' : ['eth0.1', 'ens1f0.21', 'ens1f0.22', 'ens1f0.23', 'ens1f0.24'],
-    'sortie' : ['ens1f0.26', 'ens1f0.1132'],
-    'admin' : ['eth0.2', 'eth0.3', 'eth0.9', 'eth0.7', 'eth0.4'],
-    '6in4' : [('ens1f0.23', 'ens1f0.26')]
-}
-
-### Specify nat settings: name, interfaces with range, and global range for nat
-### WARNING : "interface_ip_to_nat' MUST contain /24 ranges, and ip_sources MUST
-### contain /16 range
-
-nat = [
-    {
-        'name' : 'Wifi',
-        'interfaces_ip_to_nat' : {
-            'ens1f0.26' : '185.230.76.0/24',
-            'eth0.1' : '138.231.144.0/24',
-            'ens1f0.1132' : '138.231.144.0/24',
-        },
-        'ip_sources' : '10.53.0.0/16'
-    },
-    {
-        'name' : 'Filaire',
-        'interfaces_ip_to_nat' : {
-            'ens1f0.26' : '185.230.77.0/24',
-            'eth0.1' : '138.231.145.0/24',
-            'ens1f0.1132' : '138.231.145.0/24',
-        },
-        'ip_sources' : '10.54.0.0/16'
-    }
-]
--- a/roles/re2o-firewall-routeur/tasks/main.yml
+++ b/roles/re2o-firewall-routeur/tasks/main.yml
---
- name: Deploy firewall configuration for routeur
-  template:
-    src: re2o-services/firewall/firewall_config.py.j2
-    dest: /var/local/re2o-services/firewall/firewall_config.py
-    mode: '644'
-    owner: root
-    group: root
--- a/roles/re2o-firewall-routeur/templates/re2o-services/firewall/firewall_config.py.j2
+++ b/roles/re2o-firewall-routeur/templates/re2o-services/firewall/firewall_config.py.j2
-# -*- mode: python; coding: utf-8 -*-
-{{ ansible_header | comment }}
-
-### Give me a role
-
-role = ['portail']
-
-
-### Specify each interface role
-
-interfaces_type = {
-    'routable' : ['ens20', 'ens21'],
-    'sortie' : ['ens18'],
-    'admin' : ['ens19']
-}
-
-portail = {
-    'autorized_hosts' : {
-        'tcp' : {
-            '138.231.136.12' : ['22'],
-            '138.231.136.98' : ['20', '21', '80', '111', '1024:65535'],
-            '138.231.136.145' : ['80', '443'],
-            '213.154.225.236' : ['80', '443'],
-            '213.154.225.237' : ['80', '443'],
-            '172.217.18.197' : ['80', '443'], #gmail addresses
-            '108.177.15.83' : ['80', '443'],
-            '108.177.15.18' : ['80', '443'],
-            '108.177.15.17' : ['80', '443'],
-            '108.177.15.19' : ['80', '443'],
-            '172.217.18.205' : ['80', '443'], #accounts google
-            '172.217.18.195' : ['80', '443'],
-            '46.255.53.35' : ['80', '443'],
-            '46.255.53.17' : ['80', '443'],
-            '0.0.0.0/0' : ['143', '220', '993']
-        },
-        'udp' : {
-            '138.231.136.98' : ['69', '1024:65535']
-        }
-    },
-    'ip_redirect' : {
-        '10.51.0.0/16' : {
-            'tcp' : {
-                '138.231.136.145' : ['80', '443']
-            }
-        },
-        '10.52.0.0/16' : {
-            'tcp' : {
-                '138.231.136.145' : ['80', '443']
-            }
-        }
-    }
-}