From fccda8d4862fbbf1072c64ad395db9f7458a997e Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Wed, 19 May 2021 14:33:42 +0200
Subject: [PATCH] [routeurs] playbook to deploy routing
---
group_vars/keepalived.yml | 2 +-
plays/{dns.yml => dns-authoritative.yml} | 5 ---
plays/firewall.yml | 57 +++---------------------
plays/freeradius.yml | 12 ++---
plays/keepalived.yml | 0
plays/routeurs.yml | 7 +++
6 files changed, 20 insertions(+), 63 deletions(-)
rename plays/{dns.yml => dns-authoritative.yml} (89%)
mode change 100755 => 100644 plays/keepalived.yml
create mode 100755 plays/routeurs.yml
diff --git a/group_vars/keepalived.yml b/group_vars/keepalived.yml
index fbdbb47c..47059bf1 100644
--- a/group_vars/keepalived.yml
+++ b/group_vars/keepalived.yml
@@ -6,7 +6,7 @@ glob_keepalived:
smtp_server: smtp.adm.crans.org
pool:
all:
- password: "plopisverysecure"
+ password: "{{ vault.keepalived.password }}"
id: 60
ipv6: yes
notify: /usr/scripts/notify-dhcp
diff --git a/plays/dns.yml b/plays/dns-authoritative.yml
similarity index 89%
rename from plays/dns.yml
rename to plays/dns-authoritative.yml
index c2462159..928a751e 100755
--- a/plays/dns.yml
+++ b/plays/dns-authoritative.yml
@@ -1,10 +1,5 @@
#!/usr/bin/env ansible-playbook
---
-# Deploy recursive DNS cache server
-- hosts: dns_recursive
- roles:
- - bind-recursive
-
# Deploy authoritative DNS server
- hosts: dns_authoritative
vars:
diff --git a/plays/firewall.yml b/plays/firewall.yml
index 4382f9d7..79ba1112 100755
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@@ -1,58 +1,13 @@
#!/usr/bin/env ansible-playbook
---
-# Deploy sysctl config files
-- hosts: crans_routeurs
- vars:
- logs:
- ip: 172.16.10.1
+- hosts: routeurs_vms
roles:
- - sysctl-forwarding
- logall
- - nftables
-
-- hosts: crans_routeurs
- vars:
- subnets:
- - name: infra
- prefix: fd00:0:0:11::/64
- dns:
- - fd00::11:0:ff:fe00:9911
- - name: adh
- prefix: 2a0c:700:12::/64
- dns:
- - 2a0c:700:12::ff:fe00:9912
- - name: adh_nat
- prefix: 2a0c:700:13::/64
- dns:
- - 2a0c:700:13::ff:fe00:9913
- roles:
- - radvd
-# Deploy firewall
-- hosts: crans_routeurs
+- hosts: firewall
vars:
- re2o:
- server: re2o.adm.crans.org
- service_user: "{{ vault.re2o_service_user }}"
- service_password: "{{ vault.re2o_service_password }}"
+ service: "{{ glob_service_firewall | default({}) | combine(loc_service_firewall | default({})) }}"
roles:
- - firewall
-
-# Deploy BGP server configuration on routers
-- hosts: crans_routeurs
- vars:
- bgp:
- as: 204515
- remote_as: 8218
- ipv4:
- router_id: 158.255.113.73
- bind_address: 158.255.113.73
- network: 185.230.76.0/22
- neighbor: 158.255.113.72
- ipv6:
- router_id: 185.230.79.62
- bind_address: 2001:1b48:2:103::bb:2
- network: 2a0c:700::/32
- neighbor: 2001:1b48:2:103::bb:1
- roles:
- - bird
+ - sysctl-forwarding
+ - nftables
+ - service
diff --git a/plays/freeradius.yml b/plays/freeradius.yml
index 404a5392..b52c0085 100755
--- a/plays/freeradius.yml
+++ b/plays/freeradius.yml
@@ -1,11 +1,11 @@
#!/usr/bin/env ansible-playbook
---
# Deploy re2o
-#- hosts: re2o
-# vars:
-# re2o: "{{ glob_re2o | default({}) | combine(loc_re2o | default({})) }}"
-# roles:
-# - re2o
+- hosts: re2o
+ vars:
+ re2o: "{{ glob_re2o | default({}) | combine(loc_re2o | default({})) }}"
+ roles:
+ - re2o
# Deploy radius server
- hosts: radius
@@ -14,5 +14,5 @@
freeradius: '{{ glob_freeradius | default({}) | combine(loc_freeradius | default({})) }}'
mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
roles:
-# - certbot
+ - certbot
- freeradius
diff --git a/plays/keepalived.yml b/plays/keepalived.yml
old mode 100755
new mode 100644
diff --git a/plays/routeurs.yml b/plays/routeurs.yml
new file mode 100755
index 00000000..27e34a23
--- /dev/null
+++ b/plays/routeurs.yml
@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- import_playbook: dhcp.yml
+- import_playbook: bird.yml
+- import_playbook: freeradius.yml
+- import_playbook: firewall.yml
+- import_playbook: dns-recursive.yml
--
GitLab