crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'keep-alived' into 'newinfra' 

[keepalived] Rafraichissement de la conf

See merge request nounous/ansible!192
certbot_on_virtu
pa 2021-01-17 20:13:30 +01:00
parent 223ff3e300 28fa6e0a94
commit 2ce624a666
5 changed files with 51 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
group_vars/keepalived.yml
View File

@ -5,26 +5,33 @@ glob_keepalived:
mail_destination: root@crans.org mail_destination: root@crans.org
smtp_server: smtp.adm.crans.org smtp_server: smtp.adm.crans.org
pool: pool:
dhcp: all:
password: "plopisverysecure" password: "plopisverysecure"
id: 60 id: 60
ipv6: yes ipv6: yes
notify: /usr/scripts/notify-dhcp notify: /usr/scripts/notify-dhcp
zones: zones:
- vlan: zayo
ipv4: 158.255.113.73/31
brd: false
ipv6: 2001:1b48:2:103::bb:2/126
- vlan: srv
ipv4: 185.230.79.62/26
ipv6: 2a0c:700:2::ff:fe00:9902/64
- vlan: srv_nat
ipv4: 172.16.3.99/24
ipv6: 2a0c:700:3::ff:fe00:9903/64
- vlan: accueil
ipv4: 172.16.14.99/24
- vlan: infra
ipv4: 172.16.32.99/22
ipv6: fd00::11:0:ff:fe00:9911/64
- vlan: adh - vlan: adh
ipv4: 185.230.78.99/24 ipv4: 185.230.78.99/24
brd: true
ipv6: 2a0c:700:12::ff:fe00:9912/48 ipv6: 2a0c:700:12::ff:fe00:9912/48
- vlan: adh_nat - vlan: adh_nat
ipv4: 100.64.0.99/16 ipv4: 100.64.0.99/16
brd: true
ipv6: 2a0c:700:13::ff:fe00:9913/48 ipv6: 2a0c:700:13::ff:fe00:9913/48
radius: - vlan: federez
password: 'plopisverysecure' ipv4: 100.65.0.99/16
id: 61 ipv6: 2a0c:700:254::ff:fe00:99fe/64
ipv6: yes
zones:
- vlan: infra
ipv4: 172.16.32.99/22
brd: true
ipv6: fd00::11:0:ff:fe00:9911/64

10
host_vars/routeur-daniel.adm.crans.org.yml
View File

@ -6,17 +6,15 @@ interfaces:
infra: ens21 infra: ens21
adh: ens22 adh: ens22
adh_nat: ens23 adh_nat: ens23
zayo: enp1s3
federez: enp1s4
firewall: firewall:
version: HEAD version: HEAD
loc_keepalived: loc_keepalived:
instances: instances:
- name: dhcp - name: all
tag: VI_DHCP tag: VI_ALL
state: BACKUP
priority: 100
- name: radius
tag: VI_RAD
state: BACKUP state: BACKUP
priority: 100 priority: 100

21
host_vars/routeur-jack.adm.crans.org.yml 100644
View File

@ -0,0 +1,21 @@
---
interfaces:
adm: ens18
srv: ens19
srv_nat: ens20
infra: ens21
adh: ens22
adh_nat: ens23
zayo: enp1s3
federez: enp1s4
accueil: ens1
firewall:
version: HEAD
loc_keepalived:
instances:
- name: all
tag: VI_ALL
state: BACKUP
priority: 50

14
host_vars/routeur-sam.adm.crans.org.yml
View File

@ -1,24 +1,22 @@
--- ---
interfaces: interfaces:
adm: ens18
srv: ens19 srv: ens19
srv_nat: ens20 srv_nat: ens20
adm: ens18
infra: ens21 infra: ens21
adh: ens22 adh: ens22
adh_nat: ens23 adh_nat: ens23
srv_old: ens1 zayo: enp1s3
federez: enp1s4
accueil: ens1
firewall: firewall:
version: HEAD version: HEAD
loc_keepalived: loc_keepalived:
instances: instances:
- name: dhcp - name: all
tag: VI_DHCP tag: VI_ALL
state: MASTER
priority: 150
- name: radius
tag: VI_RAD
state: MASTER state: MASTER
priority: 150 priority: 150

2
roles/keepalived/templates/keepalived/keepalived.conf.j2
View File

@ -26,7 +26,7 @@ vrrp_instance {{ instance.tag }}4 {
virtual_ipaddress { virtual_ipaddress {
{% for zone in keepalived.pool[instance.name].zones %} {% for zone in keepalived.pool[instance.name].zones %}
{% if zone.brd %} {% if zone.brd is undefined or zone.brd %}
{{ zone.ipv4 }} brd {{ zone.ipv4 | ipaddr('broadcast') }} dev {{ interfaces[zone.vlan] }} scope global {{ zone.ipv4 }} brd {{ zone.ipv4 | ipaddr('broadcast') }} dev {{ interfaces[zone.vlan] }} scope global
{% else %} {% else %}
{{ zone.ipv4 }} dev {{ interfaces[zone.vlan] }} scope global {{ zone.ipv4 }} dev {{ interfaces[zone.vlan] }} scope global