certbot_on_virtu
_shirenn 2021-06-18 20:04:30 +02:00 committed by Yohann D'ANELLO
parent f4b4c51f30
commit 37ea941a8d
Signed by: _ynerant
GPG Key ID: 3A75C55819C8CF85
10 changed files with 65 additions and 65 deletions
group_vars
host_vars
routeur-daniel.adm.crans.org
routeur-jack.adm.crans.org
roles
isc-dhcp-server/handlers
keepalived
templates
radvd/handlers

View File

@ -1,37 +1,25 @@
---
glob_keepalived:
mail_source: keepalived@crans.org
mail_destination: root@crans.org
mail_destination: shirenn@crans.org
smtp_server: smtp.adm.crans.org
pool:
all:
VI_ALL:
password: "{{ vault.keepalived.password }}"
id: 60
ipv6: yes
notify: /usr/scripts/notify-dhcp
notify: /var/local/services/keepalived/keepalived.py
zones:
- vlan: zayo
ipv4: 158.255.113.73/31
brd: false
ipv6: 2001:1b48:2:103::bb:2/126
- vlan: srv
ipv4: 185.230.79.62/26
ipv6: 2a0c:700:2::ff:fe00:9902/64
ipv4: 185.230.79.61/26
ipv6: 2a0c:700:2::ff:fe01:9902/64
- vlan: srv_nat
ipv4: 172.16.3.99/24
ipv6: 2a0c:700:3::ff:fe00:9903/64
- vlan: accueil
ipv4: 172.16.14.99/24
- vlan: infra
ipv4: 172.16.32.99/22
ipv6: fd00::11:0:ff:fe00:9911/64
ipv4: 172.16.3.199/24
ipv6: 2a0c:700:3::ff:fe01:9903/64
- vlan: adh
ipv4: 185.230.78.99/24
ipv6: 2a0c:700:12::ff:fe00:9912/48
- vlan: adh_nat
ipv4: 100.64.0.99/16
ipv6: 2a0c:700:13::ff:fe00:9913/48
- vlan: federez
ipv4: 100.65.0.99/16
ipv6: 2a0c:700:254::ff:fe00:99fe/64
ipv4: 185.230.78.199/24
ipv6: 2a0c:700:12::ff:fe01:9912/48
glob_service_keepalived:
name: keepalived
install_dir: /var/local/services/keepalived

View File

@ -0,0 +1,16 @@
---
loc_keepalived:
instances:
- name: VI_ALL
state: MASTER
priority: 150
loc_service_keepalived:
git:
remote: https://gitlab.adm.crans.org/nounous/keepalived.git
version: master
config:
services:
VI_ALL:
- isc-dhcp-server
- radvd

View File

@ -0,0 +1,16 @@
---
loc_keepalived:
instances:
- name: VI_ALL
state: BACKUP
priority: 100
loc_service_keepalived:
git:
remote: https://gitlab.adm.crans.org/nounous/keepalived.git
version: master
config:
services:
VI_ALL:
- isc-dhcp-server
- radvd

8
plays/keepalived.yml 100644 → 100755
View File

@ -2,6 +2,12 @@
---
- hosts: keepalived
vars:
keepalived: "{{ glob_keepalived | combine(loc_keepalived) }}"
keepalived: "{{ glob_keepalived | default({}) | combine(loc_keepalived | default({})) }}"
roles:
- keepalived
- hosts: keepalived
vars:
service: "{{ glob_service_keepalived | default({}) | combine(loc_service_keepalived | default({})) }}"
roles:
- service

View File

@ -6,3 +6,4 @@
- import_playbook: firewall.yml
- import_playbook: dns-recursive.yml
- import_playbook: prefix-delegation.yml
- import_playbook: keepalived.yml

View File

@ -7,6 +7,5 @@
systemd:
name: isc-dhcp-server
state: restarted
enabled: true
listen: 'restart isc-dhcp-server'
when: not ansible_check_mode and ansible_facts.services['isc-dhcp-server']['state'] == 'running'

View File

@ -14,15 +14,8 @@
mode: 0644
notify: Reload keepalived.service
- name: Create scripts directory
file:
path: /usr/scripts
state: directory
- name: Deploy keepalived dhcp scripts
template:
src: bin/notify-dhcp
dest: /usr/scripts/notify-dhcp
mode: 0744
when: not ansible_check_mode
notify: Reload keepalived.service
- name: Start and enable keepalived
service:
name: keepalived
state: started
enabled: yes

View File

@ -1,24 +0,0 @@
#!/bin/bash
TYPE=$1
NAME=$2
STATE=$3
case $STATE in
"MASTER")
logger -s '[DHCP-NOTIFY] Entering state MASTER, starting isc-dhcp-server.service'
systemctl start isc-dhcp-server.service
exit 0;;
"BACKUP")
logger -s '[DHCP-NOTIFY] Entering state BACKUP, stopping isc-dhcp-server.service'
systemctl stop isc-dhcp-server.service
exit 0;;
"FAULT")
logger -s '[DHCP-NOTIFY] Entering state FAULT, stopping isc-dhcp-server.service'
systemctl stop isc-dhcp-server.service
exit 0;;
*)
logger -s '[DHCP-NOTIFY] Entering UNKNOWN state, doing nothing'
exit 1;;
esac

View File

@ -7,7 +7,7 @@ global_defs {
}
{% for instance in keepalived.instances %}
vrrp_instance {{ instance.tag }}4 {
vrrp_instance {{ instance.name }} {
state {{ instance.state }}
priority {{ instance.priority }}
smtp_alert
@ -36,7 +36,7 @@ vrrp_instance {{ instance.tag }}4 {
}
{% if keepalived.pool[instance.name].ipv6 %}
vrrp_instance {{ instance.tag }}6 {
vrrp_instance {{ instance.name }}6 {
state {{ instance.state }}
priority {{ instance.priority }}
smtp_alert

View File

@ -1,5 +1,10 @@
---
- name: check radvd status
service_facts:
listen: Restart radvd service
- name: Restart radvd service
service:
name: radvd
state: restarted
when: not ansible_check_mode and ansible_facts.services['bird']['state'] == 'running'