Merge branch 'arp-proxy' into 'newinfra'

[arp-proxy] Deploy ARP proxy on routeur-sam See merge request nounous/ansible!55
2020-08-18 16:01:33 +02:00 · 2020-08-18 16:01:33 +02:00 · 96f88ac8e0
parent 6ad08d9930 7d68f56e91
commit 96f88ac8e0
7 changed files with 37 additions and 7 deletions
--- a/host_vars/re2o-newinfra.adm.crans.org.yml
+++ b/host_vars/re2o-newinfra.adm.crans.org.yml
@ -1,7 +1,7 @@
 ---
 interfaces:
  adm: eth0
-  srv-nat: eth1
+  srv_nat: eth1


 loc_re2o:
--- a/host_vars/routeur-daniel.adm.crans.org.yml
+++ b/host_vars/routeur-daniel.adm.crans.org.yml
@ -2,10 +2,10 @@
 interfaces:
  adm: ens18
  srv: ens19
-  srv-nat: ens20
+  srv_nat: ens20
  infra: ens21
  adh: ens22
-  adh-nat: ens23
+  adh_nat: ens23


 loc_keepalived:
--- a/host_vars/routeur-sam.adm.crans.org.yml
+++ b/host_vars/routeur-sam.adm.crans.org.yml
@ -2,10 +2,11 @@
 interfaces:
  adm: ens18
  srv: ens19
-  srv-nat: ens20
+  srv_nat: ens20
  infra: ens21
  adh: ens22
-  adh-nat: ens23
+  adh_nat: ens23
+  srv_old: ens1


 loc_keepalived:
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@ -1,11 +1,14 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy iproute2 and sysctl config files
+# Deploy sysctl config files
 - hosts: crans_routeurs
  roles:
-    - iproute2
    - sysctl-forwarding

+- hosts: routeur-sam.adm.crans.org
+  roles:
+    - arp-proxy
+
 # Deploy firewall
 - hosts: crans_routeurs
  vars:
--- a/roles/arp-proxy/tasks/main.yml
+++ b/roles/arp-proxy/tasks/main.yml
@ -0,0 +1,11 @@
+---
+- name: Deploy interfaces config
+  template:
+    src: network/interfaces.d/{{ item }}.j2
+    dest: /etc/network/interfaces.d/{{ item }}
+    mode: 0644
+    owner: root
+    group: root
+  loop:
+    - 02-srv
+    - 24-srv-old
--- a/roles/arp-proxy/templates/network/interfaces.d/02-srv.j2
+++ b/roles/arp-proxy/templates/network/interfaces.d/02-srv.j2
@ -0,0 +1,6 @@
+auto {{ interfaces.srv }}
+iface {{ interfaces.srv }} inet manual
+	up /sbin/sysctl -w net.ipv4.conf.{{ interfaces.srv }}.proxy_arp=1
+{% for ip in query('ldap', 'subnet_ipv4', 'srv') %}
+	up /sbin/ip route add {{ ip }}/32 dev {{ interfaces.srv }}
+{% endfor %}
--- a/roles/arp-proxy/templates/network/interfaces.d/24-srv-old.j2
+++ b/roles/arp-proxy/templates/network/interfaces.d/24-srv-old.j2
@ -0,0 +1,9 @@
+auto {{ interfaces.srv_old }}
+iface {{ interfaces.srv_old }} inet static
+	address 185.230.79.2/24
+	gateway 185.230.79.254
+	up /sbin/sysctl -w net.ipv4.conf.{{ interfaces.srv_old }}.proxy_arp=1
+	up /sbin/ip addr add 185.230.79.204/24 dev {{ interfaces.srv_old }}
+	up /sbin/ip addr add 185.230.79.205/24 dev {{ interfaces.srv_old }}
+	up /sbin/ip addr add 185.230.79.206/24 dev {{ interfaces.srv_old }}
+	up /sbin/ip addr add 185.230.79.207/24 dev {{ interfaces.srv_old }}