From 7d68f56e919f5a00160c950368753f201030e979 Mon Sep 17 00:00:00 2001 From: Benjamin Graillot Date: Tue, 18 Aug 2020 16:01:01 +0200 Subject: [PATCH] [arp-proxy] Deploy ARP proxy on routeur-sam --- host_vars/re2o-newinfra.adm.crans.org.yml | 2 +- host_vars/routeur-daniel.adm.crans.org.yml | 4 ++-- host_vars/routeur-sam.adm.crans.org.yml | 5 +++-- plays/firewall.yml | 7 +++++-- roles/arp-proxy/tasks/main.yml | 11 +++++++++++ .../templates/network/interfaces.d/02-srv.j2 | 6 ++++++ .../templates/network/interfaces.d/24-srv-old.j2 | 9 +++++++++ 7 files changed, 37 insertions(+), 7 deletions(-) create mode 100644 roles/arp-proxy/tasks/main.yml create mode 100644 roles/arp-proxy/templates/network/interfaces.d/02-srv.j2 create mode 100644 roles/arp-proxy/templates/network/interfaces.d/24-srv-old.j2 diff --git a/host_vars/re2o-newinfra.adm.crans.org.yml b/host_vars/re2o-newinfra.adm.crans.org.yml index 92db5fa6..19f4c3f6 100644 --- a/host_vars/re2o-newinfra.adm.crans.org.yml +++ b/host_vars/re2o-newinfra.adm.crans.org.yml @@ -1,7 +1,7 @@ --- interfaces: adm: eth0 - srv-nat: eth1 + srv_nat: eth1 loc_re2o: diff --git a/host_vars/routeur-daniel.adm.crans.org.yml b/host_vars/routeur-daniel.adm.crans.org.yml index 555ebd7d..284bf31a 100644 --- a/host_vars/routeur-daniel.adm.crans.org.yml +++ b/host_vars/routeur-daniel.adm.crans.org.yml @@ -2,10 +2,10 @@ interfaces: adm: ens18 srv: ens19 - srv-nat: ens20 + srv_nat: ens20 infra: ens21 adh: ens22 - adh-nat: ens23 + adh_nat: ens23 loc_keepalived: diff --git a/host_vars/routeur-sam.adm.crans.org.yml b/host_vars/routeur-sam.adm.crans.org.yml index bf3d8f77..9c76a958 100644 --- a/host_vars/routeur-sam.adm.crans.org.yml +++ b/host_vars/routeur-sam.adm.crans.org.yml @@ -2,10 +2,11 @@ interfaces: adm: ens18 srv: ens19 - srv-nat: ens20 + srv_nat: ens20 infra: ens21 adh: ens22 - adh-nat: ens23 + adh_nat: ens23 + srv_old: ens1 loc_keepalived: diff --git a/plays/firewall.yml b/plays/firewall.yml index 61065447..720c2f97 100755 --- a/plays/firewall.yml +++ b/plays/firewall.yml @@ -1,11 +1,14 @@ #!/usr/bin/env ansible-playbook --- -# Deploy iproute2 and sysctl config files +# Deploy sysctl config files - hosts: crans_routeurs roles: - - iproute2 - sysctl-forwarding +- hosts: routeur-sam.adm.crans.org + roles: + - arp-proxy + # Deploy firewall - hosts: crans_routeurs vars: diff --git a/roles/arp-proxy/tasks/main.yml b/roles/arp-proxy/tasks/main.yml new file mode 100644 index 00000000..8962be05 --- /dev/null +++ b/roles/arp-proxy/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: Deploy interfaces config + template: + src: network/interfaces.d/{{ item }}.j2 + dest: /etc/network/interfaces.d/{{ item }} + mode: 0644 + owner: root + group: root + loop: + - 02-srv + - 24-srv-old diff --git a/roles/arp-proxy/templates/network/interfaces.d/02-srv.j2 b/roles/arp-proxy/templates/network/interfaces.d/02-srv.j2 new file mode 100644 index 00000000..18428467 --- /dev/null +++ b/roles/arp-proxy/templates/network/interfaces.d/02-srv.j2 @@ -0,0 +1,6 @@ +auto {{ interfaces.srv }} +iface {{ interfaces.srv }} inet manual + up /sbin/sysctl -w net.ipv4.conf.{{ interfaces.srv }}.proxy_arp=1 +{% for ip in query('ldap', 'subnet_ipv4', 'srv') %} + up /sbin/ip route add {{ ip }}/32 dev {{ interfaces.srv }} +{% endfor %} diff --git a/roles/arp-proxy/templates/network/interfaces.d/24-srv-old.j2 b/roles/arp-proxy/templates/network/interfaces.d/24-srv-old.j2 new file mode 100644 index 00000000..902fae42 --- /dev/null +++ b/roles/arp-proxy/templates/network/interfaces.d/24-srv-old.j2 @@ -0,0 +1,9 @@ +auto {{ interfaces.srv_old }} +iface {{ interfaces.srv_old }} inet static + address 185.230.79.2/24 + gateway 185.230.79.254 + up /sbin/sysctl -w net.ipv4.conf.{{ interfaces.srv_old }}.proxy_arp=1 + up /sbin/ip addr add 185.230.79.204/24 dev {{ interfaces.srv_old }} + up /sbin/ip addr add 185.230.79.205/24 dev {{ interfaces.srv_old }} + up /sbin/ip addr add 185.230.79.206/24 dev {{ interfaces.srv_old }} + up /sbin/ip addr add 185.230.79.207/24 dev {{ interfaces.srv_old }}