crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'arp-proxy' into 'newinfra' 

[arp-proxy] Deploy ARP proxy on routeur-sam

See merge request nounous/ansible!55
certbot_on_virtu
_benjamin 2020-08-18 16:01:33 +02:00
parent 6ad08d9930 7d68f56e91
commit 96f88ac8e0
7 changed files with 37 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
host_vars/re2o-newinfra.adm.crans.org.yml
View File

@ -1,7 +1,7 @@
--- ---
interfaces: interfaces:
adm: eth0 adm: eth0
srv-nat: eth1 srv_nat: eth1
loc_re2o: loc_re2o:

4
host_vars/routeur-daniel.adm.crans.org.yml
View File

@ -2,10 +2,10 @@
interfaces: interfaces:
adm: ens18 adm: ens18
srv: ens19 srv: ens19
srv-nat: ens20 srv_nat: ens20
infra: ens21 infra: ens21
adh: ens22 adh: ens22
adh-nat: ens23 adh_nat: ens23
loc_keepalived: loc_keepalived:

5
host_vars/routeur-sam.adm.crans.org.yml
View File

@ -2,10 +2,11 @@
interfaces: interfaces:
adm: ens18 adm: ens18
srv: ens19 srv: ens19
srv-nat: ens20 srv_nat: ens20
infra: ens21 infra: ens21
adh: ens22 adh: ens22
adh-nat: ens23 adh_nat: ens23
srv_old: ens1
loc_keepalived: loc_keepalived:

7
plays/firewall.yml
View File

@ -1,11 +1,14 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
# Deploy iproute2 and sysctl config files # Deploy sysctl config files
- hosts: crans_routeurs - hosts: crans_routeurs
roles: roles:
- iproute2
- sysctl-forwarding - sysctl-forwarding
- hosts: routeur-sam.adm.crans.org
roles:
- arp-proxy
# Deploy firewall # Deploy firewall
- hosts: crans_routeurs - hosts: crans_routeurs
vars: vars:

11
roles/arp-proxy/tasks/main.yml 100644
View File

@ -0,0 +1,11 @@
---
- name: Deploy interfaces config
template:
src: network/interfaces.d/{{ item }}.j2
dest: /etc/network/interfaces.d/{{ item }}
mode: 0644
owner: root
group: root
loop:
- 02-srv
- 24-srv-old

6
roles/arp-proxy/templates/network/interfaces.d/02-srv.j2 100644
View File

@ -0,0 +1,6 @@
auto {{ interfaces.srv }}
iface {{ interfaces.srv }} inet manual
up /sbin/sysctl -w net.ipv4.conf.{{ interfaces.srv }}.proxy_arp=1
{% for ip in query('ldap', 'subnet_ipv4', 'srv') %}
up /sbin/ip route add {{ ip }}/32 dev {{ interfaces.srv }}
{% endfor %}

9
roles/arp-proxy/templates/network/interfaces.d/24-srv-old.j2 100644
View File

@ -0,0 +1,9 @@
auto {{ interfaces.srv_old }}
iface {{ interfaces.srv_old }} inet static
address 185.230.79.2/24
gateway 185.230.79.254
up /sbin/sysctl -w net.ipv4.conf.{{ interfaces.srv_old }}.proxy_arp=1
up /sbin/ip addr add 185.230.79.204/24 dev {{ interfaces.srv_old }}
up /sbin/ip addr add 185.230.79.205/24 dev {{ interfaces.srv_old }}
up /sbin/ip addr add 185.230.79.206/24 dev {{ interfaces.srv_old }}
up /sbin/ip addr add 185.230.79.207/24 dev {{ interfaces.srv_old }}