crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

migration routage

certbot_on_virtu
_shirenn 2021-05-28 09:52:58 +02:00 committed by Yohann D'ANELLO
parent d7a0a43c70
commit b14fd01ce0
Signed by: _ynerant
GPG Key ID: 3A75C55819C8CF85
17 changed files with 97 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
group_vars/bird.yml
View File

@ -1,19 +1,2 @@
---
glob_bird:
bgp:
as: 204515
remote_as: 8218
ipv4:
router_id: 158.255.113.73
bind_address: 158.255.113.73
network:
- 185.230.76.0/22
neighbor: 158.255.113.72
ipv6:
router_id: 185.230.79.62
bind_address: 2001:1b48:2:103::bb:2
network:
- 2a0c:700::/36
- 2a0c:700:3000::/36
neighbor: 2001:1b48:2:103::bb:1
glob_bird: {}

71
group_vars/dhcp.yml
View File

@ -1,73 +1,10 @@
---
glob_dhcp:
authoritative: True
global_options:
- { key: "interface-mtu", value: "1500" }
global_parameters: []
subnets:
- network: "185.230.78.0/24"
deny_unknown: True
vlan: "adh"
default_lease_time: "600"
max_lease_time: "7200"
routers: "185.230.78.99"
dns: ["185.230.78.99"]
domain_name: "adh.crans.org"
domain_search: "adh.crans.org"
options: []
lease_file: "/var/local/services/dhcp/generated/dhcp.adh.crans.org.list"
- network: "100.64.0.0/16"
deny_unknown: True
vlan: "adh_nat"
default_lease_time: "600"
max_lease_time: "7200"
routers: "100.64.0.99"
dns: ["100.64.0.99"]
domain_name: "adh-nat.crans.org"
domain_search: "adh-nat.crans.org"
options: []
lease_file: "/var/local/services/dhcp/generated/dhcp.adh-nat.crans.org.list"
- network: "172.16.32.0/22"
deny_unknown: True
vlan: "infra"
default_lease_time: "600"
max_lease_time: "7200"
dns: ["172.16.32.99"]
domain_name: "infra.crans.org"
domain_search: "infra.crans.org"
options: []
lease_file: "/var/local/services/dhcp/generated/dhcp.infra.crans.org.list"
- network: "172.16.14.0/24"
vlan: "accueil"
default_lease_time: "600"
max_lease_time: "7200"
dns: ["172.16.14.99"]
domain_name: "accueil.crans.org"
domain_search: "accueil.crans.org"
ranges:
- min: 172.16.14.1
max: 172.16.14.98
- min: 172.16.14.100
max: 172.16.14.254
options: []
- network: 100.65.0.0/16
vlan: "federez"
default_lease_time: "600"
max_lease_time: "7200"
routers: "100.65.0.99"
dns: ["100.65.0.99"]
domain_name: "federez.net"
domain_search: "federez.net"
ranges:
- min: 100.65.1.0
max: 100.65.255.254
options: []
glob_service_dhcp:
re2o:
hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
name: dhcp
install_dir: /var/local/services/dhcp
generated: yes
@ -75,11 +12,3 @@ glob_service_dhcp:
options: -q
dependencies:
- python3-jinja2
git:
remote: https://gitlab.adm.crans.org/nounous/dhcp.git
version: master
config:
extensions:
- adh.crans.org
- adh-nat.crans.org
- infra.crans.org

7
group_vars/firewall.yml
View File

@ -1,8 +1,4 @@
glob_service_firewall:
re2o:
hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
name: firewall
install_dir: /var/local/services/firewall
frequency: "*/2 * * * *"
@ -11,6 +7,3 @@ glob_service_firewall:
- python3-iso8601
- python3-jinja2
- python3-ldap
git:
remote: https://gitlab.adm.crans.org/nounous/firewall.git
version: cachan

2
group_vars/radius.yml
View File

@ -5,7 +5,7 @@ glob_freeradius:
infra_switch: "172.16.33.0/24"
infra_bornes: "172.16.34.0/24"
secret_switch: "{{ vault.radius_secret.switch }}"
secret_bornes: "ploptotobornes" # "{{ vault.radius_secret.bornes }}"
secret_bornes: "{{ vault.radius_secret.bornes }}"
delegations:
- name: parangon
ipv4: 185.230.78.47

24
group_vars/radvd.yml
View File

@ -1,23 +1 @@
glob_radvd:
subnets:
- name: infra
prefix: fd00:0:0:11::/64
no_gateway: yes
dnssl: infra.crans.org
dns:
- fd00::11:0:ff:fe00:9911
- name: adh
prefix: 2a0c:700:12::/64
dnssl: adh.crans.org
dns:
- 2a0c:700:12::ff:fe00:9912
- name: adh_nat
prefix: 2a0c:700:13::/64
dnssl: adh-nat.crans.org
dns:
- 2a0c:700:13::ff:fe00:9913
- name: federez
prefix: 2a0c:700:254::/64
dnssl: federez.net
dns:
- 2a0c:700:254::ff:fe00:99fe
glob_radvd: {}

20
host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml 100644
View File

@ -0,0 +1,20 @@
---
loc_bird:
bgp:
as: 204515
remote_as: 8218
ipv4:
router_id: 158.255.113.73
bind_address: 158.255.113.73
network:
- 185.230.76.0/24
- 185.230.78.0/23
neighbor: 158.255.113.72
ipv6:
router_id: 185.230.79.62
bind_address: 2001:1b48:2:103::bb:2
network:
- 2a0c:700::/36
- 2a0c:700:3000::/36
neighbor: 2001:1b48:2:103::bb:1

34
host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
View File

@ -1,13 +1,10 @@
---
loc_dhcp:
authoritative: True
global_options:
- { key: "interface-mtu", value: "1500" }
global_parameters: []
subnets:
- network: "185.230.76.0/26"
deny_unknown: True
vlan: "cachan-adh"
vlan: "cachan_adh"
default_lease_time: "600"
max_lease_time: "7200"
routers: "185.230.76.62"
@ -27,16 +24,16 @@ loc_dhcp:
domain_search: "adh-nat.crans.org"
options: []
lease_file: "/var/local/services/dhcp/generated/dhcp.adh-nat.crans.org.list"
# - network: "172.16.32.0/22"
# deny_unknown: True
# vlan: "infra"
# default_lease_time: "600"
# max_lease_time: "7200"
# dns: ["172.16.32.99"]
# domain_name: "infra.crans.org"
# domain_search: "infra.crans.org"
# options: []
# lease_file: "/var/local/services/dhcp/generated/dhcp.infra.crans.org.list"
- network: "172.16.32.0/22"
deny_unknown: True
vlan: "infra"
default_lease_time: "600"
max_lease_time: "7200"
dns: ["172.16.32.99"]
domain_name: "infra.crans.org"
domain_search: "infra.crans.org"
options: []
lease_file: "/var/local/services/dhcp/generated/dhcp.infra.crans.org.list"
- network: 100.65.0.0/16
vlan: "federez"
default_lease_time: "600"
@ -52,16 +49,9 @@ loc_dhcp:
loc_service_dhcp:
re2o:
hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
name: dhcp
install_dir: /var/local/services/dhcp
generated: yes
frequency: "*/2 * * * *"
options: -q
dependencies:
- python3-jinja2
git:
remote: https://gitlab.adm.crans.org/nounous/dhcp.git
version: cachan

10
host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml
View File

@ -1,17 +1,9 @@
---
loc_service_firewall:
re2o:
hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
name: firewall
install_dir: /var/local/services/firewall
frequency: "*/2 * * * *"
options: -q
dependencies:
- python3-iso8601
- python3-jinja2
- python3-ldap
git:
remote: https://gitlab.adm.crans.org/nounous/firewall.git
version: gulp

2
host_vars/routeur-gulp.cachan-adm.crans.org/prefix_delegation.yml
View File

@ -2,7 +2,7 @@
loc_service_prefix_delegation:
re2o:
hostname: "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
name: prefix_delegation

12
host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
View File

@ -16,9 +16,9 @@ loc_radvd:
dnssl: federez.net
dns:
- 2a0c:700:254::ff:fe00:99fe
# - name: infra
# prefix: fd00:0:0:11::/64
# no_gateway: yes
# dnssl: infra.crans.org
# dns:
# - fd00::11:0:ff:fe00:9911
- name: infra
prefix: fd00:0:0:11::/64
no_gateway: yes
dnssl: infra.crans.org
dns:
- fd00::11:0:ff:fe00:9911

28
host_vars/routeur-sam.adm.crans.org.yml
View File

@ -1,28 +0,0 @@
---
interfaces:
srv: ens19
srv_nat: ens20
adm: ens18
infra: ens21
adh: ens22
adh_nat: ens23
zayo: enp1s3
federez: enp1s4
accueil: ens1
firewall:
version: HEAD
loc_keepalived:
instances:
- name: all
tag: VI_ALL
state: MASTER
priority: 150
loc_re2o:
owner: freerad
group: _nounou
version: master_freeradius_python3
settings_local_owner: freerad
settings_local_group: _nounou

27
host_vars/routeur-sam.adm.crans.org/dhcp.yml 100644
View File

@ -0,0 +1,27 @@
---
loc_dhcp:
authoritative: True
subnets:
- network: "185.230.78.0/24"
deny_unknown: True
vlan: "adh"
default_lease_time: "600"
max_lease_time: "7200"
routers: "185.230.78.99"
dns: ["185.230.78.99"]
domain_name: "adh.crans.org"
domain_search: "adh.crans.org"
options: []
lease_file: "/var/local/services/dhcp/generated/dhcp.adh.crans.org.list"
loc_service_dhcp:
re2o:
hostname: "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
git:
remote: https://gitlab.adm.crans.org/nounous/dhcp.git
version: master
config:
extensions:
- adh.crans.org

9
host_vars/routeur-sam.adm.crans.org/firewall.yml 100644
View File

@ -0,0 +1,9 @@
---
loc_service_firewall:
re2o:
hostname: "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
git:
remote: https://gitlab.adm.crans.org/nounous/firewall.git
version: cachan

7
host_vars/routeur-sam.adm.crans.org/radvd.yml 100644
View File

@ -0,0 +1,7 @@
loc_radvd:
subnets:
- name: adh
prefix: 2a0c:700:12::/64
dnssl: adh.crans.org
dns:
- 2a0c:700:12::ff:fe00:9912

6
host_vars/routeur-sam.adm.crans.org/vars.yml 100644
View File

@ -0,0 +1,6 @@
---
interfaces:
adm: ens18
srv: ens19
srv_nat: ens20
adh: ens22

8
hosts
View File

@ -27,8 +27,8 @@ virtu
[belenios]
belenios.adm.crans.org
[bird:children]
routeurs_vm
[bird]
routeur-gulp.cachan-adm.crans.org
[certbot]
sputnik.adm.crans.org
@ -141,8 +141,8 @@ ovh_physical
[prefix_delegation]
routeur-gulp.cachan-adm.crans.org
[radius:children]
routeurs_vm
[radius]
routeur-gulp.cachan-adm.crans.org
[radvd:children]
routeurs_vm

2
plays/firewall.yml
View File

@ -1,6 +1,6 @@
#!/usr/bin/env ansible-playbook
---
- hosts: routeurs_vms !routeur-gulp.cachan-adm.crans.org
- hosts: routeurs_vm !routeur-gulp.cachan-adm.crans.org
roles:
- logall