crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Deploy arpproxy service 

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
linter
Yohann D'ANELLO 2022-06-28 13:39:34 +02:00
parent f7a2b1174b
commit bac8ffdc72
Signed by: _ynerant
GPG Key ID: 3A75C55819C8CF85
6 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
group_vars/arpproxy.yml 100644
View File

@ -0,0 +1,11 @@
---
glob_service_proxy:
git:
remote: https://gitlab.adm.crans.org/nounous/proxy.git
version: main
name: proxy
install_dir: /var/local/services/proxy
generated: false
cron:
frequency: "* * * * *"
options: "--alter"

12
host_vars/boeing.adm.crans.org.yml
View File

@ -16,3 +16,15 @@ loc_wireguard:
endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ipv4 | first }}:51820" endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ipv4 | first }}:51820"
post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18" post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18"
post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18" post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18"
loc_service_proxy:
config:
ldap:
server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
protocol: "proxy"
filter: "adm.crans.org"
proxy:
default: "ens18"
viarezo: "sputnik"
aurore: "sputnik"
ovh: "sputnik"

10
host_vars/routeur-ft.adm.crans.org.yml
View File

@ -2,3 +2,13 @@
interfaces: interfaces:
adm: ens18 adm: ens18
auto: ens19 auto: ens19
loc_service_proxy:
config:
ldap:
server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
protocol: "proxy"
filter: "adm.crans.org"
proxy:
default: "wg0"
viarezo: "ens18"

10
host_vars/routeur-thot.adm.crans.org.yml
View File

@ -2,3 +2,13 @@
interfaces: interfaces:
adm: ens18 adm: ens18
auto: ens19 auto: ens19
loc_service_proxy:
config:
ldap:
server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
protocol: "proxy"
filter: "adm.crans.org"
proxy:
default: "wg0"
aurore: "ens18"

5
hosts
View File

@ -3,6 +3,11 @@
[adh_server] [adh_server]
zamok.adm.crans.org zamok.adm.crans.org
[arpproxy]
boeing.adm.crans.org
routeur-ft.adm.crans.org
#routeur-thot.adm.crans.org
[autoconfig] [autoconfig]
hodaur.adm.crans.org hodaur.adm.crans.org

7
plays/arpproxy.yml 100755
View File

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts: arpproxy
vars:
service: "{{ glob_service_proxy | default({}) | combine(loc_service_proxy | default({})) }}"
roles:
- service