Merge Pollion cherry pick

2020-08-07 12:59:56 +02:00 · 2020-08-07 12:59:56 +02:00 · dc17f75f90
parent 7d8131555f
commit dc17f75f90
6 changed files with 68 additions and 121 deletions
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@ -3,80 +3,26 @@
 dhcp:
  authoritative: True
  global_options:
-    - { key: "interface-mtu", value: "1496" }
+    - { key: "interface-mtu", value: "1500" }
  global_parameters: []
  subnets:
-    - network: "10.51.0.0/16"
+    - network: "100.64.0.0/16"
-      deny_unknown: False
+      deny_unknown: True
-      vlan: "accueil"
+      vlan: "adh-nat"
      default_lease_time: "600"
      max_lease_time: "7200"
-      routers: "10.51.0.10"
+      routers: "100.64.0.99"
-      dns: ["10.51.0.152", "10.51.0.4"]
+      dns: ["100.64.0.101", "100.64.0.102"]
-      domain_name: "accueil.crans.org"
+      domain_name: "adh-nat.crans.org"
-      domain_search: "accueil.crans.org"
+      domain_search: "adh-nat.crans.org"
-      options:
+      options: []
-        - { key: "time-servers", value: "10.51.0.10" }
+      lease_file: "/tmp/dhcp.list"
        - { key: "ntp-servers", value: "10.51.0.10" }
        - { key: "ip-forwarding", value: "off" }
      range: ["10.51.1.0", "10.51.255.255"]
-    - network: "10.231.148.0/24"
+re2o:
-      deny_unknown: False
+  server: re2o.adm.crans.org
-      vlan: "bornes"
+  service_user: "ploptotoisverysecure"
-      default_lease_time: "8600"
+  service_password: "ploptotoisverysecure"
-      routers: "10.231.148.254"
+  dhcp:
-      dns: ["10.231.148.152", "10.231.148.4"]
+    uri: "/tmp/re2o-dhcp.git"
      domain_name: "borne.crans.org"
      domain_search: "borne.crans.org"
      options:
        - { key: "time-servers", value: "10.231.148.98" }
        - { key: "ntp-servers", value: "10.231.148.98" }
        - { key: "ip-forwarding", value: "off" }
      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.borne.crans.org.list"
-    - network: "185.230.78.0/24"
+mail_server: smtp.new-infra.adm.crans.org
      deny_unknown: True
      vlan: "fil_pub"
      default_lease_time: "86400"
      routers: "185.230.78.254"
      dns: ["185.230.78.152", "185.230.78.4"]
      domain_name: "adh.crans.org"
      domain_search: "adh.crans.org"
      options:
        - { key: "time-servers", value: "185.230.79.98" }
        - { key: "ntp-servers", value: "185.230.79.98" }
        - { key: "ip-forwarding", value: "off" }
        - { key: "smtp-server", value: "185.230.79.39" }
      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list"
    - network: "10.54.0.0/19"
      deny_unknown: True
      vlan: "fil_new"
      default_lease_time: "86400"
      routers: "10.54.0.254"
      dns: ["10.54.0.152", "10.54.0.4"]
      domain_name: "fil.crans.org"
      domain_search: "fil.crans.org"
      options:
        - { key: "time-servers", value: "185.230.79.98" }
        - { key: "ntp-servers", value: "185.230.79.98" }
        - { key: "ip-forwarding", value: "off" }
        - { key: "smtp-server", value: "185.230.79.39" }
      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.fil.crans.org.list"
    - network: "10.53.0.0/19"
      deny_unknown: False # For Federez
      vlan: "wifi_new"
      default_lease_time: "86400"
      routers: "10.53.0.254"
      dns: ["10.53.0.152", "10.53.0.4"]
      domain_name: "wifi.crans.org"
      domain_search: "wifi.crans.org"
      options:
        - { key: "time-servers", value: "185.230.79.98" }
        - { key: "ntp-servers", value: "185.230.79.98" }
        - { key: "ip-forwarding", value: "off" }
        - { key: "smtp-server", value: "185.230.79.39" }
      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.wifi.crans.org.list"
      range: ["10.53.21.0", "10.53.25.254"]
--- a/group_vars/keepalived.yml
+++ b/group_vars/keepalived.yml
@ -1,52 +1,11 @@
 ---
 keepalived:
-  radius:
+  dhcp:
-    password: "{{ vault_keepalived_radius_password }}"
+    password: "plopisverysecure"
-    id: 52
+    id: 60
    ipv6: yes
    zones:
      - vlan: adm
        ipv4: 10.231.136.11/24
        brd: 10.231.136.255
        ipv6: 2a0c:700:0:2:ad:adff:fef0:f002/64
      - vlan: bornes
        ipv4: 10.231.148.11/24
        brd: 10.231.148.255
        ipv6: fd01:240:fe3d:3:ad:adff:fef0:f003/64
      - vlan: switches
        ipv4: 10.231.100.11/24
        brd: 10.231.100.255
        ipv6: fd01:240:fe3d:c804:ad:adff:fef0:f004/64
  router:
    password: "{{ vault_keepalived_router_password }}"
    id: 53
    ipv6: no
    zones:
-      - vlan: adm
+      - vlan: adh-nat
-        ipv4: 10.231.136.254/24
+        ipv4: 100.64.0.99/16
-        brd: 10.231.136.255
+        brd: 100.64.255.255
      - vlan: fil_pub
        ipv4: 185.230.78.254/24
        brd: 185.230.78.255
      - vlan: srv
        ipv4: 185.230.79.254/24
        brd: 185.230.79.255
      - vlan: fil_new # Nat filaire
        ipv4: 10.54.0.254/16
        brd: 10.54.255.255
      - vlan: wifi_new
        ipv4: 10.53.0.254/16
        brd: 10.53.255.255
      - vlan: zayo
        ipv4: 158.255.113.73/31
  proxy:
    password: "{{ vault_keepalived_proxy_password }}"
    id: 51
    ipv6: yes
    zones:
      - vlan: srv
        ipv4: 185.230.79.194/32
        brd: 185.230.79.255
        ipv6: 2a0c:700:0:24:ba:ccff:feda:aa00/64
--- a/host_vars/routeur-daniel.adm.crans.org.yml
+++ b/host_vars/routeur-daniel.adm.crans.org.yml
@ -0,0 +1,15 @@
 ---
 interfaces:
  adm: ens18
  srv: ens19
  srv-nat: ens20
  infra: ens21
  adh: ens22
  adh-nat: ens23
 keepalived_instances:
  - name: dhcp
    tag: VI_DHCP
    state: BACKUP
    priority: 100
--- a/host_vars/routeur-sam.adm.crans.org.yml
+++ b/host_vars/routeur-sam.adm.crans.org.yml
@ -0,0 +1,15 @@
 ---
 interfaces:
  adm: ens18
  srv: ens19
  srv-nat: ens20
  infra: ens21
  adh: ens22
  adh-nat: ens23
 keepalived_instances:
  - name: dhcp
    tag: VI_DHCP
    state: MASTER
    priority: 150
--- a/14
+++ b/14
@ -36,8 +36,18 @@ sam.adm.crans.org
 daniel.adm.crans.org
 jack.adm.crans.org
-[crans_routeurs]
+[keepalived]
-routeur-daniel
+routeur-sam.adm.crans.org
 routeur-daniel.adm.crans.org
 [dhcp]
 routeur-sam.adm.crans.org
 routeur-daniel.adm.crans.org
 [crans_routeurs:children]
 dhcp
 keepalived
 [crans_physical]
 tealc.adm.crans.org
--- a/roles/re2o-dhcp/tasks/main.yml
+++ b/roles/re2o-dhcp/tasks/main.yml
@ -15,10 +15,11 @@
    etype: group
    permissions: rwx
    state: query
  when: not ansible_check_mode
 - name: Clone re2o-dhcp repository
  git:
-    repo: 'http://gitlab.adm.crans.org/nounous/re2o-dhcp.git'
+    repo: "{{ re2o.dhcp.uri }}"
    dest: /var/local/re2o-services/dhcp
    version: crans
    umask: '002'
@ -30,6 +31,7 @@
    owner: root
    group: root
    state: link
    force: yes
 - name: Create generated directory
  file: