[oldinfra] cleanup

2021-02-06 19:26:57 +01:00 · 2021-02-06 19:26:57 +01:00 · fc76317aec
parent 262696970f
commit fc76317aec
9 changed files with 1 additions and 207 deletions
--- a/re2o.yml
+++ b/re2o.yml
@ -18,36 +18,16 @@
  roles:
    - re2o-dns
 # Deploy re2o home service on nfs server
 - hosts: zbee.adm.crans.org
  roles:
    - re2o-home
 # Deploy re2o notif-users service on zamok
 - hosts: zamok.adm.crans.org
  roles:
    - re2o-notif-users
 # Deploy re2o dhcp on dhcp servers
 - hosts: odlyd.adm.crans.org,dhcp.adm.crans.org
  roles:
    - re2o-dhcp
 # Deploy re2o firewall on servers
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org,zamok.adm.crans.org,routeur.adm.crans.org
+- hosts: zamok.adm.crans.org
  roles:
    - re2o-firewall
 # Re2o firewall specific configuration for gulp
 - hosts: gulp.adm.crans.org
  roles:
    - re2o-firewall-gulp
 # Re2o firewall specific configuration for odlyd
 - hosts: odlyd.adm.crans.org
  roles:
    - re2o-firewall-odlyd
 # Re2o firewall specific configuration for ipv6-zayo
 - hosts: ipv6-zayo.adm.crans.org
  roles:
@ -58,11 +38,6 @@
  roles:
    - re2o-firewall-zamok
 # Re2o firewall specific configuration for routeur
 - hosts: routeur.adm.crans.org
  roles:
    - re2o-firewall-routeur
 # Deploy re2o mail-server on MTA and MDA
 - hosts: titanic.adm.crans.org,sputnik.adm.crans.org
  roles:
--- a/roles/re2o-firewall-gulp/tasks/main.yml
+++ b/roles/re2o-firewall-gulp/tasks/main.yml
@ -1,8 +0,0 @@
 ---
 - name: Deploy firewall configuration for gulp
  template:
    src: re2o-services/firewall/firewall_config.py.j2
    dest: /var/local/re2o-services/firewall/firewall_config.py
    mode: '644'
    owner: root
    group: root
--- a/roles/re2o-firewall-gulp/templates/re2o-services/firewall/firewall_config.py.j2
+++ b/roles/re2o-firewall-gulp/templates/re2o-services/firewall/firewall_config.py.j2
@ -1,41 +0,0 @@
 # -*- mode: python; coding: utf-8 -*-
 {{ ansible_header | comment }}
 ### Give me a role
 role = ['routeur4']
 ### Specify each interface role
 interfaces_type = {
    'routable' : ['eno1.1', 'ens1f0.21', 'ens1f0.22', 'ens1f0.23', 'ens1f0.24'],
    'sortie' : ['ens1f0.26', 'ens1f0.1132'],
    'admin' : ['eno1.2', 'eno1.3'],
    '6in4' : [('ens1f0.23', 'ens1f0.26')]
 }
 ### Specify nat settings: name, interfaces with range, and global range for nat
 ### WARNING : "interface_ip_to_nat' MUST contain /24 ranges, and ip_sources MUST
 ### contain /16 range
 nat = [
    {
        'name' : 'Wifi',
        'interfaces_ip_to_nat' : {
            'ens1f0.26' : '185.230.76.0/24',
            'eno1.1' : '138.231.144.0/24',
            'ens1f0.1132' : '138.231.144.0/24',
        },
        'ip_sources' : '10.53.0.0/16'
    },
    {
        'name' : 'Filaire',
        'interfaces_ip_to_nat' : {
            'ens1f0.26' : '185.230.77.0/24',
            'eno1.1' : '138.231.145.0/24',
            'ens1f0.1132' : '138.231.145.0/24',
        },
        'ip_sources' : '10.54.0.0/16'
    }
 ]
--- a/roles/re2o-firewall-ipv6-zayo/tasks/main.yml
+++ b/roles/re2o-firewall-ipv6-zayo/tasks/main.yml
@ -1,8 +0,0 @@
 ---
 - name: Deploy firewall configuration for ipv6-zayo
  template:
    src: re2o-services/firewall/firewall_config.py.j2
    dest: /var/local/re2o-services/firewall/firewall_config.py
    mode: '644'
    owner: root
    group: root
--- a/roles/re2o-firewall-ipv6-zayo/templates/re2o-services/firewall/firewall_config.py.j2
+++ b/roles/re2o-firewall-ipv6-zayo/templates/re2o-services/firewall/firewall_config.py.j2
@ -1,15 +0,0 @@
 # -*- mode: python; coding: utf-8 -*-
 {{ ansible_header | comment }}
 ### Give me a role
 role = ['routeur6']
 ### Specify each interface role
 interfaces_type = {
    'routable' : ['ens18', 'ens20', 'ens21', 'ens1', 'ens2'],
    'sortie' : ['ens22'],
    'admin' : ['ens19', 'ens23']
 }
--- a/roles/re2o-firewall-odlyd/tasks/main.yml
+++ b/roles/re2o-firewall-odlyd/tasks/main.yml
@ -1,8 +0,0 @@
 ---
 - name: Deploy firewall configuration for odlyd
  template:
    src: re2o-services/firewall/firewall_config.py.j2
    dest: /var/local/re2o-services/firewall/firewall_config.py
    mode: '644'
    owner: root
    group: root
--- a/roles/re2o-firewall-odlyd/templates/re2o-services/firewall/firewall_config.py.j2
+++ b/roles/re2o-firewall-odlyd/templates/re2o-services/firewall/firewall_config.py.j2
@ -1,41 +0,0 @@
 # -*- mode: python; coding: utf-8 -*-
 {{ ansible_header | comment }}
 ### Give me a role
 role = ['routeur4']
 ### Specify each interface role
 interfaces_type = {
    'routable' : ['eth0.1', 'ens1f0.21', 'ens1f0.22', 'ens1f0.23', 'ens1f0.24'],
    'sortie' : ['ens1f0.26', 'ens1f0.1132'],
    'admin' : ['eth0.2', 'eth0.3', 'eth0.9', 'eth0.7', 'eth0.4'],
    '6in4' : [('ens1f0.23', 'ens1f0.26')]
 }
 ### Specify nat settings: name, interfaces with range, and global range for nat
 ### WARNING : "interface_ip_to_nat' MUST contain /24 ranges, and ip_sources MUST
 ### contain /16 range
 nat = [
    {
        'name' : 'Wifi',
        'interfaces_ip_to_nat' : {
            'ens1f0.26' : '185.230.76.0/24',
            'eth0.1' : '138.231.144.0/24',
            'ens1f0.1132' : '138.231.144.0/24',
        },
        'ip_sources' : '10.53.0.0/16'
    },
    {
        'name' : 'Filaire',
        'interfaces_ip_to_nat' : {
            'ens1f0.26' : '185.230.77.0/24',
            'eth0.1' : '138.231.145.0/24',
            'ens1f0.1132' : '138.231.145.0/24',
        },
        'ip_sources' : '10.54.0.0/16'
    }
 ]
--- a/roles/re2o-firewall-routeur/tasks/main.yml
+++ b/roles/re2o-firewall-routeur/tasks/main.yml
@ -1,8 +0,0 @@
 ---
 - name: Deploy firewall configuration for routeur
  template:
    src: re2o-services/firewall/firewall_config.py.j2
    dest: /var/local/re2o-services/firewall/firewall_config.py
    mode: '644'
    owner: root
    group: root
--- a/roles/re2o-firewall-routeur/templates/re2o-services/firewall/firewall_config.py.j2
+++ b/roles/re2o-firewall-routeur/templates/re2o-services/firewall/firewall_config.py.j2
@ -1,52 +0,0 @@
 # -*- mode: python; coding: utf-8 -*-
 {{ ansible_header | comment }}
 ### Give me a role
 role = ['portail']
 ### Specify each interface role
 interfaces_type = {
    'routable' : ['ens20', 'ens21'],
    'sortie' : ['ens18'],
    'admin' : ['ens19']
 }
 portail = {
    'autorized_hosts' : {
        'tcp' : {
            '138.231.136.12' : ['22'],
            '138.231.136.98' : ['20', '21', '80', '111', '1024:65535'],
            '138.231.136.145' : ['80', '443'],
            '213.154.225.236' : ['80', '443'],
            '213.154.225.237' : ['80', '443'],
            '172.217.18.197' : ['80', '443'], #gmail addresses
            '108.177.15.83' : ['80', '443'],
            '108.177.15.18' : ['80', '443'],
            '108.177.15.17' : ['80', '443'],
            '108.177.15.19' : ['80', '443'],
            '172.217.18.205' : ['80', '443'], #accounts google
            '172.217.18.195' : ['80', '443'],
            '46.255.53.35' : ['80', '443'],
            '46.255.53.17' : ['80', '443'],
            '0.0.0.0/0' : ['143', '220', '993']
        },
        'udp' : {
            '138.231.136.98' : ['69', '1024:65535']
        }
    },
    'ip_redirect' : {
        '10.51.0.0/16' : {
            'tcp' : {
                '138.231.136.145' : ['80', '443']
            }
        },
        '10.52.0.0/16' : {
            'tcp' : {
                '138.231.136.145' : ['80', '443']
            }
        }
    }
 }