From fb6bb8474b657fe7c2bf24fde93fc0d8f3d75300 Mon Sep 17 00:00:00 2001 From: Markus Katharina Brechtel Date: Thu, 13 Sep 2018 12:18:40 +0000 Subject: [PATCH] current --- group_vars/all/ips.yml | 4 ++ group_vars/all/networks.yml | 12 +++++ group_vars/{all => vdesks}/netif.yml | 0 group_vars/vpn_servers/netif.yml | 20 ++++++++ .../root/.local/share/fish/fish_history | 2 + host_files/kita-pro-vpn/fastd/vpn/peer.conf | 5 ++ .../root/.local/share/fish/fish_history | 24 +++++++++ host_vars/kita-pro-vdesk/netif.yml | 2 + host_vars/kita-pro-vpn/netif.yml | 49 +++++++++++++++++++ host_vars/kita-pro-vpn/ssh_host_key.yml | 1 + host_vars/kita-pro-vpn/staging.yml | 1 + host_vars/kita-pro-vpn/virt.yml | 19 +++++++ inventory | 3 ++ vpn_servers.yml | 36 ++++++++++++++ 14 files changed, 178 insertions(+) rename group_vars/{all => vdesks}/netif.yml (100%) create mode 100644 group_vars/vpn_servers/netif.yml create mode 100644 host_files/kita-pro-vdesk/root/.local/share/fish/fish_history create mode 100644 host_files/kita-pro-vpn/fastd/vpn/peer.conf create mode 100644 host_files/kita-pro-vpn/root/.local/share/fish/fish_history create mode 100644 host_vars/kita-pro-vpn/netif.yml create mode 100644 host_vars/kita-pro-vpn/ssh_host_key.yml create mode 100644 host_vars/kita-pro-vpn/staging.yml create mode 100644 host_vars/kita-pro-vpn/virt.yml create mode 100644 vpn_servers.yml diff --git a/group_vars/all/ips.yml b/group_vars/all/ips.yml index 47eea3e..3b31fb9 100644 --- a/group_vars/all/ips.yml +++ b/group_vars/all/ips.yml @@ -3,3 +3,7 @@ ips: ip: 172.23.48.1 network: kita-pro-service-net subnet: 172.23.48.0/24 +- host: kita-pro-vpn + ip: 172.23.48.2 + network: kita-pro-service-net + subnet: 172.23.48.0/24 diff --git a/group_vars/all/networks.yml b/group_vars/all/networks.yml index feb8543..8c02412 100644 --- a/group_vars/all/networks.yml +++ b/group_vars/all/networks.yml @@ -1,5 +1,10 @@ networks: + tg-net: + subnets: + - fd47:17e0:993c::/48 + - 172.23/16 + kita-pro-net: parent: tg-net site: kita-pro @@ -14,6 +19,13 @@ networks: - fd47:17e0:993c:30::/64 - 172.23.48/24 + testkita-net: + parent: tg-net + site: testkita + subnets: + - fd47:17e0:993c:31::/64 + - 172.23.49/24 + kita-stjs-net: parent: tg-net site: kita-pro diff --git a/group_vars/all/netif.yml b/group_vars/vdesks/netif.yml similarity index 100% rename from group_vars/all/netif.yml rename to group_vars/vdesks/netif.yml diff --git a/group_vars/vpn_servers/netif.yml b/group_vars/vpn_servers/netif.yml new file mode 100644 index 0000000..91737c8 --- /dev/null +++ b/group_vars/vpn_servers/netif.yml @@ -0,0 +1,20 @@ +netif_primary: virt +netifs_profile: + virt: + networks: + - kita-pro-service-net + type: virt_ptp + virt_host_netif: virt + dns_resolvers: + - fd47:17e0:993c:c2::c:1 + - fd47:17e0:993c:c2::c:2 + - fd47:17e0:993c:c2::c:3 + vpn: + type: fastd + networks: + - kita-pro-service-net + fastd_port: 10060 + fastd_peers: [] + babeld: + redistribute_networks: + - tg-net diff --git a/host_files/kita-pro-vdesk/root/.local/share/fish/fish_history b/host_files/kita-pro-vdesk/root/.local/share/fish/fish_history new file mode 100644 index 0000000..3b44d1c --- /dev/null +++ b/host_files/kita-pro-vdesk/root/.local/share/fish/fish_history @@ -0,0 +1,2 @@ +- cmd: reboot + when: 1536583700 diff --git a/host_files/kita-pro-vpn/fastd/vpn/peer.conf b/host_files/kita-pro-vpn/fastd/vpn/peer.conf new file mode 100644 index 0000000..712e14a --- /dev/null +++ b/host_files/kita-pro-vpn/fastd/vpn/peer.conf @@ -0,0 +1,5 @@ +key "c61a1701cf00cde38efcbd88d7b365f4d18c45290ffda6900677b18dcd3d0287"; +remote 172.23.48.2:10060; +remote 51.68.177.5:10060; +remote [fd47:17e0:993c:30:47:baff:fe21:28f9]:10060; +float yes; diff --git a/host_files/kita-pro-vpn/root/.local/share/fish/fish_history b/host_files/kita-pro-vpn/root/.local/share/fish/fish_history new file mode 100644 index 0000000..b44eb6e --- /dev/null +++ b/host_files/kita-pro-vpn/root/.local/share/fish/fish_history @@ -0,0 +1,24 @@ +- cmd: top + when: 1536587819 +- cmd: cat /dev/urandom + when: 1536587835 +- cmd: cat /dev/urandom + when: 1536588003 +- cmd: cat /dev/urandom | base32 + when: 1536588018 + paths: + - /dev/urandom +- cmd: cat /dev/urandom | base64 + when: 1536588024 + paths: + - /dev/urandom +- cmd: ip a + when: 1536588206 +- cmd: cat /etc/network/interfaces + when: 1536588218 + paths: + - /etc/network/interfaces +- cmd: cat /etc/network/interfaces.d/virt + when: 1536588220 + paths: + - /etc/network/interfaces.d/virt diff --git a/host_vars/kita-pro-vdesk/netif.yml b/host_vars/kita-pro-vdesk/netif.yml index f255ec8..f9f34aa 100644 --- a/host_vars/kita-pro-vdesk/netif.yml +++ b/host_vars/kita-pro-vdesk/netif.yml @@ -13,6 +13,8 @@ netifs: type: eui64 - ip: 172.23.48.1/24 type: host + - ip: 51.68.177.5/32 + type: static ll6: fe80::47:aff:fed8:5484 mac: 02:47:0a:d8:54:84 networks: diff --git a/host_vars/kita-pro-vpn/netif.yml b/host_vars/kita-pro-vpn/netif.yml new file mode 100644 index 0000000..1db5028 --- /dev/null +++ b/host_vars/kita-pro-vpn/netif.yml @@ -0,0 +1,49 @@ +ansible_host: fd47:17e0:993c:30:47:baff:fe21:28f9 +netifs: + virt: + device: enp1s3 + dns_resolvers: + - fd47:17e0:993c:c2::c:1 + - fd47:17e0:993c:c2::c:2 + - fd47:17e0:993c:c2::c:3 + eui64: 47:baff:fe21:28f9 + id: 308065413369 + ips: + - ip: fd47:17e0:993c:30:47:baff:fe21:28f9/64 + type: eui64 + - ip: 172.23.48.2/24 + type: host + - ip: 51.68.177.5/32 + type: static + ll6: fe80::47:baff:fe21:28f9 + mac: 02:47:ba:21:28:f9 + networks: + - kita-pro-service-net + type: virt_ptp + virt_host_netif: virt + virt_pci_id: 0 + vpn: + babeld: + redistribute_networks: + - tg-net + device: vpn + eui64: 47:cdff:fe01:ea1f + fastd_key: c61a1701cf00cde38efcbd88d7b365f4d18c45290ffda6900677b18dcd3d0287 + fastd_peers: [] + fastd_port: 10060 + fastd_remote: + - 172.23.48.2:10060 + - 51.68.177.5:10060 + - '[fd47:17e0:993c:30:47:baff:fe21:28f9]:10060' + id: 308382132767 + ips: + - ip: fd47:17e0:993c:30:47:cdff:fe01:ea1f/64 + type: eui64 + - ip: 172.23.48.2/24 + type: host + ll6: fe80::47:cdff:fe01:ea1f + mac: 02:47:cd:01:ea:1f + networks: + - kita-pro-service-net + type: fastd +ssh_ip: fd47:17e0:993c:30:47:baff:fe21:28f9 diff --git a/host_vars/kita-pro-vpn/ssh_host_key.yml b/host_vars/kita-pro-vpn/ssh_host_key.yml new file mode 100644 index 0000000..56e6cd8 --- /dev/null +++ b/host_vars/kita-pro-vpn/ssh_host_key.yml @@ -0,0 +1 @@ +ssh_host_key_ed25519_public: AAAAC3NzaC1lZDI1NTE5AAAAIJNs5NesENwxBenS5ErcgdKqDdqBOBT90t2GWBrIbyVq diff --git a/host_vars/kita-pro-vpn/staging.yml b/host_vars/kita-pro-vpn/staging.yml new file mode 100644 index 0000000..fab29ae --- /dev/null +++ b/host_vars/kita-pro-vpn/staging.yml @@ -0,0 +1 @@ +stage: staging diff --git a/host_vars/kita-pro-vpn/virt.yml b/host_vars/kita-pro-vpn/virt.yml new file mode 100644 index 0000000..f48345e --- /dev/null +++ b/host_vars/kita-pro-vpn/virt.yml @@ -0,0 +1,19 @@ +filesystems: +- device: /dev/vda + fstype: ext4 + keep: true + mount_point: / +swap_devices: +- device: /dev/vdb + uuid: a5434f37-3986-5feb-9abc-f22f0a5ecb60 +virt_console: serial +virt_disks: +- boot: true + name: root + size: 32G + type: qcow2 +- name: swap + size: 2G + type: raw +virt_host: tg-srv-0 +virt_uuid: 5adee200-b8c7-4e7d-bf71-d2381ec85fbb diff --git a/inventory b/inventory index 0a00aad..5e8ce24 100644 --- a/inventory +++ b/inventory @@ -3,3 +3,6 @@ tg-srv-0 [vdesks] kita-pro-vdesk + +[vpn_servers] +kita-pro-vpn diff --git a/vpn_servers.yml b/vpn_servers.yml new file mode 100644 index 0000000..353cd1b --- /dev/null +++ b/vpn_servers.yml @@ -0,0 +1,36 @@ +--- + +- hosts: vpn_servers + gather_facts: false + roles: + - name: staging + default_stage: provisioning + +- hosts: vpn_servers:&provisioning + remote_user: root + gather_facts: false + roles: + - role: netif + - role: virt_provision + - role: common + - name: staging + next_stage: staging + +- hosts: vpn_servers + remote_user: root + roles: + #- role: common + - role: network + +# - hosts: vpn_servers:&staging +# remote_user: root +# roles: +# - name: staging +# next_stage: production + +# - hosts: vpn_servers:&recycling +# remote_user: root +# gather_facts: false +# roles: +# - role: virt +# virt_state: absent