diff options
Diffstat (limited to 'ansible/roles/router')
| -rw-r--r-- | ansible/roles/router/files/dnsmasq-router | 2 | ||||
| -rw-r--r-- | ansible/roles/router/files/ferm.conf | 2 | ||||
| -rw-r--r-- | ansible/roles/router/files/interfaces-eth1-eth2 | 11 | ||||
| -rw-r--r-- | ansible/roles/router/files/setup-firewall | 3 | ||||
| -rw-r--r-- | ansible/roles/router/files/switch | 15 | ||||
| -rw-r--r-- | ansible/roles/router/files/sysctl-routing.conf (renamed from ansible/roles/router/files/enable-routing.conf) | 0 | ||||
| -rw-r--r-- | ansible/roles/router/handlers/main.yml | 11 | ||||
| -rw-r--r-- | ansible/roles/router/tasks/main.yml | 39 | ||||
| -rw-r--r-- | ansible/roles/router/templates/ifupdown-switch | 14 |
9 files changed, 59 insertions, 38 deletions
diff --git a/ansible/roles/router/files/dnsmasq-router b/ansible/roles/router/files/dnsmasq-router new file mode 100644 index 0000000..7e48964 --- /dev/null +++ b/ansible/roles/router/files/dnsmasq-router @@ -0,0 +1,2 @@ +interface=br0 +dhcp-range=10.0.0.10,10.0.0.250,255.255.255.0,720h diff --git a/ansible/roles/router/files/ferm.conf b/ansible/roles/router/files/ferm.conf index 1867e84..4cc1a24 100644 --- a/ansible/roles/router/files/ferm.conf +++ b/ansible/roles/router/files/ferm.conf @@ -7,7 +7,7 @@ @def $DEV_WORLD = eth0; # Interfaces towards LAN. -@def $DEV_PRIVATE = (eth1 eth2 eth3); +@def $DEV_PRIVATE = (br0); # Address range for LAN. @def $NET_PRIVATE = 10.0.0.0/16; diff --git a/ansible/roles/router/files/interfaces-eth1-eth2 b/ansible/roles/router/files/interfaces-eth1-eth2 deleted file mode 100644 index 721f2ed..0000000 --- a/ansible/roles/router/files/interfaces-eth1-eth2 +++ /dev/null @@ -1,11 +0,0 @@ -auto eth1 -iface eth1 inet static - address 10.0.2.1 - netmask 255.255.255.0 - gateway 10.0.0.255 - -auto eth2 -iface eth2 inet static - address 10.0.3.1 - netmask 255.255.255.0 - gateway 10.0.0.255 diff --git a/ansible/roles/router/files/setup-firewall b/ansible/roles/router/files/setup-firewall deleted file mode 100644 index 77f80d8..0000000 --- a/ansible/roles/router/files/setup-firewall +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -exec iptables -t nat -A POSTROUTING -j MASQUERADE diff --git a/ansible/roles/router/files/switch b/ansible/roles/router/files/switch new file mode 100644 index 0000000..ebf9da1 --- /dev/null +++ b/ansible/roles/router/files/switch @@ -0,0 +1,15 @@ +auto eth1 +iface eth1 inet manual + +auto eth2 +iface eth2 inet manual + +auto eth3 +iface eth3 inet manual + +auto br0 +iface br0 inet static + address 10.0.0.4 + netmask 255.255.255.0 + gateway 10.0.0.255 + bridge_ports eth1 eth2 eth3 diff --git a/ansible/roles/router/files/enable-routing.conf b/ansible/roles/router/files/sysctl-routing.conf index 6ab7319..6ab7319 100644 --- a/ansible/roles/router/files/enable-routing.conf +++ b/ansible/roles/router/files/sysctl-routing.conf diff --git a/ansible/roles/router/handlers/main.yml b/ansible/roles/router/handlers/main.yml new file mode 100644 index 0000000..9bfdccb --- /dev/null +++ b/ansible/roles/router/handlers/main.yml @@ -0,0 +1,11 @@ +- name: restart ferm + service: name=ferm state=restarted enabled=yes + +- name: reload interfaces + service: name=networking state=restarted enabled=yes + +- name: restart dnsmasq + service: name=dnsmasq state=restarted enabled=yes + +- name: load sysctl config + shell: sysctl -p /etc/sysctl.d/routing.conf diff --git a/ansible/roles/router/tasks/main.yml b/ansible/roles/router/tasks/main.yml index 2bfaa99..bd28a11 100644 --- a/ansible/roles/router/tasks/main.yml +++ b/ansible/roles/router/tasks/main.yml @@ -1,31 +1,24 @@ - name: install ferm apt: name=ferm -- name: install ferm.conf - copy: - src: ferm.conf - dest: /etc/ferm/ferm.conf - owner: root - group: root - mode: 0640 +- name: copy ferm.conf + copy: > + src=ferm.conf dest=/etc/ferm/ferm.conf + owner=root group=root mode=0640 + notify: restart ferm -- name: restart ferm - service: - name: ferm - state: restarted +- name: remove installer eth3 configuration + file: path=/etc/network/interfaces.d/router state=absent + notify: reload interfaces -- name: configure eth1 and eth2 - copy: - src: interfaces-eth1-eth2 - dest: /etc/network/interfaces.d +- name: configure switch interfaces + template: src=ifupdown-switch dest=/etc/network/interfaces.d/switch + notify: reload interfaces -- name: bring up eth1 and eth2 - shell: ifup eth1 eth2 +- name: reconfigure dnsmasq + copy: src=dnsmasq-router dest=/etc/dnsmasq.d/router + notify: restart dnsmasq - name: set up packet forwarding sysctl config - copy: - src: enable-routing.conf - dest: /etc/sysctl.d - -- name: load sysctl config change - shell: sysctl -p /etc/sysctl.d/enable-routing.conf + copy: src=sysctl-routing.conf dest=/etc/sysctl.d/routing.conf + notify: load sysctl config diff --git a/ansible/roles/router/templates/ifupdown-switch b/ansible/roles/router/templates/ifupdown-switch new file mode 100644 index 0000000..d8d4ec5 --- /dev/null +++ b/ansible/roles/router/templates/ifupdown-switch @@ -0,0 +1,14 @@ +auto br0 +iface br0 inet static + address 10.0.0.4 + netmask 255.255.255.0 + gateway 10.0.0.255 + pre-up ip link add name $IFACE type bridge +{% for i in range(1, 4) %} + +auto eth{{i}} +iface eth{{i}} inet manual + up ip link set $IFACE up + post-up ip addr flush dev $IFACE + post-up ip link set $IFACE master br0 +{% endfor %} |