diff options
-rw-r--r-- | inventory/group_vars/elevate-festival/main.yml | 66 | ||||
-rw-r--r-- | inventory/host_vars/ele-router.yml | 247 | ||||
-rw-r--r-- | inventory/hosts.ini | 5 |
3 files changed, 196 insertions, 122 deletions
diff --git a/inventory/group_vars/elevate-festival/main.yml b/inventory/group_vars/elevate-festival/main.yml new file mode 100644 index 00000000..fed2b8ec --- /dev/null +++ b/inventory/group_vars/elevate-festival/main.yml @@ -0,0 +1,66 @@ +--- +network_zones: + lan: + vlan: 18 + prefix: 192.168.18.0/24 + gw: 192.168.18.254 + dns: + - 192.168.18.254 + dhcp: + start: 1 + limit: 199 + + guest: + vlan: 23 + prefix: 192.168.23.0/24 + gw: 192.168.23.254 + dns: + - 192.168.23.254 + dhcp: + start: 1 + limit: 250 + leasetime: 2h + + mgmt: + vlan: 42 + prefix: 192.168.42.0/24 + offsets: + ele-router: 254 + + mixer: + vlan: 48 + prefix: 192.168.48.0/24 + + infobeamer: + vlan: 73 + prefix: 192.168.73.0/24 + gw: 192.168.73.254 + dns: + - 192.168.73.254 + dhcp: + start: 100 + limit: 199 + + dom: + vlan: 91 + prefix: 85.237.28.224/28 + gw: 85.237.28.225 + dns: + - 217.29.144.65 + - 217.29.144.66 + offsets: + ## citycom uses offset 1,2 and 3 + ele-router: 4 + + forum: + vlan: 109 + prefix: 85.237.28.192/28 + gw: 85.237.28.193 + dns: + - 217.29.144.65 + - 217.29.144.66 + offsets: + ## citycom uses offset 1,2 and 3 + helene: 4 + dione: 5 + tethys: 6 diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml index 8b92a94f..79ee5871 100644 --- a/inventory/host_vars/ele-router.yml +++ b/inventory/host_vars/ele-router.yml @@ -1,4 +1,116 @@ --- +network_wan_zone: "{{ network_zones.dom }}" +network_mgmt_zone: "{{ network_zones.mgmt }}" +network_internal_zone_names: + - lan + - guest + - infobeamer + + +openwrt_network_external: + # - name: interface 'wan' + # options: + # ifname: eth0 + # proto: dhcp + + - name: interface 'wan' + options: + ifname: "eth0.{{ network_wan_zone.vlan }}" + accept_ra: 0 + proto: static + ipaddr: "{{ network_wan_zone.prefix | ipaddr(network_wan_zone.offsets[inventory_hostname]) | ipaddr('address') }}" + netmask: "{{ network_wan_zone.prefix | ipaddr('netmask') }}" + gateway: "{{ network_wan_zone.gw }}" + dns: "{{ network_wan_zone.dns }}" + +openwrt_network_internal: "{{ openwrt_network_internal_yaml | from_yaml }}" +openwrt_network_internal_yaml: | + {% for zone_name in network_internal_zone_names %} + - name: "interface '{{ zone_name }}'" + options: + ifname: "eth1.{{ network_zones[zone_name].vlan }}" + accept_ra: 0 + proto: static + ipaddr: "{{ network_zones[zone_name].gw }}" + netmask: "{{ network_zones[zone_name].prefix | ipaddr('netmask') }}" + {% endfor %} + +openwrt_network_base: + - name: globals 'globals' + options: + ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48" + + - name: interface 'loopback' + options: + ifname: lo + proto: static + ipaddr: 127.0.0.1 + netmask: 255.0.0.0 + + - name: interface 'mgmt' + options: + ifname: "eth1.{{ network_mgmt_zone.vlan }}" + accept_ra: 0 + proto: static + ipaddr: "{{ network_mgmt_zone.prefix | ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ipaddr('address') }}" + netmask: "{{ network_mgmt_zone.prefix | ipaddr('netmask') }}" + + +openwrt_dhcp_external: + - name: dhcp 'wan' + options: + interface: 'wan' + ignore: '1' + +openwrt_dhcp_internal: "{{ openwrt_dhcp_internal_yaml | from_yaml }}" +openwrt_dhcp_internal_yaml: | + {% for zone_name in network_internal_zone_names %} + - name: "dhcp '{{ zone_name }}'" + options: + interface: "{{ zone_name }}" + {% if 'dhcp' in network_zones[zone_name] %} + start: {{ network_zones[zone_name].dhcp.start }} + limit: {{ network_zones[zone_name].dhcp.limit }} + leasetime: {{ network_zones[zone_name].dhcp.leasetime | default('12h') }} + dhcpv6: 'disabled' + ra: 'disabled' + {% else %} + ignore: '1' + {% endif %} + {% endfor %} + +openwrt_dhcp_base: + - name: dnsmasq + options: + domainneeded: '1' + boguspriv: '1' + filterwin2k: '0' + localise_queries: '1' + rebind_protection: '1' + rebind_localhost: '1' + local: '/lan/' + domain: 'lan' + expandhosts: '1' + nonegcache: '0' + authoritative: '1' + readethers: '1' + leasefile: '/tmp/dhcp.leases' + resolvfile: '/tmp/resolv.conf.auto' + localservice: '1' + + - name: odhcpd 'odhcpd' + options: + maindhcp: '0' + leasefile: '/tmp/hosts/odhcpd' + leasetrigger: '/usr/sbin/odhcpd-update' + + - name: dhcp 'mgmt' + options: + interface: 'mgmt' + ignore: '1' + + + openwrt_variant: lede openwrt_release: 17.01.6 openwrt_arch: ar71xx @@ -28,6 +140,7 @@ openwrt_packages_add: - qos-scripts + openwrt_mixin: /etc/dropbear/authorized_keys: content: "{{ ssh_keys_root | join('\n') }}\n" @@ -35,7 +148,7 @@ openwrt_mixin: /etc/htoprc: file: "{{ global_files_dir }}/common/htoprc" - ## TODO: this needs to be activated... + ## TODO: this script needs to be activated ... probably using a symlink file? /etc/init.d/network-nat: mode: "0755" content: | @@ -48,12 +161,17 @@ openwrt_mixin: network_get_device WAN_IF "wan" - network_get_subnets LAN_NETS "lan" - network_get_subnets GUEST_NETS "guest" - network_get_subnets INFO_NETS "infobeamer" + {% for zone_name in network_internal_zone_names %} + network_get_subnets NETS "{{ zone_name }}" + {% if loop.first %} + INTERNAL_NETS="$NETS" + {% else %} + INTERNAL_NETS="INTERNAL_NETS $NETS" + {% endif %} + {% endfor %} start() { - for net in $LAN_NETS $GUEST_NETS $INFO_NETS; do + for net in $INTERNAL_NETS; do iptables -t nat -A POSTROUTING -o $WAN_IF -s $net -j MASQUERADE done; } @@ -90,121 +208,6 @@ openwrt_uci: RootPasswordAuth: 'off' Port: '22000' - dhcp: - - name: dnsmasq - options: - domainneeded: '1' - boguspriv: '1' - filterwin2k: '0' - localise_queries: '1' - rebind_protection: '1' - rebind_localhost: '1' - local: '/lan/' - domain: 'lan' - expandhosts: '1' - nonegcache: '0' - authoritative: '1' - readethers: '1' - leasefile: '/tmp/dhcp.leases' - resolvfile: '/tmp/resolv.conf.auto' - localservice: '1' - - - name: odhcpd 'odhcpd' - options: - maindhcp: '0' - leasefile: '/tmp/hosts/odhcpd' - leasetrigger: '/usr/sbin/odhcpd-update' - - - name: dhcp 'mgmt' - options: - interface: 'mgmt' - ignore: '1' - - - name: dhcp 'lan' - options: - interface: 'lan' - start: '1' - limit: '199' - leasetime: '12h' - dhcpv6: 'disabled' - ra: 'disabled' - - - name: dhcp 'guest' - options: - interface: 'guest' - start: '1' - limit: '199' - leasetime: '12h' - dhcpv6: 'disabled' - ra: 'disabled' - - - name: dhcp 'infobeamer' - options: - interface: 'infobeamer' - start: '100' - limit: '199' - leasetime: '12h' - dhcpv6: 'disabled' - ra: 'disabled' - + dhcp: "{{ openwrt_dhcp_base + openwrt_dhcp_internal + openwrt_dhcp_external }}" - network: - - name: globals 'globals' - options: - ula_prefix: fdc9:e01f:83db::/48 - - - name: interface 'loopback' - options: - ifname: lo - proto: static - ipaddr: 127.0.0.1 - netmask: 255.0.0.0 - - - name: interface 'wan' - options: - ifname: eth0 - proto: dhcp - - # - name: interface 'wan' - # options: - # ifname: eth0.91 - # accept_ra: 0 - # proto: static - # ipaddr: 85.237.28.228 - # netmask: 255.255.255.240 - # gateway: 85.237.28.225 - # dns: - # - 217.19.144.65 - # - 217.19.144.66 - - - name: interface 'mgmt' - options: - ifname: eth1.42 - accept_ra: 0 - proto: static - ipaddr: 192.168.42.254 - netmask: 255.255.255.0 - - - name: interface 'lan' - options: - ifname: eth1.18 - accept_ra: 0 - proto: static - ipaddr: 192.168.18.254 - netmask: 255.255.255.0 - - - name: interface 'guest' - options: - ifname: eth1.23 - accept_ra: 0 - proto: static - ipaddr: 192.168.23.254 - netmask: 255.255.255.0 - - - name: interface 'infobeamer' - options: - ifname: eth1.73 - accept_ra: 0 - proto: static - ipaddr: 192.168.73.254 - netmask: 255.255.255.0 + network: "{{ openwrt_network_base + openwrt_network_internal + openwrt_network_external }}" diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 769b97b3..9a23a64a 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -133,6 +133,11 @@ k8s-emc-streamer k8s-emc-stats +### Elevate Festival +[elevate-festival:children] +elevate +k8s-emc + ### kubernetes cluster: chaos |