commit baf8bc2d3d8fb973bfe8e9333b13d2b5f4db9022 Author: alex Date: Sun Mar 15 18:07:56 2026 +0300 Добавить ansible.yml diff --git a/ansible.yml b/ansible.yml new file mode 100644 index 0000000..353b672 --- /dev/null +++ b/ansible.yml @@ -0,0 +1,312 @@ +######################### +# +# All host +# +######################### +- hosts: all + become: true + tasks: + + - name: change enp0s3 conf, disable default route + copy: + dest: /etc/netplan/50-cloud-init.yaml + content: | + network: + ethernets: + enp0s3: + dhcp4: true + dhcp4-overrides: + use-routes: false + version: 2 + force: yes + when: ansible_hostname != 'inetRouter' + notify: apply netplan + + handlers: + - name: apply netplan + command: + cmd: netplan apply + when: ansible_hostname != 'inetRouter' + + + +######################### +# +# inetRouter +# +######################### + +- hosts: inetRouter + become: true + tasks: + + - name: update + apt: + update_cache: yes + + - name: install iptables-persistent + apt: + name: iptables-persistent + state: present + update_cache: yes + + - name: enable forwarding + sysctl: + name: net.ipv4.ip_forward + value: '1' + sysctl_set: yes + state: present + reload: yes + + - name: add route all office netplan + blockinfile: + path: /etc/netplan/50-vagrant.yaml + insertafter: ' - 192.168.255.1/30' + block: |2 + routes: + - to: 192.168.0.0/16 + via: 192.168.255.2 + state: present + marker: "# {mark} ROUTE ALL OFFICE BLOCK" + notify: apply netplan + + - name: remove all rules NAT + iptables: + table: nat + flush: true + + - name: add nat rule + iptables: + table: nat + chain: POSTROUTING + out_interface: enp0s3 + destination: '! 192.168.0.0/16' + jump: MASQUERADE + state: present + + - name: save iptables rules + shell: + cmd: iptables-save > /etc/iptables/rules.v4 + + handlers: + - name: apply netplan + command: + cmd: netplan apply + + +######################### +# +# centralRouter +# +######################### + +- hosts: centralRouter + become: true + tasks: + + - name: enable forwarding + sysctl: + name: net.ipv4.ip_forward + value: '1' + sysctl_set: yes + state: present + reload: yes + + + - name: add default gateway netplan + blockinfile: + path: /etc/netplan/50-vagrant.yaml + insertafter: ' - 192.168.255.2/30' + block: |2 + routes: + - to: default + via: 192.168.255.1 + state: present + marker: "# {mark} DEFAULT GATEWAY BLOCK" + notify: apply netplan + + + - name: add routes office 1 netplan + blockinfile: + path: /etc/netplan/50-vagrant.yaml + insertafter: ' - 192.168.255.5/30' + block: |2 + routes: + - to: 192.168.2.0/24 + via: 192.168.255.6 + state: present + marker: "# {mark} ROUTE OFFICE 1 BLOCK" + notify: apply netplan + + + - name: add routes office 2 netplan + blockinfile: + path: /etc/netplan/50-vagrant.yaml + insertafter: ' - 192.168.255.9/30' + block: |2 + routes: + - to: 192.168.1.0/24 + via: 192.168.255.10 + state: present + marker: "# {mark} ROUTE OFFICE 2 BLOCK" + notify: apply netplan + + handlers: + - name: apply netplan + command: + cmd: netplan apply + +######################### +# +# centralServer +# +######################### + +- hosts: centralServer + become: true + tasks: + + - name: add default gateway netplan + blockinfile: + path: /etc/netplan/50-vagrant.yaml + insertafter: ' - 192.168.0.2/28' + block: |2 + routes: + - to: default + via: 192.168.0.1 + state: present + marker: "# {mark} DEFAULT GATEWAY BLOCK" + notify: apply netplan + + handlers: + - name: apply netplan + command: + cmd: netplan apply + + +######################### +# +# office1Router +# +######################### + +- hosts: office1Router + become: true + tasks: + + - name: enable forwarding + sysctl: + name: net.ipv4.ip_forward + value: '1' + sysctl_set: yes + state: present + reload: yes + + + - name: add default gateway netplan + blockinfile: + path: /etc/netplan/50-vagrant.yaml + insertafter: ' - 192.168.255.6/30' + block: |2 + routes: + - to: default + via: 192.168.255.5 + state: present + marker: "# {mark} DEFAULT GATEWAY BLOCK" + notify: apply netplan + + handlers: + - name: apply netplan + command: + cmd: netplan apply + +######################### +# +# office1Server +# +######################### + +- hosts: office1Server + become: true + tasks: + + - name: add default gateway netplan + blockinfile: + path: /etc/netplan/50-vagrant.yaml + insertafter: ' - 192.168.2.2/26' + block: |2 + routes: + - to: default + via: 192.168.2.1 + state: present + marker: "# {mark} DEFAULT GATEWAY BLOCK" + notify: apply netplan + + handlers: + - name: apply netplan + command: + cmd: netplan apply + +######################### +# +# office2Router +# +######################### + +- hosts: office2Router + become: true + tasks: + + - name: enable forwarding + sysctl: + name: net.ipv4.ip_forward + value: '1' + sysctl_set: yes + state: present + reload: yes + + + - name: add default gateway netplan + blockinfile: + path: /etc/netplan/50-vagrant.yaml + insertafter: ' - 192.168.255.10/30' + block: |2 + routes: + - to: default + via: 192.168.255.9 + state: present + marker: "# {mark} DEFAULT GATEWAY BLOCK" + notify: apply netplan + + handlers: + - name: apply netplan + command: + cmd: netplan apply + + +######################### +# +# office2Server +# +######################### + +- hosts: office2Server + become: true + tasks: + + - name: add default gateway netplan + blockinfile: + path: /etc/netplan/50-vagrant.yaml + insertafter: ' - 192.168.1.2/25' + block: |2 + routes: + - to: default + via: 192.168.1.1 + state: present + marker: "# {mark} DEFAULT GATEWAY BLOCK" + notify: apply netplan + + handlers: + - name: apply netplan + command: + cmd: netplan apply \ No newline at end of file