alex/homework28
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Добавить ansible.yml

Browse Source
This commit is contained in:
alex
2026-03-15 18:07:56 +03:00
commit baf8bc2d3d
1 changed files with 312 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

312
ansible.yml Normal file
View File

@@ -0,0 +1,312 @@
#########################
#
# All host
#
#########################
- hosts: all
become: true
tasks:
- name: change enp0s3 conf, disable default route
copy:
dest: /etc/netplan/50-cloud-init.yaml
content: |
network:
ethernets:
enp0s3:
dhcp4: true
dhcp4-overrides:
use-routes: false
version: 2
force: yes
when: ansible_hostname != 'inetRouter'
notify: apply netplan
handlers:
- name: apply netplan
command:
cmd: netplan apply
when: ansible_hostname != 'inetRouter'
#########################
#
# inetRouter
#
#########################
- hosts: inetRouter
become: true
tasks:
- name: update
apt:
update_cache: yes
- name: install iptables-persistent
apt:
name: iptables-persistent
state: present
update_cache: yes
- name: enable forwarding
sysctl:
name: net.ipv4.ip_forward
value: '1'
sysctl_set: yes
state: present
reload: yes
- name: add route all office netplan
blockinfile:
path: /etc/netplan/50-vagrant.yaml
insertafter: ' - 192.168.255.1/30'
block: |2
routes:
- to: 192.168.0.0/16
via: 192.168.255.2
state: present
marker: "# {mark} ROUTE ALL OFFICE BLOCK"
notify: apply netplan
- name: remove all rules NAT
iptables:
table: nat
flush: true
- name: add nat rule
iptables:
table: nat
chain: POSTROUTING
out_interface: enp0s3
destination: '! 192.168.0.0/16'
jump: MASQUERADE
state: present
- name: save iptables rules
shell:
cmd: iptables-save > /etc/iptables/rules.v4
handlers:
- name: apply netplan
command:
cmd: netplan apply
#########################
#
# centralRouter
#
#########################
- hosts: centralRouter
become: true
tasks:
- name: enable forwarding
sysctl:
name: net.ipv4.ip_forward
value: '1'
sysctl_set: yes
state: present
reload: yes
- name: add default gateway netplan
blockinfile:
path: /etc/netplan/50-vagrant.yaml
insertafter: ' - 192.168.255.2/30'
block: |2
routes:
- to: default
via: 192.168.255.1
state: present
marker: "# {mark} DEFAULT GATEWAY BLOCK"
notify: apply netplan
- name: add routes office 1 netplan
blockinfile:
path: /etc/netplan/50-vagrant.yaml
insertafter: ' - 192.168.255.5/30'
block: |2
routes:
- to: 192.168.2.0/24
via: 192.168.255.6
state: present
marker: "# {mark} ROUTE OFFICE 1 BLOCK"
notify: apply netplan
- name: add routes office 2 netplan
blockinfile:
path: /etc/netplan/50-vagrant.yaml
insertafter: ' - 192.168.255.9/30'
block: |2
routes:
- to: 192.168.1.0/24
via: 192.168.255.10
state: present
marker: "# {mark} ROUTE OFFICE 2 BLOCK"
notify: apply netplan
handlers:
- name: apply netplan
command:
cmd: netplan apply
#########################
#
# centralServer
#
#########################
- hosts: centralServer
become: true
tasks:
- name: add default gateway netplan
blockinfile:
path: /etc/netplan/50-vagrant.yaml
insertafter: ' - 192.168.0.2/28'
block: |2
routes:
- to: default
via: 192.168.0.1
state: present
marker: "# {mark} DEFAULT GATEWAY BLOCK"
notify: apply netplan
handlers:
- name: apply netplan
command:
cmd: netplan apply
#########################
#
# office1Router
#
#########################
- hosts: office1Router
become: true
tasks:
- name: enable forwarding
sysctl:
name: net.ipv4.ip_forward
value: '1'
sysctl_set: yes
state: present
reload: yes
- name: add default gateway netplan
blockinfile:
path: /etc/netplan/50-vagrant.yaml
insertafter: ' - 192.168.255.6/30'
block: |2
routes:
- to: default
via: 192.168.255.5
state: present
marker: "# {mark} DEFAULT GATEWAY BLOCK"
notify: apply netplan
handlers:
- name: apply netplan
command:
cmd: netplan apply
#########################
#
# office1Server
#
#########################
- hosts: office1Server
become: true
tasks:
- name: add default gateway netplan
blockinfile:
path: /etc/netplan/50-vagrant.yaml
insertafter: ' - 192.168.2.2/26'
block: |2
routes:
- to: default
via: 192.168.2.1
state: present
marker: "# {mark} DEFAULT GATEWAY BLOCK"
notify: apply netplan
handlers:
- name: apply netplan
command:
cmd: netplan apply
#########################
#
# office2Router
#
#########################
- hosts: office2Router
become: true
tasks:
- name: enable forwarding
sysctl:
name: net.ipv4.ip_forward
value: '1'
sysctl_set: yes
state: present
reload: yes
- name: add default gateway netplan
blockinfile:
path: /etc/netplan/50-vagrant.yaml
insertafter: ' - 192.168.255.10/30'
block: |2
routes:
- to: default
via: 192.168.255.9
state: present
marker: "# {mark} DEFAULT GATEWAY BLOCK"
notify: apply netplan
handlers:
- name: apply netplan
command:
cmd: netplan apply
#########################
#
# office2Server
#
#########################
- hosts: office2Server
become: true
tasks:
- name: add default gateway netplan
blockinfile:
path: /etc/netplan/50-vagrant.yaml
insertafter: ' - 192.168.1.2/25'
block: |2
routes:
- to: default
via: 192.168.1.1
state: present
marker: "# {mark} DEFAULT GATEWAY BLOCK"
notify: apply netplan
handlers:
- name: apply netplan
command:
cmd: netplan apply