######################### # # All host # ######################### - hosts: all become: true tasks: - name: change enp0s3 conf, disable default route copy: dest: /etc/netplan/50-cloud-init.yaml content: | network: ethernets: enp0s3: dhcp4: true dhcp4-overrides: use-routes: false version: 2 force: yes when: ansible_hostname != 'inetRouter' notify: apply netplan handlers: - name: apply netplan command: cmd: netplan apply when: ansible_hostname != 'inetRouter' ######################### # # inetRouter # ######################### - hosts: inetRouter become: true tasks: - name: update apt: update_cache: yes - name: install iptables-persistent apt: name: iptables-persistent state: present update_cache: yes - name: enable forwarding sysctl: name: net.ipv4.ip_forward value: '1' sysctl_set: yes state: present reload: yes - name: add route all office netplan blockinfile: path: /etc/netplan/50-vagrant.yaml insertafter: ' - 192.168.255.1/30' block: |2 routes: - to: 192.168.0.0/16 via: 192.168.255.2 state: present marker: "# {mark} ROUTE ALL OFFICE BLOCK" notify: apply netplan - name: remove all rules NAT iptables: table: nat flush: true - name: add nat rule iptables: table: nat chain: POSTROUTING out_interface: enp0s3 destination: '! 192.168.0.0/16' jump: MASQUERADE state: present - name: save iptables rules shell: cmd: iptables-save > /etc/iptables/rules.v4 handlers: - name: apply netplan command: cmd: netplan apply ######################### # # centralRouter # ######################### - hosts: centralRouter become: true tasks: - name: enable forwarding sysctl: name: net.ipv4.ip_forward value: '1' sysctl_set: yes state: present reload: yes - name: add default gateway netplan blockinfile: path: /etc/netplan/50-vagrant.yaml insertafter: ' - 192.168.255.2/30' block: |2 routes: - to: default via: 192.168.255.1 state: present marker: "# {mark} DEFAULT GATEWAY BLOCK" notify: apply netplan - name: add routes office 1 netplan blockinfile: path: /etc/netplan/50-vagrant.yaml insertafter: ' - 192.168.255.5/30' block: |2 routes: - to: 192.168.2.0/24 via: 192.168.255.6 state: present marker: "# {mark} ROUTE OFFICE 1 BLOCK" notify: apply netplan - name: add routes office 2 netplan blockinfile: path: /etc/netplan/50-vagrant.yaml insertafter: ' - 192.168.255.9/30' block: |2 routes: - to: 192.168.1.0/24 via: 192.168.255.10 state: present marker: "# {mark} ROUTE OFFICE 2 BLOCK" notify: apply netplan handlers: - name: apply netplan command: cmd: netplan apply ######################### # # centralServer # ######################### - hosts: centralServer become: true tasks: - name: add default gateway netplan blockinfile: path: /etc/netplan/50-vagrant.yaml insertafter: ' - 192.168.0.2/28' block: |2 routes: - to: default via: 192.168.0.1 state: present marker: "# {mark} DEFAULT GATEWAY BLOCK" notify: apply netplan handlers: - name: apply netplan command: cmd: netplan apply ######################### # # office1Router # ######################### - hosts: office1Router become: true tasks: - name: enable forwarding sysctl: name: net.ipv4.ip_forward value: '1' sysctl_set: yes state: present reload: yes - name: add default gateway netplan blockinfile: path: /etc/netplan/50-vagrant.yaml insertafter: ' - 192.168.255.6/30' block: |2 routes: - to: default via: 192.168.255.5 state: present marker: "# {mark} DEFAULT GATEWAY BLOCK" notify: apply netplan handlers: - name: apply netplan command: cmd: netplan apply ######################### # # office1Server # ######################### - hosts: office1Server become: true tasks: - name: add default gateway netplan blockinfile: path: /etc/netplan/50-vagrant.yaml insertafter: ' - 192.168.2.2/26' block: |2 routes: - to: default via: 192.168.2.1 state: present marker: "# {mark} DEFAULT GATEWAY BLOCK" notify: apply netplan handlers: - name: apply netplan command: cmd: netplan apply ######################### # # office2Router # ######################### - hosts: office2Router become: true tasks: - name: enable forwarding sysctl: name: net.ipv4.ip_forward value: '1' sysctl_set: yes state: present reload: yes - name: add default gateway netplan blockinfile: path: /etc/netplan/50-vagrant.yaml insertafter: ' - 192.168.255.10/30' block: |2 routes: - to: default via: 192.168.255.9 state: present marker: "# {mark} DEFAULT GATEWAY BLOCK" notify: apply netplan handlers: - name: apply netplan command: cmd: netplan apply ######################### # # office2Server # ######################### - hosts: office2Server become: true tasks: - name: add default gateway netplan blockinfile: path: /etc/netplan/50-vagrant.yaml insertafter: ' - 192.168.1.2/25' block: |2 routes: - to: default via: 192.168.1.1 state: present marker: "# {mark} DEFAULT GATEWAY BLOCK" notify: apply netplan handlers: - name: apply netplan command: cmd: netplan apply