Домашнее задание 28
Архитектура сетей
Для выполнение задания используется vagrant box Ubuntu 22.04 За основу взят Vagranfile https://github.com/erlong15/otus-linux/tree/network
В оригинальный Vagranfile внесены следующие изменения
- Все VM будут на Ubuntu 22.04
- Весь provision перенесен в Ansible
Создание Vagrantfile
Зададим следующие характеристики для всех VM
- CPU - 1
- Memory - 512mb
Бедет создано 7 VM
- inetRouter
- centralRouter
- office1Router
- office2Router
- centralServer
- office1Server
- office2Server
Будут добавлены следующие сети и следующая адресация:
- inetRouter
- router-net ip 192.168.255.1/30 link to centralRouter
- centralRouter
- router-net ip 192.168.255.2/30 link to inetRouter
- router-off01-net ip 192.168.255.5/30 link to office1Router
- router-off02-net ip 192.168.255.9/30 link to office2Router
- dir-net ip 192.168.0.1/28 link to centralServer
- hw-centr-net ip 192.168.0.33/28 no link
- wifi-net ip 192.168.0.65/26 no link
- centralServer
- dir-net ip 192.168.0.2/28 link to centralRouter
- office1Router
- router-off01-net ip 192.168.255.6/30 link to centralRouter
- dev01-net ip 192.168.2.1/26 link to office1Server
- test01-srv-net ip 192.168.2.65/26 no link
- managers-net ip 192.168.2.129/26 no link
- hw01-net ip 192.168.2.193/26 no link
- office1Server
- dev01-net ip 192.168.2.2/26 link to office1Router
- office2Router
- router-off02-net ip 192.168.255.10/30 link to centralRouter
- dev02-net ip 192.168.1.1/25 link to office2Server
- test02-srv-net ip 192.168.1.129/26 no link
- hw02-net ip 192.168.1.193/26 no link
- office2Server
- dev02-net ip 192.168.1.2/25 link to office2Router
Карта сети
Готовый Vagrantfile
Cоздание ansible.yml
Сценарий для Ansible будет выполнять следующие действия:
- На всех VM (кроме inetRouter), будет отключен маршрут по умолчанию, который создает vagrant
- На inetRouter будет установлен iptables-persistent, для сохранения правил iptables
- На inetRouter будет установлен iptables-persistent, для сохранения правил iptables
- На всех VM, которые будут выполнять роль роутеров включен net.ipv4.ip_forward, для разрешения роутинга
- Добавлены маршруты:
- На centralRouter маршруты до office1 и office2
- На office1Router маршруты до умолчанию на centralRouter
- На office1Server маршруты до умолчанию на office1Router
- На office2Router маршруты до умолчанию на centralRouter
- На office2Server маршруты до умолчанию на office2Router
Готовый ansible.yml
Проверка
Запускаем vagrant
alex@ubuntu-pc:~/Документы/28$ vagrant up
Bringing machine 'inetRouter' up with 'virtualbox' provider...
Bringing machine 'centralRouter' up with 'virtualbox' provider...
Bringing machine 'centralServer' up with 'virtualbox' provider...
Bringing machine 'office1Router' up with 'virtualbox' provider...
Bringing machine 'office1Server' up with 'virtualbox' provider...
Bringing machine 'office2Router' up with 'virtualbox' provider...
Bringing machine 'office2Server' up with 'virtualbox' provider...
==> inetRouter: You assigned a static IP ending in ".1" or ":1" to this machine.
==> inetRouter: This is very often used by the router and can cause the
==> inetRouter: network to not work properly. If the network doesn't work
==> inetRouter: properly, try changing this IP.
==> inetRouter: Importing base box 'ubuntu/jammy64'...
==> inetRouter: Matching MAC address for NAT networking...
==> inetRouter: You assigned a static IP ending in ".1" or ":1" to this machine.
==> inetRouter: This is very often used by the router and can cause the
==> inetRouter: network to not work properly. If the network doesn't work
==> inetRouter: properly, try changing this IP.
==> inetRouter: Checking if box 'ubuntu/jammy64' version '20241002.0.0' is up to date...
==> inetRouter: Setting the name of the VM: 28_inetRouter_1773580566544_92349
==> inetRouter: Clearing any previously set network interfaces...
==> inetRouter: Preparing network interfaces based on configuration...
inetRouter: Adapter 1: nat
inetRouter: Adapter 2: intnet
==> inetRouter: Forwarding ports...
inetRouter: 22 (guest) => 2222 (host) (adapter 1)
==> inetRouter: Running 'pre-boot' VM customizations...
==> inetRouter: Booting VM...
==> inetRouter: Waiting for machine to boot. This may take a few minutes...
inetRouter: SSH address: 127.0.0.1:2222
inetRouter: SSH username: vagrant
...
...
TASK [Gathering Facts] *********************************************************
ok: [office2Server]
TASK [add default gateway netplan] *********************************************
changed: [office2Server]
RUNNING HANDLER [apply netplan] ************************************************
changed: [office2Server]
PLAY RECAP *********************************************************************
office2Server : ok=6 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
После запуска всех машин, поключимся к office1Server и с помощью tracepath посмотрим, по какому маршруту идут пакеты до 8.8.8.8
vagrant@office1Server:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=252 time=30.3 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=252 time=25.1 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 25.128/27.691/30.254/2.563 ms
vagrant@office1Server:~$ tracepath 8.8.8.8 -n -m 11
1?: [LOCALHOST] pmtu 1500
1: 192.168.2.1 1.031ms
1: 192.168.2.1 2.782ms
2: 192.168.255.5 1.928ms
3: 192.168.255.1 1.004ms
4: 10.0.2.2 1.419ms
5: 192.168.50.1 5.875ms asymm 4
6: 212.1.254.233 18.778ms asymm 4
7: 212.1.241.238 5.011ms asymm 4
8: 212.1.251.35 3.846ms asymm 4
9: 178.176.150.27 6.001ms asymm 4
10: no reply
11: no reply
Too many hops: pmtu 1500
Resume: pmtu 1500
Видим, что пакеты проходят office1Router -> centralRouter -> inetRouter -> other
Все готово!