playbook_provision_backbone: configure backbone for ffl-ans-gw-core01
parent
e9e0b07230
commit
8d4fc76a81
|
@ -28,4 +28,7 @@ area 0.0.0.0 {
|
||||||
interface wg0 {
|
interface wg0 {
|
||||||
type p2p
|
type p2p
|
||||||
}
|
}
|
||||||
|
interface wg2 {
|
||||||
|
type p2p
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
# allow incoming udp packets for wg2
|
||||||
|
pass in proto udp from any to self port 51822
|
||||||
|
|
||||||
|
# allow ospf on wg2
|
||||||
|
pass on wg2 proto ospf
|
||||||
|
|
||||||
|
# allow prometheus on wg2
|
||||||
|
pass on wg2 proto tcp from any to self port 9100
|
|
@ -2,26 +2,32 @@
|
||||||
- name: configure tunnel on eae-adp-jump01
|
- name: configure tunnel on eae-adp-jump01
|
||||||
hosts: eae-adp-jump01
|
hosts: eae-adp-jump01
|
||||||
tasks:
|
tasks:
|
||||||
- name: create wg0 interface file
|
- name: create wgX interface files
|
||||||
template:
|
template:
|
||||||
src: templates/hostname.wg0
|
src: "{{ item }}"
|
||||||
dest: /etc/hostname.wg0
|
dest: /etc/
|
||||||
mode: 0600
|
mode: 0600
|
||||||
|
with_fileglob:
|
||||||
|
- "templates/hostname.wg*"
|
||||||
notify:
|
notify:
|
||||||
- reload interfaces
|
- reload interfaces
|
||||||
|
|
||||||
- name: create pf.wg0.conf file
|
- name: create pf.wgX.conf files
|
||||||
copy:
|
copy:
|
||||||
src: files/pf.wg0.conf
|
src: "{{ item }}"
|
||||||
dest: /etc/pf.wg0.conf
|
dest: /etc/
|
||||||
mode: 0600
|
mode: 0600
|
||||||
|
with_fileglob:
|
||||||
|
- "files/pf.wg*.conf"
|
||||||
notify:
|
notify:
|
||||||
- reload firewall
|
- reload firewall
|
||||||
|
|
||||||
- name: include pf.wg0.conf in pf.include.conf
|
- name: include pf.wgX.conf in pf.include.conf
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/pf.include.conf
|
path: /etc/pf.include.conf
|
||||||
line: 'include "/etc/pf.wg0.conf"'
|
line: 'include "/etc/{{ item | basename }}"'
|
||||||
|
with_fileglob:
|
||||||
|
- "files/pf.wg*.conf"
|
||||||
notify:
|
notify:
|
||||||
- reload firewall
|
- reload firewall
|
||||||
|
|
||||||
|
@ -50,4 +56,4 @@
|
||||||
- name: restart ospfd
|
- name: restart ospfd
|
||||||
service:
|
service:
|
||||||
name: ospfd
|
name: ospfd
|
||||||
state: restart
|
state: restarted
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
inet 10.85.254.0/31
|
||||||
|
mtu 1350
|
||||||
|
wgport 51820
|
||||||
|
wgkey {{ lookup('passwordstore', 'wg/wg2/eae-adp-jump01') }}
|
||||||
|
wgpeer {{ lookup('passwordstore', 'wg/wg2/ffl-ans-gw-core01.pub') }} wgpsk {{ lookup('passwordstore', 'wg/wg2/psk') }} wgaip 0.0.0.0/0
|
Loading…
Reference in New Issue