playbook_provision_backbone: configure backbone for ffl-ans-gw-core01
parent
e9e0b07230
commit
8d4fc76a81
|
@ -28,4 +28,7 @@ area 0.0.0.0 {
|
|||
interface wg0 {
|
||||
type p2p
|
||||
}
|
||||
interface wg2 {
|
||||
type p2p
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
# allow incoming udp packets for wg2
|
||||
pass in proto udp from any to self port 51822
|
||||
|
||||
# allow ospf on wg2
|
||||
pass on wg2 proto ospf
|
||||
|
||||
# allow prometheus on wg2
|
||||
pass on wg2 proto tcp from any to self port 9100
|
|
@ -2,26 +2,32 @@
|
|||
- name: configure tunnel on eae-adp-jump01
|
||||
hosts: eae-adp-jump01
|
||||
tasks:
|
||||
- name: create wg0 interface file
|
||||
- name: create wgX interface files
|
||||
template:
|
||||
src: templates/hostname.wg0
|
||||
dest: /etc/hostname.wg0
|
||||
src: "{{ item }}"
|
||||
dest: /etc/
|
||||
mode: 0600
|
||||
with_fileglob:
|
||||
- "templates/hostname.wg*"
|
||||
notify:
|
||||
- reload interfaces
|
||||
|
||||
- name: create pf.wg0.conf file
|
||||
- name: create pf.wgX.conf files
|
||||
copy:
|
||||
src: files/pf.wg0.conf
|
||||
dest: /etc/pf.wg0.conf
|
||||
src: "{{ item }}"
|
||||
dest: /etc/
|
||||
mode: 0600
|
||||
with_fileglob:
|
||||
- "files/pf.wg*.conf"
|
||||
notify:
|
||||
- reload firewall
|
||||
|
||||
- name: include pf.wg0.conf in pf.include.conf
|
||||
- name: include pf.wgX.conf in pf.include.conf
|
||||
lineinfile:
|
||||
path: /etc/pf.include.conf
|
||||
line: 'include "/etc/pf.wg0.conf"'
|
||||
line: 'include "/etc/{{ item | basename }}"'
|
||||
with_fileglob:
|
||||
- "files/pf.wg*.conf"
|
||||
notify:
|
||||
- reload firewall
|
||||
|
||||
|
@ -50,4 +56,4 @@
|
|||
- name: restart ospfd
|
||||
service:
|
||||
name: ospfd
|
||||
state: restart
|
||||
state: restarted
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
inet 10.85.254.0/31
|
||||
mtu 1350
|
||||
wgport 51820
|
||||
wgkey {{ lookup('passwordstore', 'wg/wg2/eae-adp-jump01') }}
|
||||
wgpeer {{ lookup('passwordstore', 'wg/wg2/ffl-ans-gw-core01.pub') }} wgpsk {{ lookup('passwordstore', 'wg/wg2/psk') }} wgaip 0.0.0.0/0
|
Loading…
Reference in New Issue