Compare revisions

poulpe · poulpe · b5764c33 · a6893d83 · b5764c33 · b5764c33
--- a/Config_H1_Ping_H2.yml
+++ b/Config_H1_Ping_H2.yml
@@ -3,11 +3,12 @@
  hosts: all
  become: true
  tasks:    
+# Load all variables in the playbook
    - name: Load the variables
      include_vars: variables.yml
    - name: Rename hosts
      command: hostnamectl set-hostname {{ inventory_hostname }}
-
+# For all host we config network interfaces
 - name: Setup network for Hosts
  hosts: hotes
  become: yes
@@ -25,26 +26,41 @@
      state: restarted
      enabled: yes

+# For all routers we config network interfaces
 - name: Setup network for Routers
  hosts: routeurs
  become: yes
  tasks:
-    - name: "Create file interface in interfaces.d"
-      ansible.builtin.template:
-        src: ./templates/router_config_template.j2
-        dest: /etc/network/interfaces.d/interfaces_playbook.conf
-        mode: 0640
-      notify: Restart network
    - name: "Set ip_forwarding to 1"
      ansible.posix.sysctl:
        name: net.ipv4.ip_forward
        value: '1'
        sysctl_set: true
        state: present
+    - name: "Create file interface in interfaces.d"
+      ansible.builtin.template:
+        src: ./templates/router_config_template.j2
+        dest: /etc/network/interfaces.d/interfaces_playbook.conf
+        mode: 0640
+      notify: Restart network
+
  handlers:
-  - name: Restart network
-    ansible.builtin.service:
-      name: networking
-      state: restarted
-      enabled: yes
+    - name: Restart network
+      ansible.builtin.service:
+        name: networking
+        state: restarted
+        enabled: yes
+
+# make the test
+- name: Display ping value
+  hosts: H1
+  become: yes
+  tasks:
+    - name: Ping form H1 to H2
+      ansible.builtin.shell: "ping 3.0.0.2 -c 1"
+      register: result
+    
+    - name: Print result
+      debug:
+        msg: "{{ result.stdout_lines }}"
 ...
\ No newline at end of file
--- a/Config_Playbook.yml
+++ b/Config_Playbook.yml
---
- name: Configuration et démarrage des interfaces réseau
-  hosts: all
-  become: true
-  tasks:
-    - name: Load the variables
-      include_vars: variables.yml
-
-    - name: Rename hosts
-      command: hostnamectl set-hostname {{ inventory_hostname }}
-    
- name: Setup network for Hosts
-  hosts: hotes
-  become: yes
-  tasks:
-    - name: "Create file interface in interfaces.d"
-      ansible.builtin.template:
-        src: ./templates/host_config_template.j2
-        dest: /etc/network/interfaces.d/interfaces_playbook.conf
-        mode: 0640
-
- name: Setup network for Routers
-  hosts: routeurs
-  become: yes
-  tasks:
-    - name: "Create file interface in interfaces.d"
-      ansible.builtin.template:
-        src: ./templates/router_config_template.j2
-        dest: /etc/network/interfaces.d/interfaces_playbook.conf
-        mode: 0640
-    - name: "Set ip_forwarding to 1"
-      ansible.posix.sysctl:
-        name: net.ipv4.ip_forward
-        value: '1'
-        sysctl_set: true
-        state: present
-
- name: Configuration et démarrage des interfaces réseau
-  hosts: all
-  become: true
-  tasks:
-    - name: start network
-      service:
-        name: networking
-        state: restarted
-        enabled: yes
-...
\ No newline at end of file
--- a/Config_Wireguard.yml
+++ b/Config_Wireguard.yml
@@ -4,6 +4,7 @@
  hosts: all
  become: true
  
+  # Load all variables in the playbook
  tasks:
    - name: Load the variables
      include_vars: variables.yml
@@ -14,6 +15,7 @@
    - name: Rename hosts
      command: hostnamectl set-hostname {{ inventory_hostname }}
    
+# For all host we config network interfaces
 - name: Setup network for Hosts
  hosts: hotes
  become: yes
@@ -31,6 +33,7 @@
        state: restarted
        enabled: yes

+# For all routers we config network interfaces
 - name: Setup network for Routers
  hosts: routeurs
  become: yes
@@ -54,6 +57,7 @@
        state: restarted
        enabled: yes

+# Install somes program on host so install route for internet and install program and finally remove route
 - name: Install all needed program
  hosts: hotes
  become: true
@@ -61,14 +65,12 @@
    - name: Give internet to host
      ansible.builtin.shell:
        cmd: "ip r add default nexthop via 10.0.2.2"
-      # check_mode: yes
      
    - name: Install update for install other programs
      ansible.builtin.apt:
        cache_valid_time: 86400
        upgrade: yes
        update_cache: yes
-      # check_mode: yes

    - name: Install nginx
      ansible.builtin.apt:
@@ -83,6 +85,7 @@
      ansible.builtin.shell:
        cmd: "ip r del default"
        
+# Push in the web server the config for wireguard, nginx and the HTML for web index
 - name: Setup index.html on H2
  hosts: H2
  become: true
@@ -118,6 +121,7 @@
        state: restarted
        enabled: yes

+# Setup the wireguard tunnel for H1 and make all the tests
 - name: Setup wireguard on H1
  hosts: H1
  become: true
@@ -127,16 +131,10 @@
        src: ./templates/wireguard_config_template_H1.j2
        dest: /etc/wireguard/wg0.conf
        mode: 0640
-      notify: wg-quick
-
-  handlers:
-      - name: wg-quick
-        ansible.builtin.shell:
-          cmd: "wg-quick up wg0 2>/dev/null"

- name: Test connectivity from H1 to H2
-  hosts: H1
-  tasks:
+    - name: wg-quick
+      ansible.builtin.shell:
+        cmd: "wg-quick up wg0 2>/dev/null"

    - name: Ping form H1 to H2
      ansible.builtin.shell: "ping 3.0.0.2 -c 1"

--- a/Create_WG_Keys.sh
+++ b/Create_WG_Keys.sh
 #!/bin/bash

-# Create Key for H2
+# Create Key for H2 ans save to pubkey_H1, privkey_H1
 wg genkey > privkey_H2
 wg pubkey < privkey_H2 > pubkey_H2
 cat pubkey_H2 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output pubkey_H2
 cat privkey_H2 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output privkey_H2

-# Create Key for H1
+# Create Key for H1 ans save to pubkey_H1, privkey_H1
 wg genkey > privkey_H1
 wg pubkey < privkey_H1 > pubkey_H1
 cat pubkey_H1 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output pubkey_H1
 cat privkey_H1 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output privkey_H1


-# echo "H2:" > keys.yml
+# Create H2 keys in keys.yml
 echo "---" > keys.yml
 echo "keys:" >> keys.yml
 echo "  H2PRIV: $(cat privkey_H2 )" >> keys.yml
 echo "  H2PUB: $(cat pubkey_H2 )" >> keys.yml
-# echo "H1:" >> keys.yml
+# Create H1 keys in keys.yml
 echo "  H1PRIV: $(cat privkey_H1 )" >> keys.yml
 echo "  H1PUB: $(cat pubkey_H1 )" >> keys.yml
\ No newline at end of file
--- a/nft.sh
+++ b/nft.sh
-#!/usr/sbin/nft -f
-
-table ip filter {
-	chain FORWARD {
-		type filter hook forward priority 0; policy accept;
-		iifname "wg0" counter accept
-	}
-
-	chain POSTROUTING {
-		type filter hook postrouting priority 0; policy accept;
-        oifname "eth0" counter masquerade
-	}
-}
--- a/res
+++ b/res
-!vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          34323537383365663838666331323431393337303565396339353930333239666636363036383362
-          6664653063393737353638303964616639336264373931350a626635376437636136666231303930
-          61313438346230373835616563323433633534343934393131613161353337656163643930626366
-          6261303163613732370a366636353564393036643264376135616166646166663438636436663462
-          36653865326135646362323166616332343363323461303831386331616662313363653831666664
-          3764666134353061313162336364396633353739333234373630
\ No newline at end of file
No results found