diff --git a/README.md b/README.md index 027f58db5b0fbfd43ad835a7c7cbab278ea8f291..c1781bf06d8bc0a49da6a29a0af0822917a03259 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ # TP 3 : Ansible Inès MAYA ## Fonctionnement -cmd : ansible-playbook -i inv.yml ansible.yml \ No newline at end of file +cmd : ansible-playbook -i inventory.yml ansible.yml \ No newline at end of file diff --git a/ansible.yml b/ansible.yml index cc524fc7a8ee902be01e115f1602965e1390a329..de0a2df81d52d8221960afc14a8f34e652847182 100644 --- a/ansible.yml +++ b/ansible.yml @@ -4,44 +4,52 @@ interfaces: H1: eth0: - address: 192.168.1.10 + address: 1.0.0.3 netmask: 255.255.255.0 - gateway: 192.168.1.1 + subnet: 3.0.0.0/24 + nexthop: 1.0.0.1 H2: eth0: - address: 192.168.2.10 + address: 3.0.0.3 netmask: 255.255.255.0 - gateway: 192.168.2.1 + subnet: 1.0.0.0/24 + nexthop: 3.0.0.2 R1: eth0: - address: 192.168.1.1 + address: 2.0.0.1 netmask: 255.255.255.0 eth1: - address: 10.0.0.1 + address: 1.0.0.1 netmask: 255.255.255.0 + subnet: 3.0.0.0/24 + nexthop: 2.0.0.2 R2: eth0: - address: 192.168.2.1 + address: 2.0.0.2 netmask: 255.255.255.0 eth1: - address: 10.0.0.2 + address: 3.0.0.2 netmask: 255.255.255.0 + subnet: 1.0.0.0/24 + nexthop: 2.0.0.1 tasks: - - name: Restart interfaces hostss" + - name: Print result + debug: + msg: "{{ interfaces[inventory_hostname] }}" + - name: Restart interfaces routeurs template: - src: interfaces.j2 - dest: /etc/network/interfaces.d/{{ item.key }}-{{ item.value.key }} - loop: "{{ interfaces | dict2items | subelements('value') }}" + src: templates/r_interfaces.j2 + dest: /etc/network/interfaces.d/int + when: inventory_hostname in groups['routeurs'] notify: restart networking - - name: Configurer les routes statiques pour H1 et H2 - lineinfile: - path: /etc/network/interfaces.d/{{ item }}-eth0 - line: " post-up route add default gw {{ interfaces[item].eth0.gateway }}" - loop: - - H1 - - H2 + - name: Restart interfaces hosts + template: + src: templates/h_interfaces.j2 + dest: /etc/network/interfaces.d/int + when: inventory_hostname in groups['hotes'] + notify: restart networking handlers: - name: restart networking diff --git a/hosts b/hosts deleted file mode 100644 index 5e5dd4e64c8ba833029c7fee63ae62312a2a1034..0000000000000000000000000000000000000000 --- a/hosts +++ /dev/null @@ -1,7 +0,0 @@ -[py3-hosts] -H1 -R1 -H2 - -[py3-hosts:vars] -ansible_python_interpreter=/usr/bin/python3 \ No newline at end of file diff --git a/interfaces.j2 b/interfaces.j2 deleted file mode 100644 index cf0fc5b35b1a42412e319470b55ecf44ea656835..0000000000000000000000000000000000000000 --- a/interfaces.j2 +++ /dev/null @@ -1,20 +0,0 @@ -# Loop over all the variables that start with inventory_hostname followed by "_ifname" (e.g., H1_ifname, R1_ifname1, etc.) -{% for var in vars if var.startswith(inventory_hostname + '_ifname') %} - -# Get the interface name from the variable value (e.g., eth0, eth1, etc.) -iface {{ vars[var] }} inet static - -# Get the IP address from another variable that has the same suffix as the current variable (e.g., H1_ipaddr, R1_ipaddr1, etc.) -address {{ vars[inventory_hostname + '_ipaddr' + var[-1]] }} - -# If the host belongs to the hosts group, add a default gateway from another variable that has the same suffix as well (e.g., H1_gwaddr, H2_gwaddr, etc.) -{% if inventory_hostname in groups['hosts'] %} -gateway {{ vars[inventory_hostname + '_gwaddr' + var[-1]] }} -{% endif %} - -# If the host belongs to the routers group, add a static route to reach the other subnet via another variable that has an incremented suffix (e.g., R1_ipaddr2, R2_ipaddr2, etc.) -{% if inventory_hostname in groups['routers'] %} -post-up ip route add {{ '192.168.' + ('10' if '20' in vars[inventory_hostname + '_ipaddr' + var[-1]] else '20') + '.0/24' }} via {{ vars[inventory_hostname + '_ipaddr' + str(int(var[-1]) + 1)] }} -{% endif %} - -{% endfor %} \ No newline at end of file diff --git a/inv.yml b/inv.yml deleted file mode 100644 index f46b81aa3bffef5745016d271979783c9cbded1a..0000000000000000000000000000000000000000 --- a/inv.yml +++ /dev/null @@ -1,4 +0,0 @@ -H1 -H2 -R1 -R1 diff --git a/inventory.ini b/inventory.ini deleted file mode 100644 index 2aca600c97ac8781fac28c3df27f4493a62cb58e..0000000000000000000000000000000000000000 --- a/inventory.ini +++ /dev/null @@ -1,7 +0,0 @@ -[routers] -R1 -R2 - -[hosts] -H1 -H2 \ No newline at end of file diff --git a/inventory.yml b/inventory.yml new file mode 100644 index 0000000000000000000000000000000000000000..ecb709bd151a605fb71e2c04de1774f9fe4578c8 --- /dev/null +++ b/inventory.yml @@ -0,0 +1,7 @@ +[hotes] +H1 +H2 + +[routeurs] +R1 +R2 \ No newline at end of file diff --git a/templates/h_interfaces.j2 b/templates/h_interfaces.j2 new file mode 100644 index 0000000000000000000000000000000000000000..3397c77663403054e37b72c4314f18eb4db6f889 --- /dev/null +++ b/templates/h_interfaces.j2 @@ -0,0 +1,5 @@ +auto eth0 +iface eth0 inet static + address {{ interfaces[inventory_hostname].eth0.address }} + netmask {{ interfaces[inventory_hostname].eth0.netmask }} + post-up ip route add {{ interfaces[inventory_hostname].subnet }} nexthop via {{ interfaces[inventory_hostname].nexthop }} diff --git a/templates/interfaces.j2 b/templates/interfaces.j2 index 5e469405f60651d42069408c17c04e666121fa53..058af614f3c2264769e98c8a043b84d5d7b612e0 100644 --- a/templates/interfaces.j2 +++ b/templates/interfaces.j2 @@ -1,8 +1,19 @@ -# templates/interfaces.j2 -auto {{ item.value.key }} -iface {{ item.value.key }} inet static - address {{ item.value.value.address }} - netmask {{ item.value.value.netmask }} -{% if item.value.value.gateway is defined %} - gateway {{ item.value.value.gateway }} -{% endif %} \ No newline at end of file +{% for host in groups['routers'] + groups['hosts'] %} +auto {{ hostvars[host]['ifnameB'] }} +iface {{ hostvars[host]['ifnameB'] }} inet static + address {{ hostvars[host]['ipB'] }} + netmask {{ hostvars['all']['netmask'] }} +{% if host in groups['routers'] %} +auto {{ hostvars[host]['ifnameA'] }} +iface {{ hostvars[host]['ifnameA'] }} inet static + address {{ hostvars[host]['ipA'] }} + netmask {{ hostvars['all']['netmask'] }} + post-up ip route add {{ hostvars[host]['subnet'] }} nexthop via {{ hostvars[host]['nexthop'] }} +{% else %} +auto {{ hostvars[host]['ifnameA'] }} +iface {{ hostvars[host]['ifnameA'] }} inet static + address {{ hostvars[host]['ip'] }} + netmask {{ hostvars['all']['netmask'] }} + post-up ip route add default via {{ hostvars[host]['gateway'] }} +{% endif %} +{% endfor %} \ No newline at end of file diff --git a/templates/r_interfaces.j2 b/templates/r_interfaces.j2 new file mode 100644 index 0000000000000000000000000000000000000000..81caa4363fcb8cd42627e773e8f016a0282ea168 --- /dev/null +++ b/templates/r_interfaces.j2 @@ -0,0 +1,10 @@ +auto eth0 +iface eth0 inet static + address {{ interfaces[inventory_hostname].eth0.address }} + netmask {{ interfaces[inventory_hostname].eth0.netmask }} + +auto eth1 +iface eth1 inet static + address {{ interfaces[inventory_hostname].eth1.address }} + netmask {{ interfaces[inventory_hostname].eth1.netmask }} + post-up ip route add {{ interfaces[inventory_hostname].subnet }} nexthop via {{ interfaces[inventory_hostname].nexthop }} diff --git a/tp - notes/corr.sh b/tp - notes/corr.sh new file mode 100644 index 0000000000000000000000000000000000000000..be029d3242eafc6e841486161a5430abe8db10a3 --- /dev/null +++ b/tp - notes/corr.sh @@ -0,0 +1,65 @@ +# H1 +ssh H1 hostaname H1 +ssh H1 ip addr dd 1.0.0.3/24 dev eth0 # rajout l'ip au devuce eth0 a l'interface de H1 +ssh H1 ip link set up eth0 + +# R1 +ssh R1 hostaname R1 +ssh R1 ip addr dd 1.0.0.1/24 dev eth1 +ssh R1 ip addr dd 2.0.0.1/24 dev eth0 + +ssh R1 ip link set up eth0 +ssh R1 ip link set up eth1 + +# H2 +ssh H2 hostaname H2 +ssh H2 ip addr dd 3.0.0.3/24 dev eth0 # rajout l'ip au devuce eth0 a l'interface de H1 +ssh H2 ip link set up eth0 + +# R2 +ssh R2 hostaname R2 +ssh R2 ip addr dd 2.0.0.2/24 dev eth1 +ssh R2 ip addr dd 3.0.0.2/24 dev eth0 + +ssh R2 ip link set up eth0 +ssh R2 ip link set up eth1 + +# validation +ssh H1 ping -c 2 1.0.0.1 +ssh R1 ping -c 2 2.0.0.2 +ssh R2 ping -c 2 3.0.0.3 + +##### Routage + +# configuration des routeurs + +ssh R1 ip route add 3.0.0.0/24 via 2.0.0.2 +ssh R1 ip route + +ssh R2 ip route add 1.0.0.0/24 via 2.0.0.1 +ssh R2 ip route + +# coNfiguration des hôtes + +ssh H1 ip route add default via 1.0.0.1 +ssh H2 ip route add default via 3.0.0.2 + +# wireguard + +# route par default vers interenet +apt update +apt install wireguard-tools + +ssh H1 wg genkey | tee private.key | wg pubkey > public.key +ssh H1 ip link add wg0 type wireguard +ssh H1 ip add addr 10.0.0.1/24 dev wg0 +ssh H1 ip link set up dev wg0 +ssh H1 wg set wg0 private-key ./private.key +ssh H1 wg set wg0 peer <public_key H2> allowed-up 10.0.0.2/32 endpoint 3.0.0.3:51820 # 10.0.0.1 POUR h2 + +ssh H1 wg genkey | tee private.key | wg pubkey > public.key +ssh H1 ip link add wg0 type wireguard +ssh H1 ip add addr 10.0.0.1/24 dev wg0 +ssh H1 ip link set up dev wg0 +ssh H1 wg set wg0 private-key ./private.key +ssh H1 wg set wg0 peer <public_key H2> allowed-up 10.0.0.1 \ No newline at end of file diff --git a/tp - notes/eth0 b/tp - notes/eth0 new file mode 100644 index 0000000000000000000000000000000000000000..3f98f56d0b2f0af1dcbad111169c02653523071a --- /dev/null +++ b/tp - notes/eth0 @@ -0,0 +1,3 @@ +auto eth0 +iface eth0 inet static + address 2.0.0.1/24 \ No newline at end of file diff --git a/tp - notes/eth1 b/tp - notes/eth1 new file mode 100644 index 0000000000000000000000000000000000000000..91d9ef789a126af3eb61584084f55d07b0925069 --- /dev/null +++ b/tp - notes/eth1 @@ -0,0 +1,4 @@ +auto eth1 +iface eth1 inet static + address 1.0.0.1/24 + post-ip ip route add 3.0.0.0/24 \ No newline at end of file diff --git a/v2.yml b/v2.yml deleted file mode 100644 index 99a89d58504b3afa39e69cf82343c9d6167535cc..0000000000000000000000000000000000000000 --- a/v2.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- -- name: Configure network interfaces - hosts: all - become: true - - vars: - # Interface configuration - h1_eth0: - ip_address: "192.168.1.1" - netmask: "255.255.255.0" - gateway: "192.168.1.254" - h2_eth0: - ip_address: "192.168.2.1" - netmask: "255.255.255.0" - gateway: "192.168.2.254" - r1_eth0: - ip_address: "192.168.1.254" - netmask: "255.255.255.0" - r1_eth1: - ip_address: "192.168.3.1" - netmask: "255.255.255.0" - gateway: "192.168.3.254" - r2_eth0: - ip_address: "192.168.2.254" - netmask: "255.255.255.0" - r2_eth1: - ip_address: "192.168.3.254" - netmask: "255.255.255.0" - - tasks: - # Configure H1 interface - - name: Configure H1 interface - template: - src: interfaces.j2 - dest: /etc/network/interfaces.d/eth0.cfg - vars: - ifname: "eth0" - iface: "iface {{ ifname }} inet static" - address: "{{ h1_eth0.ip_address }}" - netmask: "{{ h1_eth0.netmask }}" - gateway: "{{ h1_eth0.gateway }}" - when: inventory_hostname == "H1" - # notify: restart networking - - # Configure H2 interface - - name: Configure H2 interface - template: - src: interfaces.j2 - dest: /etc/network/interfaces.d/eth0.cfg - vars: - ifname: "eth0" - iface: "iface {{ ifname }} inet static" - address: "{{ h2_eth0.ip_address }}" - netmask: "{{ h2_eth0.netmask }}" - gateway: "{{ h2_eth0.gateway }}" - when: inventory_hostname == "H2" - # notify: restart networking - - # Configure R1 interfaces - - name: Configure R1 interface eth0 - template: - src: interfaces.j2 - dest: /etc/network/interfaces.d/eth0.cfg - vars: - ifname: "eth0" - iface: "iface {{ ifname }} inet static" - address: "{{ r1_eth0.ip_address }}" - netmask: "{{ r1_eth0.netmask }}" - when: inventory_hostname == "R1" - # notify: restart networking - - - name: Configure R1 interface eth1 - template: - src: interfaces.j2 - dest: /etc/network/interfaces.d/eth1.cfg - vars: - ifname: "eth1" - iface: "iface {{ ifname }} inet static" - address: "{{ r1_eth1.ip_address }}" - netmask: "{{ r1_eth1.netmask }}" - gateway: "{{ r1_eth1.gateway }}" diff --git a/wireguard.yml b/wireguard.yml new file mode 100644 index 0000000000000000000000000000000000000000..76c16dc687c6826e9ebc0eec5aa9c6ad1202eba9 --- /dev/null +++ b/wireguard.yml @@ -0,0 +1,81 @@ +- hosts: all + vars: + # Variables pour les interfaces + interfaces: + H1: + eth0: + address: 1.0.0.3 + netmask: 255.255.255.0 + subnet: 3.0.0.0/24 + nexthop: 1.0.0.1 + H2: + eth0: + address: 3.0.0.3 + netmask: 255.255.255.0 + subnet: 1.0.0.0/24 + nexthop: 3.0.0.2 + R1: + eth0: + address: 2.0.0.1 + netmask: 255.255.255.0 + eth1: + address: 1.0.0.1 + netmask: 255.255.255.0 + subnet: 3.0.0.0/24 + nexthop: 2.0.0.2 + R2: + eth0: + address: 2.0.0.2 + netmask: 255.255.255.0 + eth1: + address: 3.0.0.2 + netmask: 255.255.255.0 + subnet: 1.0.0.0/24 + nexthop: 2.0.0.1 + + tasks: + - name: Print result + debug: + msg: "{{ interfaces[inventory_hostname] }}" + + - name: Restart interfaces routeurs + template: + src: templates/r_interfaces.j2 + dest: /etc/network/interfaces.d/int + when: inventory_hostname in groups['routeurs'] + notify: restart networking + + - name: Restart interfaces hosts + template: + src: templates/h_interfaces.j2 + dest: /etc/network/interfaces.d/int + when: inventory_hostname in groups['hotes'] + notify: restart networking + + - name: Give internet to host + ansible.builtin.shell: + cmd: "dhclient -v mgmt0" + when: inventory_hostname in groups['hotes'] + + - name: Install update for install other programs + ansible.builtin.apt: + cache_valid_time: 86400 + upgrade: yes + update_cache: yes + when: inventory_hostname in groups['hotes'] + + - name: Install nginx + ansible.builtin.apt: + pkg: + - nginx + - wireguard + - wireguard-tools + - curl + state: present + when: inventory_hostname in groups['hotes'] + + handlers: + - name: restart networking + service: + name: networking + state: restarted