Skip to content
Snippets Groups Projects
Commit de90fdc9 authored by ines's avatar ines
Browse files

add partie 2 et debut 3

parent 1cd3404f
No related branches found
No related tags found
No related merge requests found
# TP 3 : Ansible # TP 3 : Ansible
Inès MAYA Inès MAYA
## Fonctionnement ## Fonctionnement
cmd : ansible-playbook -i inv.yml ansible.yml cmd : ansible-playbook -i inventory.yml ansible.yml
\ No newline at end of file \ No newline at end of file
...@@ -4,44 +4,52 @@ ...@@ -4,44 +4,52 @@
interfaces: interfaces:
H1: H1:
eth0: eth0:
address: 192.168.1.10 address: 1.0.0.3
netmask: 255.255.255.0 netmask: 255.255.255.0
gateway: 192.168.1.1 subnet: 3.0.0.0/24
nexthop: 1.0.0.1
H2: H2:
eth0: eth0:
address: 192.168.2.10 address: 3.0.0.3
netmask: 255.255.255.0 netmask: 255.255.255.0
gateway: 192.168.2.1 subnet: 1.0.0.0/24
nexthop: 3.0.0.2
R1: R1:
eth0: eth0:
address: 192.168.1.1 address: 2.0.0.1
netmask: 255.255.255.0 netmask: 255.255.255.0
eth1: eth1:
address: 10.0.0.1 address: 1.0.0.1
netmask: 255.255.255.0 netmask: 255.255.255.0
subnet: 3.0.0.0/24
nexthop: 2.0.0.2
R2: R2:
eth0: eth0:
address: 192.168.2.1 address: 2.0.0.2
netmask: 255.255.255.0 netmask: 255.255.255.0
eth1: eth1:
address: 10.0.0.2 address: 3.0.0.2
netmask: 255.255.255.0 netmask: 255.255.255.0
subnet: 1.0.0.0/24
nexthop: 2.0.0.1
tasks: tasks:
- name: Restart interfaces hostss" - name: Print result
debug:
msg: "{{ interfaces[inventory_hostname] }}"
- name: Restart interfaces routeurs
template: template:
src: interfaces.j2 src: templates/r_interfaces.j2
dest: /etc/network/interfaces.d/{{ item.key }}-{{ item.value.key }} dest: /etc/network/interfaces.d/int
loop: "{{ interfaces | dict2items | subelements('value') }}" when: inventory_hostname in groups['routeurs']
notify: restart networking notify: restart networking
- name: Configurer les routes statiques pour H1 et H2 - name: Restart interfaces hosts
lineinfile: template:
path: /etc/network/interfaces.d/{{ item }}-eth0 src: templates/h_interfaces.j2
line: " post-up route add default gw {{ interfaces[item].eth0.gateway }}" dest: /etc/network/interfaces.d/int
loop: when: inventory_hostname in groups['hotes']
- H1 notify: restart networking
- H2
handlers: handlers:
- name: restart networking - name: restart networking
......
[py3-hosts]
H1
R1
H2
[py3-hosts:vars]
ansible_python_interpreter=/usr/bin/python3
\ No newline at end of file
# Loop over all the variables that start with inventory_hostname followed by "_ifname" (e.g., H1_ifname, R1_ifname1, etc.)
{% for var in vars if var.startswith(inventory_hostname + '_ifname') %}
# Get the interface name from the variable value (e.g., eth0, eth1, etc.)
iface {{ vars[var] }} inet static
# Get the IP address from another variable that has the same suffix as the current variable (e.g., H1_ipaddr, R1_ipaddr1, etc.)
address {{ vars[inventory_hostname + '_ipaddr' + var[-1]] }}
# If the host belongs to the hosts group, add a default gateway from another variable that has the same suffix as well (e.g., H1_gwaddr, H2_gwaddr, etc.)
{% if inventory_hostname in groups['hosts'] %}
gateway {{ vars[inventory_hostname + '_gwaddr' + var[-1]] }}
{% endif %}
# If the host belongs to the routers group, add a static route to reach the other subnet via another variable that has an incremented suffix (e.g., R1_ipaddr2, R2_ipaddr2, etc.)
{% if inventory_hostname in groups['routers'] %}
post-up ip route add {{ '192.168.' + ('10' if '20' in vars[inventory_hostname + '_ipaddr' + var[-1]] else '20') + '.0/24' }} via {{ vars[inventory_hostname + '_ipaddr' + str(int(var[-1]) + 1)] }}
{% endif %}
{% endfor %}
\ No newline at end of file
H1
H2
R1
R1
[routers]
R1
R2
[hosts]
H1
H2
\ No newline at end of file
[hotes]
H1
H2
[routeurs]
R1
R2
\ No newline at end of file
auto eth0
iface eth0 inet static
address {{ interfaces[inventory_hostname].eth0.address }}
netmask {{ interfaces[inventory_hostname].eth0.netmask }}
post-up ip route add {{ interfaces[inventory_hostname].subnet }} nexthop via {{ interfaces[inventory_hostname].nexthop }}
# templates/interfaces.j2 {% for host in groups['routers'] + groups['hosts'] %}
auto {{ item.value.key }} auto {{ hostvars[host]['ifnameB'] }}
iface {{ item.value.key }} inet static iface {{ hostvars[host]['ifnameB'] }} inet static
address {{ item.value.value.address }} address {{ hostvars[host]['ipB'] }}
netmask {{ item.value.value.netmask }} netmask {{ hostvars['all']['netmask'] }}
{% if item.value.value.gateway is defined %} {% if host in groups['routers'] %}
gateway {{ item.value.value.gateway }} auto {{ hostvars[host]['ifnameA'] }}
iface {{ hostvars[host]['ifnameA'] }} inet static
address {{ hostvars[host]['ipA'] }}
netmask {{ hostvars['all']['netmask'] }}
post-up ip route add {{ hostvars[host]['subnet'] }} nexthop via {{ hostvars[host]['nexthop'] }}
{% else %}
auto {{ hostvars[host]['ifnameA'] }}
iface {{ hostvars[host]['ifnameA'] }} inet static
address {{ hostvars[host]['ip'] }}
netmask {{ hostvars['all']['netmask'] }}
post-up ip route add default via {{ hostvars[host]['gateway'] }}
{% endif %} {% endif %}
{% endfor %}
\ No newline at end of file
auto eth0
iface eth0 inet static
address {{ interfaces[inventory_hostname].eth0.address }}
netmask {{ interfaces[inventory_hostname].eth0.netmask }}
auto eth1
iface eth1 inet static
address {{ interfaces[inventory_hostname].eth1.address }}
netmask {{ interfaces[inventory_hostname].eth1.netmask }}
post-up ip route add {{ interfaces[inventory_hostname].subnet }} nexthop via {{ interfaces[inventory_hostname].nexthop }}
# H1
ssh H1 hostaname H1
ssh H1 ip addr dd 1.0.0.3/24 dev eth0 # rajout l'ip au devuce eth0 a l'interface de H1
ssh H1 ip link set up eth0
# R1
ssh R1 hostaname R1
ssh R1 ip addr dd 1.0.0.1/24 dev eth1
ssh R1 ip addr dd 2.0.0.1/24 dev eth0
ssh R1 ip link set up eth0
ssh R1 ip link set up eth1
# H2
ssh H2 hostaname H2
ssh H2 ip addr dd 3.0.0.3/24 dev eth0 # rajout l'ip au devuce eth0 a l'interface de H1
ssh H2 ip link set up eth0
# R2
ssh R2 hostaname R2
ssh R2 ip addr dd 2.0.0.2/24 dev eth1
ssh R2 ip addr dd 3.0.0.2/24 dev eth0
ssh R2 ip link set up eth0
ssh R2 ip link set up eth1
# validation
ssh H1 ping -c 2 1.0.0.1
ssh R1 ping -c 2 2.0.0.2
ssh R2 ping -c 2 3.0.0.3
##### Routage
# configuration des routeurs
ssh R1 ip route add 3.0.0.0/24 via 2.0.0.2
ssh R1 ip route
ssh R2 ip route add 1.0.0.0/24 via 2.0.0.1
ssh R2 ip route
# coNfiguration des hôtes
ssh H1 ip route add default via 1.0.0.1
ssh H2 ip route add default via 3.0.0.2
# wireguard
# route par default vers interenet
apt update
apt install wireguard-tools
ssh H1 wg genkey | tee private.key | wg pubkey > public.key
ssh H1 ip link add wg0 type wireguard
ssh H1 ip add addr 10.0.0.1/24 dev wg0
ssh H1 ip link set up dev wg0
ssh H1 wg set wg0 private-key ./private.key
ssh H1 wg set wg0 peer <public_key H2> allowed-up 10.0.0.2/32 endpoint 3.0.0.3:51820 # 10.0.0.1 POUR h2
ssh H1 wg genkey | tee private.key | wg pubkey > public.key
ssh H1 ip link add wg0 type wireguard
ssh H1 ip add addr 10.0.0.1/24 dev wg0
ssh H1 ip link set up dev wg0
ssh H1 wg set wg0 private-key ./private.key
ssh H1 wg set wg0 peer <public_key H2> allowed-up 10.0.0.1
\ No newline at end of file
auto eth0
iface eth0 inet static
address 2.0.0.1/24
\ No newline at end of file
auto eth1
iface eth1 inet static
address 1.0.0.1/24
post-ip ip route add 3.0.0.0/24
\ No newline at end of file
---
- name: Configure network interfaces
hosts: all
become: true
vars:
# Interface configuration
h1_eth0:
ip_address: "192.168.1.1"
netmask: "255.255.255.0"
gateway: "192.168.1.254"
h2_eth0:
ip_address: "192.168.2.1"
netmask: "255.255.255.0"
gateway: "192.168.2.254"
r1_eth0:
ip_address: "192.168.1.254"
netmask: "255.255.255.0"
r1_eth1:
ip_address: "192.168.3.1"
netmask: "255.255.255.0"
gateway: "192.168.3.254"
r2_eth0:
ip_address: "192.168.2.254"
netmask: "255.255.255.0"
r2_eth1:
ip_address: "192.168.3.254"
netmask: "255.255.255.0"
tasks:
# Configure H1 interface
- name: Configure H1 interface
template:
src: interfaces.j2
dest: /etc/network/interfaces.d/eth0.cfg
vars:
ifname: "eth0"
iface: "iface {{ ifname }} inet static"
address: "{{ h1_eth0.ip_address }}"
netmask: "{{ h1_eth0.netmask }}"
gateway: "{{ h1_eth0.gateway }}"
when: inventory_hostname == "H1"
# notify: restart networking
# Configure H2 interface
- name: Configure H2 interface
template:
src: interfaces.j2
dest: /etc/network/interfaces.d/eth0.cfg
vars:
ifname: "eth0"
iface: "iface {{ ifname }} inet static"
address: "{{ h2_eth0.ip_address }}"
netmask: "{{ h2_eth0.netmask }}"
gateway: "{{ h2_eth0.gateway }}"
when: inventory_hostname == "H2"
# notify: restart networking
# Configure R1 interfaces
- name: Configure R1 interface eth0
template:
src: interfaces.j2
dest: /etc/network/interfaces.d/eth0.cfg
vars:
ifname: "eth0"
iface: "iface {{ ifname }} inet static"
address: "{{ r1_eth0.ip_address }}"
netmask: "{{ r1_eth0.netmask }}"
when: inventory_hostname == "R1"
# notify: restart networking
- name: Configure R1 interface eth1
template:
src: interfaces.j2
dest: /etc/network/interfaces.d/eth1.cfg
vars:
ifname: "eth1"
iface: "iface {{ ifname }} inet static"
address: "{{ r1_eth1.ip_address }}"
netmask: "{{ r1_eth1.netmask }}"
gateway: "{{ r1_eth1.gateway }}"
- hosts: all
vars:
# Variables pour les interfaces
interfaces:
H1:
eth0:
address: 1.0.0.3
netmask: 255.255.255.0
subnet: 3.0.0.0/24
nexthop: 1.0.0.1
H2:
eth0:
address: 3.0.0.3
netmask: 255.255.255.0
subnet: 1.0.0.0/24
nexthop: 3.0.0.2
R1:
eth0:
address: 2.0.0.1
netmask: 255.255.255.0
eth1:
address: 1.0.0.1
netmask: 255.255.255.0
subnet: 3.0.0.0/24
nexthop: 2.0.0.2
R2:
eth0:
address: 2.0.0.2
netmask: 255.255.255.0
eth1:
address: 3.0.0.2
netmask: 255.255.255.0
subnet: 1.0.0.0/24
nexthop: 2.0.0.1
tasks:
- name: Print result
debug:
msg: "{{ interfaces[inventory_hostname] }}"
- name: Restart interfaces routeurs
template:
src: templates/r_interfaces.j2
dest: /etc/network/interfaces.d/int
when: inventory_hostname in groups['routeurs']
notify: restart networking
- name: Restart interfaces hosts
template:
src: templates/h_interfaces.j2
dest: /etc/network/interfaces.d/int
when: inventory_hostname in groups['hotes']
notify: restart networking
- name: Give internet to host
ansible.builtin.shell:
cmd: "dhclient -v mgmt0"
when: inventory_hostname in groups['hotes']
- name: Install update for install other programs
ansible.builtin.apt:
cache_valid_time: 86400
upgrade: yes
update_cache: yes
when: inventory_hostname in groups['hotes']
- name: Install nginx
ansible.builtin.apt:
pkg:
- nginx
- wireguard
- wireguard-tools
- curl
state: present
when: inventory_hostname in groups['hotes']
handlers:
- name: restart networking
service:
name: networking
state: restarted
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment