Move TCP/UDP relays to relay servers

2021-09-01 18:16:44 +00:00 · 2021-09-01 18:16:44 +00:00 · 3420ab744a
commit 3420ab744a
parent e6a6e32755
2 changed files with 20 additions and 10 deletions
--- a/playbooks/proxy.yml
+++ b/playbooks/proxy.yml
@ -11,7 +11,6 @@

  roles:
    - base
-    - relayd
    - ifstated
    - nginx/server
    - role: nginx/site
--- a/roles/relayd/templates/relayd.conf.j2
+++ b/roles/relayd/templates/relayd.conf.j2
@ -1,15 +1,26 @@
+log state changes
+log connection
+
+relay "syslog-int" {
+    listen on 172.20.20.5 port 6514
+    forward to log01.home.foo.sh port 6514
+}
+relay "syslog-ext" {
+    listen on 37.16.96.150 port 6514
+    forward to log01.home.foo.sh port 6514
+}

-{% if inventory_hostname == "proxy01.home.foo.sh" %}
-table <ldap_servers> { ldap01.home.foo.sh }
-{% else %}
 table <ldap_servers> { ldap01.home.foo.sh, ldap02.home.foo.sh }
-{% endif %}
-relay "ldap" {
-    listen on 0.0.0.0 port 636
+relay "ldap-int" {
+    listen on 172.20.20.6 port 636
+    forward to <ldap_servers> check tls
+}
+relay "ldap-ext" {
+    listen on 37.16.96.151 port 636
    forward to <ldap_servers> check tls
 }

-relay "syslog" {
-    listen on 0.0.0.0 port 6514
-    forward to log01.home.foo.sh port 6514
+relay "ldap01-ext" {
+    listen on 37.16.96.152 port 636
+    forward to ldap01.home.foo.sh port 636
 }