From 5dc54dd8ebbff8497ddf3aef3c5d17159e8c5dd0 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Tue, 28 May 2019 00:28:29 +0300 Subject: [PATCH] add proxy hosts --- group_vars/proxy.yml | 46 +++++++++++++++++++++++++++++++ host_vars/proxy01.home.foo.sh.yml | 16 +++++++++++ host_vars/proxy02.home.foo.sh.yml | 15 ++++++++++ hosts | 5 ++++ playbooks/proxy.yml | 40 +++++++++++++++++++++++++++ 5 files changed, 122 insertions(+) create mode 100644 group_vars/proxy.yml create mode 100644 host_vars/proxy01.home.foo.sh.yml create mode 100644 host_vars/proxy02.home.foo.sh.yml create mode 100644 playbooks/proxy.yml diff --git a/group_vars/proxy.yml b/group_vars/proxy.yml new file mode 100644 index 0000000..6b4eb21 --- /dev/null +++ b/group_vars/proxy.yml @@ -0,0 +1,46 @@ +--- +network_dns_servers: + - 172.20.20.10 + - 172.20.21.7 + - 172.20.21.8 +network_dns_search: + - foo.sh +network_default_gateway: 37.16.96.145 + +network_carp_interfaces: + - device: vio0 + vhid: 8 + ipaddr: 172.20.20.8 + netmask: 255.255.252.0 + pass: "{{ carp8_pass }}" + advskew: "{{ carp8_advskew }}" + - device: vio0 + vhid: 9 + ipaddr: 172.20.20.9 + netmask: 255.255.252.0 + pass: "{{ carp9_pass }}" + advskew: "{{ carp9_advskew }}" + - device: vio1 + vhid: 153 + ipaddr: 37.16.96.153 + netmask: 255.255.255.240 + ip6addr: 2a00:4cc1:6:1006:feed:dead:beef:153 + ip6netmask: 64 + pass: "{{ carp153_pass }}" + advskew: "{{ carp153_advskew }}" + - device: vio1 + vhid: 154 + ipaddr: 37.16.96.154 + netmask: 255.255.255.240 + ip6addr: 2a00:4cc1:6:1006:feed:dead:beef:154 + ip6netmask: 64 + pass: "{{ carp154_pass }}" + advskew: "{{ carp154_advskew }}" + +firewall_raw: + - pass quick proto carp +firewall_in: + - {proto: tcp, port: 22, from: [172.20.20.0/22]} + - {proto: tcp, port: 80} + - {proto: tcp, port: 443} + - {proto: tcp, port: 636} diff --git a/host_vars/proxy01.home.foo.sh.yml b/host_vars/proxy01.home.foo.sh.yml new file mode 100644 index 0000000..9483e96 --- /dev/null +++ b/host_vars/proxy01.home.foo.sh.yml @@ -0,0 +1,16 @@ +--- +interfaces: [[20, "52:54:00:ac:dc:0d"], [102, "52:54:00:ad:bc:0d"]] +vmhost: vmhost01.home.foo.sh + +network_ether_interfaces: + - device: vio0 + ipaddr: 172.20.21.13 + netmask: 255.255.252.0 + - device: vio1 + proto: none + +# kludge advskew values for carps +carp8_advskew: 0 +carp9_advskew: 128 +carp153_advskew: 0 +carp154_advskew: 128 diff --git a/host_vars/proxy02.home.foo.sh.yml b/host_vars/proxy02.home.foo.sh.yml new file mode 100644 index 0000000..278a138 --- /dev/null +++ b/host_vars/proxy02.home.foo.sh.yml @@ -0,0 +1,15 @@ +--- +interfaces: [[20, "52:54:00:ac:dc:0e"], [102, "52:54:00:ad:bc:0e"]] +vmhost: vmhost02.home.foo.sh + +network_ether_interfaces: + - device: vio0 + ipaddr: 172.20.21.14 + netmask: 255.255.252.0 + - device: vio1 + proto: none + +carp8_advskew: 128 +carp9_advskew: 0 +carp153_advskew: 128 +carp154_advskew: 0 diff --git a/hosts b/hosts index 202022f..583d6a0 100644 --- a/hosts +++ b/hosts @@ -7,9 +7,14 @@ git02.home.foo.sh [gw] gw01.home.foo.sh +[proxy] +proxy01.home.foo.sh +proxy02.home.foo.sh + [centos7:children] git mirror [openbsd:children] gw +proxy diff --git a/playbooks/proxy.yml b/playbooks/proxy.yml new file mode 100644 index 0000000..199acbc --- /dev/null +++ b/playbooks/proxy.yml @@ -0,0 +1,40 @@ +--- +- import_playbook: "include/vm-create.yml myhosts=proxy" + +- name: configure instance + hosts: proxy + user: root + gather_facts: true + + vars_files: + - "{{ ansible_dir_private }}/vars.yml" + + roles: + - base + - nginx/server + - role: nginx/site + site: foo.sh + redirect: https://www.foo.sh/ + - role: nginx/site + site: autoconfig.foo.sh + - role: nginx/site + site: boot.foo.sh + - role: nginx/site + site: bitbucket.foo.sh + redirect: https://bitbucket.org/tmakinen/ + - role: nginx/site + site: git.foo.sh + proxy: https://git02.home.foo.sh/ + - role: nginx/site + site: id.foo.sh + proxy: https://ldap01.home.foo.sh/ + - role: nginx/site + site: mirrors.foo.sh + proxy: https://mirror01.home.foo.sh/ + - role: nginx/site + site: print.foo.sh + proxy: https://print01.home.foo.sh/ + - role: nginx/site + site: wpad.foo.sh + - role: nginx/site + site: www.foo.sh