Ansible scripts for FRI servers
Go to file
Timotej Lazar 17c8e84498 proxmox: support certificate renewals with ACME
Certificates must still be requested manually, this just sets the
domain and opens up port 80/tcp. Nothing listens there except for
certbot during renewals so that’s OK.
2024-09-04 16:54:47 +02:00
files Deconsolidate network setup for proxmox and debian roles 2024-08-28 12:43:14 +02:00
filter_plugins Support custom allowed_ips field for services 2024-08-03 11:44:03 +02:00
roles proxmox: support certificate renewals with ACME 2024-09-04 16:54:47 +02:00
templates Deconsolidate network setup for proxmox and debian roles 2024-08-28 12:43:14 +02:00
.gitignore Add .gitignore 2024-05-19 14:21:25 +02:00
ansible.cfg Set become_flags in ansible.cfg 2024-06-24 21:39:34 +02:00
inventory.yml Add dnsmasq role 2024-07-26 10:13:59 +02:00
LICENSE Unlicense 2024-05-19 14:31:43 +02:00
README.md Drop unneeded setting from README 2024-05-19 14:22:41 +02:00
setup.yml Deconsolidate network setup for proxmox and debian roles 2024-08-28 12:43:14 +02:00
UNLICENSE Unlicense 2024-05-19 14:31:43 +02:00

These Ansible roles set up servers running various Linux distributions to participate in BGP routing. Device and IP address data are pulled from NetBox. A separate VRF mgmt is configured for a L2 management interface.

Setup

Each server should have the following information recorded in NetBox:

  • network interfaces mgmt*: used for management (Ansible) access; must define MAC and IP address
  • network interfaces lan*: used for BGP routing; must define MAC address
  • network interface lo: must define the IP address to announce over BGP, also serves as router ID

For the management IP address, another address in the same prefix should be defined with the tag gateway.

Run

Create a read-only token in NetBox. Define required variables:

export NETBOX_API=<url>
export NETBOX_TOKEN=<token>

Run one-off tasks with (add --key-file or other options as necessary):

ansible -m ping 'server-*'

Run a playbook with:

ansible-playbook setup.yml -l 'server-*'