diff --git a/README.md b/README.md index cb14d334cd2cf18b653fc558182e07599bc56a82..367cb20473e619d26798440388861af229470bd0 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ create.py is a python program that generates a vagrant source file from a defini - Python 3 - VirtualBox 6 - Ansible 2.3.3.0 +- Vagrant 2.2.5 - Virtualization must be enabled - DHCP server for vboxnet0 must be turned off in VirtualBox. It can be done manually in VirtualBox or with the command `$ VBoxManage dhcpserver remove --ifname vboxnet0` @@ -16,7 +17,7 @@ create.py is a python program that generates a vagrant source file from a defini 2. Install Python dependencies with `pip3 install -r requirements.txt`. 3. Clone the project. 4. Navigate to the project folder. -5. Type `$ python3 create.py sandbox.yml`. +5. Type `$ python3 create.py sandbox.yml`. On Windows or in case of an error due to ansible/python use `python3 create.py -l sandbox.yml`. (note: This will rewrite the previously generated Vagrantfile and ansible files.) 6. Run `$ vagrant up` ### Input yaml file structure @@ -86,11 +87,13 @@ The name of the correct network interface can be different for every box. The su - other VirtualBox attributes - more complex routing -### Known [issues](https://gitlab.ics.muni.cz/cs4eu/sandbox-creator/issues?label_name%5B%5D=known_issue): -- after running on Windows the output may contain invalid multibyte chars +### Known [issues](https://gitlab.ics.muni.cz/cs4eu/sandbox-creator/issues?scope=all&utf8=âś“&state=all&label_name[]=known_issue): +- After running on Windows the output may contain invalid multibyte chars. +- Vagrant up can somtimes get stuck on "SSH auth method: private key" in case of "generic/debian10" box or on "SSH auth method: password" in case of "kalilinux/rolling-light" box. This is probably an issue of VirtualBox. In this case try to create the machine again. In case of "kalilinux/rolling-light" remove the line `device.ssh.password = "vagrant"` from the generated Vagrantfile and try to bring it up again. +- On some machines ansible local (flag -l) can get stuck while connecting to the created virtual machine. ### Notes -- tested on Vagrant 2.2.5, VirtualBox 6.0.4 and 6.0.10 +- tested on Vagrant 2.2.5, VirtualBox 6.0.4 and 6.0.10, Ansible 2.3.3.0 - Vagrantfile and the provision directory contains everything needed by vagrant. Feel free to move them to a different directory after creation. ### Credits diff --git a/big_broker.yml b/big_broker.yml new file mode 100644 index 0000000000000000000000000000000000000000..72fbd9515c1966a460944966a13367ec4eb9d39a --- /dev/null +++ b/big_broker.yml @@ -0,0 +1,65 @@ +--- +name: big-broker +hosts: + - name: web + base_box: generic/debian10 + memory: 2048 + + - name: workstation + base_box: generic/debian10 + memory: 2048 + + - name: database + base_box: generic/debian10 + memory: 2048 + + - name: attacker + base_box: kalilinux/rolling-light + memory: 2048 + + - name: client + base_box: generic/debian10 + memory: 2048 + +routers: + - name: big-broker-router + + - name: internet-router + +networks: + - name: big-broker + cidr: 172.18.1.0/24 + + - name: internet + cidr: 10.1.0.0/16 + +net_mappings: + - host: web + network: big-broker + ip: 172.18.1.5 + + - host: workstation + network: big-broker + ip: 172.18.1.132 + + - host: database + network: big-broker + ip: 172.18.1.14 + + - host: attacker + network: internet + ip: 10.1.135.83 + + - host: client + network: internet + ip: 10.1.17.4 + +router_mappings: + - router: big-broker-router + network: big-broker + ip: 172.18.1.1 + + - router: internet-router + network: internet + ip: 10.1.0.1 +... diff --git a/create.py b/create.py index b3ee2c796e367c3b3988622da3a8f506fa798ca1..5ad7906f65143bf67d7be9a16a1240b1b3ae5591 100644 --- a/create.py +++ b/create.py @@ -6,15 +6,27 @@ import jinja2 from modules.file_generator import generate_vagrantfile, generate_ansible_files from modules.device_creator import open_file +from modules.routing import create_border_router -""" Supressing error traceback. """ -sys.tracebacklimit = 0 - -if len(sys.argv) != 2: - print("Error: Expecting 1 argument (yml file).") +if len(sys.argv) == 3: + if str(sys.argv[1]) == "-l": + ansible_local = True + input_file_name = str(sys.argv[2]) + elif str(sys.argv[2]) == "-l": + ansible_local = True + input_file_name = str(sys.argv[1]) + else: + print("Error: Expecting a yml file and optionally a flag -l.") + sys.exit() +elif len(sys.argv) == 2: + ansible_local = False + input_file_name = str(sys.argv[1]) +else: + print("Error: Expecting a yml file and optionally a flag -l.") sys.exit() -device_definitions = open_file(str(sys.argv[1])) +device_definitions = open_file(input_file_name) +create_border_router(device_definitions) -generate_vagrantfile(device_definitions) +generate_vagrantfile(device_definitions, ansible_local) generate_ansible_files(device_definitions) diff --git a/modules/ansible_data_generator.py b/modules/ansible_data_generator.py index e720a48bee149a0885d66fe17067b55c9e97fec0..99e8ee4a09a865f35f17c7eb21135506d539e373 100644 --- a/modules/ansible_data_generator.py +++ b/modules/ansible_data_generator.py @@ -2,14 +2,16 @@ from modules.device_creator import open_file INTERFACE_FILE = "name_mapping/interface.yml" -def create_network_map(net_mappings, router_mappings): +def create_network_map(definitions): """ Creates a structure with network topology for Jinja2 template. """ routings = [] - for router_mapping in router_mappings: + for router_mapping in definitions["router_mappings"]: routing = dict() routing["router_name"] = router_mapping["router"] + routing["router_network"] = router_mapping["network"] + routing["router_network_ip"] = _find_network_ip(router_mapping["network"], definitions) routing["router_ip"] = router_mapping["ip"] routings.append(routing) @@ -21,6 +23,10 @@ def _find_router_ip(network_name, router_mappings): if router_mapping["network"] == network_name: return router_mapping["ip"] +def _find_network_ip(network_name, definitions): + for network in definitions["networks"]: + if network["name"] == network_name: + return network["cidr"] def _find_interface(host_name, hosts): diff --git a/modules/device_creator.py b/modules/device_creator.py index a6c8abbf6ef781515852ac3741137b894ee761af..12f67b6064f2c9a0c621f1854ac0dc04bb40b170 100644 --- a/modules/device_creator.py +++ b/modules/device_creator.py @@ -31,8 +31,17 @@ def _add_provisioning(hostname, host_definitions): except IOError: pass +def _add_rsync(box, host_name, definitions): + """ add rsync to debian machines """ -def _create_hosts(yml, mappings, flavors): + if box == "generic/debian10": + definitions[host_name].append("# standard shared folder doesn't work on debian") + definitions[host_name].append("device.vm.synced_folder \".\", \"/vagrant\", type: \"rsync\", rsync__exclude: \".git/\"") + + if box == "kalilinux/rolling-light": + definitions[host_name].append("device.ssh.password = \"vagrant\"") + +def _create_hosts(yml, mappings, flavors, ansible_local): """ Creates a dictionary with formatted definition of each host. """ host_definitions = {} @@ -44,28 +53,32 @@ def _create_hosts(yml, mappings, flavors): add_prov_attributes( host, flavors, mappings['need_provider'], host_definitions) _add_provisioning(host["name"], host_definitions) + if ansible_local: + _add_rsync(host["base_box"], host["name"], host_definitions) return host_definitions -def _create_routers(yml): +def _create_routers(yml, ansible_local): """ Creates a dictionary with formatted definition of each router. """ router_definitions = {} for router in yml['routers']: router_definitions[router['name']] = [] add_router_ip(router["name"], yml, router_definitions) - add_router_specification(router, router_definitions) + add_router_specification(router, router_definitions, ansible_local) + if ansible_local: + _add_rsync("generic/debian10", router["name"], router_definitions) return router_definitions -def create_devices(definitions): +def create_devices(definitions, ansible_local): """ Returns a merged dictionary of host and router definitions. """ mappings = open_file(MAPPING_FILE) flavors = open_file(FLAVORS_FILE) return { - **_create_hosts(definitions, mappings, flavors), - **_create_routers(definitions)} + **_create_hosts(definitions, mappings, flavors, ansible_local), + **_create_routers(definitions, ansible_local)} diff --git a/modules/file_generator.py b/modules/file_generator.py index e748bbe1f781516d3ec652e11ae87a683f99544d..d73861e69095902cdff418c15719fe3962cbd528 100644 --- a/modules/file_generator.py +++ b/modules/file_generator.py @@ -3,7 +3,7 @@ import os from modules.device_creator import create_devices from modules.ansible_data_generator import create_network_map, create_host_map, create_network_ips - +from modules.routing import BORDER_ROUTER_IP, BORDER_ROUTER_NAME, BORDER_ROUTER_NETWORK_NAME, BORDER_ROUTER_PUBLIC_IP def _load_template(template_name): """ Returns a loaded jinja2 template. """ @@ -23,23 +23,23 @@ def _generate_file(filename, output_string): print("Error: cannot write to this location.") -def _create_role_directory(role_name): +def _create_role_directory(role_name, provisioning_dir): """ Creates directory structure for a role. """ try: - os.mkdir("provisioning") + os.mkdir(provisioning_dir) except FileExistsError: pass try: - os.mkdir("provisioning/roles") + os.mkdir(provisioning_dir + "/roles") except FileExistsError: pass try: - os.mkdir("provisioning/roles/" + role_name) + os.mkdir(provisioning_dir + "/roles/" + role_name) except FileExistsError: pass try: - os.mkdir("provisioning/roles/" + role_name +"/tasks") + os.mkdir(provisioning_dir + "/roles/" + role_name +"/tasks") except FileExistsError: pass @@ -54,13 +54,13 @@ def _find_user_ansible_files(definitions): return host_names -def generate_vagrantfile(definitions): +def generate_vagrantfile(definitions, ansible_local): """ Writes the prepared output to a Vagrantfile. """ - - device_definitions = create_devices(definitions) + + device_definitions = create_devices(definitions, ansible_local) user_ansible_files = _find_user_ansible_files(definitions) template = _load_template("vagrantfile") - output = template.render(devices=device_definitions, user_files=user_ansible_files) + output = template.render(devices=device_definitions, user_files=user_ansible_files, ansible_local=ansible_local) _generate_file("Vagrantfile", output) print("Info: Vagrantfile successfully created.") @@ -70,12 +70,10 @@ def _generate_playbook(definitions): """ Generates the main playbook. """ host_map = create_host_map(definitions["net_mappings"], definitions["router_mappings"], definitions["hosts"]) - network = create_network_map( - definitions["net_mappings"], definitions["router_mappings"]) - network_ips = create_network_ips(definitions["networks"]) + network = create_network_map(definitions) template = _load_template("playbook") - output = template.render(hosts=host_map, routers=network, network_ips=network_ips) + output = template.render(hosts=host_map, routers=network) try: os.mkdir("provisioning") @@ -89,19 +87,18 @@ def _generate_device_configuration(definitions): """ Generates a playbook with basic device configutarion. """ host_map = create_host_map(definitions["net_mappings"], definitions["router_mappings"], definitions["hosts"]) - network = create_network_map( - definitions["net_mappings"], definitions["router_mappings"]) + network = create_network_map(definitions) network_ips = create_network_ips(definitions["networks"]) template = _load_template("device_configuration") - output = template.render(hosts=host_map, routers=network, network_ips=network_ips) + output = template.render(hosts=host_map, routers=network, network_ips=network_ips, border_router_name = BORDER_ROUTER_NAME) try: - os.mkdir("provisioning") + os.mkdir("base_provisioning") except FileExistsError: pass - _generate_file("./provisioning/device_configuration.yml", output) + _generate_file("./base_provisioning/device_configuration.yml", output) def _generate_hosts_role(definitions): @@ -109,16 +106,47 @@ def _generate_hosts_role(definitions): host_map = create_host_map(definitions["net_mappings"], definitions["router_mappings"], definitions["hosts"]) - network = create_network_map( - definitions["net_mappings"], definitions["router_mappings"]) + network = create_network_map(definitions) template = _load_template("hosts") output = template.render(hosts=host_map, routers=network) - _create_role_directory("hosts") + _create_role_directory("hosts", "base_provisioning") + _generate_file("./base_provisioning/roles/hosts/tasks/main.yml", output) + + user_template = _load_template("user_hosts") + user_output = template.render() + + _create_role_directory("hosts", "provisioning") _generate_file("./provisioning/roles/hosts/tasks/main.yml", output) +def _generate_separate_hosts_role(definitions): + """ Generate roles for separate host devices. """ + + host_map = create_host_map(definitions["net_mappings"], definitions["router_mappings"], definitions["hosts"]) + + for host in definitions["hosts"]: + + for host_attributes in host_map: + if host_attributes["host_name"] == host["name"]: + host_name = host_attributes["host_name"] + router_ip = host_attributes["router_ip"] + interface = host_attributes["interface"] + + template = _load_template("separate_hosts") + output = template.render(host_name=host_name, router_ip=router_ip, interface=interface) + + _create_role_directory(host["name"], "base_provisioning") + _generate_file("./base_provisioning/roles/" + host["name"] + "/tasks/main.yml", output) + + + template = _load_template("user_separate_hosts") + output = template.render(host_name=host_name) + + _create_role_directory(host["name"], "provisioning") + _generate_file("./provisioning/roles/" + host["name"] + "/tasks/main.yml", output) + def _generate_routers_role(definitions): """ Generates routers role. """ @@ -128,14 +156,52 @@ def _generate_routers_role(definitions): host_map = create_host_map(definitions["net_mappings"], definitions["router_mappings"], definitions["hosts"]) - network = create_network_map( - definitions["net_mappings"], definitions["router_mappings"]) + network = create_network_map(definitions) template = _load_template("routers") - output = template.render(hosts=host_map, routers=network) + output = template.render(hosts=host_map, routers=network, border_router_ip=BORDER_ROUTER_IP) + + _create_role_directory("routers", "base_provisioning") + _generate_file("./base_provisioning/roles/routers/tasks/main.yml", output) + + +def _find_cidr(network_name, definitions): + """ Finds cidr of a network from name. """ + + for network in definitions["networks"]: + if network["name"] == network_name: + return network["cidr"] + +def _get_br_routers(definitions): + """ Returns a list of router ips that are in the border router network. """ + + br_mappings = dict() + for router_mapping in definitions["router_mappings"]: + if router_mapping["network"] == BORDER_ROUTER_NETWORK_NAME: + for router_mapping2 in definitions["router_mappings"]: + if router_mapping["router"] == router_mapping2["router"] and router_mapping["network"] != router_mapping2["network"]: + br_mappings[_find_cidr(router_mapping2["network"], definitions)] = router_mapping["ip"] + + return br_mappings + +def _generate_br_role(definitions): + """ Generates br role. """ + + if not definitions['routers'] or not definitions['router_mappings']: + print("Info: No router definition was found. Skipping border router creation.") + return + + network = create_network_map(definitions) + + host_map = create_host_map(definitions["net_mappings"], definitions["router_mappings"], definitions["hosts"]) + + routers_in_br_network = _get_br_routers(definitions) + + template = _load_template("br") + output = template.render(hosts = host_map, routers=network, br_routes=routers_in_br_network, border_router_name=BORDER_ROUTER_NAME, border_router_public_ip=BORDER_ROUTER_PUBLIC_IP) - _create_role_directory("routers") - _generate_file("./provisioning/roles/routers/tasks/main.yml", output) + _create_role_directory("br", "base_provisioning") + _generate_file("./base_provisioning/roles/br/tasks/main.yml", output) def generate_ansible_files(device_definitions): @@ -144,6 +210,8 @@ def generate_ansible_files(device_definitions): _generate_playbook(device_definitions) _generate_device_configuration(device_definitions) _generate_hosts_role(device_definitions) + _generate_separate_hosts_role(device_definitions) _generate_routers_role(device_definitions) + _generate_br_role(device_definitions) print("Info: Ansible files successfully created.") diff --git a/modules/network_parser.py b/modules/network_parser.py index 8de9a8a9bc3df6c420e4b34f8be38a8b6cddbcec..a7224025003e77dd926ce0809e41df667cf94817 100644 --- a/modules/network_parser.py +++ b/modules/network_parser.py @@ -1,6 +1,7 @@ """ This module handles network creation. """ import sys +from modules.routing import BORDER_ROUTER_NAME, BORDER_ROUTER_PUBLIC_IP def _find_networks(hostname, mappings, device_type): @@ -50,9 +51,11 @@ def _add_interfaces(hostname, mapping, device_type, networks, definitions): definitions[hostname].append( "device.vm.network :private_network, ip: \"" + mapping["ip"] + "\", virtualbox__intnet: \"" + mapping["network"] + "\"") + + if hostname == BORDER_ROUTER_NAME: + definitions[BORDER_ROUTER_NAME].append("device.vm.network :public_network, ip: \" " + BORDER_ROUTER_PUBLIC_IP + "\"") - if device_type == "host": - _add_netmask(hostname, mapping["network"], networks, definitions) + _add_netmask(hostname, mapping["network"], networks, definitions) def add_networks(hostname, yml, definitions): """ Adds ip address and natmask to a host. """ diff --git a/modules/provider.py b/modules/provider.py index c4b6941783fb31150aedb535733a408ef37628d9..5bf02fc1d53ffa0c3de5d24fdd543df44055f803 100644 --- a/modules/provider.py +++ b/modules/provider.py @@ -48,7 +48,7 @@ def add_prov_attributes(host, flavors, provider_attributes, definitions): definitions[host['name']].append("end") -def add_router_specification(router, definitions): +def add_router_specification(router, definitions, ansible_local): """ Adds the default specification for a router. """ router_box = "generic/debian10" diff --git a/modules/routing.py b/modules/routing.py new file mode 100644 index 0000000000000000000000000000000000000000..f1b556f0b45f4292075b1c8c56ffe352f2f80ca0 --- /dev/null +++ b/modules/routing.py @@ -0,0 +1,73 @@ +import sys + +BORDER_ROUTER_NAME = "br" +BORDER_ROUTER_IP = "172.18.0.1" +BORDER_ROUTER_PUBLIC_IP = "172.18.10.1" +BORDER_ROUTER_NETWORK_NAME = "BR" +BORDER_ROUTER_NETWORK_IP = "172.18.0.0/24" + +def _are_br_parameters_free(definitions): + """ Checks if border router parameters are not already taken. """ + + for host in definitions["hosts"]: + if host["name"] == BORDER_ROUTER_NAME: + return False + + for router in definitions["routers"]: + if router["name"] == BORDER_ROUTER_NAME: + return False + + for network in definitions["networks"]: + if network["name"] == BORDER_ROUTER_NETWORK_NAME or network["cidr"] == BORDER_ROUTER_NETWORK_IP: + return False + + for net_mapping in definitions["net_mappings"]: + if net_mapping["ip"] == BORDER_ROUTER_IP: + return False + + + for router_mapping in definitions["router_mappings"]: + if router_mapping["ip"] == BORDER_ROUTER_IP: + return False + + return True + + +def _create_mappings_to_border_router(definitions): + """ Creates router_mapping entries from routers to border router. """ + + for router in definitions["routers"]: + num = definitions["routers"].index(router) + 5 + if num > 255: + print("Error: too many routers.") + sys.exit(1) + + ip = BORDER_ROUTER_IP[:(0-len(str(num)))] + ip += str(num) + + definitions["router_mappings"].append({"router":router["name"] + ,"network":BORDER_ROUTER_NETWORK_NAME + ,"ip":ip}) + + +def create_border_router(definitions): + """ Adds the definition of border router to definitions """ + + # TODO this should be later moved to input check + if not _are_br_parameters_free: + print("Error: Device parameter conflict.") + + """ Last number in the ip of routers in border network. """ + router_n = 5 + + _create_mappings_to_border_router(definitions) + + + definitions["routers"].append({"name":BORDER_ROUTER_NAME }) + definitions["networks"].append({"name":BORDER_ROUTER_NETWORK_NAME + ,"cidr":BORDER_ROUTER_NETWORK_IP}) + definitions["router_mappings"].append({"router":BORDER_ROUTER_NAME + ,"network":BORDER_ROUTER_NETWORK_NAME + ,"ip":BORDER_ROUTER_IP} ) + + diff --git a/name_mapping/interface.yml b/name_mapping/interface.yml index 9761b225a446b5ec75d2ab8a733c0f89404d5ee6..b675069d546ccf754b9c2ea5a5000dabe4c82f75 100644 --- a/name_mapping/interface.yml +++ b/name_mapping/interface.yml @@ -2,3 +2,4 @@ kalilinux/rolling-light: eth1 xubuntu-16.04-desktop-amd64: eth1 ubuntu/xenial64: enp0s8 acntech/xubuntu-developer: enp0s8 +debian/contrib-jessie64: eth1 diff --git a/templates/br b/templates/br new file mode 100644 index 0000000000000000000000000000000000000000..570104710ca254c62eeefeb5c0fd1ab8b56b4ba4 --- /dev/null +++ b/templates/br @@ -0,0 +1,40 @@ +--- +# Configuration for the border router + +- name: Enable IP forwarding + copy: + dest: "/etc/sysctl.conf" + content: "net.ipv4.ip_forward=1" + +- name: Restarting procps service + command: /etc/init.d/procps restart + +{% for host in hosts %} +- name: Add {{ host.host_name }} alias + lineinfile: + path: /etc/hosts + line: {{ host.host_ip }} {{ host.host_name }} + +{% endfor %} +{% for router in routers %} +- name: Add {{ router.router_name }} alias + lineinfile: + path: /etc/hosts + line: {{ router.router_ip }} {{ router.router_name }} + +{% endfor %} + +{% for target_cidr, router_ip in br_routes.items() %} +- name: Add routing to network {{ target_cidr }} + command: route add -net {{ target_cidr }} gw {{ router_ip }} eth1 +{% endfor %} + +- name: Add postrouting + # ssh connection fails without async after execution of iptables commands + shell: "sleep 2 && sudo iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source {{ border_router_public_ip }}" + async: 1 + poll: 0 + +- name: Save postrouting rule + command: su -c 'iptables-save > /etc/iptables.rules' +... diff --git a/templates/device_configuration b/templates/device_configuration index 73a852fe23a6ad5db658fbe1de3a385b43a7718b..e8ba8322319433a12718201c9e7823f43b14a95a 100644 --- a/templates/device_configuration +++ b/templates/device_configuration @@ -7,18 +7,34 @@ roles: - hosts +{% for host in hosts %} +- name: Configuring host {{ host.host_name }} separately + hosts: {{ host.host_name }} + become: yes + roles: + - {{ host.host_name }} + +{% endfor %} {% for host in hosts %} - name: Configuring host {{ host.host_name }} hosts: {{ host.host_name }} become: yes tasks: - - name: Change default gateway - command: route add default gw {{ host.router_ip }} {{ host.interface }} +{% for network_ip in network_ips %} + - name: Add gateway for {{ network_ip }} + command: route add -net {{ network_ip }} gw {{ host.router_ip }} {{ host.interface }} +{% endfor %} {% endfor %} - name: Configuring all routers - hosts: {{ routers|map(attribute='router_name')|unique|join(',') }} + hosts: {{ routers|map(attribute='router_name')|unique|reject('eq', border_router_name)|join(',') }} become: yes roles: - routers + +- name: Configuring border router + hosts: {{ border_router_name }} + become: yes + roles: + - br ... diff --git a/templates/hosts b/templates/hosts index 7ec4b06d1cb50d78bbeb36dd935879df7ea9cbac..e9254f11c31650636be65efaf1f4cdc53326191e 100644 --- a/templates/hosts +++ b/templates/hosts @@ -1,5 +1,5 @@ --- -# Configuration of all host devices +# Basic configuration of all host devices - name: Install net-tools command: apt install net-tools @@ -18,4 +18,7 @@ line: {{ router.router_ip }} {{ router.router_name }} {% endfor %} + +- name: Delete default gateway + command: route del default ... diff --git a/templates/playbook b/templates/playbook index cfe188a59a72408645ea38f871339d4b5b7d9110..7f3e1c7089a960a7da5b952b974f818a23081acf 100644 --- a/templates/playbook +++ b/templates/playbook @@ -1,33 +1,12 @@ --- -# Main ansible playbook - -#- import_playbook: device_configuration.yml - for new version - -- name: Configuring all hosts - hosts: {{ hosts|map(attribute='host_name')|unique|join(',') }} - become: yes - roles: - - hosts - -{% for host in hosts %} -- name: Configuring host {{ host.host_name }} - hosts: {{ host.host_name }} - become: yes - tasks: -{% for network_ip in network_ips %} - - name: Add gateway for {{ network_ip }} - command: route add -net {{ network_ip }} gw {{ host.router_ip }} {{ host.interface }} -{% endfor %} - - -{% endfor %} -- name: Configuring all routers - hosts: {{ routers|map(attribute='router_name')|unique|join(',') }} - become: yes - roles: - - routers - +# Main user ansible playbook # Write your custom configuration here: +- name: Hello world + hosts: all + tasks: + - name: print hello world + debug: + msg: "Hello World" ... diff --git a/templates/routers b/templates/routers index 88a4207a4b61b42d98dde36d273a8d71595ae16e..01f390d6dece8929ead4c09d6144659bc2ac05aa 100644 --- a/templates/routers +++ b/templates/routers @@ -23,4 +23,9 @@ line: {{ router.router_ip }} {{ router.router_name }} {% endfor %} +- name: Delete default gateway + command: route del default + +- name: Add default path to border router + command: route add default gw {{ border_router_ip }} eth2 ... diff --git a/templates/separate_hosts b/templates/separate_hosts new file mode 100644 index 0000000000000000000000000000000000000000..42e3f8076cb7cd468c1bf1cfb87f295d4ddbac46 --- /dev/null +++ b/templates/separate_hosts @@ -0,0 +1,6 @@ +--- +# Role for the host {{ host_name }} + +- name: Add default path to router + command: route add default gw {{ router_ip }} {{ interface }} +... diff --git a/templates/user_hosts b/templates/user_hosts new file mode 100644 index 0000000000000000000000000000000000000000..0dccf70c06e2ec8580828c2c8c6693e870030b59 --- /dev/null +++ b/templates/user_hosts @@ -0,0 +1,8 @@ +--- +# This is a role for all hosts. +# You can write your tasks here. +# These changes will affect all hosts. + + + +... diff --git a/templates/user_separate_hosts b/templates/user_separate_hosts new file mode 100644 index 0000000000000000000000000000000000000000..f49a8bafc9297f21682d4a170677d597336f6544 --- /dev/null +++ b/templates/user_separate_hosts @@ -0,0 +1,8 @@ +--- +# This is a role for the host {{ host_name }}. +# You can write your tasks here. +# These changes will affect only the host {{ host_name }}. + + + +... diff --git a/templates/vagrantfile b/templates/vagrantfile index c6dc87ac323c84fb3bb77fecef40e8906a11b12d..946446c71fc08127a3026740579c095125186d20 100644 --- a/templates/vagrantfile +++ b/templates/vagrantfile @@ -19,17 +19,29 @@ Vagrant.configure("2") do |config| {{ printAttributes(name) }} end {% endfor %} - # configuration of devices with ansible - config.vm.provision "ansible" do |ansible| + # basic ansible configuration of devices and networks + config.vm.provision :ansible{% if ansible_local %}_local{% endif %} do |ansible| + ansible.playbook = "base_provisioning/device_configuration.yml" + ansible.verbose = true + ansible.extra_vars = { + ansible_python_interpreter: "/usr/bin/python3", + } + end + + + # user configuration of devices with ansible + config.vm.provision :ansible{% if ansible_local %}_local{% endif %} do |ansible| ansible.playbook = "provisioning/playbook.yml" + ansible.verbose = true ansible.extra_vars = { ansible_python_interpreter: "/usr/bin/python3", } end {% for name in user_files %} - config.vm.provision "ansible" do |ansible| + config.vm.provision :ansible{% if ansible_local %}_local{% endif %} do |ansible| ansible.playbook = "provisioning/{{ name }}.yml" + ansible.verbose = true ansible.extra_vars = { ansible_python_interpreter: "/usr/bin/python3", }