Initial ansible attempts

2020-08-04 05:37:36 +00:00 · 2020-08-04 05:37:36 +00:00 · e527d3fd8a
parent afb1bc4712
commit e527d3fd8a
3 changed files with 44 additions and 0 deletions
--- a/ansible/README.md
+++ b/ansible/README.md
@ -0,0 +1,7 @@
+# Ansible
+
+Some basic Ansible 'stuff' for managing PiFrames.
+
+This is very much WIP and nothing in this directory should **NOT** be used unless you plan on submitting patches / fixes / etc.
+
+For now the goal of this code is to get a basic WireGuard deployment going for the PiFrameFleet area of the project.
--- a/ansible/deploy-controller.sh
+++ b/ansible/deploy-controller.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+
+# https://www.tauceti.blog/post/kubernetes-the-not-so-hard-way-with-ansible-wireguard/
+# https://github.com/githubixx/ansible-role-wireguard
+
+TAGS_SKIP=wg_install ansible -i inventory-wireguard -m include_role -a name=githubixx.ansible_role_wireguard wg --limit controller --check
--- a/ansible/inventory-wireguard
+++ b/ansible/inventory-wireguard
@ -0,0 +1,31 @@
+---
+wg:
+  hosts:
+      frame1:
+        ansible_host: 10.5.5.100
+        wireguard_address: 192.168.254.11/32
+      frame2:
+        ansible_host: 10.5.5.101
+        wireguard_address: 192.168.254.11/32
+      controller:
+        ansible_connection: local
+        wireguard_address: 192.168.254.1/32
+        wireguard_endpoint: ""
+        wireguard_postup:
+          - ip route add 192.168.254.0/24 via 192.168.254.1 dev wg0
+          - iptables -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
+          - iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
+          - iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
+          - iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
+          - iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
+        wireguard_postdown:
+          - ip route del 192.168.254.0/24 via 192.168.254.1 dev wg0
+          - iptables -D -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
+          - iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
+          - iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
+          - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
+          - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
+  vars:
+    wireguard_allowed_ips: "172.16.8.10/24"
+    wireguard_endpoint: piframefleet.domain.tld
+    wireguard_persistent_keepalive: 30