From 8ff8f1fa4037defebab29c7c7775ae3372cbe9a7 Mon Sep 17 00:00:00 2001 From: binary Date: Sat, 7 Nov 2020 20:39:07 +0100 Subject: Automate network deployment --- roles/relayd/tasks/main.yml | 15 +++++++++ roles/relayd/templates/relayd.conf.j2 | 58 +++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 roles/relayd/tasks/main.yml create mode 100644 roles/relayd/templates/relayd.conf.j2 (limited to 'roles/relayd') diff --git a/roles/relayd/tasks/main.yml b/roles/relayd/tasks/main.yml new file mode 100644 index 0000000..5de324c --- /dev/null +++ b/roles/relayd/tasks/main.yml @@ -0,0 +1,15 @@ + +# relayd ~~ tasks/main.yml + +--- + +- name: Generate relayd configuration + template: + src: templates/relayd.conf.j2 + dest: /etc/relayd.conf + +- name: Enable and restart relayd + service: + name: relayd + state: restarted + enabled: true diff --git a/roles/relayd/templates/relayd.conf.j2 b/roles/relayd/templates/relayd.conf.j2 new file mode 100644 index 0000000..4b43c8e --- /dev/null +++ b/roles/relayd/templates/relayd.conf.j2 @@ -0,0 +1,58 @@ + +# relayd ~~ /etc/relayd.conf +# managed by Ansible + +# ====== # +# tables +# ====== # + +table { 127.0.0.1 } +{% for h in groups["all"] %} +{% set h = dict(hostvars[h]) %} +{##} +{% if h.ip.in is defined %} +table <{{ h.ansible_host }}> { {{ h.ip.in }} } +{% endif %} +{##} +{% endfor %} + +# ================ # +# filter for vhost +# ================ # + +http protocol vhost { +{% for h in groups["all"] %} +{% set h = dict(hostvars[h]) %} +{##} +{% if h.ip.in is defined %} + pass request header "Host" value "{{ h.ansible_host }}.{{ _i.domain_name }}" forward to <{{ h.ansible_host }}> +{% endif %} +{##} +{% endfor %} +} + +# ======================= # +# relays for all protocol +# ======================= # + +{% set relays = {} %} +{% for h in groups["servers"] %} + {% set h = dict(hostvars[h]) %} + {##} + {% for service in h.services | sort(attribute="port") if service.domain is defined %} + {% set _ = relays.update({ service.port : [] }) if relays[service.port] is not defined %} + {% set key_changer = { "host" : h.ansible_host, "domain" : service.domain } %} + {% set _ = relays[service.port].append(key_changer) %} + {% endfor %} + {##} +{% endfor %} + +{% for relay in relays %} +relay vhost_{{ relay }} { + listen on egress port {{ relay }} + protocol vhost +{% for h in relays[relay] %} + forward to <{{ h.host }}> port {{ relay }} check icmp +{% endfor %} +} +{% endfor %} -- cgit v1.2.3