From 8e99a7dbf4bccc89d661780cd98872273b9818a7 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 25 Nov 2018 03:50:57 +0100 Subject: [PATCH] configuring network zones works now --- ansible/group_vars/accesspoints/main.yml | 117 +++++++++++++++-------------- ansible/group_vars/accesspoints/vault.yml | 14 ++++ 2 files changed, 73 insertions(+), 58 deletions(-) create mode 100644 ansible/group_vars/accesspoints/vault.yml diff --git a/ansible/group_vars/accesspoints/main.yml b/ansible/group_vars/accesspoints/main.yml index 480ccaa..aea52eb 100644 --- a/ansible/group_vars/accesspoints/main.yml +++ b/ansible/group_vars/accesspoints/main.yml @@ -11,17 +11,17 @@ accesspoint_wifi_channels: accesspoint_zones: iot: - ssid: "realstuff" + ssid: "TEST realstuff" encryption: "psk2" - key: "this-should-come-from-vault" + key: "{{ vault_accesspoint_zones.iot.key }}" guests: - ssid: "realraum" + ssid: "TEST realraum" encryption: "psk2" - key: "same-here" - members: - ssid: "r3members" - encryption: "psk2" - key: "this-will-probably-use-radius-and-not-even-have-a-key" + key: "{{ vault_accesspoint_zones.guests.key }}" + # members: + # ssid: "TEST r3members" + # encryption: "psk2" + # key: "{{ vault_accesspoint_zones.members.key }}" @@ -60,19 +60,20 @@ accesspoint_network_base: dns: "{{ net.mgmt.dns | join(' ') }}" dns_search: realraum.at -accesspoint_network_zones: [] -# accesspoint_network_zone_template: -# - name: interface '{{ item }}' -# options: -# type: bridge -# ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}" -# accept_ra: 0 -# proto: none - +accesspoint_network_zones: "{{ accesspoint_network_zones_yaml | from_yaml }}" +accesspoint_network_zones_yaml: | + {% for item in accesspoint_zones.keys() %} + - name: interface "{{ item }}" + options: + type: bridge + ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}" + accept_ra: 0 + proto: none + {% endfor %} accesspoint_wireless_devices: - - name: wifi-device 'radio5' + - name: wifi-device 'radio5g' options: type: 'mac80211' channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}" @@ -81,7 +82,7 @@ accesspoint_wireless_devices: path: "{{ accesspoint_wireless_device_paths['5g'] }}" htmode: 'VHT80' - - name: wifi-device 'radio24' + - name: wifi-device 'radio2g4' options: type: 'mac80211' channel: "{{ accesspoint_wifi_channels['2.4g'][inventory_hostname] }}" @@ -90,45 +91,45 @@ accesspoint_wireless_devices: path: "{{ accesspoint_wireless_device_paths['2.4g'] }}" htmode: 'HT20' -accesspoint_wireless_ifaces: [] -# accesspoint_wireless_iface_template: -# - name: wifi-iface '{{ item }}24s' -# options: -# device: 'radio24' -# network: '{{ item }}' -# mode: 'ap' -# ssid: '{{ accesspoint_zones[item].ssid }}24' -# encryption: '{{ accesspoint_zones[item].encryption }}' -# key: '{{ accesspoint_zones[item].key }}' - -# - name: wifi-iface '{{ item }}5s' -# options: -# device: 'radio5' -# network: '{{ item }}' -# mode: 'ap' -# ssid: '{{ accesspoint_zones[item].ssid }}5' -# encryption: '{{ accesspoint_zones[item].encryption }}' -# key: '{{ accesspoint_zones[item].key }}' - -# - name: wifi-iface '{{ item }}24' -# options: -# device: 'radio24' -# network: '{{ item }}' -# mode: 'ap' -# ssid: '{{ accesspoint_zones[item].ssid }}' -# encryption: '{{ accesspoint_zones[item].encryption }}' -# key: '{{ accesspoint_zones[item].key }}' - -# - name: wifi-iface '{{ item }}5' -# options: -# device: 'radio5' -# network: '{{ item }}' -# mode: 'ap' -# ssid: '{{ accesspoint_zones[item].ssid }}' -# encryption: '{{ accesspoint_zones[item].encryption }}' -# key: '{{ accesspoint_zones[item].key }}' - - +accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}" +accesspoint_wireless_ifaces_yaml: | + {% for item in accesspoint_zones.keys() %} + - name: wifi-iface '{{ item }}2g4only' + options: + device: 'radio2g4' + network: '{{ item }}' + mode: 'ap' + ssid: '{{ accesspoint_zones[item].ssid }}2.4' + encryption: '{{ accesspoint_zones[item].encryption }}' + key: '{{ accesspoint_zones[item].key }}' + + - name: wifi-iface '{{ item }}5gonly' + options: + device: 'radio5g' + network: '{{ item }}' + mode: 'ap' + ssid: '{{ accesspoint_zones[item].ssid }}5' + encryption: '{{ accesspoint_zones[item].encryption }}' + key: '{{ accesspoint_zones[item].key }}' + + - name: wifi-iface '{{ item }}2g4' + options: + device: 'radio2g4' + network: '{{ item }}' + mode: 'ap' + ssid: '{{ accesspoint_zones[item].ssid }}' + encryption: '{{ accesspoint_zones[item].encryption }}' + key: '{{ accesspoint_zones[item].key }}' + + - name: wifi-iface '{{ item }}5g' + options: + device: 'radio5g' + network: '{{ item }}' + mode: 'ap' + ssid: '{{ accesspoint_zones[item].ssid }}' + encryption: '{{ accesspoint_zones[item].encryption }}' + key: '{{ accesspoint_zones[item].key }}' + {% endfor %} diff --git a/ansible/group_vars/accesspoints/vault.yml b/ansible/group_vars/accesspoints/vault.yml new file mode 100644 index 0000000..310334d --- /dev/null +++ b/ansible/group_vars/accesspoints/vault.yml @@ -0,0 +1,14 @@ +$ANSIBLE_VAULT;1.1;AES256 +64316132376664633237633361636561366134623562623338396235356134383434383766343337 +6665383561306465383139633065373037626336336237370a616530393563376637316434653632 +34373735393365396439633630653838353630636130663233393031383630326434336162626166 +3764383533363766380a383764393436316262653131363933303838396664616635623338653632 +64636434353631653939383235303863646336353037396632303561303564306539626461306634 +64393964323035336434346664346139313164333764643038323262646139376366333830636366 +63656266376430663462626133376535373337656461373832653736646136626135366264343736 +32663338636264356634393562663036356239353963356233333066366564383631666466376430 +30353038626163353564396137366634336362393562386539373732343766383164376131643962 +30653063376333336336313635663334366631633239643063396537386535653238613763663563 +31663963313232643161313431373334666638646139313035666334626334363661613261383630 +35643834626431346234306264643265623934303033316339663135633731356133623631346335 +66396636663134626339326466396434343436346533323161316639366265326132 -- 1.7.10.4