Table of Contents

Настройка стендов слушателей

Настройка виртуальных систем Unix

Общие файлы конфигурации

Debian/Ubuntu

# cat /etc/hosts
127.0.0.1               localhost

#192.168.X.1 gate.corpX.un gate
#192.168.X.10 server.corpX.un server
#192.168.X.30 client1.corpX.un client1
#192.168.100+X.10 lan.corpX.un lan

172.16.1.254           proxy
172.16.1.254           rep
# cat /etc/resolv.conf
search corpX.un
nameserver 172.16.1.254

Debian/Ubuntu

Gate

root@localhost:~# cat /etc/hostname
gate.corpX.un
root@localhost:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 192.168.X.1
        netmask 255.255.255.0

auto eth1
iface eth1 inet static
        address 172.16.1.X
        netmask 255.255.255.0
        gateway 172.16.1.254
root@localhost:~# cat /etc/sysctl.conf
...
net.ipv4.ip_forward = 1
...
root@localhost:~# init 6

...

root@gate:~# apt update

Server

root@localhost:~# cat /etc/hostname
server.corpX.un
root@localhost:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 192.168.X.10
        netmask 255.255.255.0
        gateway 192.168.X.1
root@localhost:~# init 6

...

root@server:~# apt update

FreeBSD

Gate

# cat /etc/rc.conf
hostname="gate.corpX.un"
ifconfig_em0="192.168.X.1/24"
ifconfig_em1="172.16.1.X/24"
defaultrouter=172.16.1.254
gateway_enable=yes

keyrate="fast"
sshd_enable=yes
# init 6

# pkg update -f

# pkg install pkg

Server

# cat /etc/rc.conf
hostname="server.corpX.un"
ifconfig_em0="192.168.X.10/24"
defaultrouter=192.168.X.1

keyrate="fast"
sshd_enable=yes
# init 6

# pkg update -f

# pkg install pkg

Скрипты автоконфигурации

# git clone http://val.bmstu.ru/unix/conf.git

gate.corpX.un

# cat net_gate.sh
X=$1

if test -z $X
then
        echo -n "enter X: "
        read X
fi

cat > /etc/hosts <<EOF
127.0.0.1               localhost

192.168.$X.1 gate.corp$X.un gate

172.16.1.254           proxy
172.16.1.254           rep
EOF

cat > /etc/resolv.conf <<EOF
search corp$X.un
nameserver 172.16.1.254
#nameserver 192.168.$X.10
EOF

echo gate.corp$X.un > /etc/hostname

cat > /etc/network/interfaces <<EOF
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 192.168.$X.1
        netmask 255.255.255.0

auto eth1
iface eth1 inet static
        address 172.16.1.$X
        netmask 255.255.255.0
        gateway 172.16.1.254

#auto eth2
#iface eth2 inet static
#        address 192.168.$((100+$X)).1
#        netmask 255.255.255.0
EOF

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

timedatectl set-timezone Europe/Moscow

echo Success
exit 0

server.corpX.un

# cat net_server.sh
X=$1

if test -z $X
then
        echo -n "enter X: "
        read X
fi

cat > /etc/hosts <<EOF
127.0.0.1               localhost

192.168.$X.10 server.corp$X.un server

172.16.1.254           proxy
172.16.1.254           rep
EOF

cat > /etc/resolv.conf <<EOF
search corp$X.un
nameserver 172.16.1.254
#nameserver 192.168.$X.10
EOF

echo server.corp$X.un > /etc/hostname

cat > /etc/network/interfaces <<EOF
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 192.168.$X.10
        netmask 255.255.255.0
        gateway 192.168.$X.1
EOF

timedatectl set-timezone Europe/Moscow

echo Success
exit 0

dhcp

# cat dhcp.sh
X=$1

if test -z $X
then
        echo -n "enter X: "
        read X
fi

apt update
apt install -y isc-dhcp-server

echo 'INTERFACES="eth0"' > /etc/default/isc-dhcp-server
echo '#INTERFACES="eth0 eth2"' >> /etc/default/isc-dhcp-server

cat > /etc/dhcp/dhcpd.conf <<EOF
ddns-update-style none;

default-lease-time 600;
max-lease-time 7200;

option domain-name "corp$X.un";
option domain-name-servers 192.168.$X.10;

#### For provisioning ####
#option tftp-server-name code 66 = string; # RFC 2132
#option tftp-server-address code 150 = ip-address; # RFC 5859
#option tftp-server-name "server.corp$X.un";
#option tftp-server-address 192.168.$X.10;


shared-network LAN1 {
  subnet 192.168.$X.0 netmask 255.255.255.0 {
    range 192.168.$X.101 192.168.$X.199;
    option routers 192.168.$X.1;
  }
}

#shared-network LAN2 {
#  subnet 192.168.$((100 + $X)).0 netmask 255.255.255.0 {
#    range 192.168.$((100 + $X)).101 192.168.$((100 + $X)).199;
#    option routers 192.168.$((100 + $X)).1;
#  }
#}


EOF

dhcpd -t && service isc-dhcp-server start

echo Success
exit 0

dns

# cat dns.sh
X=$1

if test -z $X
then
        echo -n "enter X: "
        read X
fi

apt update
apt install -y bind9 dnsutils

cat > /etc/bind/named.conf <<EOF
options {
        directory "/var/cache/bind";

        allow-recursion { any; };

        forwarders {
                172.16.1.254;
        };
        empty-zones-enable no;
};

view "inside" {
        match-clients {
//            192.168.$X/24;
//            127/8;
              0/0;
        };
        zone "corp$X.un" {
                type master;
                file "/etc/bind/corp$X.un";
        };
};

view "outside" {
        zone "corp$X.un" {
                type master;
                file "/etc/bind/corp$X.un.out";
        };
};
EOF

cat > /etc/bind/corp$X.un <<EOF
\$TTL      3h
@         SOA     ns root.ns  1 1d 12h 1w 3h
          NS      ns

          A       192.168.$X.10
          MX 1    server

ns        A       192.168.$X.10
gate      A       192.168.$X.1
server    A       192.168.$X.10

;_sip._udp           SRV     0 0 5060 server

;_xmpp-client._tcp   SRV     0 0 5222 server

;_kerberos._udp      SRV     01 00 88 server
;_kerberos._tcp      SRV     01 00 88 server
;_kerberos           TXT     CORP$X.UN
EOF

cat > /etc/bind/corp$X.un.out <<EOF
\$TTL      3h
@         SOA     ns root.ns  1 1d 12h 1w 3h
          NS      ns

ns        A       172.16.1.$X
gate      A       172.16.1.$X
server    A       172.16.1.$X

;_sip._udp           SRV     00 00 6050 server
EOF

named-checkconf -z && service bind9 restart

echo Success
exit 0

Ansible конфигурация

# git clone http://val.bmstu.ru/unix/conf.git
server.isp.un:~/ansible/roles# cat host.yml
- name: Network config for hosts
  hosts: corp
  strategy: free
  roles:
    - host
server.isp.un:~/ansible/roles# cat host/tasks/main.yml
- name: Create hosts file
  template: src=hosts.j2 dest=/etc/hosts

- name: Create resolv.conf file
  template: src=resolv.conf.j2 dest=/etc/resolv.conf

- name: Create hostname file
  template: src=hostname.j2 dest=/etc/hostname

- name: Create interfaces file
  template: src=interfaces.j2 dest=/etc/network/interfaces

#- name: Restart system
#  command: shutdown -r +1
server.isp.un:~/ansible/roles# cat host/vars/main.yml
hostname: server
#hostname: mail
base_domain_prefix: corp
base_domain_suffix: un
base_net: 172.16.1
gateway_octet: 254
dns_ip: 172.16.1.254
X: "{{ ansible_eth0.ipv4.address.split('.')[3] }}"
#X: "{{ ansible_eth0.ipv4.address.split('.')[3] | int - 100 }}"
server.isp.un:~/ansible/roles# cat host/templates/hosts.j2
127.0.0.1 localhost

{{ ansible_eth0.ipv4.address }} {{ hostname }}.{{ base_domain_prefix }}{{ X }}.{{ base_domain_suffix }} {{ hostname }}

{{ base_net }}.254 rep
server.isp.un:~/ansible/roles# cat host/templates/resolv.conf.j2
search {{ base_domain_prefix }}{{ X }}.{{ base_domain_suffix }}
nameserver {{ dns_ip }}
server.isp.un:~/ansible/roles# cat host/templates/hostname.j2
{{ hostname }}.{{ base_domain_prefix }}{{ X }}.{{ base_domain_suffix }}
server.isp.un:~/ansible/roles# cat host/templates/interfaces.j2
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address {{ ansible_eth0.ipv4.address }}
        netmask 255.255.255.0
        gateway {{ base_net }}.{{ gateway_octet }}
root@server:~/ansible/roles# ansible-playbook host.yml

или

root@server:~# ansible-playbook ansible/roles/host.yml