StefanMewes/Nebula-Ansible-Role
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Erweiterung 2 Lighthouses möglich

Browse Source
This commit is contained in:
Stefan Mewes
2026-04-11 11:35:30 +02:00
parent ac5c71a43d
commit 3574ce95f2
9 changed files with 346 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files
example_playbook_and_inventory.yml
+69
View File
@@ -0,0 +1,69 @@
# =============================================================
# Beispiel-Inventory: inventory
# =============================================================
[nebula_lighthouse]
lighthouse1.example.com
lighthouse2.example.com
[servers]
web01.example.com nebula_internal_ip_addr=10.43.0.10
docker01.example.com nebula_internal_ip_addr=10.43.0.11
db01.example.com nebula_internal_ip_addr=10.43.0.12
# =============================================================
# Beispiel-Playbook: nebula.yml
# =============================================================
---
- name: Deploy Nebula (multi-lighthouse)
hosts: all
gather_facts: yes
user: ansible
become: yes
vars:
nebula_version: 1.8.0
nebula_network_name: "My Company Nebula"
nebula_network_cidr: 16
# --- Multi-Lighthouse-Konfiguration ---
# Der ERSTE Eintrag ist der Primary (hostet CA-Schlüssel).
# Alle weiteren sind Secondaries.
nebula_lighthouses:
- hostname: lighthouse1
internal_ip: 10.43.0.1
public_hostname: lh1.example.com
public_port: 4242
is_relay: true
- hostname: lighthouse2
internal_ip: 10.43.0.2
public_hostname: lh2.example.com
public_port: 4242
is_relay: true
nebula_firewall_block_action: reject
nebula_inbound_rules:
- { port: "any", proto: "icmp", host: "any" }
- { port: 22, proto: "tcp", host: "any" }
nebula_outbound_rules:
- { port: "any", proto: "any", host: "any" }
roles:
- role: nebula
# =============================================================
# WICHTIG: Hostname im Inventory muss dem hostname-Feld in
# nebula_lighthouses entsprechen!
#
# lighthouse1.example.com → hostname: lighthouse1
# lighthouse2.example.com → hostname: lighthouse2
#
# Die Rolle sucht den passenden Eintrag per:
# selectattr('hostname', 'equalto', inventory_hostname)
#
# Falls du FQDNs als hostname-Feld nutzen willst:
# - hostname: lighthouse1.example.com
# ...
# und im Inventory ebenfalls:
# lighthouse1.example.com
# =============================================================