12. Скрип для модуля

Модуль 4. Настройка сетевой инфраструктуры

HQ-RTR

cat > /etc/apt/sources.list.d/alt.list <<EOF
# ftp.altlinux.org (ALT Linux, Moscow)

# ALT Platform 10
#rpm [p10] ftp://ftp.altlinux.org/pub/distributions/ALTLinux p10/branch/x86_64 classic gostcrypto
#rpm [p10] ftp://ftp.altlinux.org/pub/distributions/ALTLinux p10/branch/x86_64-i586 classic
#rpm [p10] ftp://ftp.altlinux.org/pub/distributions/ALTLinux p10/branch/noarch classic

#rpm [p10] http://ftp.altlinux.org/pub/distributions/ALTLinux p10/branch/x86_64 classic gostcrypto
#rpm [p10] http://ftp.altlinux.org/pub/distributions/ALTLinux p10/branch/x86_64-i586 classic
#rpm [p10] http://ftp.altlinux.org/pub/distributions/ALTLinux p10/branch/noarch classic

#rpm [p10] rsync://ftp.altlinux.org/ALTLinux p10/branch/x86_64 classic gostcrypto
#rpm [p10] rsync://ftp.altlinux.org/ALTLinux p10/branch/x86_64-i586 classic
#rpm [p10] rsync://ftp.altlinux.org/ALTLinux p10/branch/noarch classic

rpm http://10.0.50.50/sisa p10/x86_64 classic
rpm http://10.0.50.50/sisa p10/noarch classic
EOF

hostnamectl set-hostname hq-rtr.au-team.irpo; exec bash
sed -i "s/HOSTNAME=localhost/HOSTNAME=hq-rtr.au-team.irpo/g" /etc/sysconfig/network
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options
echo "172.16.1.2/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 172.16.1.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 10.0.0.1" > /etc/net/ifaces/enp7s1/resolv.conf
mkdir /etc/net/ifaces/enp7s2
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options
mkdir /etc/net/ifaces/enp7s2.100
mkdir /etc/net/ifaces/enp7s2.200
mkdir /etc/net/ifaces/enp7s2.999
cat <<EOF> /etc/net/ifaces/enp7s2.100/options
TYPE=vlan
HOST=enp7s2
VID=100
EOF
cat <<EOF> /etc/net/ifaces/enp7s2.200/options
TYPE=vlan
HOST=enp7s2
VID=200
EOF
cat <<EOF> /etc/net/ifaces/enp7s2.999/options
TYPE=vlan
HOST=enp7s2
VID=999
EOF
echo "192.168.100.1/27" > /etc/net/ifaces/enp7s2.100/ipv4address
echo "192.168.200.1/24" > /etc/net/ifaces/enp7s2.200/ipv4address
echo "192.168.99.1/29" > /etc/net/ifaces/enp7s2.999/ipv4address
mkdir /etc/net/ifaces/gre1
cat <<EOF> /etc/net/ifaces/gre1/options
TYPE=iptun
TUNTYPE=gre
TUNLOCAL=172.16.1.2
TUNREMOTE=172.16.2.2
TUNOPTIONS='ttl 64'
HOST=enp7s1
EOF
echo "10.10.10.1/30" > /etc/net/ifaces/gre1/ipv4address
systemctl restart network

useradd net_admin
echo "net_admin:P@ssw0rd" | chpasswd
usermod -aG wheel net_admin || true
mkdir /etc/sudoers.d
echo "sshuser ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers.d/sudoers

apt-get update && apt-get install -y frr
sed -i "s/ospfd=no/ospfd=yes/g" /etc/frr/daemons
systemctl enable --now frr
vtysh
configure terminal
route ospf
passive-interface default
network 10.10.10.0/30 area 0
network 192.168.100.0/27 area 0
network 192.168.200.0/24 area 0
network 192.168.99.0/29 area 0
exit
interface gre1
no ip ospf passive
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 P@ssw0rd
end
write memory
exit

apt-get install -y iptables 
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/net/sysctl.conf
systemctl restart network
iptables -t nat -A POSTROUTING -o enp7s1 -j MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables
vtysh
write memory
exit

apt-get install -y dhcp-server
sed -i "s/DHCPDARGS=/DHCPDARGS='enp7s2.200'/g" /etc/sysconfig/dhcpd

printf '%s\n' \
'ddns-update-style none;'\
'' \
'subnet 192.168.200.0 netmask 255.255.255.0 {' \
$'\toption routers 192.168.200.1;' \
$'\toption subnet-mask 255.255.255.0;' \
$'\toption domain-name "au-team.irpo";' \
$'\toption domain-name-servers 192.168.100.2;' \
$'\trange dynamic-bootp 192.168.200.2 192.168.200.254;' \
$'\tdefault-lease-time 6000;' \
$'\tmax-lease-time 72000;' \
'}' > /etc/dhcp/dhcpd.conf

systemctl enable --now dhcpd

apt-get install tzdata
timedatectl set-timezone Asia/Yakutsk

BR-RTR

cat > /etc/apt/sources.list.d/alt.list <<EOF
# ftp.altlinux.org (ALT Linux, Moscow)

# ALT Platform 10
#rpm [p10] ftp://ftp.altlinux.org/pub/distributions/ALTLinux p10/branch/x86_64 classic gostcrypto
#rpm [p10] ftp://ftp.altlinux.org/pub/distributions/ALTLinux p10/branch/x86_64-i586 classic
#rpm [p10] ftp://ftp.altlinux.org/pub/distributions/ALTLinux p10/branch/noarch classic

#rpm [p10] http://ftp.altlinux.org/pub/distributions/ALTLinux p10/branch/x86_64 classic gostcrypto
#rpm [p10] http://ftp.altlinux.org/pub/distributions/ALTLinux p10/branch/x86_64-i586 classic
#rpm [p10] http://ftp.altlinux.org/pub/distributions/ALTLinux p10/branch/noarch classic

#rpm [p10] rsync://ftp.altlinux.org/ALTLinux p10/branch/x86_64 classic gostcrypto
#rpm [p10] rsync://ftp.altlinux.org/ALTLinux p10/branch/x86_64-i586 classic
#rpm [p10] rsync://ftp.altlinux.org/ALTLinux p10/branch/noarch classic

rpm http://10.0.50.50/sisa p10/x86_64 classic
rpm http://10.0.50.50/sisa p10/noarch classic
EOF

hostnamectl set-hostname br-rtr.au-team.irpo; exec bash
sed -i "s/HOSTNAME=localhost/HOSTNAME=br-rtr.au-team.irpo/g" /etc/sysconfig/network
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options
echo "172.16.2.2/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 172.16.2.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 10.0.0.1" > /etc/net/ifaces/enp7s1/resolv.conf
mkdir /etc/net/ifaces/enp7s2
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options
echo "192.168.0.1/28" > /etc/net/ifaces/enp7s2/ipv4address
mkdir /etc/net/ifaces/gre1
cat <<EOF> /etc/net/ifaces/gre1/options
TYPE=iptun
TUNTYPE=gre
TUNLOCAL=172.16.2.2
TUNREMOTE=172.16.1.2
TUNOPTIONS='ttl 64'
HOST=enp7s1
EOF
echo "10.10.10.2/30" > /etc/net/ifaces/gre1/ipv4address
systemctl restart network

useradd net_admin
echo "net_admin:P@ssw0rd" | chpasswd
usermod -aG wheel net_admin || true
mkdir /etc/sudoers.d
echo "sshuser ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers.d/sudoers

apt-get update && apt-get install -y frr
sed -i "s/ospfd=no/ospfd=yes/g" /etc/frr/daemons
systemctl enable --now frr
vtysh
configure terminal
route ospf
passive-interface default
network 10.10.10.0/30 area 0
network 192.168.0.0/28 area 0
exit
interface gre1
no ip ospf passive
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 P@ssw0rd
end
write memory
exit

apt-get install -y iptables
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/net/sysctl.conf
systemctl restart network
iptables -t nat -A POSTROUTING -o enp7s1 -j MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables
vtysh
write memory
exit

apt-get install tzdata
timedatectl set-timezone Asia/Yakutsk

Файл