aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

wip: misc: setup infra-1

Browse source
This commit is contained in:
jeltz 2023-09-16 01:24:01 +02:00
parent e87de918db
commit 078d9a3de9
Signed by: jeltz
GPG key ID: 800882B66C0C3326
9 changed files with 600 additions and 379 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

199
filter_plugins/bird.py Normal file
View file

@ -0,0 +1,199 @@
from __future__ import annotations
import itertools
from dataclasses import dataclass
from ipaddress import IPv4Address
from typing import Any, Generic, Iterator, Literal, TypeVar
from pydantic import (
BaseModel,
Field,
IPvAnyAddress,
ValidationError,
parse_obj_as,
)
T = TypeVar("T")
class AutoList(list[T], Generic[T]):
@classmethod
def __get_validators__(cls):
yield cls.__validator__
@classmethod
def __validator__(cls, value):
try:
return parse_obj_as(list[T], value)
except ValidationError:
return [parse_obj_as(T, value)]
class Proto(BaseModel):
protos: AutoList[str]
class Source(BaseModel):
sources: AutoList[int]
class And(BaseModel):
conditions: AutoList[Condition] = Field(alias="and")
class Or(BaseModel):
conditions: AutoList[Condition] = Field(alias="or")
class Not(BaseModel):
condition: Condition = Field(alias="not")
Condition = Proto | Source | And | Or | Not
And.update_forward_refs()
Or.update_forward_refs()
Not.update_forward_refs()
Accept = Literal["accept"]
Reject = Literal["reject"]
class PrefSrc(BaseModel):
pref_src: AutoList[IPvAnyAddress]
class Conditional(BaseModel):
condition: Condition = Field(alias="if")
actions: AutoList[Action] = Field(alias="then")
Action = Accept | Reject | PrefSrc | Conditional
Conditional.update_forward_refs()
Rule = Condition | AutoList[Action]
@dataclass
class Context:
ipv4: bool
indent: str
verb: str
def flatten(iterable: Iterable[Iterable[T]]) -> Iterable[T]:
return itertools.chain.from_iterable(iterable)
def indent(iterable, ctx: Context) -> Iterable[str]:
yield from (f"{ctx.indent}{i}" for i in iterable)
def filter_addrs(addrs, ctx: Context):
yield from (a for a in addrs if isinstance(a, IPv4Address) == ctx.ipv4)
def quoted(string: str) -> str:
escaped = string.replace("\\", "\\\\").replace('"', '\\"')
return f'"{escaped}"'
def bird_name(name: str, ipv4: bool) -> str:
return f"{name}{'4' if ipv4 else '6'}"
def str_of_condition(condition: Condition, ctx: bool) -> str:
match condition:
case Proto(protos=[]) | Source(sources=[]) | Or(conditions=[]):
return "false"
case And(conditions=[]):
return "true"
case Not(condition=condition):
return f"!{str_of_condition(condition)}"
case And(conditions=[condition]) | Or(conditions=[condition]):
return str_of_condition(condition, ctx)
case And(conditions=conditions):
return " && ".join(
f"({str_of_condition(c, ctx)})" for c in conditions
)
case Or(conditions=conditions):
return " || ".join(
f"({str_of_condition(c, ctx)})" for c in conditions
)
case Proto(protos=[proto]):
return f"proto = {quoted(bird_name(proto, ctx.ipv4))}"
case Proto(protos=protos):
protos = [quoted(bird_name(p, ctx.ipv4)) for p in protos]
return f"proto ~ [ {', '.join(protos)} ]"
case Source(sources=[source]):
return f"krt_source = {source}"
case Source(sources=sources):
sources = [str(s) for s in sources]
return f"krt_source ~ [ {', '.join(sources)} ]"
def lines_of_action(action: Action, ctx: Context) -> Iterable[str]:
match action:
case "accept" | "reject":
yield f"{action};"
case Conditional(condition=condition, actions=actions):
yield f"if {str_of_condition(condition, ctx)} then {'{'}"
yield from indent(
flatten(lines_of_action(a, ctx) for a in actions), ctx
)
yield "}"
case PrefSrc(pref_src=sources):
source = next(filter_addrs(sources, ctx))
yield f"krt_prefsrc = {source};"
def lines_of_stmt(rule: Rule, ctx: Context) -> Iterable[str]:
match parse_obj_as(Rule, rule):
case ["accept"]:
yield f"{ctx.verb} all;"
case [] | ["reject"]:
yield f"{ctx.verb} none;"
# FIXME
case (Proto() | Source() | And() | Or() | Not()) as condition:
# Conditional(condition=condition, actions=["accept"])
yield f"{ctx.verb} where {str_of_condition(condition, ctx)};"
case _ as actions:
yield f"{ctx.verb} filter {'{'}"
yield from indent(
flatten(lines_of_action(a, ctx) for a in actions), ctx
)
yield "};"
def bird_import(rule: Rule, ipv4: bool, indent: str = " ") -> str:
ctx = Context(verb="import", ipv4=ipv4, indent=indent)
return "\n".join(lines_of_stmt(rule, ctx))
def bird_export(rule: Rule, ipv4: bool, indent: str = " ") -> str:
ctx = Context(verb="export", ipv4=ipv4, indent=indent)
return "\n".join(lines_of_stmt(rule, ctx))
class FilterModule:
def filters(self):
return {
"bird_import": bird_import,
"bird_export": bird_export,
"bird_name": bird_name,
}

9
filter_plugins/net_utils.py
View file

@ -15,6 +15,15 @@ class FilterModule:
}
def first_addr(addresses, ipv4 = True):
version = ipaddress.IPv4Address if ipv4 else ipaddress.IPv6Address
for addr in addresses:
parsed = ipaddress.ip_address(xx)
if isinstance(parsed, version):
return parsed
raise ValueError("missing address")
def ip_filter(addresses, networks):
if isinstance(addresses, dict):
return {k: ip_filter(v, networks) for k, v in addresses.items()}

323
playbooks/bird.yml
View file

@ -1,147 +1,220 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- isp-1.back.infra.auro.re
- isp-2.back.infra.auro.re
vars:
bird__router_ids:
isp-1.back.infra.auro.re: 10.203.1.5
isp-2.back.infra.auro.re: 10.203.1.6
bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
bird__radv_interfaces:
client0:
prefix:
- 2a09:6841::/64
domain_search:
- client0.isp.auro.re
client1:
prefix:
- 2a09:6841:0:1::/64
domain_search:
- client1.isp.auro.re
client2:
prefix:
- 2a09:6841:0:2::/64
domain_search:
- client2.isp.auro.re
client3:
prefix:
- 2a09:6841:0:3::/64
domain_search:
- client3.isp.auro.re
client4:
prefix:
- 2a09:6841:0:400::/64
domain_search:
- client4.isp.auro.re
bird__radv_dns_servers:
- 2a09:6840:128::10:103
- 2a09:6840:128::10:3
bird__asn:
aurore: 43619
bird__bgp_addresses:
isp-1.back.infra.auro.re:
- 2a09:6840:203::1:5
- 10.203.1.5
isp-2.back.infra.auro.re:
- 2a09:6840:203::1:6
- 10.203.1.6
bird__bgp_sessions:
edge1:
local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
as: "{{ bird__asn.aurore }}"
remote:
address:
- 2a09:6840:203::1:1
- 10.203.1.1
as: "{{ bird__asn.aurore }}"
import:
- accept: true
export:
- accept: false
edge2:
local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
as: "{{ bird__asn.aurore }}"
remote:
address:
- 2a09:6840:203::1:2
- 10.203.1.2
as: "{{ bird__asn.aurore }}"
import:
- accept: true
export:
- accept: false
bird__ospf_broadcast_interfaces:
back0: null
bird__ospf_stub_interfaces:
- client0
- client1
- client2
- client3
- client4
roles:
- bird
#- hosts:
# - isp-1.back.infra.auro.re
# - isp-2.back.infra.auro.re
# vars:
# bird__router_ids:
# isp-1.back.infra.auro.re: 10.203.1.5
# isp-2.back.infra.auro.re: 10.203.1.6
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
# bird__radv_interfaces:
# client0:
# prefix:
# - 2a09:6841::/64
# domain_search:
# - client0.isp.auro.re
# client1:
# prefix:
# - 2a09:6841:0:1::/64
# domain_search:
# - client1.isp.auro.re
# client2:
# prefix:
# - 2a09:6841:0:2::/64
# domain_search:
# - client2.isp.auro.re
# client3:
# prefix:
# - 2a09:6841:0:3::/64
# domain_search:
# - client3.isp.auro.re
# client4:
# prefix:
# - 2a09:6841:0:400::/64
# domain_search:
# - client4.isp.auro.re
# bird__radv_dns_servers:
# - 2a09:6840:128::10:103
# - 2a09:6840:128::10:3
# bird__asn:
# aurore: 43619
# bird__bgp_addresses:
# isp-1.back.infra.auro.re:
# - 2a09:6840:203::1:5
# - 10.203.1.5
# isp-2.back.infra.auro.re:
# - 2a09:6840:203::1:6
# - 10.203.1.6
# bird__bgp_sessions:
# edge1:
# local:
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6840:203::1:1
# - 10.203.1.1
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - accept: false
# edge2:
# local:
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6840:203::1:2
# - 10.203.1.2
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - accept: false
# bird__ospf_broadcast_interfaces:
# back0: null
# bird__ospf_stub_interfaces:
# - client0
# - client1
# - client2
# - client3
# - client4
# roles:
# - bird
- hosts:
- infra-1.back.infra.auro.re
- infra-2.back.infra.auro.re
vars:
bird__router_ids:
infra-1.back.infra.auro.re: 10.203.1.3
infra-2.back.infra.auro.re: 10.203.1.4
bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
bird__ospf_broadcast_interfaces:
back0: null
bird__ospf_stub_interfaces:
- monit0
- wifi0
- int0
- pub0
- bmc0
- pve0
- isp0
- mgmt0
bird__asn:
bird__as:
aurore: 43619
bird__bgp_addresses:
infra-1.back.infra.auro.re:
bird__router_ids:
infra-1: 10.203.1.3
infra-2: 10.203.1.4
bird__pref_src_addrs:
infra-1:
- 2a09:6840:203::1:3
- 10.203.1.3
infra-2.back.infra.auro.re:
- 45.66.111.210
infra-2:
- 2a09:6840:203::1:4
- 10.203.1.4
bird__bgp_sessions:
- 45.66.111.211
bird__bgp_addrs:
infra-1:
back:
- 2a09:6840:203::1:3
- 10.203.1.3
infra-2:
back:
- 2a09:6840:203::1:4
- 10.203.1.4
bird__router_id: "{{ bird__router_ids[inventory_hostname_short] }}"
bird__kernel:
kernel:
learn: true
import: accept
export: accept
bird__ospf:
limits:
import: 4000
export: 4000
import: accept
export:
protos: kernel
areas:
0:
broadcast:
- back0
stub:
- monit0
- wifi0
- int0
- sw0
- bmc0
- pve0
- isp0
- ext0
- ups0
1:
broadcast:
- vpn0
bird__bgp:
edge1:
local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
as: "{{ bird__asn.aurore }}"
remote:
address: "{{ bird__bgp_addrs[inventory_hostname_short].back }}"
as: "{{ bird__as.aurore }}"
neighbor:
address:
- 2a09:6840:203::1:1
- 10.203.1.1
as: "{{ bird__asn.aurore }}"
as: "{{ bird__as.aurore }}"
import:
- accept: true
export:
- accept: false
edge2:
local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
as: "{{ bird__asn.aurore }}"
remote:
address:
- 2a09:6840:203::1:2
- 10.203.1.2
as: "{{ bird__asn.aurore }}"
import:
- accept: true
export:
- accept: false
- pref_src: "{{ bird__pref_src_addrs[inventory_hostname_short] }}"
- accept
export: reject
roles:
- bird
#- hosts:
# - infra-1.back.infra.auro.re
# - infra-2.back.infra.auro.re
# vars:
# bird__router_ids:
# infra-1.back.infra.auro.re: 10.203.1.3
# infra-2.back.infra.auro.re: 10.203.1.4
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
# bird__ospf_broadcast_interfaces:
# back0: null
# bird__ospf_stub_interfaces:
# - monit0
# - wifi0
# - int0
# - pub0
# - bmc0
# - pve0
# - isp0
# - mgmt0
# bird__asn:
# aurore: 43619
# bird__bgp_addresses:
# infra-1.back.infra.auro.re:
# - 2a09:6840:203::1:3
# - 10.203.1.3
# infra-2.back.infra.auro.re:
# - 2a09:6840:203::1:4
# - 10.203.1.4
# bird__bgp_sessions:
# edge1:
# local:
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6840:203::1:1
# - 10.203.1.1
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - accept: false
# edge2:
# local:
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
## address:
# - 2a09:6840:203::1:2
# - 10.203.1.2
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - accept: false
# roles:
# - bird
- hosts:
- edge-1.back.infra.auro.re
- edge-2.back.infra.auro.re

11
playbooks/firewall.yml
View file

@ -12,7 +12,11 @@
addrs:
- 2a09:6840:201::/64
- 10.201.0.0/16
back:
edge:
addrs:
- 2a09:6840:202::/64
- 10.202.0.0/16
core:
addrs:
- 2a09:6840:203::/64
- 10.203.0.0/16
@ -61,7 +65,8 @@
zones:
- adm-legacy
- ups
- back
- core
- edge
- monit
- wifi
- int
@ -107,7 +112,7 @@
dport: 5121
verdict: accept
firewall__nat:
- src: infra
- src: 10.0.0.0/8
dst: internet
protocols: null
snat:

6
playbooks/ifupdown2.yml
View file

@ -147,14 +147,10 @@
- 2a09:6840:211::1:2/64
- 10.211.1.2/16
infra-1.back.infra.auro.re:
adm0:
addresses:
- 2a09:6840:128::10:4/64
- 10.128.10.4/16
gateways: "{{ ifupdown2__gateways.adm }}"
back0:
addresses:
- 2a09:6840:203::1:3/64
- 45.66.111.210/32
- 10.203.1.3/16
ups0:
ipv6_addrgen: false

4
playbooks/knotd.yml
View file

@ -373,8 +373,8 @@
- 10.128.10.111
- 2a09:6840:128::10:111
infra-1.back:
- 10.128.10.4
- 2a09:6840:128::10:4
- 2a09:6840:203::1:3
- 10.203.1.3
infra-2.back:
- 10.128.10.104
- 2a09:6840:128::10:104

244
playbooks/systemd_link.yml
View file

@ -25,194 +25,110 @@
vars:
systemd_link__hosts:
edge-1.back.infra.auro.re:
adm0:
mac: 02:00:00:9E:3E:21
crans0:
mac: 02:00:00:A2:7C:68
zayo0:
mac: 02:00:00:35:89:82
rezel0:
mac: 02:00:00:8F:4A:AD
back0:
mac: 02:00:00:1C:3A:2E
viarezo0:
mac: 02:00:00:ED:70:64
router0:
mac: 02:00:00:5A:17:7C
oti0:
mac: 02:00:00:05:0E:A6
adm0: 02:00:00:9E:3E:21
crans0: 02:00:00:A2:7C:68
zayo0: 02:00:00:35:89:82
rezel0: 02:00:00:8F:4A:AD
back0: 02:00:00:1C:3A:2E
viarezo0: 02:00:00:ED:70:64
router0: 02:00:00:5A:17:7C
oti0: 02:00:00:05:0E:A6
edge-2.back.infra.auro.re:
adm0:
mac: 04:00:00:F5:69:B9
crans0:
mac: 04:00:00:CF:E1:D0
zayo0:
mac: 04:00:00:67:7B:12
rezel0:
mac: 04:00:00:C6:05:B7
back0:
mac: 04:00:00:DE:22:E6
viarezo0:
mac: 04:00:00:45:FA:E6
router0:
mac: 04:00:00:AD:D7:71
adm0: 04:00:00:F5:69:B9
crans0: 04:00:00:CF:E1:D0
zayo0: 04:00:00:67:7B:12
rezel0: 04:00:00:C6:05:B7
back0: 04:00:00:DE:22:E6
viarezo0: 04:00:00:45:FA:E6
router0: 04:00:00:AD:D7:71
ssh-1.mgmt.infra.auro.re:
adm0:
mac: 02:00:00:a3:49:20
pub0:
mac: 02:00:00:27:ea:9d
mgmt0:
mac: 02:00:00:0f:ac:75
adm0: 02:00:00:a3:49:20
pub0: 02:00:00:27:ea:9d
mgmt0: 02:00:00:0f:ac:75
vpn-1.back.infra.auro.re:
adm0:
mac: 02:00:00:3b:74:20
vpn0:
mac: 02:00:00:b5:ca:c7
pub0:
mac: 02:00:00:e3:65:49
adm0: 02:00:00:3b:74:20
vpn0: 02:00:00:b5:ca:c7
pub0: 02:00:00:e3:65:49
ssh-2.mgmt.infra.auro.re:
adm0:
mac: 04:00:00:98:c2:10
pub0:
mac: 04:00:00:65:cc:52
mgmt0:
mac: 04:00:00:3c:67:08
adm0: 04:00:00:98:c2:10
pub0: 04:00:00:65:cc:52
mgmt0: 04:00:00:3c:67:08
dns-1.int.infra.auro.re:
adm0:
mac: 02:00:00:6c:4b:89
int0:
mac: 02:00:00:9f:d9:f9
adm0: 02:00:00:6c:4b:89
int0: 02:00:00:9f:d9:f9
dns-2.int.infra.auro.re:
adm0:
mac: 04:00:00:2a:6e:be
int0:
mac: 04:00:00:3c:c0:5a
adm0: 04:00:00:2a:6e:be
int0: 04:00:00:3c:c0:5a
infra-1.back.infra.auro.re:
adm0:
mac: 02:00:00:f0:8a:dd
ups0:
mac: 02:00:00:fe:6f:0e
back0:
mac: 02:00:00:f8:93:22
monit0:
mac: 02:00:00:da:97:7f
wifi0:
mac: 02:00:00:8c:c5:bf
int0:
mac: 02:00:00:75:40:3e
pub0:
enabled: false
sw0:
mac: 02:00:00:ca:e8:d1
bmc0:
mac: 02:00:00:47:d1:b9
pve0:
mac: 02:00:00:b3:35:e7
isp0:
mac: 02:00:00:6b:53:14
mgmt0:
enabled: false
ext0:
mac: 02:00:00:32:86:60
vpn0:
mac: 02:00:00:52:5f:85
adm0: 02:00:00:f0:8a:dd
ups0: 02:00:00:fe:6f:0e
back0: 02:00:00:f8:93:22
monit0: 02:00:00:da:97:7f
wifi0: 02:00:00:8c:c5:bf
int0: 02:00:00:75:40:3e
sw0: 02:00:00:ca:e8:d1
bmc0: 02:00:00:47:d1:b9
pve0: 02:00:00:b3:35:e7
isp0: 02:00:00:6b:53:14
ext0: 02:00:00:32:86:60
vpn0: 02:00:00:52:5f:85
infra-2.back.infra.auro.re:
adm0:
mac: 04:00:00:d3:03:53
ups0:
mac: 04:00:00:6d:97:83
back0:
mac: 04:00:00:46:ba:f9
monit0:
mac: 04:00:00:72:0b:2d
wifi0:
mac: 04:00:00:ee:42:0f
int0:
mac: 04:00:00:21:fd:d0
adm0: 04:00:00:d3:03:53
ups0: 04:00:00:6d:97:83
back0: 04:00:00:46:ba:f9
monit0: 04:00:00:72:0b:2d
wifi0: 04:00:00:ee:42:0f
int0: 04:00:00:21:fd:d0
pub0:
enabled: false
sw0:
mac: 04:00:00:2e:5b:16
bmc0:
mac: 04:00:00:bb:5a:a6
pve0:
mac: 04:00:00:0b:2b:82
isp0:
mac: 04:00:00:f4:4c:5d
sw0: 04:00:00:2e:5b:16
bmc0: 04:00:00:bb:5a:a6
pve0: 04:00:00:0b:2b:82
isp0: 04:00:00:f4:4c:5d
mgmt0:
enabled: false
ext0:
mac: 04:00:00:1d:0e:83
vpn0:
mac: 04:00:00:02:ba:dd
ext0: 04:00:00:1d:0e:83
vpn0: 04:00:00:02:ba:dd
isp-1.back.infra.auro.re:
adm0:
mac: 02:00:00:D8:37:45
back0:
mac: 02:00:00:BF:10:4C
trunk0:
mac: 02:00:00:E9:BA:15
adm0: 02:00:00:D8:37:45
back0: 02:00:00:BF:10:4C
trunk0: 02:00:00:E9:BA:15
isp-2.back.infra.auro.re:
adm0:
mac: 04:00:00:85:C3:5D
back0:
mac: 04:00:00:FE:2D:67
trunk0:
mac: 04:00:00:D8:F5:4D
adm0: 04:00:00:85:C3:5D
back0: 04:00:00:FE:2D:67
trunk0: 04:00:00:D8:F5:4D
dhcp-1.isp.infra.auro.re:
adm0:
mac: 02:00:00:17:61:5b
isp0:
mac: 02:00:00:c6:3f:6f
trunk0:
mac: 02:00:00:b1:8d:d6
adm0: 02:00:00:17:61:5b
isp0: 02:00:00:c6:3f:6f
trunk0: 02:00:00:b1:8d:d6
dhcp-2.isp.infra.auro.re:
adm0:
mac: 04:00:00:0c:f1:42
isp0:
mac: 04:00:00:8c:d1:36
trunk0:
mac: 04:00:00:33:2c:3c
adm0: 04:00:00:0c:f1:42
isp0: 04:00:00:8c:d1:36
trunk0: 04:00:00:33:2c:3c
radius-1.isp.infra.auro.re:
adm0:
mac: 02:00:00:4f:35:12
isp0:
mac: 02:00:00:6a:3e:f4
adm0: 02:00:00:4f:35:12
isp0: 02:00:00:6a:3e:f4
radius-2.isp.infra.auro.re:
adm0:
mac: 04:00:00:96:54:a6
isp0:
mac: 04:00:00:29:6d:c9
adm0: 04:00:00:96:54:a6
isp0: 04:00:00:29:6d:c9
ldap-1.int.infra.auro.re:
adm0:
mac: 02:00:00:38:c2:52
int0:
mac: 02:00:00:fe:a8:54
adm0: 02:00:00:38:c2:52
int0: 02:00:00:fe:a8:54
ldap-2.int.infra.auro.re:
adm0:
mac: 04:00:00:f7:1c:47
int0:
mac: 04:00:00:e4:83:d2
adm0: 04:00:00:f7:1c:47
int0: 04:00:00:e4:83:d2
ntp-1.int.infra.auro.re:
adm0:
mac: 02:00:00:e0:26:2e
int0:
mac: 02:00:00:74:71:83
adm0: 02:00:00:e0:26:2e
int0: 02:00:00:74:71:83
ntp-2.int.infra.auro.re:
adm0:
mac: 04:00:00:08:83:2b
int0:
mac: 04:00:00:31:be:50
adm0: 04:00:00:08:83:2b
int0: 04:00:00:31:be:50
prometheus-1.monit.infra.auro.re:
adm0:
mac: 02:00:00:66:33:9d
monit0:
mac: 02:00:00:a8:6b:51
adm0: 02:00:00:66:33:9d
monit0: 02:00:00:a8:6b:51
prometheus-2.monit.infra.auro.re:
adm0:
mac: 04:00:00:3d:c6:a1
monit0:
mac: 04:00:00:a6:93:5a
adm0: 04:00:00:3d:c6:a1
monit0: 04:00:00:a6:93:5a
systemd_link__links: "{{ systemd_link__hosts[inventory_hostname] }}"
roles:
- systemd_link

181
roles/bird/templates/bird.conf.j2
View file

@ -8,26 +8,111 @@ protocol device {
scan time 10;
}
protocol direct {
ipv4;
ipv6;
}
protocol kernel kernel4 {
ipv4 {
import all;
export where source !~ [ RTS_DEVICE, RTS_STATIC ];
{% for name, kernel in bird__kernel.items() %}
{% for version in ["ipv4", "ipv6"] %}
{% set ipv4 = version == "ipv4" %}
protocol kernel {{ name | bird_name(ipv4) }} {
{% if kernel.kernel is defined %}
kernel table {{ kernel.kernel }};
{% endif %}
{% if kernel.learn | default(False) %}
learn;
{% endif %}
{% if kernel.persist | default(False) %}
persist;
{% endif %}
{{ version }} {
{{ kernel.import
| default([])
| bird_import(ipv4)
| indent(8) }}
{% if kernel.limits.import is defined %}
import limit {{ kernel.limits.import }};
{% endif %}
{{ kernel.export
| default([])
| bird_export(ipv4)
| indent(8) }}
{% if kernel.limits.export is defined %}
export limit {{ kernel.limits.export }};
{% endif %}
};
}
{% endfor %}
{% endfor %}
protocol kernel kernel6 {
ipv6 {
import all;
export where source !~ [ RTS_DEVICE, RTS_STATIC ];
{% if bird__ospf is defined %}
{% for version in ["ipv4", "ipv6"] %}
{% set ipv4 = version == "ipv4" %}
{% set ospf_version = "v2" if ipv4 else "v3" %}
protocol ospf {{ ospf_version }} {{ "ospf" | bird_name(ipv4) }} {
{{ version }} {
{{ bird__ospf.import
| default([])
| bird_import(ipv4)
| indent(8) }}
{% if bird__ospf.limits.import is defined %}
import limit {{ bird__ospf.limits.import }};
{% endif %}
{{ bird__ospf.export
| default([])
| bird_export(ipv4)
| indent(8) }}
{% if bird__ospf.limits.export is defined %}
export limit {{ bird__ospf.limits.export }};
{% endif %}
};
{% for id, area in bird__ospf.areas.items() %}
area {{ id }} {
{% for iface in area.broadcast | default([]) %}
interface {{ iface | enquote }} {
type broadcast;
hello 2;
retransmit 5;
wait 10;
dead 20;
};
{% endfor %}
{% for iface in area.stub | default([]) %}
interface {{ iface | enquote }} { stub; };
{% endfor %}
};
{% endfor %}
}
{% endfor %}
{% endif %}
{% for name, bgp in bird__bgp.items() %}
{% for version in ["ipv4", "ipv6"] %}
{% set ipv4 = version == "ipv4" %}
protocol bgp {{ name | bird_name(ipv4) }} {
local {{ bgp.local.address
| ansible.utils.ipaddr(version)
| first }} as {{ bgp.local.as }};
neighbor {{ bgp.neighbor.address
| ansible.utils.ipaddr(version)
| first }} as {{ bgp.neighbor.as }};
{{ version }} {
{{ bgp.import
| default([])
| bird_import(ipv4)
| indent(8) }}
{% if bgp.limits.import is defined %}
import limit {{ bgp.limits.import }};
{% endif %}
{{ bgp.export
| default([])
| bird_export(ipv4)
| indent(8) }}
{% if bgp.limits.export is defined %}
export limit {{ bgp.limits.export }};
{% endif %}
};
}
{% endfor %}
{% endfor %}
{% if bird__static_unreachable | ansible.utils.ipv4 %}
{# {% if bird__static_unreachable | ansible.utils.ipv4 %}
protocol static unreachable4 {
ipv4 {
import all;
@ -47,70 +132,9 @@ protocol static unreachable6 {
route {{ route }} unreachable;
{% endfor %}
}
{% endif %}
{% endif %} #}
{% if bird__ospf_broadcast_interfaces %}
protocol ospf v2 ospf4 {
ipv4 {
import all;
export where source ~ [ RTS_STATIC, RTS_DEVICE ];
};
area 0 {
{% for network in bird__ospf_stub_networks | ansible.utils.ipv4 %}
stubnet {{ network }};
{% endfor %}
{% for name, iface in bird__ospf_broadcast_interfaces.items() %}
interface {{ name | enquote }} {
type broadcast;
hello {{ iface.hello | default(bird__ospf_hello) | int }};
retransmit {{ iface.retransmit
| default(bird__ospf_retransmit)
| int }};
wait {{ iface.wait | default(bird__ospf_wait) | int }};
dead {{ iface.dead | default(bird__ospf_dead) | int }};
};
{% endfor %}
{% for name in bird__ospf_stub_interfaces %}
interface {{ name | enquote }} {
stub;
};
{% endfor %}
};
}
{% endif %}
{% if bird__ospf_broadcast_interfaces %}
protocol ospf v3 ospf6 {
ipv6 {
import all;
export where source ~ [ RTS_STATIC, RTS_DEVICE ];
};
area 0 {
{% for network in bird__ospf_stub_networks | ansible.utils.ipv6 %}
stubnet {{ network }};
{% endfor %}
{% for name, iface in bird__ospf_broadcast_interfaces.items() %}
interface {{ name | enquote }} {
type broadcast;
hello {{ iface.hello | default(bird__ospf_hello) | int }};
retransmit {{ iface.retransmit
| default(bird__ospf_retransmit)
| int }};
wait {{ iface.wait | default(bird__ospf_wait) | int }};
dead {{ iface.dead | default(bird__ospf_dead) | int }};
};
{% endfor %}
{% for name in bird__ospf_stub_interfaces %}
interface {{ name | enquote }} {
stub;
};
{% endfor %}
};
}
{% endif %}
{% macro bird_filter(filter, last) %}
{# {% macro bird_filter(filter, last) %}
{% if filter.as_prepend is defined %}
{% for _ in range(filter.as_prepend.size) %}
bgp_path.prepend({{ filter.as_prepend.asn }});
@ -124,7 +148,6 @@ bgp_local_pref = {{ filter.local_pref }};
{% endif %}
{% endmacro %}
{# FIXME: massive cleanup required #}
{% for name, session in bird__bgp_sessions.items() %}
{% for version in [4, 6] %}
{% for direction in ["import", "export"] %}
@ -208,4 +231,4 @@ protocol radv {
rdnss {{ address | ipaddr }};
{% endfor %}
}
{% endif %}
{% endif %} #}

2
roles/systemd_link/templates/link.j2
View file

@ -1,7 +1,7 @@
{{ ansible_managed | comment }}
[Match]
MACAddress={{ item.value.mac }}
MACAddress={{ item.value.mac | default(item.value) }}
[Link]
Name={{ item.key }}