aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

wip: misc: setup infra-1

Browse source
This commit is contained in:
jeltz 2023-09-16 01:24:01 +02:00
parent e87de918db
commit 078d9a3de9
Signed by: jeltz
GPG key ID: 800882B66C0C3326
9 changed files with 600 additions and 379 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

199
filter_plugins/bird.py Normal file
View file

@ -0,0 +1,199 @@
from __future__ import annotations
import itertools
from dataclasses import dataclass
from ipaddress import IPv4Address
from typing import Any, Generic, Iterator, Literal, TypeVar
from pydantic import (
BaseModel,
Field,
IPvAnyAddress,
ValidationError,
parse_obj_as,
)
T = TypeVar("T")
class AutoList(list[T], Generic[T]):
@classmethod
def __get_validators__(cls):
yield cls.__validator__
@classmethod
def __validator__(cls, value):
try:
return parse_obj_as(list[T], value)
except ValidationError:
return [parse_obj_as(T, value)]
class Proto(BaseModel):
protos: AutoList[str]
class Source(BaseModel):
sources: AutoList[int]
class And(BaseModel):
conditions: AutoList[Condition] = Field(alias="and")
class Or(BaseModel):
conditions: AutoList[Condition] = Field(alias="or")
class Not(BaseModel):
condition: Condition = Field(alias="not")
Condition = Proto | Source | And | Or | Not
And.update_forward_refs()
Or.update_forward_refs()
Not.update_forward_refs()
Accept = Literal["accept"]
Reject = Literal["reject"]
class PrefSrc(BaseModel):
pref_src: AutoList[IPvAnyAddress]
class Conditional(BaseModel):
condition: Condition = Field(alias="if")
actions: AutoList[Action] = Field(alias="then")
Action = Accept | Reject | PrefSrc | Conditional
Conditional.update_forward_refs()
Rule = Condition | AutoList[Action]
@dataclass
class Context:
ipv4: bool
indent: str
verb: str
def flatten(iterable: Iterable[Iterable[T]]) -> Iterable[T]:
return itertools.chain.from_iterable(iterable)
def indent(iterable, ctx: Context) -> Iterable[str]:
yield from (f"{ctx.indent}{i}" for i in iterable)
def filter_addrs(addrs, ctx: Context):
yield from (a for a in addrs if isinstance(a, IPv4Address) == ctx.ipv4)
def quoted(string: str) -> str:
escaped = string.replace("\\", "\\\\").replace('"', '\\"')
return f'"{escaped}"'
def bird_name(name: str, ipv4: bool) -> str:
return f"{name}{'4' if ipv4 else '6'}"
def str_of_condition(condition: Condition, ctx: bool) -> str:
match condition:
case Proto(protos=[]) | Source(sources=[]) | Or(conditions=[]):
return "false"
case And(conditions=[]):
return "true"
case Not(condition=condition):
return f"!{str_of_condition(condition)}"
case And(conditions=[condition]) | Or(conditions=[condition]):
return str_of_condition(condition, ctx)
case And(conditions=conditions):
return " && ".join(
f"({str_of_condition(c, ctx)})" for c in conditions
)
case Or(conditions=conditions):
return " || ".join(
f"({str_of_condition(c, ctx)})" for c in conditions
)
case Proto(protos=[proto]):
return f"proto = {quoted(bird_name(proto, ctx.ipv4))}"
case Proto(protos=protos):
protos = [quoted(bird_name(p, ctx.ipv4)) for p in protos]
return f"proto ~ [ {', '.join(protos)} ]"
case Source(sources=[source]):
return f"krt_source = {source}"
case Source(sources=sources):
sources = [str(s) for s in sources]
return f"krt_source ~ [ {', '.join(sources)} ]"
def lines_of_action(action: Action, ctx: Context) -> Iterable[str]:
match action:
case "accept" | "reject":
yield f"{action};"
case Conditional(condition=condition, actions=actions):
yield f"if {str_of_condition(condition, ctx)} then {'{'}"
yield from indent(
flatten(lines_of_action(a, ctx) for a in actions), ctx
)
yield "}"
case PrefSrc(pref_src=sources):
source = next(filter_addrs(sources, ctx))
yield f"krt_prefsrc = {source};"
def lines_of_stmt(rule: Rule, ctx: Context) -> Iterable[str]:
match parse_obj_as(Rule, rule):
case ["accept"]:
yield f"{ctx.verb} all;"
case [] | ["reject"]:
yield f"{ctx.verb} none;"
# FIXME
case (Proto() | Source() | And() | Or() | Not()) as condition:
# Conditional(condition=condition, actions=["accept"])
yield f"{ctx.verb} where {str_of_condition(condition, ctx)};"
case _ as actions:
yield f"{ctx.verb} filter {'{'}"
yield from indent(
flatten(lines_of_action(a, ctx) for a in actions), ctx
)
yield "};"
def bird_import(rule: Rule, ipv4: bool, indent: str = " ") -> str:
ctx = Context(verb="import", ipv4=ipv4, indent=indent)
return "\n".join(lines_of_stmt(rule, ctx))
def bird_export(rule: Rule, ipv4: bool, indent: str = " ") -> str:
ctx = Context(verb="export", ipv4=ipv4, indent=indent)
return "\n".join(lines_of_stmt(rule, ctx))
class FilterModule:
def filters(self):
return {
"bird_import": bird_import,
"bird_export": bird_export,
"bird_name": bird_name,
}

9
filter_plugins/net_utils.py
View file

@ -15,6 +15,15 @@ class FilterModule:
} }
def first_addr(addresses, ipv4 = True):
version = ipaddress.IPv4Address if ipv4 else ipaddress.IPv6Address
for addr in addresses:
parsed = ipaddress.ip_address(xx)
if isinstance(parsed, version):
return parsed
raise ValueError("missing address")
def ip_filter(addresses, networks): def ip_filter(addresses, networks):
if isinstance(addresses, dict): if isinstance(addresses, dict):
return {k: ip_filter(v, networks) for k, v in addresses.items()} return {k: ip_filter(v, networks) for k, v in addresses.items()}

323
playbooks/bird.yml
View file

@ -1,147 +1,220 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
- hosts: #- hosts:
- isp-1.back.infra.auro.re # - isp-1.back.infra.auro.re
- isp-2.back.infra.auro.re # - isp-2.back.infra.auro.re
vars: # vars:
bird__router_ids: # bird__router_ids:
isp-1.back.infra.auro.re: 10.203.1.5 # isp-1.back.infra.auro.re: 10.203.1.5
isp-2.back.infra.auro.re: 10.203.1.6 # isp-2.back.infra.auro.re: 10.203.1.6
bird__router_id: "{{ bird__router_ids[inventory_hostname] }}" # bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
bird__radv_interfaces: # bird__radv_interfaces:
client0: # client0:
prefix: # prefix:
- 2a09:6841::/64 # - 2a09:6841::/64
domain_search: # domain_search:
- client0.isp.auro.re # - client0.isp.auro.re
client1: # client1:
prefix: # prefix:
- 2a09:6841:0:1::/64 # - 2a09:6841:0:1::/64
domain_search: # domain_search:
- client1.isp.auro.re # - client1.isp.auro.re
client2: # client2:
prefix: # prefix:
- 2a09:6841:0:2::/64 # - 2a09:6841:0:2::/64
domain_search: # domain_search:
- client2.isp.auro.re # - client2.isp.auro.re
client3: # client3:
prefix: # prefix:
- 2a09:6841:0:3::/64 # - 2a09:6841:0:3::/64
domain_search: # domain_search:
- client3.isp.auro.re # - client3.isp.auro.re
client4: # client4:
prefix: # prefix:
- 2a09:6841:0:400::/64 # - 2a09:6841:0:400::/64
domain_search: # domain_search:
- client4.isp.auro.re # - client4.isp.auro.re
bird__radv_dns_servers: # bird__radv_dns_servers:
- 2a09:6840:128::10:103 # - 2a09:6840:128::10:103
- 2a09:6840:128::10:3 # - 2a09:6840:128::10:3
bird__asn: # bird__asn:
aurore: 43619 # aurore: 43619
bird__bgp_addresses: # bird__bgp_addresses:
isp-1.back.infra.auro.re: # isp-1.back.infra.auro.re:
- 2a09:6840:203::1:5 # - 2a09:6840:203::1:5
- 10.203.1.5 # - 10.203.1.5
isp-2.back.infra.auro.re: # isp-2.back.infra.auro.re:
- 2a09:6840:203::1:6 # - 2a09:6840:203::1:6
- 10.203.1.6 # - 10.203.1.6
bird__bgp_sessions: # bird__bgp_sessions:
edge1: # edge1:
local: # local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}" # address: "{{ bird__bgp_addresses[inventory_hostname] }}"
as: "{{ bird__asn.aurore }}" # as: "{{ bird__asn.aurore }}"
remote: # remote:
address: # address:
- 2a09:6840:203::1:1 # - 2a09:6840:203::1:1
- 10.203.1.1 # - 10.203.1.1
as: "{{ bird__asn.aurore }}" # as: "{{ bird__asn.aurore }}"
import: # import:
- accept: true # - accept: true
export: # export:
- accept: false # - accept: false
edge2: # edge2:
local: # local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}" # address: "{{ bird__bgp_addresses[inventory_hostname] }}"
as: "{{ bird__asn.aurore }}" # as: "{{ bird__asn.aurore }}"
remote: # remote:
address: # address:
- 2a09:6840:203::1:2 # - 2a09:6840:203::1:2
- 10.203.1.2 # - 10.203.1.2
as: "{{ bird__asn.aurore }}" # as: "{{ bird__asn.aurore }}"
import: # import:
- accept: true # - accept: true
export: # export:
- accept: false # - accept: false
bird__ospf_broadcast_interfaces: # bird__ospf_broadcast_interfaces:
back0: null # back0: null
bird__ospf_stub_interfaces: # bird__ospf_stub_interfaces:
- client0 # - client0
- client1 # - client1
- client2 # - client2
- client3 # - client3
- client4 # - client4
roles: # roles:
- bird # - bird
- hosts: - hosts:
- infra-1.back.infra.auro.re - infra-1.back.infra.auro.re
- infra-2.back.infra.auro.re - infra-2.back.infra.auro.re
vars: vars:
bird__router_ids: bird__as:
infra-1.back.infra.auro.re: 10.203.1.3
infra-2.back.infra.auro.re: 10.203.1.4
bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
bird__ospf_broadcast_interfaces:
back0: null
bird__ospf_stub_interfaces:
- monit0
- wifi0
- int0
- pub0
- bmc0
- pve0
- isp0
- mgmt0
bird__asn:
aurore: 43619 aurore: 43619
bird__bgp_addresses: bird__router_ids:
infra-1.back.infra.auro.re: infra-1: 10.203.1.3
infra-2: 10.203.1.4
bird__pref_src_addrs:
infra-1:
- 2a09:6840:203::1:3 - 2a09:6840:203::1:3
- 10.203.1.3 - 45.66.111.210
infra-2.back.infra.auro.re: infra-2:
- 2a09:6840:203::1:4 - 2a09:6840:203::1:4
- 10.203.1.4 - 45.66.111.211
bird__bgp_sessions: bird__bgp_addrs:
infra-1:
back:
- 2a09:6840:203::1:3
- 10.203.1.3
infra-2:
back:
- 2a09:6840:203::1:4
- 10.203.1.4
bird__router_id: "{{ bird__router_ids[inventory_hostname_short] }}"
bird__kernel:
kernel:
learn: true
import: accept
export: accept
bird__ospf:
limits:
import: 4000
export: 4000
import: accept
export:
protos: kernel
areas:
0:
broadcast:
- back0
stub:
- monit0
- wifi0
- int0
- sw0
- bmc0
- pve0
- isp0
- ext0
- ups0
1:
broadcast:
- vpn0
bird__bgp:
edge1: edge1:
local: local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}" address: "{{ bird__bgp_addrs[inventory_hostname_short].back }}"
as: "{{ bird__asn.aurore }}" as: "{{ bird__as.aurore }}"
remote: neighbor:
address: address:
- 2a09:6840:203::1:1 - 2a09:6840:203::1:1
- 10.203.1.1 - 10.203.1.1
as: "{{ bird__asn.aurore }}" as: "{{ bird__as.aurore }}"
import: import:
- accept: true - pref_src: "{{ bird__pref_src_addrs[inventory_hostname_short] }}"
export: - accept
- accept: false export: reject
edge2:
local:
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
as: "{{ bird__asn.aurore }}"
remote:
address:
- 2a09:6840:203::1:2
- 10.203.1.2
as: "{{ bird__asn.aurore }}"
import:
- accept: true
export:
- accept: false
roles: roles:
- bird - bird
#- hosts:
# - infra-1.back.infra.auro.re
# - infra-2.back.infra.auro.re
# vars:
# bird__router_ids:
# infra-1.back.infra.auro.re: 10.203.1.3
# infra-2.back.infra.auro.re: 10.203.1.4
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
# bird__ospf_broadcast_interfaces:
# back0: null
# bird__ospf_stub_interfaces:
# - monit0
# - wifi0
# - int0
# - pub0
# - bmc0
# - pve0
# - isp0
# - mgmt0
# bird__asn:
# aurore: 43619
# bird__bgp_addresses:
# infra-1.back.infra.auro.re:
# - 2a09:6840:203::1:3
# - 10.203.1.3
# infra-2.back.infra.auro.re:
# - 2a09:6840:203::1:4
# - 10.203.1.4
# bird__bgp_sessions:
# edge1:
# local:
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6840:203::1:1
# - 10.203.1.1
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - accept: false
# edge2:
# local:
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
## address:
# - 2a09:6840:203::1:2
# - 10.203.1.2
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - accept: false
# roles:
# - bird
- hosts: - hosts:
- edge-1.back.infra.auro.re - edge-1.back.infra.auro.re
- edge-2.back.infra.auro.re - edge-2.back.infra.auro.re

11
playbooks/firewall.yml
View file

@ -12,7 +12,11 @@
addrs: addrs:
- 2a09:6840:201::/64 - 2a09:6840:201::/64
- 10.201.0.0/16 - 10.201.0.0/16
back: edge:
addrs:
- 2a09:6840:202::/64
- 10.202.0.0/16
core:
addrs: addrs:
- 2a09:6840:203::/64 - 2a09:6840:203::/64
- 10.203.0.0/16 - 10.203.0.0/16
@ -61,7 +65,8 @@
zones: zones:
- adm-legacy - adm-legacy
- ups - ups
- back - core
- edge
- monit - monit
- wifi - wifi
- int - int
@ -107,7 +112,7 @@
dport: 5121 dport: 5121
verdict: accept verdict: accept
firewall__nat: firewall__nat:
- src: infra - src: 10.0.0.0/8
dst: internet dst: internet
protocols: null protocols: null
snat: snat:

6
playbooks/ifupdown2.yml
View file

@ -147,14 +147,10 @@
- 2a09:6840:211::1:2/64 - 2a09:6840:211::1:2/64
- 10.211.1.2/16 - 10.211.1.2/16
infra-1.back.infra.auro.re: infra-1.back.infra.auro.re:
adm0:
addresses:
- 2a09:6840:128::10:4/64
- 10.128.10.4/16
gateways: "{{ ifupdown2__gateways.adm }}"
back0: back0:
addresses: addresses:
- 2a09:6840:203::1:3/64 - 2a09:6840:203::1:3/64
- 45.66.111.210/32
- 10.203.1.3/16 - 10.203.1.3/16
ups0: ups0:
ipv6_addrgen: false ipv6_addrgen: false

4
playbooks/knotd.yml
View file

@ -373,8 +373,8 @@
- 10.128.10.111 - 10.128.10.111
- 2a09:6840:128::10:111 - 2a09:6840:128::10:111
infra-1.back: infra-1.back:
- 10.128.10.4 - 2a09:6840:203::1:3
- 2a09:6840:128::10:4 - 10.203.1.3
infra-2.back: infra-2.back:
- 10.128.10.104 - 10.128.10.104
- 2a09:6840:128::10:104 - 2a09:6840:128::10:104

244
playbooks/systemd_link.yml
View file

@ -25,194 +25,110 @@
vars: vars:
systemd_link__hosts: systemd_link__hosts:
edge-1.back.infra.auro.re: edge-1.back.infra.auro.re:
adm0: adm0: 02:00:00:9E:3E:21
mac: 02:00:00:9E:3E:21 crans0: 02:00:00:A2:7C:68
crans0: zayo0: 02:00:00:35:89:82
mac: 02:00:00:A2:7C:68 rezel0: 02:00:00:8F:4A:AD
zayo0: back0: 02:00:00:1C:3A:2E
mac: 02:00:00:35:89:82 viarezo0: 02:00:00:ED:70:64
rezel0: router0: 02:00:00:5A:17:7C
mac: 02:00:00:8F:4A:AD oti0: 02:00:00:05:0E:A6
back0:
mac: 02:00:00:1C:3A:2E
viarezo0:
mac: 02:00:00:ED:70:64
router0:
mac: 02:00:00:5A:17:7C
oti0:
mac: 02:00:00:05:0E:A6
edge-2.back.infra.auro.re: edge-2.back.infra.auro.re:
adm0: adm0: 04:00:00:F5:69:B9
mac: 04:00:00:F5:69:B9 crans0: 04:00:00:CF:E1:D0
crans0: zayo0: 04:00:00:67:7B:12
mac: 04:00:00:CF:E1:D0 rezel0: 04:00:00:C6:05:B7
zayo0: back0: 04:00:00:DE:22:E6
mac: 04:00:00:67:7B:12 viarezo0: 04:00:00:45:FA:E6
rezel0: router0: 04:00:00:AD:D7:71
mac: 04:00:00:C6:05:B7
back0:
mac: 04:00:00:DE:22:E6
viarezo0:
mac: 04:00:00:45:FA:E6
router0:
mac: 04:00:00:AD:D7:71
ssh-1.mgmt.infra.auro.re: ssh-1.mgmt.infra.auro.re:
adm0: adm0: 02:00:00:a3:49:20
mac: 02:00:00:a3:49:20 pub0: 02:00:00:27:ea:9d
pub0: mgmt0: 02:00:00:0f:ac:75
mac: 02:00:00:27:ea:9d
mgmt0:
mac: 02:00:00:0f:ac:75
vpn-1.back.infra.auro.re: vpn-1.back.infra.auro.re:
adm0: adm0: 02:00:00:3b:74:20
mac: 02:00:00:3b:74:20 vpn0: 02:00:00:b5:ca:c7
vpn0: pub0: 02:00:00:e3:65:49
mac: 02:00:00:b5:ca:c7
pub0:
mac: 02:00:00:e3:65:49
ssh-2.mgmt.infra.auro.re: ssh-2.mgmt.infra.auro.re:
adm0: adm0: 04:00:00:98:c2:10
mac: 04:00:00:98:c2:10 pub0: 04:00:00:65:cc:52
pub0: mgmt0: 04:00:00:3c:67:08
mac: 04:00:00:65:cc:52
mgmt0:
mac: 04:00:00:3c:67:08
dns-1.int.infra.auro.re: dns-1.int.infra.auro.re:
adm0: adm0: 02:00:00:6c:4b:89
mac: 02:00:00:6c:4b:89 int0: 02:00:00:9f:d9:f9
int0:
mac: 02:00:00:9f:d9:f9
dns-2.int.infra.auro.re: dns-2.int.infra.auro.re:
adm0: adm0: 04:00:00:2a:6e:be
mac: 04:00:00:2a:6e:be int0: 04:00:00:3c:c0:5a
int0:
mac: 04:00:00:3c:c0:5a
infra-1.back.infra.auro.re: infra-1.back.infra.auro.re:
adm0: adm0: 02:00:00:f0:8a:dd
mac: 02:00:00:f0:8a:dd ups0: 02:00:00:fe:6f:0e
ups0: back0: 02:00:00:f8:93:22
mac: 02:00:00:fe:6f:0e monit0: 02:00:00:da:97:7f
back0: wifi0: 02:00:00:8c:c5:bf
mac: 02:00:00:f8:93:22 int0: 02:00:00:75:40:3e
monit0: sw0: 02:00:00:ca:e8:d1
mac: 02:00:00:da:97:7f bmc0: 02:00:00:47:d1:b9
wifi0: pve0: 02:00:00:b3:35:e7
mac: 02:00:00:8c:c5:bf isp0: 02:00:00:6b:53:14
int0: ext0: 02:00:00:32:86:60
mac: 02:00:00:75:40:3e vpn0: 02:00:00:52:5f:85
pub0:
enabled: false
sw0:
mac: 02:00:00:ca:e8:d1
bmc0:
mac: 02:00:00:47:d1:b9
pve0:
mac: 02:00:00:b3:35:e7
isp0:
mac: 02:00:00:6b:53:14
mgmt0:
enabled: false
ext0:
mac: 02:00:00:32:86:60
vpn0:
mac: 02:00:00:52:5f:85
infra-2.back.infra.auro.re: infra-2.back.infra.auro.re:
adm0: adm0: 04:00:00:d3:03:53
mac: 04:00:00:d3:03:53 ups0: 04:00:00:6d:97:83
ups0: back0: 04:00:00:46:ba:f9
mac: 04:00:00:6d:97:83 monit0: 04:00:00:72:0b:2d
back0: wifi0: 04:00:00:ee:42:0f
mac: 04:00:00:46:ba:f9 int0: 04:00:00:21:fd:d0
monit0:
mac: 04:00:00:72:0b:2d
wifi0:
mac: 04:00:00:ee:42:0f
int0:
mac: 04:00:00:21:fd:d0
pub0: pub0:
enabled: false enabled: false
sw0: sw0: 04:00:00:2e:5b:16
mac: 04:00:00:2e:5b:16 bmc0: 04:00:00:bb:5a:a6
bmc0: pve0: 04:00:00:0b:2b:82
mac: 04:00:00:bb:5a:a6 isp0: 04:00:00:f4:4c:5d
pve0:
mac: 04:00:00:0b:2b:82
isp0:
mac: 04:00:00:f4:4c:5d
mgmt0: mgmt0:
enabled: false enabled: false
ext0: ext0: 04:00:00:1d:0e:83
mac: 04:00:00:1d:0e:83 vpn0: 04:00:00:02:ba:dd
vpn0:
mac: 04:00:00:02:ba:dd
isp-1.back.infra.auro.re: isp-1.back.infra.auro.re:
adm0: adm0: 02:00:00:D8:37:45
mac: 02:00:00:D8:37:45 back0: 02:00:00:BF:10:4C
back0: trunk0: 02:00:00:E9:BA:15
mac: 02:00:00:BF:10:4C
trunk0:
mac: 02:00:00:E9:BA:15
isp-2.back.infra.auro.re: isp-2.back.infra.auro.re:
adm0: adm0: 04:00:00:85:C3:5D
mac: 04:00:00:85:C3:5D back0: 04:00:00:FE:2D:67
back0: trunk0: 04:00:00:D8:F5:4D
mac: 04:00:00:FE:2D:67
trunk0:
mac: 04:00:00:D8:F5:4D
dhcp-1.isp.infra.auro.re: dhcp-1.isp.infra.auro.re:
adm0: adm0: 02:00:00:17:61:5b
mac: 02:00:00:17:61:5b isp0: 02:00:00:c6:3f:6f
isp0: trunk0: 02:00:00:b1:8d:d6
mac: 02:00:00:c6:3f:6f
trunk0:
mac: 02:00:00:b1:8d:d6
dhcp-2.isp.infra.auro.re: dhcp-2.isp.infra.auro.re:
adm0: adm0: 04:00:00:0c:f1:42
mac: 04:00:00:0c:f1:42 isp0: 04:00:00:8c:d1:36
isp0: trunk0: 04:00:00:33:2c:3c
mac: 04:00:00:8c:d1:36
trunk0:
mac: 04:00:00:33:2c:3c
radius-1.isp.infra.auro.re: radius-1.isp.infra.auro.re:
adm0: adm0: 02:00:00:4f:35:12
mac: 02:00:00:4f:35:12 isp0: 02:00:00:6a:3e:f4
isp0:
mac: 02:00:00:6a:3e:f4
radius-2.isp.infra.auro.re: radius-2.isp.infra.auro.re:
adm0: adm0: 04:00:00:96:54:a6
mac: 04:00:00:96:54:a6 isp0: 04:00:00:29:6d:c9
isp0:
mac: 04:00:00:29:6d:c9
ldap-1.int.infra.auro.re: ldap-1.int.infra.auro.re:
adm0: adm0: 02:00:00:38:c2:52
mac: 02:00:00:38:c2:52 int0: 02:00:00:fe:a8:54
int0:
mac: 02:00:00:fe:a8:54
ldap-2.int.infra.auro.re: ldap-2.int.infra.auro.re:
adm0: adm0: 04:00:00:f7:1c:47
mac: 04:00:00:f7:1c:47 int0: 04:00:00:e4:83:d2
int0:
mac: 04:00:00:e4:83:d2
ntp-1.int.infra.auro.re: ntp-1.int.infra.auro.re:
adm0: adm0: 02:00:00:e0:26:2e
mac: 02:00:00:e0:26:2e int0: 02:00:00:74:71:83
int0:
mac: 02:00:00:74:71:83
ntp-2.int.infra.auro.re: ntp-2.int.infra.auro.re:
adm0: adm0: 04:00:00:08:83:2b
mac: 04:00:00:08:83:2b int0: 04:00:00:31:be:50
int0:
mac: 04:00:00:31:be:50
prometheus-1.monit.infra.auro.re: prometheus-1.monit.infra.auro.re:
adm0: adm0: 02:00:00:66:33:9d
mac: 02:00:00:66:33:9d monit0: 02:00:00:a8:6b:51
monit0:
mac: 02:00:00:a8:6b:51
prometheus-2.monit.infra.auro.re: prometheus-2.monit.infra.auro.re:
adm0: adm0: 04:00:00:3d:c6:a1
mac: 04:00:00:3d:c6:a1 monit0: 04:00:00:a6:93:5a
monit0:
mac: 04:00:00:a6:93:5a
systemd_link__links: "{{ systemd_link__hosts[inventory_hostname] }}" systemd_link__links: "{{ systemd_link__hosts[inventory_hostname] }}"
roles: roles:
- systemd_link - systemd_link

181
roles/bird/templates/bird.conf.j2
View file

@ -8,26 +8,111 @@ protocol device {
scan time 10; scan time 10;
} }
protocol direct { {% for name, kernel in bird__kernel.items() %}
ipv4; {% for version in ["ipv4", "ipv6"] %}
ipv6; {% set ipv4 = version == "ipv4" %}
} protocol kernel {{ name | bird_name(ipv4) }} {
{% if kernel.kernel is defined %}
protocol kernel kernel4 { kernel table {{ kernel.kernel }};
ipv4 { {% endif %}
import all; {% if kernel.learn | default(False) %}
export where source !~ [ RTS_DEVICE, RTS_STATIC ]; learn;
{% endif %}
{% if kernel.persist | default(False) %}
persist;
{% endif %}
{{ version }} {
{{ kernel.import
| default([])
| bird_import(ipv4)
| indent(8) }}
{% if kernel.limits.import is defined %}
import limit {{ kernel.limits.import }};
{% endif %}
{{ kernel.export
| default([])
| bird_export(ipv4)
| indent(8) }}
{% if kernel.limits.export is defined %}
export limit {{ kernel.limits.export }};
{% endif %}
}; };
} }
{% endfor %}
{% endfor %}
protocol kernel kernel6 { {% if bird__ospf is defined %}
ipv6 { {% for version in ["ipv4", "ipv6"] %}
import all; {% set ipv4 = version == "ipv4" %}
export where source !~ [ RTS_DEVICE, RTS_STATIC ]; {% set ospf_version = "v2" if ipv4 else "v3" %}
protocol ospf {{ ospf_version }} {{ "ospf" | bird_name(ipv4) }} {
{{ version }} {
{{ bird__ospf.import
| default([])
| bird_import(ipv4)
| indent(8) }}
{% if bird__ospf.limits.import is defined %}
import limit {{ bird__ospf.limits.import }};
{% endif %}
{{ bird__ospf.export
| default([])
| bird_export(ipv4)
| indent(8) }}
{% if bird__ospf.limits.export is defined %}
export limit {{ bird__ospf.limits.export }};
{% endif %}
};
{% for id, area in bird__ospf.areas.items() %}
area {{ id }} {
{% for iface in area.broadcast | default([]) %}
interface {{ iface | enquote }} {
type broadcast;
hello 2;
retransmit 5;
wait 10;
dead 20;
};
{% endfor %}
{% for iface in area.stub | default([]) %}
interface {{ iface | enquote }} { stub; };
{% endfor %}
};
{% endfor %}
}
{% endfor %}
{% endif %}
{% for name, bgp in bird__bgp.items() %}
{% for version in ["ipv4", "ipv6"] %}
{% set ipv4 = version == "ipv4" %}
protocol bgp {{ name | bird_name(ipv4) }} {
local {{ bgp.local.address
| ansible.utils.ipaddr(version)
| first }} as {{ bgp.local.as }};
neighbor {{ bgp.neighbor.address
| ansible.utils.ipaddr(version)
| first }} as {{ bgp.neighbor.as }};
{{ version }} {
{{ bgp.import
| default([])
| bird_import(ipv4)
| indent(8) }}
{% if bgp.limits.import is defined %}
import limit {{ bgp.limits.import }};
{% endif %}
{{ bgp.export
| default([])
| bird_export(ipv4)
| indent(8) }}
{% if bgp.limits.export is defined %}
export limit {{ bgp.limits.export }};
{% endif %}
}; };
} }
{% endfor %}
{% endfor %}
{% if bird__static_unreachable | ansible.utils.ipv4 %} {# {% if bird__static_unreachable | ansible.utils.ipv4 %}
protocol static unreachable4 { protocol static unreachable4 {
ipv4 { ipv4 {
import all; import all;
@ -47,70 +132,9 @@ protocol static unreachable6 {
route {{ route }} unreachable; route {{ route }} unreachable;
{% endfor %} {% endfor %}
} }
{% endif %} {% endif %} #}
{% if bird__ospf_broadcast_interfaces %} {# {% macro bird_filter(filter, last) %}
protocol ospf v2 ospf4 {
ipv4 {
import all;
export where source ~ [ RTS_STATIC, RTS_DEVICE ];
};
area 0 {
{% for network in bird__ospf_stub_networks | ansible.utils.ipv4 %}
stubnet {{ network }};
{% endfor %}
{% for name, iface in bird__ospf_broadcast_interfaces.items() %}
interface {{ name | enquote }} {
type broadcast;
hello {{ iface.hello | default(bird__ospf_hello) | int }};
retransmit {{ iface.retransmit
| default(bird__ospf_retransmit)
| int }};
wait {{ iface.wait | default(bird__ospf_wait) | int }};
dead {{ iface.dead | default(bird__ospf_dead) | int }};
};
{% endfor %}
{% for name in bird__ospf_stub_interfaces %}
interface {{ name | enquote }} {
stub;
};
{% endfor %}
};
}
{% endif %}
{% if bird__ospf_broadcast_interfaces %}
protocol ospf v3 ospf6 {
ipv6 {
import all;
export where source ~ [ RTS_STATIC, RTS_DEVICE ];
};
area 0 {
{% for network in bird__ospf_stub_networks | ansible.utils.ipv6 %}
stubnet {{ network }};
{% endfor %}
{% for name, iface in bird__ospf_broadcast_interfaces.items() %}
interface {{ name | enquote }} {
type broadcast;
hello {{ iface.hello | default(bird__ospf_hello) | int }};
retransmit {{ iface.retransmit
| default(bird__ospf_retransmit)
| int }};
wait {{ iface.wait | default(bird__ospf_wait) | int }};
dead {{ iface.dead | default(bird__ospf_dead) | int }};
};
{% endfor %}
{% for name in bird__ospf_stub_interfaces %}
interface {{ name | enquote }} {
stub;
};
{% endfor %}
};
}
{% endif %}
{% macro bird_filter(filter, last) %}
{% if filter.as_prepend is defined %} {% if filter.as_prepend is defined %}
{% for _ in range(filter.as_prepend.size) %} {% for _ in range(filter.as_prepend.size) %}
bgp_path.prepend({{ filter.as_prepend.asn }}); bgp_path.prepend({{ filter.as_prepend.asn }});
@ -124,7 +148,6 @@ bgp_local_pref = {{ filter.local_pref }};
{% endif %} {% endif %}
{% endmacro %} {% endmacro %}
{# FIXME: massive cleanup required #}
{% for name, session in bird__bgp_sessions.items() %} {% for name, session in bird__bgp_sessions.items() %}
{% for version in [4, 6] %} {% for version in [4, 6] %}
{% for direction in ["import", "export"] %} {% for direction in ["import", "export"] %}
@ -208,4 +231,4 @@ protocol radv {
rdnss {{ address | ipaddr }}; rdnss {{ address | ipaddr }};
{% endfor %} {% endfor %}
} }
{% endif %} {% endif %} #}

2
roles/systemd_link/templates/link.j2
View file

@ -1,7 +1,7 @@
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
[Match] [Match]
MACAddress={{ item.value.mac }} MACAddress={{ item.value.mac | default(item.value) }}
[Link] [Link]
Name={{ item.key }} Name={{ item.key }}