wip: misc: setup infra-1
This commit is contained in:
parent
e87de918db
commit
078d9a3de9
9 changed files with 600 additions and 379 deletions
199
filter_plugins/bird.py
Normal file
199
filter_plugins/bird.py
Normal file
|
@ -0,0 +1,199 @@
|
|||
from __future__ import annotations
|
||||
|
||||
import itertools
|
||||
from dataclasses import dataclass
|
||||
from ipaddress import IPv4Address
|
||||
from typing import Any, Generic, Iterator, Literal, TypeVar
|
||||
|
||||
from pydantic import (
|
||||
BaseModel,
|
||||
Field,
|
||||
IPvAnyAddress,
|
||||
ValidationError,
|
||||
parse_obj_as,
|
||||
)
|
||||
|
||||
T = TypeVar("T")
|
||||
|
||||
|
||||
class AutoList(list[T], Generic[T]):
|
||||
@classmethod
|
||||
def __get_validators__(cls):
|
||||
yield cls.__validator__
|
||||
|
||||
@classmethod
|
||||
def __validator__(cls, value):
|
||||
try:
|
||||
return parse_obj_as(list[T], value)
|
||||
except ValidationError:
|
||||
return [parse_obj_as(T, value)]
|
||||
|
||||
|
||||
class Proto(BaseModel):
|
||||
protos: AutoList[str]
|
||||
|
||||
|
||||
class Source(BaseModel):
|
||||
sources: AutoList[int]
|
||||
|
||||
|
||||
class And(BaseModel):
|
||||
conditions: AutoList[Condition] = Field(alias="and")
|
||||
|
||||
|
||||
class Or(BaseModel):
|
||||
conditions: AutoList[Condition] = Field(alias="or")
|
||||
|
||||
|
||||
class Not(BaseModel):
|
||||
condition: Condition = Field(alias="not")
|
||||
|
||||
|
||||
Condition = Proto | Source | And | Or | Not
|
||||
|
||||
And.update_forward_refs()
|
||||
Or.update_forward_refs()
|
||||
Not.update_forward_refs()
|
||||
|
||||
|
||||
Accept = Literal["accept"]
|
||||
|
||||
Reject = Literal["reject"]
|
||||
|
||||
|
||||
class PrefSrc(BaseModel):
|
||||
pref_src: AutoList[IPvAnyAddress]
|
||||
|
||||
|
||||
class Conditional(BaseModel):
|
||||
condition: Condition = Field(alias="if")
|
||||
actions: AutoList[Action] = Field(alias="then")
|
||||
|
||||
|
||||
Action = Accept | Reject | PrefSrc | Conditional
|
||||
|
||||
Conditional.update_forward_refs()
|
||||
|
||||
|
||||
Rule = Condition | AutoList[Action]
|
||||
|
||||
|
||||
@dataclass
|
||||
class Context:
|
||||
ipv4: bool
|
||||
indent: str
|
||||
verb: str
|
||||
|
||||
|
||||
def flatten(iterable: Iterable[Iterable[T]]) -> Iterable[T]:
|
||||
return itertools.chain.from_iterable(iterable)
|
||||
|
||||
|
||||
def indent(iterable, ctx: Context) -> Iterable[str]:
|
||||
yield from (f"{ctx.indent}{i}" for i in iterable)
|
||||
|
||||
|
||||
def filter_addrs(addrs, ctx: Context):
|
||||
yield from (a for a in addrs if isinstance(a, IPv4Address) == ctx.ipv4)
|
||||
|
||||
|
||||
def quoted(string: str) -> str:
|
||||
escaped = string.replace("\\", "\\\\").replace('"', '\\"')
|
||||
return f'"{escaped}"'
|
||||
|
||||
|
||||
def bird_name(name: str, ipv4: bool) -> str:
|
||||
return f"{name}{'4' if ipv4 else '6'}"
|
||||
|
||||
|
||||
def str_of_condition(condition: Condition, ctx: bool) -> str:
|
||||
match condition:
|
||||
case Proto(protos=[]) | Source(sources=[]) | Or(conditions=[]):
|
||||
return "false"
|
||||
|
||||
case And(conditions=[]):
|
||||
return "true"
|
||||
|
||||
case Not(condition=condition):
|
||||
return f"!{str_of_condition(condition)}"
|
||||
|
||||
case And(conditions=[condition]) | Or(conditions=[condition]):
|
||||
return str_of_condition(condition, ctx)
|
||||
|
||||
case And(conditions=conditions):
|
||||
return " && ".join(
|
||||
f"({str_of_condition(c, ctx)})" for c in conditions
|
||||
)
|
||||
|
||||
case Or(conditions=conditions):
|
||||
return " || ".join(
|
||||
f"({str_of_condition(c, ctx)})" for c in conditions
|
||||
)
|
||||
|
||||
case Proto(protos=[proto]):
|
||||
return f"proto = {quoted(bird_name(proto, ctx.ipv4))}"
|
||||
|
||||
case Proto(protos=protos):
|
||||
protos = [quoted(bird_name(p, ctx.ipv4)) for p in protos]
|
||||
return f"proto ~ [ {', '.join(protos)} ]"
|
||||
|
||||
case Source(sources=[source]):
|
||||
return f"krt_source = {source}"
|
||||
|
||||
case Source(sources=sources):
|
||||
sources = [str(s) for s in sources]
|
||||
return f"krt_source ~ [ {', '.join(sources)} ]"
|
||||
|
||||
|
||||
def lines_of_action(action: Action, ctx: Context) -> Iterable[str]:
|
||||
match action:
|
||||
case "accept" | "reject":
|
||||
yield f"{action};"
|
||||
|
||||
case Conditional(condition=condition, actions=actions):
|
||||
yield f"if {str_of_condition(condition, ctx)} then {'{'}"
|
||||
yield from indent(
|
||||
flatten(lines_of_action(a, ctx) for a in actions), ctx
|
||||
)
|
||||
yield "}"
|
||||
|
||||
case PrefSrc(pref_src=sources):
|
||||
source = next(filter_addrs(sources, ctx))
|
||||
yield f"krt_prefsrc = {source};"
|
||||
|
||||
|
||||
def lines_of_stmt(rule: Rule, ctx: Context) -> Iterable[str]:
|
||||
match parse_obj_as(Rule, rule):
|
||||
case ["accept"]:
|
||||
yield f"{ctx.verb} all;"
|
||||
case [] | ["reject"]:
|
||||
yield f"{ctx.verb} none;"
|
||||
# FIXME
|
||||
case (Proto() | Source() | And() | Or() | Not()) as condition:
|
||||
# Conditional(condition=condition, actions=["accept"])
|
||||
yield f"{ctx.verb} where {str_of_condition(condition, ctx)};"
|
||||
case _ as actions:
|
||||
yield f"{ctx.verb} filter {'{'}"
|
||||
yield from indent(
|
||||
flatten(lines_of_action(a, ctx) for a in actions), ctx
|
||||
)
|
||||
yield "};"
|
||||
|
||||
|
||||
def bird_import(rule: Rule, ipv4: bool, indent: str = " ") -> str:
|
||||
ctx = Context(verb="import", ipv4=ipv4, indent=indent)
|
||||
return "\n".join(lines_of_stmt(rule, ctx))
|
||||
|
||||
|
||||
def bird_export(rule: Rule, ipv4: bool, indent: str = " ") -> str:
|
||||
ctx = Context(verb="export", ipv4=ipv4, indent=indent)
|
||||
return "\n".join(lines_of_stmt(rule, ctx))
|
||||
|
||||
|
||||
class FilterModule:
|
||||
def filters(self):
|
||||
return {
|
||||
"bird_import": bird_import,
|
||||
"bird_export": bird_export,
|
||||
"bird_name": bird_name,
|
||||
}
|
|
@ -15,6 +15,15 @@ class FilterModule:
|
|||
}
|
||||
|
||||
|
||||
def first_addr(addresses, ipv4 = True):
|
||||
version = ipaddress.IPv4Address if ipv4 else ipaddress.IPv6Address
|
||||
for addr in addresses:
|
||||
parsed = ipaddress.ip_address(xx)
|
||||
if isinstance(parsed, version):
|
||||
return parsed
|
||||
raise ValueError("missing address")
|
||||
|
||||
|
||||
def ip_filter(addresses, networks):
|
||||
if isinstance(addresses, dict):
|
||||
return {k: ip_filter(v, networks) for k, v in addresses.items()}
|
||||
|
|
|
@ -1,147 +1,220 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- isp-1.back.infra.auro.re
|
||||
- isp-2.back.infra.auro.re
|
||||
vars:
|
||||
bird__router_ids:
|
||||
isp-1.back.infra.auro.re: 10.203.1.5
|
||||
isp-2.back.infra.auro.re: 10.203.1.6
|
||||
bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||
bird__radv_interfaces:
|
||||
client0:
|
||||
prefix:
|
||||
- 2a09:6841::/64
|
||||
domain_search:
|
||||
- client0.isp.auro.re
|
||||
client1:
|
||||
prefix:
|
||||
- 2a09:6841:0:1::/64
|
||||
domain_search:
|
||||
- client1.isp.auro.re
|
||||
client2:
|
||||
prefix:
|
||||
- 2a09:6841:0:2::/64
|
||||
domain_search:
|
||||
- client2.isp.auro.re
|
||||
client3:
|
||||
prefix:
|
||||
- 2a09:6841:0:3::/64
|
||||
domain_search:
|
||||
- client3.isp.auro.re
|
||||
client4:
|
||||
prefix:
|
||||
- 2a09:6841:0:400::/64
|
||||
domain_search:
|
||||
- client4.isp.auro.re
|
||||
bird__radv_dns_servers:
|
||||
- 2a09:6840:128::10:103
|
||||
- 2a09:6840:128::10:3
|
||||
bird__asn:
|
||||
aurore: 43619
|
||||
bird__bgp_addresses:
|
||||
isp-1.back.infra.auro.re:
|
||||
- 2a09:6840:203::1:5
|
||||
- 10.203.1.5
|
||||
isp-2.back.infra.auro.re:
|
||||
- 2a09:6840:203::1:6
|
||||
- 10.203.1.6
|
||||
bird__bgp_sessions:
|
||||
edge1:
|
||||
local:
|
||||
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
as: "{{ bird__asn.aurore }}"
|
||||
remote:
|
||||
address:
|
||||
- 2a09:6840:203::1:1
|
||||
- 10.203.1.1
|
||||
as: "{{ bird__asn.aurore }}"
|
||||
import:
|
||||
- accept: true
|
||||
export:
|
||||
- accept: false
|
||||
edge2:
|
||||
local:
|
||||
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
as: "{{ bird__asn.aurore }}"
|
||||
remote:
|
||||
address:
|
||||
- 2a09:6840:203::1:2
|
||||
- 10.203.1.2
|
||||
as: "{{ bird__asn.aurore }}"
|
||||
import:
|
||||
- accept: true
|
||||
export:
|
||||
- accept: false
|
||||
bird__ospf_broadcast_interfaces:
|
||||
back0: null
|
||||
bird__ospf_stub_interfaces:
|
||||
- client0
|
||||
- client1
|
||||
- client2
|
||||
- client3
|
||||
- client4
|
||||
roles:
|
||||
- bird
|
||||
#- hosts:
|
||||
# - isp-1.back.infra.auro.re
|
||||
# - isp-2.back.infra.auro.re
|
||||
# vars:
|
||||
# bird__router_ids:
|
||||
# isp-1.back.infra.auro.re: 10.203.1.5
|
||||
# isp-2.back.infra.auro.re: 10.203.1.6
|
||||
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||
# bird__radv_interfaces:
|
||||
# client0:
|
||||
# prefix:
|
||||
# - 2a09:6841::/64
|
||||
# domain_search:
|
||||
# - client0.isp.auro.re
|
||||
# client1:
|
||||
# prefix:
|
||||
# - 2a09:6841:0:1::/64
|
||||
# domain_search:
|
||||
# - client1.isp.auro.re
|
||||
# client2:
|
||||
# prefix:
|
||||
# - 2a09:6841:0:2::/64
|
||||
# domain_search:
|
||||
# - client2.isp.auro.re
|
||||
# client3:
|
||||
# prefix:
|
||||
# - 2a09:6841:0:3::/64
|
||||
# domain_search:
|
||||
# - client3.isp.auro.re
|
||||
# client4:
|
||||
# prefix:
|
||||
# - 2a09:6841:0:400::/64
|
||||
# domain_search:
|
||||
# - client4.isp.auro.re
|
||||
# bird__radv_dns_servers:
|
||||
# - 2a09:6840:128::10:103
|
||||
# - 2a09:6840:128::10:3
|
||||
# bird__asn:
|
||||
# aurore: 43619
|
||||
# bird__bgp_addresses:
|
||||
# isp-1.back.infra.auro.re:
|
||||
# - 2a09:6840:203::1:5
|
||||
# - 10.203.1.5
|
||||
# isp-2.back.infra.auro.re:
|
||||
# - 2a09:6840:203::1:6
|
||||
# - 10.203.1.6
|
||||
# bird__bgp_sessions:
|
||||
# edge1:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6840:203::1:1
|
||||
# - 10.203.1.1
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: true
|
||||
# export:
|
||||
# - accept: false
|
||||
# edge2:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6840:203::1:2
|
||||
# - 10.203.1.2
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: true
|
||||
# export:
|
||||
# - accept: false
|
||||
# bird__ospf_broadcast_interfaces:
|
||||
# back0: null
|
||||
# bird__ospf_stub_interfaces:
|
||||
# - client0
|
||||
# - client1
|
||||
# - client2
|
||||
# - client3
|
||||
# - client4
|
||||
# roles:
|
||||
# - bird
|
||||
|
||||
|
||||
- hosts:
|
||||
- infra-1.back.infra.auro.re
|
||||
- infra-2.back.infra.auro.re
|
||||
vars:
|
||||
bird__as:
|
||||
aurore: 43619
|
||||
bird__router_ids:
|
||||
infra-1.back.infra.auro.re: 10.203.1.3
|
||||
infra-2.back.infra.auro.re: 10.203.1.4
|
||||
bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||
bird__ospf_broadcast_interfaces:
|
||||
back0: null
|
||||
bird__ospf_stub_interfaces:
|
||||
infra-1: 10.203.1.3
|
||||
infra-2: 10.203.1.4
|
||||
bird__pref_src_addrs:
|
||||
infra-1:
|
||||
- 2a09:6840:203::1:3
|
||||
- 45.66.111.210
|
||||
infra-2:
|
||||
- 2a09:6840:203::1:4
|
||||
- 45.66.111.211
|
||||
bird__bgp_addrs:
|
||||
infra-1:
|
||||
back:
|
||||
- 2a09:6840:203::1:3
|
||||
- 10.203.1.3
|
||||
infra-2:
|
||||
back:
|
||||
- 2a09:6840:203::1:4
|
||||
- 10.203.1.4
|
||||
bird__router_id: "{{ bird__router_ids[inventory_hostname_short] }}"
|
||||
bird__kernel:
|
||||
kernel:
|
||||
learn: true
|
||||
import: accept
|
||||
export: accept
|
||||
bird__ospf:
|
||||
limits:
|
||||
import: 4000
|
||||
export: 4000
|
||||
import: accept
|
||||
export:
|
||||
protos: kernel
|
||||
areas:
|
||||
0:
|
||||
broadcast:
|
||||
- back0
|
||||
stub:
|
||||
- monit0
|
||||
- wifi0
|
||||
- int0
|
||||
- pub0
|
||||
- sw0
|
||||
- bmc0
|
||||
- pve0
|
||||
- isp0
|
||||
- mgmt0
|
||||
bird__asn:
|
||||
aurore: 43619
|
||||
bird__bgp_addresses:
|
||||
infra-1.back.infra.auro.re:
|
||||
- 2a09:6840:203::1:3
|
||||
- 10.203.1.3
|
||||
infra-2.back.infra.auro.re:
|
||||
- 2a09:6840:203::1:4
|
||||
- 10.203.1.4
|
||||
bird__bgp_sessions:
|
||||
- ext0
|
||||
- ups0
|
||||
1:
|
||||
broadcast:
|
||||
- vpn0
|
||||
bird__bgp:
|
||||
edge1:
|
||||
local:
|
||||
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
as: "{{ bird__asn.aurore }}"
|
||||
remote:
|
||||
address: "{{ bird__bgp_addrs[inventory_hostname_short].back }}"
|
||||
as: "{{ bird__as.aurore }}"
|
||||
neighbor:
|
||||
address:
|
||||
- 2a09:6840:203::1:1
|
||||
- 10.203.1.1
|
||||
as: "{{ bird__asn.aurore }}"
|
||||
as: "{{ bird__as.aurore }}"
|
||||
import:
|
||||
- accept: true
|
||||
export:
|
||||
- accept: false
|
||||
edge2:
|
||||
local:
|
||||
address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
as: "{{ bird__asn.aurore }}"
|
||||
remote:
|
||||
address:
|
||||
- 2a09:6840:203::1:2
|
||||
- 10.203.1.2
|
||||
as: "{{ bird__asn.aurore }}"
|
||||
import:
|
||||
- accept: true
|
||||
export:
|
||||
- accept: false
|
||||
- pref_src: "{{ bird__pref_src_addrs[inventory_hostname_short] }}"
|
||||
- accept
|
||||
export: reject
|
||||
roles:
|
||||
- bird
|
||||
|
||||
#- hosts:
|
||||
# - infra-1.back.infra.auro.re
|
||||
# - infra-2.back.infra.auro.re
|
||||
# vars:
|
||||
# bird__router_ids:
|
||||
# infra-1.back.infra.auro.re: 10.203.1.3
|
||||
# infra-2.back.infra.auro.re: 10.203.1.4
|
||||
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
|
||||
# bird__ospf_broadcast_interfaces:
|
||||
# back0: null
|
||||
# bird__ospf_stub_interfaces:
|
||||
# - monit0
|
||||
# - wifi0
|
||||
# - int0
|
||||
# - pub0
|
||||
# - bmc0
|
||||
# - pve0
|
||||
# - isp0
|
||||
# - mgmt0
|
||||
# bird__asn:
|
||||
# aurore: 43619
|
||||
# bird__bgp_addresses:
|
||||
# infra-1.back.infra.auro.re:
|
||||
# - 2a09:6840:203::1:3
|
||||
# - 10.203.1.3
|
||||
# infra-2.back.infra.auro.re:
|
||||
# - 2a09:6840:203::1:4
|
||||
# - 10.203.1.4
|
||||
# bird__bgp_sessions:
|
||||
# edge1:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
# address:
|
||||
# - 2a09:6840:203::1:1
|
||||
# - 10.203.1.1
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: true
|
||||
# export:
|
||||
# - accept: false
|
||||
# edge2:
|
||||
# local:
|
||||
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# remote:
|
||||
## address:
|
||||
# - 2a09:6840:203::1:2
|
||||
# - 10.203.1.2
|
||||
# as: "{{ bird__asn.aurore }}"
|
||||
# import:
|
||||
# - accept: true
|
||||
# export:
|
||||
# - accept: false
|
||||
# roles:
|
||||
# - bird
|
||||
|
||||
- hosts:
|
||||
- edge-1.back.infra.auro.re
|
||||
- edge-2.back.infra.auro.re
|
||||
|
|
|
@ -12,7 +12,11 @@
|
|||
addrs:
|
||||
- 2a09:6840:201::/64
|
||||
- 10.201.0.0/16
|
||||
back:
|
||||
edge:
|
||||
addrs:
|
||||
- 2a09:6840:202::/64
|
||||
- 10.202.0.0/16
|
||||
core:
|
||||
addrs:
|
||||
- 2a09:6840:203::/64
|
||||
- 10.203.0.0/16
|
||||
|
@ -61,7 +65,8 @@
|
|||
zones:
|
||||
- adm-legacy
|
||||
- ups
|
||||
- back
|
||||
- core
|
||||
- edge
|
||||
- monit
|
||||
- wifi
|
||||
- int
|
||||
|
@ -107,7 +112,7 @@
|
|||
dport: 5121
|
||||
verdict: accept
|
||||
firewall__nat:
|
||||
- src: infra
|
||||
- src: 10.0.0.0/8
|
||||
dst: internet
|
||||
protocols: null
|
||||
snat:
|
||||
|
|
|
@ -147,14 +147,10 @@
|
|||
- 2a09:6840:211::1:2/64
|
||||
- 10.211.1.2/16
|
||||
infra-1.back.infra.auro.re:
|
||||
adm0:
|
||||
addresses:
|
||||
- 2a09:6840:128::10:4/64
|
||||
- 10.128.10.4/16
|
||||
gateways: "{{ ifupdown2__gateways.adm }}"
|
||||
back0:
|
||||
addresses:
|
||||
- 2a09:6840:203::1:3/64
|
||||
- 45.66.111.210/32
|
||||
- 10.203.1.3/16
|
||||
ups0:
|
||||
ipv6_addrgen: false
|
||||
|
|
|
@ -373,8 +373,8 @@
|
|||
- 10.128.10.111
|
||||
- 2a09:6840:128::10:111
|
||||
infra-1.back:
|
||||
- 10.128.10.4
|
||||
- 2a09:6840:128::10:4
|
||||
- 2a09:6840:203::1:3
|
||||
- 10.203.1.3
|
||||
infra-2.back:
|
||||
- 10.128.10.104
|
||||
- 2a09:6840:128::10:104
|
||||
|
|
|
@ -25,194 +25,110 @@
|
|||
vars:
|
||||
systemd_link__hosts:
|
||||
edge-1.back.infra.auro.re:
|
||||
adm0:
|
||||
mac: 02:00:00:9E:3E:21
|
||||
crans0:
|
||||
mac: 02:00:00:A2:7C:68
|
||||
zayo0:
|
||||
mac: 02:00:00:35:89:82
|
||||
rezel0:
|
||||
mac: 02:00:00:8F:4A:AD
|
||||
back0:
|
||||
mac: 02:00:00:1C:3A:2E
|
||||
viarezo0:
|
||||
mac: 02:00:00:ED:70:64
|
||||
router0:
|
||||
mac: 02:00:00:5A:17:7C
|
||||
oti0:
|
||||
mac: 02:00:00:05:0E:A6
|
||||
adm0: 02:00:00:9E:3E:21
|
||||
crans0: 02:00:00:A2:7C:68
|
||||
zayo0: 02:00:00:35:89:82
|
||||
rezel0: 02:00:00:8F:4A:AD
|
||||
back0: 02:00:00:1C:3A:2E
|
||||
viarezo0: 02:00:00:ED:70:64
|
||||
router0: 02:00:00:5A:17:7C
|
||||
oti0: 02:00:00:05:0E:A6
|
||||
edge-2.back.infra.auro.re:
|
||||
adm0:
|
||||
mac: 04:00:00:F5:69:B9
|
||||
crans0:
|
||||
mac: 04:00:00:CF:E1:D0
|
||||
zayo0:
|
||||
mac: 04:00:00:67:7B:12
|
||||
rezel0:
|
||||
mac: 04:00:00:C6:05:B7
|
||||
back0:
|
||||
mac: 04:00:00:DE:22:E6
|
||||
viarezo0:
|
||||
mac: 04:00:00:45:FA:E6
|
||||
router0:
|
||||
mac: 04:00:00:AD:D7:71
|
||||
adm0: 04:00:00:F5:69:B9
|
||||
crans0: 04:00:00:CF:E1:D0
|
||||
zayo0: 04:00:00:67:7B:12
|
||||
rezel0: 04:00:00:C6:05:B7
|
||||
back0: 04:00:00:DE:22:E6
|
||||
viarezo0: 04:00:00:45:FA:E6
|
||||
router0: 04:00:00:AD:D7:71
|
||||
ssh-1.mgmt.infra.auro.re:
|
||||
adm0:
|
||||
mac: 02:00:00:a3:49:20
|
||||
pub0:
|
||||
mac: 02:00:00:27:ea:9d
|
||||
mgmt0:
|
||||
mac: 02:00:00:0f:ac:75
|
||||
adm0: 02:00:00:a3:49:20
|
||||
pub0: 02:00:00:27:ea:9d
|
||||
mgmt0: 02:00:00:0f:ac:75
|
||||
vpn-1.back.infra.auro.re:
|
||||
adm0:
|
||||
mac: 02:00:00:3b:74:20
|
||||
vpn0:
|
||||
mac: 02:00:00:b5:ca:c7
|
||||
pub0:
|
||||
mac: 02:00:00:e3:65:49
|
||||
adm0: 02:00:00:3b:74:20
|
||||
vpn0: 02:00:00:b5:ca:c7
|
||||
pub0: 02:00:00:e3:65:49
|
||||
ssh-2.mgmt.infra.auro.re:
|
||||
adm0:
|
||||
mac: 04:00:00:98:c2:10
|
||||
pub0:
|
||||
mac: 04:00:00:65:cc:52
|
||||
mgmt0:
|
||||
mac: 04:00:00:3c:67:08
|
||||
adm0: 04:00:00:98:c2:10
|
||||
pub0: 04:00:00:65:cc:52
|
||||
mgmt0: 04:00:00:3c:67:08
|
||||
dns-1.int.infra.auro.re:
|
||||
adm0:
|
||||
mac: 02:00:00:6c:4b:89
|
||||
int0:
|
||||
mac: 02:00:00:9f:d9:f9
|
||||
adm0: 02:00:00:6c:4b:89
|
||||
int0: 02:00:00:9f:d9:f9
|
||||
dns-2.int.infra.auro.re:
|
||||
adm0:
|
||||
mac: 04:00:00:2a:6e:be
|
||||
int0:
|
||||
mac: 04:00:00:3c:c0:5a
|
||||
adm0: 04:00:00:2a:6e:be
|
||||
int0: 04:00:00:3c:c0:5a
|
||||
infra-1.back.infra.auro.re:
|
||||
adm0:
|
||||
mac: 02:00:00:f0:8a:dd
|
||||
ups0:
|
||||
mac: 02:00:00:fe:6f:0e
|
||||
back0:
|
||||
mac: 02:00:00:f8:93:22
|
||||
monit0:
|
||||
mac: 02:00:00:da:97:7f
|
||||
wifi0:
|
||||
mac: 02:00:00:8c:c5:bf
|
||||
int0:
|
||||
mac: 02:00:00:75:40:3e
|
||||
pub0:
|
||||
enabled: false
|
||||
sw0:
|
||||
mac: 02:00:00:ca:e8:d1
|
||||
bmc0:
|
||||
mac: 02:00:00:47:d1:b9
|
||||
pve0:
|
||||
mac: 02:00:00:b3:35:e7
|
||||
isp0:
|
||||
mac: 02:00:00:6b:53:14
|
||||
mgmt0:
|
||||
enabled: false
|
||||
ext0:
|
||||
mac: 02:00:00:32:86:60
|
||||
vpn0:
|
||||
mac: 02:00:00:52:5f:85
|
||||
adm0: 02:00:00:f0:8a:dd
|
||||
ups0: 02:00:00:fe:6f:0e
|
||||
back0: 02:00:00:f8:93:22
|
||||
monit0: 02:00:00:da:97:7f
|
||||
wifi0: 02:00:00:8c:c5:bf
|
||||
int0: 02:00:00:75:40:3e
|
||||
sw0: 02:00:00:ca:e8:d1
|
||||
bmc0: 02:00:00:47:d1:b9
|
||||
pve0: 02:00:00:b3:35:e7
|
||||
isp0: 02:00:00:6b:53:14
|
||||
ext0: 02:00:00:32:86:60
|
||||
vpn0: 02:00:00:52:5f:85
|
||||
infra-2.back.infra.auro.re:
|
||||
adm0:
|
||||
mac: 04:00:00:d3:03:53
|
||||
ups0:
|
||||
mac: 04:00:00:6d:97:83
|
||||
back0:
|
||||
mac: 04:00:00:46:ba:f9
|
||||
monit0:
|
||||
mac: 04:00:00:72:0b:2d
|
||||
wifi0:
|
||||
mac: 04:00:00:ee:42:0f
|
||||
int0:
|
||||
mac: 04:00:00:21:fd:d0
|
||||
adm0: 04:00:00:d3:03:53
|
||||
ups0: 04:00:00:6d:97:83
|
||||
back0: 04:00:00:46:ba:f9
|
||||
monit0: 04:00:00:72:0b:2d
|
||||
wifi0: 04:00:00:ee:42:0f
|
||||
int0: 04:00:00:21:fd:d0
|
||||
pub0:
|
||||
enabled: false
|
||||
sw0:
|
||||
mac: 04:00:00:2e:5b:16
|
||||
bmc0:
|
||||
mac: 04:00:00:bb:5a:a6
|
||||
pve0:
|
||||
mac: 04:00:00:0b:2b:82
|
||||
isp0:
|
||||
mac: 04:00:00:f4:4c:5d
|
||||
sw0: 04:00:00:2e:5b:16
|
||||
bmc0: 04:00:00:bb:5a:a6
|
||||
pve0: 04:00:00:0b:2b:82
|
||||
isp0: 04:00:00:f4:4c:5d
|
||||
mgmt0:
|
||||
enabled: false
|
||||
ext0:
|
||||
mac: 04:00:00:1d:0e:83
|
||||
vpn0:
|
||||
mac: 04:00:00:02:ba:dd
|
||||
ext0: 04:00:00:1d:0e:83
|
||||
vpn0: 04:00:00:02:ba:dd
|
||||
isp-1.back.infra.auro.re:
|
||||
adm0:
|
||||
mac: 02:00:00:D8:37:45
|
||||
back0:
|
||||
mac: 02:00:00:BF:10:4C
|
||||
trunk0:
|
||||
mac: 02:00:00:E9:BA:15
|
||||
adm0: 02:00:00:D8:37:45
|
||||
back0: 02:00:00:BF:10:4C
|
||||
trunk0: 02:00:00:E9:BA:15
|
||||
isp-2.back.infra.auro.re:
|
||||
adm0:
|
||||
mac: 04:00:00:85:C3:5D
|
||||
back0:
|
||||
mac: 04:00:00:FE:2D:67
|
||||
trunk0:
|
||||
mac: 04:00:00:D8:F5:4D
|
||||
adm0: 04:00:00:85:C3:5D
|
||||
back0: 04:00:00:FE:2D:67
|
||||
trunk0: 04:00:00:D8:F5:4D
|
||||
dhcp-1.isp.infra.auro.re:
|
||||
adm0:
|
||||
mac: 02:00:00:17:61:5b
|
||||
isp0:
|
||||
mac: 02:00:00:c6:3f:6f
|
||||
trunk0:
|
||||
mac: 02:00:00:b1:8d:d6
|
||||
adm0: 02:00:00:17:61:5b
|
||||
isp0: 02:00:00:c6:3f:6f
|
||||
trunk0: 02:00:00:b1:8d:d6
|
||||
dhcp-2.isp.infra.auro.re:
|
||||
adm0:
|
||||
mac: 04:00:00:0c:f1:42
|
||||
isp0:
|
||||
mac: 04:00:00:8c:d1:36
|
||||
trunk0:
|
||||
mac: 04:00:00:33:2c:3c
|
||||
adm0: 04:00:00:0c:f1:42
|
||||
isp0: 04:00:00:8c:d1:36
|
||||
trunk0: 04:00:00:33:2c:3c
|
||||
radius-1.isp.infra.auro.re:
|
||||
adm0:
|
||||
mac: 02:00:00:4f:35:12
|
||||
isp0:
|
||||
mac: 02:00:00:6a:3e:f4
|
||||
adm0: 02:00:00:4f:35:12
|
||||
isp0: 02:00:00:6a:3e:f4
|
||||
radius-2.isp.infra.auro.re:
|
||||
adm0:
|
||||
mac: 04:00:00:96:54:a6
|
||||
isp0:
|
||||
mac: 04:00:00:29:6d:c9
|
||||
adm0: 04:00:00:96:54:a6
|
||||
isp0: 04:00:00:29:6d:c9
|
||||
ldap-1.int.infra.auro.re:
|
||||
adm0:
|
||||
mac: 02:00:00:38:c2:52
|
||||
int0:
|
||||
mac: 02:00:00:fe:a8:54
|
||||
adm0: 02:00:00:38:c2:52
|
||||
int0: 02:00:00:fe:a8:54
|
||||
ldap-2.int.infra.auro.re:
|
||||
adm0:
|
||||
mac: 04:00:00:f7:1c:47
|
||||
int0:
|
||||
mac: 04:00:00:e4:83:d2
|
||||
adm0: 04:00:00:f7:1c:47
|
||||
int0: 04:00:00:e4:83:d2
|
||||
ntp-1.int.infra.auro.re:
|
||||
adm0:
|
||||
mac: 02:00:00:e0:26:2e
|
||||
int0:
|
||||
mac: 02:00:00:74:71:83
|
||||
adm0: 02:00:00:e0:26:2e
|
||||
int0: 02:00:00:74:71:83
|
||||
ntp-2.int.infra.auro.re:
|
||||
adm0:
|
||||
mac: 04:00:00:08:83:2b
|
||||
int0:
|
||||
mac: 04:00:00:31:be:50
|
||||
adm0: 04:00:00:08:83:2b
|
||||
int0: 04:00:00:31:be:50
|
||||
prometheus-1.monit.infra.auro.re:
|
||||
adm0:
|
||||
mac: 02:00:00:66:33:9d
|
||||
monit0:
|
||||
mac: 02:00:00:a8:6b:51
|
||||
adm0: 02:00:00:66:33:9d
|
||||
monit0: 02:00:00:a8:6b:51
|
||||
prometheus-2.monit.infra.auro.re:
|
||||
adm0:
|
||||
mac: 04:00:00:3d:c6:a1
|
||||
monit0:
|
||||
mac: 04:00:00:a6:93:5a
|
||||
adm0: 04:00:00:3d:c6:a1
|
||||
monit0: 04:00:00:a6:93:5a
|
||||
systemd_link__links: "{{ systemd_link__hosts[inventory_hostname] }}"
|
||||
roles:
|
||||
- systemd_link
|
||||
|
|
|
@ -8,26 +8,111 @@ protocol device {
|
|||
scan time 10;
|
||||
}
|
||||
|
||||
protocol direct {
|
||||
ipv4;
|
||||
ipv6;
|
||||
}
|
||||
|
||||
protocol kernel kernel4 {
|
||||
ipv4 {
|
||||
import all;
|
||||
export where source !~ [ RTS_DEVICE, RTS_STATIC ];
|
||||
{% for name, kernel in bird__kernel.items() %}
|
||||
{% for version in ["ipv4", "ipv6"] %}
|
||||
{% set ipv4 = version == "ipv4" %}
|
||||
protocol kernel {{ name | bird_name(ipv4) }} {
|
||||
{% if kernel.kernel is defined %}
|
||||
kernel table {{ kernel.kernel }};
|
||||
{% endif %}
|
||||
{% if kernel.learn | default(False) %}
|
||||
learn;
|
||||
{% endif %}
|
||||
{% if kernel.persist | default(False) %}
|
||||
persist;
|
||||
{% endif %}
|
||||
{{ version }} {
|
||||
{{ kernel.import
|
||||
| default([])
|
||||
| bird_import(ipv4)
|
||||
| indent(8) }}
|
||||
{% if kernel.limits.import is defined %}
|
||||
import limit {{ kernel.limits.import }};
|
||||
{% endif %}
|
||||
{{ kernel.export
|
||||
| default([])
|
||||
| bird_export(ipv4)
|
||||
| indent(8) }}
|
||||
{% if kernel.limits.export is defined %}
|
||||
export limit {{ kernel.limits.export }};
|
||||
{% endif %}
|
||||
};
|
||||
}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
|
||||
protocol kernel kernel6 {
|
||||
ipv6 {
|
||||
import all;
|
||||
export where source !~ [ RTS_DEVICE, RTS_STATIC ];
|
||||
{% if bird__ospf is defined %}
|
||||
{% for version in ["ipv4", "ipv6"] %}
|
||||
{% set ipv4 = version == "ipv4" %}
|
||||
{% set ospf_version = "v2" if ipv4 else "v3" %}
|
||||
protocol ospf {{ ospf_version }} {{ "ospf" | bird_name(ipv4) }} {
|
||||
{{ version }} {
|
||||
{{ bird__ospf.import
|
||||
| default([])
|
||||
| bird_import(ipv4)
|
||||
| indent(8) }}
|
||||
{% if bird__ospf.limits.import is defined %}
|
||||
import limit {{ bird__ospf.limits.import }};
|
||||
{% endif %}
|
||||
{{ bird__ospf.export
|
||||
| default([])
|
||||
| bird_export(ipv4)
|
||||
| indent(8) }}
|
||||
{% if bird__ospf.limits.export is defined %}
|
||||
export limit {{ bird__ospf.limits.export }};
|
||||
{% endif %}
|
||||
};
|
||||
{% for id, area in bird__ospf.areas.items() %}
|
||||
area {{ id }} {
|
||||
{% for iface in area.broadcast | default([]) %}
|
||||
interface {{ iface | enquote }} {
|
||||
type broadcast;
|
||||
hello 2;
|
||||
retransmit 5;
|
||||
wait 10;
|
||||
dead 20;
|
||||
};
|
||||
{% endfor %}
|
||||
{% for iface in area.stub | default([]) %}
|
||||
interface {{ iface | enquote }} { stub; };
|
||||
{% endfor %}
|
||||
};
|
||||
{% endfor %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% for name, bgp in bird__bgp.items() %}
|
||||
{% for version in ["ipv4", "ipv6"] %}
|
||||
{% set ipv4 = version == "ipv4" %}
|
||||
protocol bgp {{ name | bird_name(ipv4) }} {
|
||||
local {{ bgp.local.address
|
||||
| ansible.utils.ipaddr(version)
|
||||
| first }} as {{ bgp.local.as }};
|
||||
neighbor {{ bgp.neighbor.address
|
||||
| ansible.utils.ipaddr(version)
|
||||
| first }} as {{ bgp.neighbor.as }};
|
||||
{{ version }} {
|
||||
{{ bgp.import
|
||||
| default([])
|
||||
| bird_import(ipv4)
|
||||
| indent(8) }}
|
||||
{% if bgp.limits.import is defined %}
|
||||
import limit {{ bgp.limits.import }};
|
||||
{% endif %}
|
||||
{{ bgp.export
|
||||
| default([])
|
||||
| bird_export(ipv4)
|
||||
| indent(8) }}
|
||||
{% if bgp.limits.export is defined %}
|
||||
export limit {{ bgp.limits.export }};
|
||||
{% endif %}
|
||||
};
|
||||
}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
|
||||
{% if bird__static_unreachable | ansible.utils.ipv4 %}
|
||||
{# {% if bird__static_unreachable | ansible.utils.ipv4 %}
|
||||
protocol static unreachable4 {
|
||||
ipv4 {
|
||||
import all;
|
||||
|
@ -47,70 +132,9 @@ protocol static unreachable6 {
|
|||
route {{ route }} unreachable;
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %} #}
|
||||
|
||||
{% if bird__ospf_broadcast_interfaces %}
|
||||
protocol ospf v2 ospf4 {
|
||||
ipv4 {
|
||||
import all;
|
||||
export where source ~ [ RTS_STATIC, RTS_DEVICE ];
|
||||
};
|
||||
area 0 {
|
||||
{% for network in bird__ospf_stub_networks | ansible.utils.ipv4 %}
|
||||
stubnet {{ network }};
|
||||
{% endfor %}
|
||||
{% for name, iface in bird__ospf_broadcast_interfaces.items() %}
|
||||
interface {{ name | enquote }} {
|
||||
type broadcast;
|
||||
hello {{ iface.hello | default(bird__ospf_hello) | int }};
|
||||
retransmit {{ iface.retransmit
|
||||
| default(bird__ospf_retransmit)
|
||||
| int }};
|
||||
wait {{ iface.wait | default(bird__ospf_wait) | int }};
|
||||
dead {{ iface.dead | default(bird__ospf_dead) | int }};
|
||||
};
|
||||
{% endfor %}
|
||||
{% for name in bird__ospf_stub_interfaces %}
|
||||
interface {{ name | enquote }} {
|
||||
stub;
|
||||
};
|
||||
{% endfor %}
|
||||
};
|
||||
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if bird__ospf_broadcast_interfaces %}
|
||||
protocol ospf v3 ospf6 {
|
||||
ipv6 {
|
||||
import all;
|
||||
export where source ~ [ RTS_STATIC, RTS_DEVICE ];
|
||||
};
|
||||
area 0 {
|
||||
{% for network in bird__ospf_stub_networks | ansible.utils.ipv6 %}
|
||||
stubnet {{ network }};
|
||||
{% endfor %}
|
||||
{% for name, iface in bird__ospf_broadcast_interfaces.items() %}
|
||||
interface {{ name | enquote }} {
|
||||
type broadcast;
|
||||
hello {{ iface.hello | default(bird__ospf_hello) | int }};
|
||||
retransmit {{ iface.retransmit
|
||||
| default(bird__ospf_retransmit)
|
||||
| int }};
|
||||
wait {{ iface.wait | default(bird__ospf_wait) | int }};
|
||||
dead {{ iface.dead | default(bird__ospf_dead) | int }};
|
||||
};
|
||||
{% endfor %}
|
||||
{% for name in bird__ospf_stub_interfaces %}
|
||||
interface {{ name | enquote }} {
|
||||
stub;
|
||||
};
|
||||
{% endfor %}
|
||||
};
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% macro bird_filter(filter, last) %}
|
||||
{# {% macro bird_filter(filter, last) %}
|
||||
{% if filter.as_prepend is defined %}
|
||||
{% for _ in range(filter.as_prepend.size) %}
|
||||
bgp_path.prepend({{ filter.as_prepend.asn }});
|
||||
|
@ -124,7 +148,6 @@ bgp_local_pref = {{ filter.local_pref }};
|
|||
{% endif %}
|
||||
{% endmacro %}
|
||||
|
||||
{# FIXME: massive cleanup required #}
|
||||
{% for name, session in bird__bgp_sessions.items() %}
|
||||
{% for version in [4, 6] %}
|
||||
{% for direction in ["import", "export"] %}
|
||||
|
@ -208,4 +231,4 @@ protocol radv {
|
|||
rdnss {{ address | ipaddr }};
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %} #}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
[Match]
|
||||
MACAddress={{ item.value.mac }}
|
||||
MACAddress={{ item.value.mac | default(item.value) }}
|
||||
|
||||
[Link]
|
||||
Name={{ item.key }}
|
||||
|
|
Loading…
Reference in a new issue