bird: add role + playbook, with support for OSPF + RAdv

This commit is contained in:
jeltz 2022-09-03 03:44:31 +02:00
parent 2e10714a79
commit 866f175ed2
Signed by: jeltz
GPG key ID: 800882B66C0C3326
6 changed files with 208 additions and 0 deletions

16
filter_plugins/enquote.py Normal file
View file

@ -0,0 +1,16 @@
class FilterModule:
def filters(self):
return {
"enquote": enquote,
}
def enquote(string, delimiter='"', escape="\\"):
translation = str.maketrans(
{
delimiter: f"{escape}{delimiter}",
escape: f"{escape}{escape}",
}
)
escaped = string.translate(translation)
return f"{delimiter}{escaped}{delimiter}"

49
playbooks/bird.yml Executable file
View file

@ -0,0 +1,49 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
bird__router_ids:
isp-1.rtr.infra.auro.re: 10.136.0.1
isp-2.rtr.infra.auro.re: 10.136.0.2
bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
bird__ospf_broadcast_interfaces:
ens20: null
bird__ospf_stub_interfaces:
- client-0
- client-1
- client-2
- client-3
- client-4
bird__radv_interfaces:
client-0:
prefix:
- 2a09:6841::/56
domain_search:
- client-0.isp.auro.re
client-1:
prefix:
- 2a09:6841:0:100::/56
domain_search:
- client-1.isp.auro.re
client-2:
prefix:
- 2a09:6841:0:200::/56
domain_search:
- client-2.isp.auro.re
client-3:
prefix:
- 2a09:6841:0:300::/56
domain_search:
- client-3.isp.auro.re
client-4:
prefix:
- 2a09:6841:0:400::/56
domain_search:
- client-4.isp.auro.re
bird__radv_dns_servers:
- 2a09:6840:128::127
roles:
- bird
...

View file

@ -0,0 +1,11 @@
---
bird__ospf_stub_interfaces: []
bird__ospf_broadcast_interfaces: {}
bird__ospf_hello: 2
bird__ospf_retransmit: 5
bird__ospf_wait: 10
bird__ospf_dead: 20
bird__radv_interfaces: {}
bird__radv_dns_servers: []
bird__radv_max_interval: 5
...

View file

@ -0,0 +1,6 @@
---
- name: Reload bird
systemd:
name: bird.service
state: reloaded
...

21
roles/bird/tasks/main.yml Normal file
View file

@ -0,0 +1,21 @@
---
- name: Install bird
apt:
name: bird2
- name: Configure bird
template:
src: bird.conf.j2
dest: /etc/bird/bird.conf
owner: root
group: bird
mode: u=rw,g=r,o=
notify:
- Reload bird
- name: Enable and start bird
systemd:
name: bird.service
state: started
enabled: true
...

View file

@ -0,0 +1,105 @@
{{ ansible_managed | comment }}
log syslog all;
router id {{ bird__router_id }};
protocol device {
scan time 10;
}
protocol kernel {
ipv4 {
import all;
export all;
};
}
protocol kernel {
ipv6 {
import all;
export all;
};
}
protocol ospf v2 {
ipv4 {
import all;
export where source = RTS_STATIC;
};
area 0 {
{% for name, iface in bird__ospf_broadcast_interfaces.items() %}
interface {{ name | enquote }} {
type broadcast;
hello {{ iface.hello | default(bird__ospf_hello) | int }};
retransmit {{ iface.retransmit
| default(bird__ospf_retransmit)
| int }};
wait {{ iface.wait | default(bird__ospf_wait) | int }};
dead {{ iface.dead | default(bird__ospf_dead) | int }};
};
{% endfor %}
{% for name in bird__ospf_stub_interfaces %}
interface {{ name | enquote }} {
stub;
};
{% endfor %}
};
}
protocol ospf v3 {
ipv6 {
import all;
export where source = RTS_STATIC;
};
area 0 {
{% for name, iface in bird__ospf_broadcast_interfaces.items() %}
interface {{ name | enquote }} {
type broadcast;
hello {{ iface.hello | default(bird__ospf_hello) | int }};
retransmit {{ iface.retransmit
| default(bird__ospf_retransmit)
| int }};
wait {{ iface.wait | default(bird__ospf_wait) | int }};
dead {{ iface.dead | default(bird__ospf_dead) | int }};
};
{% endfor %}
{% for name in bird__ospf_stub_interfaces %}
interface {{ name | enquote }} {
stub;
};
{% endfor %}
};
}
{% if bird__radv_interfaces %}
protocol radv {
ipv6 {
export all;
};
{% for name, iface in bird__radv_interfaces.items() %}
interface {{ name | enquote }} {
max ra interval {{ bird__radv_max_interval | int }};
{% for prefix in iface.prefix | default([]) %}
prefix {{ prefix | ipaddr }};
{% endfor %}
{% for domain in iface.domain_search | default([]) %}
dnssl {{ domain | enquote }};
{% endfor %}
};
{% endfor %}
{% for address in bird__radv_dns_servers %}
rdnss {{ address | ipaddr }};
{% endfor %}
}
{% endif %}