current state

legacy
Astro 6 years ago
parent cb0950b383
commit 14c7c5d528

@ -1,4 +1,4 @@
vlans:
core: 1
server: 2
public: 3
serv: 2
pub: 3

@ -0,0 +1,4 @@
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1

@ -0,0 +1,9 @@
/etc/sysctl.d/80-forwarding.conf:
file.managed:
- source: "salt://forwarding/forwarding.conf"
apply:
cmd.run:
- name: sysctl -p /etc/sysctl.d/80-forwarding.conf
require:
- file: /etc/sysctl.d/80-forwarding.conf

@ -10,7 +10,7 @@ lxc.kmsg = 0
{%- for net, conf in container['interfaces'].items() %}
lxc.network.type={{ conf['type'] }}
lxc.network.flags=up
{% if conf['type'] == 'veth' %}
{%- if conf['type'] == 'veth' %}
lxc.network.veth.pair={{ id }}-{{ net }}
{%- endif %}
{%- set inet_addr = pillar['hosts-inet'][net].get(id) %}
@ -20,11 +20,16 @@ lxc.network.ipv4={{ inet_addr }}/{{ prefix_len }}
{%- endif %}
{%- if conf['type'] == 'veth' %}
lxc.network.link=br-{{ net }}
{%- elif conf['type'] == 'phys' %}
lxc.network.link=bond0.{{ pillar['vlans'].get(net) }}
{%- endif %}
lxc.network.name={{ net }}
#lxc.network.ipv4.gateway=
{%- if net == 'core' %}
lxc.network.ipv4.gateway=172.20.72.1
{%- endif %}
#lxc.network.ipv6=
#lxc.network.ipv6.gateway=fe80::1
{%- endfor %}
## TODO: limits + caps
## TODO: include Debian.common.conf

@ -9,6 +9,8 @@ serv-gw:
interfaces:
core:
type: veth
serv:
type: veth
priv1-gw:
interfaces:

@ -39,5 +39,5 @@ start-{{ id }}:
- name: lxc@{{ id }}
require:
- service: autostart-{{ id }}
{% endfor %}

@ -0,0 +1,33 @@
'0': 0.0.0.0
'1': 128.0.0.0
'2': 192.0.0.0
'3': 224.0.0.0
'4': 240.0.0.0
'5': 248.0.0.0
'6': 252.0.0.0
'7': 254.0.0.0
'8': 255.0.0.0
'9': 255.128.0.0
'10': 255.192.0.0
'11': 255.224.0.0
'12': 255.240.0.0
'13': 255.248.0.0
'14': 255.252.0.0
'15': 255.254.0.0
'16': 255.255.0.0
'17': 255.255.128.0
'18': 255.255.192.0
'19': 255.255.224.0
'20': 255.255.240.0
'21': 255.255.248.0
'22': 255.255.252.0
'23': 255.255.254.0
'24': 255.255.255.0
'25': 255.255.255.128
'26': 255.255.255.192
'27': 255.255.255.224
'28': 255.255.255.240
'29': 255.255.255.248
'30': 255.255.255.252
'31': 255.255.255.254
'32': 255.255.255.255

@ -1,2 +1,28 @@
bird:
quagga:
pkg.installed: []
{%- for daemon in ['zebra', 'ospfd'] %}
/etc/systemd/system/{{ daemon }}.service:
file.managed:
- source: salt://ospf/{{ daemon }}.service
/etc/quagga/{{ daemon }}.conf:
file.managed:
- source: salt://ospf/{{ daemon }}.conf
- template: 'jinja'
autostart-{{ daemon }}:
service.enabled:
- name: {{ daemon }}
require_in:
- file: /etc/systemd/system/{{ daemon }}.service
- file: /etc/quagga/{{ daemon }}.conf
start-{{ daemon }}:
service.running:
- name: {{ daemon }}
require:
- service: autostart-{{ daemon }}
{%- endfor %}

@ -0,0 +1,22 @@
{%- set id = salt['grains.get']('id') %}
{%- set core_ifaces = ['br-core', 'core'] %}
{%- for iface in core_ifaces %}
interface {{ iface }}
ip ospf network multicast
ip ospf authentication message-digest
ip ospf authentication-key secret
{%- endfor %}
router ospf
router-id {{ pillar['hosts-inet']['core'][id] }}
passive-interface default
{%- for iface in core_ifaces %}
no passive-interface {{ iface }}
{%- endfor %}
network {{ pillar['subnets-inet']['core'] }} area 0
area 0 authentication message-digest
redistribute connected

@ -0,0 +1,9 @@
[Unit]
Requires = zebra.service
After = network.target
[Service]
ExecStart = /usr/lib/quagga/ospfd
[Install]
WantedBy = default.target

@ -0,0 +1,8 @@
[Unit]
After = network.target
[Service]
ExecStart = /usr/lib/quagga/zebra
[Install]
WantedBy = default.target

@ -1,3 +1,4 @@
{%- import_yaml "netmasks.yaml" as netmasks -%}
{% set bond_slaves = ['eth1', 'eth2'] %}
{% for slave in bond_slaves %}
@ -17,17 +18,18 @@ bond0:
slaves: {{ ' '.join(bond_slaves) }}
miimon: 100
{% for vlan in range(1, 15) %}
{% for name, vlan in pillar['vlans'].items() %}
bond0.{{ vlan }}:
network.managed:
- type: vlan
proto: manual
use:
- network: bond0
require:
- network: bond0
{% endfor %}
{%- for net in ['core', 'public'] %}
{%- for net in ['core'] %}
{%- set vlan = pillar['vlans'][net] %}
br-{{ net }}:
network.managed:
@ -36,13 +38,12 @@ br-{{ net }}:
{%- set ip_addr = pillar['hosts-inet'][net].get('server1') %}
{%- if ip_addr %}
{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
proto: manual
address: {{ ip_addr }}/{{ prefix_len }}
{%- else %}
proto: static
address: {{ ip_addr }}
netmask: {{ netmasks[prefix_len] }}
{%- else %}
proto: manual
{%- endif %}
address: {{ pillar['subnets-inet']['core'] }}
bypassfirewall: True
use:
- network: bond0.{{ vlan }}
require:

@ -6,12 +6,15 @@ base:
- ospf
'*-gw':
- no-ssh
- forwarding
- ospf
'upstream*':
- no-ssh
- forwarding
- ospf
- unbound
'anon*':
- no-ssh
- forwarding
- ospf
- unbound

Loading…
Cancel
Save