current state

This commit is contained in:
Astro 2016-11-08 22:36:08 +01:00
parent cb0950b383
commit 14c7c5d528
14 changed files with 135 additions and 13 deletions

View File

@ -1,4 +1,4 @@
vlans: vlans:
core: 1 core: 1
server: 2 serv: 2
public: 3 pub: 3

View File

@ -0,0 +1,4 @@
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1

9
salt/forwarding/init.sls Normal file
View File

@ -0,0 +1,9 @@
/etc/sysctl.d/80-forwarding.conf:
file.managed:
- source: "salt://forwarding/forwarding.conf"
apply:
cmd.run:
- name: sysctl -p /etc/sysctl.d/80-forwarding.conf
require:
- file: /etc/sysctl.d/80-forwarding.conf

View File

@ -10,7 +10,7 @@ lxc.kmsg = 0
{%- for net, conf in container['interfaces'].items() %} {%- for net, conf in container['interfaces'].items() %}
lxc.network.type={{ conf['type'] }} lxc.network.type={{ conf['type'] }}
lxc.network.flags=up lxc.network.flags=up
{% if conf['type'] == 'veth' %} {%- if conf['type'] == 'veth' %}
lxc.network.veth.pair={{ id }}-{{ net }} lxc.network.veth.pair={{ id }}-{{ net }}
{%- endif %} {%- endif %}
{%- set inet_addr = pillar['hosts-inet'][net].get(id) %} {%- set inet_addr = pillar['hosts-inet'][net].get(id) %}
@ -20,11 +20,16 @@ lxc.network.ipv4={{ inet_addr }}/{{ prefix_len }}
{%- endif %} {%- endif %}
{%- if conf['type'] == 'veth' %} {%- if conf['type'] == 'veth' %}
lxc.network.link=br-{{ net }} lxc.network.link=br-{{ net }}
{%- elif conf['type'] == 'phys' %}
lxc.network.link=bond0.{{ pillar['vlans'].get(net) }}
{%- endif %} {%- endif %}
lxc.network.name={{ net }} lxc.network.name={{ net }}
#lxc.network.ipv4.gateway= {%- if net == 'core' %}
lxc.network.ipv4.gateway=172.20.72.1
{%- endif %}
#lxc.network.ipv6= #lxc.network.ipv6=
#lxc.network.ipv6.gateway=fe80::1 #lxc.network.ipv6.gateway=fe80::1
{%- endfor %} {%- endfor %}
## TODO: limits + caps ## TODO: limits + caps
## TODO: include Debian.common.conf

View File

@ -9,6 +9,8 @@ serv-gw:
interfaces: interfaces:
core: core:
type: veth type: veth
serv:
type: veth
priv1-gw: priv1-gw:
interfaces: interfaces:

View File

@ -39,5 +39,5 @@ start-{{ id }}:
- name: lxc@{{ id }} - name: lxc@{{ id }}
require: require:
- service: autostart-{{ id }} - service: autostart-{{ id }}
{% endfor %} {% endfor %}

33
salt/netmasks.yaml Normal file
View File

@ -0,0 +1,33 @@
'0': 0.0.0.0
'1': 128.0.0.0
'2': 192.0.0.0
'3': 224.0.0.0
'4': 240.0.0.0
'5': 248.0.0.0
'6': 252.0.0.0
'7': 254.0.0.0
'8': 255.0.0.0
'9': 255.128.0.0
'10': 255.192.0.0
'11': 255.224.0.0
'12': 255.240.0.0
'13': 255.248.0.0
'14': 255.252.0.0
'15': 255.254.0.0
'16': 255.255.0.0
'17': 255.255.128.0
'18': 255.255.192.0
'19': 255.255.224.0
'20': 255.255.240.0
'21': 255.255.248.0
'22': 255.255.252.0
'23': 255.255.254.0
'24': 255.255.255.0
'25': 255.255.255.128
'26': 255.255.255.192
'27': 255.255.255.224
'28': 255.255.255.240
'29': 255.255.255.248
'30': 255.255.255.252
'31': 255.255.255.254
'32': 255.255.255.255

View File

@ -1,2 +1,28 @@
bird: quagga:
pkg.installed: [] pkg.installed: []
{%- for daemon in ['zebra', 'ospfd'] %}
/etc/systemd/system/{{ daemon }}.service:
file.managed:
- source: salt://ospf/{{ daemon }}.service
/etc/quagga/{{ daemon }}.conf:
file.managed:
- source: salt://ospf/{{ daemon }}.conf
- template: 'jinja'
autostart-{{ daemon }}:
service.enabled:
- name: {{ daemon }}
require_in:
- file: /etc/systemd/system/{{ daemon }}.service
- file: /etc/quagga/{{ daemon }}.conf
start-{{ daemon }}:
service.running:
- name: {{ daemon }}
require:
- service: autostart-{{ daemon }}
{%- endfor %}

22
salt/ospf/ospfd.conf Normal file
View File

@ -0,0 +1,22 @@
{%- set id = salt['grains.get']('id') %}
{%- set core_ifaces = ['br-core', 'core'] %}
{%- for iface in core_ifaces %}
interface {{ iface }}
ip ospf network multicast
ip ospf authentication message-digest
ip ospf authentication-key secret
{%- endfor %}
router ospf
router-id {{ pillar['hosts-inet']['core'][id] }}
passive-interface default
{%- for iface in core_ifaces %}
no passive-interface {{ iface }}
{%- endfor %}
network {{ pillar['subnets-inet']['core'] }} area 0
area 0 authentication message-digest
redistribute connected

9
salt/ospf/ospfd.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Requires = zebra.service
After = network.target
[Service]
ExecStart = /usr/lib/quagga/ospfd
[Install]
WantedBy = default.target

0
salt/ospf/zebra.conf Normal file
View File

8
salt/ospf/zebra.service Normal file
View File

@ -0,0 +1,8 @@
[Unit]
After = network.target
[Service]
ExecStart = /usr/lib/quagga/zebra
[Install]
WantedBy = default.target

View File

@ -1,3 +1,4 @@
{%- import_yaml "netmasks.yaml" as netmasks -%}
{% set bond_slaves = ['eth1', 'eth2'] %} {% set bond_slaves = ['eth1', 'eth2'] %}
{% for slave in bond_slaves %} {% for slave in bond_slaves %}
@ -17,17 +18,18 @@ bond0:
slaves: {{ ' '.join(bond_slaves) }} slaves: {{ ' '.join(bond_slaves) }}
miimon: 100 miimon: 100
{% for vlan in range(1, 15) %} {% for name, vlan in pillar['vlans'].items() %}
bond0.{{ vlan }}: bond0.{{ vlan }}:
network.managed: network.managed:
- type: vlan - type: vlan
proto: manual
use: use:
- network: bond0 - network: bond0
require: require:
- network: bond0 - network: bond0
{% endfor %} {% endfor %}
{%- for net in ['core', 'public'] %} {%- for net in ['core'] %}
{%- set vlan = pillar['vlans'][net] %} {%- set vlan = pillar['vlans'][net] %}
br-{{ net }}: br-{{ net }}:
network.managed: network.managed:
@ -36,13 +38,12 @@ br-{{ net }}:
{%- set ip_addr = pillar['hosts-inet'][net].get('server1') %} {%- set ip_addr = pillar['hosts-inet'][net].get('server1') %}
{%- if ip_addr %} {%- if ip_addr %}
{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %} {%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
proto: manual
address: {{ ip_addr }}/{{ prefix_len }}
{%- else %}
proto: static proto: static
address: {{ ip_addr }}
netmask: {{ netmasks[prefix_len] }}
{%- else %}
proto: manual
{%- endif %} {%- endif %}
address: {{ pillar['subnets-inet']['core'] }}
bypassfirewall: True
use: use:
- network: bond0.{{ vlan }} - network: bond0.{{ vlan }}
require: require:

View File

@ -6,12 +6,15 @@ base:
- ospf - ospf
'*-gw': '*-gw':
- no-ssh - no-ssh
- forwarding
- ospf - ospf
'upstream*': 'upstream*':
- no-ssh - no-ssh
- forwarding
- ospf - ospf
- unbound - unbound
'anon*': 'anon*':
- no-ssh - no-ssh
- forwarding
- ospf - ospf
- unbound - unbound