this is what salty progress looks like

salt-pillar/hosts/init.sls

@@ -0,0 +1,13 @@
+hosts-inet:
+  core:
+    server1: 172.20.72.1
+    serv-gw: 172.20.72.2
+    pub-gw: 172.20.72.3
+    priv1-gw: 172.20.72.4
+    priv2-gw: 172.20.72.5
+    upstream1: 172.20.72.6
+    anon1: 172.20.72.7
+  pub:
+    pub-gw: 172.20.76.1
+  serv:
+    serv-gw: 172.20.73.1

salt-pillar/subnets/init.sls

@@ -0,0 +1,7 @@
+subnets-inet:
+  core: 172.20.72.0/26
+  serv: 172.20.73.0/26
+  pub: 172.20.76.0/23
+  priv1: 172.20.74.0/28
+  priv2: 172.20.75.0/28
+  mgm: 10.0.0.0/24

salt-pillar/top.sls

@@ -0,0 +1,5 @@
+base:
+  '*':
+    - hosts
+    - subnets
+    - vlans

salt-pillar/vlans/init.sls

@@ -0,0 +1,4 @@
+vlans:
+  core: 1
+  server: 2
+  public: 3

salt/lxc-containers-1/config

@@ -7,24 +7,24 @@ lxc.rootfs.backend = dir
 lxc.autodev = 1
 lxc.kmsg = 0
 
-{% for interface in container.interfaces %}
-lxc.network.type={{ interface['type'] }}
+{%- for net, type in container.interfaces.items() %}
+lxc.network.type={{ type }}
 lxc.network.flags=up
-{% if interface['type'] == 'veth' %}
-lxc.network.veth.pair={{ id }}-{{ interface['type'] }}
-{% endif %}
-{% if interface.get('v4') %}
-lxc.network.ipv4={{ interface['v4'] }}
-{% endif %}
-{% if interface.get('bridge') %}
-lxc.network.link={{ interface['bridge'] }}
-{% endif %}
-{% if interface.get('name') %}
-lxc.network.name={{ interface['name'] }}
-{% endif %}
+{% if type == 'veth' %}
+lxc.network.veth.pair={{ id }}-{{ net }}
+{%- endif %}
+{%- set inet_addr = pillar['hosts-inet'][net].get(id) %}
+{%- if inet_addr %}
+{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
+lxc.network.ipv4={{ inet_addr }}/{{ prefix_len }}
+{%- endif %}
+{%- if type == 'veth' %}
+lxc.network.link=br-{{ net }}
+{%- endif %}
+lxc.network.name={{ net }}
 #lxc.network.ipv4.gateway=
 #lxc.network.ipv6=
 #lxc.network.ipv6.gateway=fe80::1
-{% endfor %}
+{%- endfor %}
 
 ## TODO: limits + caps

salt/lxc-containers-1/containers.yaml

@@ -1,38 +1,31 @@
-public:
+pub-gw:
   interfaces:
-    - type: veth
-      bridge: br-core
-      name: core
-      v4: 172.20.72.1/26
-    - type: phys
-      bridge: bond0.2
-      name: public
-      v4: 172.20.76.1/23
+    core:
+      type: veth
+    pub:
+      type: phys
 
-servers:
+serv-gw:
   interfaces:
-    - type: veth
-      bridge: br-core
-      name: core
-      v4: 172.20.72.2/26
+    core:
+      type: veth
 
-priv1:
+priv1-gw:
   interfaces:
-    - type: veth
-      bridge: br-core
-      name: core
-      v4: 172.20.72.3/26
+    core:
+      type: veth
 
-priv2:
+priv2-gw:
   interfaces:
-    - type: veth
-      bridge: br-core
-      name: core
-      v4: 172.20.72.4/26
+    core:
+      type: veth
 
 upstream1:
   interfaces:
-    - type: veth
-      bridge: br-core
-      name: core
-      v4: 172.20.72.5/26
+    core:
+      type: veth
+
+anon1:
+  interface:
+    core:
+      type: veth

salt/lxc-containers-1/hosts

@@ -0,0 +1,10 @@
+127.0.0.1       localhost
+::1             localhost ip6-localhost ip6-loopback
+
+{% for net, hosts in pillar['hosts-inet'].items() %}
+{% if hosts.get(id) %}
+{{ hosts[id] }}                {{ id }}
+{% endif %}
+{% endfor %}
+
+{{ pillar['hosts-inet']['core']['server1'] }}     salt

salt/lxc-containers-1/init.sls

@@ -7,7 +7,7 @@ lxc:
 
 /var/lib/lxc/{{ id }}:
   cmd.run:
-    - name: lxc-create -n {{ id }} -B dir -t download -- -d debian -r jessie -a amd64 --  --packages salt-minion
+    - name: lxc-create -n {{ id }} -B dir -t debian -- -r stretch --packages=salt-minion
     - require:
         - pkg: lxc
     - creates: /var/lib/lxc/{{ id }}
@@ -20,6 +20,14 @@ lxc:
         id: {{ id }}
         container: {{ container }}
 
+/var/lib/lxc/{{ id }}/rootfs/etc/hosts:
+  file.managed:
+    - source: salt://lxc-containers-1/hosts
+    - template: 'jinja'
+    - context:
+        id: {{ id }}
+        container: {{ container }}
+
 autostart-{{ id }}:
   service.enabled:
       - name: lxc@{{ id }}

salt/no-ssh.sls

@@ -0,0 +1,2 @@
+openssh-server:
+  pkg.purged: []

salt/ospf/init.sls

@@ -0,0 +1,2 @@
+bird:
+  pkg.installed: []

salt/server1-network.sls

@@ -27,26 +27,25 @@ bond0.{{ vlan }}:
         - network: bond0
 {% endfor %}
 
-br-core:
+{%- for net in ['core', 'public'] %}
+{%- set vlan = pillar['vlans'][net] %}
+br-{{ net }}:
   network.managed:
     - type: bridge
-      ports: bond0.1
+      ports: bond0.{{ vlan }}
+{%- set ip_addr = pillar['hosts-inet'][net].get('server1') %}
+{%- if ip_addr %}
+{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
       proto: manual
+      address: {{ ip_addr }}/{{ prefix_len }}
+{%- else %}
+      proto: static
+{%- endif %}
+      address: {{ pillar['subnets-inet']['core'] }}
       bypassfirewall: True
       use:
-        - network: bond0.1
+        - network: bond0.{{ vlan }}
       require:
-        - network: bond0.1
-    
-
-br-public:
-  network.managed:
-    - type: bridge
-      ports: bond0.2
-      proto: manual
-      bypassfirewall: True
-      use:
-        - network: bond0.2
-      require:
-        - network: bond0.2
+        - network: bond0.{{ vlan}}
+{%- endfor %}
     

salt/top.sls

@@ -3,3 +3,15 @@ base:
     - salt-master
     - server1-network
     - lxc-containers-1
+    - ospf
+  '*-gw':
+    - no-ssh
+    - ospf
+  'upstream*':
+    - no-ssh
+    - ospf
+    - unbound
+  'anon*':
+    - no-ssh
+    - ospf
+    - unbound

salt/unbound.sls

@@ -0,0 +1,2 @@
+unbound:
+  pkg.installed: []

subnets.md

@@ -1,9 +1,11 @@
+Machine-readable here: [salt-pillar/subnets](./salt-pillar/subnets/init.sls)
+
 ## 172.20.72.0/21
 
 * 172.20.72.0-172.20.72.63/26 CORE
 * 172.20.72.64/26 RESERVED FOR EPXANDING CORE
 * 172.20.72.128/25
-* 172.20.73.0-172.20.72.63/26 SERVERS
+* 172.20.73.0-172.20.73.63/26 SERVERS
 * 172.20.73.64/26 RESERVED FOR EXPANDING SERVERS
 * 172.20.73.128/25
 * 172.20.74.0/24: