From 1fb5f051607e151448440f5458117d57e2597f5c Mon Sep 17 00:00:00 2001 From: Astro Date: Mon, 19 Dec 2016 03:08:18 +0100 Subject: [PATCH] internal ipv6 routing --- salt-pillar/hosts/init.sls | 73 ++++++++++++++++++++++++++ salt-pillar/lxc-containers/server1.sls | 10 ++++ salt-pillar/subnets/init.sls | 22 ++++++++ salt/lxc-containers/config | 23 +++++--- salt/quagga/ospf6d/init.sls | 28 ++++++++++ salt/quagga/ospf6d/ospf6d.conf | 25 +++++++++ salt/quagga/ospf6d/ospf6d.service | 11 ++++ salt/quagga/zebra/init.sls | 28 ++++++++++ salt/top.sls | 12 +++++ 9 files changed, 226 insertions(+), 6 deletions(-) create mode 100644 salt/quagga/ospf6d/init.sls create mode 100644 salt/quagga/ospf6d/ospf6d.conf create mode 100644 salt/quagga/ospf6d/ospf6d.service create mode 100644 salt/quagga/zebra/init.sls diff --git a/salt-pillar/hosts/init.sls b/salt-pillar/hosts/init.sls index fe36b9a..b900995 100644 --- a/salt-pillar/hosts/init.sls +++ b/salt-pillar/hosts/init.sls @@ -106,3 +106,76 @@ hosts-inet: c3d2: c3d2-anon: 172.22.99.1 c3d2-gw: 172.22.99.4 + +hosts-inet6: + core: + server1: fd23:42:c3d2:581::1 + + anon1: fd23:42:c3d2:581::9:1 + serv-gw: fd23:42:c3d2:581::8:1 + pub-gw: fd23:42:c3d2:581::8:2 + c3d2-gw: fd23:42:c3d2:581::c3d2:1 + c3d2-anon: fd23:42:c3d2:581::c3d2:a + + upstream1: fd23:42:c3d2:581::b:0 + upstream2: fd23:42:c3d2:581::b:1 + upstream3: fd23:42:c3d2:581::b:2 + upstream4: fd23:42:c3d2:581::b:3 + + priv1-gw: fd23:42:c3d2:581::c:0 + priv2-gw: fd23:42:c3d2:581::c:1 + priv3-gw: fd23:42:c3d2:581::c:2 + priv4-gw: fd23:42:c3d2:581::c:3 + priv5-gw: fd23:42:c3d2:581::c:4 + priv6-gw: fd23:42:c3d2:581::c:5 + priv7-gw: fd23:42:c3d2:581::c:6 + priv8-gw: fd23:42:c3d2:581::c:7 + priv9-gw: fd23:42:c3d2:581::c:8 + priv10-gw: fd23:42:c3d2:581::c:9 + priv11-gw: fd23:42:c3d2:581::c:a + priv12-gw: fd23:42:c3d2:581::c:b + priv13-gw: fd23:42:c3d2:581::c:c + priv14-gw: fd23:42:c3d2:581::c:d + priv15-gw: fd23:42:c3d2:581::c:e + priv16-gw: fd23:42:c3d2:581::c:d + + serv: + serv-gw: fd23:42:c3d2:582::1 + pub: + pub-gw: fd23:42:c3d2:583::1 + priv1: + priv1-gw: fd23:42:c3d2:5c0::1 + priv2: + priv2-gw: fd23:42:c3d2:5c1::1 + priv3: + priv3-gw: fd23:42:c3d2:5c2::1 + priv4: + priv4-gw: fd23:42:c3d2:5c3::1 + priv5: + priv5-gw: fd23:42:c3d2:5c4::1 + priv6: + priv6-gw: fd23:42:c3d2:5c5::1 + priv7: + priv7-gw: fd23:42:c3d2:5c6::1 + priv8: + priv8-gw: fd23:42:c3d2:5c7::1 + priv9: + priv9-gw: fd23:42:c3d2:5c8::1 + priv10: + priv10-gw: fd23:42:c3d2:5c9::1 + priv11: + priv11-gw: fd23:42:c3d2:5ca::1 + priv12: + priv12-gw: fd23:42:c3d2:5cb::1 + priv13: + priv13-gw: fd23:42:c3d2:5cc::1 + priv14: + priv14-gw: fd23:42:c3d2:5cd::1 + priv15: + priv15-gw: fd23:42:c3d2:5ce::1 + priv16: + priv16-gw: fd23:42:c3d2:5cf::1 + + c3d2: + c3d2-anon: fd23:42:c3d2:523::c3d2:1 + c3d2-gw: fd23:42:c3d2:523::c3d2:4 diff --git a/salt-pillar/lxc-containers/server1.sls b/salt-pillar/lxc-containers/server1.sls index 3953d7f..daf9be3 100644 --- a/salt-pillar/lxc-containers/server1.sls +++ b/salt-pillar/lxc-containers/server1.sls @@ -4,6 +4,7 @@ containers: core: type: veth gw: anon1 + gw6: anon1 pub: type: veth @@ -20,6 +21,7 @@ containers: core: type: veth gw: anon1 + gw6: anon1 priv1: type: phys @@ -28,6 +30,7 @@ containers: core: type: veth gw: upstream2 + gw6: upstream2 priv2: type: phys @@ -36,6 +39,7 @@ containers: core: type: veth gw: anon1 + gw6: anon1 priv3: type: phys @@ -44,6 +48,7 @@ containers: core: type: veth gw: anon1 + gw6: anon1 priv4: type: phys @@ -52,6 +57,7 @@ containers: core: type: veth gw: anon1 + gw6: anon1 priv5: type: phys @@ -60,6 +66,7 @@ containers: core: type: veth gw: anon1 + gw6: anon1 priv6: type: phys @@ -68,6 +75,7 @@ containers: core: type: veth gw: anon1 + gw6: anon1 priv7: type: phys @@ -76,6 +84,7 @@ containers: core: type: veth gw: anon1 + gw6: anon1 priv8: type: phys @@ -114,5 +123,6 @@ containers: core: type: veth gw: anon1 + gw6: anon1 c3d2: type: veth diff --git a/salt-pillar/subnets/init.sls b/salt-pillar/subnets/init.sls index 0eb407b..a9981d3 100644 --- a/salt-pillar/subnets/init.sls +++ b/salt-pillar/subnets/init.sls @@ -20,3 +20,25 @@ subnets-inet: priv16: 172.20.75.224/28 c3d2: 172.22.99.0/24 mgmt: 10.0.0.0/24 + +subnets-inet6: + core: fd23:42:c3d2:581::/64 + serv: fd23:42:c3d2:582::/64 + pub: fd23:42:c3d2:583::/64 + priv1: fd23:42:c3d2:5c0::/64 + priv2: fd23:42:c3d2:5c1::/64 + priv3: fd23:42:c3d2:5c2::/64 + priv4: fd23:42:c3d2:5c3::/64 + priv5: fd23:42:c3d2:5c4::/64 + priv6: fd23:42:c3d2:5c5::/64 + priv7: fd23:42:c3d2:5c6::/64 + priv8: fd23:42:c3d2:5c7::/64 + priv9: fd23:42:c3d2:5c8::/64 + priv10: fd23:42:c3d2:5c9::/64 + priv11: fd23:42:c3d2:5ca::/64 + priv12: fd23:42:c3d2:5cb::/64 + priv13: fd23:42:c3d2:5cc::/64 + priv14: fd23:42:c3d2:5cd::/64 + priv15: fd23:42:c3d2:5ce::/64 + priv16: fd23:42:c3d2:5cf::/64 + c3d2: fd23:42:c3d2:523::/64 diff --git a/salt/lxc-containers/config b/salt/lxc-containers/config index 36e1a49..4309f90 100644 --- a/salt/lxc-containers/config +++ b/salt/lxc-containers/config @@ -22,24 +22,35 @@ lxc.network.hwaddr={{ hwaddr_prefix }}:{{ n.__str__().rjust(2, '0') }} {%- if conf['type'] == 'veth' %} lxc.network.veth.pair={{ id }}-{{ net }} {%- endif %} + {%- set hosts = pillar['hosts-inet'].get(net) %} {%- set inet_addr = hosts and hosts.get(id) %} {%- if inet_addr %} {%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %} lxc.network.ipv4={{ inet_addr }}/{{ prefix_len }} {%- endif %} +{%- set gw = conf.get('gw') %} +{%- if gw %} +lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }} +{%- endif %} + +{%- set hosts6 = pillar['hosts-inet6'].get(net) %} +{%- set inet6_addr = hosts6 and hosts6.get(id) %} +{%- if inet6_addr %} +{%- set prefix6_len = pillar['subnets-inet6'][net].split('/')[1] %} +lxc.network.ipv6={{ inet6_addr }}/{{ prefix6_len }} +{%- endif %} +{%- set gw6 = conf.get('gw6') %} +{%- if gw6 %} +lxc.network.ipv6.gateway={{ pillar['hosts-inet6'][net][gw] }} +{%- endif %} + {%- if conf['type'] == 'veth' %} lxc.network.link=br-{{ net }} {%- elif conf['type'] == 'phys' %} lxc.network.link=bond0.{{ pillar['vlans'].get(net) }} {%- endif %} lxc.network.name={{ net }} -{%- set gw = conf.get('gw') %} -{%- if gw %} -lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }} -{%- endif %} -#lxc.network.ipv6= -#lxc.network.ipv6.gateway=fe80::1 {%- set n = n + 1 %} {%- endfor %} diff --git a/salt/quagga/ospf6d/init.sls b/salt/quagga/ospf6d/init.sls new file mode 100644 index 000000000..abd9010 --- /dev/null +++ b/salt/quagga/ospf6d/init.sls @@ -0,0 +1,28 @@ +quagga: + pkg.installed: [] + +/etc/systemd/system/ospf6d.service: + file.managed: + - source: salt://quagga/ospf6d/ospf6d.service + +/etc/quagga/ospf6d.conf: + file.managed: + - source: salt://quagga/ospf6d/ospf6d.conf + - template: 'jinja' + - require: + - pkg: quagga + +autostart-ospf6d: + service.enabled: + - name: ospf6d + require: + - file: /etc/systemd/system/ospf6d.service + - file: /etc/quagga/ospf6d.conf + +start-ospf6d: + service.running: + - name: ospf6d + require: + - service: autostart-ospf6d + watch: + - file: /etc/quagga/ospf6d.conf diff --git a/salt/quagga/ospf6d/ospf6d.conf b/salt/quagga/ospf6d/ospf6d.conf new file mode 100644 index 000000000..1ba6106 --- /dev/null +++ b/salt/quagga/ospf6d/ospf6d.conf @@ -0,0 +1,25 @@ +log file /var/log/quagga/ospfd.log + +{%- set id = salt['grains.get']('id') %} +{%- set core_ifaces = ['br-core', 'core'] %} + +{%- for iface in core_ifaces %} +interface {{ iface }} + ipv6 ospf6 network broadcast + +{%- endfor %} + +router ospf6 + router-id {{ pillar['hosts-inet']['core'][id] }} + +{%- for iface in core_ifaces %} + interface {{ iface }} area 0.0.0.0 +{%- endfor %} + area 0.0.0.0 range {{ pillar['subnets-inet6']['core'] }} + +{%- set redistribute = pillar['ospf'].get('redistribute') %} +{%- if redistribute %} +{%- for kind in redistribute %} + redistribute {{ kind }} +{%- endfor %} +{%- endif %} diff --git a/salt/quagga/ospf6d/ospf6d.service b/salt/quagga/ospf6d/ospf6d.service new file mode 100644 index 000000000..6304684 --- /dev/null +++ b/salt/quagga/ospf6d/ospf6d.service @@ -0,0 +1,11 @@ +[Unit] +Requires = zebra.service +After = network.target + +[Service] +ExecStartPre = /bin/mkdir -p /var/run/quagga +ExecStartPre = /bin/chown -R quagga:quagga /var/run/quagga/ +ExecStart = /usr/lib/quagga/ospf6d + +[Install] +WantedBy = default.target diff --git a/salt/quagga/zebra/init.sls b/salt/quagga/zebra/init.sls new file mode 100644 index 000000000..8d2c908 --- /dev/null +++ b/salt/quagga/zebra/init.sls @@ -0,0 +1,28 @@ +quagga: + pkg.installed: [] + +/etc/systemd/system/zebra.service: + file.managed: + - source: salt://quagga/zebra/zebra.service + +/etc/quagga/zebra.conf: + file.managed: + - source: salt://quagga/zebra/zebra.conf + - template: 'jinja' + - require: + - pkg: quagga + +autostart-zebra: + service.enabled: + - name: zebra + require: + - file: /etc/systemd/system/zebra.service + - file: /etc/quagga/zebra.conf + +start-zebra: + service.running: + - name: zebra + require: + - service: autostart-zebra + watch: + - file: /etc/quagga/zebra.conf diff --git a/salt/top.sls b/salt/top.sls index 91b00a6..d7bd930 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -5,6 +5,7 @@ base: - lxc-containers - quagga.zebra - quagga.ospfd + - quagga.ospf6d - switches - cpe 'priv*-gw': @@ -12,17 +13,27 @@ base: - forwarding - quagga.zebra - quagga.ospfd + - quagga.ospf6d + - dhcp + 'pub-gw or serv-gw': + - no-ssh + - forwarding + - quagga.zebra + - quagga.ospfd + - quagga.ospf6d - dhcp 'c3d2-gw or c3d2-anon': - no-ssh - forwarding - quagga.zebra - quagga.ospfd + - quagga.ospf6d 'upstream*': - no-ssh - forwarding - quagga.zebra - quagga.ospfd + - quagga.ospf6d - unbound - upstream.dhcp - upstream.shaping @@ -38,6 +49,7 @@ base: - forwarding - quagga.zebra - quagga.ospfd + - quagga.ospf6d - vpn.openvpn - upstream.masquerade - upstream.shaping