zentralwerk/network
zentralwerk
/
network
12
4
Fork 2
Code Issues 4 Pull Requests 1 Releases Wiki Activity

replace quagga with bird

This commit is contained in:
Astro 2017-01-19 23:27:29 +01:00
parent 3fd6033ee3
commit d3783f251f
21 changed files with 140 additions and 305 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
salt-pillar/bird/bgp.sls Normal file
View File

@ -0,0 +1,19 @@
ospf:
stubnets-inet:
- 172.20.0.0/14
- 10.0.0.0/8
stubnets-inet6:
- fd00::/8
bgp:
asn: 4242421127
peers-inet:
# dn42.hq.c3d2.de
'172.22.99.253':
asn: 64699
peers-inet6:
# dn42.hq.c3d2.de
'fe80::a800:42ff:fe7a:3246%c3d2':
asn: 64699

2
salt-pillar/quagga/ospfd/init.sls → salt-pillar/bird/ospf.sls
View File

@ -1,6 +1,6 @@
#!yaml|gpg
ospf:
ospf_secret: |
secret: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf/UzB2wsDsIfUEIEx20IehQbTkw5A9gCYnuW09lvkzxlgY

17
salt-pillar/quagga/bgp.sls
View File

@ -1,17 +0,0 @@
zebra:
# dn42 routes for ospf[6] redistribute static
- ip route 172.20.0.0/14 blackhole
- ipv6 route fd00::/8 lo blackhole
ospf:
redistribute:
- static
bgp:
asn: 4242421127
peers:
'fe80::a800:42ff:fe7a:3246':
- remote-as 64699
- interface c3d2
- description dn42.hq.c3d2.de

3
salt-pillar/quagga/ospfd/gw.sls
View File

@ -1,3 +0,0 @@
ospf:
redistribute:
- connected

13
salt-pillar/top.sls
View File

@ -3,20 +3,21 @@ base:
- hosts
- subnets
- vlans
- quagga.ospfd
- bird.ospf
'priv*-gw':
- dhcp
- quagga.ospfd.gw
- bird.ospf
'pub-gw':
- dhcp
- quagga.ospfd.gw
- bird.ospf
'serv-gw':
- dhcp
- quagga.ospfd.gw
- bird.ospf
'c3d2-gw or c3d2-anon':
- quagga.ospfd.gw
- bird.ospf
'bgp':
- quagga.bgp
- bird.ospf
- bird.bgp
'anon1':
- vpn.anon1
- upstream.anon1

43
salt/bird/bird.conf Normal file
View File

@ -0,0 +1,43 @@
protocol kernel {
scan time 10;
import none;
export all;
}
protocol device {
scan time 10;
}
protocol ospf ZW4 {
area 0 {
networks {
172.20.72.0/21;
};
{%- for iface, ips in salt['grains.get']('ip_interfaces').items() %}
{%- set subnet = pillar['subnets-inet'].get(iface) %}
{%- if iface == 'core' or iface == 'br-core' %}
interface "{{ iface }}" {
authentication cryptographic;
password "{{ pillar['ospf']['secret'] }}";
};
{%- elif subnet %}
stubnet {{ subnet }} {};
{%- endif %}
{%- endfor %}
{%- if pillar['ospf'].get('stubnets-inet') %}
{%- for stubnet in pillar['ospf']['stubnets-inet'] %}
stubnet {{ stubnet }} {};
{%- endfor %}
{%- endif %}
};
}
{%- if pillar.get('bgp') %}
protocol bgp {
local as {{ pillar['bgp']['asn'] }};
import all;
{%- for host, neighbor in pillar['bgp']['peers-inet'].items() %}
neighbor {{ host }} as {{ neighbor.asn }};
{%- endfor %}
}
{%- endif %}

43
salt/bird/bird6.conf Normal file
View File

@ -0,0 +1,43 @@
router id {{ pillar['hosts-inet']['core'][salt['grains.get']('id')] }};
protocol kernel {
scan time 10;
import none;
export all;
}
protocol device {
scan time 10;
}
protocol ospf ZW6 {
area 0 {
networks {
fd23:42:c3d2:500::/56;
};
{%- for iface, ips in salt['grains.get']('ip_interfaces').items() %}
{%- set subnet = pillar['subnets-inet6'].get(iface) %}
{%- if iface == 'core' or iface == 'br-core' %}
interface "{{ iface }}" {
};
{%- elif subnet %}
stubnet {{ subnet }} {};
{%- endif %}
{%- endfor %}
{%- if pillar['ospf'].get('stubnets-inet6') %}
{%- for stubnet in pillar['ospf']['stubnets-inet6'] %}
stubnet {{ stubnet }} {};
{%- endfor %}
{%- endif %}
};
}
{%- if pillar.get('bgp') %}
protocol bgp {
local as {{ pillar['bgp']['asn'] }};
import all;
{%- for host, neighbor in pillar['bgp']['peers-inet6'].items() %}
neighbor {{ host }} as {{ neighbor.asn }};
{%- endfor %}
}
{%- endif %}

20
salt/bird/init.sls Normal file
View File

@ -0,0 +1,20 @@
bird:
pkg.installed: []
{%- for daemon in ['bird', 'bird6'] %}
/etc/bird/{{ daemon }}.conf:
file.managed:
- source: salt://bird/{{ daemon }}.conf
- template: 'jinja'
- require:
- pkg: bird
service-{{ daemon }}:
service.running:
- name: {{ daemon }}
- enable: True
- watch:
- pkg: bird
- file: /etc/bird/{{ daemon }}.conf
{%- endfor %}

21
salt/quagga/bgpd/bgpd.conf
View File

@ -1,21 +0,0 @@
log file /var/log/quagga/bgpd.log
{%- set id = salt['grains.get']('id') %}
router bgp {{ pillar['bgp']['asn'] }}
bgp router-id {{ pillar['hosts-inet']['core'][id] }}
network 172.20.72.0/21
{%- for addr, lines in pillar['bgp']['peers'].items() %}
{%- for line in lines %}
neighbor {{ addr }} {{ line }}
{%- endfor %}
{%- endfor %}
address-family ipv6
network fd23:42:c3d2:500::/56
{%- for addr, peer in pillar['bgp']['peers'].items() %}
neighbor {{ addr }} activate
neighbor {{ addr }} soft-reconfiguration inbound
{%- endfor %}

11
salt/quagga/bgpd/bgpd.service
View File

@ -1,11 +0,0 @@
[Unit]
Requires = zebra.service
After = network.target
[Service]
ExecStartPre = /bin/mkdir -p /var/run/quagga
ExecStartPre = /bin/chown -R quagga:quagga /var/run/quagga/
ExecStart = /usr/sbin/bgpd
[Install]
WantedBy = default.target

28
salt/quagga/bgpd/init.sls
View File

@ -1,28 +0,0 @@
quagga-bgpd:
pkg.installed: []
/etc/systemd/system/bgpd.service:
file.managed:
- source: salt://quagga/bgpd/bgpd.service
/etc/quagga/bgpd.conf:
file.managed:
- source: salt://quagga/bgpd/bgpd.conf
- template: 'jinja'
- require:
- pkg: quagga-bgpd
autostart-bgpd:
service.enabled:
- name: bgpd
require:
- file: /etc/systemd/system/bgpd.service
- file: /etc/quagga/bgpd.conf
start-bgpd:
service.running:
- name: bgpd
require:
- service: autostart-bgpd
watch:
- file: /etc/quagga/bgpd.conf

28
salt/quagga/ospf6d/init.sls
View File

@ -1,28 +0,0 @@
quagga-ospf6d:
pkg.installed: []
/etc/systemd/system/ospf6d.service:
file.managed:
- source: salt://quagga/ospf6d/ospf6d.service
/etc/quagga/ospf6d.conf:
file.managed:
- source: salt://quagga/ospf6d/ospf6d.conf
- template: 'jinja'
- require:
- pkg: quagga-ospf6d
autostart-ospf6d:
service.enabled:
- name: ospf6d
require:
- file: /etc/systemd/system/ospf6d.service
- file: /etc/quagga/ospf6d.conf
start-ospf6d:
service.running:
- name: ospf6d
require:
- service: autostart-ospf6d
watch:
- file: /etc/quagga/ospf6d.conf

25
salt/quagga/ospf6d/ospf6d.conf
View File

@ -1,25 +0,0 @@
log file /var/log/quagga/ospfd.log
{%- set id = salt['grains.get']('id') %}
{%- set core_ifaces = ['br-core', 'core'] %}
{%- for iface in core_ifaces %}
interface {{ iface }}
ipv6 ospf6 network broadcast
{%- endfor %}
router ospf6
router-id {{ pillar['hosts-inet']['core'][id] }}
{%- for iface in core_ifaces %}
interface {{ iface }} area 0.0.0.0
{%- endfor %}
area 0.0.0.0 range {{ pillar['subnets-inet6']['core'] }}
{%- set redistribute = pillar['ospf'].get('redistribute') %}
{%- if redistribute %}
{%- for kind in redistribute %}
redistribute {{ kind }}
{%- endfor %}
{%- endif %}

11
salt/quagga/ospf6d/ospf6d.service
View File

@ -1,11 +0,0 @@
[Unit]
Requires = zebra.service
After = network.target
[Service]
ExecStartPre = /bin/mkdir -p /var/run/quagga
ExecStartPre = /bin/chown -R quagga:quagga /var/run/quagga/
ExecStart = /usr/sbin/ospf6d
[Install]
WantedBy = default.target

28
salt/quagga/ospfd/init.sls
View File

@ -1,28 +0,0 @@
quagga-ospfd:
pkg.installed: []
/etc/systemd/system/ospfd.service:
file.managed:
- source: salt://quagga/ospfd/ospfd.service
/etc/quagga/ospfd.conf:
file.managed:
- source: salt://quagga/ospfd/ospfd.conf
- template: 'jinja'
- require:
- pkg: quagga-ospfd
autostart-ospfd:
service.enabled:
- name: ospfd
require:
- file: /etc/systemd/system/ospfd.service
- file: /etc/quagga/ospfd.conf
start-ospfd:
service.running:
- name: ospfd
require:
- service: autostart-ospfd
watch:
- file: /etc/quagga/ospfd.conf

29
salt/quagga/ospfd/ospfd.conf
View File

@ -1,29 +0,0 @@
log file /var/log/quagga/ospfd.log
{%- set id = salt['grains.get']('id') %}
{%- set core_ifaces = ['br-core', 'core'] %}
{%- for iface in core_ifaces %}
interface {{ iface }}
ip ospf network broadcast
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 {{ pillar['ospf']['ospf_secret'] }}
{%- endfor %}
router ospf
router-id {{ pillar['hosts-inet']['core'][id] }}
passive-interface default
{%- for iface in core_ifaces %}
no passive-interface {{ iface }}
{%- endfor %}
network 172.20.72.0/21 area 0
area 0 authentication message-digest
{%- set redistribute = pillar['ospf'].get('redistribute') %}
{%- if redistribute %}
{%- for kind in redistribute %}
redistribute {{ kind }}
{%- endfor %}
{%- endif %}

11
salt/quagga/ospfd/ospfd.service
View File

@ -1,11 +0,0 @@
[Unit]
Requires = zebra.service
After = network.target
[Service]
ExecStartPre = /bin/mkdir -p /var/run/quagga
ExecStartPre = /bin/chown -R quagga:quagga /var/run/quagga/
ExecStart = /usr/sbin/ospfd
[Install]
WantedBy = default.target

28
salt/quagga/zebra/init.sls
View File

@ -1,28 +0,0 @@
quagga-core:
pkg.installed: []
/etc/systemd/system/zebra.service:
file.managed:
- source: salt://quagga/zebra/zebra.service
/etc/quagga/zebra.conf:
file.managed:
- source: salt://quagga/zebra/zebra.conf
- template: 'jinja'
- require:
- pkg: quagga-core
autostart-zebra:
service.enabled:
- name: zebra
require:
- file: /etc/systemd/system/zebra.service
- file: /etc/quagga/zebra.conf
start-zebra:
service.running:
- name: zebra
require:
- service: autostart-zebra
watch:
- file: /etc/quagga/zebra.conf

26
salt/quagga/zebra/zebra.conf
View File

@ -1,26 +0,0 @@
hostname {{ salt['grains.get']('id') }}
log file /var/log/quagga/zebra.log
{%- for iface, ips in salt['grains.get']('ip_interfaces').items() %}
{%- if iface not in ['br-core', 'core', 'lo', 'c3d2'] and pillar['subnets-inet6'].get(iface) %}
{%- set subnet6 = pillar['subnets-inet6'][iface] %}
{%- set prefix6_len = subnet6.split('/')[1] %}
interface {{ iface }}
ipv6 address {{ pillar['hosts-inet6'][iface][salt['grains.get']('id')] }}/{{ prefix6_len }}
ipv6 nd prefix {{ subnet6 }}
ipv6 nd ra-interval 10
ipv6 nd ra-lifetime 60
ipv6 nd reachable-time 180
no ipv6 nd suppress-ra
{%- endif %}
{%- endfor %}
{%- set conf = pillar.get('zebra') %}
{%- if conf %}
{%- for line in conf %}
{{ line }}
{%- endfor %}
{%- endif %}
ip forwarding
ipv6 forwarding

10
salt/quagga/zebra/zebra.service
View File

@ -1,10 +0,0 @@
[Unit]
After = network.target
[Service]
ExecStartPre = /bin/mkdir -p /var/run/quagga
ExecStartPre = /bin/chown -R quagga:quagga /var/run/quagga/
ExecStart = /usr/sbin/zebra
[Install]
WantedBy = default.target

29
salt/top.sls
View File

@ -3,44 +3,31 @@ base:
- salt-master
- server1-network
- lxc-containers
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
- bird
- switches
- cpe
'priv*-gw':
- no-ssh
- forwarding
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
- bird
- dhcp
'pub-gw or serv-gw':
- no-ssh
- forwarding
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
- bird
- dhcp
'c3d2-gw or c3d2-anon':
- no-ssh
- forwarding
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
- bird
'bgp':
- no-ssh
- forwarding
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
- quagga.bgpd
- bird
'upstream*':
- no-ssh
- forwarding
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
- bird
- unbound
- upstream.dhcp
- upstream.shaping
@ -54,9 +41,7 @@ base:
'anon*':
- no-ssh
- forwarding
- quagga.zebra
- quagga.ospfd
- quagga.ospf6d
- bird
- vpn.openvpn
- upstream.masquerade
- upstream.shaping