diff --git a/salt-pillar/bird/bgp.sls b/salt-pillar/bird/bgp.sls new file mode 100644 index 000000000..eb0cd36 --- /dev/null +++ b/salt-pillar/bird/bgp.sls @@ -0,0 +1,19 @@ +ospf: + stubnets-inet: + - 172.20.0.0/14 + - 10.0.0.0/8 + stubnets-inet6: + - fd00::/8 + +bgp: + asn: 4242421127 + + peers-inet: + # dn42.hq.c3d2.de + '172.22.99.253': + asn: 64699 + + peers-inet6: + # dn42.hq.c3d2.de + 'fe80::a800:42ff:fe7a:3246%c3d2': + asn: 64699 diff --git a/salt-pillar/quagga/ospfd/init.sls b/salt-pillar/bird/ospf.sls similarity index 97% rename from salt-pillar/quagga/ospfd/init.sls rename to salt-pillar/bird/ospf.sls index 16bf338..d7690be 100644 --- a/salt-pillar/quagga/ospfd/init.sls +++ b/salt-pillar/bird/ospf.sls @@ -1,6 +1,6 @@ #!yaml|gpg ospf: - ospf_secret: | + secret: | -----BEGIN PGP MESSAGE----- hQEMA2PKcvDMvlKLAQf/UzB2wsDsIfUEIEx20IehQbTkw5A9gCYnuW09lvkzxlgY diff --git a/salt-pillar/quagga/bgp.sls b/salt-pillar/quagga/bgp.sls deleted file mode 100644 index 6f2c733..000000000 --- a/salt-pillar/quagga/bgp.sls +++ /dev/null @@ -1,17 +0,0 @@ -zebra: - # dn42 routes for ospf[6] redistribute static - - ip route 172.20.0.0/14 blackhole - - ipv6 route fd00::/8 lo blackhole - -ospf: - redistribute: - - static - -bgp: - asn: 4242421127 - - peers: - 'fe80::a800:42ff:fe7a:3246': - - remote-as 64699 - - interface c3d2 - - description dn42.hq.c3d2.de diff --git a/salt-pillar/quagga/ospfd/gw.sls b/salt-pillar/quagga/ospfd/gw.sls deleted file mode 100644 index 63949d4..000000000 --- a/salt-pillar/quagga/ospfd/gw.sls +++ /dev/null @@ -1,3 +0,0 @@ -ospf: - redistribute: - - connected diff --git a/salt-pillar/top.sls b/salt-pillar/top.sls index a50b87a..79719cd 100644 --- a/salt-pillar/top.sls +++ b/salt-pillar/top.sls @@ -3,20 +3,21 @@ base: - hosts - subnets - vlans - - quagga.ospfd + - bird.ospf 'priv*-gw': - dhcp - - quagga.ospfd.gw + - bird.ospf 'pub-gw': - dhcp - - quagga.ospfd.gw + - bird.ospf 'serv-gw': - dhcp - - quagga.ospfd.gw + - bird.ospf 'c3d2-gw or c3d2-anon': - - quagga.ospfd.gw + - bird.ospf 'bgp': - - quagga.bgp + - bird.ospf + - bird.bgp 'anon1': - vpn.anon1 - upstream.anon1 diff --git a/salt/bird/bird.conf b/salt/bird/bird.conf new file mode 100644 index 000000000..aefc8ac --- /dev/null +++ b/salt/bird/bird.conf @@ -0,0 +1,43 @@ +protocol kernel { + scan time 10; + import none; + export all; +} + +protocol device { + scan time 10; +} + +protocol ospf ZW4 { + area 0 { + networks { + 172.20.72.0/21; + }; +{%- for iface, ips in salt['grains.get']('ip_interfaces').items() %} +{%- set subnet = pillar['subnets-inet'].get(iface) %} +{%- if iface == 'core' or iface == 'br-core' %} + interface "{{ iface }}" { + authentication cryptographic; + password "{{ pillar['ospf']['secret'] }}"; + }; +{%- elif subnet %} + stubnet {{ subnet }} {}; +{%- endif %} +{%- endfor %} +{%- if pillar['ospf'].get('stubnets-inet') %} +{%- for stubnet in pillar['ospf']['stubnets-inet'] %} + stubnet {{ stubnet }} {}; +{%- endfor %} +{%- endif %} + }; +} + +{%- if pillar.get('bgp') %} +protocol bgp { + local as {{ pillar['bgp']['asn'] }}; + import all; +{%- for host, neighbor in pillar['bgp']['peers-inet'].items() %} + neighbor {{ host }} as {{ neighbor.asn }}; +{%- endfor %} +} +{%- endif %} diff --git a/salt/bird/bird6.conf b/salt/bird/bird6.conf new file mode 100644 index 000000000..1605900 --- /dev/null +++ b/salt/bird/bird6.conf @@ -0,0 +1,43 @@ +router id {{ pillar['hosts-inet']['core'][salt['grains.get']('id')] }}; + +protocol kernel { + scan time 10; + import none; + export all; +} + +protocol device { + scan time 10; +} + +protocol ospf ZW6 { + area 0 { + networks { + fd23:42:c3d2:500::/56; + }; +{%- for iface, ips in salt['grains.get']('ip_interfaces').items() %} +{%- set subnet = pillar['subnets-inet6'].get(iface) %} +{%- if iface == 'core' or iface == 'br-core' %} + interface "{{ iface }}" { + }; +{%- elif subnet %} + stubnet {{ subnet }} {}; +{%- endif %} +{%- endfor %} +{%- if pillar['ospf'].get('stubnets-inet6') %} +{%- for stubnet in pillar['ospf']['stubnets-inet6'] %} + stubnet {{ stubnet }} {}; +{%- endfor %} +{%- endif %} + }; +} + +{%- if pillar.get('bgp') %} +protocol bgp { + local as {{ pillar['bgp']['asn'] }}; + import all; +{%- for host, neighbor in pillar['bgp']['peers-inet6'].items() %} + neighbor {{ host }} as {{ neighbor.asn }}; +{%- endfor %} +} +{%- endif %} \ No newline at end of file diff --git a/salt/bird/init.sls b/salt/bird/init.sls new file mode 100644 index 000000000..4919ac0 --- /dev/null +++ b/salt/bird/init.sls @@ -0,0 +1,20 @@ +bird: + pkg.installed: [] + +{%- for daemon in ['bird', 'bird6'] %} +/etc/bird/{{ daemon }}.conf: + file.managed: + - source: salt://bird/{{ daemon }}.conf + - template: 'jinja' + - require: + - pkg: bird + +service-{{ daemon }}: + service.running: + - name: {{ daemon }} + - enable: True + - watch: + - pkg: bird + - file: /etc/bird/{{ daemon }}.conf + +{%- endfor %} diff --git a/salt/quagga/bgpd/bgpd.conf b/salt/quagga/bgpd/bgpd.conf deleted file mode 100644 index 4e4b920..000000000 --- a/salt/quagga/bgpd/bgpd.conf +++ /dev/null @@ -1,21 +0,0 @@ -log file /var/log/quagga/bgpd.log - -{%- set id = salt['grains.get']('id') %} - -router bgp {{ pillar['bgp']['asn'] }} - bgp router-id {{ pillar['hosts-inet']['core'][id] }} - - network 172.20.72.0/21 - -{%- for addr, lines in pillar['bgp']['peers'].items() %} -{%- for line in lines %} - neighbor {{ addr }} {{ line }} -{%- endfor %} -{%- endfor %} - - address-family ipv6 - network fd23:42:c3d2:500::/56 -{%- for addr, peer in pillar['bgp']['peers'].items() %} - neighbor {{ addr }} activate - neighbor {{ addr }} soft-reconfiguration inbound -{%- endfor %} diff --git a/salt/quagga/bgpd/bgpd.service b/salt/quagga/bgpd/bgpd.service deleted file mode 100644 index c822aea..000000000 --- a/salt/quagga/bgpd/bgpd.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Requires = zebra.service -After = network.target - -[Service] -ExecStartPre = /bin/mkdir -p /var/run/quagga -ExecStartPre = /bin/chown -R quagga:quagga /var/run/quagga/ -ExecStart = /usr/sbin/bgpd - -[Install] -WantedBy = default.target diff --git a/salt/quagga/bgpd/init.sls b/salt/quagga/bgpd/init.sls deleted file mode 100644 index fdc3c1b..000000000 --- a/salt/quagga/bgpd/init.sls +++ /dev/null @@ -1,28 +0,0 @@ -quagga-bgpd: - pkg.installed: [] - -/etc/systemd/system/bgpd.service: - file.managed: - - source: salt://quagga/bgpd/bgpd.service - -/etc/quagga/bgpd.conf: - file.managed: - - source: salt://quagga/bgpd/bgpd.conf - - template: 'jinja' - - require: - - pkg: quagga-bgpd - -autostart-bgpd: - service.enabled: - - name: bgpd - require: - - file: /etc/systemd/system/bgpd.service - - file: /etc/quagga/bgpd.conf - -start-bgpd: - service.running: - - name: bgpd - require: - - service: autostart-bgpd - watch: - - file: /etc/quagga/bgpd.conf diff --git a/salt/quagga/ospf6d/init.sls b/salt/quagga/ospf6d/init.sls deleted file mode 100644 index a4d19b7..000000000 --- a/salt/quagga/ospf6d/init.sls +++ /dev/null @@ -1,28 +0,0 @@ -quagga-ospf6d: - pkg.installed: [] - -/etc/systemd/system/ospf6d.service: - file.managed: - - source: salt://quagga/ospf6d/ospf6d.service - -/etc/quagga/ospf6d.conf: - file.managed: - - source: salt://quagga/ospf6d/ospf6d.conf - - template: 'jinja' - - require: - - pkg: quagga-ospf6d - -autostart-ospf6d: - service.enabled: - - name: ospf6d - require: - - file: /etc/systemd/system/ospf6d.service - - file: /etc/quagga/ospf6d.conf - -start-ospf6d: - service.running: - - name: ospf6d - require: - - service: autostart-ospf6d - watch: - - file: /etc/quagga/ospf6d.conf diff --git a/salt/quagga/ospf6d/ospf6d.conf b/salt/quagga/ospf6d/ospf6d.conf deleted file mode 100644 index 1ba6106..000000000 --- a/salt/quagga/ospf6d/ospf6d.conf +++ /dev/null @@ -1,25 +0,0 @@ -log file /var/log/quagga/ospfd.log - -{%- set id = salt['grains.get']('id') %} -{%- set core_ifaces = ['br-core', 'core'] %} - -{%- for iface in core_ifaces %} -interface {{ iface }} - ipv6 ospf6 network broadcast - -{%- endfor %} - -router ospf6 - router-id {{ pillar['hosts-inet']['core'][id] }} - -{%- for iface in core_ifaces %} - interface {{ iface }} area 0.0.0.0 -{%- endfor %} - area 0.0.0.0 range {{ pillar['subnets-inet6']['core'] }} - -{%- set redistribute = pillar['ospf'].get('redistribute') %} -{%- if redistribute %} -{%- for kind in redistribute %} - redistribute {{ kind }} -{%- endfor %} -{%- endif %} diff --git a/salt/quagga/ospf6d/ospf6d.service b/salt/quagga/ospf6d/ospf6d.service deleted file mode 100644 index 846522f..000000000 --- a/salt/quagga/ospf6d/ospf6d.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Requires = zebra.service -After = network.target - -[Service] -ExecStartPre = /bin/mkdir -p /var/run/quagga -ExecStartPre = /bin/chown -R quagga:quagga /var/run/quagga/ -ExecStart = /usr/sbin/ospf6d - -[Install] -WantedBy = default.target diff --git a/salt/quagga/ospfd/init.sls b/salt/quagga/ospfd/init.sls deleted file mode 100644 index ef7194c..000000000 --- a/salt/quagga/ospfd/init.sls +++ /dev/null @@ -1,28 +0,0 @@ -quagga-ospfd: - pkg.installed: [] - -/etc/systemd/system/ospfd.service: - file.managed: - - source: salt://quagga/ospfd/ospfd.service - -/etc/quagga/ospfd.conf: - file.managed: - - source: salt://quagga/ospfd/ospfd.conf - - template: 'jinja' - - require: - - pkg: quagga-ospfd - -autostart-ospfd: - service.enabled: - - name: ospfd - require: - - file: /etc/systemd/system/ospfd.service - - file: /etc/quagga/ospfd.conf - -start-ospfd: - service.running: - - name: ospfd - require: - - service: autostart-ospfd - watch: - - file: /etc/quagga/ospfd.conf diff --git a/salt/quagga/ospfd/ospfd.conf b/salt/quagga/ospfd/ospfd.conf deleted file mode 100644 index 9cbd2cb..000000000 --- a/salt/quagga/ospfd/ospfd.conf +++ /dev/null @@ -1,29 +0,0 @@ -log file /var/log/quagga/ospfd.log - -{%- set id = salt['grains.get']('id') %} -{%- set core_ifaces = ['br-core', 'core'] %} - -{%- for iface in core_ifaces %} -interface {{ iface }} - ip ospf network broadcast - ip ospf authentication message-digest - ip ospf message-digest-key 1 md5 {{ pillar['ospf']['ospf_secret'] }} - -{%- endfor %} - -router ospf - router-id {{ pillar['hosts-inet']['core'][id] }} - - passive-interface default -{%- for iface in core_ifaces %} - no passive-interface {{ iface }} -{%- endfor %} - - network 172.20.72.0/21 area 0 - area 0 authentication message-digest -{%- set redistribute = pillar['ospf'].get('redistribute') %} -{%- if redistribute %} -{%- for kind in redistribute %} - redistribute {{ kind }} -{%- endfor %} -{%- endif %} diff --git a/salt/quagga/ospfd/ospfd.service b/salt/quagga/ospfd/ospfd.service deleted file mode 100644 index 62d4df4..000000000 --- a/salt/quagga/ospfd/ospfd.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Requires = zebra.service -After = network.target - -[Service] -ExecStartPre = /bin/mkdir -p /var/run/quagga -ExecStartPre = /bin/chown -R quagga:quagga /var/run/quagga/ -ExecStart = /usr/sbin/ospfd - -[Install] -WantedBy = default.target diff --git a/salt/quagga/zebra/init.sls b/salt/quagga/zebra/init.sls deleted file mode 100644 index 7c50195..000000000 --- a/salt/quagga/zebra/init.sls +++ /dev/null @@ -1,28 +0,0 @@ -quagga-core: - pkg.installed: [] - -/etc/systemd/system/zebra.service: - file.managed: - - source: salt://quagga/zebra/zebra.service - -/etc/quagga/zebra.conf: - file.managed: - - source: salt://quagga/zebra/zebra.conf - - template: 'jinja' - - require: - - pkg: quagga-core - -autostart-zebra: - service.enabled: - - name: zebra - require: - - file: /etc/systemd/system/zebra.service - - file: /etc/quagga/zebra.conf - -start-zebra: - service.running: - - name: zebra - require: - - service: autostart-zebra - watch: - - file: /etc/quagga/zebra.conf diff --git a/salt/quagga/zebra/zebra.conf b/salt/quagga/zebra/zebra.conf deleted file mode 100644 index b43c62f..000000000 --- a/salt/quagga/zebra/zebra.conf +++ /dev/null @@ -1,26 +0,0 @@ -hostname {{ salt['grains.get']('id') }} -log file /var/log/quagga/zebra.log - -{%- for iface, ips in salt['grains.get']('ip_interfaces').items() %} -{%- if iface not in ['br-core', 'core', 'lo', 'c3d2'] and pillar['subnets-inet6'].get(iface) %} -{%- set subnet6 = pillar['subnets-inet6'][iface] %} -{%- set prefix6_len = subnet6.split('/')[1] %} -interface {{ iface }} - ipv6 address {{ pillar['hosts-inet6'][iface][salt['grains.get']('id')] }}/{{ prefix6_len }} - ipv6 nd prefix {{ subnet6 }} - ipv6 nd ra-interval 10 - ipv6 nd ra-lifetime 60 - ipv6 nd reachable-time 180 - no ipv6 nd suppress-ra -{%- endif %} -{%- endfor %} - -{%- set conf = pillar.get('zebra') %} -{%- if conf %} -{%- for line in conf %} - {{ line }} -{%- endfor %} -{%- endif %} - -ip forwarding -ipv6 forwarding diff --git a/salt/quagga/zebra/zebra.service b/salt/quagga/zebra/zebra.service deleted file mode 100644 index 6b66ef9..000000000 --- a/salt/quagga/zebra/zebra.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -After = network.target - -[Service] -ExecStartPre = /bin/mkdir -p /var/run/quagga -ExecStartPre = /bin/chown -R quagga:quagga /var/run/quagga/ -ExecStart = /usr/sbin/zebra - -[Install] -WantedBy = default.target diff --git a/salt/top.sls b/salt/top.sls index 242ab55..488d264 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -3,44 +3,31 @@ base: - salt-master - server1-network - lxc-containers - - quagga.zebra - - quagga.ospfd - - quagga.ospf6d + - bird - switches - cpe 'priv*-gw': - no-ssh - forwarding - - quagga.zebra - - quagga.ospfd - - quagga.ospf6d + - bird - dhcp 'pub-gw or serv-gw': - no-ssh - forwarding - - quagga.zebra - - quagga.ospfd - - quagga.ospf6d + - bird - dhcp 'c3d2-gw or c3d2-anon': - no-ssh - forwarding - - quagga.zebra - - quagga.ospfd - - quagga.ospf6d + - bird 'bgp': - no-ssh - forwarding - - quagga.zebra - - quagga.ospfd - - quagga.ospf6d - - quagga.bgpd + - bird 'upstream*': - no-ssh - forwarding - - quagga.zebra - - quagga.ospfd - - quagga.ospf6d + - bird - unbound - upstream.dhcp - upstream.shaping @@ -54,9 +41,7 @@ base: 'anon*': - no-ssh - forwarding - - quagga.zebra - - quagga.ospfd - - quagga.ospf6d + - bird - vpn.openvpn - upstream.masquerade - upstream.shaping