From fec671f0935e2c50c001c04d1c2b423dbab9c59b Mon Sep 17 00:00:00 2001 From: Astro Date: Mon, 27 Jun 2022 01:04:44 +0200 Subject: [PATCH] switch-b3: replace switch-b1/b2 --- config/net/mgmt.nix | 1 + config/switch.nix | 151 ++++++++++++-------------- nix/pkgs/switches/junos.nix | 128 ++++++++++++++++++++++ nix/pkgs/switches/linksys-srw2048.nix | 1 - 4 files changed, 199 insertions(+), 82 deletions(-) create mode 100644 nix/pkgs/switches/junos.nix diff --git a/config/net/mgmt.nix b/config/net/mgmt.nix index b263286..cd764f7 100644 --- a/config/net/mgmt.nix +++ b/config/net/mgmt.nix @@ -95,6 +95,7 @@ switch-c3d2-main = "10.0.0.14"; switch-d1 = "10.0.0.13"; switch-dach = "10.0.0.17"; + switch-b3 = "10.0.0.18"; }; hosts6 = { dn42 = { diff --git a/config/switch.nix b/config/switch.nix index 65a6d7a..3cd251d 100644 --- a/config/switch.nix +++ b/config/switch.nix @@ -33,9 +33,9 @@ }; }; - switch-b1 = { + switch-b3 = { role = "switch"; - model = "linksys-srw2048"; + model = "junos"; location = "Haus B Souterrain"; interfaces = { mgmt.type = "phys"; }; @@ -45,133 +45,122 @@ # Ports 21-24 unten seitlich (optional optisch) # Port 7 geht aktuell nach Turm C Erdgeschoss und dadurch zur Ecce links = { - ap23.ports = [ "g10" ]; - ap8.ports = [ "g16" ]; - c3d2.ports = [ - # Leon's NAS - "g23" - ]; - iso1.ports = [ "g2" ]; - iso2.ports = [ "g3" ]; - iso3.ports = [ "g4" ]; - mgmt.ports = [ "g1" ]; + ap23.ports = [ "ge-0/0/10" ]; + ap8.ports = [ "ge-0/0/16" ]; + iso1.ports = [ "ge-0/0/2" ]; + iso2.ports = [ "ge-0/0/3" ]; + iso3.ports = [ "ge-0/0/4" ]; serv.ports = [ - "g22" + "ge-0/0/22" ]; # server1 had g46,g47,g48 too but this switch has too few # port-channel groups - server1.ports = [ "g24" ]; + server1.ports = [ "ge-0/0/24" ]; server2 = { group = "1"; - ports = [ "g12" "g38" "g39" "g40" ]; + ports = [ "ge-0/0/12" "ge-0/0/38" "ge-0/0/39" "ge-0/0/40" ]; }; server5 = { group = "6"; - ports = [ "g17" "g18" "g19" "g20" ]; + ports = [ "ge-0/0/17" "ge-0/0/18" "ge-0/0/19" "ge-0/0/20" ]; }; server6 = { group = "8"; - ports = [ "g5" "g6" "g7" "g8" ]; + ports = [ "ge-0/0/5" "ge-0/0/6" "ge-0/0/7" "ge-0/0/8" ]; }; hydra = { group = "7"; trunk = false; - ports = [ "g9" "g11" "g14" "g15" ]; + ports = [ "ge-0/0/9" "ge-0/0/11" "ge-0/0/14" "ge-0/0/15" ]; }; server10 = { group = "5"; - ports = [ "g13" "g35" "g36" "g37" ]; + ports = [ "ge-0/0/13" "ge-0/0/35" "ge-0/0/36" "ge-0/0/37" ]; }; switch-b2 = { group = "3"; - ports = [ "g25" "g26" "g27" "g28" ]; + ports = [ "ge-0/0/25" "ge-0/0/26" "ge-0/0/27" "ge-0/0/28" ]; }; switch-c1 = { group = "2"; - ports = [ "g29" "g30" "g31" "g32" ]; + ports = [ "ge-0/0/29" "ge-0/0/30" "ge-0/0/31" "ge-0/0/32" ]; }; switch-c3d2-main = { group = "4"; - ports = [ "g41" "g42" "g43" "g44" ]; + ports = [ "ge-0/0/41" "ge-0/0/42" "ge-0/0/43" "ge-0/0/44" ]; }; - switch-d1.ports = [ "g34" ]; - }; - }; - switch-b2 = { - role = "switch"; - model = "3com-4200G"; - location = "Haus B Souterrain"; - interfaces = { mgmt.type = "phys"; }; + switch-d1.ports = [ "ge-0/0/34" ]; - links = { - ap1.ports = [ "GigabitEthernet 1/0/8" ]; - ap11.ports = [ "GigabitEthernet 1/0/10" ]; - ap15.ports = [ "GigabitEthernet 1/0/12" ]; - ap18.ports = [ "GigabitEthernet 1/0/18" ]; - ap24.ports = [ "GigabitEthernet 1/0/34" ]; - ap25.ports = [ "GigabitEthernet 1/0/35" ]; - ap29.ports = [ "GigabitEthernet 1/0/36" ]; - ap30.ports = [ "GigabitEthernet 1/0/22" ]; - ap35.ports = [ "GigabitEthernet 1/0/23" ]; - ap37.ports = [ "GigabitEthernet 1/0/39" ]; - ap39.ports = [ "GigabitEthernet 1/0/17" ]; - ap40.ports = [ "GigabitEthernet 1/0/21" ]; - ap41.ports = [ "GigabitEthernet 1/0/37" ]; - ap42.ports = [ "GigabitEthernet 1/0/6" ]; - ap5.ports = [ "GigabitEthernet 1/0/7" ]; - ap51.ports = [ "GigabitEthernet 1/0/13" ]; - ap53.ports = [ "GigabitEthernet 1/0/15" ]; - ap54.ports = [ "GigabitEthernet 1/0/38" ]; - ap55.ports = [ "GigabitEthernet 1/0/19" ]; - ap56.ports = [ "GigabitEthernet 1/0/9" ]; - ap60.ports = [ "GigabitEthernet 1/0/20" ]; + ap1.ports = [ "ge-1/0/8" ]; + ap11.ports = [ "ge-1/0/10" ]; + ap15.ports = [ "ge-1/0/12" ]; + ap18.ports = [ "ge-1/0/18" ]; + ap24.ports = [ "ge-1/0/34" ]; + ap25.ports = [ "ge-1/0/35" ]; + ap29.ports = [ "ge-1/0/36" ]; + ap30.ports = [ "ge-1/0/22" ]; + ap35.ports = [ "ge-1/0/23" ]; + ap37.ports = [ "ge-1/0/39" ]; + ap39.ports = [ "ge-1/0/17" ]; + ap40.ports = [ "ge-1/0/21" ]; + ap41.ports = [ "ge-1/0/37" ]; + ap42.ports = [ "ge-1/0/6" ]; + ap5.ports = [ "ge-1/0/7" ]; + ap51.ports = [ "ge-1/0/13" ]; + ap53.ports = [ "ge-1/0/15" ]; + ap54.ports = [ "ge-1/0/38" ]; + ap55.ports = [ "ge-1/0/19" ]; + ap56.ports = [ "ge-1/0/9" ]; + ap60.ports = [ "ge-1/0/20" ]; mgmt.ports = [ - "GigabitEthernet 1/0/1" + "ge-0/0/0" + "ge-1/0/0" + "ge-0/0/1" + "ge-1/0/1" # server3 - "GigabitEthernet 1/0/41" + "ge-1/0/41" # server1 - "GigabitEthernet 1/0/42" - "GigabitEthernet 1/0/43" - "GigabitEthernet 1/0/44" + "ge-1/0/42" + "ge-1/0/43" + "ge-1/0/44" # server6 - "GigabitEthernet 1/0/45" + "ge-1/0/45" # server7 - "GigabitEthernet 1/0/46" + "ge-1/0/46" # server8 - "GigabitEthernet 1/0/47" + "ge-1/0/47" # server9 - "GigabitEthernet 1/0/48" + "ge-1/0/48" ]; - priv1.ports = [ "GigabitEthernet 1/0/3" ]; - priv19.ports = [ "GigabitEthernet 1/0/40" ]; - priv2.ports = [ "GigabitEthernet 1/0/4" ]; - priv24.ports = [ "GigabitEthernet 1/0/14" "GigabitEthernet 1/0/16" ]; - priv3.ports = [ "GigabitEthernet 1/0/5" ]; + priv1.ports = [ "ge-1/0/3" ]; + priv19.ports = [ "ge-1/0/40" ]; + priv2.ports = [ "ge-1/0/4" ]; + priv24.ports = [ "ge-1/0/14" "ge-1/0/16" ]; + priv3.ports = [ "ge-1/0/5" ]; pub.ports = [ - "GigabitEthernet 1/0/11" - "GigabitEthernet 1/0/24" + "ge-1/0/11" + "ge-1/0/24" ]; server3 = { - group = "1"; - ports = [ "GigabitEthernet1/0/30" "GigabitEthernet1/0/31" ]; + group = "9"; + ports = [ "ge-1/0/30" "ge-1/0/31" ]; }; server9 = { - group = "3"; + group = "10"; ports = [ - "GigabitEthernet1/0/2" - "GigabitEthernet1/0/29" - "GigabitEthernet1/0/32" - "GigabitEthernet1/0/33" + "ge-1/0/2" + "ge-1/0/29" + "ge-1/0/32" + "ge-1/0/33" ]; }; switch-b1 = { - group = "2"; + group = "11"; ports = [ - "TenGigabitEthernet 1/1/1" - "GigabitEthernet 1/0/25" - "GigabitEthernet 1/0/26" - "GigabitEthernet 1/0/27" - "GigabitEthernet 1/0/28" + "ge-1/0/25" + "ge-1/0/26" + "ge-1/0/27" + "ge-1/0/28" ]; }; }; diff --git a/nix/pkgs/switches/junos.nix b/nix/pkgs/switches/junos.nix new file mode 100644 index 000000000..eefedde --- /dev/null +++ b/nix/pkgs/switches/junos.nix @@ -0,0 +1,128 @@ +{ pkgs, hostName, config, hostConfig +, sortBy, sortNetsByVlan +, ... }: +with pkgs; +with lib; +let + configFile = builtins.toFile "junos.config" '' + system { + host-name ${hostName}; + time-zone Europe/Berlin; + root-authentication { + encrypted-password "$5$EBmFELmv$kQxtWwS0SBS.TqVPRvs8sKpH./l9DTtTxX/I2FJB2n2"; ## SECRET-DATA + } + login { + user root { + class super-user; + authentication { + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOFs2LdK23ysS0SSkXZuULUOCZHe1ZxvfOKj002J6rkvAaDLar9g5aKuiIV70ZR33A2rchoLMiM4pLLwoSAPJg1FgIgJjU+DFoWtiW+IjzKXdHHVspb2iOIhpfbfk8WC5HZ/6fPz4RUqadGQ43ImnMhSN0ge3s/oM48hpc96ne6tH+mGiugdPx8097NE9yTqJHi8deBhi3daeJH4eQeg66Fi+kDIAZv5TJ0Oca5h7PBd253/vf3l21jRH8u1D1trALv9KStGycTk5Nwih+OHx+Rnvue/B/nxgAz4I3mmQa+jhRlGaQVG0MtOBRY3Ae7ZNqhjuefDUCM2hwG70toU9xDUw0AihC2ownY+P2PjssoG1O8f/D7ilw7qrXJHEeM8HwzqMH8X4ELYHaHTwjeWfZTTFev1Djr969LjdS1UZzqCZHO0jmQ5Pa3eXw8xcoprtt620kYLTKSMs6exLstE48o57Yqfn+eTJDy7EkcjiLN6GNIi42b9Z73xXNpZx1WR9O6OulJf/6pWgrApasvxiGmxxILq98s1/VnZkOFXR8JXnpvKHEIOIr3bFQu3GLCrzY2Yuh4NL5wy6lcZNTr/0rr6AO24IbEWM7TApbXnKA5XQhAbThrVsuFBdT3+bBP2nedvWQ0W+Q6SUf+8T2o5InnFqs5ABnTixBItiWw+9BiQ== root@server1"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login allow; + } + netconf { + ssh; + } + web-management { + http { + interface [ vme.0 vlan.1 ]; + } + } + } + } + virtual-chassis { + no-split-detection; + member 0 { + mastership-priority 255; + } + member 1 { + mastership-priority 255; + } + } + chassis { aggregated-devices { ethernet { device-count 32; } } } + + vlans { + ${concatMapStrings (net: + let + netName = if net == "mgmt" + then "mgmt-vlan" + else net; + netConfig = config.site.net.${net}; + vlan = toString netConfig.vlan; + in + lib.optionalString (netConfig.vlan != null) '' + ${netName} { + vlan-id ${vlan}; + ${lib.optionalString (net == "mgmt") '' + l3-interface vlan.${vlan}; + ''} + } + '' + ) (sortNetsByVlan (builtins.attrNames config.site.net))} + } + + interfaces { + vlan { + unit ${toString config.site.net.mgmt.vlan} { + family inet { + address ${mgmtAddress}/${toString config.site.net.mgmt.subnet4Len}; + } + } + } + + ${concatMapStrings (name: + let + linkConfig = hostConfig.links.${name}; + group = toString linkConfig.group; + isBond = linkConfig.trunk && + builtins.length linkConfig.ports > 1; + nets = map (net: + if net == "mgmt" + then "mgmt-vlan" + else net + ) linkConfig.nets; + vlanConfig = '' + unit 0 { + family ethernet-switching { + port-mode ${if linkConfig.trunk then "trunk" else "access"}; + vlan { members [ ${concatStringsSep " " nets} ]; } + } + } + ''; + in + if isBond + then concatMapStrings (port: '' + ${port} { + ether-options { 802.3ad ae${group}; } + } + '') (linkConfig.ports) + '' + ae${group} { + aggregated-ether-options { lacp { active; } } + ${vlanConfig} + } + '' + else concatMapStrings (port: '' + ${port} { + ${vlanConfig} + } + '') (linkConfig.ports) + ) (sortBy (link: hostConfig.links.${link}.ports) + (builtins.attrNames hostConfig.links) + )} + } + ''; + + mgmtAddress = config.site.net.mgmt.hosts4.${hostName}; +in '' + #! ${runtimeShell} -e + + scp ${configFile} root@${mgmtAddress}:/tmp/junos.config + ssh root@${mgmtAddress} cli < 1 &&