From 2c76aa98d5fe49f57c94bde4cbe2ba5ca1ff338a Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Tue, 14 Nov 2023 19:50:21 +0100 Subject: wip --- 6/bgp.pl | 2 +- 6/bgp.py | 14 +++++++++++++- 6/host_vars/hash/firewall.yaml | 13 +++++++++++++ 6/host_vars/knot/firewall.yaml | 13 +++++++++++++ 6/host_vars/kv24ix/firewall.yaml | 9 +++++++++ 6/host_vars/lhn2ix/firewall.yaml | 9 +++++++++ 6/main.pl | 2 +- 7 files changed, 59 insertions(+), 3 deletions(-) create mode 100644 6/host_vars/hash/firewall.yaml create mode 100644 6/host_vars/knot/firewall.yaml create mode 100644 6/host_vars/kv24ix/firewall.yaml create mode 100644 6/host_vars/lhn2ix/firewall.yaml diff --git a/6/bgp.pl b/6/bgp.pl index f5f6597..0bf2e89 100644 --- a/6/bgp.pl +++ b/6/bgp.pl @@ -2,7 +2,7 @@ :- module(bgp, [ warning/1, - create_firewall/1, + create_firewall/0, neighbor/2, bgp_config/2, bird_config/1, diff --git a/6/bgp.py b/6/bgp.py index 2bd756a..d508762 100755 --- a/6/bgp.py +++ b/6/bgp.py @@ -13,10 +13,22 @@ def to_ansible(kind, hosts): with PrologMQI() as mqi: with mqi.create_thread() as p: - result = p.query("consult(main)") + result = p.query("consult(main), main.") print(result) result = p.query("bgp:bird_config(BirdDict)") r = result[0]["BirdDict"] print(yaml.dump(r)) to_ansible("bgp", r) + + hosts = {} + result = p.query("firewall:fw_rule(Host, Attrs).") +# print(yaml.dump(result)) + for r in result: + host = r["Host"] + if host not in hosts: + hosts[host] = h = {} + h["firewall_rules"] = rules = [] + rules.append(r["Attrs"]) + + to_ansible("firewall", hosts) diff --git a/6/host_vars/hash/firewall.yaml b/6/host_vars/hash/firewall.yaml new file mode 100644 index 0000000..ce96f99 --- /dev/null +++ b/6/host_vars/hash/firewall.yaml @@ -0,0 +1,13 @@ +firewall_rules: +- dst: fdf3:aad9:a885:0b3a::13 + family: ip6 + from: bgp + src: fdf3:aad9:a885:0b3a::1 +- dst: fdf3:aad9:a885:0b3a::13 + family: ip6 + from: bgp + src: fdf3:aad9:a885:0b3a::16 +- dst: fdf3:aad9:a885:0b3a::13 + family: ip6 + from: bgp + src: fdf3:aad9:a885:0b3a::15 diff --git a/6/host_vars/knot/firewall.yaml b/6/host_vars/knot/firewall.yaml new file mode 100644 index 0000000..a4f96d0 --- /dev/null +++ b/6/host_vars/knot/firewall.yaml @@ -0,0 +1,13 @@ +firewall_rules: +- dst: fdf3:aad9:a885:0b3a::1 + family: ip6 + from: bgp + src: fdf3:aad9:a885:0b3a::13 +- dst: fdf3:aad9:a885:0b3a::1 + family: ip6 + from: bgp + src: fdf3:aad9:a885:0b3a::15 +- dst: fdf3:aad9:a885:0b3a::1 + family: ip6 + from: bgp + src: fdf3:aad9:a885:0b3a::16 diff --git a/6/host_vars/kv24ix/firewall.yaml b/6/host_vars/kv24ix/firewall.yaml new file mode 100644 index 0000000..e385a73 --- /dev/null +++ b/6/host_vars/kv24ix/firewall.yaml @@ -0,0 +1,9 @@ +firewall_rules: +- dst: fdf3:aad9:a885:0b3a::16 + family: ip6 + from: bgp + src: fdf3:aad9:a885:0b3a::1 +- dst: fdf3:aad9:a885:0b3a::16 + family: ip6 + from: bgp + src: fdf3:aad9:a885:0b3a::13 diff --git a/6/host_vars/lhn2ix/firewall.yaml b/6/host_vars/lhn2ix/firewall.yaml new file mode 100644 index 0000000..5a5beda --- /dev/null +++ b/6/host_vars/lhn2ix/firewall.yaml @@ -0,0 +1,9 @@ +firewall_rules: +- dst: fdf3:aad9:a885:0b3a::15 + family: ip6 + from: bgp + src: fdf3:aad9:a885:0b3a::13 +- dst: fdf3:aad9:a885:0b3a::15 + family: ip6 + from: bgp + src: fdf3:aad9:a885:0b3a::1 diff --git a/6/main.pl b/6/main.pl index ecfc295..5256ac0 100644 --- a/6/main.pl +++ b/6/main.pl @@ -1,7 +1,7 @@ :- dynamic fw_rule/2. :- use_module(bgp, [ - create_firewall/1]). + create_firewall/0]). print_warnings([]). print_warnings([W|Ws]) :- format("Warning: ~w~n", [W]), print_warnings(Ws). -- cgit v1.2.3