diff options
-rw-r--r-- | ansible/group_vars/all/bird.yml | 3 | ||||
-rw-r--r-- | ansible/group_vars/all/ipam.yml | 23 | ||||
-rw-r--r-- | tnet/files/akili/bird-tnet-pre.conf | 9 | ||||
-rw-r--r-- | tnet/files/astyanax/bird-tnet-pre.conf | 9 | ||||
-rw-r--r-- | tnet/files/conflatorio/bird-tnet-pre.conf | 9 | ||||
-rw-r--r-- | tnet/files/hash/bird-tnet-pre.conf | 9 | ||||
-rw-r--r-- | tnet/files/hash/bird-tnet.conf | 6 | ||||
-rw-r--r-- | tnet/files/knot/bird-tnet-pre.conf | 9 | ||||
-rw-r--r-- | tnet/files/knot/bird-tnet.conf | 7 | ||||
-rw-r--r-- | tnet/files/lhn2pi/bird-tnet-pre.conf | 9 | ||||
-rw-r--r-- | tnet/files/node1/bird-tnet-pre.conf | 9 | ||||
-rw-r--r-- | tnet/files/node2/bird-tnet-pre.conf | 9 | ||||
-rw-r--r-- | tnet/host_vars/conflatorio/bird.yml | 2 | ||||
-rw-r--r-- | tnet/host_vars/hash/bird.yml | 3 | ||||
-rw-r--r-- | tnet/host_vars/knot/bird.yml | 3 | ||||
-rw-r--r-- | tnet/templates/bird-tnet-pre.conf.j2 | 9 | ||||
-rw-r--r-- | tnet/templates/bird-tnet.conf.j2 | 4 | ||||
-rw-r--r-- | tnet/wg-links-link.yml | 17 |
18 files changed, 87 insertions, 62 deletions
diff --git a/ansible/group_vars/all/bird.yml b/ansible/group_vars/all/bird.yml new file mode 100644 index 0000000..dce5afa --- /dev/null +++ b/ansible/group_vars/all/bird.yml @@ -0,0 +1,3 @@ +# which version of bird is used, 0-padded with 3 digits +# 2.15 => 2015 +birdv: 0 diff --git a/ansible/group_vars/all/ipam.yml b/ansible/group_vars/all/ipam.yml index c182329..5c12ca2 100644 --- a/ansible/group_vars/all/ipam.yml +++ b/ansible/group_vars/all/ipam.yml @@ -1,10 +1,17 @@ +# Netmasks for prefixes: +# 48: ffff:ffff:ffff:0000:: +# 52: ffff:ffff:ffff:f000:: +# 56: ffff:ffff:ffff:ff00:: +# 60: ffff:ffff:ffff:fff0:: +# 64: ffff:ffff:ffff:ffff:: ipam6: networks: - - bitraf-dn42: - range: "fdb1:4242:3538:::/48" - - tnet-dn42: - range: "fdb1:4242:3538:a000::/52" - - conflatorio-dn42: - range: "fdb1:4242:3538:a001::/64" - hosts: - - conflatorio-ix: "fdb1:4242:3538:a001::ffff" + bitraf_dn42: + range: "fdb1:4242:3538:::/48" + tnet_dn42: + range: "fdb1:4242:3538:a000::/52" + conflatorio_dn42: + description: Internal network on host + range: "fdb1:4242:3538:a001::/64" + hosts: + - conflatorio-ix: "fdb1:4242:3538:a001::ffff" diff --git a/tnet/files/akili/bird-tnet-pre.conf b/tnet/files/akili/bird-tnet-pre.conf index 383c050..61669a1 100644 --- a/tnet/files/akili/bird-tnet-pre.conf +++ b/tnet/files/akili/bird-tnet-pre.conf @@ -1,9 +1,8 @@ -define tnet = fdb1:4242:3538::/48; -define tnet_router = fdb1:4242:3538:ffff::/64; +define tnet = fdb1:4242:3538:a000::/52; -function is_tnet() # -> bool +function is_tnet() { - return net ~ tnet && (net !~ tnet_router); + return net ~ tnet; } roa6 table dn42_roa; @@ -13,7 +12,7 @@ protocol static { include "/etc/bird/dn42_roa_bird2_6.conf"; }; -function dn42_is_valid_network() # -> bool +function dn42_is_valid_network() { return net ~ [ fd00::/8{44,64} # ULA address space as per RFC 4193 diff --git a/tnet/files/astyanax/bird-tnet-pre.conf b/tnet/files/astyanax/bird-tnet-pre.conf index 383c050..61669a1 100644 --- a/tnet/files/astyanax/bird-tnet-pre.conf +++ b/tnet/files/astyanax/bird-tnet-pre.conf @@ -1,9 +1,8 @@ -define tnet = fdb1:4242:3538::/48; -define tnet_router = fdb1:4242:3538:ffff::/64; +define tnet = fdb1:4242:3538:a000::/52; -function is_tnet() # -> bool +function is_tnet() { - return net ~ tnet && (net !~ tnet_router); + return net ~ tnet; } roa6 table dn42_roa; @@ -13,7 +12,7 @@ protocol static { include "/etc/bird/dn42_roa_bird2_6.conf"; }; -function dn42_is_valid_network() # -> bool +function dn42_is_valid_network() { return net ~ [ fd00::/8{44,64} # ULA address space as per RFC 4193 diff --git a/tnet/files/conflatorio/bird-tnet-pre.conf b/tnet/files/conflatorio/bird-tnet-pre.conf index 383c050..895ac54 100644 --- a/tnet/files/conflatorio/bird-tnet-pre.conf +++ b/tnet/files/conflatorio/bird-tnet-pre.conf @@ -1,9 +1,8 @@ -define tnet = fdb1:4242:3538::/48; -define tnet_router = fdb1:4242:3538:ffff::/64; +define tnet = fdb1:4242:3538:a000::/52; -function is_tnet() # -> bool +function is_tnet() -> bool { - return net ~ tnet && (net !~ tnet_router); + return net ~ tnet; } roa6 table dn42_roa; @@ -13,7 +12,7 @@ protocol static { include "/etc/bird/dn42_roa_bird2_6.conf"; }; -function dn42_is_valid_network() # -> bool +function dn42_is_valid_network() -> bool { return net ~ [ fd00::/8{44,64} # ULA address space as per RFC 4193 diff --git a/tnet/files/hash/bird-tnet-pre.conf b/tnet/files/hash/bird-tnet-pre.conf index 383c050..61669a1 100644 --- a/tnet/files/hash/bird-tnet-pre.conf +++ b/tnet/files/hash/bird-tnet-pre.conf @@ -1,9 +1,8 @@ -define tnet = fdb1:4242:3538::/48; -define tnet_router = fdb1:4242:3538:ffff::/64; +define tnet = fdb1:4242:3538:a000::/52; -function is_tnet() # -> bool +function is_tnet() { - return net ~ tnet && (net !~ tnet_router); + return net ~ tnet; } roa6 table dn42_roa; @@ -13,7 +12,7 @@ protocol static { include "/etc/bird/dn42_roa_bird2_6.conf"; }; -function dn42_is_valid_network() # -> bool +function dn42_is_valid_network() { return net ~ [ fd00::/8{44,64} # ULA address space as per RFC 4193 diff --git a/tnet/files/hash/bird-tnet.conf b/tnet/files/hash/bird-tnet.conf index b105201..5ac9690 100644 --- a/tnet/files/hash/bird-tnet.conf +++ b/tnet/files/hash/bird-tnet.conf @@ -37,9 +37,9 @@ template bgp tnet_tpl { }; } -protocol bgp tnet_astyanax from tnet_tpl { - neighbor fe80:a0fd:89e4:42c6:f617:7398:abf4:b517; - interface "tnet-astyanax"; +protocol bgp tnet_conflatorio from tnet_tpl { + neighbor fe80:4540:476c:d432:2f32:818b:811b:bb60; + interface "tnet-confltrio"; rr client; } diff --git a/tnet/files/knot/bird-tnet-pre.conf b/tnet/files/knot/bird-tnet-pre.conf index 383c050..61669a1 100644 --- a/tnet/files/knot/bird-tnet-pre.conf +++ b/tnet/files/knot/bird-tnet-pre.conf @@ -1,9 +1,8 @@ -define tnet = fdb1:4242:3538::/48; -define tnet_router = fdb1:4242:3538:ffff::/64; +define tnet = fdb1:4242:3538:a000::/52; -function is_tnet() # -> bool +function is_tnet() { - return net ~ tnet && (net !~ tnet_router); + return net ~ tnet; } roa6 table dn42_roa; @@ -13,7 +12,7 @@ protocol static { include "/etc/bird/dn42_roa_bird2_6.conf"; }; -function dn42_is_valid_network() # -> bool +function dn42_is_valid_network() { return net ~ [ fd00::/8{44,64} # ULA address space as per RFC 4193 diff --git a/tnet/files/knot/bird-tnet.conf b/tnet/files/knot/bird-tnet.conf index 60c00ed..fd5332a 100644 --- a/tnet/files/knot/bird-tnet.conf +++ b/tnet/files/knot/bird-tnet.conf @@ -37,6 +37,13 @@ template bgp tnet_tpl { }; } +protocol bgp tnet_conflatorio from tnet_tpl { + neighbor fe80:47fc:660:b91f:1063:a6ae:46bb:7588; + interface "tnet-confltrio"; + + rr client; +} + protocol bgp tnet_hash from tnet_tpl { neighbor fe80:3b20:4cb0:5315:22a:c7de:a45b:8a7d; interface "tnet-hash"; diff --git a/tnet/files/lhn2pi/bird-tnet-pre.conf b/tnet/files/lhn2pi/bird-tnet-pre.conf index 383c050..61669a1 100644 --- a/tnet/files/lhn2pi/bird-tnet-pre.conf +++ b/tnet/files/lhn2pi/bird-tnet-pre.conf @@ -1,9 +1,8 @@ -define tnet = fdb1:4242:3538::/48; -define tnet_router = fdb1:4242:3538:ffff::/64; +define tnet = fdb1:4242:3538:a000::/52; -function is_tnet() # -> bool +function is_tnet() { - return net ~ tnet && (net !~ tnet_router); + return net ~ tnet; } roa6 table dn42_roa; @@ -13,7 +12,7 @@ protocol static { include "/etc/bird/dn42_roa_bird2_6.conf"; }; -function dn42_is_valid_network() # -> bool +function dn42_is_valid_network() { return net ~ [ fd00::/8{44,64} # ULA address space as per RFC 4193 diff --git a/tnet/files/node1/bird-tnet-pre.conf b/tnet/files/node1/bird-tnet-pre.conf index 383c050..61669a1 100644 --- a/tnet/files/node1/bird-tnet-pre.conf +++ b/tnet/files/node1/bird-tnet-pre.conf @@ -1,9 +1,8 @@ -define tnet = fdb1:4242:3538::/48; -define tnet_router = fdb1:4242:3538:ffff::/64; +define tnet = fdb1:4242:3538:a000::/52; -function is_tnet() # -> bool +function is_tnet() { - return net ~ tnet && (net !~ tnet_router); + return net ~ tnet; } roa6 table dn42_roa; @@ -13,7 +12,7 @@ protocol static { include "/etc/bird/dn42_roa_bird2_6.conf"; }; -function dn42_is_valid_network() # -> bool +function dn42_is_valid_network() { return net ~ [ fd00::/8{44,64} # ULA address space as per RFC 4193 diff --git a/tnet/files/node2/bird-tnet-pre.conf b/tnet/files/node2/bird-tnet-pre.conf index 383c050..61669a1 100644 --- a/tnet/files/node2/bird-tnet-pre.conf +++ b/tnet/files/node2/bird-tnet-pre.conf @@ -1,9 +1,8 @@ -define tnet = fdb1:4242:3538::/48; -define tnet_router = fdb1:4242:3538:ffff::/64; +define tnet = fdb1:4242:3538:a000::/52; -function is_tnet() # -> bool +function is_tnet() { - return net ~ tnet && (net !~ tnet_router); + return net ~ tnet; } roa6 table dn42_roa; @@ -13,7 +12,7 @@ protocol static { include "/etc/bird/dn42_roa_bird2_6.conf"; }; -function dn42_is_valid_network() # -> bool +function dn42_is_valid_network() { return net ~ [ fd00::/8{44,64} # ULA address space as per RFC 4193 diff --git a/tnet/host_vars/conflatorio/bird.yml b/tnet/host_vars/conflatorio/bird.yml index b59526c..a976306 100644 --- a/tnet/host_vars/conflatorio/bird.yml +++ b/tnet/host_vars/conflatorio/bird.yml @@ -1,3 +1,5 @@ tnet_bird_peers: hash: knot: + +birdv: 2015 diff --git a/tnet/host_vars/hash/bird.yml b/tnet/host_vars/hash/bird.yml index 17cb4cd..663f8e1 100644 --- a/tnet/host_vars/hash/bird.yml +++ b/tnet/host_vars/hash/bird.yml @@ -1,6 +1,7 @@ tnet_bird_peers: - astyanax: + conflatorio: rr_client: true + interface: tnet-confltrio knot: rr_client: true node1: diff --git a/tnet/host_vars/knot/bird.yml b/tnet/host_vars/knot/bird.yml index 12dffeb..73f2ad7 100644 --- a/tnet/host_vars/knot/bird.yml +++ b/tnet/host_vars/knot/bird.yml @@ -1,4 +1,7 @@ tnet_bird_peers: + conflatorio: + rr_client: true + interface: tnet-confltrio hash: rr_client: true node1: diff --git a/tnet/templates/bird-tnet-pre.conf.j2 b/tnet/templates/bird-tnet-pre.conf.j2 index 383c050..e762cd5 100644 --- a/tnet/templates/bird-tnet-pre.conf.j2 +++ b/tnet/templates/bird-tnet-pre.conf.j2 @@ -1,9 +1,8 @@ -define tnet = fdb1:4242:3538::/48; -define tnet_router = fdb1:4242:3538:ffff::/64; +define tnet = {{ ipam6.networks.tnet_dn42.range }}; -function is_tnet() # -> bool +function is_tnet(){{ " -> bool" if birdv >= 2015 }} { - return net ~ tnet && (net !~ tnet_router); + return net ~ tnet; } roa6 table dn42_roa; @@ -13,7 +12,7 @@ protocol static { include "/etc/bird/dn42_roa_bird2_6.conf"; }; -function dn42_is_valid_network() # -> bool +function dn42_is_valid_network(){{ " -> bool" if birdv >= 2015 }} { return net ~ [ fd00::/8{44,64} # ULA address space as per RFC 4193 diff --git a/tnet/templates/bird-tnet.conf.j2 b/tnet/templates/bird-tnet.conf.j2 index 49e9410..2ba456b 100644 --- a/tnet/templates/bird-tnet.conf.j2 +++ b/tnet/templates/bird-tnet.conf.j2 @@ -43,7 +43,11 @@ template bgp tnet_tpl { {% if policy == "tnet" %} protocol bgp tnet_{{ p }} from tnet_tpl { neighbor {{ hostvars[p].tnet_wg[inventory_hostname].address }}; +{% if peer.interface is defined %} + interface "{{ peer.interface }}"; +{% else %} interface "tnet-{{ p }}"; +{% endif %} {% if peer.rr_client|default(False) %} rr client; diff --git a/tnet/wg-links-link.yml b/tnet/wg-links-link.yml index 632024e..c1c520b 100644 --- a/tnet/wg-links-link.yml +++ b/tnet/wg-links-link.yml @@ -1,3 +1,12 @@ +- set_fact: + if_name: tnet-{{ item.value.if_name|default(item.key) }} + +#- debug: +# msg: | +# if_name {{ if_name }} +# item.value.if_name {{ item.value.if_name|default("NOT SET") }} +# item.key {{ item.key }} + - notify: systemctl restart systemd-networkd become: yes file: @@ -7,10 +16,8 @@ - name: "Make netdev for {{ inventory_hostname }} -> {{ item.key }}" notify: systemctl restart systemd-networkd become: yes - vars: - if_name: tnet-{{ item.if_name|default(item.key) }} copy: - dest: "/etc/systemd/network/50-tnet-{{ item.key }}.netdev" + dest: "/etc/systemd/network/50-{{ if_name }}.netdev" owner: systemd-network group: adm mode: 0640 @@ -44,12 +51,12 @@ notify: systemctl restart systemd-networkd become: yes copy: - dest: "/etc/systemd/network/50-tnet-{{ item.key }}.network" + dest: "/etc/systemd/network/50-{{ if_name }}.network" owner: systemd-network group: adm content: | [Match] - Name=tnet-{{ item.key }} + Name={{ if_name }} [Network] Address={{ item.value.address }}/64 |