Add precursors to partially-declarative peering management
This commit is contained in:
parent
8a3c468423
commit
15d8e19c50
SSH key fingerprint:
SHA256:yVO09iotyiNaBzBBvVR8ZTx7SB9VpvJPgR1Ihy1bz3Q
4 changed files with 95 additions and 0 deletions
13
ext-peer.bgp.conf.j2
Normal file
13
ext-peer.bgp.conf.j2
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
protocol bgp dn42_{{ item['remotename'] }} from dnpeers {
|
||||||
|
neighbor {{ item['remote_llv6'] }} % 'dn42{{ item['remotename'] }}' as {{ item['asn'] }};
|
||||||
|
{% if item['needs_v4'] is defined %}
|
||||||
|
{% if item['remote_unicastv4'] is not defined %}
|
||||||
|
ipv4 {
|
||||||
|
extended next hop on;
|
||||||
|
};
|
||||||
|
{% endif %}
|
||||||
|
ipv6 {
|
||||||
|
extended next hop on;
|
||||||
|
};
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
20
ext-peer.netdev.j2
Normal file
20
ext-peer.netdev.j2
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
[NetDev]
|
||||||
|
Name=dn42{{ item['remotename'] }}
|
||||||
|
Kind=wireguard
|
||||||
|
|
||||||
|
[WireGuard]
|
||||||
|
PrivateKeyFile=/etc/systemd/network/wg.key
|
||||||
|
{% if item['localport'] is defined %}
|
||||||
|
ListenPort={{ item['localport'] }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
[WireGuardPeer]
|
||||||
|
{% if item['remotehost'] is defined %}
|
||||||
|
# {{ item['remotehost'] }}
|
||||||
|
{% endif %}
|
||||||
|
{% if item['remoteip'] is defined %}
|
||||||
|
Endpoint={{ item['remoteip'] }}:{{ item['remoteport'] }}
|
||||||
|
{% endif %}
|
||||||
|
PublicKey={{ item['publickey'] }}
|
||||||
|
PersistentKeepalive=15
|
||||||
|
AllowedIPs=fe80::/64 fd00::/8 172.20.0.0/14 172.31.0.0/16 10.0.0.0/8
|
||||||
23
ext-peer.network.j2
Normal file
23
ext-peer.network.j2
Normal file
|
|
@ -0,0 +1,23 @@
|
||||||
|
[Match]
|
||||||
|
Name=dn42{{ item['remotename'] }}
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
DHCP=false
|
||||||
|
IPv6AcceptRA=false
|
||||||
|
IPv4Forwarding=true
|
||||||
|
IPv6Forwarding=true
|
||||||
|
KeepConfiguration=true
|
||||||
|
|
||||||
|
[Address]
|
||||||
|
{% if item['llv6'] is defined %}
|
||||||
|
Address={{ item['llv6'] }}/128
|
||||||
|
{% else %}
|
||||||
|
Address={{ llv6 }}/128
|
||||||
|
{% endif %}
|
||||||
|
Peer={{ item['remote_llv6'] }}/128
|
||||||
|
|
||||||
|
[Address]
|
||||||
|
Address={{ unicastv4 }}/32
|
||||||
|
{% if item['remote_unicastv4'] is defined %}
|
||||||
|
Peer={{ item['remote_unicastv4'] }}
|
||||||
|
{% endif %}
|
||||||
39
peerings.yml
Normal file
39
peerings.yml
Normal file
|
|
@ -0,0 +1,39 @@
|
||||||
|
- name: Configure peerings
|
||||||
|
hosts: routers
|
||||||
|
remote_user: root
|
||||||
|
tasks:
|
||||||
|
- name: Include per-node peering data
|
||||||
|
include_vars: "{{ playbook_dir }}/peerings/{{ pop_loc }}.yaml"
|
||||||
|
ignore_errors: false
|
||||||
|
- name: Generate systemd .netdev files
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ext-peer.netdev.j2
|
||||||
|
dest: "/etc/systemd/network/dn42{{ item.remotename }}.netdev"
|
||||||
|
mode: '0644'
|
||||||
|
loop: "{{ peers }}"
|
||||||
|
when: peers is defined
|
||||||
|
register: netdev_files
|
||||||
|
- name: Generate systemd .network files
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ext-peer.network.j2
|
||||||
|
dest: "/etc/systemd/network/dn42{{ item.remotename }}.network"
|
||||||
|
mode: '0644'
|
||||||
|
loop: "{{ peers }}"
|
||||||
|
when: peers is defined
|
||||||
|
register: network_files
|
||||||
|
- name: Generate BGP peering files
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ext-peer.bgp.conf.j2
|
||||||
|
dest: "/etc/bird/peers/dn42{{ item.remotename }}.conf"
|
||||||
|
mode: '0644'
|
||||||
|
loop: "{{ peers }}"
|
||||||
|
register: bgp_files
|
||||||
|
when: peers is defined
|
||||||
|
- name: Reload systemd-networkd
|
||||||
|
ansible.builtin.command: networkctl reload
|
||||||
|
when: peers is defined
|
||||||
|
- name: Reload bird
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: bird.service
|
||||||
|
state: reloaded
|
||||||
|
when: peers is defined
|
||||||
Loading…
Reference in a new issue