Add precursors to partially-declarative peering management

2024-12-24 22:29:32 -08:00 · 2024-12-24 22:29:32 -08:00 · 15d8e19c50
commit 15d8e19c50
parent 8a3c468423
4 changed files with 95 additions and 0 deletions
--- a/ext-peer.bgp.conf.j2
+++ b/ext-peer.bgp.conf.j2
@ -0,0 +1,13 @@
+protocol bgp dn42_{{ item['remotename'] }} from dnpeers {
+	neighbor {{ item['remote_llv6'] }} % 'dn42{{ item['remotename'] }}' as {{ item['asn'] }};
+{% if item['needs_v4'] is defined %}
+{% if item['remote_unicastv4'] is not defined %}
+	ipv4 {
+		extended next hop on;
+	};
+{% endif %}
+	ipv6 {
+		extended next hop on;
+	};
+{% endif %}
+}
--- a/ext-peer.netdev.j2
+++ b/ext-peer.netdev.j2
@ -0,0 +1,20 @@
+[NetDev]
+Name=dn42{{ item['remotename'] }}
+Kind=wireguard
+
+[WireGuard]
+PrivateKeyFile=/etc/systemd/network/wg.key
+{% if item['localport'] is defined %}
+ListenPort={{ item['localport'] }}
+{% endif %}
+
+[WireGuardPeer]
+{% if item['remotehost'] is defined %}
+# {{ item['remotehost'] }}
+{% endif %}
+{% if item['remoteip'] is defined %}
+Endpoint={{ item['remoteip'] }}:{{ item['remoteport'] }}
+{% endif %}
+PublicKey={{ item['publickey'] }}
+PersistentKeepalive=15
+AllowedIPs=fe80::/64 fd00::/8 172.20.0.0/14 172.31.0.0/16 10.0.0.0/8
--- a/ext-peer.network.j2
+++ b/ext-peer.network.j2
@ -0,0 +1,23 @@
+[Match]
+Name=dn42{{ item['remotename'] }}
+
+[Network]
+DHCP=false
+IPv6AcceptRA=false
+IPv4Forwarding=true
+IPv6Forwarding=true
+KeepConfiguration=true
+
+[Address]
+{% if item['llv6'] is defined %}
+Address={{ item['llv6'] }}/128
+{% else %}
+Address={{ llv6 }}/128
+{% endif %}
+Peer={{ item['remote_llv6'] }}/128
+
+[Address]
+Address={{ unicastv4 }}/32
+{% if item['remote_unicastv4'] is defined %}
+Peer={{ item['remote_unicastv4'] }}
+{% endif %}
--- a/peerings.yml
+++ b/peerings.yml
@ -0,0 +1,39 @@
+- name: Configure peerings
+  hosts: routers
+  remote_user: root
+  tasks:
+    - name: Include per-node peering data
+      include_vars: "{{ playbook_dir }}/peerings/{{ pop_loc }}.yaml"
+      ignore_errors: false
+    - name: Generate systemd .netdev files
+      ansible.builtin.template:
+        src: ext-peer.netdev.j2
+        dest: "/etc/systemd/network/dn42{{ item.remotename }}.netdev"
+        mode: '0644'
+      loop: "{{ peers }}"
+      when: peers is defined
+      register: netdev_files
+    - name: Generate systemd .network files
+      ansible.builtin.template:
+        src: ext-peer.network.j2
+        dest: "/etc/systemd/network/dn42{{ item.remotename }}.network"
+        mode: '0644'
+      loop: "{{ peers }}"
+      when: peers is defined
+      register: network_files
+    - name: Generate BGP peering files
+      ansible.builtin.template:
+        src: ext-peer.bgp.conf.j2
+        dest: "/etc/bird/peers/dn42{{ item.remotename }}.conf"
+        mode: '0644'
+      loop: "{{ peers }}"
+      register: bgp_files
+      when: peers is defined
+    - name: Reload systemd-networkd
+      ansible.builtin.command: networkctl reload
+      when: peers is defined
+    - name: Reload bird
+      ansible.builtin.systemd_service:
+        name: bird.service
+        state: reloaded
+      when: peers is defined