diff --git a/vyos.conf.j2 b/vyos.conf.j2 index 355e716..5a3c54f 100644 --- a/vyos.conf.j2 +++ b/vyos.conf.j2 @@ -152,6 +152,22 @@ protocols { /* -=-=-=-=-=-=-=-=-=-=-=-=-=- STATIC -=-=-=-=-=-=-=-=-=-=-=-=-=- */ static { + +{% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %} +{% for address in iface_data['addresses'] %} +{% if address['address'].endswith("/32") and address.get('description','')|is_ipv4(options='public') %} + interface-route {{ address['description'] }} { + next-hop-interface {{ iface_name }} + } +{% endif %} +{% if address['address'].endswith("/128") and address.get('description','')|is_ipv6(options='public') %} + interface-route6 {{ address['description'] }} { + next-hop-interface {{ iface_name }} + } +{% endif %} +{% endfor %} +{% endfor %} + {% for route_name, route_data in pillar['protocols']['static']['route'].items() %} route {{ route_name }} { {% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %} @@ -667,17 +683,29 @@ policy { } } - {% for prefix_list_name, bgpq3_query in salt['pillar.get']("policy:prefix-list",{}).items() %} + {% for prefix_list_name, prefix_data in salt['pillar.get']("policy:prefix-list",{}).items() %} prefix-list {{ prefix_list_name }} { - {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -A -6 -j ' + bgpq3_query["IPv6"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %} - {% for prefix in jsonblob.NN %} - rule {{ loop.index }} { - action permit - prefix {{ prefix['prefix'] }} - {% if prefix.get('less-equal',None) != None %}le {{ prefix['less-equal'] }}{% endif %} - {% if prefix.get('greater-equal',None) != None %}ge {{ prefix['greater-equal'] }}{% endif %} - } - {% endfor %} + {% if 'bgpq3' in prefix_data %} + {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -A -4 -j ' + prefix_data["bgpq3"]["IPv4"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %} + {% for prefix in jsonblob.NN %} + rule {{ loop.index }} { + action permit + prefix {{ prefix['prefix'] }} + {% if prefix.get('less-equal',None) != None %}le {{ prefix['less-equal'] }}{% endif %} + {% if prefix.get('greater-equal',None) != None %}ge {{ prefix['greater-equal'] }}{% endif %} + } + {% endfor %} + {% elif 'static' in prefix_data %} + {% for prefix in prefix_data['static']['prefixes'] %} + rule {{ loop.index }} { + {% if prefix.get('description',None) != None %}description '{{ prefix['description'].replace("'","\\'") }}'{% endif %} + action permit + prefix {{ prefix['prefix'] }} + {% if prefix.get('less-equal',None) != None %}le {{ prefix['less-equal'] }}{% endif %} + {% if prefix.get('greater-equal',None) != None %}ge {{ prefix['greater-equal'] }}{% endif %} + } + {% endfor %} + {% endif %} rule 65535 { prefix 0.0.0.0/0 le 32 @@ -686,17 +714,29 @@ policy { } {% endfor %} - {% for prefix_list_name, bgpq3_query in salt['pillar.get']("policy:prefix-list",{}).items() %} + {% for prefix_list_name, prefix_data in salt['pillar.get']("policy:prefix-list",{}).items() %} prefix-list6 {{ prefix_list_name }} { - {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -A -6 -j ' + bgpq3_query["IPv6"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %} - {% for prefix in jsonblob.NN %} - rule {{ loop.index }} { - action permit - prefix {{ prefix['prefix'] }} - {% if prefix.get('less-equal',None) != None %}le {{ prefix['less-equal'] }}{% endif %} - {% if prefix.get('greater-equal',None) != None %}ge {{ prefix['greater-equal'] }}{% endif %} - } - {% endfor %} + {% if 'bgpq3' in prefix_data %} + {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -A -6 -j ' + prefix_data["bgpq3"]["IPv6"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %} + {% for prefix in jsonblob.NN %} + rule {{ loop.index }} { + action permit + prefix {{ prefix['prefix'] }} + {% if prefix.get('less-equal',None) != None %}le {{ prefix['less-equal'] }}{% endif %} + {% if prefix.get('greater-equal',None) != None %}ge {{ prefix['greater-equal'] }}{% endif %} + } + {% endfor %} + {% elif 'static' in prefix_data %} + {% for prefix in prefix_data['static']['prefixes'] %} + {% if prefix.get('description',None) != None %}description '{{ prefix['description'].replace("'","\\'") }}'{% endif %} + rule {{ loop.index }} { + action permit + prefix {{ prefix['prefix'] }} + {% if prefix.get('less-equal',None) != None %}le {{ prefix['less-equal'] }}{% endif %} + {% if prefix.get('greater-equal',None) != None %}ge {{ prefix['greater-equal'] }}{% endif %} + } + {% endfor %} + {% endif %} rule 65535 { prefix ::/0 le 128