diff --git a/vyos.conf.j2 b/vyos.conf.j2 index d6ffa58..ec35633 100644 --- a/vyos.conf.j2 +++ b/vyos.conf.j2 @@ -1,3 +1,14 @@ +{% set env_exec = {} %} +{% if pillar.get('loopback',{}).get('IPv4',None) %} +{% do env_exec.update({'BIND_ADDR':pillar['loopback']['IPv4']}) %} +{% endif %} +{% if pillar.get('loopback',{}).get('IPv6',None) %} +{% do env_exec.update({'BIND_ADDR6':pillar['loopback']['IPv6']}) %} +{% endif %} +{% if env_exec %} +{% do env_exec.update({'LD_PRELOAD':'/tmp/bind.so'}) %} +{% endif %} + {% macro interface_ip_ospf(iface_name) %} {% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf') %} ospf { @@ -166,7 +177,7 @@ interfaces { {% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}{% if iface_data['mgmt_only'] %} {% elif iface_name == 'lo' %} loopback lo { - description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['connection_status']['value'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}" + description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['device'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}" {% for address in iface_data['addresses'] %} address {{ address['address'] }} {% endfor %} @@ -183,7 +194,7 @@ interfaces { } {% elif iface_data.get('type',{}).get('label','') != 'Virtual' %} ethernet {{ iface_name }} { - description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['connection_status']['value'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}" + description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['device'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}" {% if 'vrf' in salt['pillar.get']('interfaces:'+iface_name,{}) %}vrf {{ salt['pillar.get']('interfaces:'+iface_name+':vrf') }}{% endif %} {% for address in iface_data['addresses'] %} address {{ address['address'] }} @@ -196,6 +207,7 @@ interfaces { speed auto {% if not iface_data['enabled'] %}disable{% endif %} {% if iface_data['lag'] %}bond-group {{ iface_data['lag']['name'] }}{% endif %} + {% if iface_data.get('mtu',None) %}mtu {{ iface_data.get('mtu',1500) }}{% endif %} {% for tagged_vlan in iface_data['tagged_vlans'] %} {% set subiface_data = salt['pillar.get']('netbox:interfaces:%s.%d'%(iface_name,tagged_vlan['vid']),{'description':'','addresses':[],'enabled':False}) %} @@ -206,6 +218,7 @@ interfaces { address {{ address['address'] }} {% endfor %} {% if not subiface_data['enabled'] %}disable{% endif %} + {% if subiface_data.get('mtu',None) or iface_data.get('mtu',None) %}mtu {{ subiface_data.get('mtu',iface_data.get('mtu',1500)) }}{% endif %} {% if salt['pillar.get']('interfaces:'+iface_name+"."+("%d"%tagged_vlan['vid'])+':ip') %} ip { @@ -361,7 +374,7 @@ protocols { {% endfor %} } -{% for vrf_name, vrf_data in pillar['protocols']['vrf'].items() %} +{% for vrf_name, vrf_data in salt['pillar.get']('protocols:vrf',{}).items() %} {% if 'static' in vrf_data %} vrf {{ vrf_name }} { static { @@ -1349,7 +1362,7 @@ policy { {% for prefix_list_name, prefix_data in salt['pillar.get']("policy:prefix-list",{}).items() %} prefix-list {{ prefix_list_name }} { {% if 'bgpq3' in prefix_data %} - {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -A -4 -j ' + prefix_data["bgpq3"]["IPv4"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %} + {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -m 24 -R 24 -A -4 -j ' + prefix_data["bgpq3"]["IPv4"], env=env_exec)|load_json %} {% for prefix in jsonblob.NN %} rule {{ loop.index }} { action permit @@ -1363,7 +1376,7 @@ policy { } {% endfor %} {% elif 'static' in prefix_data %} - {% for prefix in prefix_data['static']['prefixes'] %} + {% for prefix in prefix_data['static']['prefixes'] %}{% if "." in prefix %} rule {{ loop.index }} { {% if prefix.get('description',None) != None %}description '{{ prefix['description'].replace("'","\\'") }}'{% endif %} action permit @@ -1371,7 +1384,7 @@ policy { {% if prefix.get('less-equal',None) != None %}le {{ prefix['less-equal'] }}{% endif %} {% if prefix.get('greater-equal',None) != None %}ge {{ prefix['greater-equal'] }}{% endif %} } - {% endfor %} + {% endif %}{% endfor %} {% endif %} rule 65535 { prefix 0.0.0.0/0 @@ -1384,14 +1397,13 @@ policy { {% for prefix_list_name, prefix_data in peeringdb_prefixlist_4.items() %} prefix-list {{ prefix_list_name }} { {% if prefix_data['as-set'] %} - {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -m 24 -R 24 -A -4 -S ' + prefix_data["sources"] + ' -j ' + prefix_data["as-set"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %} - {#% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -A -4 -j ' + prefix_data["as-set"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %#} + {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -m 24 -R 24 -A -4 -S ' + prefix_data["sources"] + ' -j ' + prefix_data["as-set"], env=env_exec)|load_json %} {% for prefix in jsonblob.NN %} rule {{ loop.index }} { action permit prefix {{ prefix['prefix'] }} {% if prefix.get('less-equal',None) != None %}le {{ prefix['less-equal'] }}{% endif %} - {% if prefix.get('greater-equal',None) != None %}ge {{ prefix['greater-equal'] }}{% endif %} + {#% if prefix.get('greater-equal',None) != None %}ge {{ prefix['greater-equal'] }}{% endif %#} } {% endfor %} {% endif %} @@ -1406,7 +1418,7 @@ policy { {% for prefix_list_name, prefix_data in salt['pillar.get']("policy:prefix-list",{}).items() %} prefix-list6 {{ prefix_list_name }} { {% if 'bgpq3' in prefix_data %} - {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -m 64 -A -6 -j ' + prefix_data["bgpq3"]["IPv6"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %} + {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -m 48 -R 48 -A -6 -j ' + prefix_data["bgpq3"]["IPv6"], env=env_exec)|load_json %} {% for prefix in jsonblob.NN %} rule {{ loop.index }} { action permit @@ -1415,12 +1427,12 @@ policy { le 128 {% else %} {% if prefix.get('less-equal',None) != None %}le {{ prefix['less-equal'] }}{% endif %} - {% if prefix.get('greater-equal',None) != None %}ge {{ prefix['greater-equal'] }}{% endif %} + {#% if prefix.get('greater-equal',None) != None %}ge {{ prefix['greater-equal'] }}{% endif %#} {% endif %} } {% endfor %} {% elif 'static' in prefix_data %} - {% for prefix in prefix_data['static']['prefixes'] %} + {% for prefix in prefix_data['static']['prefixes'] %}{% if ":" in prefix %} {% if prefix.get('description',None) != None %}description '{{ prefix['description'].replace("'","\\'") }}'{% endif %} rule {{ loop.index }} { action permit @@ -1428,7 +1440,7 @@ policy { {% if prefix.get('less-equal',None) != None %}le {{ prefix['less-equal'] }}{% endif %} {% if prefix.get('greater-equal',None) != None %}ge {{ prefix['greater-equal'] }}{% endif %} } - {% endfor %} + {% endif %}{% endfor %} {% endif %} rule 65535 { prefix ::/0 @@ -1441,9 +1453,7 @@ policy { {% for prefix_list_name, prefix_data in peeringdb_prefixlist_6.items() %} prefix-list6 {{ prefix_list_name }} { {% if prefix_data['as-set'] %} - {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -A -6 -S ' + prefix_data["sources"] + ' -j ' + prefix_data["as-set"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %} - {#% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -A -6 -j ' + prefix_data["as-set"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %#} - /* {{ '/tmp/bgpq3 -A -4 -j ' + prefix_data["as-set"] }} */ + {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -m 48 -R 48 -A -6 -S ' + prefix_data["sources"] + ' -j ' + prefix_data["as-set"], env=env_exec)|load_json %} {% for prefix in jsonblob.NN %} rule {{ loop.index }} { action permit @@ -1492,7 +1502,7 @@ service { } ssh { listen-address {{ pillar['service']['ssh']['listen-address'] }} - {% if salt['pillar.get']('service:snmp:vrf') %}vrf {{ salt['pillar.get']('service:snmp:vrf') }}{% endif %} + {% if salt['pillar.get']('service:ssh:vrf') %}vrf {{ salt['pillar.get']('service:ssh:vrf') }}{% endif %} ciphers chacha20-poly1305@openssh.com ciphers aes256-gcm@openssh.com ciphers aes128-gcm@openssh.com @@ -1522,7 +1532,10 @@ system { console { device ttyS0 { - speed 9600 + speed 115200 + } + device ttyS1 { + speed 115200 } }