@ -1,331 +1,337 @@
interfaces { /* -=-=-=-=-=-=-=-=-=-=-=-=-=- INTERFACES -=-=-=-=-=-=-=-=-=-=-=-=-=- */
{% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}
{% macro interface_ip_ospf(iface_name) %}
{% if iface_data['form_factor']['label'] != 'Virtual' and not iface_data[ 'mgmt_only' ] %}
{% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf') %}
ethernet {{ iface_name }} {
ospf {
{% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:cost',None) != None %}cost {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:cost') }}{% endif %}
{% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:passive') %}
{% else %}
network {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:network') }}
dead-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:dead-interval',40) }}
hello-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:hello-interval',10) }}
priority {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:priority',1) }}
retransmit-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:retransmit-interval',5) }}
transmit-delay {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:transmit-delay',1) }}
{% endif %}
}
{% endif %}
{% endmacro %}
{% macro interface_ipv6_ospfv3(iface_name) %}
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3') %}
ospfv3 {
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:cost',None) != None %}cost {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:cost') }}{% endif %}
instance-id {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:instance-id',0) }}
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:passive') %}
passive
{% else %}
dead-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:dead-interval',40) }}
hello-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:hello-interval',10) }}
priority {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:priority',1) }}
retransmit-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:retransmit-interval',5) }}
transmit-delay {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:transmit-delay',1) }}
{% endif %}
}
{% endif %}
{% endmacro %}
interfaces {
{% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}{% if iface_data['mgmt_only'] %}
{% elif iface_name == 'lo' %}
loopback lo {
description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['connection_status']['value'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}"
{% for address in iface_data['addresses'] %}
{% for address in iface_data['addresses'] %}
address {{ address['address'] }}
address {{ address['address'] }}
{% endfor %}
{% endfor %}
duplex auto
{% if salt['pillar.get']('interfaces:'+iface_name+':ip') %}
policy {
ip {
}
{{ interface_ip_ospf(iface_name) }}
smp-affinity auto
speed auto
}
{% endif %}
{% endfor %}
ethernet eth0 {
address 10.13.0.56/22
hw-id ac:1f:6b:94:1f:58
}
}
ethernet eth1 {
{% endif %}
address 185.1.101.32/24
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6') %}
address 2001:7f8:bc::4:1495:1/64
duplex auto
hw-id ac:1f:6b:94:1f:59
ipv6 {
ipv6 {
ospfv3 {
{{ interface_ipv6_ospfv3(iface_name) }}
passive
}
}
}
smp-affinity auto
{% endif %}
speed auto
}
}
ethernet eth2 {
{% elif iface_data['form_factor']['label'] != 'Virtual' %}
ethernet {{ iface_name }} {
description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['connection_status']['value'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}"
{% for address in iface_data['addresses'] %}
address {{ address['address'] }}
{% endfor %}
{% if iface_data['mac_address'] %}hw-id {{ iface_data['mac_address'].lower() }}{% endif %}
duplex auto
duplex auto
hw-id 3c:fd:fe:d0:20:20
policy {
}
smp-affinity auto
smp-affinity auto
speed auto
speed auto
{% if not iface_data['enabled'] %}disable{% endif %}
{% if iface_data['lag'] %}bond-group {{ iface_data['lag']['name'] }}{% endif %}
{% for subiface_name, subiface_data in pillar['netbox']['interfaces'].items() %}{% if subiface_data['form_factor']['label'] == 'Virtual' and subiface_name.startswith( iface_name + "." ) %}
vif {{ subiface_name.split( "." )[ 1 ] }} {
description "{{ subiface_data['description'].replace('"','\\"') or "-" }}"
{% for address in subiface_data['addresses'] %}
address {{ address['address'] }}
{% endfor %}
{% if not subiface_data['enabled'] %}disable{% endif %}
}
}
ethernet eth3 {
{% endif %}{% endfor %}
address 46.227.200.106/26
address 2a01:9e00:a217:0d00::46.227.200.106/64
{% if salt['pillar.get']('interfaces:'+iface_name+':ip') %}
duplex auto
hw-id 3c:fd:fe:d0:20:21
ip {
ip {
ospf {
{{ interface_ip_ospf(iface_name) }}
cost 1
dead-interval 40
hello-interval 10
network broadcast
priority 1
retransmit-interval 5
transmit-delay 1
}
}
}
{% endif %}
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6') %}
ipv6 {
ipv6 {
dup-addr-detect-transmits 1
dup-addr-detect-transmits 1
ospfv3 {
{{ interface_ipv6_ospfv3(iface_name) }}
cost 40
dead-interval 40
hello-interval 10
instance-id 0
priority 1
retransmit-interval 5
transmit-delay 1
}
}
smp-affinity auto
speed auto
}
ethernet eth4 {
duplex auto
hw-id 3c:fd:fe:d0:20:22
smp-affinity auto
speed auto
}
ethernet eth5 {
duplex auto
hw-id 3c:fd:fe:d0:20:23
smp-affinity auto
speed auto
}
}
loopback lo {
{% endif %}
address 46.227.204.1/32
address 2a01:9e00:1234::1/128
}
}
{% endif %}{% endfor %}
}
}
policy {
prefix-list TEST-EQUINIXIX-OUT { /* -=-=-=-=-=-=-=-=-=-=-=-=-=- PROTOCOLS -=-=-=-=-=-=-=-=-=-=-=-=-=- */
rule 1 {
action permit protocols {
prefix 46.227.204.0/24
}
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- OSPF -=-=-=-=-=-=-=-=-=-=-=-=-=- */
rule 2 {
action deny
ospf {
le 32
parameters {
prefix 0.0.0.0/0
router-id {{ salt['pillar.get']('protocols:ospf:parameters:router-id') }}
}
abr-type {{ salt['pillar.get']('protocols:ospf:parameters:abr-type','cisco') }}
}
}
prefix-list6 TEST-EQUINIXIX-OUT {
rule 1 {
{% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}{% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:passive') %}
action permit
passive-interface {{ iface_name }}
prefix 2a01:9e00:1234::/48
{% endif %}{% endfor %}
{% for area_name, area_data in pillar['protocols']['ospf']['area'].items() %}
area {{ area_name }} {
{% for network in area_data['networks'] %}
network {{ network }}
{% endfor %}
}
}
rule 2 {
{% endfor %}
action deny
le 128
prefix ::/0
}
}
ospfv3 {
parameters {
router-id {{ salt['pillar.get']('protocols:ospfv3:parameters:router-id') }}
}
}
}
protocols {
{% for area_name, area_data in pillar['protocols']['ospfv3']['area'].items() %}
bgp 41495 {
area {{ area_name }} {
address-family {
{% for range in area_data.get('range',[]) %}
ipv4-unicast {
range {{ range }} {
redistribute {
static {
}
}
{% endfor %}
{% for interface in area_data.get('interface',[]) %}
interface {{ interface }}
{% endfor %}
}
}
{% endfor %}
}
}
ipv6-unicast {
redistribute {
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- STATIC -=-=-=-=-=-=-=-=-=-=-=-=-=- */
static {
static {
{% for route_name, route_data in pillar['protocols']['static']['route'].items() %}
route {{ route_name }} {
{% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %}
next-hop {{ nexthop }} {
}
}
{% endfor %}
{% if route_data.get('blackhole',None) %}
blackhole {
distance {{ route_data['blackhole'].get('distance',254) }}
}
}
{% endif %}
}
}
{% endfor %}
{% for route_name, route_data in pillar['protocols']['static']['route6'].items() %}
route6 {{ route_name }} {
{% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %}
next-hop {{ nexthop }} {
}
}
neighbor 185.1.101.28 {
{% endfor %}
address-family {
{% if route_data.get('blackhole',None) %}
ipv4-unicast {
blackhole {
prefix-list {
distance {{ route_data['blackhole'].get('distance',254) }}
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
{% endif %}
}
}
{% endfor %}
}
}
remote-as 6939
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- BGP -=-=-=-=-=-=-=-=-=-=-=-=-=- */
{% for bgp_as, as_data in salt['pillar.get']('protocols:bgp',{}).items() %}
bgp {{ bgp_as }} {
parameters {
router-id {{ as_data['parameters']['router-id'] }}
}
}
neighbor 185.1.101.250 {
{% if as_data.get('address-family',None) %}
address-family {
address-family {
{% if as_data['address-family'].get('ipv4-unicast',None) %}
ipv4-unicast {
ipv4-unicast {
prefix-list {
redistribute {
export TEST-EQUINIXIX-OUT
{% for redistribute in as_data['address-family']['ipv4-unicast'].get('redistribute',[]) %}
}
{{ redistribute }} {}
soft-reconfiguration {
{% endfor %}
inbound
}
}
}
}
{% endif %}
{% if as_data['address-family'].get('ipv6-unicast',None) %}
ipv6-unicast {
ipv6-unicast {
soft-reconfiguration {
redistribute {
inbound
{% for redistribute in as_data['address-family']['ipv6-unicast'].get('redistribute',[]) %}
}
{{ redistribute }} {}
}
{% endfor %}
}
remote-as 65517
}
neighbor 185.1.101.251 {
address-family {
ipv4-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
}
}
remote-as 24115
{% endif %}
}
}
neighbor 185.1.101.252 {
{% endif %}
{% for neighbor, neighbor_data in as_data.get('neighbor',{}).items() %}
neighbor {{ neighbor }} {
remote-as {{ neighbor_data['remote-as'] }}
{% if 'address-family' in neighbor_data %}
address-family {
address-family {
{% if 'ipv4-unicast' in neighbor_data['address-family'] %}
ipv4-unicast {
ipv4-unicast {
{% if 'prefix-list' in neighbor_data['address-family']['ipv4-unicast'] %}
prefix-list {
prefix-list {
export TEST-EQUINIXIX-OUT
{% if 'export' in neighbor_data['address-family']['ipv4-unicast']['prefix-list'] %}export {{ neighbor_data['address-family']['ipv4-unicast']['prefix-list']['export'] }}{% endif %}
}
{% if 'import' in neighbor_data['address-family']['ipv4-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv4-unicast']['prefix-list']['import'] }}{% endif %}
soft-reconfiguration {
inbound
}
}
}
remote-as 24115
}
neighbor 2001:7f8:bc::2:4115:1 {
address-family {
ipv6-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
}
{% endif %}
{% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv4-unicast'] %}
soft-reconfiguration {
soft-reconfiguration {
inbound
{% for softreconf in neighbor_data['address-family']['ipv4-unicast']['soft-reconfiguration'] %}
}
{{ softreconf }}
}
{% endfor %}
}
remote-as 24115
}
neighbor 2001:7f8:bc::2:4115:2 {
address-family {
ipv6-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 24115
}
neighbor 2001:7f8:bc::6:5517:1 {
address-family {
ipv6-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
}
remote-as 65517
{% endif %}
}
}
neighbor 2001:7f8:bc::6939:1 {
{% endif %}
address-family {
{% if 'ipv6-unicast' in neighbor_data['address-family'] %}
ipv6-unicast {
ipv6-unicast {
{% if 'prefix-list' in neighbor_data['address-family']['ipv6-unicast'] %}
prefix-list {
prefix-list {
export TEST-EQUINIXIX-OUT
{% if 'export' in neighbor_data['address-family']['ipv6-unicast']['prefix-list'] %}export {{ neighbor_data['address-family']['ipv6-unicast']['prefix-list']['export'] }}{% endif %}
{% if 'import' in neighbor_data['address-family']['ipv6-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv6-unicast']['prefix-list']['import'] }}{% endif %}
}
}
{% endif %}
{% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv6-unicast'] %}
soft-reconfiguration {
soft-reconfiguration {
inbound
{% for softreconf in neighbor_data['address-family']['ipv6-unicast']['soft-reconfiguration'] %}
}
{{ softreconf }}
}
{% endfor %}
}
remote-as 6939
}
parameters {
router-id 46.227.201.1
}
}
ospf {
area 0.0.0.0 {
network 46.227.200.64/26
}
area 185.1.101.0 {
network 185.1.101.0/24
}
parameters {
abr-type cisco
router-id 46.227.201.1
}
passive-interface eth1
}
ospfv3 {
area 0.0.0.0 {
interface eth3
range 2a01:9e00:a217:0d00::/64 {
}
}
area 185.1.101.0 {
interface eth1
range 2001:7f8:bc::/64 {
}
}
{% endif %}
}
}
parameters {
{% endif %}
router-id 46.227.201.1
}
}
{% endif %}
}
}
static {
{% endfor %}
route 10.0.0.0/8 {
next-hop 10.13.0.1 {
}
}
{% endfor %}
}
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- POLICY -=-=-=-=-=-=-=-=-=-=-=-=-=- */
policy {
prefix-list TEST-EQUINIXIX-OUT {
rule 1 {
action permit
prefix 46.227.204.0/24
}
}
route 46.227.204.0/24 {
rule 2 {
blackhole {
action deny
le 32
prefix 0.0.0.0/0
}
}
}
}
route6 2a01:9e00:1234::/48 {
prefix-list6 TEST-EQUINIXIX-OUT {
blackhole {
rule 1 {
action permit
prefix 2a01:9e00:1234::/48
}
}
rule 2 {
action deny
le 128
prefix ::/0
}
}
}
}
}
}
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- SERVICE -=-=-=-=-=-=-=-=-=-=-=-=-=- */
service {
service {
lldp {
lldp {
interface al {
{% for iface_name, iface_data in salt['pillar.get']('service:lldp:interface',{}).items() %}
interface {{ iface_name }} {
}
}
interface all {
{% endfor %}
}
management-address {{ pillar['service']['lldp']['management-address'] }}
management-address 10.13.0.56
}
}
salt-minion {
salt-minion {
id {{ grains['fqdn'] }}
id {{ grains['fqdn'] }}
master hphr.salt.faelix.net
master {{ pillar['service']['salt-minion']['master'] }}
}
}
snmp {
snmp {
community public {
{% for cty_name, cty_data in salt['pillar.get']('service:snmp:community',{}).items() %}
community {{ cty_name }} {
}
}
trap-source 10.13.0.56
{% endfor %}
trap-target 10.13.1.111 {
trap-source {{ pillar['service']['snmp']['trap-source'] }}
{% for trap_target, trap_data in salt['pillar.get']('service:snmp:trap-target',{}).items() %}
trap-target {{ trap_target }} {
}
}
{% endfor %}
}
}
ssh {
ssh {
listen-address 10.13.0.56
listen-address {{ pillar['service']['ssh']['listen-address'] }}
}
}
}
}
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- SYSTEM -=-=-=-=-=-=-=-=-=-=-=-=-=- */
system {
system {
config-management {
config-management {
commit-revisions 100
commit-revisions 100
}
}
console {
console {
device ttyS0 {
device ttyS0 {
speed 9600
speed 9600
}
}
}
}
host-name {{ grains['fqdn'] }}
host-name {{ grains['fqdn'] }}
ip {
ip {
multipath {
multipath {
layer4-hashing
layer4-hashing
}
}
}
}
ipv6 {
ipv6 {
multipath {
multipath {
layer4-hashing
layer4-hashing
}
}
}
}
login {
login {
user vyos {
user vyos {
authentication {
authentication {
encrypted-password $6$fXZ3cwEft1XFJTH$twZmVheX0PEi21KqQfv/zvKhuXVc1UwVVXI3Y7KCXYk0osil3QmJqmAYgNQyNqGUROydxp7R6yiPe4N06QnBH1
encrypted-password $6$fXZ3cwEft1XFJTH$twZmVheX0PEi21KqQfv/zvKhuXVc1UwVVXI3Y7KCXYk0osil3QmJqmAYgNQyNqGUROydxp7R6yiPe4N06QnBH1
@ -333,16 +339,19 @@ login {
}
}
level admin
level admin
}
}
}
}
{% for nameserver in pillar['nameservers'] %}
{% for nameserver in pillar['nameservers'] %}
name-server {{ nameserver }}
name-server {{ nameserver }}
{% endfor %}
{% endfor %}
ntp {
ntp {
{% for ntp_server, ntp_data in pillar['ntp'].items() %}
{% for ntp_server, ntp_data in pillar['ntp'].items() %}
server {{ ntp_server }} {
server {{ ntp_server }} {
}
}
{% endfor %}
{% endfor %}
}
}
syslog {
syslog {
global {
global {
facility all {
facility all {
@ -353,6 +362,7 @@ login {
}
}
}
}
}
}
time-zone UTC
time-zone UTC
}
}
