FAELIX/hphr
FAELIX/hphr
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

deploying a very basic template config

Browse Source
This commit is contained in:
Marek Isalski 2019-05-11 23:09:41 +01:00
parent aca03ea12f
commit 9cb533f71d
3 changed files with 285 additions and 259 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hphr.sls
View File

@ -2,3 +2,11 @@
file.managed: file.managed:
- template: jinja - template: jinja
- source: salt://vyos.conf.j2 - source: salt://vyos.conf.j2
configure:
cmd.script:
- source: salt://load-configure-compare-commit.sh
- shell: /bin/vbash
- runas: minion
- require:
- file: /config/config.new

8
load-configure-compare-commit.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template
configure
load /config/config.new
compare
commit
save
exit

528
vyos.conf.j2
View File

@ -1,91 +1,254 @@
interfaces { /* -=-=-=-=-=-=-=-=-=-=-=-=-=- INTERFACES -=-=-=-=-=-=-=-=-=-=-=-=-=- */
{% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %} {% macro interface_ip_ospf(iface_name) %}
{% if iface_data['form_factor']['label'] != 'Virtual' and not iface_data[ 'mgmt_only' ] %} {% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf') %}
ethernet {{ iface_name }} { ospf {
{% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:cost',None) != None %}cost {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:cost') }}{% endif %}
{% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:passive') %}
{% else %}
network {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:network') }}
dead-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:dead-interval',40) }}
hello-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:hello-interval',10) }}
priority {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:priority',1) }}
retransmit-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:retransmit-interval',5) }}
transmit-delay {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:transmit-delay',1) }}
{% endif %}
}
{% endif %}
{% endmacro %}
{% macro interface_ipv6_ospfv3(iface_name) %}
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3') %}
ospfv3 {
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:cost',None) != None %}cost {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:cost') }}{% endif %}
instance-id {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:instance-id',0) }}
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:passive') %}
passive
{% else %}
dead-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:dead-interval',40) }}
hello-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:hello-interval',10) }}
priority {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:priority',1) }}
retransmit-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:retransmit-interval',5) }}
transmit-delay {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:transmit-delay',1) }}
{% endif %}
}
{% endif %}
{% endmacro %}
interfaces {
{% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}{% if iface_data['mgmt_only'] %}
{% elif iface_name == 'lo' %}
loopback lo {
description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['connection_status']['value'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}"
{% for address in iface_data['addresses'] %} {% for address in iface_data['addresses'] %}
address {{ address['address'] }} address {{ address['address'] }}
{% endfor %}
{% if salt['pillar.get']('interfaces:'+iface_name+':ip') %}
ip {
{{ interface_ip_ospf(iface_name) }}
}
{% endif %}
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6') %}
ipv6 {
{{ interface_ipv6_ospfv3(iface_name) }}
}
{% endif %}
}
{% elif iface_data['form_factor']['label'] != 'Virtual' %}
ethernet {{ iface_name }} {
description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['connection_status']['value'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}"
{% for address in iface_data['addresses'] %}
address {{ address['address'] }}
{% endfor %} {% endfor %}
{% if iface_data['mac_address'] %}hw-id {{ iface_data['mac_address'].lower() }}{% endif %}
duplex auto duplex auto
policy { policy {
} }
smp-affinity auto smp-affinity auto
speed auto speed auto
} {% if not iface_data['enabled'] %}disable{% endif %}
{% endif %} {% if iface_data['lag'] %}bond-group {{ iface_data['lag']['name'] }}{% endif %}
{% endfor %}
ethernet eth0 { {% for subiface_name, subiface_data in pillar['netbox']['interfaces'].items() %}{% if subiface_data['form_factor']['label'] == 'Virtual' and subiface_name.startswith( iface_name + "." ) %}
address 10.13.0.56/22 vif {{ subiface_name.split( "." )[ 1 ] }} {
hw-id ac:1f:6b:94:1f:58 description "{{ subiface_data['description'].replace('"','\\"') or "-" }}"
} {% for address in subiface_data['addresses'] %}
ethernet eth1 { address {{ address['address'] }}
address 185.1.101.32/24 {% endfor %}
address 2001:7f8:bc::4:1495:1/64 {% if not subiface_data['enabled'] %}disable{% endif %}
duplex auto
hw-id ac:1f:6b:94:1f:59
ipv6 {
ospfv3 {
passive
}
} }
smp-affinity auto {% endif %}{% endfor %}
speed auto
} {% if salt['pillar.get']('interfaces:'+iface_name+':ip') %}
ethernet eth2 {
duplex auto
hw-id 3c:fd:fe:d0:20:20
smp-affinity auto
speed auto
}
ethernet eth3 {
address 46.227.200.106/26
address 2a01:9e00:a217:0d00::46.227.200.106/64
duplex auto
hw-id 3c:fd:fe:d0:20:21
ip { ip {
ospf { {{ interface_ip_ospf(iface_name) }}
cost 1
dead-interval 40
hello-interval 10
network broadcast
priority 1
retransmit-interval 5
transmit-delay 1
}
} }
{% endif %}
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6') %}
ipv6 { ipv6 {
dup-addr-detect-transmits 1 dup-addr-detect-transmits 1
ospfv3 { {{ interface_ipv6_ospfv3(iface_name) }}
cost 40
dead-interval 40
hello-interval 10
instance-id 0
priority 1
retransmit-interval 5
transmit-delay 1
}
} }
smp-affinity auto {% endif %}
speed auto
}
ethernet eth4 {
duplex auto
hw-id 3c:fd:fe:d0:20:22
smp-affinity auto
speed auto
}
ethernet eth5 {
duplex auto
hw-id 3c:fd:fe:d0:20:23
smp-affinity auto
speed auto
}
loopback lo {
address 46.227.204.1/32
address 2a01:9e00:1234::1/128
} }
{% endif %}{% endfor %}
} }
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- PROTOCOLS -=-=-=-=-=-=-=-=-=-=-=-=-=- */
protocols {
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- OSPF -=-=-=-=-=-=-=-=-=-=-=-=-=- */
ospf {
parameters {
router-id {{ salt['pillar.get']('protocols:ospf:parameters:router-id') }}
abr-type {{ salt['pillar.get']('protocols:ospf:parameters:abr-type','cisco') }}
}
{% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}{% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:passive') %}
passive-interface {{ iface_name }}
{% endif %}{% endfor %}
{% for area_name, area_data in pillar['protocols']['ospf']['area'].items() %}
area {{ area_name }} {
{% for network in area_data['networks'] %}
network {{ network }}
{% endfor %}
}
{% endfor %}
}
ospfv3 {
parameters {
router-id {{ salt['pillar.get']('protocols:ospfv3:parameters:router-id') }}
}
{% for area_name, area_data in pillar['protocols']['ospfv3']['area'].items() %}
area {{ area_name }} {
{% for range in area_data.get('range',[]) %}
range {{ range }} {
}
{% endfor %}
{% for interface in area_data.get('interface',[]) %}
interface {{ interface }}
{% endfor %}
}
{% endfor %}
}
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- STATIC -=-=-=-=-=-=-=-=-=-=-=-=-=- */
static {
{% for route_name, route_data in pillar['protocols']['static']['route'].items() %}
route {{ route_name }} {
{% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %}
next-hop {{ nexthop }} {
}
{% endfor %}
{% if route_data.get('blackhole',None) %}
blackhole {
distance {{ route_data['blackhole'].get('distance',254) }}
}
{% endif %}
}
{% endfor %}
{% for route_name, route_data in pillar['protocols']['static']['route6'].items() %}
route6 {{ route_name }} {
{% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %}
next-hop {{ nexthop }} {
}
{% endfor %}
{% if route_data.get('blackhole',None) %}
blackhole {
distance {{ route_data['blackhole'].get('distance',254) }}
}
{% endif %}
}
{% endfor %}
}
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- BGP -=-=-=-=-=-=-=-=-=-=-=-=-=- */
{% for bgp_as, as_data in salt['pillar.get']('protocols:bgp',{}).items() %}
bgp {{ bgp_as }} {
parameters {
router-id {{ as_data['parameters']['router-id'] }}
}
{% if as_data.get('address-family',None) %}
address-family {
{% if as_data['address-family'].get('ipv4-unicast',None) %}
ipv4-unicast {
redistribute {
{% for redistribute in as_data['address-family']['ipv4-unicast'].get('redistribute',[]) %}
{{ redistribute }} {}
{% endfor %}
}
}
{% endif %}
{% if as_data['address-family'].get('ipv6-unicast',None) %}
ipv6-unicast {
redistribute {
{% for redistribute in as_data['address-family']['ipv6-unicast'].get('redistribute',[]) %}
{{ redistribute }} {}
{% endfor %}
}
}
{% endif %}
}
{% endif %}
{% for neighbor, neighbor_data in as_data.get('neighbor',{}).items() %}
neighbor {{ neighbor }} {
remote-as {{ neighbor_data['remote-as'] }}
{% if 'address-family' in neighbor_data %}
address-family {
{% if 'ipv4-unicast' in neighbor_data['address-family'] %}
ipv4-unicast {
{% if 'prefix-list' in neighbor_data['address-family']['ipv4-unicast'] %}
prefix-list {
{% if 'export' in neighbor_data['address-family']['ipv4-unicast']['prefix-list'] %}export {{ neighbor_data['address-family']['ipv4-unicast']['prefix-list']['export'] }}{% endif %}
{% if 'import' in neighbor_data['address-family']['ipv4-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv4-unicast']['prefix-list']['import'] }}{% endif %}
}
{% endif %}
{% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv4-unicast'] %}
soft-reconfiguration {
{% for softreconf in neighbor_data['address-family']['ipv4-unicast']['soft-reconfiguration'] %}
{{ softreconf }}
{% endfor %}
}
{% endif %}
}
{% endif %}
{% if 'ipv6-unicast' in neighbor_data['address-family'] %}
ipv6-unicast {
{% if 'prefix-list' in neighbor_data['address-family']['ipv6-unicast'] %}
prefix-list {
{% if 'export' in neighbor_data['address-family']['ipv6-unicast']['prefix-list'] %}export {{ neighbor_data['address-family']['ipv6-unicast']['prefix-list']['export'] }}{% endif %}
{% if 'import' in neighbor_data['address-family']['ipv6-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv6-unicast']['prefix-list']['import'] }}{% endif %}
}
{% endif %}
{% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv6-unicast'] %}
soft-reconfiguration {
{% for softreconf in neighbor_data['address-family']['ipv6-unicast']['soft-reconfiguration'] %}
{{ softreconf }}
{% endfor %}
}
{% endif %}
}
{% endif %}
}
{% endif %}
}
{% endfor %}
}
{% endfor %}
}
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- POLICY -=-=-=-=-=-=-=-=-=-=-=-=-=- */
policy { policy {
prefix-list TEST-EQUINIXIX-OUT { prefix-list TEST-EQUINIXIX-OUT {
rule 1 { rule 1 {
@ -110,239 +273,85 @@ policy {
} }
} }
} }
protocols {
bgp 41495 { /* -=-=-=-=-=-=-=-=-=-=-=-=-=- SERVICE -=-=-=-=-=-=-=-=-=-=-=-=-=- */
address-family {
ipv4-unicast {
redistribute {
static {
}
}
}
ipv6-unicast {
redistribute {
static {
}
}
}
}
neighbor 185.1.101.28 {
address-family {
ipv4-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 6939
}
neighbor 185.1.101.250 {
address-family {
ipv4-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
ipv6-unicast {
soft-reconfiguration {
inbound
}
}
}
remote-as 65517
}
neighbor 185.1.101.251 {
address-family {
ipv4-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 24115
}
neighbor 185.1.101.252 {
address-family {
ipv4-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 24115
}
neighbor 2001:7f8:bc::2:4115:1 {
address-family {
ipv6-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 24115
}
neighbor 2001:7f8:bc::2:4115:2 {
address-family {
ipv6-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 24115
}
neighbor 2001:7f8:bc::6:5517:1 {
address-family {
ipv6-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 65517
}
neighbor 2001:7f8:bc::6939:1 {
address-family {
ipv6-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 6939
}
parameters {
router-id 46.227.201.1
}
}
ospf {
area 0.0.0.0 {
network 46.227.200.64/26
}
area 185.1.101.0 {
network 185.1.101.0/24
}
parameters {
abr-type cisco
router-id 46.227.201.1
}
passive-interface eth1
}
ospfv3 {
area 0.0.0.0 {
interface eth3
range 2a01:9e00:a217:0d00::/64 {
}
}
area 185.1.101.0 {
interface eth1
range 2001:7f8:bc::/64 {
}
}
parameters {
router-id 46.227.201.1
}
}
static {
route 10.0.0.0/8 {
next-hop 10.13.0.1 {
}
}
route 46.227.204.0/24 {
blackhole {
}
}
route6 2a01:9e00:1234::/48 {
blackhole {
}
}
}
}
service { service {
lldp { lldp {
interface al { {% for iface_name, iface_data in salt['pillar.get']('service:lldp:interface',{}).items() %}
interface {{ iface_name }} {
} }
interface all { {% endfor %}
} management-address {{ pillar['service']['lldp']['management-address'] }}
management-address 10.13.0.56
} }
salt-minion { salt-minion {
id {{ grains['fqdn'] }} id {{ grains['fqdn'] }}
master hphr.salt.faelix.net master {{ pillar['service']['salt-minion']['master'] }}
} }
snmp { snmp {
community public { {% for cty_name, cty_data in salt['pillar.get']('service:snmp:community',{}).items() %}
community {{ cty_name }} {
} }
trap-source 10.13.0.56 {% endfor %}
trap-target 10.13.1.111 { trap-source {{ pillar['service']['snmp']['trap-source'] }}
{% for trap_target, trap_data in salt['pillar.get']('service:snmp:trap-target',{}).items() %}
trap-target {{ trap_target }} {
} }
{% endfor %}
} }
ssh { ssh {
listen-address 10.13.0.56 listen-address {{ pillar['service']['ssh']['listen-address'] }}
} }
} }
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- SYSTEM -=-=-=-=-=-=-=-=-=-=-=-=-=- */
system { system {
config-management { config-management {
commit-revisions 100 commit-revisions 100
} }
console { console {
device ttyS0 { device ttyS0 {
speed 9600 speed 9600
} }
} }
host-name {{ grains['fqdn'] }} host-name {{ grains['fqdn'] }}
ip { ip {
multipath { multipath {
layer4-hashing layer4-hashing
} }
} }
ipv6 { ipv6 {
multipath { multipath {
layer4-hashing layer4-hashing
} }
} }
login {
user vyos { login {
authentication { user vyos {
encrypted-password $6$fXZ3cwEft1XFJTH$twZmVheX0PEi21KqQfv/zvKhuXVc1UwVVXI3Y7KCXYk0osil3QmJqmAYgNQyNqGUROydxp7R6yiPe4N06QnBH1 authentication {
plaintext-password "" encrypted-password $6$fXZ3cwEft1XFJTH$twZmVheX0PEi21KqQfv/zvKhuXVc1UwVVXI3Y7KCXYk0osil3QmJqmAYgNQyNqGUROydxp7R6yiPe4N06QnBH1
plaintext-password ""
}
level admin
} }
level admin
} }
}
{% for nameserver in pillar['nameservers'] %} {% for nameserver in pillar['nameservers'] %}
name-server {{ nameserver }} name-server {{ nameserver }}
{% endfor %} {% endfor %}
ntp { ntp {
{% for ntp_server, ntp_data in pillar['ntp'].items() %} {% for ntp_server, ntp_data in pillar['ntp'].items() %}
server {{ ntp_server }} { server {{ ntp_server }} {
} }
{% endfor %} {% endfor %}
} }
syslog { syslog {
global { global {
facility all { facility all {
@ -353,6 +362,7 @@ login {
} }
} }
} }
time-zone UTC time-zone UTC
} }