FAELIX
/
hphr
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

deploying a very basic template config

Browse Source
master
Marek Isalski 6 years ago
parent aca03ea12f
commit 9cb533f71d
3 changed files with 269 additions and 243 deletions
Show Stats Download Patch File Download Diff File

8
hphr.sls
Unescape Escape View File

@ -2,3 +2,11 @@
file.managed: file.managed:
- template: jinja - template: jinja
- source: salt://vyos.conf.j2 - source: salt://vyos.conf.j2
configure:
cmd.script:
- source: salt://load-configure-compare-commit.sh
- shell: /bin/vbash
- runas: minion
- require:
- file: /config/config.new

8
load-configure-compare-commit.sh
Unescape Escape View File

@ -0,0 +1,8 @@
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template
configure
load /config/config.new
compare
commit
save
exit

496
vyos.conf.j2
Unescape Escape View File

@ -1,348 +1,357 @@
interfaces { /* -=-=-=-=-=-=-=-=-=-=-=-=-=- INTERFACES -=-=-=-=-=-=-=-=-=-=-=-=-=- */
{% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %} {% macro interface_ip_ospf(iface_name) %}
{% if iface_data['form_factor']['label'] != 'Virtual' and not iface_data[ 'mgmt_only' ] %} {% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf') %}
ethernet {{ iface_name }} { ospf {
{% for address in iface_data['addresses'] %} {% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:cost',None) != None %}cost {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:cost') }}{% endif %}
address {{ address['address'] }} {% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:passive') %}
{% endfor %} {% else %}
duplex auto network {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:network') }}
policy { dead-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:dead-interval',40) }}
} hello-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:hello-interval',10) }}
smp-affinity auto priority {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:priority',1) }}
speed auto retransmit-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:retransmit-interval',5) }}
} transmit-delay {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:transmit-delay',1) }}
{% endif %} {% endif %}
{% endfor %} }
{% endif %}
{% endmacro %}
ethernet eth0 { {% macro interface_ipv6_ospfv3(iface_name) %}
address 10.13.0.56/22 {% if salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3') %}
hw-id ac:1f:6b:94:1f:58
}
ethernet eth1 {
address 185.1.101.32/24
address 2001:7f8:bc::4:1495:1/64
duplex auto
hw-id ac:1f:6b:94:1f:59
ipv6 {
ospfv3 { ospfv3 {
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:cost',None) != None %}cost {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:cost') }}{% endif %}
instance-id {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:instance-id',0) }}
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:passive') %}
passive passive
{% else %}
dead-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:dead-interval',40) }}
hello-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:hello-interval',10) }}
priority {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:priority',1) }}
retransmit-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:retransmit-interval',5) }}
transmit-delay {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:transmit-delay',1) }}
{% endif %}
} }
{% endif %}
{% endmacro %}
interfaces {
{% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}{% if iface_data['mgmt_only'] %}
{% elif iface_name == 'lo' %}
loopback lo {
description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['connection_status']['value'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}"
{% for address in iface_data['addresses'] %}
address {{ address['address'] }}
{% endfor %}
{% if salt['pillar.get']('interfaces:'+iface_name+':ip') %}
ip {
{{ interface_ip_ospf(iface_name) }}
} }
smp-affinity auto {% endif %}
speed auto {% if salt['pillar.get']('interfaces:'+iface_name+':ipv6') %}
ipv6 {
{{ interface_ipv6_ospfv3(iface_name) }}
}
{% endif %}
} }
ethernet eth2 { {% elif iface_data['form_factor']['label'] != 'Virtual' %}
ethernet {{ iface_name }} {
description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['connection_status']['value'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}"
{% for address in iface_data['addresses'] %}
address {{ address['address'] }}
{% endfor %}
{% if iface_data['mac_address'] %}hw-id {{ iface_data['mac_address'].lower() }}{% endif %}
duplex auto duplex auto
hw-id 3c:fd:fe:d0:20:20 policy {
}
smp-affinity auto smp-affinity auto
speed auto speed auto
} {% if not iface_data['enabled'] %}disable{% endif %}
ethernet eth3 { {% if iface_data['lag'] %}bond-group {{ iface_data['lag']['name'] }}{% endif %}
address 46.227.200.106/26
address 2a01:9e00:a217:0d00::46.227.200.106/64 {% for subiface_name, subiface_data in pillar['netbox']['interfaces'].items() %}{% if subiface_data['form_factor']['label'] == 'Virtual' and subiface_name.startswith( iface_name + "." ) %}
duplex auto vif {{ subiface_name.split( "." )[ 1 ] }} {
hw-id 3c:fd:fe:d0:20:21 description "{{ subiface_data['description'].replace('"','\\"') or "-" }}"
{% for address in subiface_data['addresses'] %}
address {{ address['address'] }}
{% endfor %}
{% if not subiface_data['enabled'] %}disable{% endif %}
}
{% endif %}{% endfor %}
{% if salt['pillar.get']('interfaces:'+iface_name+':ip') %}
ip { ip {
ospf { {{ interface_ip_ospf(iface_name) }}
cost 1
dead-interval 40
hello-interval 10
network broadcast
priority 1
retransmit-interval 5
transmit-delay 1
}
} }
{% endif %}
{% if salt['pillar.get']('interfaces:'+iface_name+':ipv6') %}
ipv6 { ipv6 {
dup-addr-detect-transmits 1 dup-addr-detect-transmits 1
ospfv3 { {{ interface_ipv6_ospfv3(iface_name) }}
cost 40
dead-interval 40
hello-interval 10
instance-id 0
priority 1
retransmit-interval 5
transmit-delay 1
}
} }
smp-affinity auto {% endif %}
speed auto
}
ethernet eth4 {
duplex auto
hw-id 3c:fd:fe:d0:20:22
smp-affinity auto
speed auto
}
ethernet eth5 {
duplex auto
hw-id 3c:fd:fe:d0:20:23
smp-affinity auto
speed auto
}
loopback lo {
address 46.227.204.1/32
address 2a01:9e00:1234::1/128
} }
{% endif %}{% endfor %}
} }
policy {
prefix-list TEST-EQUINIXIX-OUT { /* -=-=-=-=-=-=-=-=-=-=-=-=-=- PROTOCOLS -=-=-=-=-=-=-=-=-=-=-=-=-=- */
rule 1 {
action permit protocols {
prefix 46.227.204.0/24
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- OSPF -=-=-=-=-=-=-=-=-=-=-=-=-=- */
ospf {
parameters {
router-id {{ salt['pillar.get']('protocols:ospf:parameters:router-id') }}
abr-type {{ salt['pillar.get']('protocols:ospf:parameters:abr-type','cisco') }}
} }
rule 2 {
action deny {% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}{% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:passive') %}
le 32 passive-interface {{ iface_name }}
prefix 0.0.0.0/0 {% endif %}{% endfor %}
{% for area_name, area_data in pillar['protocols']['ospf']['area'].items() %}
area {{ area_name }} {
{% for network in area_data['networks'] %}
network {{ network }}
{% endfor %}
} }
{% endfor %}
} }
prefix-list6 TEST-EQUINIXIX-OUT {
rule 1 { ospfv3 {
action permit parameters {
prefix 2a01:9e00:1234::/48 router-id {{ salt['pillar.get']('protocols:ospfv3:parameters:router-id') }}
} }
rule 2 {
action deny {% for area_name, area_data in pillar['protocols']['ospfv3']['area'].items() %}
le 128 area {{ area_name }} {
prefix ::/0 {% for range in area_data.get('range',[]) %}
range {{ range }} {
}
{% endfor %}
{% for interface in area_data.get('interface',[]) %}
interface {{ interface }}
{% endfor %}
} }
{% endfor %}
} }
}
protocols { /* -=-=-=-=-=-=-=-=-=-=-=-=-=- STATIC -=-=-=-=-=-=-=-=-=-=-=-=-=- */
bgp 41495 {
address-family { static {
ipv4-unicast { {% for route_name, route_data in pillar['protocols']['static']['route'].items() %}
redistribute { route {{ route_name }} {
static { {% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %}
} next-hop {{ nexthop }} {
}
}
ipv6-unicast {
redistribute {
static {
}
}
} }
} {% endfor %}
neighbor 185.1.101.28 { {% if route_data.get('blackhole',None) %}
address-family { blackhole {
ipv4-unicast { distance {{ route_data['blackhole'].get('distance',254) }}
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
} }
remote-as 6939 {% endif %}
} }
neighbor 185.1.101.250 { {% endfor %}
address-family { {% for route_name, route_data in pillar['protocols']['static']['route6'].items() %}
ipv4-unicast { route6 {{ route_name }} {
prefix-list { {% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %}
export TEST-EQUINIXIX-OUT next-hop {{ nexthop }} {
}
soft-reconfiguration {
inbound
}
}
ipv6-unicast {
soft-reconfiguration {
inbound
}
}
} }
remote-as 65517 {% endfor %}
} {% if route_data.get('blackhole',None) %}
neighbor 185.1.101.251 { blackhole {
address-family { distance {{ route_data['blackhole'].get('distance',254) }}
ipv4-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
} }
remote-as 24115 {% endif %}
} }
neighbor 185.1.101.252 { {% endfor %}
address-family { }
ipv4-unicast {
prefix-list { /* -=-=-=-=-=-=-=-=-=-=-=-=-=- BGP -=-=-=-=-=-=-=-=-=-=-=-=-=- */
export TEST-EQUINIXIX-OUT
} {% for bgp_as, as_data in salt['pillar.get']('protocols:bgp',{}).items() %}
soft-reconfiguration { bgp {{ bgp_as }} {
inbound parameters {
} router-id {{ as_data['parameters']['router-id'] }}
}
}
remote-as 24115
} }
neighbor 2001:7f8:bc::2:4115:1 { {% if as_data.get('address-family',None) %}
address-family { address-family {
ipv6-unicast { {% if as_data['address-family'].get('ipv4-unicast',None) %}
prefix-list { ipv4-unicast {
export TEST-EQUINIXIX-OUT redistribute {
} {% for redistribute in as_data['address-family']['ipv4-unicast'].get('redistribute',[]) %}
soft-reconfiguration { {{ redistribute }} {}
inbound {% endfor %}
}
} }
} }
remote-as 24115 {% endif %}
} {% if as_data['address-family'].get('ipv6-unicast',None) %}
neighbor 2001:7f8:bc::2:4115:2 { ipv6-unicast {
address-family { redistribute {
ipv6-unicast { {% for redistribute in as_data['address-family']['ipv6-unicast'].get('redistribute',[]) %}
prefix-list { {{ redistribute }} {}
export TEST-EQUINIXIX-OUT {% endfor %}
}
soft-reconfiguration {
inbound
}
} }
} }
remote-as 24115 {% endif %}
} }
neighbor 2001:7f8:bc::6:5517:1 { {% endif %}
{% for neighbor, neighbor_data in as_data.get('neighbor',{}).items() %}
neighbor {{ neighbor }} {
remote-as {{ neighbor_data['remote-as'] }}
{% if 'address-family' in neighbor_data %}
address-family { address-family {
ipv6-unicast { {% if 'ipv4-unicast' in neighbor_data['address-family'] %}
ipv4-unicast {
{% if 'prefix-list' in neighbor_data['address-family']['ipv4-unicast'] %}
prefix-list { prefix-list {
export TEST-EQUINIXIX-OUT {% if 'export' in neighbor_data['address-family']['ipv4-unicast']['prefix-list'] %}export {{ neighbor_data['address-family']['ipv4-unicast']['prefix-list']['export'] }}{% endif %}
{% if 'import' in neighbor_data['address-family']['ipv4-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv4-unicast']['prefix-list']['import'] }}{% endif %}
} }
{% endif %}
{% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv4-unicast'] %}
soft-reconfiguration { soft-reconfiguration {
inbound {% for softreconf in neighbor_data['address-family']['ipv4-unicast']['soft-reconfiguration'] %}
{{ softreconf }}
{% endfor %}
} }
{% endif %}
} }
} {% endif %}
remote-as 65517 {% if 'ipv6-unicast' in neighbor_data['address-family'] %}
}
neighbor 2001:7f8:bc::6939:1 {
address-family {
ipv6-unicast { ipv6-unicast {
{% if 'prefix-list' in neighbor_data['address-family']['ipv6-unicast'] %}
prefix-list { prefix-list {
export TEST-EQUINIXIX-OUT {% if 'export' in neighbor_data['address-family']['ipv6-unicast']['prefix-list'] %}export {{ neighbor_data['address-family']['ipv6-unicast']['prefix-list']['export'] }}{% endif %}
{% if 'import' in neighbor_data['address-family']['ipv6-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv6-unicast']['prefix-list']['import'] }}{% endif %}
} }
{% endif %}
{% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv6-unicast'] %}
soft-reconfiguration { soft-reconfiguration {
inbound {% for softreconf in neighbor_data['address-family']['ipv6-unicast']['soft-reconfiguration'] %}
{{ softreconf }}
{% endfor %}
} }
{% endif %}
} }
{% endif %}
} }
remote-as 6939 {% endif %}
}
parameters {
router-id 46.227.201.1
}
}
ospf {
area 0.0.0.0 {
network 46.227.200.64/26
}
area 185.1.101.0 {
network 185.1.101.0/24
}
parameters {
abr-type cisco
router-id 46.227.201.1
} }
passive-interface eth1 {% endfor %}
} }
ospfv3 { {% endfor %}
area 0.0.0.0 { }
interface eth3
range 2a01:9e00:a217:0d00::/64 { /* -=-=-=-=-=-=-=-=-=-=-=-=-=- POLICY -=-=-=-=-=-=-=-=-=-=-=-=-=- */
}
} policy {
area 185.1.101.0 { prefix-list TEST-EQUINIXIX-OUT {
interface eth1 rule 1 {
range 2001:7f8:bc::/64 { action permit
} prefix 46.227.204.0/24
} }
parameters { rule 2 {
router-id 46.227.201.1 action deny
le 32
prefix 0.0.0.0/0
} }
} }
static { prefix-list6 TEST-EQUINIXIX-OUT {
route 10.0.0.0/8 { rule 1 {
next-hop 10.13.0.1 { action permit
} prefix 2a01:9e00:1234::/48
}
route 46.227.204.0/24 {
blackhole {
}
} }
route6 2a01:9e00:1234::/48 { rule 2 {
blackhole { action deny
} le 128
prefix ::/0
} }
} }
} }
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- SERVICE -=-=-=-=-=-=-=-=-=-=-=-=-=- */
service { service {
lldp { lldp {
interface al { {% for iface_name, iface_data in salt['pillar.get']('service:lldp:interface',{}).items() %}
interface {{ iface_name }} {
} }
interface all { {% endfor %}
} management-address {{ pillar['service']['lldp']['management-address'] }}
management-address 10.13.0.56
} }
salt-minion { salt-minion {
id {{ grains['fqdn'] }} id {{ grains['fqdn'] }}
master hphr.salt.faelix.net master {{ pillar['service']['salt-minion']['master'] }}
} }
snmp { snmp {
community public { {% for cty_name, cty_data in salt['pillar.get']('service:snmp:community',{}).items() %}
community {{ cty_name }} {
} }
trap-source 10.13.0.56 {% endfor %}
trap-target 10.13.1.111 { trap-source {{ pillar['service']['snmp']['trap-source'] }}
{% for trap_target, trap_data in salt['pillar.get']('service:snmp:trap-target',{}).items() %}
trap-target {{ trap_target }} {
} }
{% endfor %}
} }
ssh { ssh {
listen-address 10.13.0.56 listen-address {{ pillar['service']['ssh']['listen-address'] }}
} }
} }
/* -=-=-=-=-=-=-=-=-=-=-=-=-=- SYSTEM -=-=-=-=-=-=-=-=-=-=-=-=-=- */
system { system {
config-management { config-management {
commit-revisions 100 commit-revisions 100
} }
console { console {
device ttyS0 { device ttyS0 {
speed 9600 speed 9600
} }
} }
host-name {{ grains['fqdn'] }} host-name {{ grains['fqdn'] }}
ip { ip {
multipath { multipath {
layer4-hashing layer4-hashing
} }
} }
ipv6 { ipv6 {
multipath { multipath {
layer4-hashing layer4-hashing
} }
} }
login {
user vyos { login {
authentication { user vyos {
encrypted-password $6$fXZ3cwEft1XFJTH$twZmVheX0PEi21KqQfv/zvKhuXVc1UwVVXI3Y7KCXYk0osil3QmJqmAYgNQyNqGUROydxp7R6yiPe4N06QnBH1 authentication {
plaintext-password "" encrypted-password $6$fXZ3cwEft1XFJTH$twZmVheX0PEi21KqQfv/zvKhuXVc1UwVVXI3Y7KCXYk0osil3QmJqmAYgNQyNqGUROydxp7R6yiPe4N06QnBH1
plaintext-password ""
}
level admin
} }
level admin
} }
}
{% for nameserver in pillar['nameservers'] %} {% for nameserver in pillar['nameservers'] %}
name-server {{ nameserver }} name-server {{ nameserver }}
{% endfor %} {% endfor %}
ntp { ntp {
{% for ntp_server, ntp_data in pillar['ntp'].items() %} {% for ntp_server, ntp_data in pillar['ntp'].items() %}
server {{ ntp_server }} { server {{ ntp_server }} {
} }
{% endfor %} {% endfor %}
} }
syslog { syslog {
global { global {
facility all { facility all {
@ -353,6 +362,7 @@ login {
} }
} }
} }
time-zone UTC time-zone UTC
} }

Write Preview
Loading…
Cancel
Save