FAELIX
/
hphr
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

let's get started

Browse Source
master
Marek Isalski 6 years ago
commit aca03ea12f
3 changed files with 369 additions and 0 deletions
Show Stats Download Patch File Download Diff File

4
hphr.sls
Unescape Escape View File

@ -0,0 +1,4 @@
/config/config.new:
file.managed:
- template: jinja
- source: salt://vyos.conf.j2

4
top.sls
Unescape Escape View File

@ -0,0 +1,4 @@
hphr:
hphr:
- match: nodegroup
- hphr

361
vyos.conf.j2
Unescape Escape View File

@ -0,0 +1,361 @@
interfaces {
{% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}
{% if iface_data['form_factor']['label'] != 'Virtual' and not iface_data[ 'mgmt_only' ] %}
ethernet {{ iface_name }} {
{% for address in iface_data['addresses'] %}
address {{ address['address'] }}
{% endfor %}
duplex auto
policy {
}
smp-affinity auto
speed auto
}
{% endif %}
{% endfor %}
ethernet eth0 {
address 10.13.0.56/22
hw-id ac:1f:6b:94:1f:58
}
ethernet eth1 {
address 185.1.101.32/24
address 2001:7f8:bc::4:1495:1/64
duplex auto
hw-id ac:1f:6b:94:1f:59
ipv6 {
ospfv3 {
passive
}
}
smp-affinity auto
speed auto
}
ethernet eth2 {
duplex auto
hw-id 3c:fd:fe:d0:20:20
smp-affinity auto
speed auto
}
ethernet eth3 {
address 46.227.200.106/26
address 2a01:9e00:a217:0d00::46.227.200.106/64
duplex auto
hw-id 3c:fd:fe:d0:20:21
ip {
ospf {
cost 1
dead-interval 40
hello-interval 10
network broadcast
priority 1
retransmit-interval 5
transmit-delay 1
}
}
ipv6 {
dup-addr-detect-transmits 1
ospfv3 {
cost 40
dead-interval 40
hello-interval 10
instance-id 0
priority 1
retransmit-interval 5
transmit-delay 1
}
}
smp-affinity auto
speed auto
}
ethernet eth4 {
duplex auto
hw-id 3c:fd:fe:d0:20:22
smp-affinity auto
speed auto
}
ethernet eth5 {
duplex auto
hw-id 3c:fd:fe:d0:20:23
smp-affinity auto
speed auto
}
loopback lo {
address 46.227.204.1/32
address 2a01:9e00:1234::1/128
}
}
policy {
prefix-list TEST-EQUINIXIX-OUT {
rule 1 {
action permit
prefix 46.227.204.0/24
}
rule 2 {
action deny
le 32
prefix 0.0.0.0/0
}
}
prefix-list6 TEST-EQUINIXIX-OUT {
rule 1 {
action permit
prefix 2a01:9e00:1234::/48
}
rule 2 {
action deny
le 128
prefix ::/0
}
}
}
protocols {
bgp 41495 {
address-family {
ipv4-unicast {
redistribute {
static {
}
}
}
ipv6-unicast {
redistribute {
static {
}
}
}
}
neighbor 185.1.101.28 {
address-family {
ipv4-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 6939
}
neighbor 185.1.101.250 {
address-family {
ipv4-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
ipv6-unicast {
soft-reconfiguration {
inbound
}
}
}
remote-as 65517
}
neighbor 185.1.101.251 {
address-family {
ipv4-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 24115
}
neighbor 185.1.101.252 {
address-family {
ipv4-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 24115
}
neighbor 2001:7f8:bc::2:4115:1 {
address-family {
ipv6-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 24115
}
neighbor 2001:7f8:bc::2:4115:2 {
address-family {
ipv6-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 24115
}
neighbor 2001:7f8:bc::6:5517:1 {
address-family {
ipv6-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 65517
}
neighbor 2001:7f8:bc::6939:1 {
address-family {
ipv6-unicast {
prefix-list {
export TEST-EQUINIXIX-OUT
}
soft-reconfiguration {
inbound
}
}
}
remote-as 6939
}
parameters {
router-id 46.227.201.1
}
}
ospf {
area 0.0.0.0 {
network 46.227.200.64/26
}
area 185.1.101.0 {
network 185.1.101.0/24
}
parameters {
abr-type cisco
router-id 46.227.201.1
}
passive-interface eth1
}
ospfv3 {
area 0.0.0.0 {
interface eth3
range 2a01:9e00:a217:0d00::/64 {
}
}
area 185.1.101.0 {
interface eth1
range 2001:7f8:bc::/64 {
}
}
parameters {
router-id 46.227.201.1
}
}
static {
route 10.0.0.0/8 {
next-hop 10.13.0.1 {
}
}
route 46.227.204.0/24 {
blackhole {
}
}
route6 2a01:9e00:1234::/48 {
blackhole {
}
}
}
}
service {
lldp {
interface al {
}
interface all {
}
management-address 10.13.0.56
}
salt-minion {
id {{ grains['fqdn'] }}
master hphr.salt.faelix.net
}
snmp {
community public {
}
trap-source 10.13.0.56
trap-target 10.13.1.111 {
}
}
ssh {
listen-address 10.13.0.56
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 9600
}
}
host-name {{ grains['fqdn'] }}
ip {
multipath {
layer4-hashing
}
}
ipv6 {
multipath {
layer4-hashing
}
}
login {
user vyos {
authentication {
encrypted-password $6$fXZ3cwEft1XFJTH$twZmVheX0PEi21KqQfv/zvKhuXVc1UwVVXI3Y7KCXYk0osil3QmJqmAYgNQyNqGUROydxp7R6yiPe4N06QnBH1
plaintext-password ""
}
level admin
}
}
{% for nameserver in pillar['nameservers'] %}
name-server {{ nameserver }}
{% endfor %}
ntp {
{% for ntp_server, ntp_data in pillar['ntp'].items() %}
server {{ ntp_server }} {
}
{% endfor %}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@3:ssh@1:system@11:vrrp@2:vyos-accel-ppp@1:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
/* Release version: 1.2.0-rolling+201904240337 */
Write Preview
Loading…
Cancel
Save