commit aca03ea12f75f262fb92c8a72eab58dd43805133 Author: Marek Isalski Date: Fri May 10 22:22:55 2019 +0100 let's get started diff --git a/hphr.sls b/hphr.sls new file mode 100644 index 0000000..19305b0 --- /dev/null +++ b/hphr.sls @@ -0,0 +1,4 @@ +/config/config.new: + file.managed: + - template: jinja + - source: salt://vyos.conf.j2 diff --git a/top.sls b/top.sls new file mode 100644 index 0000000..3d7ef0c --- /dev/null +++ b/top.sls @@ -0,0 +1,4 @@ +hphr: + hphr: + - match: nodegroup + - hphr diff --git a/vyos.conf.j2 b/vyos.conf.j2 new file mode 100644 index 0000000..3f81fd7 --- /dev/null +++ b/vyos.conf.j2 @@ -0,0 +1,361 @@ +interfaces { + +{% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %} +{% if iface_data['form_factor']['label'] != 'Virtual' and not iface_data[ 'mgmt_only' ] %} + ethernet {{ iface_name }} { + {% for address in iface_data['addresses'] %} + address {{ address['address'] }} + {% endfor %} + duplex auto + policy { + } + smp-affinity auto + speed auto + } +{% endif %} +{% endfor %} + + ethernet eth0 { + address 10.13.0.56/22 + hw-id ac:1f:6b:94:1f:58 + } + ethernet eth1 { + address 185.1.101.32/24 + address 2001:7f8:bc::4:1495:1/64 + duplex auto + hw-id ac:1f:6b:94:1f:59 + ipv6 { + ospfv3 { + passive + } + } + smp-affinity auto + speed auto + } + ethernet eth2 { + duplex auto + hw-id 3c:fd:fe:d0:20:20 + smp-affinity auto + speed auto + } + ethernet eth3 { + address 46.227.200.106/26 + address 2a01:9e00:a217:0d00::46.227.200.106/64 + duplex auto + hw-id 3c:fd:fe:d0:20:21 + ip { + ospf { + cost 1 + dead-interval 40 + hello-interval 10 + network broadcast + priority 1 + retransmit-interval 5 + transmit-delay 1 + } + } + ipv6 { + dup-addr-detect-transmits 1 + ospfv3 { + cost 40 + dead-interval 40 + hello-interval 10 + instance-id 0 + priority 1 + retransmit-interval 5 + transmit-delay 1 + } + } + smp-affinity auto + speed auto + } + ethernet eth4 { + duplex auto + hw-id 3c:fd:fe:d0:20:22 + smp-affinity auto + speed auto + } + ethernet eth5 { + duplex auto + hw-id 3c:fd:fe:d0:20:23 + smp-affinity auto + speed auto + } + loopback lo { + address 46.227.204.1/32 + address 2a01:9e00:1234::1/128 + } +} +policy { + prefix-list TEST-EQUINIXIX-OUT { + rule 1 { + action permit + prefix 46.227.204.0/24 + } + rule 2 { + action deny + le 32 + prefix 0.0.0.0/0 + } + } + prefix-list6 TEST-EQUINIXIX-OUT { + rule 1 { + action permit + prefix 2a01:9e00:1234::/48 + } + rule 2 { + action deny + le 128 + prefix ::/0 + } + } +} +protocols { + bgp 41495 { + address-family { + ipv4-unicast { + redistribute { + static { + } + } + } + ipv6-unicast { + redistribute { + static { + } + } + } + } + neighbor 185.1.101.28 { + address-family { + ipv4-unicast { + prefix-list { + export TEST-EQUINIXIX-OUT + } + soft-reconfiguration { + inbound + } + } + } + remote-as 6939 + } + neighbor 185.1.101.250 { + address-family { + ipv4-unicast { + prefix-list { + export TEST-EQUINIXIX-OUT + } + soft-reconfiguration { + inbound + } + } + ipv6-unicast { + soft-reconfiguration { + inbound + } + } + } + remote-as 65517 + } + neighbor 185.1.101.251 { + address-family { + ipv4-unicast { + prefix-list { + export TEST-EQUINIXIX-OUT + } + soft-reconfiguration { + inbound + } + } + } + remote-as 24115 + } + neighbor 185.1.101.252 { + address-family { + ipv4-unicast { + prefix-list { + export TEST-EQUINIXIX-OUT + } + soft-reconfiguration { + inbound + } + } + } + remote-as 24115 + } + neighbor 2001:7f8:bc::2:4115:1 { + address-family { + ipv6-unicast { + prefix-list { + export TEST-EQUINIXIX-OUT + } + soft-reconfiguration { + inbound + } + } + } + remote-as 24115 + } + neighbor 2001:7f8:bc::2:4115:2 { + address-family { + ipv6-unicast { + prefix-list { + export TEST-EQUINIXIX-OUT + } + soft-reconfiguration { + inbound + } + } + } + remote-as 24115 + } + neighbor 2001:7f8:bc::6:5517:1 { + address-family { + ipv6-unicast { + prefix-list { + export TEST-EQUINIXIX-OUT + } + soft-reconfiguration { + inbound + } + } + } + remote-as 65517 + } + neighbor 2001:7f8:bc::6939:1 { + address-family { + ipv6-unicast { + prefix-list { + export TEST-EQUINIXIX-OUT + } + soft-reconfiguration { + inbound + } + } + } + remote-as 6939 + } + parameters { + router-id 46.227.201.1 + } + } + ospf { + area 0.0.0.0 { + network 46.227.200.64/26 + } + area 185.1.101.0 { + network 185.1.101.0/24 + } + parameters { + abr-type cisco + router-id 46.227.201.1 + } + passive-interface eth1 + } + ospfv3 { + area 0.0.0.0 { + interface eth3 + range 2a01:9e00:a217:0d00::/64 { + } + } + area 185.1.101.0 { + interface eth1 + range 2001:7f8:bc::/64 { + } + } + parameters { + router-id 46.227.201.1 + } + } + static { + route 10.0.0.0/8 { + next-hop 10.13.0.1 { + } + } + route 46.227.204.0/24 { + blackhole { + } + } + route6 2a01:9e00:1234::/48 { + blackhole { + } + } + } +} +service { + lldp { + interface al { + } + interface all { + } + management-address 10.13.0.56 + } + salt-minion { + id {{ grains['fqdn'] }} + master hphr.salt.faelix.net + } + snmp { + community public { + } + trap-source 10.13.0.56 + trap-target 10.13.1.111 { + } + } + ssh { + listen-address 10.13.0.56 + } +} +system { + config-management { + commit-revisions 100 + } + console { + device ttyS0 { + speed 9600 + } + } + host-name {{ grains['fqdn'] }} + ip { + multipath { + layer4-hashing + } + } + ipv6 { + multipath { + layer4-hashing + } + } +login { + user vyos { + authentication { + encrypted-password $6$fXZ3cwEft1XFJTH$twZmVheX0PEi21KqQfv/zvKhuXVc1UwVVXI3Y7KCXYk0osil3QmJqmAYgNQyNqGUROydxp7R6yiPe4N06QnBH1 + plaintext-password "" + } + level admin + } +} +{% for nameserver in pillar['nameservers'] %} + name-server {{ nameserver }} +{% endfor %} + ntp { +{% for ntp_server, ntp_data in pillar['ntp'].items() %} + server {{ ntp_server }} { + } +{% endfor %} + } + syslog { + global { + facility all { + level info + } + facility protocols { + level debug + } + } + } + time-zone UTC +} + +/* Warning: Do not remove the following line. */ +/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@3:ssh@1:system@11:vrrp@2:vyos-accel-ppp@1:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */ +/* Release version: 1.2.0-rolling+201904240337 */