/* -=-=-=-=-=-=-=-=-=-=-=-=-=- INTERFACES -=-=-=-=-=-=-=-=-=-=-=-=-=- */ {% macro interface_ip_ospf(iface_name) %} {% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf') %} ospf { {% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:cost',None) != None %}cost {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:cost') }}{% endif %} {% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:passive') %} {% else %} network {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:network') }} dead-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:dead-interval',40) }} hello-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:hello-interval',10) }} priority {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:priority',1) }} retransmit-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:retransmit-interval',5) }} transmit-delay {{ salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:transmit-delay',1) }} {% endif %} } {% endif %} {% endmacro %} {% macro interface_ipv6_ospfv3(iface_name) %} {% if salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3') %} ospfv3 { {% if salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:cost',None) != None %}cost {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:cost') }}{% endif %} instance-id {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:instance-id',0) }} {% if salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:passive') %} passive {% else %} dead-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:dead-interval',40) }} hello-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:hello-interval',10) }} priority {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:priority',1) }} retransmit-interval {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:retransmit-interval',5) }} transmit-delay {{ salt['pillar.get']('interfaces:'+iface_name+':ipv6:ospfv3:transmit-delay',1) }} {% endif %} } {% endif %} {% endmacro %} interfaces { {% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}{% if iface_data['mgmt_only'] %} {% elif iface_name == 'lo' %} loopback lo { description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['connection_status']['value'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}" {% for address in iface_data['addresses'] %} address {{ address['address'] }} {% endfor %} {% if salt['pillar.get']('interfaces:'+iface_name+':ip') %} ip { {{ interface_ip_ospf(iface_name) }} } {% endif %} {% if salt['pillar.get']('interfaces:'+iface_name+':ipv6') %} ipv6 { {{ interface_ipv6_ospfv3(iface_name) }} } {% endif %} } {% elif iface_data['form_factor']['label'] != 'Virtual' %} ethernet {{ iface_name }} { description "{{ iface_data['description'].replace('"','\\"') or "-" }}{% if iface_data['connected_endpoint'] and iface_data['connected_endpoint']['connection_status']['value'] %} ({% if iface_data['connected_endpoint']['device'] %}{{ iface_data['connected_endpoint']['name'] }} @ {{ iface_data['connected_endpoint']['device']['display_name'] }}{% endif %}){% endif %}" {% for address in iface_data['addresses'] %} address {{ address['address'] }} {% endfor %} {% if iface_data['mac_address'] %}hw-id {{ iface_data['mac_address'].lower() }}{% endif %} duplex auto policy { } smp-affinity auto speed auto {% if not iface_data['enabled'] %}disable{% endif %} {% if iface_data['lag'] %}bond-group {{ iface_data['lag']['name'] }}{% endif %} {% for subiface_name, subiface_data in pillar['netbox']['interfaces'].items() %}{% if subiface_data['form_factor']['label'] == 'Virtual' and subiface_name.startswith( iface_name + "." ) %} vif {{ subiface_name.split( "." )[ 1 ] }} { description "{{ subiface_data['description'].replace('"','\\"') or "-" }}" {% for address in subiface_data['addresses'] %} address {{ address['address'] }} {% endfor %} {% if not subiface_data['enabled'] %}disable{% endif %} } {% endif %}{% endfor %} {% if salt['pillar.get']('interfaces:'+iface_name+':ip') %} ip { {{ interface_ip_ospf(iface_name) }} } {% endif %} {% if salt['pillar.get']('interfaces:'+iface_name+':ipv6') %} ipv6 { dup-addr-detect-transmits 1 {{ interface_ipv6_ospfv3(iface_name) }} } {% endif %} } {% endif %}{% endfor %} } /* -=-=-=-=-=-=-=-=-=-=-=-=-=- PROTOCOLS -=-=-=-=-=-=-=-=-=-=-=-=-=- */ protocols { /* -=-=-=-=-=-=-=-=-=-=-=-=-=- OSPF -=-=-=-=-=-=-=-=-=-=-=-=-=- */ ospf { parameters { router-id {{ salt['pillar.get']('protocols:ospf:parameters:router-id') }} abr-type {{ salt['pillar.get']('protocols:ospf:parameters:abr-type','cisco') }} } {% for iface_name, iface_data in pillar['netbox']['interfaces'].items() %}{% if salt['pillar.get']('interfaces:'+iface_name+':ip:ospf:passive') %} passive-interface {{ iface_name }} {% endif %}{% endfor %} {% for area_name, area_data in pillar['protocols']['ospf']['area'].items() %} area {{ area_name }} { {% for network in area_data['networks'] %} network {{ network }} {% endfor %} } {% endfor %} } ospfv3 { parameters { router-id {{ salt['pillar.get']('protocols:ospfv3:parameters:router-id') }} } {% for area_name, area_data in pillar['protocols']['ospfv3']['area'].items() %} area {{ area_name }} { {% for range in area_data.get('range',[]) %} range {{ range }} { } {% endfor %} {% for interface in area_data.get('interface',[]) %} interface {{ interface }} {% endfor %} } {% endfor %} } /* -=-=-=-=-=-=-=-=-=-=-=-=-=- STATIC -=-=-=-=-=-=-=-=-=-=-=-=-=- */ static { {% for route_name, route_data in pillar['protocols']['static']['route'].items() %} route {{ route_name }} { {% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %} next-hop {{ nexthop }} { } {% endfor %} {% if route_data.get('blackhole',None) %} blackhole { distance {{ route_data['blackhole'].get('distance',254) }} } {% endif %} } {% endfor %} {% for route_name, route_data in pillar['protocols']['static']['route6'].items() %} route6 {{ route_name }} { {% for nexthop, nexthop_data in route_data.get('next-hop',{}).items() %} next-hop {{ nexthop }} { } {% endfor %} {% if route_data.get('blackhole',None) %} blackhole { distance {{ route_data['blackhole'].get('distance',254) }} } {% endif %} } {% endfor %} } /* -=-=-=-=-=-=-=-=-=-=-=-=-=- BGP -=-=-=-=-=-=-=-=-=-=-=-=-=- */ {% for bgp_as, as_data in salt['pillar.get']('protocols:bgp',{}).items() %} bgp {{ bgp_as }} { parameters { router-id {{ as_data['parameters']['router-id'] }} } {% if as_data.get('address-family',None) %} address-family { {% if as_data['address-family'].get('ipv4-unicast',None) %} ipv4-unicast { redistribute { {% for redistribute in as_data['address-family']['ipv4-unicast'].get('redistribute',[]) %} {{ redistribute }} {} {% endfor %} } } {% endif %} {% if as_data['address-family'].get('ipv6-unicast',None) %} ipv6-unicast { redistribute { {% for redistribute in as_data['address-family']['ipv6-unicast'].get('redistribute',[]) %} {{ redistribute }} {} {% endfor %} } } {% endif %} } {% endif %} {% for neighbor, neighbor_data in as_data.get('neighbor',{}).items() %} neighbor {{ neighbor }} { remote-as {{ neighbor_data['remote-as'] }} {% if 'address-family' in neighbor_data %} address-family { {% if 'ipv4-unicast' in neighbor_data['address-family'] %} ipv4-unicast { {% if 'prefix-list' in neighbor_data['address-family']['ipv4-unicast'] %} prefix-list { {% if 'export' in neighbor_data['address-family']['ipv4-unicast']['prefix-list'] %}export {{ neighbor_data['address-family']['ipv4-unicast']['prefix-list']['export'] }}{% endif %} {% if 'import' in neighbor_data['address-family']['ipv4-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv4-unicast']['prefix-list']['import'] }}{% endif %} } {% endif %} {% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv4-unicast'] %} soft-reconfiguration { {% for softreconf in neighbor_data['address-family']['ipv4-unicast']['soft-reconfiguration'] %} {{ softreconf }} {% endfor %} } {% endif %} } {% endif %} {% if 'ipv6-unicast' in neighbor_data['address-family'] %} ipv6-unicast { {% if 'prefix-list' in neighbor_data['address-family']['ipv6-unicast'] %} prefix-list { {% if 'export' in neighbor_data['address-family']['ipv6-unicast']['prefix-list'] %}export {{ neighbor_data['address-family']['ipv6-unicast']['prefix-list']['export'] }}{% endif %} {% if 'import' in neighbor_data['address-family']['ipv6-unicast']['prefix-list'] %}import {{ neighbor_data['address-family']['ipv6-unicast']['prefix-list']['import'] }}{% endif %} } {% endif %} {% if 'soft-reconfiguration' in neighbor_data['address-family']['ipv6-unicast'] %} soft-reconfiguration { {% for softreconf in neighbor_data['address-family']['ipv6-unicast']['soft-reconfiguration'] %} {{ softreconf }} {% endfor %} } {% endif %} } {% endif %} } {% endif %} } {% endfor %} } {% endfor %} } /* -=-=-=-=-=-=-=-=-=-=-=-=-=- POLICY -=-=-=-=-=-=-=-=-=-=-=-=-=- */ policy { prefix-list TEST-EQUINIXIX-OUT { rule 1 { action permit prefix 46.227.204.0/24 } rule 2 { action deny le 32 prefix 0.0.0.0/0 } } prefix-list6 TEST-EQUINIXIX-OUT { rule 1 { action permit prefix 2a01:9e00:1234::/48 } rule 2 { action deny le 128 prefix ::/0 } } } /* -=-=-=-=-=-=-=-=-=-=-=-=-=- SERVICE -=-=-=-=-=-=-=-=-=-=-=-=-=- */ service { lldp { {% for iface_name, iface_data in salt['pillar.get']('service:lldp:interface',{}).items() %} interface {{ iface_name }} { } {% endfor %} management-address {{ pillar['service']['lldp']['management-address'] }} } salt-minion { id {{ grains['fqdn'] }} master {{ pillar['service']['salt-minion']['master'] }} } snmp { {% for cty_name, cty_data in salt['pillar.get']('service:snmp:community',{}).items() %} community {{ cty_name }} { } {% endfor %} trap-source {{ pillar['service']['snmp']['trap-source'] }} {% for trap_target, trap_data in salt['pillar.get']('service:snmp:trap-target',{}).items() %} trap-target {{ trap_target }} { } {% endfor %} } ssh { listen-address {{ pillar['service']['ssh']['listen-address'] }} } } /* -=-=-=-=-=-=-=-=-=-=-=-=-=- SYSTEM -=-=-=-=-=-=-=-=-=-=-=-=-=- */ system { config-management { commit-revisions 100 } console { device ttyS0 { speed 9600 } } host-name {{ grains['fqdn'] }} ip { multipath { layer4-hashing } } ipv6 { multipath { layer4-hashing } } login { user vyos { authentication { encrypted-password $6$fXZ3cwEft1XFJTH$twZmVheX0PEi21KqQfv/zvKhuXVc1UwVVXI3Y7KCXYk0osil3QmJqmAYgNQyNqGUROydxp7R6yiPe4N06QnBH1 plaintext-password "" } level admin } } {% for nameserver in pillar['nameservers'] %} name-server {{ nameserver }} {% endfor %} ntp { {% for ntp_server, ntp_data in pillar['ntp'].items() %} server {{ ntp_server }} { } {% endfor %} } syslog { global { facility all { level info } facility protocols { level debug } } } time-zone UTC } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@3:ssh@1:system@11:vrrp@2:vyos-accel-ppp@1:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */ /* Release version: 1.2.0-rolling+201904240337 */