[bird] PEPED

2021-05-19 14:29:36 +02:00 · 2021-05-19 14:29:36 +02:00 · 03a0dbfdca
parent 068d2b6759
commit 03a0dbfdca
6 changed files with 72 additions and 20 deletions
--- a/group_vars/bird.yml
+++ b/group_vars/bird.yml
@ -0,0 +1,19 @@
+---
+glob_bird:
+  bgp:
+    as: 204515
+    remote_as: 8218
+    ipv4:
+      router_id: 158.255.113.73
+      bind_address: 158.255.113.73
+      network:
+        - 185.230.76.0/22
+      neighbor: 158.255.113.72
+    ipv6:
+      router_id: 185.230.79.62
+      bind_address: 2001:1b48:2:103::bb:2
+      network:
+        - 2a0c:700::/36
+        - 2a0c:700:3000::/36
+      neighbor: 2001:1b48:2:103::bb:1
+
--- a/plays/bird.yml
+++ b/plays/bird.yml
@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: bird
+  vars:
+    bird: '{{ glob_bird | default({}) | combine(loc_bird | default({})) }}'
+  roles:
+    - bird
--- a/roles/bird/handlers/main.yml
+++ b/roles/bird/handlers/main.yml
@ -0,0 +1,20 @@
+---
+- name: check bird status
+  service_facts:
+  listen: 'reload bird'
+
+- name: reload bird
+  systemd:
+    name: bird
+    state: reloaded
+  when: not ansible_check_mode and ansible_facts.services['bird']['state'] == 'running'
+
+- name: check bird6 status
+  service_facts:
+  listen: 'reload bird6'
+
+- name: reload bird6
+  systemd:
+    name: bird6
+    state: reloaded
+  when: not ansible_check_mode and ansible_facts.services['bird6']['state'] == 'running'
--- a/roles/bird/tasks/main.yml
+++ b/roles/bird/tasks/main.yml
@ -15,6 +15,7 @@
    mode: 0640
    owner: bird
    group: bird
+  notify: reload bird

 - name: Deploy bird6 configuration
  template:
@ -23,3 +24,4 @@
    mode: 0640
    owner: bird
    group: bird
+  notify: reload bird6
--- a/roles/bird/templates/bird/bird.conf.j2
+++ b/roles/bird/templates/bird/bird.conf.j2
@ -9,9 +9,9 @@

 # Change this into your BIRD router ID. It's a world-wide unique identification
 # of your router, usually one of router's IPv4 addresses.
-router id {{ bgp.ipv4.router_id }};
+router id {{ bird.bgp.ipv4.router_id }};

-listen bgp address {{ bgp.ipv4.bind_address }} port 179;
+listen bgp address {{ bird.bgp.ipv4.bind_address }} port 179;

 # The Kernel protocol is not a real routing protocol. Instead of communicating
 # with other routers in the network, it performs synchronization of BIRD's
@ -20,7 +20,10 @@ protocol kernel {
 	persist;
 	scan time 60;
 	import none;
-	export all;   # Actually insert routes into the kernel routing table
+	export filter {
+		if ( net ~ [ {{ bird.bgp.ipv4.network | join(', ') }} ] ) then reject;
+		accept;
+	};
 }

 # The Device protocol is not a real routing protocol. It doesn't generate any
@ -31,15 +34,14 @@ protocol device {
 }

 protocol static {
-	route {{ bgp.ipv4.network }} reject;
+{% for ip in bird.bgp.ipv4.network %}
+	route {{ ip }} reject;
+{% endfor %}
 }

 protocol bgp zayo {
-	local as {{ bgp.as }};
-	neighbor {{ bgp.ipv4.neighbor }} as {{ bgp.remote_as }};
+	local as {{ bird.bgp.as }};
+	neighbor {{ bird.bgp.ipv4.neighbor }} as {{ bird.bgp.remote_as }};
 	import all;
-	export filter {
-		if ( net ~ [ {{ bgp.ipv4.network }} ] ) then accept;
-		reject;
-	};
+	export all;
 }
--- a/roles/bird/templates/bird/bird6.conf.j2
+++ b/roles/bird/templates/bird/bird6.conf.j2
@ -9,9 +9,9 @@

 # Change this into your BIRD router ID. It's a world-wide unique identification
 # of your router, usually one of router's IPv6 addresses.
-router id {{ bgp.ipv6.router_id }};
+router id {{ bird.bgp.ipv6.router_id }};

-listen bgp address {{ bgp.ipv6.bind_address }} port 179;
+listen bgp address {{ bird.bgp.ipv6.bind_address }} port 179;

 # The Kernel protocol is not a real routing protocol. Instead of communicating
 # with other routers in the network, it performs synchronization of BIRD's
@ -20,7 +20,10 @@ protocol kernel {
 	persist;
 	scan time 60;
 	import none;
-	export all;   # Actually insert routes into the kernel routing table
+	export filter {
+		if ( net ~ [ {{ bird.bgp.ipv6.network | join(', ') }} ] ) then reject;
+		accept;
+	};
 }

 # The Device protocol is not a real routing protocol. It doesn't generate any
@ -31,15 +34,14 @@ protocol device {
 }

 protocol static {
-	route {{ bgp.ipv6.network }} reject;
+{% for ip in bird.bgp.ipv6.network %}
+	route {{ ip }} reject;
+{% endfor %}
 }

 protocol bgp zayo {
-	local as {{ bgp.as }};
-	neighbor {{ bgp.ipv6.neighbor }} as {{ bgp.remote_as }};
+	local as {{ bird.bgp.as }};
+	neighbor {{ bird.bgp.ipv6.neighbor }} as {{ bird.bgp.remote_as }};
 	import all;
-	export filter {
-		if ( net ~ [ {{ bgp.ipv6.network }} ] ) then accept;
-		reject;
-	};
+	export all;
 }