crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bird2] Now using bird2

linter
_shirenn 2022-06-06 20:27:32 +02:00 committed by shirenn
parent 1fbfb2f9a6
commit 34243f83cd
7 changed files with 263 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
host_vars/routeur-daniel.adm.crans.org/bird.yml
View File

@ -1,60 +1,49 @@
--- ---
loc_bird: loc_bird:
ipv4: id: 185.230.79.253
id: 185.230.79.253 asn:
binds: crans: 204515
- 138.195.159.250 aurore: 43619
- 185.230.79.253 viarezo: 212424
statics: static:
- 185.230.76.0/22 ipv4:
kernel_filter: - route 185.230.76.0/22 unreachable
- 185.230.78.0/24 ipv6:
bgps: - route 2a0c:700::/32 unreachable
- name: viarezo bgp:
allow_local_as: 1 - name: aurore4
local: description: "BGP4 session with aurore"
as: 204515 local:
address: 138.195.159.250 asn: crans
remote: addr: 185.230.79.253
as: 212424 neighbor:
address: 138.195.159.249 asn: aurore
allow_export_prefixes: addr: 185.230.79.254
- 185.230.76.0/22+ ipv4: true
- name: aurore - name: aurore6
allow_local_as: 1 description: "BGP6 session with aurore"
local: local:
as: 204515 asn: crans
address: 185.230.79.253 addr: 2a0c:700:28::1
remote: neighbor:
as: 43619 asn: aurore
address: 185.230.79.254 addr: 2a0c:700:28::2
allow_export_prefixes: ipv6: true
- 185.230.76.0/22+ - name: viarezo4
ipv6: description: "BGP4 session with viarezo"
id: 185.230.79.253 local:
binds: asn: crans
- 2a0c:b641:2f3::2 addr: 138.195.159.250
- 2a0c:700:28::1 neighbor:
statics: asn: viarezo
- 2a0c:700::/32 addr: 138.195.159.249
bgps: ipv4: true
- name: viarezo - name: viarezo6
allow_local_as: 1 description: "BGP6 session with viarezo"
local: local:
as: 204515 asn: crans
address: 2a0c:b641:2f3::2 addr: 2a0c:b641:2f3::2
remote: neighbor:
as: 212424 asn: viarezo
address: 2a0c:b641:2f3::1 addr: 2a0c:b641:2f3::1
allow_export_prefixes: ipv6: true
- 2a0c:700::/32+
- name: aurore
allow_local_as: 1
local:
as: 204515
address: 2a0c:700:28::1
remote:
as: 43619
address: 2a0c:700:28::2
allow_export_prefixes:
- 2a0c:700::/32+

105
host_vars/routeur-sam.adm.crans.org/bird.yml
View File

@ -1,60 +1,49 @@
--- ---
loc_bird: loc_bird:
ipv4: id: 185.230.79.253
id: 185.230.79.253 asn:
binds: crans: 204515
- 138.195.159.250 aurore: 43619
- 185.230.79.253 viarezo: 212424
statics: static:
- 185.230.76.0/22 ipv4:
kernel_filter: - route 185.230.76.0/22 unreachable
- 185.230.78.0/24 ipv6:
bgps: - route 2a0c:700::/32 unreachable
- name: viarezo bgp:
allow_local_as: 1 - name: aurore4
local: description: "BGP4 session with aurore"
as: 204515 local:
address: 138.195.159.250 asn: crans
remote: addr: 185.230.79.253
as: 212424 neighbor:
address: 138.195.159.249 asn: aurore
allow_export_prefixes: addr: 185.230.79.254
- 185.230.76.0/22+ ipv4: true
- name: aurore - name: aurore6
allow_local_as: 1 description: "BGP6 session with aurore"
local: local:
as: 204515 asn: crans
address: 185.230.79.253 addr: 2a0c:700:28::1
remote: neighbor:
as: 43619 asn: aurore
address: 185.230.79.254 addr: 2a0c:700:28::2
allow_export_prefixes: ipv6: true
- 185.230.76.0/22+ - name: viarezo4
ipv6: description: "BGP4 session with viarezo"
id: 185.230.79.253 local:
binds: asn: crans
- 2a0c:b641:2f3::2 addr: 138.195.159.250
- 2a0c:700:28::1 neighbor:
statics: asn: viarezo
- 2a0c:700::/32 addr: 138.195.159.249
bgps: ipv4: true
- name: viarezo - name: viarezo6
allow_local_as: 1 description: "BGP6 session with viarezo"
local: local:
as: 204515 asn: crans
address: 2a0c:b641:2f3::2 addr: 2a0c:b641:2f3::2
remote: neighbor:
as: 212424 asn: viarezo
address: 2a0c:b641:2f3::1 addr: 2a0c:b641:2f3::1
allow_export_prefixes: ipv6: true
- 2a0c:700::/32+
- name: aurore
allow_local_as: 1
local:
as: 204515
address: 2a0c:700:28::1
remote:
as: 43619
address: 2a0c:700:28::2
allow_export_prefixes:
- 2a0c:700::/32+

2
plays/bird.yml
View File

@ -4,4 +4,4 @@
vars: vars:
bird: '{{ glob_bird | default({}) | combine(loc_bird | default({})) }}' bird: '{{ glob_bird | default({}) | combine(loc_bird | default({})) }}'
roles: roles:
- bird - bird2

57
roles/bird/tasks/main.yml
View File

@ -1,27 +1,36 @@
--- ---
- name: Install BIRD - name: PLEASE STOP
apt: pause:
update_cache: true prompt: "{{ item }}"
name: loop:
- bird - APPUIE SUR ^C TOUT DE SUITE ET LANCE LE RÔLE BIRD2 !
register: apt_result - NAN MAIS VRAIMENT
retries: 3 - GENRE ARRÈTE
until: apt_result is succeeded - ON T'AURA PRÉVENU
- name: Deploy bird configuration #- name: Install BIRD
template: # apt:
src: bird/bird.conf.j2 # update_cache: true
dest: /etc/bird/bird.conf # name:
mode: 0640 # - bird
owner: bird # register: apt_result
group: bird # retries: 3
notify: reload bird # until: apt_result is succeeded
- name: Deploy bird6 configuration #- name: Deploy bird configuration
template: # template:
src: bird/bird6.conf.j2 # src: bird/bird.conf.j2
dest: /etc/bird/bird6.conf # dest: /etc/bird/bird.conf
mode: 0640 # mode: 0640
owner: bird # owner: bird
group: bird # group: bird
notify: reload bird6 # notify: reload bird
#- name: Deploy bird6 configuration
# template:
# src: bird/bird6.conf.j2
# dest: /etc/bird/bird6.conf
# mode: 0640
# owner: bird
# group: bird
# notify: reload bird6

19
roles/bird2/handlers/main.yml 100644
View File

@ -0,0 +1,19 @@
---
- name: systemctl status bird.service
service_facts:
listen: 'systemctl reload bird.service'
- name: systemctl reload bird.service
pause:
prompt: |-
On a préféré ne pas redemarrer bird automatiquement.
Du coup, c'est à toi de t'en occuper:
- si tu as modifié quelque chose qui forcera le logiciel à ouvrir (ou fermer) un nouveau socket, tu dois le restart
- sinon tu peux te contenter de le reload
Quand c'est fait appuie sur ENTRÉE
when: not ansible_check_mode and ansible_facts.services['bird']['state'] == 'running'
- name: systemctl stop bird.service
systemd:
name: bird.service
state: stopped

25
roles/bird2/tasks/main.yml 100644
View File

@ -0,0 +1,25 @@
---
- name: Install BIRD2
apt:
update_cache: true
name:
- bird2
register: apt_result
retries: 3
until: apt_result is succeeded
notify: systemctl stop bird.service
- name: systemctl disable bird.service
systemd:
name: bird.service
enabled: false
- name: Deploy bird configuration
template:
src: bird/bird.conf.j2
dest: /etc/bird/bird.conf
mode: 0640
owner: bird
group: bird
notify: systemctl reload bird.service

91
roles/bird2/templates/bird/bird.conf.j2 100644
View File

@ -0,0 +1,91 @@
{{ ansible_header | comment }}
# This is a basic configuration file, which contains boilerplate options and
# some basic examples. It allows the BIRD daemon to start but will not cause
# anything else to happen.
#
# Please refer to the BIRD User's Guide documentation, which is also available
# online at http://bird.network.cz/ in HTML format, for more information on
# configuring BIRD and adding routing protocols.
# Configure logging
log syslog all;
# Set router ID. It is a unique identification of your router, usually one of
# IPv4 addresses of the router. It is recommended to configure it explicitly.
router id {{ bird.id }};
# Turn on global debugging of all protocols (all messages or just selected classes)
# debug protocols all;
# +----------------------+
# | CONSTANT DEFINITIONS |
# +----------------------+
{% for key,value in bird.asn.items() %}
define {{ key }}_asn = {{ value }};
{% endfor %}
# +---------------+
# | NOT PROTOCOLS |
# +---------------+
# The Device protocol is not a real routing protocol. It does not generate any
# routes and it only serves as a module for getting information about network
# interfaces from the kernel. It is necessary in almost any configuration.
protocol device {}
# The Kernel protocol is not a real routing protocol. Instead of communicating
# with other routers in the network, it performs synchronization of BIRD
# routing tables with the OS kernel. One instance per table.
protocol kernel {
ipv4 {
import none;
export all;
};
}
protocol kernel {
ipv6 {
import none;
export all;
};
}
protocol static {
ipv4;
{% for route in bird.static.ipv4 %}
{{ route }};
{% endfor %}
}
protocol static {
ipv6;
{% for route in bird.static.ipv6 %}
{{ route }};
{% endfor %}
}
# +---------------+
# | BGP PROTOCOLS |
# +---------------+
{% for protocol in bird.bgp %}
protocol bgp {{ protocol.name }} {
description "{{ protocol.description }}";
local {{ protocol.local.addr }} as {{ protocol.local.asn }}_asn;
neighbor {{ protocol.neighbor.addr }} as {{ protocol.neighbor.asn }}_asn;
strict bind;
{% if protocol.ipv4 is defined and protocol.ipv4 %}
ipv4 {
import all;
export where source ~ [ RTS_STATIC ];
};
{% endif %}{% if protocol.ipv6 is defined and protocol.ipv6 %}
ipv6 {
import all;
export where source ~ [ RTS_STATIC ];
};
{% endif %}
}
{% endfor %}