crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bird2] Now using bird2

linter
_shirenn 2022-06-06 20:27:32 +02:00 committed by shirenn
parent 1fbfb2f9a6
commit 34243f83cd
7 changed files with 263 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
host_vars/routeur-daniel.adm.crans.org/bird.yml
View File

@ -1,60 +1,49 @@
---
loc_bird:
ipv4:
id: 185.230.79.253
binds:
- 138.195.159.250
- 185.230.79.253
statics:
- 185.230.76.0/22
kernel_filter:
- 185.230.78.0/24
bgps:
- name: viarezo
allow_local_as: 1
local:
as: 204515
address: 138.195.159.250
remote:
as: 212424
address: 138.195.159.249
allow_export_prefixes:
- 185.230.76.0/22+
- name: aurore
allow_local_as: 1
local:
as: 204515
address: 185.230.79.253
remote:
as: 43619
address: 185.230.79.254
allow_export_prefixes:
- 185.230.76.0/22+
ipv6:
id: 185.230.79.253
binds:
- 2a0c:b641:2f3::2
- 2a0c:700:28::1
statics:
- 2a0c:700::/32
bgps:
- name: viarezo
allow_local_as: 1
local:
as: 204515
address: 2a0c:b641:2f3::2
remote:
as: 212424
address: 2a0c:b641:2f3::1
allow_export_prefixes:
- 2a0c:700::/32+
- name: aurore
allow_local_as: 1
local:
as: 204515
address: 2a0c:700:28::1
remote:
as: 43619
address: 2a0c:700:28::2
allow_export_prefixes:
- 2a0c:700::/32+
id: 185.230.79.253
asn:
crans: 204515
aurore: 43619
viarezo: 212424
static:
ipv4:
- route 185.230.76.0/22 unreachable
ipv6:
- route 2a0c:700::/32 unreachable
bgp:
- name: aurore4
description: "BGP4 session with aurore"
local:
asn: crans
addr: 185.230.79.253
neighbor:
asn: aurore
addr: 185.230.79.254
ipv4: true
- name: aurore6
description: "BGP6 session with aurore"
local:
asn: crans
addr: 2a0c:700:28::1
neighbor:
asn: aurore
addr: 2a0c:700:28::2
ipv6: true
- name: viarezo4
description: "BGP4 session with viarezo"
local:
asn: crans
addr: 138.195.159.250
neighbor:
asn: viarezo
addr: 138.195.159.249
ipv4: true
- name: viarezo6
description: "BGP6 session with viarezo"
local:
asn: crans
addr: 2a0c:b641:2f3::2
neighbor:
asn: viarezo
addr: 2a0c:b641:2f3::1
ipv6: true

105
host_vars/routeur-sam.adm.crans.org/bird.yml
View File

@ -1,60 +1,49 @@
---
loc_bird:
ipv4:
id: 185.230.79.253
binds:
- 138.195.159.250
- 185.230.79.253
statics:
- 185.230.76.0/22
kernel_filter:
- 185.230.78.0/24
bgps:
- name: viarezo
allow_local_as: 1
local:
as: 204515
address: 138.195.159.250
remote:
as: 212424
address: 138.195.159.249
allow_export_prefixes:
- 185.230.76.0/22+
- name: aurore
allow_local_as: 1
local:
as: 204515
address: 185.230.79.253
remote:
as: 43619
address: 185.230.79.254
allow_export_prefixes:
- 185.230.76.0/22+
ipv6:
id: 185.230.79.253
binds:
- 2a0c:b641:2f3::2
- 2a0c:700:28::1
statics:
- 2a0c:700::/32
bgps:
- name: viarezo
allow_local_as: 1
local:
as: 204515
address: 2a0c:b641:2f3::2
remote:
as: 212424
address: 2a0c:b641:2f3::1
allow_export_prefixes:
- 2a0c:700::/32+
- name: aurore
allow_local_as: 1
local:
as: 204515
address: 2a0c:700:28::1
remote:
as: 43619
address: 2a0c:700:28::2
allow_export_prefixes:
- 2a0c:700::/32+
id: 185.230.79.253
asn:
crans: 204515
aurore: 43619
viarezo: 212424
static:
ipv4:
- route 185.230.76.0/22 unreachable
ipv6:
- route 2a0c:700::/32 unreachable
bgp:
- name: aurore4
description: "BGP4 session with aurore"
local:
asn: crans
addr: 185.230.79.253
neighbor:
asn: aurore
addr: 185.230.79.254
ipv4: true
- name: aurore6
description: "BGP6 session with aurore"
local:
asn: crans
addr: 2a0c:700:28::1
neighbor:
asn: aurore
addr: 2a0c:700:28::2
ipv6: true
- name: viarezo4
description: "BGP4 session with viarezo"
local:
asn: crans
addr: 138.195.159.250
neighbor:
asn: viarezo
addr: 138.195.159.249
ipv4: true
- name: viarezo6
description: "BGP6 session with viarezo"
local:
asn: crans
addr: 2a0c:b641:2f3::2
neighbor:
asn: viarezo
addr: 2a0c:b641:2f3::1
ipv6: true

2
plays/bird.yml
View File

@ -4,4 +4,4 @@
vars:
bird: '{{ glob_bird | default({}) | combine(loc_bird | default({})) }}'
roles:
- bird
- bird2

57
roles/bird/tasks/main.yml
View File

@ -1,27 +1,36 @@
---
- name: Install BIRD
apt:
update_cache: true
name:
- bird
register: apt_result
retries: 3
until: apt_result is succeeded
- name: PLEASE STOP
pause:
prompt: "{{ item }}"
loop:
- APPUIE SUR ^C TOUT DE SUITE ET LANCE LE RÔLE BIRD2 !
- NAN MAIS VRAIMENT
- GENRE ARRÈTE
- ON T'AURA PRÉVENU
- name: Deploy bird configuration
template:
src: bird/bird.conf.j2
dest: /etc/bird/bird.conf
mode: 0640
owner: bird
group: bird
notify: reload bird
#- name: Install BIRD
# apt:
# update_cache: true
# name:
# - bird
# register: apt_result
# retries: 3
# until: apt_result is succeeded
- name: Deploy bird6 configuration
template:
src: bird/bird6.conf.j2
dest: /etc/bird/bird6.conf
mode: 0640
owner: bird
group: bird
notify: reload bird6
#- name: Deploy bird configuration
# template:
# src: bird/bird.conf.j2
# dest: /etc/bird/bird.conf
# mode: 0640
# owner: bird
# group: bird
# notify: reload bird
#- name: Deploy bird6 configuration
# template:
# src: bird/bird6.conf.j2
# dest: /etc/bird/bird6.conf
# mode: 0640
# owner: bird
# group: bird
# notify: reload bird6

19
roles/bird2/handlers/main.yml 100644
View File

@ -0,0 +1,19 @@
---
- name: systemctl status bird.service
service_facts:
listen: 'systemctl reload bird.service'
- name: systemctl reload bird.service
pause:
prompt: |-
On a préféré ne pas redemarrer bird automatiquement.
Du coup, c'est à toi de t'en occuper:
- si tu as modifié quelque chose qui forcera le logiciel à ouvrir (ou fermer) un nouveau socket, tu dois le restart
- sinon tu peux te contenter de le reload
Quand c'est fait appuie sur ENTRÉE
when: not ansible_check_mode and ansible_facts.services['bird']['state'] == 'running'
- name: systemctl stop bird.service
systemd:
name: bird.service
state: stopped

25
roles/bird2/tasks/main.yml 100644
View File

@ -0,0 +1,25 @@
---
- name: Install BIRD2
apt:
update_cache: true
name:
- bird2
register: apt_result
retries: 3
until: apt_result is succeeded
notify: systemctl stop bird.service
- name: systemctl disable bird.service
systemd:
name: bird.service
enabled: false
- name: Deploy bird configuration
template:
src: bird/bird.conf.j2
dest: /etc/bird/bird.conf
mode: 0640
owner: bird
group: bird
notify: systemctl reload bird.service

91
roles/bird2/templates/bird/bird.conf.j2 100644
View File

@ -0,0 +1,91 @@
{{ ansible_header | comment }}
# This is a basic configuration file, which contains boilerplate options and
# some basic examples. It allows the BIRD daemon to start but will not cause
# anything else to happen.
#
# Please refer to the BIRD User's Guide documentation, which is also available
# online at http://bird.network.cz/ in HTML format, for more information on
# configuring BIRD and adding routing protocols.
# Configure logging
log syslog all;
# Set router ID. It is a unique identification of your router, usually one of
# IPv4 addresses of the router. It is recommended to configure it explicitly.
router id {{ bird.id }};
# Turn on global debugging of all protocols (all messages or just selected classes)
# debug protocols all;
# +----------------------+
# | CONSTANT DEFINITIONS |
# +----------------------+
{% for key,value in bird.asn.items() %}
define {{ key }}_asn = {{ value }};
{% endfor %}
# +---------------+
# | NOT PROTOCOLS |
# +---------------+
# The Device protocol is not a real routing protocol. It does not generate any
# routes and it only serves as a module for getting information about network
# interfaces from the kernel. It is necessary in almost any configuration.
protocol device {}
# The Kernel protocol is not a real routing protocol. Instead of communicating
# with other routers in the network, it performs synchronization of BIRD
# routing tables with the OS kernel. One instance per table.
protocol kernel {
ipv4 {
import none;
export all;
};
}
protocol kernel {
ipv6 {
import none;
export all;
};
}
protocol static {
ipv4;
{% for route in bird.static.ipv4 %}
{{ route }};
{% endfor %}
}
protocol static {
ipv6;
{% for route in bird.static.ipv6 %}
{{ route }};
{% endfor %}
}
# +---------------+
# | BGP PROTOCOLS |
# +---------------+
{% for protocol in bird.bgp %}
protocol bgp {{ protocol.name }} {
description "{{ protocol.description }}";
local {{ protocol.local.addr }} as {{ protocol.local.asn }}_asn;
neighbor {{ protocol.neighbor.addr }} as {{ protocol.neighbor.asn }}_asn;
strict bind;
{% if protocol.ipv4 is defined and protocol.ipv4 %}
ipv4 {
import all;
export where source ~ [ RTS_STATIC ];
};
{% endif %}{% if protocol.ipv6 is defined and protocol.ipv6 %}
ipv6 {
import all;
export where source ~ [ RTS_STATIC ];
};
{% endif %}
}
{% endfor %}