summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoruvok cheetah2024-04-21 15:50:35 +0200
committeruvok cheetah2024-04-21 15:50:35 +0200
commit2b9a71e8ecb41cc8e9b73735837f07c9b1351ff7 (patch)
tree84ff56a440e31ce33bb8ea214ab79391660a4b44
parent293ddf3a4bf78d72fea4b8196e3bbc2d81b3f12e (diff)
Changed to bird tole
- rename prefixes to clear_prefixes - add router id - add config files - add handler "change"
-rw-r--r--host_vars/netcup/tinc (renamed from host_vars/netcup)0
-rw-r--r--roles/uvok_bird/TODO.txt4
-rw-r--r--roles/uvok_bird/defaults/main.yml3
-rw-r--r--roles/uvok_bird/files/common.conf14
-rw-r--r--roles/uvok_bird/files/logging.conf11
-rw-r--r--roles/uvok_bird/handlers/main.yml4
-rw-r--r--roles/uvok_bird/tasks/main.yml23
-rw-r--r--roles/uvok_bird/templates/bird.conf.j216
-rw-r--r--roles/uvok_bird/templates/clearnet.conf.j25
-rw-r--r--roles/uvok_bird/templates/defines.conf.j24
10 files changed, 81 insertions, 3 deletions
diff --git a/host_vars/netcup b/host_vars/netcup/tinc
index 9d49382..9d49382 100644
--- a/host_vars/netcup
+++ b/host_vars/netcup/tinc
diff --git a/roles/uvok_bird/TODO.txt b/roles/uvok_bird/TODO.txt
new file mode 100644
index 0000000..6176bb1
--- /dev/null
+++ b/roles/uvok_bird/TODO.txt
@@ -0,0 +1,4 @@
+- use protocol "description" option
+- import limit / receive limit
+ import limit [number | off ] [action warn | block | restart | disable]
+ \ No newline at end of file
diff --git a/roles/uvok_bird/defaults/main.yml b/roles/uvok_bird/defaults/main.yml
index 7ab4a34..b877f74 100644
--- a/roles/uvok_bird/defaults/main.yml
+++ b/roles/uvok_bird/defaults/main.yml
@@ -6,5 +6,6 @@ uvok_bird_opts:
dn42: false
use_fallback: false
preferred_ip: "::1"
- prefixes: []
+ clear_prefixes: []
babel_if_name:
+ router_id: "0.0.0.0"
diff --git a/roles/uvok_bird/files/common.conf b/roles/uvok_bird/files/common.conf
new file mode 100644
index 0000000..61917bd
--- /dev/null
+++ b/roles/uvok_bird/files/common.conf
@@ -0,0 +1,14 @@
+# managed by Ansible
+
+function honor_graceful_shutdown() {
+ if (65535, 0) ~ bgp_community then {
+ bgp_local_pref = 0;
+ }
+}
+
+# The Device protocol is not a real routing protocol. It does not generate any
+# routes and it only serves as a module for getting information about network
+# interfaces from the kernel. It is necessary in almost any configuration.
+protocol device {
+ scan time 10;
+}
diff --git a/roles/uvok_bird/files/logging.conf b/roles/uvok_bird/files/logging.conf
new file mode 100644
index 0000000..bd9e6e8
--- /dev/null
+++ b/roles/uvok_bird/files/logging.conf
@@ -0,0 +1,11 @@
+# managed by Ansible
+
+# log syslog { info, remote, warning, error, auth, fatal, bug };
+log syslog { warning, error, fatal, bug };
+log "/var/log/bird/remote.log" { remote };
+log "/var/log/bird/bugs.log" { bug };
+log "/var/log/bird/trace.log" { trace };
+log "/var/log/bird/debug.log" { debug };
+log "/var/log/bird/info.log" { info };
+
+timeformat protocol iso long;
diff --git a/roles/uvok_bird/handlers/main.yml b/roles/uvok_bird/handlers/main.yml
index aab7d9f..33814c5 100644
--- a/roles/uvok_bird/handlers/main.yml
+++ b/roles/uvok_bird/handlers/main.yml
@@ -4,6 +4,10 @@
- name: Check config
command: birdc configure check
listen: configure bird
+ changed_when: false
+ register: bird_check_result
- name: Apply bird config
command: birdc configure soft
listen: configure bird
+ changed_when: true
+ when: bird_check_result.rc == 0
diff --git a/roles/uvok_bird/tasks/main.yml b/roles/uvok_bird/tasks/main.yml
index c3ef063..4bdcf35 100644
--- a/roles/uvok_bird/tasks/main.yml
+++ b/roles/uvok_bird/tasks/main.yml
@@ -7,7 +7,17 @@
mode: '0750'
owner: 'bird'
group: 'bird'
-- name: Install template
+- name: Install common templates
+ template:
+ src: '{{ item.src }}'
+ dest: '{{ item.dest }}'
+ mode: '0640'
+ owner: 'bird'
+ group: 'bird'
+ loop:
+ - { src: 'bird.conf.j2', dest: '{{ uvok_bird_opts.config_dir }}/bird.conf' }
+ - { src: 'defines.conf.j2', dest: '{{ uvok_bird_opts.config_dir }}/defines.conf' }
+- name: Install clearnet templates
template:
src: clearnet.conf.j2
dest: '{{ uvok_bird_opts.config_dir }}/clearnet.conf'
@@ -17,3 +27,14 @@
when:
- uvok_bird_opts.clearnet
notify: configure bird
+- name: Copy remaining files
+ copy:
+ src: files/{{ item }}
+ dest: '{{ uvok_bird_opts.config_dir }}/{{ item }}'
+ mode: '0640'
+ owner: 'bird'
+ group: 'bird'
+ loop:
+ - "common.conf"
+ - "logging.conf"
+ notify: configure bird
diff --git a/roles/uvok_bird/templates/bird.conf.j2 b/roles/uvok_bird/templates/bird.conf.j2
new file mode 100644
index 0000000..82452a0
--- /dev/null
+++ b/roles/uvok_bird/templates/bird.conf.j2
@@ -0,0 +1,16 @@
+# {{ ansible_managed }}
+
+include "/etc/bird/logging.conf";
+
+include "/etc/bird/defines.conf";
+router id OWNIP;
+
+include "/etc/bird/common.conf";
+
+{% if uvok_bird_opts.dn42 %}
+include "/etc/bird/dn42.conf";
+{% endif %}
+
+{% if uvok_bird_opts.clearnet %}
+include "/etc/bird/clearnet.conf";
+{% endif %}
diff --git a/roles/uvok_bird/templates/clearnet.conf.j2 b/roles/uvok_bird/templates/clearnet.conf.j2
index 420a8da..1ced3a4 100644
--- a/roles/uvok_bird/templates/clearnet.conf.j2
+++ b/roles/uvok_bird/templates/clearnet.conf.j2
@@ -1,5 +1,8 @@
# {{ ansible_managed }}
+include "/etc/bird/clear_defines.conf";
+include "/etc/bird/clear_functions.conf";
+
define CLEARNET_PREFIP = {{ uvok_bird_opts.preferred_ip }};
# trs=transit
@@ -145,7 +148,7 @@ filter myas_f_rc
};
protocol static myprefix {
-{% for prefix in uvok_bird_opts.prefixes %}
+{% for prefix in uvok_bird_opts.clear_prefixes %}
route {{ prefix }} reject;
{% endfor %};
diff --git a/roles/uvok_bird/templates/defines.conf.j2 b/roles/uvok_bird/templates/defines.conf.j2
new file mode 100644
index 0000000..8a8d597
--- /dev/null
+++ b/roles/uvok_bird/templates/defines.conf.j2
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+# both clear and DN42
+define OWNIP = {{ uvok_bird_opts.router_id }};