From 4546c428642619896e0ed7646d91eb129cc8a701 Mon Sep 17 00:00:00 2001 From: uvok cheetah Date: Tue, 28 May 2024 19:45:43 +0200 Subject: bird: Make RPKI config'able --- roles/uvok_bird/defaults/main.yml | 2 ++ roles/uvok_bird/files/clear_rpki.conf | 21 --------------------- roles/uvok_bird/tasks/main.yml | 1 + roles/uvok_bird/templates/clear_rpki.conf.j2 | 21 +++++++++++++++++++++ 4 files changed, 24 insertions(+), 21 deletions(-) delete mode 100644 roles/uvok_bird/files/clear_rpki.conf create mode 100644 roles/uvok_bird/templates/clear_rpki.conf.j2 diff --git a/roles/uvok_bird/defaults/main.yml b/roles/uvok_bird/defaults/main.yml index 5023a41..4138414 100644 --- a/roles/uvok_bird/defaults/main.yml +++ b/roles/uvok_bird/defaults/main.yml @@ -10,3 +10,5 @@ uvok_bird_opts: babel_if_name: router_id: "0.0.0.0" clear_as: "64496" + rpki1: "127.0.0.1" + rpki2: "127.0.0.2" diff --git a/roles/uvok_bird/files/clear_rpki.conf b/roles/uvok_bird/files/clear_rpki.conf deleted file mode 100644 index d034889..0000000 --- a/roles/uvok_bird/files/clear_rpki.conf +++ /dev/null @@ -1,21 +0,0 @@ -# managed by Ansible - -roa6 table clear_roa_v6; - -protocol rpki roa_clearnet1 { - roa6 { table clear_roa_v6; }; - remote 10.2.0.1; - port 8282; - refresh 3600; - retry 600; - expire 7200; -} - -protocol rpki roa_clearnet2 { - roa6 { table clear_roa_v6; }; - remote 10.2.0.12; - port 8282; - refresh 3600; - retry 600; - expire 7200; -} diff --git a/roles/uvok_bird/tasks/main.yml b/roles/uvok_bird/tasks/main.yml index db9c64f..5dd98f8 100644 --- a/roles/uvok_bird/tasks/main.yml +++ b/roles/uvok_bird/tasks/main.yml @@ -72,6 +72,7 @@ loop: - { src: 'clearnet.conf.j2', dest: '{{ uvok_bird_opts.config_dir }}/clearnet.conf' } - { src: 'clear_defines.conf.j2', dest: '{{ uvok_bird_opts.config_dir }}/clear_defines.conf' } + - { src: 'clear_rpki.conf.j2', dest: '{{ uvok_bird_opts.config_dir }}/clear_rpki.conf' } notify: configure bird - name: Copy remaining clearnet files ansible.posix.synchronize: diff --git a/roles/uvok_bird/templates/clear_rpki.conf.j2 b/roles/uvok_bird/templates/clear_rpki.conf.j2 new file mode 100644 index 0000000..97f869c --- /dev/null +++ b/roles/uvok_bird/templates/clear_rpki.conf.j2 @@ -0,0 +1,21 @@ +# managed by Ansible + +roa6 table clear_roa_v6; + +protocol rpki roa_clearnet1 { + roa6 { table clear_roa_v6; }; + remote {{ uvok_bird_opts.rpki1 }}; + port 8282; + refresh 3600; + retry 600; + expire 7200; +} + +protocol rpki roa_clearnet2 { + roa6 { table clear_roa_v6; }; + remote {{ uvok_bird_opts.rpki2 }}; + port 8282; + refresh 3600; + retry 600; + expire 7200; +} -- cgit v1.2.3