init.sls 7.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390
  1. #
  2. # Bird routing daemon
  3. #
  4. {%- set roles = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
  5. {%- set status = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':status', 'active') %}
  6. include:
  7. - network.interfaces
  8. bird-pkg:
  9. pkg.installed:
  10. - name: bird
  11. # Make sure both services are enabled
  12. bird:
  13. service.running:
  14. - enable: True
  15. - running: True
  16. bird6:
  17. service.running:
  18. - enable: True
  19. - running: True
  20. # Reload commands for bird{,6} to be tied to files which should trigger reconfiguration
  21. bird-configure:
  22. cmd.wait:
  23. - name: /usr/sbin/birdc configure
  24. - watch: []
  25. bird6-configure:
  26. cmd.wait:
  27. - name: /usr/sbin/birdc6 configure
  28. - watch: []
  29. /etc/bird:
  30. file.directory:
  31. - mode: 750
  32. - user: bird
  33. - group: bird
  34. - require:
  35. - pkg: bird
  36. /etc/bird/bird.d:
  37. file.directory:
  38. - makedirs: true
  39. - mode: 755
  40. - user: root
  41. - group: bird
  42. - require:
  43. - file: /etc/bird
  44. /etc/bird/bird.conf:
  45. file.managed:
  46. - source: salt://bird/bird.conf
  47. - template: jinja
  48. proto: v4
  49. - require:
  50. - file: /etc/bird/bird.d
  51. - require_in:
  52. - service: bird
  53. - watch_in:
  54. - cmd: bird-configure
  55. - mode: 644
  56. - user: root
  57. - group: bird
  58. /etc/bird/bird6.d:
  59. file.directory:
  60. - makedirs: true
  61. - mode: 755
  62. - user: root
  63. - group: bird
  64. - require:
  65. - file: /etc/bird
  66. /etc/bird/bird6.conf:
  67. file.managed:
  68. - source: salt://bird/bird.conf
  69. - template: jinja
  70. proto: v6
  71. - require:
  72. - file: /etc/bird/bird6.d
  73. - watch_in:
  74. - cmd: bird6-configure
  75. - mode: 644
  76. - user: root
  77. - group: bird
  78. - require_in:
  79. - service: bird6
  80. #
  81. # External VRF / Routing table?
  82. #
  83. /etc/bird/bird.d/VRF_external.conf:
  84. file.managed:
  85. - source: salt://bird/VRF_external.conf
  86. - template: jinja
  87. proto: v4
  88. - watch_in:
  89. - cmd: bird-configure
  90. - require:
  91. - file: /etc/bird/bird.d
  92. - require_in:
  93. - service: bird
  94. /etc/bird/bird6.d/VRF_external.conf:
  95. file.managed:
  96. - source: salt://bird/VRF_external.conf
  97. - template: jinja
  98. proto: v6
  99. - watch_in:
  100. - cmd: bird6-configure
  101. - require:
  102. - file: /etc/bird/bird6.d
  103. - require_in:
  104. - service: bird6
  105. #
  106. # IGP / OSPF
  107. #
  108. /etc/bird/bird.d/IGP.conf:
  109. file.managed:
  110. - source: salt://bird/IGP.conf
  111. - template: jinja
  112. AF: 4
  113. - watch_in:
  114. - cmd: bird-configure
  115. - require:
  116. - file: /etc/bird/bird.d
  117. - require_in:
  118. - service: bird
  119. /etc/bird/bird6.d/IGP.conf:
  120. file.managed:
  121. - source: salt://bird/IGP.conf
  122. - template: jinja
  123. AF: 6
  124. - watch_in:
  125. - cmd: bird6-configure
  126. - require:
  127. - file: /etc/bird/bird6.d
  128. - require_in:
  129. - service: bird6
  130. #
  131. # iBGP
  132. #
  133. /etc/bird/ff-policy.conf:
  134. file.managed:
  135. - source: salt://bird/ff-policy.conf
  136. - template: jinja
  137. proto: v4
  138. - watch_in:
  139. - cmd: bird-configure
  140. - require:
  141. - file: /etc/bird/bird.d
  142. - require_in:
  143. - service: bird
  144. /etc/bird/ff-policy6.conf:
  145. file.managed:
  146. - source: salt://bird/ff-policy.conf
  147. - template: jinja
  148. proto: v6
  149. - watch_in:
  150. - cmd: bird6-configure
  151. - require:
  152. - file: /etc/bird/bird6.d
  153. - require_in:
  154. - service: bird6
  155. /etc/bird/bird.d/ibgp.conf:
  156. file.managed:
  157. - source: salt://bird/ibgp.conf
  158. - template: jinja
  159. family: "4"
  160. - watch_in:
  161. - cmd: bird-configure
  162. - require:
  163. - file: /etc/bird/bird.d
  164. - require_in:
  165. - service: bird
  166. /etc/bird/bird6.d/ibgp.conf:
  167. file.managed:
  168. - source: salt://bird/ibgp.conf
  169. - template: jinja
  170. family: "6"
  171. - watch_in:
  172. - cmd: bird6-configure
  173. - require:
  174. - file: /etc/bird/bird6.d
  175. - require_in:
  176. - service: bird6
  177. #
  178. # FFRL-exit
  179. #
  180. {% if 'ffrl-exit' in roles %}
  181. /etc/bird/bird.d/ffrl.conf:
  182. file.managed:
  183. - source: salt://bird/ffrl.conf
  184. - template: jinja
  185. proto: v4
  186. - watch_in:
  187. - cmd: bird-configure
  188. - require:
  189. - file: /etc/bird/bird.d
  190. - require_in:
  191. - service: bird
  192. /etc/bird/bird6.d/ffrl.conf:
  193. file.managed:
  194. - source: salt://bird/ffrl.conf
  195. - template: jinja
  196. proto: v6
  197. - watch_in:
  198. - cmd: bird6-configure
  199. - require:
  200. - file: /etc/bird/bird6.d
  201. - require_in:
  202. - service: bird6
  203. /etc/bird/bird.d/bogon_unreach.conf:
  204. file.managed:
  205. - source: salt://bird/bogon_unreach.conf
  206. - template: jinja
  207. proto: v4
  208. - watch_in:
  209. - cmd: bird-configure
  210. - require:
  211. - file: /etc/bird/bird.d
  212. - require_in:
  213. - service: bird
  214. /etc/bird/bird6.d/bogon_unreach.conf:
  215. file.managed:
  216. - source: salt://bird/bogon_unreach.conf
  217. - template: jinja
  218. proto: v6
  219. - watch_in:
  220. - cmd: bird6-configure
  221. - require:
  222. - file: /etc/bird/bird6.d
  223. - require_in:
  224. - service: bird6
  225. {% else %}
  226. /etc/bird/bird.d/ffrl.conf:
  227. file.absent:
  228. - watch_in:
  229. - cmd: bird-configure
  230. /etc/bird/bird6.d/ffrl.conf:
  231. file.absent:
  232. - watch_in:
  233. - cmd: bird6-configure
  234. /etc/bird/bird.d/bogon_unreach.conf:
  235. file.absent:
  236. - watch_in:
  237. - cmd: bird-configure
  238. /etc/bird/bird6.d/bogon_unreach.conf:
  239. file.absent:
  240. - watch_in:
  241. - cmd: bird6-configure
  242. {% endif %}
  243. #
  244. # B.A.T.M.A.N. Gateway
  245. #
  246. {% if 'batman_gw' in roles %}
  247. /etc/bird/bird.d/mesh_routes.conf:
  248. file.managed:
  249. - source: salt://bird/mesh_routes.conf
  250. - template: jinja
  251. - watch_in:
  252. - cmd: bird-configure
  253. - require:
  254. - file: /etc/bird/bird.d
  255. - require_in:
  256. - service: bird
  257. /etc/bird/bird6.d/mesh_routes.conf:
  258. file.managed:
  259. - source: salt://bird/mesh_routes.conf
  260. - template: jinja
  261. - watch_in:
  262. - cmd: bird6-configure
  263. - require:
  264. - file: /etc/bird/bird6.d
  265. - require_in:
  266. - service: bird6
  267. {% else %}
  268. /etc/bird/bird.d/mesh_routes.conf:
  269. file.absent:
  270. - watch_in:
  271. - cmd: bird-configure
  272. /etc/bird/bird6.d/mesh_routes.conf:
  273. file.absent:
  274. - watch_in:
  275. - cmd: bird6-configure
  276. {% endif %}
  277. #
  278. # L3 Access
  279. #
  280. {% if 'l3-access' in roles %}
  281. /etc/bird/bird.d/l3-access.conf:
  282. file.managed:
  283. - source: salt://bird/l3-access.conf
  284. - template: jinja
  285. - watch_in:
  286. - cmd: bird-configure
  287. - require:
  288. - file: /etc/bird/bird.d
  289. - require_in:
  290. - service: bird
  291. /etc/bird/bird6.d/l3-access.conf:
  292. file.managed:
  293. - source: salt://bird/l3-access.conf
  294. - template: jinja
  295. - watch_in:
  296. - cmd: bird6-configure
  297. - require:
  298. - file: /etc/bird/bird6.d
  299. - require_in:
  300. - service: bird6
  301. {% else %}
  302. /etc/bird/bird.d/l3-access.conf:
  303. file.absent:
  304. - watch_in:
  305. - cmd: bird-configure
  306. /etc/bird/bird6.d/l3-access.conf:
  307. file.absent:
  308. - watch_in:
  309. - cmd: bird6-configure
  310. {% endif %}
  311. #
  312. # RAdvd (for B.A.T.M.A.N. Gateways / L3-Access)
  313. #
  314. {% if status in [ 'active', 'offline' ] and ('radv' in roles or 'l3-access' in roles or ('batman_gw' in roles and grains.id.startswith('gw'))) %}
  315. /etc/bird/bird6.d/radv.conf:
  316. file.managed:
  317. - source: salt://bird/radv.conf
  318. - template: jinja
  319. - watch_in:
  320. - cmd: bird6-configure
  321. - require:
  322. - file: /etc/bird/bird6.d
  323. - require_in:
  324. - service: bird6
  325. {% else %}
  326. /etc/bird/bird6.d/radv.conf:
  327. file.absent:
  328. - watch_in:
  329. - cmd: bird6-configure
  330. {% endif %}
  331. ################################################################################
  332. # Monitoring related stuff #
  333. ################################################################################
  334. /etc/bird/ospf_interfaces_down_ok.txt:
  335. file.managed:
  336. - source: salt://bird/icinga2/ospf_interfaces_down_ok.txt.tmpl
  337. - template: jinja
  338. /etc/bird/ibgp_sessions_down_ok.txt:
  339. file.managed:
  340. - source: salt://bird/icinga2/ibgp_sessions_down_ok.txt.tmpl
  341. - template: jinja