init.sls 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377
  1. #
  2. # Bird routing daemon
  3. #
  4. {%- set roles = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
  5. include:
  6. - network.interfaces
  7. bird-repo:
  8. {% if grains.oscodename in ['jessie', 'wheezy'] %}
  9. pkgrepo.managed:
  10. - comments: "# Official bird repo"
  11. - human_name: Official bird repository
  12. - name: "deb http://bird.network.cz/debian/ {{ grains['oscodename'] }} main"
  13. - dist: {{ grains['oscodename'] }}
  14. - file: /etc/apt/sources.list.d/bird.list
  15. - key_url: salt://bird/bird_apt.key
  16. {% else %}
  17. file.absent:
  18. - name: /etc/apt/sources.list.d/bird.list
  19. {% endif %}
  20. bird-pkg:
  21. pkg.installed:
  22. - name: bird
  23. {% if grains.oscodename in ['jessie', 'wheezy'] %}
  24. - require:
  25. - pkgrepo: bird-repo
  26. {% endif %}
  27. # Make sure both services are enabled
  28. bird:
  29. service.running:
  30. - enable: True
  31. - running: True
  32. bird6:
  33. service.running:
  34. - enable: True
  35. - running: True
  36. # Reload commands for bird{,6} to be tied to files which should trigger reconfiguration
  37. bird-configure:
  38. cmd.wait:
  39. - name: /usr/sbin/birdc configure
  40. - watch: []
  41. bird6-configure:
  42. cmd.wait:
  43. - name: /usr/sbin/birdc6 configure
  44. - watch: []
  45. /etc/bird:
  46. file.directory:
  47. - mode: 750
  48. - user: bird
  49. - group: bird
  50. - require:
  51. - pkg: bird
  52. /etc/bird/bird.d:
  53. file.directory:
  54. - makedirs: true
  55. - mode: 755
  56. - user: root
  57. - group: bird
  58. - require:
  59. - file: /etc/bird
  60. /etc/bird/bird.conf:
  61. file.managed:
  62. - source: salt://bird/bird.conf
  63. - template: jinja
  64. proto: v4
  65. - require:
  66. - file: /etc/bird/bird.d
  67. - require_in:
  68. - service: bird
  69. - watch_in:
  70. - cmd: bird-configure
  71. - mode: 644
  72. - user: root
  73. - group: bird
  74. /etc/bird/bird6.d:
  75. file.directory:
  76. - makedirs: true
  77. - mode: 755
  78. - user: root
  79. - group: bird
  80. - require:
  81. - file: /etc/bird
  82. /etc/bird/bird6.conf:
  83. file.managed:
  84. - source: salt://bird/bird.conf
  85. - template: jinja
  86. proto: v6
  87. - require:
  88. - file: /etc/bird/bird6.d
  89. - watch_in:
  90. - cmd: bird6-configure
  91. - mode: 644
  92. - user: root
  93. - group: bird
  94. - require_in:
  95. - service: bird6
  96. #
  97. # External VRF / Routing table?
  98. #
  99. /etc/bird/bird.d/VRF_external.conf:
  100. file.managed:
  101. - source: salt://bird/VRF_external.conf
  102. - template: jinja
  103. proto: v4
  104. - watch_in:
  105. - cmd: bird-configure
  106. - require:
  107. - file: /etc/bird/bird.d
  108. - require_in:
  109. - service: bird
  110. /etc/bird/bird6.d/VRF_external.conf:
  111. file.managed:
  112. - source: salt://bird/VRF_external.conf
  113. - template: jinja
  114. proto: v6
  115. - watch_in:
  116. - cmd: bird6-configure
  117. - require:
  118. - file: /etc/bird/bird6.d
  119. - require_in:
  120. - service: bird6
  121. /etc/bird/bird.d/external.conf:
  122. file.absent
  123. /etc/bird/bird6.d/external.conf:
  124. file.absent
  125. #
  126. # IGP / OSPF
  127. #
  128. /etc/bird/bird.d/IGP.conf:
  129. file.managed:
  130. - source: salt://bird/IGP.conf
  131. - template: jinja
  132. proto: v4
  133. - watch_in:
  134. - cmd: bird-configure
  135. - require:
  136. - file: /etc/bird/bird.d
  137. - require_in:
  138. - service: bird
  139. /etc/bird/bird6.d/IGP.conf:
  140. file.managed:
  141. - source: salt://bird/IGP.conf
  142. - template: jinja
  143. proto: v6
  144. - watch_in:
  145. - cmd: bird6-configure
  146. - require:
  147. - file: /etc/bird/bird6.d
  148. - require_in:
  149. - service: bird6
  150. # Compatibility glue
  151. /etc/bird/bird6.d/IGP6.conf:
  152. file.absent:
  153. - watch_in:
  154. - cmd: bird-configure
  155. #
  156. # iBGP
  157. #
  158. /etc/bird/ff-policy.conf:
  159. file.managed:
  160. - source: salt://bird/ff-policy.conf
  161. - template: jinja
  162. proto: v4
  163. - watch_in:
  164. - cmd: bird-configure
  165. - require:
  166. - file: /etc/bird/bird.d
  167. - require_in:
  168. - service: bird
  169. /etc/bird/ff-policy6.conf:
  170. file.managed:
  171. - source: salt://bird/ff-policy.conf
  172. - template: jinja
  173. proto: v6
  174. - watch_in:
  175. - cmd: bird6-configure
  176. - require:
  177. - file: /etc/bird/bird6.d
  178. - require_in:
  179. - service: bird6
  180. /etc/bird/bird.d/ibgp.conf:
  181. file.managed:
  182. - source: salt://bird/ibgp.conf
  183. - template: jinja
  184. proto: v4
  185. - watch_in:
  186. - cmd: bird-configure
  187. - require:
  188. - file: /etc/bird/bird.d
  189. - require_in:
  190. - service: bird
  191. /etc/bird/bird6.d/ibgp.conf:
  192. file.managed:
  193. - source: salt://bird/ibgp.conf
  194. - template: jinja
  195. proto: v6
  196. - watch_in:
  197. - cmd: bird6-configure
  198. - require:
  199. - file: /etc/bird/bird6.d
  200. - require_in:
  201. - service: bird6
  202. #
  203. # FFRL-exit
  204. #
  205. {% if 'ffrl-exit' in roles %}
  206. /etc/bird/bird.d/ffrl.conf:
  207. file.managed:
  208. - source: salt://bird/ffrl.conf
  209. - template: jinja
  210. proto: v4
  211. - watch_in:
  212. - cmd: bird-configure
  213. - require:
  214. - file: /etc/bird/bird.d
  215. - require_in:
  216. - service: bird
  217. /etc/bird/bird6.d/ffrl.conf:
  218. file.managed:
  219. - source: salt://bird/ffrl.conf
  220. - template: jinja
  221. proto: v6
  222. - watch_in:
  223. - cmd: bird6-configure
  224. - require:
  225. - file: /etc/bird/bird6.d
  226. - require_in:
  227. - service: bird6
  228. /etc/bird/bird.d/bogon_unreach.conf:
  229. file.managed:
  230. - source: salt://bird/bogon_unreach.conf
  231. - template: jinja
  232. proto: v4
  233. - watch_in:
  234. - cmd: bird-configure
  235. - require:
  236. - file: /etc/bird/bird.d
  237. - require_in:
  238. - service: bird
  239. /etc/bird/bird6.d/bogon_unreach.conf:
  240. file.managed:
  241. - source: salt://bird/bogon_unreach.conf
  242. - template: jinja
  243. proto: v6
  244. - watch_in:
  245. - cmd: bird6-configure
  246. - require:
  247. - file: /etc/bird/bird6.d
  248. - require_in:
  249. - service: bird6
  250. {% else %}
  251. /etc/bird/bird.d/ffrl.conf:
  252. file.absent
  253. /etc/bird/bird6.d/ffrl.conf:
  254. file.absent
  255. /etc/bird/bird.d/bogon_unreach.conf:
  256. file.absent
  257. /etc/bird/bird6.d/bogon_unreach.conf:
  258. file.absent
  259. {% endif %}
  260. #
  261. # B.A.T.M.A.N. Gateway
  262. #
  263. {% if 'batman_gw' in roles %}
  264. /etc/bird/bird.d/mesh_routes.conf:
  265. file.managed:
  266. - source: salt://bird/mesh_routes.conf
  267. - template: jinja
  268. - watch_in:
  269. - cmd: bird-configure
  270. - require:
  271. - file: /etc/bird/bird.d
  272. - require_in:
  273. - service: bird
  274. /etc/bird/bird6.d/mesh_routes.conf:
  275. file.managed:
  276. - source: salt://bird/mesh_routes.conf
  277. - template: jinja
  278. - watch_in:
  279. - cmd: bird6-configure
  280. - require:
  281. - file: /etc/bird/bird6.d
  282. - require_in:
  283. - service: bird6
  284. {% else %}
  285. /etc/bird/bird.d/mesh_routes.conf:
  286. file.absent
  287. /etc/bird/bird6.d/mesh_routes.conf:
  288. file.absent
  289. {% endif %}
  290. #
  291. # L3 Access
  292. #
  293. {% if 'l3_access' in roles %}
  294. /etc/bird/bird.d/l3-access.conf:
  295. file.managed:
  296. - source: salt://bird/l3-access.conf
  297. - template: jinja
  298. /etc/bird/bird6.d/l3-access.conf:
  299. file.managed:
  300. - source: salt://bird/l3-access.conf
  301. - template: jinja
  302. {% else %}
  303. /etc/bird/bird.d/l3-access.conf:
  304. file.absent
  305. /etc/bird/bird6.d/l3-access.conf:
  306. file.absent
  307. {% endif %}
  308. #
  309. # RAdvd (for B.A.T.M.A.N. Gateways / L3-Access)
  310. #
  311. {% if 'radv' in roles or 'l3_access' in roles or ('batman_gw' in roles and grains.id.startswith('gw')) %}
  312. /etc/bird/bird6.d/radv.conf:
  313. file.managed:
  314. - source: salt://bird/radv.conf
  315. - template: jinja
  316. - watch_in:
  317. - cmd: bird6-configure
  318. - require:
  319. - file: /etc/bird/bird6.d
  320. - require_in:
  321. - service: bird6
  322. {% else %}
  323. /etc/bird/bird6.d/radv.conf:
  324. file.absent:
  325. - watch_in:
  326. - cmd: bird6-configure
  327. {% endif %}