12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250 |
- #!/usr/bin/python
- import collections
- import re
- from copy import deepcopy
- mac_prefix = "f2"
- # VRF configuration map
- vrf_info = {
- 'vrf_external' : {
- 'table' : 1023,
- 'fwmark' : [ '0x1', '0x1023' ],
- },
- }
- #
- # Default parameters added to any given bonding interface,
- # if not specified at the interface configuration.
- default_bond_config = {
- 'bond-mode': '802.3ad',
- 'bond-min-links': '1',
- 'bond-xmit-hash-policy': 'layer3+4'
- }
- #
- # Default parameters added to any given bonding interface,
- # if not specified at the interface configuration.
- default_bridge_config = {
- 'bridge-fd' : '0',
- 'bridge-stp' : 'no'
- }
- #
- # Hop penalty to set if none is explicitly specified
- # Check if one of these roles is configured for any given node, use first match.
- default_hop_penalty_by_role = {
- 'bbr' : 5,
- 'bras' : 50,
- 'batman_gw' : 5,
- 'batman_ext': 50,
- }
- batman_role_evaluation_order = [ 'bbr', 'batman_gw', 'bras' ]
- #
- # Default interface attributes to be added to GRE interface to AS201701 when
- # not already present in pillar interface configuration.
- GRE_FFRL_attrs = {
- 'mode' : 'gre',
- 'method' : 'tunnel',
- 'mtu' : '1400',
- 'ttl' : '64',
- }
- # The IPv4/IPv6 prefix used for Loopback IPs
- loopback_prefix = {
- 'v4' : '10.132.255.',
- 'v6' : '2a03:2260:2342:ffff::',
- }
- # The DNS zone base names used for generating zone files from IP address
- # configured on nodes interfaces.
- DNS_zone_names = {
- 'forward' : 'ffho.net',
- 'rev_v4' : [
- '132.10.in-addr.arpa',
- '30.172.in-addr.arpa',
- ],
- 'rev_v6' : [
- '2.4.3.2.0.6.2.2.3.0.a.2.ip6.arpa',
- ]
- }
- # MTU configuration
- MTU = {
- # The default MTU for any interface which does not have a MTU configured
- # explicitly in the pillar node config or does not get a MTU configured
- # by any means of this SDN stuff here.
- 'default' : 1500,
- # A batman underlay device, probably a VXLAN or VLAN interface.
- #
- # 1500
- # + 60 B.A.T.M.A.N. adv header + network coding (activated by default by Debian)
- 'batman_underlay_iface' : 1560,
- # VXLAN underlay device, probably a VLAN within $POP or between two BBRs.
- #
- # 1560
- # + 14 Inner Ethernet Frame
- # + 8 VXLAN Header
- # + 8 UDP Header
- # + 20 IPv4 Header
- 'vxlan_underlay_iface' : 1610,
- }
- ################################################################################
- # #
- # Internal functions #
- # #
- # Touching anything below will void any warranty you never had ;) #
- # #
- ################################################################################
- sites = None
- def _get_site_no (sites_config, site_name):
- global sites
- if sites == None:
- sites = {}
- for site in sites_config:
- if site.startswith ("_"):
- continue
- sites[site] = sites_config[site].get ("site_no", -2)
- return sites.get (site_name, -1)
- #
- # Generate a MAC address after the format f2:dd:dd:ss:nn:nn where
- # dd:dd is the hexadecimal reprensentation of the nodes device_id
- # ff:ff representing the gluon nodes
- #
- # ss is the hexadecimal reprensentation of the site_id the interface is connected to
- #
- # nn:nn is the decimal representation of the network the interface is connected to, with
- # 00:00 being the BATMAN interface
- # 00:0d being the dummy interface
- # 00:0f being the VEth internal side interface
- # 00:e0 being an external instance BATMAN interface
- # 00:ed being an external instance dummy interface
- # 00:e1 being an inter-gw-vpn interface
- # 00:e4 being an nodes fastd tunnel interface of IPv4 transport
- # 00:e6 being an nodes fastd tunnel interface of IPv6 transport
- # 00:ef being an extenral instance VEth interface side
- # 02:xx being a connection to local Vlan 2xx
- # xx:xx being a VXLAN tunnel for site ss, with xx being the underlay VLAN ID (1xyz, 2xyz)
- # ff:ff being the gluon next-node interface
- def gen_batman_iface_mac (site_no, device_no, network):
- net_type_map = {
- 'bat' : "00:00",
- 'dummy' : "00:0d",
- 'int2ext' : "00:0f",
- 'bat-e' : "00:e0",
- 'intergw' : "00:e1",
- 'nodes4' : "00:e4",
- 'nodes6' : "00:e6",
- 'dummy-e' : "00:ed",
- 'ext2int' : "00:ef",
- }
- # Well-known network type?
- if network in net_type_map:
- last = net_type_map[network]
- elif type (network) == int:
- last = re.sub (r'(\d{2})(\d{2})', '\g<1>:\g<2>', "%04d" % network)
- else:
- last = "ee:ee"
- # Convert device_no to hex, format number to 4 digits with leading zeros and : betwwen 2nd and 3rd digit
- device_no_hex = re.sub (r'([0-9a-fA-F]{2})([0-9a-fA-F]{2})', '\g<1>:\g<2>', "%04x" % int (device_no))
- # Format site_no to two digit number with leading zero
- site_no_hex = "%02d" % int (site_no)
- return "%s:%s:%s:%s" % (mac_prefix, device_no_hex, site_no_hex, last)
- # Gather B.A.T.M.A.N. related config options for real batman devices (e.g. bat0)
- # as well as for batman member interfaces (e.g. eth0.100, fastd ifaces etc.)
- def _update_batman_config (node_config, iface, sites_config):
- try:
- node_batman_hop_penalty = int (node_config['batman']['hop-penalty'])
- except (KeyError,ValueError):
- node_batman_hop_penalty = None
- iface_config = node_config['ifaces'][iface]
- iface_type = iface_config.get ('type', 'inet')
- batman_config = {}
- for item, value in iface_config.items ():
- if item.startswith ('batman-'):
- batman_config[item] = value
- iface_config.pop (item)
- # B.A.T.M.A.N. device (e.g. bat0)
- if iface_type == 'batman':
- if 'batman-hop-penalty' not in batman_config:
- # If there's a hop penalty set for the node, but not for the interface
- # apply the nodes hop penalty
- if node_batman_hop_penalty:
- batman_config['batman-hop-penalty'] = node_batman_hop_penalty
- # If there's no hop penalty set for the node, use a default hop penalty
- # for the roles the node might have, if any
- else:
- node_roles = node_config.get ('roles', [])
- for role in batman_role_evaluation_order:
- if role in node_roles:
- batman_config['batman-hop-penalty'] = default_hop_penalty_by_role[role]
- if 'batman_ext' in node_roles and iface.endswith('-ext'):
- batman_config['batman-hop-penalty'] = default_hop_penalty_by_role['batman_ext']
- # If batman ifaces were specified as a list - which they should -
- # generate a sorted list of interface names as string representation
- if 'batman-ifaces' in batman_config and type (batman_config['batman-ifaces']) == list:
- batman_iface_str = " ".join (sorted (batman_config['batman-ifaces']))
- batman_config['batman-ifaces'] = batman_iface_str
- # B.A.T.M.A.N. member interface (e.g. eth.100, fastd ifaces, etc.)
- elif iface_type == 'batman_iface':
- # Generate unique MAC address for every batman iface, as B.A.T.M.A.N.
- # will get puzzled with multiple interfaces having the same MAC and
- # do nasty things.
- site = iface_config.get ('site')
- site_no = _get_site_no (sites_config, site)
- device_no = node_config.get ('id')
- network = 1234
- # Generate a unique BATMAN-MAC for this interfaces
- match = re.search (r'^vlan(\d+)', iface)
- if match:
- network = int (match.group (1))
- iface_config['hwaddress'] = gen_batman_iface_mac (site_no, device_no, network)
- iface_config['batman'] = batman_config
- # Mangle bond specific config items with default values and store them in
- # separate sub-dict for easier access and configuration.
- def _update_bond_config (config):
- bond_config = default_bond_config.copy ()
- for item, value in config.items ():
- if item.startswith ('bond-'):
- bond_config[item] = value
- config.pop (item)
- if bond_config['bond-mode'] not in ['2', 'balance-xor', '4', '802.3ad']:
- bond_config.pop ('bond-xmit-hash-policy')
- config['bond'] = bond_config
- # Mangle bridge specific config items with default values and store them in
- # separate sub-dict for easier access and configuration.
- def _update_bridge_config (config):
- bridge_config = default_bridge_config.copy ()
- for item, value in config.items ():
- if item.startswith ('bridge-'):
- bridge_config[item] = value
- config.pop (item)
- # Fix and salt mangled string interpretation back to real string.
- if type (value) == bool:
- bridge_config[item] = "yes" if value else "no"
- # If bridge ports were specified as a list - which they should -
- # generate a sorted list of interface names as string representation
- if 'bridge-ports' in bridge_config and type (bridge_config['bridge-ports']) == list:
- bridge_ports_str = " ".join (sorted (bridge_config['bridge-ports']))
- bridge_config['bridge-ports'] = bridge_ports_str
- config['bridge'] = bridge_config
- # Move vlan specific config items into a sub-dict for easier access and pretty-printing
- # in the configuration file
- def _update_vlan_config (config):
- vlan_config = {}
- for item, value in config.items ():
- if item.startswith ('vlan-'):
- vlan_config[item] = value
- config.pop (item)
- config['vlan'] = vlan_config
- # Pimp Veth interfaces
- # * Add peer interface name IF not present
- # * Add link-type veth IF not present
- def _update_veth_config (interface, config):
- veth_peer_name = {
- 'veth_ext2int' : 'veth_int2ext',
- 'veth_int2ext' : 'veth_ext2int'
- }
- if interface not in veth_peer_name:
- return
- if 'link-type' not in config:
- config['link-type'] = 'veth'
- if 'veth-peer-name' not in config:
- config['veth-peer-name'] = veth_peer_name[interface]
- # The the given MTU to the given interface - presented by it's interface config dict -
- # IFF no MTU has already been set in the node pillar.
- #
- # @param ifaces: All interface configuration (as dict)
- # @param iface_name: Name of the interface to set MTU for
- # @param mtu: The MTU value to set (integer)
- # When <mtu> is <= 0, the <mtu> configured for <iface_name>
- # will be used to set the MTU of the upper interface, and the
- # default MTU if none is configured explicitly.
- def _set_mtu_to_iface_and_upper (ifaces, iface_name, mtu):
- iface_config = ifaces.get (iface_name)
- # By default we assume that we should set the given MTU value as the 'automtu'
- # attribute to allow distinction between manually set and autogenerated MTU
- # values.
- set_automtu = True
- # If a mtu values <= 0 is given, use the MTU configured for this interface
- # or, if none is set, the default value when configuring the vlan-raw-device.
- if mtu <= 0:
- set_automtu = False
- mtu = iface_config.get ('mtu', MTU['default'])
- # If this interface already has a MTU set - probably because someone manually
- # specified one in the node pillar - we do not touch the MTU of this interface.
- # Nevertheless it's worth looking at any underlying interface.
- if 'mtu' in iface_config:
- set_automtu = False
- # There might be - read: "we have" - a situation where on top of e.g. bond0
- # there are vlans holding VXLAN communicaton as well a vlans directly carrying
- # BATMAN traffic. Now depending on which interface is evaluated first, the upper
- # MTU is either correct, or maybe to small.
- #
- # If any former autogenerated MTU is greater-or-equal than the one we want to
- # set now, we'll ignore it, and go for the greater one.
- elif 'automtu' in iface_config and iface_config['automtu'] >= mtu:
- set_automtu = False
- # If we still consider this a good move, set given MTU to this device.
- if set_automtu:
- iface_config['automtu'] = mtu
- # If this is a VLAN - which it probably is - fix the MTU of the underlying interface, too.
- # Check for 'vlan-raw-device' in iface_config and in vlan subconfig (yeah, that's not ideal).
- vlan_raw_device = None
- if 'vlan-raw-device' in iface_config:
- vlan_raw_device = iface_config['vlan-raw-device']
- elif 'vlan' in iface_config and 'vlan-raw-device' in iface_config['vlan']:
- vlan_raw_device = iface_config['vlan']['vlan-raw-device']
- if vlan_raw_device:
- vlan_raw_device_config = ifaces.get (vlan_raw_device, None)
- # vlan-raw-device might point to ethX which usually isn't configured explicitly
- # as ifupdown2 simply will bring it up anyway by itself. To set the MTU of such
- # an interface we have to add a configuration stanza for it here.
- if vlan_raw_device_config == None:
- vlan_raw_device_config = {}
- ifaces[vlan_raw_device] = vlan_raw_device_config
- # If there is a manually set MTU for this device, we don't do nothin'
- if 'mtu' in vlan_raw_device_config:
- return
- if 'automtu' in vlan_raw_device_config and vlan_raw_device_config['automtu'] >= mtu:
- return
- vlan_raw_device_config['automtu'] = mtu
- # Generate configuration entries for any batman related interfaces not
- # configured explicitly, but asked for implicitly by role batman and a
- # (list of) site(s) specified in the node config.
- def _generate_batman_interface_config (node_config, ifaces, sites_config):
- # No role 'batman', nothing to do
- roles = node_config.get ('roles', [])
- if 'batman' not in roles:
- return
- # Should there be a 2nd external BATMAN instance?
- batman_ext = 'batman_ext' in roles or 'bras' in roles
- device_no = node_config.get ('id', -1)
- for site in node_config.get ('sites', []):
- site_no = _get_site_no (sites_config, site)
- # Predefine interface names for regular/external BATMAN instance
- # and possible VEth link pair for connecting both instances.
- bat_site_if = "bat-%s" % site
- dummy_site_if = "dummy-%s" % site
- bat_site_if_ext = "bat-%s-ext" % site
- dummy_site_if_ext = "dummy-%s-e" % site
- int2ext_site_if = "i2e-%s" % site
- ext2int_site_if = "e2i-%s" % site
- site_ifaces = {
- # Regular BATMAN interface, always present
- bat_site_if : {
- 'type' : 'batman',
- # int2ext_site_if will be added automagically if requred
- 'batman-ifaces' : [ dummy_site_if ],
- 'batman-ifaces-ignore-regex': '.*_.*',
- 'hwaddress' : gen_batman_iface_mac (site_no, device_no, 'bat'),
- },
- # Dummy interface always present in regular BATMAN instance
- dummy_site_if : {
- 'link-type' : 'dummy',
- 'hwaddress' : gen_batman_iface_mac (site_no, device_no, 'dummy'),
- 'mtu' : MTU['batman_underlay_iface'],
- },
- # Optional 2nd "external" BATMAN instance
- bat_site_if_ext : {
- 'type' : 'batman',
- 'batman-ifaces' : [ dummy_site_if_ext, ext2int_site_if ],
- 'batman-ifaces-ignore-regex': '.*_.*',
- 'hwaddress' : gen_batman_iface_mac (site_no, device_no, 'bat-e'),
- 'ext_only' : True,
- },
- # Optional dummy interface always present in 2nd "external" BATMAN instance
- dummy_site_if_ext : {
- 'link-type' : 'dummy',
- 'hwaddress' : gen_batman_iface_mac (site_no, device_no, 'dummy-e'),
- 'ext_only' : True,
- 'mtu' : MTU['batman_underlay_iface'],
- },
- # Optional VEth interface pair - internal side
- int2ext_site_if : {
- 'link-type' : 'veth',
- 'veth-peer-name' : ext2int_site_if,
- 'hwaddress' : gen_batman_iface_mac (site_no, device_no, 'int2ext'),
- 'mtu' : MTU['batman_underlay_iface'],
- 'ext_only' : True,
- },
- # Optional VEth interface pair - "external" side
- ext2int_site_if : {
- 'link-type' : 'veth',
- 'veth-peer-name' : int2ext_site_if,
- 'hwaddress' : gen_batman_iface_mac (site_no, device_no, 'ext2int'),
- 'mtu' : MTU['batman_underlay_iface'],
- 'ext_only' : True,
- },
- }
- for iface, iface_config_tmpl in site_ifaces.items ():
- # Ignore any interface only relevant when role batman_ext is set
- # but it isn't
- if not batman_ext and iface_config_tmpl.get ('ext_only', False):
- continue
- # Remove ext_only key so we don't leak it into ifaces dict
- if 'ext_only' in iface_config_tmpl:
- del iface_config_tmpl['ext_only']
- # If there is no trace of the desired iface config yet...
- if iface not in ifaces:
- # ... just place our template there.
- ifaces[iface] = iface_config_tmpl
- # If there should be an 2nd external BATMAN instance make sure
- # the internal side of the VEth iface pair is connected to the
- # internal BATMAN instance.
- if batman_ext and iface == bat_site_if:
- iface_config_tmpl['batman-ifaces'].append (int2ext_site_if)
- # If there already is an interface configuration try to enhance it with
- # meaningful values from our template and force correct hwaddress to be
- # used.
- else:
- iface_config = ifaces[iface]
- # Force hwaddress to be what we expect.
- if 'hwaddress' in iface_config_tmpl:
- iface_config['hwaddress'] = iface_config_tmpl['hwaddress']
- # Copy every attribute of the config template missing in iface config
- for attr in iface_config_tmpl:
- if attr not in iface_config:
- iface_config[attr] = iface_config_tmpl[attr]
- # Make sure there is a bridge present for every site where a mesh_breakout
- # interface should be configured.
- for iface, config in ifaces.items ():
- iface_type = config.get ('type', 'inet')
- if iface_type not in ['mesh_breakout', 'batman_iface']:
- continue
- site = config.get ('site')
- site_bridge = "br-%s" % site
- batman_site_if = "bat-%s" % site
- if iface_type == 'mesh_breakout':
- # If the bridge has already been defined (with an IP maybe) make
- # sure that the corresbonding batman device is part of the bridge-
- # ports.
- if site_bridge in ifaces:
- bridge_config = ifaces.get (site_bridge)
- # If there already is/are (a) bridge-port(s) defined, add
- # the batman and the breakout interfaces if not present...
- bridge_ports = bridge_config.get ('bridge-ports', None)
- if bridge_ports:
- for dev in (batman_site_if, iface):
- if not dev in bridge_ports:
- if type (bridge_ports) == list:
- bridge_ports.append (dev)
- else:
- bridge_config['bridge-ports'] += ' ' + dev
- # ...if there is no bridge-port defined yet, just used
- # the batman and breakout iface.
- else:
- bridge_config['bridge-ports'] = [ iface, batman_site_if ]
- # If the bridge isn't present alltogether, add it.
- else:
- ifaces[site_bridge] = {
- 'bridge-ports' : [ iface, batman_site_if ],
- }
- elif iface_type == 'batman_iface':
- batman_ifaces = ifaces[batman_site_if]['batman-ifaces']
- if iface not in batman_ifaces:
- if type (batman_ifaces) == list:
- batman_ifaces.append (iface)
- else:
- batman_ifaces += ' ' + iface
- # Use the MTU configured for this interface or, if none is set,
- # the default value for batman underlay iface.
- mtu = config.get('mtu', MTU['batman_underlay_iface'])
- _set_mtu_to_iface_and_upper (ifaces, iface, mtu)
- #
- # Generate any implicitly defined VXLAN interfaces defined in the nodes iface
- # defined in pillar.
- # The keyword "batman_connect_sites" on an interface will trigger the
- # generation of a VXLAN overlay interfaces.
- def _generate_vxlan_interface_config (node_config, ifaces, sites_config):
- # No role 'batman', nothing to do
- if 'batman' not in node_config.get ('roles', []):
- return
- # Sites configured on this node. Nothing to do, if none.
- my_sites = node_config.get ('sites', [])
- if len (my_sites) == 0:
- return
- # As we're still here we can now safely assume that a B.A.T.M.A.N.
- # device has been configured for every site specified in sites list.
- device_no = node_config.get ('id', -1)
- for iface, iface_config in ifaces.items ():
- batman_connect_sites = iface_config.get ('batman_connect_sites', [])
- # If we got a string, convert it to a list with a single element
- if type (batman_connect_sites) == str:
- batman_connect_sites = [ batman_connect_sites ]
- # If there the list of sites to connect is empty, there's nothing to do here.
- if len (batman_connect_sites) == 0:
- continue
- # Set the MTU of this (probably) VLAN device to the MTU required for a VXLAN underlay
- # device, where B.A.T.M.A.N. adv. is to be expected within the VXLAN overlay.
- _set_mtu_to_iface_and_upper (ifaces, iface, MTU['vxlan_underlay_iface'])
- # If the string 'all' is part of the list, blindly use all sites configured for this node
- if 'all' in batman_connect_sites:
- batman_connect_sites = my_sites
- for site in batman_connect_sites:
- # Silenty ignore sites not configured on this node
- if site not in my_sites:
- continue
- # iface_name := vx_<last 5 chars of underlay iface>_<site> stripped to 15 chars
- vx_iface = ("vx_%s_%s" % (re.sub ('vlan', 'v', iface)[-5:], re.sub (r'[_-]', '', site)))[:15]
- site_no = _get_site_no (sites_config, site)
- vni = 100 + site_no
- bat_iface = "bat-%s" % site
- try:
- iface_id = int (re.sub ('vlan', '', iface))
- # Gather interface specific mcast address.
- # The address is derived from the vlan-id of the underlying interface,
- # assuming that it in fact is a vlan interface.
- # Mangle the vlan-id into two 2 digit values, eliminating any leading zeros.
- iface_id_4digit = "%04d" % iface_id
- octet2 = int (iface_id_4digit[0:2])
- octet3 = int (iface_id_4digit[2:4])
- mcast_ip = "225.%s.%s.%s" % (octet2, octet3, site_no)
- vni = octet2 * 256 * 256 + octet3 * 256 + site_no
- except ValueError:
- iface_id = 9999
- mcast_ip = "225.0.0.%s" % site_no
- vni = site_no
- # bail out if VXLAN tunnel already configured
- if vx_iface in ifaces:
- continue
- # If there's no batman interface for this site, there's no point
- # in setting up a VXLAN interfaces
- if bat_iface not in ifaces:
- continue
- # Add the VXLAN interface
- ifaces[vx_iface] = {
- 'vxlan' : {
- 'vxlan-id' : vni,
- 'vxlan-svcnodeip' : mcast_ip,
- 'vxlan-physdev' : iface,
- },
- 'hwaddress' : gen_batman_iface_mac (site_no, device_no, iface_id),
- 'mtu' : MTU['batman_underlay_iface'],
- }
- # If the batman interface for this site doesn't have any interfaces
- # set up - which basicly cannot happen - add this VXLAN tunnel as
- # the first in the list.
- if not 'batman-ifaces' in ifaces[bat_iface]:
- ifaces[bat_iface]['batman-ifaces'] = [ vx_iface ]
- continue
- # In the hope there already are interfaces for batman set up already
- # add this VXLAN tunnel to the list
- batman_ifaces = ifaces[bat_iface]['batman-ifaces']
- if vx_iface not in batman_ifaces:
- if type (batman_ifaces) == list:
- batman_ifaces.append (vx_iface)
- else:
- batman_ifaces += ' ' + vx_iface
- #
- # Generate implicitly defined VRFs according to the vrf_info dict at the top
- # of this file
- def _generate_vrfs (ifaces):
- for iface, iface_config in ifaces.items ():
- vrf = iface_config.get ('vrf', None)
- if vrf and vrf not in ifaces:
- conf = vrf_info.get (vrf, {})
- table = conf.get ('table', 1234)
- fwmark = conf.get ('fwmark', None)
- ifaces[vrf] = {
- 'vrf-table' : table,
- }
- # Create ip rule's for any fwmarks defined
- if fwmark:
- up = []
- # Make sure we are dealing with a list even if there is only one mark to be set up
- if type (fwmark) in (str, int):
- fwmark = [ fwmark ]
- # Create ip rule entries for IPv4 and IPv6 for every fwmark
- for mark in fwmark:
- up.append ("ip rule add fwmark %s table %s" % (mark, table))
- up.append ("ip -6 rule add fwmark %s table %s" % (mark, table))
- ifaces[vrf]['up'] = up
- def _generate_ffrl_gre_tunnels (ifaces):
- for iface, iface_config in ifaces.items ():
- # We only care for GRE_FFRL type interfaces
- if iface_config.get ('type', '') != 'GRE_FFRL':
- continue
- # Copy default values to interface config
- for attr, val in GRE_FFRL_attrs.items ():
- if not attr in iface_config:
- iface_config[attr] = val
- # Guesstimate local IPv4 tunnel endpoint address from tunnel-physdev
- if not 'local' in iface_config and 'tunnel-physdev' in iface_config:
- try:
- physdev_prefixes = [p.split ('/')[0] for p in ifaces[iface_config['tunnel-physdev']]['prefixes'] if '.' in p]
- if len (physdev_prefixes) == 1:
- iface_config['local'] = physdev_prefixes[0]
- except KeyError:
- pass
- def _generate_loopback_ips (ifaces, node_config, node_id):
- v4_ip = "%s/32" % get_loopback_ip (node_config, node_id, 'v4')
- v6_ip = "%s/128" % get_loopback_ip (node_config, node_id, 'v6')
- # Interface lo already present?
- if 'lo' not in ifaces:
- ifaces['lo'] = { 'prefixes' : [] }
- # Add 'prefixes' list if not present
- if 'prefixes' not in ifaces['lo']:
- ifaces['lo']['prefixes'] = []
- prefixes = ifaces['lo']['prefixes']
- if v4_ip not in prefixes:
- prefixes.append (v4_ip)
- if v6_ip not in prefixes:
- prefixes.append (v6_ip)
- # Generate interface descriptions / aliases for auto generated or manually
- # created interfaces. Currently this only is done for bridges associated
- # with BATMAN instanzes.
- #
- # @param node_config: The configuration of the given node (as dict)
- # @param sites_config Global sites configuration (as dict)
- def _update_interface_desc (node_config, sites_config):
- # Currently we only care for nodes with batman role.
- if 'batman' not in node_config.get ('roles', []):
- return
- for iface, iface_config in node_config.get ('ifaces', {}).items ():
- if 'desc' in sites_config:
- continue
- # If the interface name looks like a bridge for a BATMAN instance
- # try to get the name of the corresponding site
- match = re.search (r'^br-([a-z_-]+)$', iface)
- if match and match.group (1) in sites_config:
- try:
- iface_config['desc'] = sites_config[match.group (1)]['name']
- except KeyError:
- pass
- ################################################################################
- # Public functions #
- ################################################################################
- # Generate network interface configuration for given node.
- #
- # This function will read the network configuration from pillar and will
- # * enhance it with all default values configured at the top this file
- # * auto generate any implicitly configured
- # * VRFs
- # * B.A.T.M.A.N. instances and interfaces
- # * VXLAN interfaces to connect B.A.T.M.A.N. sites
- # * Loopback IPs derived from numeric node ID
- #
- # @param: node_config Pillar node configuration (as dict)
- # @param: sites_config Pillar sites configuration (as dict)
- # @param: node_id Minion name / Pillar node configuration key
- def get_interface_config (node_config, sites_config, node_id = ""):
- # Make a copy of the node_config dictionary to suppress side-effects.
- # This function deletes some keys from the node_config which will break
- # any re-run of this function or other functions relying on the node_config
- # to be complete.
- node_config = deepcopy (node_config)
- # Get config of this node and dict of all configured ifaces
- ifaces = node_config.get ('ifaces', {})
- # Generate configuration entries for any batman related interfaces not
- # configured explicitly, but asked for implicitly by role <batman> and
- # a (list of) site(s) specified in the node config.
- _generate_batman_interface_config (node_config, ifaces, sites_config)
- # Generate VXLAN tunnels for every interfaces specifying 'batman_connect_sites'
- _generate_vxlan_interface_config (node_config, ifaces, sites_config)
- # Enhance ifaces configuration with some meaningful defaults for
- # bonding, bridge and vlan interfaces, MAC address for batman ifaces, etc.
- for interface, config in ifaces.items ():
- # if type (config) not in [ dict, collections.OrderedDict ]:
- # raise Exception ("Configuration for interface %s on node %s seems broken: Type %s" % (interface, node_id, type (config)))
- iface_type = config.get ('type', 'inet')
- if 'batman-ifaces' in config or iface_type.startswith ('batman'):
- _update_batman_config (node_config, interface, sites_config)
- if 'bond-slaves' in config:
- _update_bond_config (config)
- # FIXME: This maybe will not match on bridges without any member ports configured!
- if 'bridge-ports' in config or interface.startswith ('br-'):
- _update_bridge_config (config)
- if 'vlan-raw-device' in config or 'vlan-id' in config:
- _update_vlan_config (config)
- _set_mtu_to_iface_and_upper (ifaces, interface, 0)
- # Pimp configuration for VEth link pairs
- if interface.startswith ('veth_'):
- _update_veth_config (interface, config)
- # Auto generate Loopback IPs IFF not present
- _generate_loopback_ips (ifaces, node_config, node_id)
- # Auto generated VRF devices for any VRF found in ifaces and not already configured.
- _generate_vrfs (ifaces)
- # Pimp GRE_FFRL type inteface configuration with default values
- _generate_ffrl_gre_tunnels (ifaces)
- # Drop any config parameters used in node interface configuration not
- # relevant anymore for config file generation.
- for interface, config in ifaces.items ():
- # Set default MTU if not already set manually or by any earlier function
- if interface != 'lo' and ('mtu' not in config):
- # Set the MTU value of this interface to the autogenerated value (if any)
- # or set the default, when no automtu is present.
- config['mtu'] = config.get ('automtu', MTU['default'])
- for key in [ 'automtu', 'batman_connect_sites', 'has_gateway', 'ospf', 'site', 'type', 'tagged_vlans' ]:
- if key in config:
- config.pop (key)
- # This leaves 'auto', 'prefixes' and 'desc' as keys which should not be directly
- # printed into the remaining configuration. These are handled within the jinja
- # interface template.
- # Generate meaningful interface descriptions / aliases where useful
- _update_interface_desc (node_config, sites_config)
- return ifaces
- # Generate entries for /etc/bat-hosts for every batman interface we will configure on any node.
- # For readability purposes superflous/redundant information is being stripped/supressed.
- # As these names will only show up in batctl calls with a specific site, site_names in interfaces
- # are stripped. Dummy interfaces are stripped as well.
- def gen_bat_hosts (nodes_config, sites_config):
- bat_hosts = {}
- for node_id in sorted (nodes_config.keys ()):
- node_config = nodes_config.get (node_id)
- node_name = node_id.split ('.')[0]
- ifaces = get_interface_config (node_config, sites_config, node_id)
- for iface in sorted (ifaces):
- iface_config = ifaces.get (iface)
- hwaddress = iface_config.get ('hwaddress', None)
- if hwaddress == None:
- continue
- entry_name = node_name
- match = re.search (r'^dummy-(.+)(-e)?$', iface)
- if match:
- if match.group (2):
- entry_name += "-e"
- # Append site to make name unique
- entry_name += "/%s" % match.group (1)
- else:
- entry_name += "/%s" % re.sub (r'^(vx_.*|i2e|e2i)[_-](.*)$', '\g<1>/\g<2>', iface)
- bat_hosts[hwaddress] = entry_name
- if 'fastd' in node_config.get ('roles', []):
- device_no = node_config.get ('id')
- for site in node_config.get ('sites', []):
- site_no = _get_site_no (sites_config, site)
- for network in ('intergw', 'nodes4', 'nodes6'):
- hwaddress = gen_batman_iface_mac (site_no, device_no, network)
- bat_hosts[hwaddress] = "%s/%s/%s" % (node_name, network, site)
- return bat_hosts
- # Generate eBGP session parameters for FFRL Transit from nodes pillar information.
- def get_ffrl_bgp_config (ifaces, proto):
- from ipcalc import IP
- _generate_ffrl_gre_tunnels (ifaces)
- sessions = {}
- for iface in sorted (ifaces):
- # We only care for GRE tunnels to the FFRL Backbone
- if not iface.startswith ('gre_ffrl_'):
- continue
- iface_config = ifaces.get (iface)
- # Search for IPv4/IPv6 prefix as defined by proto parameter
- local = None
- neighbor = None
- for prefix in iface_config.get ('prefixes', []):
- if (proto == 'v4' and '.' in prefix) or (proto == 'v6' and ':' in prefix):
- local = prefix.split ('/')[0]
- # Calculate neighbor IP as <local IP> - 1
- if proto == 'v4':
- neighbor = str (IP (int (IP (local)) - 1, version = 4))
- else:
- neighbor = str (IP (int (IP (local)) - 1, version = 6))
- break
- # Strip gre_ prefix iface name and use it as identifier for the eBGP session.
- name = re.sub ('gre_ffrl_', 'ffrl_', iface)
- sessions[name] = {
- 'local' : local,
- 'neighbor' : neighbor,
- 'bgp_local_pref' : iface_config.get ('bgp_local_pref', None),
- }
- return sessions
- # Get list of IP address configured on given interface on given node.
- #
- # @param: node_config Pillar node configuration (as dict)
- # @param: iface_name Name of the interface defined in pillar node config
- # OR name of VRF ("vrf_<something>") whichs ifaces are
- # to be examined.
- # @param: with_mask Don't strip the netmask from the prefix. (Default false)
- def get_node_iface_ips (node_config, iface_name, with_mask = False):
- ips = {
- 'v4' : [],
- 'v6' : [],
- }
- ifaces = node_config.get ('ifaces', {})
- ifaces_names = [ iface_name ]
- if iface_name.startswith ('vrf_'):
- # Reset list of ifaces_names to consider
- ifaces_names = []
- vrf = iface_name
- for iface, iface_config in ifaces.items ():
- # Ignore any iface NOT in the given VRF
- if iface_config.get ('vrf', None) != vrf:
- continue
- # Ignore any VEth pairs
- if iface.startswith ('veth'):
- continue
- ifaces_names.append (iface)
- try:
- for iface in ifaces_names:
- for prefix in ifaces[iface]['prefixes']:
- ip_ver = 'v6' if ':' in prefix else 'v4'
- if not with_mask:
- prefix = prefix.split ('/')[0]
- ips[ip_ver].append (prefix)
- except KeyError:
- pass
- return ips
- #
- # Get the lookback IP of the given node for the given proto
- #
- # @param node_config: Pillar node configuration (as dict)
- # @param node_id: Minion name / Pillar node configuration key
- # @param proto: { 'v4', 'v6' }
- def get_loopback_ip (node_config, node_id, proto):
- if proto not in [ 'v4', 'v6' ]:
- raise Exception ("get_loopback_ip(): Invalid proto: \"%s\"." % proto)
- if not proto in loopback_prefix:
- raise Exception ("get_loopback_ip(): No loopback_prefix configured for IP%s in ffno_net module!" % proto)
- if not 'id' in node_config:
- raise Exception ("get_loopback_ip(): No 'id' configured in pillar for node \"%s\"!" % node_id)
- # Every rule has an exception.
- # If there is a loopback_overwrite configuration for this node, use this instead of
- # the generated IPs.
- if 'loopback_override' in node_config:
- if proto not in node_config['loopback_override']:
- raise Exception ("get_loopback_ip(): No loopback_prefix configured for IP%s in node config / loopback_override!" % proto)
- return node_config['loopback_override'][proto]
- return "%s%s" % (loopback_prefix.get (proto), node_config.get ('id'))
- #
- # Get the router id (read: IPv4 Lo-IP) out of the given node config.
- def get_router_id (node_config, node_id):
- return get_loopback_ip (node_config, node_id, 'v4')
- # Compute minions OSPF interface configuration according to FFHO routing policy
- # See https://wiki.ffho.net/infrastruktur:vlans for information about Vlans
- def get_ospf_interface_config (node_config, grains_id):
- ospf_node_config = node_config.get ('ospf', {})
- ospf_interfaces = {}
- for iface, iface_config in node_config.get ('ifaces', {}).items ():
- # By default we don't speak OSPF on interfaces
- ospf_on = False
- # Defaults for OSPF interfaces
- ospf_config = {
- 'stub' : True, # Active/Passive interface
- 'cost' : 12345,
- # 'type' # Area type
- }
- # OSPF configuration for interface present?
- ospf_config_pillar = iface_config.get ('ospf', {})
- # Should be completely ignore this interface?
- if ospf_config_pillar.get ('ignore', False):
- continue
- # Local Gigabit Ethernet based connections (PTP or L2 subnets), cost 10
- if re.search (r'^(br-?|br\d+\.|vlan)10\d\d$', iface):
- ospf_on = True
- ospf_config['stub'] = False
- ospf_config['cost'] = 10
- ospf_config['desc'] = "Wired Gigabit connection"
- # VLL connection
- elif re.search (r'^vlan15\d\d$', iface):
- ospf_on = True
- ospf_config['stub'] = False
- ospf_config['cost'] = 20
- ospf_config['desc'] = "VLL connection"
- # WBBL connection
- elif re.search (r'^vlan20\d\d$', iface):
- ospf_on = True
- ospf_config['stub'] = False
- ospf_config['cost'] = 100
- ospf_config['desc'] = "WBBL connection"
- # Legacy WBBL connection
- elif re.search (r'^vlan22\d\d$', iface):
- ospf_on = True
- ospf_config['stub'] = False
- ospf_config['cost'] = 1000
- ospf_config['desc'] = "WBBL connection"
- # Management Vlans
- elif re.search (r'^vlan30\d\d$', iface):
- ospf_on = True
- ospf_config['stub'] = True
- ospf_config['cost'] = 10
- # OPS Vlans
- elif re.search (r'^vlan39\d\d$', iface):
- ospf_on = True
- ospf_config['stub'] = True
- ospf_config['cost'] = 10
- # Active OSPF on OpenVPN tunnels, cost 10000
- elif iface.startswith ('ovpn-'):
- ospf_on = True
- ospf_config['stub'] = False
- ospf_config['cost'] = 10000
- # Inter-Core links should have cost 5000
- if iface.startswith ('ovpn-cr') and grains_id.startswith ('cr'):
- ospf_config['cost'] = 5000
- # OpenVPN tunnels to EdgeRouters
- elif iface.startswith ('ovpn-er-'):
- ospf_config['type'] = 'broadcast'
- # Configure Out-of-band OpenVPN tunnels as stub interfaces,
- # so recursive next-hop lookups for OOB-BGP-session will work.
- elif iface.startswith ('oob-'):
- ospf_on = True
- ospf_config['stub'] = True
- ospf_config['cost'] = 1000
- # OSPF explicitly enabled for interface
- elif 'ospf' in iface_config:
- ospf_on = True
- # iface ospf parameters will be applied later
- # Go on if OSPF should not be actived
- if not ospf_on:
- continue
- # Explicit OSPF interface configuration parameters take precendence over generated ones
- for attr, val in ospf_config_pillar.items ():
- ospf_config[attr] = val
- # Convert boolean values to 'yes' / 'no' string values
- for attr, val in ospf_config.items ():
- if type (val) == bool:
- ospf_config[attr] = 'yes' if val else 'no'
- # Store interface configuration
- ospf_interfaces[iface] = ospf_config
- return ospf_interfaces
- # Return (possibly empty) subset of Traffic Engineering entries from 'te' pillar entry
- # relevenant for this minion and protocol (IPv4 / IPv6)
- def get_te_prefixes (te_node_config, grains_id, proto):
- te_config = {}
- for prefix, prefix_config in te_node_config.get ('prefixes', {}).items ():
- prefix_proto = 'v6' if ':' in prefix else 'v4'
- # Should this TE policy be applied on this node and is the prefix
- # of the proto we are looking for?
- if grains_id in prefix_config.get ('nodes', []) and prefix_proto == proto:
- te_config[prefix] = prefix_config
- return te_config
- def generate_DNS_entries (nodes_config, sites_config):
- import ipaddress
- forward_zone_name = ""
- forward_zone = []
- zones = {
- # <forward_zone_name>: [],
- # <rev_zone1_name>: [],
- # <rev_zone2_name>: [],
- # ...
- }
- # Fill zones dict with zones configured in DNS_zone_names at the top of this file.
- # Make sure the zone base names provided start with a leading . so the string
- # operations later can be done easily and safely. Proceed with fingers crossed.
- for entry, value in DNS_zone_names.items ():
- if entry == "forward":
- zone = value
- if not zone.startswith ('.'):
- zone = ".%s" % zone
- zones[zone] = forward_zone
- forward_zone_name = zone
- if entry in [ 'rev_v4', 'rev_v6' ]:
- for zone in value:
- if not zone.startswith ('.'):
- zone = ".%s" % zone
- zones[zone] = []
- # Process all interfaace of all nodes defined in pillar and generate forward
- # and reverse entries for all zones defined in DNS_zone_names. Automagically
- # put reverse entries into correct zone.
- for node_id in sorted (nodes_config):
- node_config = nodes_config.get (node_id)
- ifaces = get_interface_config (node_config, sites_config, node_id)
- for iface in sorted (ifaces):
- iface_config = ifaces.get (iface)
- # We only care for interfaces with IPs configured
- prefixes = iface_config.get ("prefixes", None)
- if prefixes == None:
- continue
- # Ignore any interface in $VRF
- if iface_config.get ('vrf', "") in [ 'vrf_external' ]:
- continue
- for prefix in sorted (prefixes):
- ip = ipaddress.ip_address (u'%s' % prefix.split ('/')[0])
- proto = 'v%s' % ip.version
- # The entry name is
- # <node_id> when interface 'lo'
- # <node_name>.srv.<residual> when interface 'srv' (or magically detected internal srv record)
- # <interface>.<node_id> else
- entry_name = node_id
- if iface != "lo":
- entry_name = "%s.%s" % (iface, node_id)
- elif iface == 'srv' or re.search (r'^(10.132.251|2a03:2260:2342:f251:)', prefix):
- entry_name = re.sub (r'^([^.]+)\.(.+)$', r'\g<1>.srv.\g<2>', entry_name)
- # Strip forward zone name from entry_name and store forward entry
- # with correct entry type for found IP address.
- forward_entry_name = re.sub (forward_zone_name, "", entry_name)
- forward_entry_name = re.sub (forward_zone_name, "", entry_name)
- forward_entry_typ = "A" if ip.version == 4 else "AAAA"
- forward_zone.append ("%s IN %s %s" % (forward_entry_name, forward_entry_typ, ip))
- # Find correct reverse zone, if configured and strip reverse zone name
- # from calculated reverse pointer name. Store reverse entry if we found
- # a zone for it. If no configured reverse zone did match, this reverse
- # entry will be ignored.
- for zone in zones:
- if ip.reverse_pointer.find (zone) > 0:
- PTR_entry = re.sub (zone, "", ip.reverse_pointer)
- zones[zone].append ("%s IN PTR %s." % (PTR_entry, entry_name))
- break
- return zones
- # Convert the CIDR network from the given prefix into a dotted netmask
- def cidr_to_dotted_mask (prefix):
- from ipcalc import Network
- return str (Network (prefix).netmask ())
- def is_subprefix (prefix, subprefix):
- from ipcalc import Network
- return subprefix in Network(prefix)
- # Return the network address of the given prefix
- def get_network_address (prefix, with_prefixlen = False):
- from ipaddress import ip_network
- net_h = ip_network (u'%s' % prefix, strict = False)
- network = str (net_h.network_address)
- if with_prefixlen:
- network += "/%s" % net_h.prefixlen
- return network
|