Skip to content
Snippets Groups Projects
Unverified Commit f8cb06b8 authored by Nico's avatar Nico
Browse files

backbone_babel: add optional support for bird

parent a3f056b4
No related branches found
No related tags found
No related merge requests found
...@@ -3,3 +3,4 @@ bb_babel_wg_private_key_path: /etc/wireguard/wg-private.key ...@@ -3,3 +3,4 @@ bb_babel_wg_private_key_path: /etc/wireguard/wg-private.key
bb_babel_wg_public_key_path: /etc/wireguard/wg-public.key bb_babel_wg_public_key_path: /etc/wireguard/wg-public.key
bb_babel_loopback_ipv6: [] bb_babel_loopback_ipv6: []
bb_babel_loopback_ipv4: [] bb_babel_loopback_ipv4: []
bb_babel_routing_daemon: babeld
...@@ -59,3 +59,9 @@ ...@@ -59,3 +59,9 @@
- name: Set up babel routing daemon - name: Set up babel routing daemon
ansible.builtin.include_tasks: ansible.builtin.include_tasks:
file: routing_babeld.yml file: routing_babeld.yml
when: "bb_babel_routing_daemon == 'babeld'"
- name: Set up bird routing daemon
ansible.builtin.include_tasks:
file: routing_bird.yml
when: "bb_babel_routing_daemon == 'bird'"
---
- name: Install bird2
ansible.builtin.apt:
name: bird2
state: present
- name: Mask babeld to avoid conflicts with bird
ansible.builtin.systemd_service:
name: babeld
enabled: false
masked: yes
state: stopped
- name: Enable bird
ansible.builtin.systemd_service:
name: bird
enabled: true
masked: no
state: started
- name: Ensure bird config is included
ansible.builtin.lineinfile:
line: 'include "/etc/bird/bird-backbone-babel.conf";'
regexp: '^include "/etc/bird/bird-backbone-babel.conf"'
path: /etc/bird/bird.conf
create: true
- name: "Deploy bird config"
ansible.builtin.template:
src: bird-backbone-babel.conf.j2
dest: "/etc/bird/bird-backbone-babel.conf"
vars:
# list remote line names for connections we are on either side (line_a or line_b) of
interfaces: "{{ bb_babel_wg_connections|selectattr('line_a', 'in', local_lines)|map(attribute='line_b') + bb_babel_wg_connections|selectattr('line_b', 'in', local_lines)|map(attribute='line_a') + bb_babel_peer_interfaces|default([]) }}"
# ANSIBLE managed
filter import_backbone_babel {
{% for network in bb_babel_networks|ansible.utils.ipv6 %}
if net.type = NET_IP6 && net ~ [{{ network }}+] then {
accept;
}
{% endfor %}
{% for network in bb_babel_networks|ansible.utils.ipv4 %}
if net.type = NET_IP4 && net ~ [{{ network }}+] then {
accept;
}
{% endfor %}
reject;
};
filter export_backbone_babel {
if ! (source ~ [RTS_STATIC, RTS_BABEL]) then {
reject;
}
{% for network in bb_babel_networks|ansible.utils.ipv6 %}
if net.type = NET_IP6 && net ~ [{{ network }}+] then {
accept;
}
{% endfor %}
{% for network in bb_babel_networks|ansible.utils.ipv4 %}
if net.type = NET_IP4 && net ~ [{{ network }}+] then {
accept;
}
{% endfor %}
reject;
};
protocol babel backbone_babel {
{% for interface in interfaces %}
interface "{{ interface }}" {
type wired;
};
{% endfor %}
ipv6 {
import filter import_backbone_babel;
import keep filtered on;
export filter export_backbone_babel;
};
ipv4 {
import filter import_backbone_babel;
import keep filtered on;
export filter export_backbone_babel;
};
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment