Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
adffaf4970 |
@ -5,7 +5,15 @@ ADMIN_HOSTS="74.121.32.0/22"
|
||||
{% if pillar['yap']['vxlan_peers'] %}
|
||||
VXLAN_PEERS='{% for peer in pillar['yap']['vxlan_peers'] %}{{ peer }} {% endfor %}'
|
||||
{% endif %}
|
||||
|
||||
declare -A SPACES
|
||||
{% if pillar['yap']['spaces'] %}{% for name, space in pillar['yap']['spaces'].items() %}
|
||||
declare -A SPACE_IPS
|
||||
declare -A SPACE_ROUTES
|
||||
|
||||
{%- if pillar['yap']['spaces'] -%}
|
||||
{%- for name, space in pillar['yap']['spaces'].items() %}
|
||||
SPACES[{{ name }}]='{{ space['id'] }} {{ space['vlan'] }}'
|
||||
{% endfor %}{% endif %}
|
||||
{% if space['ips'] %}SPACE_IPS[{{ name }}]='{% for ip in space['ips'] %}{{ ip }} {% endfor %}'{% endif %}
|
||||
{% if space['routes'] %}SPACE_ROUTES[{{ name }}]='{% for route, gateway in space['routes'].items() %}{{ route }},{{ gateway }} {% endfor %}'{% endif %}
|
||||
{% endfor -%}
|
||||
{%- endif -%}
|
||||
|
||||
@ -23,6 +23,10 @@ ipsec-tools:
|
||||
pkg.installed:
|
||||
- refresh: false
|
||||
|
||||
sipcalc:
|
||||
pkg.installed:
|
||||
- refresh: false
|
||||
|
||||
/etc/bird.conf:
|
||||
file.managed:
|
||||
- source: salt://{{ tpldir }}/bird.conf
|
||||
|
||||
@ -109,6 +109,14 @@ function get_table_id() {
|
||||
}
|
||||
|
||||
|
||||
function get_network_address() {
|
||||
local network_address=$(sipcalc $1 | grep 'Network address' | cut -d - -f 2)
|
||||
local prefixlen=$(sipcalc $1 | grep 'Network mask (bits)' | cut -d - -f 2)
|
||||
|
||||
echo ${network_address/ /}/${prefixlen/ /}
|
||||
}
|
||||
|
||||
|
||||
get_links() {
|
||||
ip -o link | cut -d ' ' -f 2 | sed -e 's/\(@.*\)\?://g'
|
||||
}
|
||||
@ -239,18 +247,25 @@ function start() {
|
||||
vxlan_ip=$(get_vxlan_ip $space_id $YAP_ID)
|
||||
table_id=$(get_table_id $space_id)
|
||||
|
||||
set -x
|
||||
# add VRF
|
||||
ip link add $space type vrf table $table_id
|
||||
ip link set $space up
|
||||
|
||||
# add VLAN
|
||||
ip link add link $VLAN_TRUNK name vl-$space type vlan id $vlan_id
|
||||
ip addr add $vlan_ip/21 dev vl-$space
|
||||
ip rule add iif vl-$space lookup $table_id prio 1000
|
||||
# ip rule add iif vl-$space lookup $table_id prio 1000
|
||||
ip link set vl-$space up
|
||||
ip link set vl-$space master $space
|
||||
|
||||
# add VXLAN
|
||||
ip link add vx-$space type vxlan id $space_id dstport 4789
|
||||
ip link set vx-$space mtu 1432
|
||||
ip rule add iif vx-$space lookup $table_id prio 1000
|
||||
# ip rule add iif vx-$space lookup $table_id prio 1000
|
||||
ip addr add $vxlan_ip/21 dev vx-$space
|
||||
ip link set vx-$space up
|
||||
ip link set vx-$space master $space
|
||||
|
||||
if [ ! -z "$VXLAN_PEERS" ] ; then
|
||||
for peer in $VXLAN_PEERS ; do
|
||||
@ -258,13 +273,29 @@ function start() {
|
||||
done
|
||||
fi
|
||||
|
||||
if [ -n ${SPACE_IPS[$space]} ] ; then
|
||||
for address in ${SPACE_IPS[$space]} ; do
|
||||
network_address=$(get_network_address $address)
|
||||
ip addr add $address dev vl-$space
|
||||
# ip route add $network_address dev vl-$space src ${address/\/*/} table $table_id
|
||||
done
|
||||
fi
|
||||
if [ -n ${SPACE_ROUTES[$space]} ] ; then
|
||||
for route_def in ${SPACE_ROUTES[$space]} ; do
|
||||
IFS=',' read -ra route <<< "$route_def"
|
||||
ip route add ${route[0]} via ${route[1]} table $table_id
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
cat <<EOF > /etc/yap/bird/$space.conf
|
||||
ipv4 table ${space}_ipv4;
|
||||
|
||||
protocol kernel krt_${space}_ipv4 {
|
||||
protocol kernel kernel_${space} {
|
||||
vrf "${space}";
|
||||
kernel table ${table_id};
|
||||
learn;
|
||||
scan time 10;
|
||||
kernel table ${table_id};
|
||||
ipv4 {
|
||||
import all;
|
||||
export all;
|
||||
@ -273,7 +304,18 @@ protocol kernel krt_${space}_ipv4 {
|
||||
};
|
||||
}
|
||||
|
||||
protocol direct direct_${space} {
|
||||
vrf "${space}";
|
||||
ipv4 {
|
||||
table ${space}_ipv4;
|
||||
};
|
||||
interface "${space}";
|
||||
interface "vl-${space}";
|
||||
interface "vx-${space}";
|
||||
}
|
||||
|
||||
protocol ospf ospf_${space} {
|
||||
vrf "${space}";
|
||||
router id $(echo ${vlan_ip} | cut -d / -f 1);
|
||||
area 0.0.0.0 {
|
||||
interface "vl-${space}"{
|
||||
@ -318,6 +360,7 @@ function stop() {
|
||||
ip link del vl-$space ||:
|
||||
ip rule del iif vx-$space lookup $table_id prio 1000 ||:
|
||||
ip rule del iif vl-$space lookup $table_id prio 1000 ||:
|
||||
ip link del $space ||:
|
||||
}
|
||||
|
||||
|
||||
|
||||
133
yap
133
yap
@ -174,11 +174,12 @@ function list_sections() {
|
||||
|
||||
|
||||
function validate_ip() {
|
||||
if ! [[ $1 =~ ^(0*(1?[0-9]{1,2}|2([0-4][0-9]|5[0-5]))\.){3}0*(1?[0-9]{1,2}|2([0-4][0-9]|5[0-5]))$ ]] ; then
|
||||
if ! [[ $1 =~ ^(0*(1?[0-9]{1,2}|2([0-4][0-9]|5[0-5]))\.){3}0*(1?[0-9]{1,2}|2([0-4][0-9]|5[0-5])) ]] ; then
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
# Get resource from API
|
||||
#
|
||||
function api_get() {
|
||||
@ -329,6 +330,18 @@ function salt_update() {
|
||||
echo " $space_name:"
|
||||
echo " vlan: $vlan"
|
||||
echo " id: $space_id"
|
||||
echo " ips:"
|
||||
local ip_key
|
||||
for ip_key in $(list_vars $space/ips) ; do
|
||||
echo " - '$(get_var $ip_key)'"
|
||||
done
|
||||
echo " routes:"
|
||||
local route_key route
|
||||
for route_key in $(list_vars $space/routes) ; do
|
||||
route=$(basename $route_key)
|
||||
route=${route/_//}
|
||||
echo " '$route': '$(get_var $route_key)'"
|
||||
done
|
||||
done
|
||||
} > $new_pillar_file
|
||||
|
||||
@ -415,7 +428,7 @@ function salt_exec() {
|
||||
nodelist="$1"
|
||||
shift
|
||||
|
||||
salt -C "$(salt_nodelist $nodelist)" $@
|
||||
salt -C "$nodelist" "$@"
|
||||
}
|
||||
|
||||
|
||||
@ -814,7 +827,7 @@ function vlan_set() {
|
||||
set_var "/regions/$region/spaces/$space/vlan" "$vlan_id"
|
||||
|
||||
salt_update $(get_region_nodelist $region) ||:
|
||||
salt_exec $(get_region_nodelist $region) cmd.run yap restart $space
|
||||
salt_exec "$(get_region_nodelist $region)" cmd.run "yap restart $space"
|
||||
}
|
||||
|
||||
|
||||
@ -824,11 +837,101 @@ function vlan_remove() {
|
||||
|
||||
del_var "/regions/$region/spaces/$space/vlan"
|
||||
|
||||
salt_exec $(get_region_nodelist $region) cmd.run yap stop $space ||:
|
||||
salt_exec $(get_region_nodelist $region) cmd.run "yap stop $space" ||:
|
||||
salt_update $(get_region_nodelist $region)
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# IP commands
|
||||
#
|
||||
|
||||
function ip_add() {
|
||||
args=$(check_args space,,$1 region,,$2 ip,,$3) || return 1
|
||||
eval $args
|
||||
|
||||
if ! has_section /spaces/$space ; then
|
||||
echo "Space does not exist"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! has_section /regions/$region ; then
|
||||
echo "Region does not exist"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! validate_ip $ip ; then
|
||||
echo "IP is not valid"
|
||||
return 1
|
||||
fi
|
||||
|
||||
ip_key=${ip/\//_}
|
||||
|
||||
set_var "/regions/$region/spaces/$space/ips/$ip_key" "$ip"
|
||||
|
||||
salt_update $(get_region_nodelist $region) ||:
|
||||
salt_exec "$(get_region_nodelist $region)" cmd.run "yap restart $space"
|
||||
}
|
||||
|
||||
|
||||
function ip_remove() {
|
||||
args=$(check_args space,,$1 region,,$2 ip,,$3) || return 1
|
||||
eval $args
|
||||
|
||||
ip_key=${ip/\//_}
|
||||
|
||||
del_var "/regions/$region/spaces/$space/ips/$ip_key"
|
||||
|
||||
salt_update $(get_region_nodelist $region) ||:
|
||||
salt_exec "$(get_region_nodelist $region)" cmd.run "yap restart $space"
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# Route commands
|
||||
#
|
||||
|
||||
function route_add() {
|
||||
args=$(check_args space,,$1 region,,$2 route,,$3 gateway,,$4) || return 1
|
||||
eval $args
|
||||
|
||||
if ! has_section /spaces/$space ; then
|
||||
echo "Space does not exist"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! has_section /regions/$region ; then
|
||||
echo "Region does not exist"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! validate_ip $route ; then
|
||||
echo "Route is not valid"
|
||||
return 1
|
||||
fi
|
||||
|
||||
route_key=${route/\//_}
|
||||
|
||||
set_var "/regions/$region/spaces/$space/routes/$route_key" "$gateway"
|
||||
|
||||
salt_update $(get_region_nodelist $region) ||:
|
||||
salt_exec "$(get_region_nodelist $region)" cmd.run "yap restart $space"
|
||||
}
|
||||
|
||||
|
||||
function route_remove() {
|
||||
args=$(check_args space,,$1 region,,$2 route,,$3) || return 1
|
||||
eval $args
|
||||
|
||||
route_key=${route/\//_}
|
||||
|
||||
del_var "/regions/$region/spaces/$space/routes/$route_key"
|
||||
|
||||
salt_update $(get_region_nodelist $region) ||:
|
||||
salt_exec "$(get_region_nodelist $region)" cmd.run "yap restart $space"
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# IPSEC commands
|
||||
#
|
||||
@ -845,7 +948,7 @@ function ipsec_enable() {
|
||||
nodelist="$(get_vxr_nodelist)"
|
||||
if [ -n "$nodelist" ] ; then
|
||||
salt_update $nodelist ||:
|
||||
salt_exec "$nodelist" cmd.run yap start-ipsec
|
||||
salt_exec "$nodelist" cmd.run "yap start-ipsec"
|
||||
fi
|
||||
}
|
||||
|
||||
@ -854,7 +957,7 @@ function ipsec_disable() {
|
||||
nodelist="$(get_vxr_nodelist)"
|
||||
if [ -n "$nodelist" ] ; then
|
||||
salt_update $nodelist ||:
|
||||
salt_exec "$nodelist" cmd.run yap stop-ipsec
|
||||
salt_exec "$nodelist" cmd.run "yap stop-ipsec"
|
||||
fi
|
||||
}
|
||||
|
||||
@ -890,6 +993,12 @@ function usage() {
|
||||
echo "vlan-set <spacekey> <region> <vlan_id>"
|
||||
echo "vlan-remove <spacekey> <region>"
|
||||
echo
|
||||
echo "ip-add <spacekey> <region> <ip>"
|
||||
echo "ip-remove <spacekey> <region> <ip>"
|
||||
echo
|
||||
echo "route-add <spacekey> <region> <route> <gateway>"
|
||||
echo "route-remove <spacekey> <region> <route>"
|
||||
echo
|
||||
echo "ipsec-enable"
|
||||
echo "ipsec-disable"
|
||||
|
||||
@ -974,6 +1083,18 @@ case "$action" in
|
||||
vlan-remove)
|
||||
vlan_remove "$@"
|
||||
;;
|
||||
ip-add)
|
||||
ip_add "$@"
|
||||
;;
|
||||
ip-remove)
|
||||
ip_remove "$@"
|
||||
;;
|
||||
route-add)
|
||||
route_add "$@"
|
||||
;;
|
||||
route-remove)
|
||||
route_remove "$@"
|
||||
;;
|
||||
ipsec-enable)
|
||||
ipsec_enable "$@"
|
||||
;;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user