From 03a0dbfdca6f4841ba17fb97895db1c48fd35386 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Wed, 19 May 2021 14:29:36 +0200
Subject: [PATCH] [bird] PEPED

---
 group_vars/bird.yml                     | 19 +++++++++++++++++++
 plays/bird.yml                          |  7 +++++++
 roles/bird/handlers/main.yml            | 20 ++++++++++++++++++++
 roles/bird/tasks/main.yml               |  2 ++
 roles/bird/templates/bird/bird.conf.j2  | 22 ++++++++++++----------
 roles/bird/templates/bird/bird6.conf.j2 | 22 ++++++++++++----------
 6 files changed, 72 insertions(+), 20 deletions(-)
 create mode 100644 group_vars/bird.yml
 create mode 100755 plays/bird.yml
 create mode 100644 roles/bird/handlers/main.yml

diff --git a/group_vars/bird.yml b/group_vars/bird.yml
new file mode 100644
index 00000000..439692f7
--- /dev/null
+++ b/group_vars/bird.yml
@@ -0,0 +1,19 @@
+---
+glob_bird:
+  bgp:
+    as: 204515
+    remote_as: 8218
+    ipv4:
+      router_id: 158.255.113.73
+      bind_address: 158.255.113.73
+      network:
+        - 185.230.76.0/22
+      neighbor: 158.255.113.72
+    ipv6:
+      router_id: 185.230.79.62
+      bind_address: 2001:1b48:2:103::bb:2
+      network:
+        - 2a0c:700::/36
+        - 2a0c:700:3000::/36
+      neighbor: 2001:1b48:2:103::bb:1
+
diff --git a/plays/bird.yml b/plays/bird.yml
new file mode 100755
index 00000000..7aac98f5
--- /dev/null
+++ b/plays/bird.yml
@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: bird
+  vars:
+    bird: '{{ glob_bird | default({}) | combine(loc_bird | default({})) }}'
+  roles:
+    - bird
diff --git a/roles/bird/handlers/main.yml b/roles/bird/handlers/main.yml
new file mode 100644
index 00000000..ce44e9e2
--- /dev/null
+++ b/roles/bird/handlers/main.yml
@@ -0,0 +1,20 @@
+---
+- name: check bird status
+  service_facts:
+  listen: 'reload bird'
+
+- name: reload bird
+  systemd:
+    name: bird
+    state: reloaded
+  when: not ansible_check_mode and ansible_facts.services['bird']['state'] == 'running'
+
+- name: check bird6 status
+  service_facts:
+  listen: 'reload bird6'
+
+- name: reload bird6
+  systemd:
+    name: bird6
+    state: reloaded
+  when: not ansible_check_mode and ansible_facts.services['bird6']['state'] == 'running'
diff --git a/roles/bird/tasks/main.yml b/roles/bird/tasks/main.yml
index 6315e8fc..60c4dce1 100644
--- a/roles/bird/tasks/main.yml
+++ b/roles/bird/tasks/main.yml
@@ -15,6 +15,7 @@
     mode: 0640
     owner: bird
     group: bird
+  notify: reload bird
 
 - name: Deploy bird6 configuration
   template:
@@ -23,3 +24,4 @@
     mode: 0640
     owner: bird
     group: bird
+  notify: reload bird6
diff --git a/roles/bird/templates/bird/bird.conf.j2 b/roles/bird/templates/bird/bird.conf.j2
index ae6cb106..95c84884 100644
--- a/roles/bird/templates/bird/bird.conf.j2
+++ b/roles/bird/templates/bird/bird.conf.j2
@@ -9,9 +9,9 @@
 
 # Change this into your BIRD router ID. It's a world-wide unique identification
 # of your router, usually one of router's IPv4 addresses.
-router id {{ bgp.ipv4.router_id }};
+router id {{ bird.bgp.ipv4.router_id }};
 
-listen bgp address {{ bgp.ipv4.bind_address }} port 179;
+listen bgp address {{ bird.bgp.ipv4.bind_address }} port 179;
 
 # The Kernel protocol is not a real routing protocol. Instead of communicating
 # with other routers in the network, it performs synchronization of BIRD's
@@ -20,7 +20,10 @@ protocol kernel {
 	persist;
 	scan time 60;
 	import none;
-	export all;   # Actually insert routes into the kernel routing table
+	export filter {
+		if ( net ~ [ {{ bird.bgp.ipv4.network | join(', ') }} ] ) then reject;
+		accept;
+	};
 }
 
 # The Device protocol is not a real routing protocol. It doesn't generate any
@@ -31,15 +34,14 @@ protocol device {
 }
 
 protocol static {
-	route {{ bgp.ipv4.network }} reject;
+{% for ip in bird.bgp.ipv4.network %}
+	route {{ ip }} reject;
+{% endfor %}
 }
 
 protocol bgp zayo {
-	local as {{ bgp.as }};
-	neighbor {{ bgp.ipv4.neighbor }} as {{ bgp.remote_as }};
+	local as {{ bird.bgp.as }};
+	neighbor {{ bird.bgp.ipv4.neighbor }} as {{ bird.bgp.remote_as }};
 	import all;
-	export filter {
-		if ( net ~ [ {{ bgp.ipv4.network }} ] ) then accept;
-		reject;
-	};
+	export all;
 }
diff --git a/roles/bird/templates/bird/bird6.conf.j2 b/roles/bird/templates/bird/bird6.conf.j2
index 56aeb1a8..8acd7b82 100644
--- a/roles/bird/templates/bird/bird6.conf.j2
+++ b/roles/bird/templates/bird/bird6.conf.j2
@@ -9,9 +9,9 @@
 
 # Change this into your BIRD router ID. It's a world-wide unique identification
 # of your router, usually one of router's IPv6 addresses.
-router id {{ bgp.ipv6.router_id }};
+router id {{ bird.bgp.ipv6.router_id }};
 
-listen bgp address {{ bgp.ipv6.bind_address }} port 179;
+listen bgp address {{ bird.bgp.ipv6.bind_address }} port 179;
 
 # The Kernel protocol is not a real routing protocol. Instead of communicating
 # with other routers in the network, it performs synchronization of BIRD's
@@ -20,7 +20,10 @@ protocol kernel {
 	persist;
 	scan time 60;
 	import none;
-	export all;   # Actually insert routes into the kernel routing table
+	export filter {
+		if ( net ~ [ {{ bird.bgp.ipv6.network | join(', ') }} ] ) then reject;
+		accept;
+	};
 }
 
 # The Device protocol is not a real routing protocol. It doesn't generate any
@@ -31,15 +34,14 @@ protocol device {
 }
 
 protocol static {
-	route {{ bgp.ipv6.network }} reject;
+{% for ip in bird.bgp.ipv6.network %}
+	route {{ ip }} reject;
+{% endfor %}
 }
 
 protocol bgp zayo {
-	local as {{ bgp.as }};
-	neighbor {{ bgp.ipv6.neighbor }} as {{ bgp.remote_as }};
+	local as {{ bird.bgp.as }};
+	neighbor {{ bird.bgp.ipv6.neighbor }} as {{ bird.bgp.remote_as }};
 	import all;
-	export filter {
-		if ( net ~ [ {{ bgp.ipv6.network }} ] ) then accept;
-		reject;
-	};
+	export all;
 }
-- 
GitLab