From 30ecc05a526b11f4eeec08ee96dd763b6f5770f1 Mon Sep 17 00:00:00 2001
From: Benjamin Graillot <graillot@crans.org>
Date: Fri, 8 Jan 2021 14:48:55 +0100
Subject: [PATCH] [bird] Use bird instead of quagga
---
plays/firewall.yml | 22 +++++----
roles/bird/tasks/main.yml | 25 ++++++++++
roles/bird/templates/bird/bird.conf.j2 | 45 ++++++++++++++++++
roles/bird/templates/bird/bird6.conf.j2 | 45 ++++++++++++++++++
roles/quagga/tasks/main.yml | 49 --------------------
roles/quagga/templates/quagga/bgpd.conf.j2 | 16 -------
roles/quagga/templates/quagga/daemons.j2 | 28 -----------
roles/quagga/templates/quagga/debian.conf.j2 | 25 ----------
roles/quagga/templates/quagga/zebra.conf.j2 | 11 -----
9 files changed, 127 insertions(+), 139 deletions(-)
create mode 100644 roles/bird/tasks/main.yml
create mode 100644 roles/bird/templates/bird/bird.conf.j2
create mode 100644 roles/bird/templates/bird/bird6.conf.j2
delete mode 100644 roles/quagga/tasks/main.yml
delete mode 100644 roles/quagga/templates/quagga/bgpd.conf.j2
delete mode 100644 roles/quagga/templates/quagga/daemons.j2
delete mode 100644 roles/quagga/templates/quagga/debian.conf.j2
delete mode 100644 roles/quagga/templates/quagga/zebra.conf.j2
diff --git a/plays/firewall.yml b/plays/firewall.yml
index 0eebfa20..0c24699c 100755
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@@ -38,19 +38,21 @@
roles:
- firewall
-# Deploy BGP server configuration on IPv4 routers
+# Deploy BGP server configuration on routers
- hosts: crans_routeurs
vars:
- zebra:
- password: "{{ vault_zebra_password }}"
bgp:
as: 204515
- router_id_v4: 158.255.113.73
- network_v4: 185.230.76.0/22
- neighbor_v4: 158.255.113.72
- router_id_v6: 138.231.136.200
- network_v6: 2a0c:700::/32
- neighbor_v6: 2001:1b48:2:103::bb:1
remote_as: 8218
+ ipv4:
+ router_id: 158.255.113.73
+ bind_address: 158.255.113.73
+ network: 185.230.76.0/22
+ neighbor: 158.255.113.72
+ ipv6:
+ router_id: 185.230.79.62
+ bind_address: 2001:1b48:2:103::bb:2
+ network: 2a0c:700::/32
+ neighbor: 2001:1b48:2:103::bb:1
roles:
- - quagga
+ - bird
diff --git a/roles/bird/tasks/main.yml b/roles/bird/tasks/main.yml
new file mode 100644
index 00000000..6315e8fc
--- /dev/null
+++ b/roles/bird/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- name: Install BIRD
+ apt:
+ update_cache: true
+ name:
+ - bird
+ register: apt_result
+ retries: 3
+ until: apt_result is succeeded
+
+- name: Deploy bird configuration
+ template:
+ src: bird/bird.conf.j2
+ dest: /etc/bird/bird.conf
+ mode: 0640
+ owner: bird
+ group: bird
+
+- name: Deploy bird6 configuration
+ template:
+ src: bird/bird6.conf.j2
+ dest: /etc/bird/bird6.conf
+ mode: 0640
+ owner: bird
+ group: bird
diff --git a/roles/bird/templates/bird/bird.conf.j2 b/roles/bird/templates/bird/bird.conf.j2
new file mode 100644
index 00000000..ae6cb106
--- /dev/null
+++ b/roles/bird/templates/bird/bird.conf.j2
@@ -0,0 +1,45 @@
+{{ ansible_header | comment }}
+
+# This is a minimal configuration file, which allows the bird daemon to start
+# but will not cause anything else to happen.
+#
+# Please refer to the documentation in the bird-doc package or BIRD User's
+# Guide on http://bird.network.cz/ for more information on configuring BIRD and
+# adding routing protocols.
+
+# Change this into your BIRD router ID. It's a world-wide unique identification
+# of your router, usually one of router's IPv4 addresses.
+router id {{ bgp.ipv4.router_id }};
+
+listen bgp address {{ bgp.ipv4.bind_address }} port 179;
+
+# The Kernel protocol is not a real routing protocol. Instead of communicating
+# with other routers in the network, it performs synchronization of BIRD's
+# routing tables with the OS kernel.
+protocol kernel {
+ persist;
+ scan time 60;
+ import none;
+ export all; # Actually insert routes into the kernel routing table
+}
+
+# The Device protocol is not a real routing protocol. It doesn't generate any
+# routes and it only serves as a module for getting information about network
+# interfaces from the kernel.
+protocol device {
+ scan time 60;
+}
+
+protocol static {
+ route {{ bgp.ipv4.network }} reject;
+}
+
+protocol bgp zayo {
+ local as {{ bgp.as }};
+ neighbor {{ bgp.ipv4.neighbor }} as {{ bgp.remote_as }};
+ import all;
+ export filter {
+ if ( net ~ [ {{ bgp.ipv4.network }} ] ) then accept;
+ reject;
+ };
+}
diff --git a/roles/bird/templates/bird/bird6.conf.j2 b/roles/bird/templates/bird/bird6.conf.j2
new file mode 100644
index 00000000..56aeb1a8
--- /dev/null
+++ b/roles/bird/templates/bird/bird6.conf.j2
@@ -0,0 +1,45 @@
+{{ ansible_header | comment }}
+
+# This is a minimal configuration file, which allows the bird daemon to start
+# but will not cause anything else to happen.
+#
+# Please refer to the documentation in the bird-doc package or BIRD User's
+# Guide on http://bird.network.cz/ for more information on configuring BIRD and
+# adding routing protocols.
+
+# Change this into your BIRD router ID. It's a world-wide unique identification
+# of your router, usually one of router's IPv6 addresses.
+router id {{ bgp.ipv6.router_id }};
+
+listen bgp address {{ bgp.ipv6.bind_address }} port 179;
+
+# The Kernel protocol is not a real routing protocol. Instead of communicating
+# with other routers in the network, it performs synchronization of BIRD's
+# routing tables with the OS kernel.
+protocol kernel {
+ persist;
+ scan time 60;
+ import none;
+ export all; # Actually insert routes into the kernel routing table
+}
+
+# The Device protocol is not a real routing protocol. It doesn't generate any
+# routes and it only serves as a module for getting information about network
+# interfaces from the kernel.
+protocol device {
+ scan time 60;
+}
+
+protocol static {
+ route {{ bgp.ipv6.network }} reject;
+}
+
+protocol bgp zayo {
+ local as {{ bgp.as }};
+ neighbor {{ bgp.ipv6.neighbor }} as {{ bgp.remote_as }};
+ import all;
+ export filter {
+ if ( net ~ [ {{ bgp.ipv6.network }} ] ) then accept;
+ reject;
+ };
+}
diff --git a/roles/quagga/tasks/main.yml b/roles/quagga/tasks/main.yml
deleted file mode 100644
index 42fff5d4..00000000
--- a/roles/quagga/tasks/main.yml
+++ /dev/null
@@ -1,49 +0,0 @@
----
-- name: Install quagga
- apt:
- update_cache: true
- name:
- - quagga
- register: apt_result
- retries: 3
- until: apt_result is succeeded
-
-- name: Create quagga log directory
- file:
- path: /var/log/quagga
- state: directory
- mode: 0755
- owner: quagga
- group: quagga
-
-- name: Deploy quagga daemons configuration
- template:
- src: quagga/daemons.j2
- dest: /etc/quagga/daemons
- mode: 0644
- owner: root
- group: root
-
-- name: Deploy quagga debian configuration
- template:
- src: quagga/debian.conf.j2
- dest: /etc/quagga/debian.conf
- mode: 0640
- owner: quagga
- group: quagga
-
-- name: Deploy quagga bgpd configuration
- template:
- src: quagga/bgpd.conf.j2
- dest: /etc/quagga/bgpd.conf
- mode: 0640
- owner: quagga
- group: quagga
-
-- name: Deploy quagga zabra configuration
- template:
- src: quagga/zebra.conf.j2
- dest: /etc/quagga/zebra.conf
- mode: 0640
- owner: quagga
- group: quagga
diff --git a/roles/quagga/templates/quagga/bgpd.conf.j2 b/roles/quagga/templates/quagga/bgpd.conf.j2
deleted file mode 100644
index 2f5117a0..00000000
--- a/roles/quagga/templates/quagga/bgpd.conf.j2
+++ /dev/null
@@ -1,16 +0,0 @@
-{{ ansible_header | comment(decoration='! ') }}
-!
-router bgp {{ bgp.as }}
- no synchronization
- bgp router-id {{ bgp.router_id_v4 }}
- network {{ bgp.network_v4 }}
- neighbor {{ bgp.neighbor_v4 }} remote-as {{ bgp.remote_as }}
- neighbor {{ bgp.neighbor_v6 }} remote-as {{ bgp.remote_as }}
-!
- address-family ipv6
- network {{ bgp.network_v6 }}
- neighbor {{ bgp.neighbor_v6 }} activate
- exit-address-family
-!
-log file /var/log/quagga/bgpd.log
-log stdout
diff --git a/roles/quagga/templates/quagga/daemons.j2 b/roles/quagga/templates/quagga/daemons.j2
deleted file mode 100644
index 2bc28883..00000000
--- a/roles/quagga/templates/quagga/daemons.j2
+++ /dev/null
@@ -1,28 +0,0 @@
-{{ ansible_header | comment }}
-
-# 2 .. 10 = lower priorities
-# Read /usr/share/doc/quagga/README.Debian for details.
-#
-# Sample configurations for these daemons can be found in
-# /usr/share/doc/quagga/examples/.
-#
-# ATTENTION:
-#
-# When activation a daemon at the first time, a config file, even if it is
-# empty, has to be present *and* be owned by the user and group "quagga", else
-# the daemon will not be started by /etc/init.d/quagga. The permissions should
-# be u=rw,g=r,o=.
-# # When using "vtysh" such a config file is also needed. It should be owned by
-# group "quaggavty" and set to ug=rw,o= though. Check /etc/pam.d/quagga, too.
-#
-# The watchquagga daemon is always started. Per default in monitoring-only but
-# that can be changed via /etc/quagga/debian.conf.
-#
-zebra=yes
-bgpd=yes
-ospfd=no
-ospf6d=no
-ripd=no
-ripngd=no
-isisd=no
-babeld=no
diff --git a/roles/quagga/templates/quagga/debian.conf.j2 b/roles/quagga/templates/quagga/debian.conf.j2
deleted file mode 100644
index 53b24fd1..00000000
--- a/roles/quagga/templates/quagga/debian.conf.j2
+++ /dev/null
@@ -1,25 +0,0 @@
-{{ ansible_header | comment }}
-#
-# If this option is set the /etc/init.d/quagga script automatically loads
-# the config via "vtysh -b" when the servers are started.
-# Check /etc/pam.d/quagga if you intend to use "vtysh"!
-#
-vtysh_enable=yes
-zebra_options=" --daemon -A 127.0.0.1"
-bgpd_options=" --daemon -A 127.0.0.1"
-ospfd_options=" --daemon -A 127.0.0.1"
-ospf6d_options=" --daemon -A ::1"
-ripd_options=" --daemon -A 127.0.0.1"
-ripngd_options=" --daemon -A ::1"
-isisd_options=" --daemon -A 127.0.0.1"
-babeld_options=" --daemon -A 127.0.0.1"
-#
-# Please note that watchquagga_options is an array and not a string so that
-# quotes can be used.
-#
-# The list of daemons to watch is automatically generated by the init script
-# from daemons.conf and appended to the watchquagga_options.
-# Example:
-# watchquagga_options=("-Adz" "-r" '/sbin/service %s restart' -s '/sbin/service %s start' -k '/sbin/service %s stop')
-watchquagga_enable=yes
-watchquagga_options=(--daemon)
diff --git a/roles/quagga/templates/quagga/zebra.conf.j2 b/roles/quagga/templates/quagga/zebra.conf.j2
deleted file mode 100644
index c97c4bb5..00000000
--- a/roles/quagga/templates/quagga/zebra.conf.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-{{ ansible_header | comment(decoration='! ') }}
-
-hostname zebra
-password {{ zebra.password }}
-enable password {{ zebra.password }}
-log file /var/log/quagga/zebra.log
-
-
-interface lo
-
-line vty
--
GitLab