From 34243f83cd6ac42814b10eb2c9f020370ac69149 Mon Sep 17 00:00:00 2001
From: shirenn & esum <shirenn@crans.org>
Date: Mon, 6 Jun 2022 20:27:32 +0200
Subject: [PATCH] [bird2] Now using bird2
---
.../routeur-daniel.adm.crans.org/bird.yml | 105 ++++++++----------
host_vars/routeur-sam.adm.crans.org/bird.yml | 105 ++++++++----------
plays/bird.yml | 2 +-
roles/bird/tasks/main.yml | 57 ++++++----
roles/bird2/handlers/main.yml | 19 ++++
roles/bird2/tasks/main.yml | 25 +++++
roles/bird2/templates/bird/bird.conf.j2 | 91 +++++++++++++++
7 files changed, 263 insertions(+), 141 deletions(-)
create mode 100644 roles/bird2/handlers/main.yml
create mode 100644 roles/bird2/tasks/main.yml
create mode 100644 roles/bird2/templates/bird/bird.conf.j2
diff --git a/host_vars/routeur-daniel.adm.crans.org/bird.yml b/host_vars/routeur-daniel.adm.crans.org/bird.yml
index fd948648..ba338177 100644
--- a/host_vars/routeur-daniel.adm.crans.org/bird.yml
+++ b/host_vars/routeur-daniel.adm.crans.org/bird.yml
@@ -1,60 +1,49 @@
---
loc_bird:
- ipv4:
- id: 185.230.79.253
- binds:
- - 138.195.159.250
- - 185.230.79.253
- statics:
- - 185.230.76.0/22
- kernel_filter:
- - 185.230.78.0/24
- bgps:
- - name: viarezo
- allow_local_as: 1
- local:
- as: 204515
- address: 138.195.159.250
- remote:
- as: 212424
- address: 138.195.159.249
- allow_export_prefixes:
- - 185.230.76.0/22+
- - name: aurore
- allow_local_as: 1
- local:
- as: 204515
- address: 185.230.79.253
- remote:
- as: 43619
- address: 185.230.79.254
- allow_export_prefixes:
- - 185.230.76.0/22+
- ipv6:
- id: 185.230.79.253
- binds:
- - 2a0c:b641:2f3::2
- - 2a0c:700:28::1
- statics:
- - 2a0c:700::/32
- bgps:
- - name: viarezo
- allow_local_as: 1
- local:
- as: 204515
- address: 2a0c:b641:2f3::2
- remote:
- as: 212424
- address: 2a0c:b641:2f3::1
- allow_export_prefixes:
- - 2a0c:700::/32+
- - name: aurore
- allow_local_as: 1
- local:
- as: 204515
- address: 2a0c:700:28::1
- remote:
- as: 43619
- address: 2a0c:700:28::2
- allow_export_prefixes:
- - 2a0c:700::/32+
+ id: 185.230.79.253
+ asn:
+ crans: 204515
+ aurore: 43619
+ viarezo: 212424
+ static:
+ ipv4:
+ - route 185.230.76.0/22 unreachable
+ ipv6:
+ - route 2a0c:700::/32 unreachable
+ bgp:
+ - name: aurore4
+ description: "BGP4 session with aurore"
+ local:
+ asn: crans
+ addr: 185.230.79.253
+ neighbor:
+ asn: aurore
+ addr: 185.230.79.254
+ ipv4: true
+ - name: aurore6
+ description: "BGP6 session with aurore"
+ local:
+ asn: crans
+ addr: 2a0c:700:28::1
+ neighbor:
+ asn: aurore
+ addr: 2a0c:700:28::2
+ ipv6: true
+ - name: viarezo4
+ description: "BGP4 session with viarezo"
+ local:
+ asn: crans
+ addr: 138.195.159.250
+ neighbor:
+ asn: viarezo
+ addr: 138.195.159.249
+ ipv4: true
+ - name: viarezo6
+ description: "BGP6 session with viarezo"
+ local:
+ asn: crans
+ addr: 2a0c:b641:2f3::2
+ neighbor:
+ asn: viarezo
+ addr: 2a0c:b641:2f3::1
+ ipv6: true
diff --git a/host_vars/routeur-sam.adm.crans.org/bird.yml b/host_vars/routeur-sam.adm.crans.org/bird.yml
index fd948648..ba338177 100644
--- a/host_vars/routeur-sam.adm.crans.org/bird.yml
+++ b/host_vars/routeur-sam.adm.crans.org/bird.yml
@@ -1,60 +1,49 @@
---
loc_bird:
- ipv4:
- id: 185.230.79.253
- binds:
- - 138.195.159.250
- - 185.230.79.253
- statics:
- - 185.230.76.0/22
- kernel_filter:
- - 185.230.78.0/24
- bgps:
- - name: viarezo
- allow_local_as: 1
- local:
- as: 204515
- address: 138.195.159.250
- remote:
- as: 212424
- address: 138.195.159.249
- allow_export_prefixes:
- - 185.230.76.0/22+
- - name: aurore
- allow_local_as: 1
- local:
- as: 204515
- address: 185.230.79.253
- remote:
- as: 43619
- address: 185.230.79.254
- allow_export_prefixes:
- - 185.230.76.0/22+
- ipv6:
- id: 185.230.79.253
- binds:
- - 2a0c:b641:2f3::2
- - 2a0c:700:28::1
- statics:
- - 2a0c:700::/32
- bgps:
- - name: viarezo
- allow_local_as: 1
- local:
- as: 204515
- address: 2a0c:b641:2f3::2
- remote:
- as: 212424
- address: 2a0c:b641:2f3::1
- allow_export_prefixes:
- - 2a0c:700::/32+
- - name: aurore
- allow_local_as: 1
- local:
- as: 204515
- address: 2a0c:700:28::1
- remote:
- as: 43619
- address: 2a0c:700:28::2
- allow_export_prefixes:
- - 2a0c:700::/32+
+ id: 185.230.79.253
+ asn:
+ crans: 204515
+ aurore: 43619
+ viarezo: 212424
+ static:
+ ipv4:
+ - route 185.230.76.0/22 unreachable
+ ipv6:
+ - route 2a0c:700::/32 unreachable
+ bgp:
+ - name: aurore4
+ description: "BGP4 session with aurore"
+ local:
+ asn: crans
+ addr: 185.230.79.253
+ neighbor:
+ asn: aurore
+ addr: 185.230.79.254
+ ipv4: true
+ - name: aurore6
+ description: "BGP6 session with aurore"
+ local:
+ asn: crans
+ addr: 2a0c:700:28::1
+ neighbor:
+ asn: aurore
+ addr: 2a0c:700:28::2
+ ipv6: true
+ - name: viarezo4
+ description: "BGP4 session with viarezo"
+ local:
+ asn: crans
+ addr: 138.195.159.250
+ neighbor:
+ asn: viarezo
+ addr: 138.195.159.249
+ ipv4: true
+ - name: viarezo6
+ description: "BGP6 session with viarezo"
+ local:
+ asn: crans
+ addr: 2a0c:b641:2f3::2
+ neighbor:
+ asn: viarezo
+ addr: 2a0c:b641:2f3::1
+ ipv6: true
diff --git a/plays/bird.yml b/plays/bird.yml
index 7aac98f5..9ab5fcc7 100755
--- a/plays/bird.yml
+++ b/plays/bird.yml
@@ -4,4 +4,4 @@
vars:
bird: '{{ glob_bird | default({}) | combine(loc_bird | default({})) }}'
roles:
- - bird
+ - bird2
diff --git a/roles/bird/tasks/main.yml b/roles/bird/tasks/main.yml
index 60c4dce1..86f81bf4 100644
--- a/roles/bird/tasks/main.yml
+++ b/roles/bird/tasks/main.yml
@@ -1,27 +1,36 @@
---
-- name: Install BIRD
- apt:
- update_cache: true
- name:
- - bird
- register: apt_result
- retries: 3
- until: apt_result is succeeded
+- name: PLEASE STOP
+ pause:
+ prompt: "{{ item }}"
+ loop:
+ - APPUIE SUR ^C TOUT DE SUITE ET LANCE LE RÔLE BIRD2 !
+ - NAN MAIS VRAIMENT
+ - GENRE ARRÈTE
+ - ON T'AURA PRÉVENU
-- name: Deploy bird configuration
- template:
- src: bird/bird.conf.j2
- dest: /etc/bird/bird.conf
- mode: 0640
- owner: bird
- group: bird
- notify: reload bird
+#- name: Install BIRD
+# apt:
+# update_cache: true
+# name:
+# - bird
+# register: apt_result
+# retries: 3
+# until: apt_result is succeeded
-- name: Deploy bird6 configuration
- template:
- src: bird/bird6.conf.j2
- dest: /etc/bird/bird6.conf
- mode: 0640
- owner: bird
- group: bird
- notify: reload bird6
+#- name: Deploy bird configuration
+# template:
+# src: bird/bird.conf.j2
+# dest: /etc/bird/bird.conf
+# mode: 0640
+# owner: bird
+# group: bird
+# notify: reload bird
+
+#- name: Deploy bird6 configuration
+# template:
+# src: bird/bird6.conf.j2
+# dest: /etc/bird/bird6.conf
+# mode: 0640
+# owner: bird
+# group: bird
+# notify: reload bird6
diff --git a/roles/bird2/handlers/main.yml b/roles/bird2/handlers/main.yml
new file mode 100644
index 00000000..a14ba0cc
--- /dev/null
+++ b/roles/bird2/handlers/main.yml
@@ -0,0 +1,19 @@
+---
+- name: systemctl status bird.service
+ service_facts:
+ listen: 'systemctl reload bird.service'
+
+- name: systemctl reload bird.service
+ pause:
+ prompt: |-
+ On a préféré ne pas redemarrer bird automatiquement.
+ Du coup, c'est à toi de t'en occuper:
+ - si tu as modifié quelque chose qui forcera le logiciel à ouvrir (ou fermer) un nouveau socket, tu dois le restart
+ - sinon tu peux te contenter de le reload
+ Quand c'est fait appuie sur ENTRÉE
+ when: not ansible_check_mode and ansible_facts.services['bird']['state'] == 'running'
+
+- name: systemctl stop bird.service
+ systemd:
+ name: bird.service
+ state: stopped
diff --git a/roles/bird2/tasks/main.yml b/roles/bird2/tasks/main.yml
new file mode 100644
index 00000000..90013d25
--- /dev/null
+++ b/roles/bird2/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- name: Install BIRD2
+ apt:
+ update_cache: true
+ name:
+ - bird2
+ register: apt_result
+ retries: 3
+ until: apt_result is succeeded
+ notify: systemctl stop bird.service
+
+- name: systemctl disable bird.service
+ systemd:
+ name: bird.service
+ enabled: false
+
+- name: Deploy bird configuration
+ template:
+ src: bird/bird.conf.j2
+ dest: /etc/bird/bird.conf
+ mode: 0640
+ owner: bird
+ group: bird
+ notify: systemctl reload bird.service
+
diff --git a/roles/bird2/templates/bird/bird.conf.j2 b/roles/bird2/templates/bird/bird.conf.j2
new file mode 100644
index 00000000..56b2dc10
--- /dev/null
+++ b/roles/bird2/templates/bird/bird.conf.j2
@@ -0,0 +1,91 @@
+{{ ansible_header | comment }}
+
+# This is a basic configuration file, which contains boilerplate options and
+# some basic examples. It allows the BIRD daemon to start but will not cause
+# anything else to happen.
+#
+# Please refer to the BIRD User's Guide documentation, which is also available
+# online at http://bird.network.cz/ in HTML format, for more information on
+# configuring BIRD and adding routing protocols.
+
+# Configure logging
+log syslog all;
+
+# Set router ID. It is a unique identification of your router, usually one of
+# IPv4 addresses of the router. It is recommended to configure it explicitly.
+router id {{ bird.id }};
+
+# Turn on global debugging of all protocols (all messages or just selected classes)
+# debug protocols all;
+
+# +----------------------+
+# | CONSTANT DEFINITIONS |
+# +----------------------+
+{% for key,value in bird.asn.items() %}
+define {{ key }}_asn = {{ value }};
+{% endfor %}
+
+# +---------------+
+# | NOT PROTOCOLS |
+# +---------------+
+# The Device protocol is not a real routing protocol. It does not generate any
+# routes and it only serves as a module for getting information about network
+# interfaces from the kernel. It is necessary in almost any configuration.
+protocol device {}
+
+# The Kernel protocol is not a real routing protocol. Instead of communicating
+# with other routers in the network, it performs synchronization of BIRD
+# routing tables with the OS kernel. One instance per table.
+protocol kernel {
+ ipv4 {
+ import none;
+ export all;
+ };
+}
+
+protocol kernel {
+ ipv6 {
+ import none;
+ export all;
+ };
+}
+
+protocol static {
+ ipv4;
+{% for route in bird.static.ipv4 %}
+ {{ route }};
+{% endfor %}
+}
+
+protocol static {
+ ipv6;
+{% for route in bird.static.ipv6 %}
+ {{ route }};
+{% endfor %}
+}
+
+# +---------------+
+# | BGP PROTOCOLS |
+# +---------------+
+{% for protocol in bird.bgp %}
+protocol bgp {{ protocol.name }} {
+ description "{{ protocol.description }}";
+ local {{ protocol.local.addr }} as {{ protocol.local.asn }}_asn;
+ neighbor {{ protocol.neighbor.addr }} as {{ protocol.neighbor.asn }}_asn;
+ strict bind;
+{% if protocol.ipv4 is defined and protocol.ipv4 %}
+
+ ipv4 {
+ import all;
+ export where source ~ [ RTS_STATIC ];
+ };
+{% endif %}{% if protocol.ipv6 is defined and protocol.ipv6 %}
+
+ ipv6 {
+ import all;
+ export where source ~ [ RTS_STATIC ];
+ };
+{% endif %}
+}
+
+{% endfor %}
--
GitLab