mans/as205079-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Automatically create wireguard and ibgp mesh between nodes #1

Merged
mans merged 3 commits from new-automation into main 2025-11-09 13:31:40 +00:00
Conversation 0 Commits 3 Files Changed 13 +185 -78
9 changed files with 185 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 4a003c36c9 - Show all commits

12
ansible/config/common.yaml
View File

@@ -15,27 +15,33 @@ ospf:
- "2a02:898:424::/48+" # ColoClue space - "2a02:898:424::/48+" # ColoClue space
routers: routers:
"rtr1.nlams1": "rtr1nlams1":
fqdn: rtr1.nlams1.as205079.net fqdn: rtr1.nlams1.as205079.net
ipv4: 94.142.240.55 ipv4: 94.142.240.55
ipv6: 2001:678:10ec:2201::1 ipv6: 2001:678:10ec:2201::1
gre_mtu: 1476
gre_ll: "fe80::2050:79:2"
site_name: "NLAMS1" site_name: "NLAMS1"
site_id: 2 site_id: 2
graceful_shutdown: false graceful_shutdown: false
maintenance_mode: false maintenance_mode: false
"rtr1.nlape1": "rtr1nlape1":
fqdn: rtr1.nlape1.as205079.net fqdn: rtr1.nlape1.as205079.net
ipv4: 194.28.98.155 ipv4: 194.28.98.155
ipv6: 2001:678:10ec:3201::1 ipv6: 2001:678:10ec:3201::1
gre_mtu: 1476
gre_ll: "fe80::2050:79:3"
site_name: "NLAPE1" site_name: "NLAPE1"
site_id: 3 site_id: 3
graceful_shutdown: false graceful_shutdown: false
maintenance_mode: false maintenance_mode: false
"rtr1.nlwie1": "rtr1nlwie1":
fqdn: rtr1.nlwie1.as205079.net fqdn: rtr1.nlwie1.as205079.net
pub_ipv4: 86.94.191.237 pub_ipv4: 86.94.191.237
ipv4: 10.20.10.23 # router is behind NAT ipv4: 10.20.10.23 # router is behind NAT
ipv6: 2001:678:10ec:1201::1 ipv6: 2001:678:10ec:1201::1
gre_mtu: 1468
gre_ll: "fe80::2050:79:1"
site_name: "NLWIE1" site_name: "NLWIE1"
site_id: 1 site_id: 1
graceful_shutdown: false graceful_shutdown: false

40
ansible/config/rtr1.nlams1.as205079.net.yaml
View File

@@ -1,6 +1,4 @@
location: shortname: rtr1nlams1
code: "NLAMS1"
site_id: "2"
ipv6: ipv6:
primary: "2001:0678:10ec:2201::1" primary: "2001:0678:10ec:2201::1"
@@ -18,29 +16,27 @@ routes:
- "2001:678:10ec::/48" # My space - "2001:678:10ec::/48" # My space
- "2a02:898:424::/48" # ColoClue space - "2a02:898:424::/48" # ColoClue space
# dummy_interfaces: {} # gre:
# tunnels:
gre: # - name: "INT-RTR1NLAPE1"
tunnels: # remote_endpoint: 194.28.98.155
- name: "INT-RTR1NLAPE1" # local_endpoint: 94.142.240.55
remote_endpoint: 194.28.98.155 # local_ipv6: 2001:678:10ec:20e::1/64
local_endpoint: 94.142.240.55 # ttl: 255
local_ipv6: 2001:678:10ec:20e::1/64 # mtu: 1476
ttl: 255 # - name: "INT-RTR1NLWIE1"
mtu: 1476 # remote_endpoint: 86.94.191.237
- name: "INT-RTR1NLWIE1" # local_endpoint: 94.142.240.55
remote_endpoint: 86.94.191.237 # local_ipv6: 2001:678:10ec:20d::1/64
local_endpoint: 94.142.240.55 # ttl: 255
local_ipv6: 2001:678:10ec:20d::1/64 # mtu: 1468
ttl: 255
mtu: 1468
interfaces: interfaces:
- nic: "loop0" - nic: "loop0"
description: "Loopback interface" description: "Loopback interface"
stub: true stub: true
- nic: "INT-RTR1NLAPE1" - nic: "int-rtr1nlape1"
- nic: "INT-RTR1NLWIE1" - nic: "int-rtr1nlwie1"
- nic: "vmbr1" - nic: "vmbr1"
description: "NLAMS1 Servers" description: "NLAMS1 Servers"
stub: true stub: true
@@ -72,8 +68,6 @@ peers:
import: "RIPE::AS212855:AS-LUJE" import: "RIPE::AS212855:AS-LUJE"
export: "RIPE::AS205079:AS-MANS" export: "RIPE::AS205079:AS-MANS"
peer_ipv6: "2a02:898:0:20::427:1" peer_ipv6: "2a02:898:0:20::427:1"
internal_peers: internal_peers:
- name: "RTR1APE1" - name: "RTR1APE1"
ip: "2001:678:10ec:3201::1" ip: "2001:678:10ec:3201::1"

32
ansible/config/rtr1.nlape1.as205079.net.yaml
View File

@@ -1,6 +1,4 @@
location: shortname: rtr1nlape1
code: "NLAPE1"
site_id: "3"
ipv6: ipv6:
primary: "2001:0678:10ec:3201::1" primary: "2001:0678:10ec:3201::1"
@@ -15,18 +13,18 @@ routes:
gre: gre:
tunnels: tunnels:
- name: "INT-RTR1NLWIE1" # - name: "INT-RTR1NLWIE1"
remote_endpoint: 86.94.191.237 # remote_endpoint: 86.94.191.237
local_endpoint: 194.28.98.155 # local_endpoint: 194.28.98.155
local_ipv6: 2001:678:10ec:20f:0:0:0:1/112 # local_ipv6: 2001:678:10ec:20f:0:0:0:1/112
ttl: 255 # ttl: 255
mtu: 1468 # mtu: 1468
- name: "INT-RTR1NLAMS1" # - name: "INT-RTR1NLAMS1"
remote_endpoint: 94.142.240.55 # remote_endpoint: 94.142.240.55
local_endpoint: 194.28.98.155 # local_endpoint: 194.28.98.155
local_ipv6: 2001:678:10ec:20e::2/64 # local_ipv6: 2001:678:10ec:20e::2/64
ttl: 255 # ttl: 255
mtu: 1476 # mtu: 1476
- name: "ROUTE64-AMS1" - name: "ROUTE64-AMS1"
remote_endpoint: 118.91.187.67 remote_endpoint: 118.91.187.67
local_endpoint: 194.28.98.155 local_endpoint: 194.28.98.155
@@ -92,8 +90,8 @@ interfaces:
- nic: "ens19" - nic: "ens19"
description: "To Loc-IX" description: "To Loc-IX"
stub: true stub: true
- nic: "INT-RTR1NLWIE1" - nic: "int-rtr1nlwie1"
- nic: "INT-RTR1NLAMS1" - nic: "int-rtr1nlams1"
rpki: rpki:
run_routinator: true run_routinator: true

36
ansible/config/rtr1.nlwie1.as205079.net.yaml
View File

@@ -1,6 +1,4 @@
location: shortname: rtr1nlwie1
code: "NLWIE1"
site_id: "1"
ipv6: ipv6:
primary: "2001:0678:10ec:1201::1" primary: "2001:0678:10ec:1201::1"
@@ -13,20 +11,20 @@ routes:
6: 6:
- "2001:678:10ec::/48" - "2001:678:10ec::/48"
gre: # gre:
tunnels: # tunnels:
- name: "INT-RTR1NLAPE1" # - name: "INT-RTR1NLAPE1"
remote_endpoint: 194.28.98.155 # remote_endpoint: 194.28.98.155
local_endpoint: 10.20.10.23 # local_endpoint: 10.20.10.23
local_ipv6: 2001:678:10ec:20f:0:0:0:2/112 # local_ipv6: 2001:678:10ec:20f:0:0:0:2/112
ttl: 255 # ttl: 255
mtu: 1468 # mtu: 1468
- name: "INT-RTR1NLAMS1" # - name: "INT-RTR1NLAMS1"
remote_endpoint: 94.142.240.55 # remote_endpoint: 94.142.240.55
local_endpoint: 10.20.10.23 # local_endpoint: 10.20.10.23
local_ipv6: 2001:678:10ec:20d::2/64 # local_ipv6: 2001:678:10ec:20d::2/64
ttl: 255 # ttl: 255
mtu: 1468 # mtu: 1468
interfaces: interfaces:
- nic: "loop0" - nic: "loop0"
@@ -37,8 +35,8 @@ interfaces:
- nic: "eth1" - nic: "eth1"
description: "nlwie1 servers" description: "nlwie1 servers"
stub: true stub: true
- nic: "INT-RTR1NLAPE1" - nic: "int-rtr1nlape1"
- nic: "INT-RTR1NLAMS1" - nic: "int-rtr1nlams1"
- nic: "wg0" - nic: "wg0"
description: "wireguard remote" description: "wireguard remote"
stub: true stub: true

2
ansible/playbook.yaml
View File

@@ -7,7 +7,7 @@
roles: roles:
# - base # - base
# - sysctl # - sysctl
- dummy-interfaces # - dummy-interfaces
- gre - gre
# - routinator # - routinator
- bird2 - bird2

5
ansible/roles/gre/handlers/main.yaml
View File

@@ -3,8 +3,3 @@
cmd: "ifreload -a" cmd: "ifreload -a"
register: ifreload_result register: ifreload_result
changed_when: ifreload_result.stdout != "" and "Reloading" in ifreload_result.stdout changed_when: ifreload_result.stdout != "" and "Reloading" in ifreload_result.stdout
- name: "Restart networking"
ansible.builtin.systemd:
name: networking
state: restarted

10
ansible/roles/gre/tasks/main.yaml
View File

@@ -1,4 +1,12 @@
- name: "Ensure gre interfaces are present" - name: "Ensure internal gre interfaces are present"
ansible.builtin.template:
src: internal_gre_interfaces.j2
dest: /etc/network/interfaces.d/internal_gre_interfaces
mode: "0644"
notify:
- "Reload networking"
- name: "Ensure extra gre interfaces are present"
ansible.builtin.template: ansible.builtin.template:
src: gre_interface.j2 src: gre_interface.j2
dest: /etc/network/interfaces.d/{{ item.name }} dest: /etc/network/interfaces.d/{{ item.name }}

11
ansible/roles/gre/templates/internal_gre_interfaces.j2 Normal file
View File

@@ -0,0 +1,11 @@
{%- for router in routers if not router == shortname %}
auto int-{{ router }}
iface int-{{ router }} inet6 static
pre-up ip tunnel add int-{{ router }} mode gre remote {{ routers[router]['pub_ipv4'] | default(routers[router]['ipv4']) }} local {{ routers[shortname]['ipv4'] }} ttl 255
pre-up ip addr add {{ routers[shortname]['gre_ll'] }}/64 dev int-{{ router }}
up ip link set dev int-{{ router }} up
# up ip link set int-{{ router }} mtu {{ routers[router]['gre_mtu'] }}
up ip link set dev int-{{ router }} mtu 1468
post-down ip tunnel del int-{{ router }}
{% endfor %}