Move Router Advertisements from daemon radvd to bird6

2018-11-09 13:25:26 +01:00 · 2018-11-09 13:25:26 +01:00 · 479f8c3486
commit 479f8c3486
parent cc4b984344
8 changed files with 65 additions and 84 deletions
--- a/roles/service-bird/README.md
+++ b/roles/service-bird/README.md
@ -6,6 +6,7 @@ Diese Ansible role installiert und konfiguriert den bird daemon.
 - aktiviert systemd units bird + bird6
 - schreibt bird.conf + bird6.conf
 - konfiguriert bird für iBGP mit allen anderen FFMWU-Servern
+- konfiguriert Router Advertisements für die Mesh Interfaces

 Im iBGP peeren wir mangels separatem Transfernetz (im Moment) im Mainzer Mesh Netz.

@ -39,6 +40,13 @@ meshes:
    ipv4_network:
    ipv6_ula:
      - # IPv6-ULA Network
+    ipv6_public:
+      - # IPv6-Public Network
+    radvd:
+      maxrtradvinterval: <integer> # seconds
+      advvalidlifetime: <integer> # seconds
+      advpreferredlifetime: <integer> # seconds
+
 ```

 - Host Variable `magic`
--- a/roles/service-bird/tasks/main.yml
+++ b/roles/service-bird/tasks/main.yml
@ -51,6 +51,15 @@
  tags: sync-peers
  notify: reload systemd unit bird6

+- name: write radv.conf
+  template:
+    src: radv.conf.j2
+    dest: /etc/bird/radv.conf
+    mode: 0640
+    owner: bird
+    group: bird
+  notify: reload systemd unit bird6
+
 - name: enable + start systemd units bird + bird6
  systemd:
    name: bird{{ item }}
--- a/roles/service-bird/templates/bird6.conf.j2
+++ b/roles/service-bird/templates/bird6.conf.j2
@ -122,4 +122,7 @@ include "icvpn_ipv6.con?";

 # Include IPv6 FFRL configuration
 include "ffrl_ipv6.con?";
+
+# Include IPv6 Router Advertisement configuration
+include "radv.con?";
 {% endif %}
--- a/roles/service-bird/templates/radv.conf.j2
+++ b/roles/service-bird/templates/radv.conf.j2
@ -0,0 +1,38 @@
+{% for mesh in meshes %}
+protocol radv radv_{{ mesh.id }} {
+	interface "{{ mesh.id }}br" {
+		max ra interval {{ mesh.radvd.maxrtradvinterval }};
+
+{% for prefix in mesh.ipv6_ula %}
+		prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} {
+			valid lifetime {{ mesh.radvd.advvalidlifetime }};
+			preferred lifetime {{ mesh.radvd.advpreferredlifetime }};
+		};
+{% endfor %}
+
+{% for prefix in mesh.ipv6_public %}
+		prefix {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} {
+			valid lifetime {{ mesh.radvd.advvalidlifetime }};
+			preferred lifetime {{ mesh.radvd.advpreferredlifetime }};
+		};
+{% endfor %}
+
+		rdnss {
+{% for prefix in mesh.ipv6_ula %}
+			ns {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }};
+{% endfor %}
+		};
+
+		dnssl {
+{% for dnssl in mesh.dnssl %}
+			domain "{{ dnssl }}";
+{% endfor %}
+		};
+
+		link mtu {{ mesh.iface_mtu }};
+	};
+}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}
--- a/roles/service-radvd/README.md
+++ b/roles/service-radvd/README.md
@ -1,24 +1,3 @@
 # Ansible role service-radvd

-Diese Ansible role installiert und konfiguriert den radvd daemon.
-
- installiert radvd
- aktiviert systemd unit
- schreibt radvd.conf
-
-## Benötigte Variablen
-
- Dictionary `meshes`
-
-```
-meshes:
-  - id: xx
-...
-    ipv6_ula:
-      - # ULA-Prefix - String
-    ipv6_public:
-      - # Public-Prefix - String
-    iface_mtu: # Integer
-```
-
- Host Variable `magic`
+Diese Ansible role entfernt den zuvor genutzten radvd.
--- a/roles/service-radvd/handlers/main.yml
+++ b/roles/service-radvd/handlers/main.yml
@ -1,5 +0,0 @@
---
- name: restart systemd unit radvd
-  systemd:
-    name: radvd
-    state: restarted
--- a/roles/service-radvd/tasks/main.yml
+++ b/roles/service-radvd/tasks/main.yml
@ -1,17 +1,10 @@
 ---
- name: install radvd packages
+- name: ensure radvd is not installed
  package:
    name: radvd
-    state: present
+    state: absent

- name: configure radvd
-  template:
-    src: radvd.conf.j2
-    dest: /etc/radvd.conf
-  notify: restart systemd unit radvd
-
- name: enable systemd unit radvd
-  systemd:
-    name: radvd
-    enabled: yes
-    state: started
+- name: remove radvd config file
+  file:
+    path: /etc/radvd.conf
+    state: absent
--- a/roles/service-radvd/templates/radvd.conf.j2
+++ b/roles/service-radvd/templates/radvd.conf.j2
@ -1,44 +0,0 @@
-
-#
-# {{ ansible_managed }}
-#
-{% for mesh in meshes %}
-interface {{ mesh.id }}br
-{
-	AdvSendAdvert on;
-	IgnoreIfMissing on;
-	MaxRtrAdvInterval {{ mesh.radvd.maxrtradvinterval }};
-	AdvLinkMTU {{ mesh.iface_mtu }};
-
-	RDNSS {% for prefix in mesh.ipv6_ula %}{{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}
-{% endfor %}
-	{
-		FlushRDNSS off;
-	};
-
-{% for prefix in mesh.ipv6_ula %}
-	prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }}
-	{
-		AdvValidLifetime {{ mesh.radvd.advvalidlifetime }};
-		AdvPreferredLifetime {{ mesh.radvd.advpreferredlifetime }};
-	};
-{% if not loop.last %}
-
-{% endif %}
-{% endfor %}
-
-{% for prefix in mesh.ipv6_public %}
-	prefix {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }}
-	{
-		AdvValidLifetime {{ mesh.radvd.advvalidlifetime }};
-		AdvPreferredLifetime {{ mesh.radvd.advpreferredlifetime }};
-	};
-{% if not loop.last %}
-
-{% endif %}
-{% endfor %}
-};
-{% if not loop.last %}
-
-{% endif %}
-{% endfor %}