diff --git a/roles/service-bird/README.md b/roles/service-bird/README.md index 6f78f03..0b29b23 100644 --- a/roles/service-bird/README.md +++ b/roles/service-bird/README.md @@ -6,6 +6,7 @@ Diese Ansible role installiert und konfiguriert den bird daemon. - aktiviert systemd units bird + bird6 - schreibt bird.conf + bird6.conf - konfiguriert bird für iBGP mit allen anderen FFMWU-Servern +- konfiguriert Router Advertisements für die Mesh Interfaces Im iBGP peeren wir mangels separatem Transfernetz (im Moment) im Mainzer Mesh Netz. @@ -39,6 +40,13 @@ meshes: ipv4_network: ipv6_ula: - # IPv6-ULA Network + ipv6_public: + - # IPv6-Public Network + radvd: + maxrtradvinterval: # seconds + advvalidlifetime: # seconds + advpreferredlifetime: # seconds + ``` - Host Variable `magic` diff --git a/roles/service-bird/tasks/main.yml b/roles/service-bird/tasks/main.yml index 70b0df5..7b5012c 100644 --- a/roles/service-bird/tasks/main.yml +++ b/roles/service-bird/tasks/main.yml @@ -51,6 +51,15 @@ tags: sync-peers notify: reload systemd unit bird6 +- name: write radv.conf + template: + src: radv.conf.j2 + dest: /etc/bird/radv.conf + mode: 0640 + owner: bird + group: bird + notify: reload systemd unit bird6 + - name: enable + start systemd units bird + bird6 systemd: name: bird{{ item }} diff --git a/roles/service-bird/templates/bird6.conf.j2 b/roles/service-bird/templates/bird6.conf.j2 index 61f7692..37d6580 100644 --- a/roles/service-bird/templates/bird6.conf.j2 +++ b/roles/service-bird/templates/bird6.conf.j2 @@ -122,4 +122,7 @@ include "icvpn_ipv6.con?"; # Include IPv6 FFRL configuration include "ffrl_ipv6.con?"; + +# Include IPv6 Router Advertisement configuration +include "radv.con?"; {% endif %} diff --git a/roles/service-bird/templates/radv.conf.j2 b/roles/service-bird/templates/radv.conf.j2 new file mode 100644 index 0000000..153cab4 --- /dev/null +++ b/roles/service-bird/templates/radv.conf.j2 @@ -0,0 +1,38 @@ +{% for mesh in meshes %} +protocol radv radv_{{ mesh.id }} { + interface "{{ mesh.id }}br" { + max ra interval {{ mesh.radvd.maxrtradvinterval }}; + +{% for prefix in mesh.ipv6_ula %} + prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} { + valid lifetime {{ mesh.radvd.advvalidlifetime }}; + preferred lifetime {{ mesh.radvd.advpreferredlifetime }}; + }; +{% endfor %} + +{% for prefix in mesh.ipv6_public %} + prefix {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} { + valid lifetime {{ mesh.radvd.advvalidlifetime }}; + preferred lifetime {{ mesh.radvd.advpreferredlifetime }}; + }; +{% endfor %} + + rdnss { +{% for prefix in mesh.ipv6_ula %} + ns {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}; +{% endfor %} + }; + + dnssl { +{% for dnssl in mesh.dnssl %} + domain "{{ dnssl }}"; +{% endfor %} + }; + + link mtu {{ mesh.iface_mtu }}; + }; +} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/roles/service-radvd/README.md b/roles/service-radvd/README.md index 47c7a9e..dff37b7 100644 --- a/roles/service-radvd/README.md +++ b/roles/service-radvd/README.md @@ -1,24 +1,3 @@ # Ansible role service-radvd -Diese Ansible role installiert und konfiguriert den radvd daemon. - -- installiert radvd -- aktiviert systemd unit -- schreibt radvd.conf - -## Benötigte Variablen - -- Dictionary `meshes` - -``` -meshes: - - id: xx -... - ipv6_ula: - - # ULA-Prefix - String - ipv6_public: - - # Public-Prefix - String - iface_mtu: # Integer -``` - -- Host Variable `magic` +Diese Ansible role entfernt den zuvor genutzten radvd. diff --git a/roles/service-radvd/handlers/main.yml b/roles/service-radvd/handlers/main.yml deleted file mode 100644 index a534dd6..0000000 --- a/roles/service-radvd/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart systemd unit radvd - systemd: - name: radvd - state: restarted diff --git a/roles/service-radvd/tasks/main.yml b/roles/service-radvd/tasks/main.yml index feeb46d..a999afe 100644 --- a/roles/service-radvd/tasks/main.yml +++ b/roles/service-radvd/tasks/main.yml @@ -1,17 +1,10 @@ --- -- name: install radvd packages +- name: ensure radvd is not installed package: name: radvd - state: present + state: absent -- name: configure radvd - template: - src: radvd.conf.j2 - dest: /etc/radvd.conf - notify: restart systemd unit radvd - -- name: enable systemd unit radvd - systemd: - name: radvd - enabled: yes - state: started +- name: remove radvd config file + file: + path: /etc/radvd.conf + state: absent diff --git a/roles/service-radvd/templates/radvd.conf.j2 b/roles/service-radvd/templates/radvd.conf.j2 deleted file mode 100644 index e38b42a..0000000 --- a/roles/service-radvd/templates/radvd.conf.j2 +++ /dev/null @@ -1,44 +0,0 @@ - -# -# {{ ansible_managed }} -# -{% for mesh in meshes %} -interface {{ mesh.id }}br -{ - AdvSendAdvert on; - IgnoreIfMissing on; - MaxRtrAdvInterval {{ mesh.radvd.maxrtradvinterval }}; - AdvLinkMTU {{ mesh.iface_mtu }}; - - RDNSS {% for prefix in mesh.ipv6_ula %}{{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }} -{% endfor %} - { - FlushRDNSS off; - }; - -{% for prefix in mesh.ipv6_ula %} - prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} - { - AdvValidLifetime {{ mesh.radvd.advvalidlifetime }}; - AdvPreferredLifetime {{ mesh.radvd.advpreferredlifetime }}; - }; -{% if not loop.last %} - -{% endif %} -{% endfor %} - -{% for prefix in mesh.ipv6_public %} - prefix {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} - { - AdvValidLifetime {{ mesh.radvd.advvalidlifetime }}; - AdvPreferredLifetime {{ mesh.radvd.advpreferredlifetime }}; - }; -{% if not loop.last %} - -{% endif %} -{% endfor %} -}; -{% if not loop.last %} - -{% endif %} -{% endfor %}