From 6085067c2b0db0f797da90f9471d8095184a9f04 Mon Sep 17 00:00:00 2001
From: Aleksandr Kurbatov <aleksandr.kurbatov@GL1342-AKURBATOV.local>
Date: Thu, 29 Aug 2024 18:12:45 +0100
Subject: [PATCH] cflowd must use `system` as source interface

---
 .../templates/routers/nokia/pe_base_config.j2          |  1 +
 .../routers/nokia/system/security/security.j2          |  8 ++++++++
 .../routers/nokia/system/security/source_addresses.j2  | 10 ++++++++++
 3 files changed, 19 insertions(+)
 create mode 100644 geant/gap_ansible/roles/promote_p_to_pe/templates/routers/nokia/system/security/security.j2
 create mode 100644 geant/gap_ansible/roles/promote_p_to_pe/templates/routers/nokia/system/security/source_addresses.j2

diff --git a/geant/gap_ansible/roles/promote_p_to_pe/templates/routers/nokia/pe_base_config.j2 b/geant/gap_ansible/roles/promote_p_to_pe/templates/routers/nokia/pe_base_config.j2
index c3c587bb..36365193 100644
--- a/geant/gap_ansible/roles/promote_p_to_pe/templates/routers/nokia/pe_base_config.j2
+++ b/geant/gap_ansible/roles/promote_p_to_pe/templates/routers/nokia/pe_base_config.j2
@@ -5,6 +5,7 @@
        {% include 'filters/cpm_filters.j2' %}
        {% include 'policy_options/policy_options.j2' %}
        {% include 'cflowd.j2' %}
+       {% include 'system/security/security.j2' %}
        {% include 'router/router_base.j2' %}
        {% include 'sdp_mesh.j2' %}
    </configure>
diff --git a/geant/gap_ansible/roles/promote_p_to_pe/templates/routers/nokia/system/security/security.j2 b/geant/gap_ansible/roles/promote_p_to_pe/templates/routers/nokia/system/security/security.j2
new file mode 100644
index 00000000..431bf1e1
--- /dev/null
+++ b/geant/gap_ansible/roles/promote_p_to_pe/templates/routers/nokia/system/security/security.j2
@@ -0,0 +1,8 @@
+
+    <system>
+      <security>
+      {% with nokia_applications=pe_nokia_applications %}
+        {% include 'system/security/source_addresses.j2' %}
+      {% endwith %}
+      </security>
+    </system>
diff --git a/geant/gap_ansible/roles/promote_p_to_pe/templates/routers/nokia/system/security/source_addresses.j2 b/geant/gap_ansible/roles/promote_p_to_pe/templates/routers/nokia/system/security/source_addresses.j2
new file mode 100644
index 00000000..cec3327d
--- /dev/null
+++ b/geant/gap_ansible/roles/promote_p_to_pe/templates/routers/nokia/system/security/source_addresses.j2
@@ -0,0 +1,10 @@
+
+                <source-address>
+                   {% for application in nokia_applications %}
+                    <ipv4 xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes" alu:operation="replace">
+                        <application>{{ application.name }}</application>
+                        <interface-name>{{ application.interface_name }}</interface-name>
+                    </ipv4>
+                   {% endfor %}
+                </source-address>
+
-- 
GitLab