Skip to content
Snippets Groups Projects
Verified Commit 91dd60fd authored by Simone Spinelli's avatar Simone Spinelli Committed by Karel van Klink
Browse files

Add base config and IP trunks 

Iptrunks conversion from subscription

Adjust base config role and change all dryrun to dry_run

Remove get_facts from iptrunk role + variuos little things

Add iptrunk_checks playbook and resolv some Ansible warnings

Base config always targets console

Ansible host is still a problem

Add a placehlder for installing Ansible

Use ansible_host to target hosts that do not have resolution/reachability

Manage ansible_host inside playbooks when node is offline

make ansible-lint happy

Manage ansible_host when device is offline

Make ansible-lint happy

Modifications to devices and sites: terminal server moved to Site

Add linting

Update management of terminal server also in iptrunks

Base config push working in WFO

Trunks rework: temp/untested changes to enable WFO rework

Refactoring device -> router

Fix indentation and selection of ansible_network_os

More indentation problems

Fix errors with refactoring and task inclusion

Fixed IPtrunk for Juniper - including netconf knob

fix IPTrunk deployment, and add descriptions to nokia interfaces

add .gitignore

Adjusti iptrunk role vars to match new domain model

Add base_config and iptrunks
parent abfa84ca
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 1296 additions and 0 deletions
roles/base_config/templates/routers/base_config.j2 0 → 100644
+ 28
0
View file @ 91dd60fd
{% include 'class_of_service.j2' %}
{% include 'chassis.j2' %}
{# #}
{% include 'forwarding_options.j2' %}
{# #}
{% include 'firewall.j2' %}
{# #}
{% include 'groups.j2' %}
{# #}
{% include 'interfaces.j2' %}
{# #}
{% include 'policy_options.j2' %}
{# #}
{% include 'policy_statements.j2' %}
{# #}
{% include 'routing_options.j2' %}
{# #}
{% include 'services.j2' %}
{# #}
{% include 'snmp.j2' %}
{# #}
{% include 'protocols/protocols_global.j2' %}
{% include 'system/system_global.j2' %}
{% include 'routing_instances.j2' %}
roles/base_config/templates/routers/chassis.j2 0 → 100644
+ 97
0
View file @ 91dd60fd
replace: chassis {
dump-on-panic;
{% if ansible_net_has_2RE == true %}
redundancy {
routing-engine 0 master;
routing-engine 1 backup;
failover {
on-loss-of-keepalives;
on-disk-failure;
}
{% if chassis_graceful_switchover_inactive is sameas true%}
inactive: graceful-switchover;
{% else %}
graceful-switchover;
{% endif %}
}
{% endif %}
routing-engine {
disk {
smart-check;
}
}
aggregated-devices {
ethernet {
device-count {{ chassis_aggredated_ethernet_count }};
}
}
{% if ansible_net_has_2RE == true %}
{% if chassis_fabric_rm is defined %}
fabric {
redundancy-mode {
{{ chassis_fabric_rm }};
}
}
{% endif %}
{% endif %}
{% if chassis_fpcs is defined %}
{% for fpc in chassis_fpcs %}
fpc {{ fpc.fpc_id }} {
{% if ( fpc.power is defined ) and ( fpc.power == "off" ) %}
power off;
{% else %}
{% for pic in fpc.pics %}
pic {{ pic.pic_id }} {
{% if pic.pic_mode is defined %}
pic-mode {{ pic.pic_mode }};
{% endif %}
{% if pic.tunnel_services is defined %}
tunnel-services {
bandwidth {{ pic.tunnel_services }};
}
{% endif %}
{% if pic.inline_services is defined %}
inline-services {
bandwidth {{ pic.inline_services }};
}
{% endif %}
{% if pic.ports is defined %}
{% for port in pic.ports %}
port {{ port.id }} {
speed {{ port.speed }};
}
{% endfor %}
{% endif %}
}
{% endfor %}
sampling-instance ipfx;
inline-services flex-flow-sizing ;
{% endif %}
}
{% endfor %}
{% else %}
{% for net_module in ansible_net_modules %}
{% if 'FPC' in net_module.name %}
{% set fpc_name_as_list = net_module.name.split(" ") %}
fpc {{ fpc_name_as_list[1] }} {
{% if fpc_name_as_list[1] is sameas "0" %}
pic 0 {
tunnel-services {
bandwidth 10g;
}
inline-services {
bandwidth 10g;
}
}
{% endif %}
sampling-instance ipfx;
inline-services flex-flow-sizing ;
}
{% endif %}
{% endfor %}
{% endif %}
{% if chassis_enhanced_ip is sameas true %}
network-services enhanced-ip;
{% endif %}
}
roles/base_config/templates/routers/class_of_service.j2 0 → 100644
+ 136
0
View file @ 91dd60fd
replace: class-of-service {
{% if cos_classifiers is defined %}
classifiers {
{% for classifier in cos_classifiers %}
{{ classifier.type }} {{ classifier.name }} {
import {{ classifier.import }};
{% for forwarding_class in classifier.forwarding_classes %}
forwarding-class {{ forwarding_class.name}} {
loss-priority {{ forwarding_class.loss_priority }} code-points [{% for code_point in forwarding_class.code_points %} {{ code_point }} {% endfor %} ];
}
{% endfor %}
}
{% endfor %}
}
{% else %}
{{ raise('ERROR: YOU HAVE NO CLASSIFIERS DEFINED')}}
{%endif %}
{% if cos_drop_profiles is defined %}
drop-profiles {
{% for drop_profile in cos_drop_profiles %}
{{ drop_profile.name }} {
interpolate {
fill-level [{% for fill_level in drop_profile.fill_levels %} {{ fill_level }} {% endfor %} ];
drop-probability [{% for drop_probability in drop_profile.drop_probabilities %} {{ drop_probability }} {% endfor %} ];
}
}
{% endfor %}
}
{% else %}
{{ raise('ERROR: YOU HAVE NO DROP-PROFILES DEFINED')}}
{%endif %}
{% if cos_forwarding_classes is defined %}
forwarding-classes {
{% for fc in cos_forwarding_classes %}
class {{ fc.name }} queue-num {{ fc.queue_num }} priority {{ fc.priority }};
{% endfor %}
}
{% endif %}
{% if cos_interfaces is defined %}
interfaces {
{% for interface in cos_interfaces %}
{{ interface.regex }} {
{% if interface.scheduler_map is defined %}
scheduler-map {{ interface.scheduler_map}};
{% endif %}
unit * {
classifiers {
{% for classifier in interface.classifiers %}
{{ classifier.type }} {{ classifier.name }} ;
{% endfor %}
}
{% if interface.rewrite_rules is defined %}
rewrite-rules {
{% for rr in interface.rewrite_rules %}
{{ rr.type }} {{ rr.name }} protocol {{ rr.protocol}};
{% endfor %}
}
{% endif %}
}
}
{% endfor %}
}
{% else %}
{{ raise('ERROR: YOU HAVE NO INTERFACES DEFINED')}}
{% endif %}
{% if cos_rewrite_rules is defined %}
{% for rewrite_rule in cos_rewrite_rules %}
rewrite-rules {
{{ rewrite_rule.type }} {{ rewrite_rule.name }} {
import {{ rewrite_rule.import }}
{% if rewrite_rule.forwarding_classes is defined %}
{% for fc in rewrite_rule.forwarding_classes %}
forwarding-class {{ fc.name }} {
{% if fc.loss_priorities is defined %}
{% for lp in fc.loss_priorities %}
loss-priority {{ lp.type }} code-point {{ lp.code_point }};
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}
}
}
{% endfor %}
{% endif %}
{% if cos_scheduler_maps is defined %}
scheduler-maps {
{% for scheduler_map in cos_scheduler_maps %}
{{ scheduler_map.name }} {
{% for mapping in scheduler_map.mappings %}
forwarding-class {{ mapping.class }} scheduler {{ mapping.scheduler }} ;
{% endfor %}
}
{% endfor %}
}
{% else %}
{{ raise('ERROR: YOU HAVE NO SCHEDULER-MAP DEFINED')}}
{% endif %}
{% if cos_schedulers is defined %}
schedulers {
{% for scheduler in cos_schedulers %}
{{ scheduler.name }} {
{% if scheduler.transmit_rate.unit == "remainder" %}
transmit-rate {
remainder;
}
{% elif scheduler.transmit_rate.unit == "percent" %}
transmit-rate percent {{ scheduler.transmit_rate.value }};
{% elif scheduler.transmit_rate.unit == "rate" %}
transmit-rate {{ scheduler.transmit_rate.value }};
{% else %}
{{ raise('ERROR: SCHEDULER TRANSMIT-RATE scheduler.transmit_rate.value NOT VALID')}}
{% endif %}
{% if ((scheduler.buffer_size.unit == "remainder") or (scheduler.buffer_size.unit == "shared")) %}
buffer-size {
{{ scheduler.buffer_size.unit }};
}
{% elif ((scheduler.buffer_size.unit == "percent") or (scheduler.buffer_size.unit == "temporal")) %}
buffer-size {{ scheduler.buffer_size.unit }} {{ scheduler.buffer_size.value }};
{% else %}
{{ raise('ERROR: SCHEDULER TRANSMIT-RATE scheduler.buffer_size.value NOT VALID')}}
{% endif %}
priority {{ scheduler.priority }};
{% if scheduler.drop_profile_map is defined %}
drop-profile-map loss-priority {{ scheduler.drop_profile_map.loss_priority }} protocol {{ scheduler.drop_profile_map.protocol }} drop-profile {{ scheduler.drop_profile_map.drop_profile }};
{% endif %}
}
{% endfor %}
}
{% else %}
{{ raise('ERROR: YOU HAVE NO SCHEDULER DEFINED')}}
{% endif %}
}
roles/base_config/templates/routers/firewall.j2 0 → 100644
+ 77
0
View file @ 91dd60fd
{##}
{#We should validate, but raise does not work :-( #}
{% set supported_from = [ 'destination-address','destination-port','icmp-type','port','prefix-list','protocol','source-address','source-prefix-list','tcp-established' ] %}
{% set supported_then = [ 'accept','policer','discard','reject' ] %}
{##}
firewall {
{% for family, filters in firewall.items() %}
{% if family != "policer" %}
family {{ family }} {
{% for filter, filter_data in filters.items() %}
replace: filter {{ filter }} {
{% if filter_data.options is defined %}
{{ filter_data.options }};
{% endif %}
{% for term in filter_data.terms %}
term {{ term.name }} {
{% if term.from is defined %}
from {
{% for from, from_data in term.from.items() %}
{# Stuff that goes in line: like ports, protocols and similar#}
{% if "tcp-established" in from %}
tcp-established;
{% elif ("port" in from) or ("protocol" in from) or ("icmp-type" in from) or ("next-header" in from) or ("hop-limit" in from)%}
{% if (from_data is iterable) and (from_data is not string) %}
{{ from }} [ {% for from_data_element in from_data %}{{ from_data_element }} {% endfor %} ];
{% else %}
{{ from }} {{ from_data }};
{% endif %}
{# Stuff that goes in a list: like addresses, prefix lists etc... #}
{% else %}
{{ from }} {
{% for from_data_element in from_data %}
{{ from_data_element }};
{% endfor %}
}
{% endif %}
{% endfor %}
}
{% endif %}
then {
{% if (term.then is iterable) and (term.then is not string) %}
{% for then_action in term.then %}
{% if then_action is not string %}
{% for action, destination in then_action.items() %}
{{ action }} {{ destination}};
{% endfor %}
{% else %}
{{ then_action }};
{% endif %}
{% endfor %}
{% else %}
{{ term.then }};
{% endif %}
}
}
{% endfor %}
}
{% endfor %}
}
{% else %}
{% for filter, filter_data in filters.items() %}
replace: policer {{ filter }} {
{% if filter_data.options is defined %}
{{ filter_data.options }};
{% endif %}
if-exceeding {
bandwidth-limit {{ filter_data.bandwidth_limit }};
burst-size-limit {{ filter_data.burst_size_limit }};
}
then discard;
}
{% endfor %}
{% endif %}
{% endfor %}
}
roles/base_config/templates/routers/forwarding_options.j2 0 → 100644
+ 37
0
View file @ 91dd60fd
replace: forwarding-options {
sampling {
instance {
ipfx {
input {
rate 300;
}
{% for family in forwarding_options_families %}
family {{family.name}} {
output {
{% for server in forwarding_options_flow_servers %}
flow-server {{ server.address }} {
port {{ server.port}};
version-ipfix {
template {
{{family.template}};
}
}
}
{% endfor %}
inline-jflow {
source-address {{ forwarding_options_inline_jflow.source_address }}
flow-export-rate {{ forwarding_options_inline_jflow.flow_export_rate }}
}
}
}
{% endfor %}
}
}
}
enhanced-hash-key {
family mpls {
ether-pseudowire zero-control-word;
}
}
no-hyper-mode;
}
roles/base_config/templates/routers/groups.j2 0 → 100644
+ 76
0
View file @ 91dd60fd
{% set hostname_as_a_list= inventory_hostname.split('.')%}
{% set short_hostname= hostname_as_a_list[:3] | join('.')%}
replace: groups {
NO_TRAPS {
interfaces {
<*> {
unit <*> {
no-traps;
}
}
}
}
{% if ansible_net_has_2RE == true %}
re0 {
system {
host-name {{ short_hostname }}.re0;
}
interfaces {
fxp0 {
description "PHY INFRASTRUCTURE MANAGEMENT | re0";
speed 1g;
link-mode full-duplex;
unit 0 {
family inet {
address {{re0_fxp_ipv4address| default('172.16.254.3')}}/24;
}
}
}
}
}
re1 {
system {
host-name {{ short_hostname }}.re1;
}
interfaces {
fxp0 {
description "PHY INFRASTRUCTURE MANAGEMENT | re1";
speed 1g;
link-mode full-duplex;
unit 0 {
family inet {
address {{re1_fxp_ipv4address| default('172.16.254.4')}}/24;
}
}
}
}
}
{%endif%}
load-balance-adaptive {
interfaces {
<ae*> {
aggregated-ether-options {
load-balance {
adaptive;
}
}
}
}
}
}
{% if ansible_net_has_2RE == true %}
system {
replace: apply-groups [ re0 re1 ];
}
interfaces {
replace: apply-groups [ re0 re1 load-balance-adaptive ];
}
replace: apply-groups [ re0 re1 ];
{%else%}
interfaces {
replace: apply-groups [ load-balance-adaptive ];
}
{%endif%}
roles/base_config/templates/routers/interfaces.j2 0 → 100644
+ 63
0
View file @ 91dd60fd
interfaces {
replace: lo0 {
unit 0 {
family inet {
filter {
input ROUTER_access;
}
address {{lo_ipv4_address}}/32;
}
family iso {
address {{ lo_iso_address }};
}
family inet6 {
filter {
input ROUTER_access_V6;
}
address {{lo_ipv6_address}}/128;
}
}
}
replace: dsc {
unit 0 {
description "PHY INFRASTRUCTURE DISCARD | required for Multicast monitoring";
family inet {
address 192.0.2.112/32;
}
}
}
lt-0/0/0 {
replace: unit 16 {
description "SRV_GLOBAL INFRASTRUCTURE ACCESS IAS SRF0000001 | BGP Peering - RE Side";
encapsulation ethernet;
peer-unit 61;
family inet {
filter {
input bone-in;
output bone-out;
}
address {{ lt_ipv4_network | ipaddr('net') | ipaddr('address')}}/31;
}
family inet6 {
filter {
input bone6-in;
output bone6-out;
}
address {{ lt_ipv6_network | ipaddr('net') | ipaddr('1') | ipaddr('address')}}/126;
}
}
replace: unit 61 {
description "SRV_IAS INFRASTRUCTURE ACCESS GLOBAL SRF0000001 | BGP Peering - IAS Side";
encapsulation ethernet;
peer-unit 16;
family inet {
address {{ lt_ipv4_network | ipaddr('net') | ipaddr('1') | ipaddr('address')}}/31;
}
family inet6 {
address {{ lt_ipv6_network | ipaddr('net') | ipaddr('2') | ipaddr('address')}}/126;
}
}
}
}
roles/base_config/templates/routers/juniper/base_config.j2 0 → 100644
+ 28
0
View file @ 91dd60fd
{% include 'class_of_service.j2' %}
{% include 'chassis.j2' %}
{# #}
{% include 'forwarding_options.j2' %}
{# #}
{% include 'firewall.j2' %}
{# #}
{% include 'groups.j2' %}
{# #}
{% include 'interfaces.j2' %}
{# #}
{% include 'policy_options.j2' %}
{# #}
{% include 'policy_statements.j2' %}
{# #}
{% include 'routing_options.j2' %}
{# #}
{% include 'services.j2' %}
{# #}
{% include 'snmp.j2' %}
{# #}
{% include 'protocols/protocols_global.j2' %}
{% include 'system/system_global.j2' %}
{% include 'routing_instances.j2' %}
roles/base_config/templates/routers/juniper/chassis.j2 0 → 100644
+ 97
0
View file @ 91dd60fd
replace: chassis {
dump-on-panic;
{% if ansible_net_has_2RE == true %}
redundancy {
routing-engine 0 master;
routing-engine 1 backup;
failover {
on-loss-of-keepalives;
on-disk-failure;
}
{% if chassis_graceful_switchover_inactive is sameas true%}
inactive: graceful-switchover;
{% else %}
graceful-switchover;
{% endif %}
}
{% endif %}
routing-engine {
disk {
smart-check;
}
}
aggregated-devices {
ethernet {
device-count {{ chassis_aggredated_ethernet_count }};
}
}
{% if ansible_net_has_2RE == true %}
{% if chassis_fabric_rm is defined %}
fabric {
redundancy-mode {
{{ chassis_fabric_rm }};
}
}
{% endif %}
{% endif %}
{% if chassis_fpcs is defined %}
{% for fpc in chassis_fpcs %}
fpc {{ fpc.fpc_id }} {
{% if ( fpc.power is defined ) and ( fpc.power == "off" ) %}
power off;
{% else %}
{% for pic in fpc.pics %}
pic {{ pic.pic_id }} {
{% if pic.pic_mode is defined %}
pic-mode {{ pic.pic_mode }};
{% endif %}
{% if pic.tunnel_services is defined %}
tunnel-services {
bandwidth {{ pic.tunnel_services }};
}
{% endif %}
{% if pic.inline_services is defined %}
inline-services {
bandwidth {{ pic.inline_services }};
}
{% endif %}
{% if pic.ports is defined %}
{% for port in pic.ports %}
port {{ port.id }} {
speed {{ port.speed }};
}
{% endfor %}
{% endif %}
}
{% endfor %}
sampling-instance ipfx;
inline-services flex-flow-sizing ;
{% endif %}
}
{% endfor %}
{% else %}
{% for net_module in ansible_net_modules %}
{% if 'FPC' in net_module.name %}
{% set fpc_name_as_list = net_module.name.split(" ") %}
fpc {{ fpc_name_as_list[1] }} {
{% if fpc_name_as_list[1] is sameas "0" %}
pic 0 {
tunnel-services {
bandwidth 10g;
}
inline-services {
bandwidth 10g;
}
}
{% endif %}
sampling-instance ipfx;
inline-services flex-flow-sizing ;
}
{% endif %}
{% endfor %}
{% endif %}
{% if chassis_enhanced_ip is sameas true %}
network-services enhanced-ip;
{% endif %}
}
roles/base_config/templates/routers/juniper/class_of_service.j2 0 → 100644
+ 136
0
View file @ 91dd60fd
replace: class-of-service {
{% if cos_classifiers is defined %}
classifiers {
{% for classifier in cos_classifiers %}
{{ classifier.type }} {{ classifier.name }} {
import {{ classifier.import }};
{% for forwarding_class in classifier.forwarding_classes %}
forwarding-class {{ forwarding_class.name}} {
loss-priority {{ forwarding_class.loss_priority }} code-points [{% for code_point in forwarding_class.code_points %} {{ code_point }} {% endfor %} ];
}
{% endfor %}
}
{% endfor %}
}
{% else %}
{{ raise('ERROR: YOU HAVE NO CLASSIFIERS DEFINED')}}
{%endif %}
{% if cos_drop_profiles is defined %}
drop-profiles {
{% for drop_profile in cos_drop_profiles %}
{{ drop_profile.name }} {
interpolate {
fill-level [{% for fill_level in drop_profile.fill_levels %} {{ fill_level }} {% endfor %} ];
drop-probability [{% for drop_probability in drop_profile.drop_probabilities %} {{ drop_probability }} {% endfor %} ];
}
}
{% endfor %}
}
{% else %}
{{ raise('ERROR: YOU HAVE NO DROP-PROFILES DEFINED')}}
{%endif %}
{% if cos_forwarding_classes is defined %}
forwarding-classes {
{% for fc in cos_forwarding_classes %}
class {{ fc.name }} queue-num {{ fc.queue_num }} priority {{ fc.priority }};
{% endfor %}
}
{% endif %}
{% if cos_interfaces is defined %}
interfaces {
{% for interface in cos_interfaces %}
{{ interface.regex }} {
{% if interface.scheduler_map is defined %}
scheduler-map {{ interface.scheduler_map}};
{% endif %}
unit * {
classifiers {
{% for classifier in interface.classifiers %}
{{ classifier.type }} {{ classifier.name }} ;
{% endfor %}
}
{% if interface.rewrite_rules is defined %}
rewrite-rules {
{% for rr in interface.rewrite_rules %}
{{ rr.type }} {{ rr.name }} protocol {{ rr.protocol}};
{% endfor %}
}
{% endif %}
}
}
{% endfor %}
}
{% else %}
{{ raise('ERROR: YOU HAVE NO INTERFACES DEFINED')}}
{% endif %}
{% if cos_rewrite_rules is defined %}
{% for rewrite_rule in cos_rewrite_rules %}
rewrite-rules {
{{ rewrite_rule.type }} {{ rewrite_rule.name }} {
import {{ rewrite_rule.import }}
{% if rewrite_rule.forwarding_classes is defined %}
{% for fc in rewrite_rule.forwarding_classes %}
forwarding-class {{ fc.name }} {
{% if fc.loss_priorities is defined %}
{% for lp in fc.loss_priorities %}
loss-priority {{ lp.type }} code-point {{ lp.code_point }};
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}
}
}
{% endfor %}
{% endif %}
{% if cos_scheduler_maps is defined %}
scheduler-maps {
{% for scheduler_map in cos_scheduler_maps %}
{{ scheduler_map.name }} {
{% for mapping in scheduler_map.mappings %}
forwarding-class {{ mapping.class }} scheduler {{ mapping.scheduler }} ;
{% endfor %}
}
{% endfor %}
}
{% else %}
{{ raise('ERROR: YOU HAVE NO SCHEDULER-MAP DEFINED')}}
{% endif %}
{% if cos_schedulers is defined %}
schedulers {
{% for scheduler in cos_schedulers %}
{{ scheduler.name }} {
{% if scheduler.transmit_rate.unit == "remainder" %}
transmit-rate {
remainder;
}
{% elif scheduler.transmit_rate.unit == "percent" %}
transmit-rate percent {{ scheduler.transmit_rate.value }};
{% elif scheduler.transmit_rate.unit == "rate" %}
transmit-rate {{ scheduler.transmit_rate.value }};
{% else %}
{{ raise('ERROR: SCHEDULER TRANSMIT-RATE scheduler.transmit_rate.value NOT VALID')}}
{% endif %}
{% if ((scheduler.buffer_size.unit == "remainder") or (scheduler.buffer_size.unit == "shared")) %}
buffer-size {
{{ scheduler.buffer_size.unit }};
}
{% elif ((scheduler.buffer_size.unit == "percent") or (scheduler.buffer_size.unit == "temporal")) %}
buffer-size {{ scheduler.buffer_size.unit }} {{ scheduler.buffer_size.value }};
{% else %}
{{ raise('ERROR: SCHEDULER TRANSMIT-RATE scheduler.buffer_size.value NOT VALID')}}
{% endif %}
priority {{ scheduler.priority }};
{% if scheduler.drop_profile_map is defined %}
drop-profile-map loss-priority {{ scheduler.drop_profile_map.loss_priority }} protocol {{ scheduler.drop_profile_map.protocol }} drop-profile {{ scheduler.drop_profile_map.drop_profile }};
{% endif %}
}
{% endfor %}
}
{% else %}
{{ raise('ERROR: YOU HAVE NO SCHEDULER DEFINED')}}
{% endif %}
}
roles/base_config/templates/routers/juniper/firewall.j2 0 → 100644
+ 77
0
View file @ 91dd60fd
{##}
{#We should validate, but raise does not work :-( #}
{% set supported_from = [ 'destination-address','destination-port','icmp-type','port','prefix-list','protocol','source-address','source-prefix-list','tcp-established' ] %}
{% set supported_then = [ 'accept','policer','discard','reject' ] %}
{##}
firewall {
{% for family, filters in firewall.items() %}
{% if family != "policer" %}
family {{ family }} {
{% for filter, filter_data in filters.items() %}
replace: filter {{ filter }} {
{% if filter_data.options is defined %}
{{ filter_data.options }};
{% endif %}
{% for term in filter_data.terms %}
term {{ term.name }} {
{% if term.from is defined %}
from {
{% for from, from_data in term.from.items() %}
{# Stuff that goes in line: like ports, protocols and similar#}
{% if "tcp-established" in from %}
tcp-established;
{% elif ("port" in from) or ("protocol" in from) or ("icmp-type" in from) or ("next-header" in from) or ("hop-limit" in from)%}
{% if (from_data is iterable) and (from_data is not string) %}
{{ from }} [ {% for from_data_element in from_data %}{{ from_data_element }} {% endfor %} ];
{% else %}
{{ from }} {{ from_data }};
{% endif %}
{# Stuff that goes in a list: like addresses, prefix lists etc... #}
{% else %}
{{ from }} {
{% for from_data_element in from_data %}
{{ from_data_element }};
{% endfor %}
}
{% endif %}
{% endfor %}
}
{% endif %}
then {
{% if (term.then is iterable) and (term.then is not string) %}
{% for then_action in term.then %}
{% if then_action is not string %}
{% for action, destination in then_action.items() %}
{{ action }} {{ destination}};
{% endfor %}
{% else %}
{{ then_action }};
{% endif %}
{% endfor %}
{% else %}
{{ term.then }};
{% endif %}
}
}
{% endfor %}
}
{% endfor %}
}
{% else %}
{% for filter, filter_data in filters.items() %}
replace: policer {{ filter }} {
{% if filter_data.options is defined %}
{{ filter_data.options }};
{% endif %}
if-exceeding {
bandwidth-limit {{ filter_data.bandwidth_limit }};
burst-size-limit {{ filter_data.burst_size_limit }};
}
then discard;
}
{% endfor %}
{% endif %}
{% endfor %}
}
roles/base_config/templates/routers/juniper/forwarding_options.j2 0 → 100644
+ 37
0
View file @ 91dd60fd
replace: forwarding-options {
sampling {
instance {
ipfx {
input {
rate 300;
}
{% for family in forwarding_options_families %}
family {{family.name}} {
output {
{% for server in forwarding_options_flow_servers %}
flow-server {{ server.address }} {
port {{ server.port}};
version-ipfix {
template {
{{family.template}};
}
}
}
{% endfor %}
inline-jflow {
source-address {{ forwarding_options_inline_jflow.source_address }}
flow-export-rate {{ forwarding_options_inline_jflow.flow_export_rate }}
}
}
}
{% endfor %}
}
}
}
enhanced-hash-key {
family mpls {
ether-pseudowire zero-control-word;
}
}
no-hyper-mode;
}
roles/base_config/templates/routers/juniper/groups.j2 0 → 100644
+ 76
0
View file @ 91dd60fd
{% set hostname_as_a_list= inventory_hostname.split('.')%}
{% set short_hostname= hostname_as_a_list[:3] | join('.')%}
replace: groups {
NO_TRAPS {
interfaces {
<*> {
unit <*> {
no-traps;
}
}
}
}
{% if ansible_net_has_2RE == true %}
re0 {
system {
host-name {{ short_hostname }}.re0;
}
interfaces {
fxp0 {
description "PHY INFRASTRUCTURE MANAGEMENT | re0";
speed 1g;
link-mode full-duplex;
unit 0 {
family inet {
address {{re0_fxp_ipv4address| default('172.16.254.3')}}/24;
}
}
}
}
}
re1 {
system {
host-name {{ short_hostname }}.re1;
}
interfaces {
fxp0 {
description "PHY INFRASTRUCTURE MANAGEMENT | re1";
speed 1g;
link-mode full-duplex;
unit 0 {
family inet {
address {{re1_fxp_ipv4address| default('172.16.254.4')}}/24;
}
}
}
}
}
{%endif%}
load-balance-adaptive {
interfaces {
<ae*> {
aggregated-ether-options {
load-balance {
adaptive;
}
}
}
}
}
}
{% if ansible_net_has_2RE == true %}
system {
replace: apply-groups [ re0 re1 ];
}
interfaces {
replace: apply-groups [ re0 re1 load-balance-adaptive ];
}
replace: apply-groups [ re0 re1 ];
{%else%}
interfaces {
replace: apply-groups [ load-balance-adaptive ];
}
{%endif%}
roles/base_config/templates/routers/juniper/interfaces.j2 0 → 100644
+ 63
0
View file @ 91dd60fd
interfaces {
replace: lo0 {
unit 0 {
family inet {
filter {
input ROUTER_access;
}
address {{lo_ipv4_address}}/32;
}
family iso {
address {{ lo_iso_address }};
}
family inet6 {
filter {
input ROUTER_access_V6;
}
address {{lo_ipv6_address}}/128;
}
}
}
replace: dsc {
unit 0 {
description "PHY INFRASTRUCTURE DISCARD | required for Multicast monitoring";
family inet {
address 192.0.2.112/32;
}
}
}
lt-0/0/0 {
replace: unit 16 {
description "SRV_GLOBAL INFRASTRUCTURE ACCESS IAS SRF0000001 | BGP Peering - RE Side";
encapsulation ethernet;
peer-unit 61;
family inet {
filter {
input bone-in;
output bone-out;
}
address {{ lt_ipv4_network | ipaddr('net') | ipaddr('address')}}/31;
}
family inet6 {
filter {
input bone6-in;
output bone6-out;
}
address {{ lt_ipv6_network | ipaddr('net') | ipaddr('1') | ipaddr('address')}}/126;
}
}
replace: unit 61 {
description "SRV_IAS INFRASTRUCTURE ACCESS GLOBAL SRF0000001 | BGP Peering - IAS Side";
encapsulation ethernet;
peer-unit 16;
family inet {
address {{ lt_ipv4_network | ipaddr('net') | ipaddr('1') | ipaddr('address')}}/31;
}
family inet6 {
address {{ lt_ipv6_network | ipaddr('net') | ipaddr('2') | ipaddr('address')}}/126;
}
}
}
}
roles/base_config/templates/routers/juniper/policy_options.j2 0 → 100644
+ 32
0
View file @ 91dd60fd
policy-options {
{% for config_item, value in po_memory_limits.items() %}
{{ config_item }} {
memory-limit {{value}};
}
{% endfor %}
{# prefix-lists #}
{% for prefixlist in po_prefixlists %}
replace: prefix-list {{ prefixlist.name }} {
{% if prefixlist.prefixes is defined %}
{% for prefix in prefixlist.prefixes %}
{{ prefix }};
{% endfor %}
{% endif %}
{% if prefixlist.apply_path is defined %}
apply-path {{ prefixlist.apply_path }};
{% endif %}
}
{% endfor %}
{# communities #}
{% if po_communities is defined %}
{% for community in po_communities %}
replace: community {{ community.name }} members {{ community.members }};
{% endfor %}
{% endif %}
{# as-path #}
{% if po_as_path is defined %}
{% for as_path in po_as_path %}
replace: as-path {{ as_path.name }} {{ as_path.regex }};
{% endfor %}
{% endif %}
}
roles/base_config/templates/routers/juniper/policy_statements.j2 0 → 100644
+ 103
0
View file @ 91dd60fd
{# TODO: list of from and then keywords as Jinja set #}
{% set FROM_ONE_LINER = ['community-count', 'route-filter', 'source-address-filter', 'family', 'source-class', 'validation-database'] %}
policy-options {
{% if po_communities is defined %}
{% for community in po_communities %}
replace: community {{ community.name }} members {{ community.members }};
{% endfor %}
{% endif %}
{% if po_policy_statements is defined %}
{% for ps, ps_data in po_policy_statements.items() -%}
replace: policy-statement {{ ps }} {
{% if ps_data.terms is defined %}
{% for term in ps_data.terms -%}
term {{term.name}} {
{% if term.from is defined %}
from {
{% for from, from_data in term.from.items() -%}
{# TODO: check intersection of FROM_ONE_LINER and 'from' #}
{%- if ("community-count" in from) or ("route-filter" in from) or ("validation-database" in from) or ("family" in from) or ("source-class" in from) or ("source-address-filter" in from) or ("prefix-list" in from) %}
{% for from_data_element in from_data %}
{{ from }} {{ from_data_element }};
{% endfor %}
{% elif (from_data is iterable) and (from_data is not string) %}
{{ from }} [ {% for from_data_element in from_data %}{{ from_data_element }} {% endfor %} ];
{% else %}
{{ from }} {
{% for from_data_element in from_data -%}
{{ from_data_element }};
{%- endfor %}
}
{% endif -%}
{%- endfor %}
}
{% endif %}
{% if term.then is defined %}
then {
{% for then, then_data in term.then.items() -%}
{% if ("validation-state" in then) or ("next" in then) or ("label-allocation" in then) or ("-class" in then) %}
{% for then_data_element in then_data -%}
{{ then }} {{ then_data_element }};
{% endfor %}
{% elif ("community" in then) %}
{% for then_data_element in then_data -%}
{{ then }} add {{ then_data_element }};
{% endfor %}
{% elif (then_data is iterable) and (then_data is not string) %}
{{ then }} [ {% for then_data_element in then_data -%} {{ then_data_element }} {%- endfor%} ];
{% else %}
{{ then }};
{% endif %}
{%- endfor %}
}
{% endif %}
}
{% endfor %}
{% endif %}
{% if ps_data.from is defined %}
from {
{% for from, from_data in ps_data.from.items() %}
{% if ("community-count" in from) or ("route-filter" in from) or ("validation-database" in from) or ("family" in from) or ("source-class" in from) or ("source-address-filter" in from) or ("prefix-list" in from) %}
{% for from_data_element in from_data %}
{{ from }} {{ from_data_element }};
{% endfor %}
{% elif (from_data is iterable) and (from_data is not string) %}
{{ from }} [ {% for from_data_element in from_data %} {{ from_data_element }} {% endfor %} ];
{% else %}
{{ from }} {
{% for from_data_element in from_data %}
{{ from_data_element }};
{% endfor %}
}
{% endif %}
{% endfor %}
}
{% endif %}
{% if ps_data.then is defined %}
then {
{% for then, then_data in ps_data.then.items() -%}
{% if ("validation-state" in then) or ("next" in then) or ("label-allocation" in then) or ("-class" in then) %}
{% for then_data_element in then_data -%}
{{ then }} {{ then_data_element }};
{% endfor %}
{% elif ("community" in then) %}
{% for then_data_element in then_data -%}
{{ then }} add {{ then_data_element }};
{% endfor %}
{% elif (then_data is iterable) and (then_data is not string) %}
{{ then }} [ {% for then_data_element in then_data -%} {{ then_data_element }} {%- endfor%} ];
{% else %}
{{ then }};
{% endif %}
{%- endfor %}
}
{% endif %}
}
{% endfor %}
{% endif %}
}
roles/base_config/templates/routers/juniper/protocols/bgp.j2 0 → 100644
+ 73
0
View file @ 91dd60fd
protocols {
bgp {
path-selection external-router-id;
precision-timers;
log-updown;
drop-path-attributes 128;
{% if protocols_bgp.groups is defined%}
{% for group in protocols_bgp.groups %}
replace: group {{ group.name }} {
type {{ group.type }};
description "{{ group.description }}";
local-address {{ group.local_address }};
{% if group.families is defined%}
{% for family in group.families %}
family {{ family.name }} {
{% for nlri in family.nlris %}
{{ nlri}};
{% endfor %}
}
{% endfor %}
{% endif %}
{% if group.authentication_key is defined %}
authentication-key {{ group.authentication_key }};
{% endif %}
{% if group.import_policies is defined%}
{# {% if group.import_policies|length > 1 %} #}
import [{% for policy in group.import_policies %} {{ policy }} {% endfor %}];
{# {% else %} #}
{# import {{ policy }};#}
{# {% endif %} #}
{% endif %}
{% if group.export_policies is defined%}
{# {% if group.export_policies|length > 1 %} #}
export [{% for policy in group.export_policies %} {{ policy }} {% endfor %}];
{# {% else %} #}
{# export {{ policy }}; #}
{# {% endif %} #}
{% endif %}
{% if group.neighbors is defined and group.name != "iGEANT" and group.name != "iGEANT6" %}
{% for neighbor in group.neighbors %}
neighbor {{ neighbor.ip_address }} {
description "{{ neighbor.description }}";
hold-time {{ neighbor.hold_time }};
{% if neighbor.passive == True %}
passive ;
{% endif %}
import ps-deny-all;
{% if neighbor.families is defined%}
{% for family in neighbor.families %}
family {{ family.name }} {
{% for nlri in family.nlris %}
{{ nlri}};
{% endfor %}
}
{% endfor %}
{% endif %}
{% if neighbor.authentication_key is defined %}
authentication-key {{ neighbor.authentication_key }};
{% endif %}
{% if neighbor.local_as is defined %}
local-as {{ neighbor.local_as }};
{% endif %}
{% if neighbor.cluster_id is defined %}
cluster {{ neighbor.cluster_id }};
{% endif %}
}
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}
}
}
roles/base_config/templates/routers/juniper/protocols/global_msdp.j2 0 → 100644
+ 19
0
View file @ 91dd60fd
protocols {
replace: msdp {
rib-group multicast;
active-source-limit {
maximum 20000;
threshold 20000;
log-interval 32700;
}
local-address {{ lo_ipv4_address }};
source 0.0.0.0/0 {
active-source-limit {
maximum 1000;
threshold 900;
log-interval 32700;
}
}
{% include 'protocols/internal_msdp.j2' %}
}
}
roles/base_config/templates/routers/juniper/protocols/igmp.j2 0 → 100644
+ 16
0
View file @ 91dd60fd
protocols {
replace: igmp {
interface all {
disable;
}
interface dsc.0 {
version 3;
static {
group 232.223.222.1 {
source 212.201.139.66;
source 193.17.9.3;
}
}
}
}
}
roles/base_config/templates/routers/juniper/protocols/internal_msdp.j2 0 → 100644
+ 25
0
View file @ 91dd60fd
{% if ansible_play_name != 'deploy_base_config' %}
protocols {
msdp {
replace: {% endif %} group internal_msdp {
mode mesh-group;
export [ BOGON_SOURCES ];
import [ BOGON_SOURCES ];
{% if ansible_play_name != 'deploy_base_config' %}
{% if new_router_to_add is defined %}
{% set all_the_network_plus_new_router = groups.lab_routers|union([new_router_to_add])%}
{% for host in all_the_network_plus_new_router|difference([inventory_hostname]) %}
peer {{ hostvars[host]["lo_ipv4_address"] }};
{% endfor %}
{% else %}
{% set all_the_network_plus_new_router = groups.lab_routers %}
{% for host in all_the_network_plus_new_router|difference([inventory_hostname]) %}
peer {{ hostvars[host]["lo_ipv4_address"] }};
{% endfor %}
{% endif %}
{% endif %}
}
{% if ansible_play_name != 'deploy_base_config' %}
}
}
{% endif %}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment