From cb753ef08ba3e070b850fba64414a4946ee36123 Mon Sep 17 00:00:00 2001 From: Frank Villaro-Dixon Date: Tue, 18 Jun 2024 20:20:56 +0200 Subject: [PATCH] More betterer with FRR Signed-off-by: Frank Villaro-Dixon --- ansible/configure-server.yml | 39 ++++++++++++++++++++++++++++++++++-- ansible/files/chrony.conf.j2 | 7 +++++++ ansible/files/frr.conf.j2 | 36 +++++++++++++++++++++++++++++++++ ansible/inventory.yml | 17 ++++++++++++++-- 4 files changed, 95 insertions(+), 4 deletions(-) create mode 100644 ansible/files/frr.conf.j2 diff --git a/ansible/configure-server.yml b/ansible/configure-server.yml index 793e55a..d9394c2 100644 --- a/ansible/configure-server.yml +++ b/ansible/configure-server.yml @@ -1,6 +1,7 @@ --- - hosts: pi gather_facts: no + tags: pihw tasks: ## LCD STUFF - name: Enable i2c on boot/config.txt @@ -109,7 +110,6 @@ - hosts: all tasks: - - name: Disable systemd LLMNR lineinfile: dest: /etc/systemd/resolved.conf @@ -134,7 +134,7 @@ - name: Configure chrony template: src: files/chrony.conf.j2 - dest: /etc/chrony.conf + dest: "{{ '/etc/chrony/chrony.conf' if ansible_facts['distribution'] == 'Ubuntu' else '/etc/chrony.conf' }}" owner: root group: root mode: 0644 @@ -152,3 +152,38 @@ service: name: chronyd state: restarted + +## BGP STUFF +- hosts: all + tags: bgp + tasks: + - name: install FRR + package: + name: frr + state: present + when: ansible_facts['distribution'] == 'Ubuntu' + #XXX for arch install it manually with yay + + - name: Enable FRR bgp daemon + lineinfile: + dest: /etc/frr/daemons + regexp: "^bgpd=no" + line: "bgpd=yes" + state: present + + - name: Copy frr config + ansible.builtin.template: + src: files/frr.conf.j2 + dest: /etc/frr/frr.conf + owner: frr + group: frr + mode: 0640 + notify: restart frr + + + + handlers: + - name: restart frr + systemd: + name: frr + state: restarted \ No newline at end of file diff --git a/ansible/files/chrony.conf.j2 b/ansible/files/chrony.conf.j2 index 58d701b..498b06b 100644 --- a/ansible/files/chrony.conf.j2 +++ b/ansible/files/chrony.conf.j2 @@ -19,12 +19,19 @@ pool pool.ntp.infomaniak.ch iburst server ntp11.metas.ch server ntp-p1.obspm.fr +server tock.zg.ch {% if ansible_hostname == "chronos" %} +## Chronos is a stratum 1 server. Peers with ntp-s2 +server ntp-s2.lan.k3s.fr iburst refclock PPS /dev/pps0 refid PPS refclock SHM 0 refid GPS poll 2 precision 1e-3 offset 0.128 {% else %} +## NTP s2 is a VM. Peers with chronos and other NTP S1 servers server chronos.lan.k3s.fr iburst +server ntp-s2-1.itu.ch +server ntp.sceen.net +server ntp1.as34288.net {% endif %} ####################################################################### diff --git a/ansible/files/frr.conf.j2 b/ansible/files/frr.conf.j2 new file mode 100644 index 0000000..a1913e5 --- /dev/null +++ b/ansible/files/frr.conf.j2 @@ -0,0 +1,36 @@ +! +frr version 10.0.1 +frr defaults traditional +hostname {{ ansible_hostname }} +log syslog informational +service integrated-vtysh-config +! +router bgp {{ bgp_asn }} + bgp router-id {{ ansible_default_ipv4.address }} + bgp bestpath as-path multipath-relax + bgp bestpath compare-routerid + neighbor pg-leaf peer-group + neighbor pg-leaf remote-as external + neighbor pg-leaf capability extended-nexthop + neighbor {{ bgp_router_ipv6 }} peer-group pg-leaf + ! + address-family ipv4 unicast + redistribute connected route-map map-bgp-iface + neighbor pg-leaf soft-reconfiguration inbound + exit-address-family + ! + address-family ipv6 unicast + redistribute kernel + redistribute connected route-map map-bgp-iface + neighbor pg-leaf activate + neighbor pg-leaf soft-reconfiguration inbound + neighbor pg-leaf route-map map-bgp-iface out + exit-address-family +exit +! +route-map map-bgp-iface permit 10 + match interface lo +exit +! +end + diff --git a/ansible/inventory.yml b/ansible/inventory.yml index 866efc2..da0bcf9 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -1,7 +1,20 @@ pi: hosts: - 192.168.10.155: #chronos.k3s.fr: + chronos.lan.k3s.fr: + bgp_router_ipv6: 2a01:e0a:431:b521:7683:c2ff:fe4d:4818 + bgp_asn: 64600 + bgp_router_asn: 65100 + bgp_ipv6: 2a01:e0a:431:b527::a123/128 vms: hosts: - 192.168.43.15: #ntp-s2.lan.k3s.fr + ntp-s2-cra.lan.k3s.fr: + bgp_router_ipv6: 2a01:e0a:431:b522:7683:c2ff:fe4d:4818 + bgp_asn: 64601 + bgp_router_asn: 65100 + bgp_ipv6: 2a01:e0a:431:b527::b123/128 + ntp-s2-ces.lan.k3s.fr: + bgp_router_ipv6: 2a0e:e701:122c:42::1 + bgp_asn: 64602 + bgp_router_asn: 65000 + bgp_ipv6: 2a0e:e701:122c:fff0::a123/128