modules/roles/manifests/bgp.pp

   1 class roles::bgp {
   2         $bgp_peers = $::hostname ? {
   3                 bilbao        => '2001:41c9:2:13c::2/128 89.16.162.2/32',
   4                 mirror-conova => '2a02:16a8:5404:199::25/128 217.196.157.53/32',
   5                 default       => undef,
   6         }
   7
   8         if ! $bgp_peers {
   9                 fail("Do not have bgp_peers set for $::hostname.")
  10         }
  11
  12         @ferm::rule { 'dsa-bgp':
  13                 description => 'Allow BGP from peers',
  14                 domain      => '(ip ip6)',
  15                 rule        => "&SERVICE_RANGE(tcp, bgp, ($bgp_peers))"
  16         }
  17
  18         file { '/etc/network/interfaces.d/anycasted':
  19                 content => template('roles/anycast/interfaces.erb')
  20         }
  21
  22 }