modules/roles/manifests/bgp.pp

   1 class roles::bgp {
   2         $bgp_peers = $::hostname ? {
   3                 mirror-conova => '2a02:16a8:5404:199::25/128 217.196.157.53/32',
   4                 mirror-accumu => '2001:6b0:1e:2::1c6/128 130.242.6.198/32',
   5                 mirror-skroutz => '2a03:e40:42:200::151:1/128 2a03:e40:42:200::151:2/128 154.57.0.249/32 154.57.0.250',
   6                 default       => undef,
   7         }
   8
   9         if ! $bgp_peers {
  10                 fail("Do not have bgp_peers set for $::hostname.")
  11         }
  12
  13         @ferm::rule { 'dsa-bgp':
  14                 description => 'Allow BGP from peers',
  15                 domain      => '(ip ip6)',
  16                 rule        => "&SERVICE_RANGE(tcp, bgp, ($bgp_peers))"
  17         }
  18
  19         file { '/etc/network/interfaces.d/anycasted':
  20                 content => template('roles/anycast/interfaces.erb')
  21         }
  22
  23 }