From 9f90645c16ed191842f982c489c01e9c9e6f6d96 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sun, 22 Sep 2019 17:21:29 +0200 Subject: [PATCH 1/1] bgp -> hiera role --- data/common.yaml | 3 --- data/nodes/mirror-accumu.debian.org.yaml | 2 ++ data/nodes/mirror-skroutz.debian.org.yaml | 2 ++ modules/roles/manifests/bgp.pp | 33 +++++++++-------------- modules/roles/manifests/init.pp | 4 --- 5 files changed, 16 insertions(+), 28 deletions(-) diff --git a/data/common.yaml b/data/common.yaml index 37432d711..24140e113 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -97,9 +97,6 @@ roles: # XXX - used by ferm templates/defs.conf.erb - backuphost.debian.org - storace.debian.org - bgp: - - mirror-accumu.debian.org - - mirror-skroutz.debian.org postgresql_server: # postgresql instances not managed by puppet otherwise - bmdb1.debian.org diff --git a/data/nodes/mirror-accumu.debian.org.yaml b/data/nodes/mirror-accumu.debian.org.yaml index 1792854f9..959e6eefe 100644 --- a/data/nodes/mirror-accumu.debian.org.yaml +++ b/data/nodes/mirror-accumu.debian.org.yaml @@ -1,8 +1,10 @@ --- classes: + - roles::bgp - roles::debian_mirror - roles::debug_mirror +roles::bgp::peers: ['2001:6b0:1e:2::1c6/128', '130.242.6.198/32'] roles::debian_mirror::listen_addr: ['130.242.6.199', '2001:6b0:1e:2::1c7', '193.31.7.2', '2a02:158:ffff:deb::2'] roles::debian_mirror::healthcheck_name: accumu.debian.backend.mirrors.debian.org roles::debug_mirror::onion_service: true diff --git a/data/nodes/mirror-skroutz.debian.org.yaml b/data/nodes/mirror-skroutz.debian.org.yaml index a2ba7a9bd..b62d707a5 100644 --- a/data/nodes/mirror-skroutz.debian.org.yaml +++ b/data/nodes/mirror-skroutz.debian.org.yaml @@ -1,6 +1,8 @@ --- classes: + - roles::bgp - roles::debian_mirror +roles::bgp::peers: ['2a03:e40:42:200::151:1/128', '2a03:e40:42:200::151:2/128', '154.57.0.249/32', '154.57.0.250/32'] roles::debian_mirror::listen_addr: ['154.57.0.251', '2a03:e40:42:200::151:3', '193.31.7.2', '2a02:158:ffff:deb::2'] roles::debian_mirror::healthcheck_name: skroutz.debian.backend.mirrors.debian.org diff --git a/modules/roles/manifests/bgp.pp b/modules/roles/manifests/bgp.pp index 9e1cdf500..ffcadc1cd 100644 --- a/modules/roles/manifests/bgp.pp +++ b/modules/roles/manifests/bgp.pp @@ -1,22 +1,13 @@ -class roles::bgp { - $bgp_peers = $::hostname ? { - mirror-accumu => '2001:6b0:1e:2::1c6/128 130.242.6.198/32', - mirror-skroutz => '2a03:e40:42:200::151:1/128 2a03:e40:42:200::151:2/128 154.57.0.249/32 154.57.0.250', - default => undef, - } - - if ! $bgp_peers { - fail("Do not have bgp_peers set for $::hostname.") - } - - ferm::rule { 'dsa-bgp': - description => 'Allow BGP from peers', - domain => '(ip ip6)', - rule => "&SERVICE_RANGE(tcp, bgp, ($bgp_peers))" - } - - file { '/etc/network/interfaces.d/anycasted': - content => template('roles/anycast/interfaces.erb') - } - +class roles::bgp( + Array[Stdlib::IP::Address] $peers, +){ + ferm::rule::simple { 'dsa-bgp': + description => 'Allow BGP from peers', + ports => 'bgp', + saddr => $peers, + } + + file { '/etc/network/interfaces.d/anycasted': + content => template('roles/anycast/interfaces.erb') + } } diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index 2324e5714..6accbf741 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -23,10 +23,6 @@ class roles { include roles::snapshot } - if has_role('bgp') { - include roles::bgp - } - if has_role('postgresql_server') { include postgres::backup_source } -- 2.20.1