rc/network
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Query prefixes once for all hosts

Browse source 
And group them into vrf_prefixes for VLAN networks and bgp_prefixes for
servers plugged directly into fabric.

This should reduce the number of queries to NetBox when configuring
firewalls and exit switches. Not sure but I think set_fact helps to
avoid queries (as opposed to setting group_vars).
This commit is contained in:
Timotej Lazar 2024-04-28 10:59:32 +02:00
parent 1c0709a6a6
commit 457ab7d3b7
10 changed files with 52 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

21
roles/firewall/templates/networks.nft.j2
View file

@ -1,18 +1,9 @@
{% for vlan in vlans %}
{% set prefixes = query('netbox.netbox.nb_lookup', 'prefixes', api_filter='vlan_id='~vlan.id, raw_data=true) %}
{% set prefixes4 = prefixes | selectattr('family.value', '==', 4) | map(attribute='prefix') %}
{% set prefixes6 = prefixes | selectattr('family.value', '==', 6) | map(attribute='prefix') %}
set {{ vlan.name }} {
type ipv4_addr; flags interval
{% if prefixes4 %}
elements = { {{ prefixes4 | join(', ') }} }
{% endif %}
}
set {{ vlan.name }}/6 {
type ipv6_addr; flags interval
{% if prefixes6 %}
elements = { {{ prefixes6 | join(', ') }} }
{% endif %}
{% for family, family_prefixes in vrf_prefixes | groupby('family.value') %}
{% for vlan, vlan_prefixes in family_prefixes | groupby('vlan.vid') %}
set {{ vlan_prefixes[0].vlan.name }}{% if family == 6 %}/6{% endif %} {
type ipv{{ family }}_addr; flags interval
elements = { {{ vlan_prefixes | map(attribute='prefix') | join(',') }} }
}
{% endfor %}
{% endfor %}