exit: store VLAN interface addresses in NetBox

… instead of generating them from prefixes. A NetBox script can be used to create and configure all necessary data for a new VLAN. Instead of VLAN roles “inside" and “outside” we now create separate VRFs for inside VLANs to match the actual exit/firewall configuration. The “outside” VRF is for all VLANs that are directly accessible from the internet.
2024-04-10 14:03:50 +02:00 · 2024-04-10 14:03:50 +02:00 · db397cb2b1
commit db397cb2b1
parent ece3b8a377
7 changed files with 32 additions and 51 deletions
--- a/roles/exit/templates/isc-dhcp-relay.j2
+++ b/roles/exit/templates/isc-dhcp-relay.j2
@ -1,4 +1,3 @@
-{% set bridge = interfaces | selectattr('type') | selectattr('type.value', '==', 'bridge') | first %}
 {% set dhcp_networks = query('netbox.netbox.nb_lookup', 'prefixes', api_filter='role=dhcp-pool', raw_data=true)
    | selectattr('vlan') | map(attribute='vlan.vid') | sort -%}

@ -10,7 +9,9 @@ SERVERS="{{ dhcp }}"
 # This variable requires a -i for each interface configured above.
 # This will be used in the actual dhcrelay command
 # For example, "-i eth0 -i eth1"
-INTF_CMD="{{ bridge.tagged_vlans | map(attribute='vid') | intersect(dhcp_networks) | sort | map('regex_replace', '^', '-id bridge.') | join(' ') }} -iu {{ iface_uplink }} -iu peerlink.4"
+INTF_CMD="{{ interfaces | selectattr('parent') | selectattr('parent.name', '==', 'bridge')
+    | selectattr('untagged_vlan') | selectattr('untagged_vlan.vid', 'in', dhcp_networks)
+    | map(attribute='name') | sort | map('regex_replace', '^', '-id ') | join(' ') }} -iu {{ iface_uplink }} -iu peerlink.4"

 # Additional options that are passed to the DHCP relay daemon?
 OPTIONS="-U outside"