rc/servers
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Factor frr role from debian, ceph and proxmox

Browse source 
Consolidate base system and networking setup into debian role and BGP
configuration into frr role. Add facts role to collect data from NetBox
once to avoid many slow lookups. Also many other tweaks and cleanups.
This commit is contained in:
Timotej Lazar 2024-05-18 18:35:41 +02:00
parent 256dae2955
commit 25bcddede1
31 changed files with 167 additions and 312 deletions
Download patch file Download diff file Expand all files Collapse all files

12
roles/ceph/templates/nftables.conf.j2
View file

@ -46,10 +46,15 @@ table inet filter {
iif lan0 ip6 saddr fe80::/64 accept
iif lan1 ip6 saddr fe80::/64 accept
iifname mgmt accept comment "management access"
ip saddr @cluster accept comment "accept connections from other nodes"
ip6 saddr @cluster/6 accept comment "accept connections from other nodes"
{% for service in services %}
ip saddr @allowed accept # TODO remove exceptions
ip6 saddr @allowed/6 accept # TODO remove exceptions
{% for service in cluster.custom_fields.services %}
{% set prefixes = service | allowed_prefixes %}
{% set prefixes4 = prefixes | selectattr('family.value', '==', 4) | map('string') %}
{% set prefixes6 = prefixes | selectattr('family.value', '==', 6) | map('string') %}
@ -63,11 +68,6 @@ table inet filter {
{% endif %}
{% endfor %}
iifname mgmt accept comment "management access"
ip saddr @allowed accept
ip6 saddr @allowed/6 accept
}
chain forward {