gre/tap: init

68d7d505 · skorpy · 9c70711e · 68d7d505 · 68d7d505 · 68d7d505
Commit 68d7d505 authored 6 years ago by skorpy
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -22,3 +22,4 @@ debug_highstate:
  script:
    - salt-call grains.items --local
    - salt-call --local state.show_highstate -l debug --retcode-passthrough
+
--- a/example-pillar/host/test/init.sls
+++ b/example-pillar/host/test/init.sls
@@ -23,16 +23,18 @@ ifaces:
      - fe80::1
    vrf: vrf_external

-  gre_ffrl_dus_a:
-    type: GRE_FFRL
-    endpoint: 185.66.193.0
-    tunnel-physdev: eth0
+  gretap-test:
+    mode: gretap
    prefixes:
-      - 100.64.7.53/31
-      - 2a03:2260:0:3bf::2/64
+      - 10.11.12.13/24
+      - ffdd::babe/64
+    remote: 192.168.12.1
+    local: 192.168.14.5
+    ttl: 1
+    dev: eth0

  # NAT IP
  nat:
    link-type: dummy
    prefixes:
-      - 185.66.194.32/32
+      - 192.168.11.2/32
--- a/gre/files/ferm.conf.j2
+++ b/gre/files/ferm.conf.j2
+domain (ip ip6) {
+  table filter {
+    chain INPUT {
+      proto gre saddr (
+{% for name, interface in pillar.ifaces.items() if 'mode' in interface %}
+{%- if interface.mode == 'gretap' -%}
+        {{ interface.remote }}
+{%- endif %}
+{%- endfor %}
+      ) ACCEPT;
+    }
+  }
+}
--- a/gre/files/tap.j2
+++ b/gre/files/tap.j2
+{%- for name, interface in pillar.ifaces.items() if 'mode' in interface -%}
+{%- if interface.mode == 'gretap' -%}
+auto {{ name }}
+iface {{ name }}
+	pre-up ip link add $IFACE type gretap remote {{ interface.remote }} local {{ interface.local }} {% if 'ttl' in interface %}ttl {{ interface.ttl }} {% endif %}{% if 'dev' in interface %}dev {{ interface.dev }}{% endif %}
+	{%- if 'mtu' in interface %}
+	pre-up ip link set mtu {{ interface.mtu }} dev $IFACE
+	{%- endif %}
+	{%- for prefix in interface.prefixes %}
+	address {{ prefix }}
+	{%- endfor -%}
+
+{% endif %}
+{%- endfor -%}
--- a/gre/tap.sls
+++ b/gre/tap.sls
+/etc/network/interfaces.d/gretap:
+  file.managed:
+    - source: salt://gre/files/tap.j2
+    - mode: 644
+    - user: root
+    - group: root
+    - template: jinja
+    - makedirs: True
+
+ifreload-on-gretap:
+  cmd.wait:
+    - name: /sbin/ifreload -af
+    - watch:
+      - file: /etc/network/interfaces.d/gretap
+    - require:
+      - file: /etc/network/interfaces.d/gretap
+
+/etc/ferm/conf.d/20-gretap.conf:
+  file.managed:
+    - source: salt://gre/files/ferm.conf.j2
+    - template: jinja
+    - require:
+      - file: /etc/ferm/conf.d
--- a/top.sls
+++ b/top.sls
@@ -19,6 +19,7 @@ base:
    - logrotate
  'test.ffm.freifunk.net':
    - lldp
+    - gre.tap
  'virtual:physical':
    - match: grain
    - lldp
@@ -105,6 +106,7 @@ base:
    - kernel
    - kernel.sysctl
    - network
+    - gre.tap
  'rr*.as64475.net':
    - bird
    - bird.bgp