diff options
Diffstat (limited to 'data')
44 files changed, 1001 insertions, 1789 deletions
diff --git a/data/configd-include.json b/data/configd-include.json index 2e44405ee..eb1dd13f9 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -29,6 +29,7 @@ "lldp.py", "nat.py", "ntp.py", +"policy-local-route.py", "protocols_igmp.py", "protocols_isis.py", "protocols_mpls.py", @@ -46,7 +47,7 @@ "system-ip.py", "system-ipv6.py", "system-login-banner.py", -"system-options.py", +"system-option.py", "system-syslog.py", "system-timezone.py", "system_console.py", diff --git a/data/templates/accel-ppp/chap-secrets.ipoe.tmpl b/data/templates/accel-ppp/chap-secrets.ipoe.tmpl index a7d899354..1df878fcf 100644 --- a/data/templates/accel-ppp/chap-secrets.ipoe.tmpl +++ b/data/templates/accel-ppp/chap-secrets.ipoe.tmpl @@ -1,18 +1,18 @@ # username server password acceptable local IP addresses shaper -{% for interface in auth_interfaces -%} -{% for mac in interface.mac -%} -{% if mac.rate_upload and mac.rate_download -%} -{% if mac.vlan_id -%} +{% for interface in auth_interfaces %} +{% for mac in interface.mac %} +{% if mac.rate_upload and mac.rate_download %} +{% if mac.vlan_id %} {{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }} -{% else -%} +{% else %} {{ interface.name }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }} -{% endif -%} -{% else -%} -{% if mac.vlan_id -%} +{% endif %} +{% else %} +{% if mac.vlan_id %} {{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} * -{% else -%} +{% else %} {{ interface.name }} * {{ mac.address | lower }} * -{% endif -%} -{% endif -%} -{% endfor -%} -{% endfor -%} +{% endif %} +{% endif %} +{% endfor %} +{% endfor %} diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2 index c94e75a23..52d5d40e7 100644 --- a/data/templates/accel-ppp/config_chap_secrets_radius.j2 +++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2 @@ -27,7 +27,7 @@ called-sid={{ authentication.radius.called_sid_format }} {% endif %}
{% if authentication.radius.dynamic_author.server is defined and authentication.radius.dynamic_author.server is not none %}
dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.radius.dynamic_author.port }},{{ authentication.radius.dynamic_author.key }}
-{% endif -%}
+{% endif %}
{% endif %}
{# Both chap-secrets and radius block required the gw-ip-address #}
{% if gateway_address is defined and gateway_address is not none %}
diff --git a/data/templates/accel-ppp/ipoe.config.tmpl b/data/templates/accel-ppp/ipoe.config.tmpl index ab61f7f5a..1cf2ab0be 100644 --- a/data/templates/accel-ppp/ipoe.config.tmpl +++ b/data/templates/accel-ppp/ipoe.config.tmpl @@ -35,7 +35,7 @@ password=csid {% endif %} proxy-arp=1 -{%- for interface in interfaces %} +{% for interface in interfaces %} {% if (interface.shared == '0') and (interface.vlan_mon) %} vlan-mon={{ interface.name }},{{ interface.vlan_mon | join(',') }} {% endif %} @@ -43,16 +43,16 @@ vlan-mon={{ interface.name }},{{ interface.vlan_mon | join(',') }} {% if dnsv4 %} [dns] -{% for dns in dnsv4 -%} +{% for dns in dnsv4 %} dns{{ loop.index }}={{ dns }} -{% endfor -%} +{% endfor %} {% endif %} {% if dnsv6 %} [ipv6-dns] -{% for dns in dnsv6 -%} +{% for dns in dnsv6 %} {{ dns }} -{% endfor -%} +{% endfor %} {% endif %} [ipv6-nd] @@ -79,7 +79,7 @@ chap-secrets={{ chap_secrets_file }} verbose=1 {% for r in radius_server %} server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor -%} +{% endfor %} {% if radius_acct_inter_jitter %} acct-interim-jitter={{ radius_acct_inter_jitter }} @@ -90,17 +90,17 @@ timeout={{ radius_timeout }} max-try={{ radius_max_try }} {% if radius_nas_id %} nas-identifier={{ radius_nas_id }} -{% endif -%} +{% endif %} {% if radius_nas_ip %} nas-ip-address={{ radius_nas_ip }} -{% endif -%} +{% endif %} {% if radius_source_address %} bind={{ radius_source_address }} -{% endif -%} +{% endif %} {% if radius_dynamic_author %} dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }} -{% endif -%} +{% endif %} {% if radius_shaper_attr %} [shaper] @@ -108,8 +108,8 @@ verbose=1 attr={{ radius_shaper_attr }} {% if radius_shaper_vendor %} vendor={{ radius_shaper_vendor }} -{% endif -%} -{% endif -%} +{% endif %} +{% endif %} {% endif %} [cli] diff --git a/data/templates/accel-ppp/l2tp.config.tmpl b/data/templates/accel-ppp/l2tp.config.tmpl index 9a3c27912..070a966b7 100644 --- a/data/templates/accel-ppp/l2tp.config.tmpl +++ b/data/templates/accel-ppp/l2tp.config.tmpl @@ -9,7 +9,7 @@ chap-secrets {% if auth_mode == 'radius' %} radius -{% endif -%} +{% endif %} ippool shaper @@ -27,23 +27,23 @@ level=5 {% if dnsv4 %} [dns] -{% for dns in dnsv4 -%} +{% for dns in dnsv4 %} dns{{ loop.index }}={{ dns }} -{% endfor -%} +{% endfor %} {% endif %} {% if dnsv6 %} [ipv6-dns] -{% for dns in dnsv6 -%} +{% for dns in dnsv6 %} {{ dns }} -{% endfor -%} +{% endfor %} {% endif %} {% if wins %} [wins] -{% for server in wins -%} +{% for server in wins %} wins{{ loop.index }}={{ server }} -{% endfor -%} +{% endfor %} {% endif %} [l2tp] @@ -65,11 +65,11 @@ secret={{ lns_shared_secret }} [ip-pool] {% if client_ip_pool %} {{ client_ip_pool }} -{% endif -%} +{% endif %} {% if client_ip_subnets %} {% for sn in client_ip_subnets %} {{sn}} -{% endfor -%} +{% endfor %} {% endif %} {% endif %} {% if gateway_address %} @@ -84,7 +84,7 @@ chap-secrets={{ chap_secrets_file }} verbose=1 {% for r in radius_server %} server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor -%} +{% endfor %} {% if radius_acct_inter_jitter %} acct-interim-jitter={{ radius_acct_inter_jitter }} @@ -96,13 +96,13 @@ max-try={{ radius_max_try }} {% if radius_nas_id %} nas-identifier={{ radius_nas_id }} -{% endif -%} +{% endif %} {% if radius_nas_ip %} nas-ip-address={{ radius_nas_ip }} -{% endif -%} +{% endif %} {% if radius_source_address %} bind={{ radius_source_address }} -{% endif -%} +{% endif %} {% endif %} {% if gateway_address %} gw-ip-address={{ gateway_address }} @@ -144,7 +144,7 @@ verbose=1 attr={{ radius_shaper_attr }} {% if radius_shaper_vendor %} vendor={{ radius_shaper_vendor }} -{% endif -%} +{% endif %} {% endif %} [cli] diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl index 19adbc890..1d6c1fefc 100644 --- a/data/templates/accel-ppp/pppoe.config.tmpl +++ b/data/templates/accel-ppp/pppoe.config.tmpl @@ -108,7 +108,7 @@ interface=re:{{ interface.name }}\.\d+ {% if service_name %} service-name={{ service_name | join(',') }} -{% endif -%} +{% endif %} {% if pado_delay %} pado-delay={{ pado_delay }} diff --git a/data/templates/accel-ppp/pptp.config.tmpl b/data/templates/accel-ppp/pptp.config.tmpl index dc77b42e9..5a6cfe749 100644 --- a/data/templates/accel-ppp/pptp.config.tmpl +++ b/data/templates/accel-ppp/pptp.config.tmpl @@ -7,7 +7,7 @@ ippool chap-secrets {% elif auth_mode == 'radius' %} radius -{% endif -%} +{% endif %} {% for proto in auth_proto %} {{proto}} {% endfor %} @@ -22,16 +22,16 @@ level=5 {% if dnsv4 %} [dns] -{% for dns in dnsv4 -%} +{% for dns in dnsv4 %} dns{{ loop.index }}={{ dns }} -{% endfor -%} +{% endfor %} {% endif %} {% if wins %} [wins] -{% for server in wins -%} +{% for server in wins %} wins{{ loop.index }}={{ server }} -{% endfor -%} +{% endfor %} {% endif %} @@ -67,7 +67,7 @@ chap-secrets={{ chap_secrets_file }} verbose=1 {% for r in radius_server %} server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor -%} +{% endfor %} {% if radius_acct_inter_jitter %} acct-interim-jitter={{ radius_acct_inter_jitter }} @@ -79,13 +79,13 @@ max-try={{ radius_max_try }} {% if radius_nas_id %} nas-identifier={{ radius_nas_id }} -{% endif -%} +{% endif %} {% if radius_nas_ip %} nas-ip-address={{ radius_nas_ip }} -{% endif -%} +{% endif %} {% if radius_source_address %} bind={{ radius_source_address }} -{% endif -%} +{% endif %} {% endif %} [cli] diff --git a/data/templates/bcast-relay/udp-broadcast-relay.tmpl b/data/templates/bcast-relay/udp-broadcast-relay.tmpl index d0c7d8bf9..73e9acad4 100644 --- a/data/templates/bcast-relay/udp-broadcast-relay.tmpl +++ b/data/templates/bcast-relay/udp-broadcast-relay.tmpl @@ -1,7 +1,7 @@ ### Autogenerated by bcast_relay.py ### # UDP broadcast relay configuration for instance {{ id }} -{%- if description %} +{% if description %} # Comment: {{ description }} {% endif %} DAEMON_ARGS="{{ '-s ' + address if address is defined }} {{ instance }} {{ port }} {{ interface | join(' ') }}" diff --git a/data/templates/dhcp-relay/config.tmpl b/data/templates/dhcp-relay/config.tmpl deleted file mode 100644 index b223807cf..000000000 --- a/data/templates/dhcp-relay/config.tmpl +++ /dev/null @@ -1,4 +0,0 @@ -### Autogenerated by dhcp_relay.py ### - -# Defaults for isc-dhcp-relay6.service -OPTIONS="{{ options | join(' ') }} -i {{ interface | join(' -i ') }} {{ server | join(' ') }}" diff --git a/data/templates/dhcp-relay/dhcrelay.conf.tmpl b/data/templates/dhcp-relay/dhcrelay.conf.tmpl new file mode 100644 index 000000000..a9d17ed9a --- /dev/null +++ b/data/templates/dhcp-relay/dhcrelay.conf.tmpl @@ -0,0 +1,6 @@ +### Autogenerated by dhcp_relay.py ### + +{% set max_size = '-A ' + relay_options.max_size if relay_options.max_size is defined and relay_options.max_size is not none %} +{# hop_count and relay_agents_packets is a default option, thus it is always present #} +OPTIONS="-c {{ relay_options.hop_count }} -a -m {{ relay_options.relay_agents_packets }} {{ max_size }} -i {{ interface | join(' -i ') }} {{ server | join(' ') }}" + diff --git a/data/templates/dhcp-relay/dhcrelay6.conf.tmpl b/data/templates/dhcp-relay/dhcrelay6.conf.tmpl new file mode 100644 index 000000000..58c216b7c --- /dev/null +++ b/data/templates/dhcp-relay/dhcrelay6.conf.tmpl @@ -0,0 +1,21 @@ +### Autogenerated by dhcpv6_relay.py ### + +{# upstream_interface is mandatory so it's always present #} +{% set upstream = namespace(value='') %} +{% for interface, config in upstream_interface.items() %} +{% for address in config.address %} +{% set upstream.value = upstream.value + '-u ' + address + '%' + interface + ' ' %} +{% endfor %} +{% endfor %} +{# listen_interface is mandatory so it's always present #} +{% set listen = namespace(value='') %} +{% for interface, config in listen_interface.items() %} +{% if config.address is defined and config.address is not none %} +{% set listen.value = listen.value + '-l ' + config.address + '%' + interface + ' ' %} +{% else %} +{% set listen.value = listen.value + '-l ' + interface + ' ' %} +{% endif %} +{% endfor %} + +OPTIONS="{{ listen.value }} {{ upstream.value }} -c {{ max_hop_count }} {{ '-I' if use_interface_id_option is defined }}" + diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl index 5f5129451..f431d3207 100644 --- a/data/templates/dhcp-server/dhcpd.conf.tmpl +++ b/data/templates/dhcp-server/dhcpd.conf.tmpl @@ -23,38 +23,38 @@ on expiry { execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "release", ClientName, ClientIp, ClientMac, ClientDomain); } {% endif %} -{%- if host_decl_name %} +{% if host_decl_name %} use-host-decl-names on; -{%- endif %} -ddns-update-style {% if ddns_enable -%} interim {%- else -%} none {%- endif %}; -{% if static_route -%} +{% endif %} +ddns-update-style {% if ddns_enable %} interim {% else %} none {% endif %}; +{% if static_route %} option rfc3442-static-route code 121 = array of integer 8; option windows-static-route code 249 = array of integer 8; -{%- endif %} -{% if wpad -%} +{% endif %} +{% if wpad %} option wpad-url code 252 = text; {% endif %} -{%- if global_parameters %} +{% if global_parameters %} # The following {{ global_parameters | length }} line(s) were added as global-parameters in the CLI and have not been validated -{%- for param in global_parameters %} +{% for param in global_parameters %} {{ param }} -{%- endfor -%} -{%- endif %} +{% endfor %} +{% endif %} # Failover configuration {% for network in shared_network %} -{%- if not network.disabled -%} -{%- for subnet in network.subnet %} -{%- if subnet.failover_name -%} +{% if not network.disabled %} +{% for subnet in network.subnet %} +{% if subnet.failover_name %} failover peer "{{ subnet.failover_name }}" { -{%- if subnet.failover_status == 'primary' %} +{% if subnet.failover_status == 'primary' %} primary; mclt 1800; split 128; -{%- elif subnet.failover_status == 'secondary' %} +{% elif subnet.failover_status == 'secondary' %} secondary; -{%- endif %} +{% endif %} address {{ subnet.failover_local_addr }}; port 520; peer address {{ subnet.failover_peer_addr }}; @@ -63,133 +63,133 @@ failover peer "{{ subnet.failover_name }}" { max-unacked-updates 10; load balance max seconds 3; } -{% endif -%} -{% endfor -%} -{% endif -%} +{% endif %} +{% endfor %} +{% endif %} {% endfor %} # Shared network configration(s) {% for network in shared_network %} -{%- if not network.disabled -%} +{% if not network.disabled %} shared-network {{ network.name }} { - {%- if network.authoritative %} + {% if network.authoritative %} authoritative; - {%- endif %} - {%- if network.network_parameters %} + {% endif %} + {% if network.network_parameters %} # The following {{ network.network_parameters | length }} line(s) were added as shared-network-parameters in the CLI and have not been validated - {%- for param in network.network_parameters %} + {% for param in network.network_parameters %} {{ param }} - {%- endfor %} - {%- endif %} - {%- for subnet in network.subnet %} + {% endfor %} + {% endif %} + {% for subnet in network.subnet %} subnet {{ subnet.address }} netmask {{ subnet.netmask }} { - {%- if subnet.dns_server %} + {% if subnet.dns_server %} option domain-name-servers {{ subnet.dns_server | join(', ') }}; - {%- endif %} - {%- if subnet.domain_search %} + {% endif %} + {% if subnet.domain_search %} option domain-search {{ subnet.domain_search | join(', ') }}; - {%- endif %} - {%- if subnet.ntp_server %} + {% endif %} + {% if subnet.ntp_server %} option ntp-servers {{ subnet.ntp_server | join(', ') }}; - {%- endif %} - {%- if subnet.pop_server %} + {% endif %} + {% if subnet.pop_server %} option pop-server {{ subnet.pop_server | join(', ') }}; - {%- endif %} - {%- if subnet.smtp_server %} + {% endif %} + {% if subnet.smtp_server %} option smtp-server {{ subnet.smtp_server | join(', ') }}; - {%- endif %} - {%- if subnet.time_server %} + {% endif %} + {% if subnet.time_server %} option time-servers {{ subnet.time_server | join(', ') }}; - {%- endif %} - {%- if subnet.wins_server %} + {% endif %} + {% if subnet.wins_server %} option netbios-name-servers {{ subnet.wins_server | join(', ') }}; - {%- endif %} - {%- if subnet.static_route %} + {% endif %} + {% if subnet.static_route %} option rfc3442-static-route {{ subnet.static_route }}{% if subnet.rfc3442_default_router %}, {{ subnet.rfc3442_default_router }}{% endif %}; option windows-static-route {{ subnet.static_route }}; - {%- endif %} - {%- if subnet.ip_forwarding %} + {% endif %} + {% if subnet.ip_forwarding %} option ip-forwarding true; - {%- endif -%} - {%- if subnet.default_router %} + {% endif %} + {% if subnet.default_router %} option routers {{ subnet.default_router }}; - {%- endif -%} - {%- if subnet.server_identifier %} + {% endif %} + {% if subnet.server_identifier %} option dhcp-server-identifier {{ subnet.server_identifier }}; - {%- endif -%} - {%- if subnet.domain_name %} + {% endif %} + {% if subnet.domain_name %} option domain-name "{{ subnet.domain_name }}"; - {%- endif -%} - {%- if subnet.subnet_parameters %} + {% endif %} + {% if subnet.subnet_parameters %} # The following {{ subnet.subnet_parameters | length }} line(s) were added as subnet-parameters in the CLI and have not been validated - {%- for param in subnet.subnet_parameters %} + {% for param in subnet.subnet_parameters %} {{ param }} - {%- endfor -%} - {%- endif %} - {%- if subnet.tftp_server %} + {% endfor %} + {% endif %} + {% if subnet.tftp_server %} option tftp-server-name "{{ subnet.tftp_server }}"; - {%- endif -%} - {%- if subnet.bootfile_name %} + {% endif %} + {% if subnet.bootfile_name %} option bootfile-name "{{ subnet.bootfile_name }}"; filename "{{ subnet.bootfile_name }}"; - {%- endif -%} - {%- if subnet.bootfile_server %} + {% endif %} + {% if subnet.bootfile_server %} next-server {{ subnet.bootfile_server }}; - {%- endif -%} - {%- if subnet.time_offset %} + {% endif %} + {% if subnet.time_offset %} option time-offset {{ subnet.time_offset }}; - {%- endif -%} - {%- if subnet.wpad_url %} + {% endif %} + {% if subnet.wpad_url %} option wpad-url "{{ subnet.wpad_url }}"; - {%- endif -%} - {%- if subnet.client_prefix_length %} + {% endif %} + {% if subnet.client_prefix_length %} option subnet-mask {{ subnet.client_prefix_length }}; - {%- endif -%} + {% endif %} {% if subnet.lease %} default-lease-time {{ subnet.lease }}; max-lease-time {{ subnet.lease }}; - {%- endif -%} - {%- for host in subnet.static_mapping %} - {% if not host.disabled -%} - host {% if host_decl_name -%} {{ host.name }} {%- else -%} {{ network.name }}_{{ host.name }} {%- endif %} { - {%- if host.ip_address %} + {% endif %} + {% for host in subnet.static_mapping %} + {% if not host.disabled %} + host {% if host_decl_name %} {{ host.name }} {% else %} {{ network.name }}_{{ host.name }} {% endif %} { + {% if host.ip_address %} fixed-address {{ host.ip_address }}; - {%- endif %} + {% endif %} hardware ethernet {{ host.mac_address }}; - {%- if host.static_parameters %} + {% if host.static_parameters %} # The following {{ host.static_parameters | length }} line(s) were added as static-mapping-parameters in the CLI and have not been validated - {%- for param in host.static_parameters %} + {% for param in host.static_parameters %} {{ param }} - {%- endfor -%} - {%- endif %} + {% endfor %} + {% endif %} } - {%- endif %} - {%- endfor %} - {%- if subnet.failover_name %} + {% endif %} + {% endfor %} + {% if subnet.failover_name %} pool { failover peer "{{ subnet.failover_name }}"; deny dynamic bootp clients; - {%- for range in subnet.range %} + {% for range in subnet.range %} range {{ range.start }} {{ range.stop }}; - {%- endfor %} + {% endfor %} } - {%- else %} - {%- for range in subnet.range %} + {% else %} + {% for range in subnet.range %} range {{ range.start }} {{ range.stop }}; - {%- endfor %} - {%- endif %} + {% endfor %} + {% endif %} } - {%- endfor %} + {% endfor %} on commit { set shared-networkname = "{{ network.name }}"; - {% if hostfile_update -%} + {% if hostfile_update %} set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name); set ClientIp = binary-to-ascii(10, 8, ".", leased-address); set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)); set ClientDomain = pick-first-value(config-option domain-name, "..YYZ!"); execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "commit", ClientName, ClientIp, ClientMac, ClientDomain); - {%- endif %} + {% endif %} } } -{%- endif %} +{% endif %} {% endfor %} diff --git a/data/templates/dhcpv6-relay/config.tmpl b/data/templates/dhcpv6-relay/config.tmpl deleted file mode 100644 index 55035ae6c..000000000 --- a/data/templates/dhcpv6-relay/config.tmpl +++ /dev/null @@ -1,4 +0,0 @@ -### Autogenerated by dhcpv6_relay.py ### - -# Defaults for isc-dhcp-relay6.service -OPTIONS="-l {{ listen_addr | join(' -l ') }} -u {{ upstream_addr | join(' -u ') }} {{ options | join(' ') }}" diff --git a/data/templates/dhcpv6-server/dhcpdv6.conf.tmpl b/data/templates/dhcpv6-server/dhcpdv6.conf.tmpl index bdeea71da..aa6d7fb5d 100644 --- a/data/templates/dhcpv6-server/dhcpdv6.conf.tmpl +++ b/data/templates/dhcpv6-server/dhcpdv6.conf.tmpl @@ -4,87 +4,87 @@ # https://www.isc.org/wp-content/uploads/2017/08/dhcp43options.html log-facility local7; -{%- if preference %} +{% if preference %} option dhcp6.preference {{ preference }}; -{%- endif %} +{% endif %} # Shared network configration(s) {% for network in shared_network %} -{%- if not network.disabled -%} +{% if not network.disabled %} shared-network {{ network.name }} { - {%- if network.common.info_refresh_time %} + {% if network.common.info_refresh_time %} option dhcp6.info-refresh-time {{ network.common.info_refresh_time }}; - {%- endif %} - {%- if network.common.domain_search %} + {% endif %} + {% if network.common.domain_search %} option dhcp6.domain-search "{{ network.common.domain_search | join('", "') }}"; - {%- endif %} - {%- if network.common.dns_server %} + {% endif %} + {% if network.common.dns_server %} option dhcp6.name-servers {{ network.common.dns_server | join(', ') }}; - {%- endif %} - {%- for subnet in network.subnet %} + {% endif %} + {% for subnet in network.subnet %} subnet6 {{ subnet.network }} { - {%- for range in subnet.range6_prefix %} + {% for range in subnet.range6_prefix %} range6 {{ range.prefix }}{{ " temporary" if range.temporary }}; - {%- endfor %} - {%- for range in subnet.range6 %} + {% endfor %} + {% for range in subnet.range6 %} range6 {{ range.start }} {{ range.stop }}; - {%- endfor %} - {%- if subnet.domain_search %} + {% endfor %} + {% if subnet.domain_search %} option dhcp6.domain-search "{{ subnet.domain_search | join('", "') }}"; - {%- endif %} - {%- if subnet.lease_def %} + {% endif %} + {% if subnet.lease_def %} default-lease-time {{ subnet.lease_def }}; - {%- endif %} - {%- if subnet.lease_max %} + {% endif %} + {% if subnet.lease_max %} max-lease-time {{ subnet.lease_max }}; - {%- endif %} - {%- if subnet.lease_min %} + {% endif %} + {% if subnet.lease_min %} min-lease-time {{ subnet.lease_min }}; - {%- endif %} - {%- if subnet.dns_server %} + {% endif %} + {% if subnet.dns_server %} option dhcp6.name-servers {{ subnet.dns_server | join(', ') }}; - {%- endif %} - {%- if subnet.nis_domain %} + {% endif %} + {% if subnet.nis_domain %} option dhcp6.nis-domain-name "{{ subnet.nis_domain }}"; - {%- endif %} - {%- if subnet.nis_server %} + {% endif %} + {% if subnet.nis_server %} option dhcp6.nis-servers {{ subnet.nis_server | join(', ') }}; - {%- endif %} - {%- if subnet.nisp_domain %} + {% endif %} + {% if subnet.nisp_domain %} option dhcp6.nisp-domain-name "{{ subnet.nisp_domain }}"; - {%- endif %} - {%- if subnet.nisp_server %} + {% endif %} + {% if subnet.nisp_server %} option dhcp6.nisp-servers {{ subnet.nisp_server | join(', ') }}; - {%- endif %} - {%- if subnet.sip_address %} + {% endif %} + {% if subnet.sip_address %} option dhcp6.sip-servers-addresses {{ subnet.sip_address | join(', ') }}; - {%- endif %} - {%- if subnet.sip_hostname %} + {% endif %} + {% if subnet.sip_hostname %} option dhcp6.sip-servers-names "{{ subnet.sip_hostname | join('", "') }}"; - {%- endif %} - {%- if subnet.sntp_server %} + {% endif %} + {% if subnet.sntp_server %} option dhcp6.sntp-servers {{ subnet.sntp_server | join(', ') }}; - {%- endif %} - {%- for prefix in subnet.prefix_delegation %} + {% endif %} + {% for prefix in subnet.prefix_delegation %} prefix6 {{ prefix.start }} {{ prefix.stop }} /{{ prefix.length }}; - {%- endfor %} - {%- for host in subnet.static_mapping %} - {% if not host.disabled -%} + {% endfor %} + {% for host in subnet.static_mapping %} + {% if not host.disabled %} host {{ network.name }}_{{ host.name }} { - {%- if host.client_identifier %} + {% if host.client_identifier %} host-identifier option dhcp6.client-id {{ host.client_identifier }}; - {%- endif %} - {%- if host.ipv6_address %} + {% endif %} + {% if host.ipv6_address %} fixed-address6 {{ host.ipv6_address }}; - {%- endif %} + {% endif %} } - {%- endif %} - {%- endfor %} + {% endif %} + {% endfor %} } - {%- endfor %} + {% endfor %} on commit { set shared-networkname = "{{ network.name }}"; } } -{%- endif %} +{% endif %} {% endfor %} diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl index 286c21859..8769c2384 100644 --- a/data/templates/firewall/nftables-nat.tmpl +++ b/data/templates/firewall/nftables-nat.tmpl @@ -1,161 +1,143 @@ #!/usr/sbin/nft -f -# Start with clean NAT table -flush table nat - -{% if helper_functions == 'remove' %} -{# NAT if going to be disabled - remove rules and targets from nftables #} - -{% set base_command = "delete rule ip raw" %} -{{ base_command }} PREROUTING handle {{ pre_ct_ignore }} -{{ base_command }} OUTPUT handle {{ out_ct_ignore }} -{{ base_command }} PREROUTING handle {{ pre_ct_conntrack }} -{{ base_command }} OUTPUT handle {{ out_ct_conntrack }} - -delete chain ip raw NAT_CONNTRACK - -{% elif helper_functions == 'add' %} -{# NAT if enabled - add targets to nftables #} -add chain ip raw NAT_CONNTRACK -add rule ip raw NAT_CONNTRACK counter accept - -{% set base_command = "add rule ip raw" %} - -{{ base_command }} PREROUTING position {{ pre_ct_ignore }} counter jump VYATTA_CT_HELPER -{{ base_command }} OUTPUT position {{ out_ct_ignore }} counter jump VYATTA_CT_HELPER -{{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK -{{ base_command }} OUTPUT position {{ out_ct_conntrack }} counter jump NAT_CONNTRACK -{% endif %} - -{% macro nat_rule(rule, chain) %} +{% macro nat_rule(rule, config, chain) %} {% set comment = "" %} {% set base_log = "" %} - -{% set src_addr = "ip saddr " + rule.source_address if rule.source_address %} -{% set dst_addr = "ip daddr " + rule.dest_address if rule.dest_address %} - +{% set src_addr = "ip saddr " + config.source.address if config.source is defined and config.source.address is defined and config.source.address is not none %} +{% set dst_addr = "ip daddr " + config.destination.address if config.destination is defined and config.destination.address is defined and config.destination.address is not none %} {# negated port groups need special treatment, move != in front of { } group #} -{% if rule.source_port.startswith('!=') %} -{% set src_port = "sport != { " + rule.source_port.replace('!=','') +" }" if rule.source_port %} +{% if config.source is defined and config.source.port is defined and config.source.port is not none and config.source.port.startswith('!=') %} +{% set src_port = "sport != { " + config.source.port.replace('!=','') +" }" %} {% else %} -{% set src_port = "sport { " + rule.source_port +" }" if rule.source_port %} +{% set src_port = "sport { " + config.source.port +" }" if config.source is defined and config.source.port is defined and config.source.port is not none %} {% endif %} - {# negated port groups need special treatment, move != in front of { } group #} -{% if rule.dest_port.startswith('!=') %} -{% set dst_port = "dport != { " + rule.dest_port.replace('!=','') +" }" if rule.dest_port %} +{% if config.destination is defined and config.destination.port is defined and config.destination.port is not none and config.destination.port.startswith('!=') %} +{% set dst_port = "dport != { " + config.destination.port.replace('!=','') +" }" %} {% else %} -{% set dst_port = "dport { " + rule.dest_port +" }" if rule.dest_port %} +{% set dst_port = "dport { " + config.destination.port +" }" if config.destination is defined and config.destination.port is defined and config.destination.port is not none %} {% endif %} - {% if chain == "PREROUTING" %} -{% set comment = "DST-NAT-" + rule.number %} -{% set base_log = "[NAT-DST-" + rule.number %} -{% set interface = " iifname \"" + rule.interface_in + "\"" if rule.interface_in is defined and rule.interface_in != 'any' else '' %} -{% set trns_addr = "dnat to " + rule.translation_address %} - +{% set comment = "DST-NAT-" + rule %} +{% set base_log = "[NAT-DST-" + rule %} +{% set interface = " iifname \"" + config.inbound_interface + "\"" if config.inbound_interface is defined and config.inbound_interface != 'any' else '' %} +{% set trns_addr = "dnat to " + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %} {% elif chain == "POSTROUTING" %} -{% set comment = "SRC-NAT-" + rule.number %} -{% set base_log = "[NAT-SRC-" + rule.number %} -{% set interface = " oifname \"" + rule.interface_out + "\"" if rule.interface_out is defined and rule.interface_out != 'any' else '' %} -{% if rule.translation_address == 'masquerade' %} -{% set trns_addr = rule.translation_address %} -{% if rule.translation_port %} +{% set comment = "SRC-NAT-" + rule %} +{% set base_log = "[NAT-SRC-" + rule %} +{% set interface = " oifname \"" + config.outbound_interface + "\"" if config.outbound_interface is defined and config.outbound_interface != 'any' else '' %} +{% if config.translation is defined and config.translation.address is defined and config.translation.address == 'masquerade' %} +{% set trns_addr = config.translation.address %} +{% if config.translation.port is defined and config.translation.port is not none %} {% set trns_addr = trns_addr + " to " %} {% endif %} {% else %} -{% set trns_addr = "snat to " + rule.translation_address %} +{% set trns_addr = "snat to " + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %} {% endif %} {% endif %} -{% set trns_port = ":" + rule.translation_port if rule.translation_port %} - -{% if rule.protocol == "tcp_udp" %} +{% set trns_port = ":" + config.translation.port if config.translation is defined and config.translation.port is defined and config.translation.port is not none %} +{# protocol has a default value thus it is always present #} +{% if config.protocol == "tcp_udp" %} {% set protocol = "tcp" %} {% set comment = comment + " tcp_udp" %} {% else %} -{% set protocol = rule.protocol %} +{% set protocol = config.protocol %} {% endif %} - -{% if rule.log %} -{% if rule.exclude %} +{% if config.log is defined %} +{% if config.exclude is defined %} {% set log = base_log + "-EXCL]" %} -{% elif rule.translation_address == 'masquerade' %} +{% elif config.translation is defined and config.translation.address is defined and config.translation.address == 'masquerade' %} {% set log = base_log + "-MASQ]" %} {% else %} {% set log = base_log + "]" %} {% endif %} {% endif %} - -{% if rule.exclude %} +{% if config.exclude is defined %} {# rule has been marked as "exclude" thus we simply return here #} {% set trns_addr = "return" %} {% set trns_port = "" %} {% endif %} - {% set output = "add rule ip nat " + chain + interface %} - {% if protocol != "all" %} {% set output = output + " ip protocol " + protocol %} {% endif %} - {% if src_addr %} {% set output = output + " " + src_addr %} {% endif %} {% if src_port %} {% set output = output + " " + protocol + " " + src_port %} {% endif %} - {% if dst_addr %} {% set output = output + " " + dst_addr %} {% endif %} {% if dst_port %} {% set output = output + " " + protocol + " " + dst_port %} {% endif %} - {# Count packets #} {% set output = output + " counter" %} - {# Special handling of log option, we must repeat the entire rule before the #} {# NAT translation options are added, this is essential #} {% if log %} {% set log_output = output + " log prefix \"" + log + "\" comment \"" + comment + "\"" %} {% endif %} - {% if trns_addr %} {% set output = output + " " + trns_addr %} {% endif %} - {% if trns_port %} {# Do not add a whitespace here, translation port must be directly added after IP address #} {# e.g. 192.0.2.10:3389 #} {% set output = output + trns_port %} {% endif %} - {% if comment %} {% set output = output + " comment \"" + comment + "\"" %} {% endif %} - {{ log_output if log_output }} {{ output }} - {# Special handling if protocol is tcp_udp, we must repeat the entire rule with udp as protocol #} -{% if rule.protocol == "tcp_udp" %} +{% if config.protocol == "tcp_udp" %} {# Beware of trailing whitespace, without it the comment tcp_udp will be changed to udp_udp #} {{ log_output | replace("tcp ", "udp ") if log_output }} {{ output | replace("tcp ", "udp ") }} {% endif %} {% endmacro %} +# Start with clean NAT table +flush table nat +{% if helper_functions == 'remove' %} +{# NAT if going to be disabled - remove rules and targets from nftables #} +{% set base_command = "delete rule ip raw" %} +{{ base_command }} PREROUTING handle {{ pre_ct_ignore }} +{{ base_command }} OUTPUT handle {{ out_ct_ignore }} +{{ base_command }} PREROUTING handle {{ pre_ct_conntrack }} +{{ base_command }} OUTPUT handle {{ out_ct_conntrack }} + +delete chain ip raw NAT_CONNTRACK + +{% elif helper_functions == 'add' %} +{# NAT if enabled - add targets to nftables #} +add chain ip raw NAT_CONNTRACK +add rule ip raw NAT_CONNTRACK counter accept +{% set base_command = "add rule ip raw" %} +{{ base_command }} PREROUTING position {{ pre_ct_ignore }} counter jump VYATTA_CT_HELPER +{{ base_command }} OUTPUT position {{ out_ct_ignore }} counter jump VYATTA_CT_HELPER +{{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK +{{ base_command }} OUTPUT position {{ out_ct_conntrack }} counter jump NAT_CONNTRACK +{% endif %} + # # Destination NAT rules build up here # -{% for rule in destination if not rule.disabled -%} -{{ nat_rule(rule, 'PREROUTING') }} -{% endfor %} +{% if destination is defined and destination.rule is defined and destination.rule is not none %} +{% for rule, config in destination.rule.items() if config.disable is not defined %} +{{ nat_rule(rule, config, 'PREROUTING') }} +{% endfor %} +{% endif %} # # Source NAT rules build up here # -{% for rule in source if not rule.disabled -%} -{{ nat_rule(rule, 'POSTROUTING') }} -{% endfor %} +{% if source is defined and source.rule is defined and source.rule is not none %} +{% for rule, config in source.rule.items() if config.disable is not defined %} +{{ nat_rule(rule, config, 'POSTROUTING') }} +{% endfor %} +{% endif %} diff --git a/data/templates/frr/bfd.frr.tmpl b/data/templates/frr/bfd.frr.tmpl index 7df4bfd01..95a29e06a 100644 --- a/data/templates/frr/bfd.frr.tmpl +++ b/data/templates/frr/bfd.frr.tmpl @@ -1,10 +1,10 @@ ! bfd -{% for peer in old_peers -%} +{% for peer in old_peers %} no peer {{ peer.remote }}{% if peer.multihop %} multihop{% endif %}{% if peer.src_addr %} local-address {{ peer.src_addr }}{% endif %}{% if peer.src_if %} interface {{ peer.src_if }}{% endif %} -{% endfor -%} +{% endfor %} ! -{% for peer in new_peers -%} +{% for peer in new_peers %} peer {{ peer.remote }}{% if peer.multihop %} multihop{% endif %}{% if peer.src_addr %} local-address {{ peer.src_addr }}{% endif %}{% if peer.src_if %} interface {{ peer.src_if }}{% endif %} detect-multiplier {{ peer.multiplier }} receive-interval {{ peer.rx_interval }} @@ -12,5 +12,5 @@ bfd {% if peer.echo_mode %}echo-mode{% endif %} {% if peer.echo_interval != '' %}echo-interval {{ peer.echo_interval }}{% endif %} {% if not peer.shutdown %}no {% endif %}shutdown -{% endfor -%} +{% endfor %} ! diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl index d0857ac2c..86e1aa366 100644 --- a/data/templates/frr/bgp.frr.tmpl +++ b/data/templates/frr/bgp.frr.tmpl @@ -1,1016 +1,287 @@ -{% set conf_bgp = nbgp -%} -{% for asn in nbgp -%} -! -router bgp {{ asn }} - no bgp default ipv4-unicast - -{#- set 'conf_bgp[asn].parameters' as bgp_params #} -{%- set bgp_params = conf_bgp[asn].parameters %} -{%- set bgp_afi = conf_bgp[asn].address_family %} - -{#- START Global ASN address-family section; set protocol bgp xxx address-family #} -{%- if 'address_family' in conf_bgp[asn] %} -{%- for type in bgp_afi %} -{%- if type == "ipv4_unicast" %} +{### MACRO definition for recurring peer patter, this can be either fed by a ###} +{### peer-group or an individual BGP neighbor ###} +{% macro bgp_neighbor(neighbor, config, peer_group=false) %} +{% if peer_group == true %} + neighbor {{ neighbor }} peer-group +{% elif config.peer_group is defined and config.peer_group is not none %} + neighbor {{ neighbor }} peer-group {{ config.peer_group }} +{% endif %} +{% if config.remote_as is defined and config.remote_as is not none %} + neighbor {{ neighbor }} remote-as {{ config.remote_as }} +{% endif %} +{% if config.bfd is defined %} + neighbor {{ neighbor }} bfd +{% endif %} +{% if config.capability is defined and config.capability is not none %} +{% if config.capability.dynamic is defined %} + neighbor {{ neighbor }} capability dynamic +{% endif %} +{% if config.capability.extended_nexthop is defined %} + neighbor {{ neighbor }} capability extended-nexthop +{% endif %} +{% endif %} +{% if config.description is defined and config.description is not none %} + neighbor {{ neighbor }} description {{ config.description }} +{% endif %} +{% if config.disable_capability_negotiation is defined %} + neighbor {{ neighbor }} disable-capability-negotiation +{% endif %} +{% if config.ebgp_multihop is defined and config.ebgp_multihop is not none %} + neighbor {{ neighbor }} ebgp-multihop {{ config.ebgp_multihop }} +{% endif %} +{% if config.local_as is defined and config.local_as is not none %} +{% for local_asn in config.local_as %} + neighbor {{ neighbor }} local-as {{ local_asn }} {{ 'no-prepend' if config.local_as[local_asn].no_prepend is defined }} +{% endfor %} +{% endif %} +{% if config.override_capability is defined %} + neighbor {{ neighbor }} override-capability +{% endif %} +{% if config.passive is defined %} + neighbor {{ neighbor }} passive +{% endif %} +{% if config.password is defined and config.password is not none %} + neighbor {{ neighbor }} password {{ config.password }} +{% endif %} +{% if config.shutdown is defined %} + neighbor {{ neighbor }} shutdown +{% endif %} +{% if config.ttl_security is defined and config.ttl_security.hops is defined and config.ttl_security.hops is not none %} + neighbor {{ neighbor }} ttl-security hops {{ config.ttl_security.hops }} +{% endif %} +{% if config.update_source is defined and config.update_source is not none %} + neighbor {{ neighbor }} update-source {{ config.update_source }} +{% endif %} ! +{% if config.address_family is defined and config.address_family is not none %} +{% for af in config.address_family %} +{% if af == 'ipv4_unicast' %} address-family ipv4 unicast -{%- if 'aggregate_address' in bgp_afi[type] %} -{%- for ip in bgp_afi[type].aggregate_address %} -{%- if ( ('as_set' in bgp_afi[type].aggregate_address[ip]) and ('summary_only' in bgp_afi[type].aggregate_address[ip] ) ) %} - aggregate-address {{ ip }} as-set summary-only -{%- elif 'as_set' in bgp_afi[type].aggregate_address[ip] %} - aggregate-address {{ ip }} as-set -{%- elif 'summary_only' in bgp_afi[type].aggregate_address[ip] %} - aggregate-address {{ ip }} summary-only -{%- else %} - aggregate-address {{ ip }} -{%- endif %} -{%- endfor %} -{%- endif %} -{#- END aggregate address ipv4 #} - -{#- redistribute afi ipv4 #} -{%- if 'redistribute' in bgp_afi[type] %} -{%- for protocol in bgp_afi[type].redistribute %} -{%- if ( ('route_map' in bgp_afi[type].redistribute[protocol]) and ('metric' in bgp_afi[type].redistribute[protocol] ) ) %} - redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} route-map {{bgp_afi[type].redistribute[protocol].route_map}} -{%- elif 'metric' in bgp_afi[type].redistribute[protocol] %} - redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} -{%- elif 'route_map' in bgp_afi[type].redistribute[protocol] %} - redistribute {{protocol}} route-map {{bgp_afi[type].redistribute[protocol].route_map}} -{%- elif 'table' in bgp_afi[type].redistribute %} - redistribute table {{bgp_afi[type].redistribute.table}} -{%- else %} - redistribute {{protocol}} -{%- endif %} -{%- endfor %} -{%- endif %} -{#- END redistribute #} - -{%- if 'network' in bgp_afi[type] %} -{%- for net in bgp_afi[type].network %} - network {{ net }} -{%- endfor %} -{%- endif %} - exit-address-family - ! -{%- endif %} - -{%- if type == "ipv6_unicast" %} - ! +{% elif af == 'ipv6_unicast' %} address-family ipv6 unicast -{%- if 'aggregate_address' in bgp_afi[type] %} -{%- for ip in bgp_afi[type].aggregate_address %} -{%- if ( ('as_set' in bgp_afi[type].aggregate_address[ip]) and ('summary_only' in bgp_afi[type].aggregate_address[ip] ) ) %} - aggregate-address {{ ip }} as-set summary-only -{%- elif 'as_set' in bgp_afi[type].aggregate_address[ip] %} - aggregate-address {{ ip }} as-set -{%- elif 'summary_only' in bgp_afi[type].aggregate_address[ip] %} - aggregate-address {{ ip }} summary-only -{%- else %} - aggregate-address {{ ip }} -{%- endif %} -{%- endfor %} -{%- endif %} -{#- END aggregate address ipv6 #} - -{#- redistribute afi ipv6 #} -{%- if 'redistribute' in bgp_afi[type] %} -{%- for protocol in bgp_afi[type].redistribute %} -{%- if ( ('route_map' in bgp_afi[type].redistribute[protocol]) and ('metric' in bgp_afi[type].redistribute[protocol] ) ) %} - redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} route-map {{bgp_afi[type].redistribute[protocol].route_map}} -{%- elif 'metric' in bgp_afi[type].redistribute[protocol] %} - redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} -{%- elif 'route_map' in bgp_afi[type].redistribute[protocol] %} - redistribute {{protocol}} route-map {{bgp_afi[type].redistribute[protocol].route_map}} -{%- elif 'table' in bgp_afi[type].redistribute %} - redistribute table {{bgp_afi[type].redistribute.table}} -{%- else %} - redistribute {{protocol}} -{%- endif %} -{%- endfor %} -{%- endif %} -{#- END redistribute #} - -{%- if 'network' in bgp_afi[type] %} -{%- for net in bgp_afi[type].network %} - network {{ net }} -{%- endfor %} -{%- endif %} +{% endif %} +{% if config.address_family[af].allowas_in is defined and config.address_family[af].allowas_in is not none %} + neighbor {{ neighbor }} allowas-in {{ config.address_family[af].allowas_in.number if config.address_family[af].allowas_in.number is defined }} +{% endif %} +{% if config.address_family[af].remove_private_as is defined %} + neighbor {{ neighbor }} remove-private-AS +{% endif %} +{% if config.address_family[af].route_reflector_client is defined %} + neighbor {{ neighbor }} route-reflector-client +{% endif %} +{% if config.address_family[af].weight is defined and config.address_family[af].weight is not none %} + neighbor {{ neighbor }} weight {{ config.address_family[af].weight }} +{% endif %} +{% if config.address_family[af].attribute_unchanged is defined and config.address_family[af].attribute_unchanged is not none %} + neighbor {{ neighbor }} attribute-unchanged {{ 'as-path ' if config.address_family[af].attribute_unchanged.as_path is defined }}{{ 'med ' if config.address_family[af].attribute_unchanged.med is defined }}{{ 'next-hop ' if config.address_family[af].attribute_unchanged.next_hop is defined }} +{% endif %} +{% if config.address_family[af].capability is defined and config.address_family[af].capability.orf is defined and config.address_family[af].capability.orf.prefix_list is defined and config.address_family[af].capability.orf.prefix_list is not none %} + neighbor {{ neighbor }} capability orf prefix-list {{ config.address_family[af].capability.orf.prefix_list }} +{% endif %} +{% if config.address_family[af].default_originate is defined %} + neighbor {{ neighbor }} default-originate {{ 'route-map ' + config.address_family[af].default_originate.route_map if config.address_family[af].default_originate.route_map is defined }} +{% endif %} +{% if config.address_family[af].distribute_list is defined and config.address_family[af].distribute_list is not none %} +{% if config.address_family[af].distribute_list.export is defined and config.address_family[af].distribute_list.export is not none %} + neighbor {{ neighbor }} distribute-list {{ config.address_family[af].distribute_list.export }} out +{% elif config.address_family[af].distribute_list.import is defined and config.address_family[af].distribute_list.import is not none %} + neighbor {{ neighbor }} distribute-list {{ config.address_family[af].distribute_list.export }} in +{% endif %} +{% endif %} +{% if config.address_family[af].filter_list is defined and config.address_family[af].filter_list is not none %} +{% if config.address_family[af].filter_list.export is defined and config.address_family[af].filter_list.export is not none %} + neighbor {{ neighbor }} filter-list {{ config.address_family[af].filter_list.export }} out +{% elif config.address_family[af].filter_list.import is defined and config.address_family[af].filter_list.import is not none %} + neighbor {{ neighbor }} filter-list {{ config.address_family[af].filter_list.import }} in +{% endif %} +{% endif %} +{% if config.address_family[af].maximum_prefix is defined and config.address_family[af].maximum_prefix is not none %} + neighbor {{ neighbor }} maximum-prefix {{ config.address_family[af].maximum_prefix }} +{% endif %} +{% if config.address_family[af].nexthop_self is defined %} +{# https://phabricator.vyos.net/T1817 #} + neighbor {{ neighbor }} next-hop-self {{ 'force' if config.address_family[af].nexthop_self.force is defined }} +{% endif %} +{% if config.address_family[af].route_server_client is defined %} + neighbor {{ neighbor }} route-server-client +{% endif %} +{% if config.address_family[af].route_map is defined and config.address_family[af].route_map is not none %} +{% if config.address_family[af].route_map.export is defined and config.address_family[af].route_map.export is not none %} + neighbor {{ neighbor }} route-map {{ config.address_family[af].route_map.export }} out +{% elif config.address_family[af].route_map.import is defined and config.address_family[af].route_map.import is not none %} + neighbor {{ neighbor }} route-map {{ config.address_family[af].route_map.import }} in +{% endif %} +{% endif %} +{% if config.address_family[af].prefix_list is defined and config.address_family[af].prefix_list is not none %} +{% if config.address_family[af].prefix_list.export is defined and config.address_family[af].prefix_list.export is not none %} + neighbor {{ neighbor }} route-map {{ config.address_family[af].prefix_list.export }} out +{% elif config.address_family[af].prefix_list.import is defined and config.address_family[af].prefix_list.import is not none %} + neighbor {{ neighbor }} route-map {{ config.address_family[af].prefix_list.export }} in +{% endif %} +{% endif %} +{% if config.address_family[af].soft_reconfiguration is defined and config.address_family[af].soft_reconfiguration.inbound is defined %} + neighbor {{ neighbor }} soft-reconfiguration inbound +{% endif %} +{% if config.address_family[af].unsuppress_map is defined and config.address_family[af].unsuppress_map is not none %} + neighbor {{ neighbor }} unsuppress-map {{ config.address_family[af].unsuppress_map }} +{% endif %} + neighbor {{ neighbor }} activate exit-address-family + ! +{% endfor %} +{% endif %} +{% endmacro %} ! -{%- endif %} -{%- endfor %} -{%- endif %} -{#- END Global ASN address-family section; set protocols bgp 65001 address-family #} - -{#- set protocols nbgp xxxx maximum-paths ibgp x, Generated by default for afi_4 #} -{#- We don't have this parameter in afi_6. But this is supported in the FRR #} -{%- if 'maximum_paths' in conf_bgp[asn] %} -{%- if 'ebgp' in conf_bgp[asn].maximum_paths %} +router bgp {{ asn }} + no bgp default ipv4-unicast +{% if address_family is defined and address_family is not none %} +{% for af in address_family %} ! +{% if af == 'ipv4_unicast' %} address-family ipv4 unicast - maximum-paths {{ conf_bgp[asn].maximum_paths.ebgp }} +{% elif af == 'ipv6_unicast' %} + address-family ipv6 unicast +{% endif %} +{% if address_family[af].aggregate_address is defined and address_family[af].aggregate_address is not none %} +{% for ip in address_family[af].aggregate_address %} + aggregate-address {{ ip }}{{ ' as-set' if address_family[af].aggregate_address[ip].as_set is defined }}{{ ' summary-only' if address_family[af].aggregate_address[ip].summary_only is defined }} +{% endfor %} +{% endif %} +{% if address_family[af].redistribute is defined and address_family[af].redistribute is not none %} +{% for protocol in address_family[af].redistribute %} +{% if protocol == 'table' %} + redistribute table {{ address_family[af].redistribute[protocol].table }} +{% else %} + redistribute {{ protocol }}{% if address_family[af].redistribute[protocol].metric is defined %} metric {{ address_family[af].redistribute[protocol].metric }}{% endif %}{% if address_family[af].redistribute[protocol].route_map is defined %} route-map {{ address_family[af].redistribute[protocol].route_map }}{% endif %} +{####### we need this blank line!! #######} + +{% endif %} +{% endfor %} +{% endif %} +{% if address_family[af].network is defined and address_family[af].network is not none %} +{% for network in address_family[af].network %} + network {{ network }}{% if address_family[af].network[network].route_map is defined %} route-map {{ address_family[af].network[network].route_map }}{% endif %}{% if address_family[af].network[network].backdoor is defined %} backdoor{% endif %} +{####### we need this blank line!! #######} + +{% endfor %} +{% endif %} exit-address-family +{% endfor %} +{% endif %} ! -{%- endif %} -{%- if 'ibgp' in conf_bgp[asn].maximum_paths %} +{# set protocols bgp xxxx maximum-paths ibgp x, Generated by default for afi_4 #} +{# We don't have this parameter in afi_6. But this is supported in FRR #} +{% if maximum_paths is defined and maximum_paths is not none %} +{% if maximum_paths.ebgp is defined and maximum_paths.ebgp is not none %} ! address-family ipv4 unicast - maximum-paths ibgp {{ conf_bgp[asn].maximum_paths.ibgp }} + maximum-paths {{ maximum_paths.ebgp }} exit-address-family ! -{%- endif %} -{%- endif %} - -{#- START peer-group; set protocol bgp xxx peer-group #} -{%- if 'peer_group' in conf_bgp[asn] %} -{%- for pr_group in conf_bgp[asn].peer_group %} -{%- set conf_peer_group = conf_bgp[asn].peer_group[pr_group] %} - neighbor {{pr_group}} peer-group - -{#- First parameter for peer-group - remote-as #} -{%- if 'remote_as' in conf_peer_group %} - neighbor {{ pr_group }} remote-as {{ conf_peer_group.remote_as }} -{%- endif %} - -{%- if 'bfd' in conf_peer_group %} - neighbor {{ pr_group }} bfd -{%- endif %} - -{%- if 'capability' in conf_peer_group %} -{%- if 'dynamic' in conf_peer_group.capability %} - neighbor {{ pr_group }} capability dynamic -{%- endif %} -{%- if 'extended_nexthop' in conf_peer_group.capability %} - neighbor {{ pr_group }} capability extended-nexthop -{%- endif %} -{%- endif %} - -{%- if 'description' in conf_peer_group %} - neighbor {{ pr_group }} description {{ conf_peer_group.description }} -{%- endif %} - -{%- if 'disable_capability_negotiation' in conf_peer_group %} - neighbor {{ pr_group }} disable-capability-negotiation -{%- endif %} - -{#- https://phabricator.vyos.net/T2844. 'disable-send-community' only for afi #} -{%- if 'disable_send_community' in conf_peer_group %} - ! -{%- endif %} - -{%- if 'ebgp_multihop' in conf_peer_group %} - neighbor {{ pr_group }} ebgp-multihop {{conf_peer_group.ebgp_multihop}} -{%- endif %} - -{%- if 'local_as' in conf_peer_group %} -{%- for loc_asn in conf_peer_group.local_as %} -{%- if 'no_prepend' in conf_peer_group.local_as[loc_asn] %} - neighbor {{ pr_group }} local-as {{loc_asn}} no-prepend -{%- else %} - neighbor {{ pr_group }} local-as {{loc_asn}} -{%- endif %} -{%- endfor %} -{%- endif %} - -{%- if 'override_capability' in conf_peer_group %} - neighbor {{ pr_group }} override-capability -{%- endif %} - -{%- if 'passive' in conf_peer_group %} - neighbor {{ pr_group }} passive -{%- endif %} - -{%- if 'password' in conf_peer_group %} - neighbor {{ pr_group }} password {{ conf_peer_group.password }} -{%- endif %} - -{%- if 'shutdown' in conf_peer_group %} - neighbor {{ pr_group }} shutdown -{%- endif %} - -{%- if 'ttl_security' in conf_peer_group %} -{%- if 'hops' in conf_peer_group.ttl_security %} - neighbor {{ pr_group }} ttl-security hops {{conf_peer_group.ttl_security.hops}} -{%- endif %} -{%- endif %} - -{%- if 'update_source' in conf_peer_group %} - neighbor {{ pr_group }} update-source {{ conf_peer_group.update_source }} -{%- endif %} - -{#- START peer-group afi; set protocols bgp xxx peer-group FOO address-family #} -{%- if 'address_family' in conf_peer_group %} -{%- for afi in conf_peer_group.address_family %} -{%- if afi == "ipv4_unicast" %} +{% endif %} +{% if maximum_paths.ibgp is defined and maximum_paths.ibgp is not none %} ! address-family ipv4 unicast - -{%- if 'allowas_in' in conf_peer_group.address_family.ipv4_unicast %} -{%- if 'number' in conf_peer_group.address_family.ipv4_unicast.allowas_in %} - neighbor {{ pr_group }} allowas-in {{ conf_peer_group.address_family.ipv4_unicast.allowas_in.number }} -{%- else %} - neighbor {{ pr_group }} allowas-in -{%- endif %} -{%- endif %} - -{#- START Single Params for peer-group; set protocols bgp xxx peer-group FOO address-family ipv4-unicast #} - -{%- if 'remove_private_as' in conf_peer_group.address_family.ipv4_unicast %} - neighbor {{ pr_group }} remove-private-AS -{%- endif %} - -{%- if 'route_reflector_client' in conf_peer_group.address_family.ipv4_unicast %} - neighbor {{ pr_group }} route-reflector-client -{%- endif %} - -{%- if 'weight' in conf_peer_group.address_family.ipv4_unicast %} - neighbor {{ pr_group }} weight {{ conf_peer_group.address_family.ipv4_unicast.weight }} -{%- endif %} -{#- END single params for peer-group #} - -{%- if 'attribute_unchanged' in conf_peer_group.address_family.ipv4_unicast %} -{%- if ( ('as_path' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged) and ('med' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged) ) %} - neighbor {{ pr_group }} attribute-unchanged as-path med -{%- elif ( ('as_path' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged) and ('next_hop' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged) ) %} - neighbor {{ pr_group }} attribute-unchanged as-path next-hop -{%- elif ( ('med' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged) and ('next_hop' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged) ) %} - neighbor {{ pr_group }} attribute-unchanged med next-hop -{%- elif 'as_path' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged %} - neighbor {{ pr_group }} attribute-unchanged as-path -{%- elif 'med' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged %} - neighbor {{ pr_group }} attribute-unchanged med -{%- elif 'next_hop' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged %} - neighbor {{ pr_group }} attribute-unchanged next-hop -{%- else %} - neighbor {{ pr_group }} attribute-unchanged as-path next-hop med -{%- endif %} -{%- endif %} -{#- END attribute-unchanged #} - -{%- if 'capability' in conf_peer_group.address_family.ipv4_unicast %} -{%- if 'orf' in conf_peer_group.address_family.ipv4_unicast.capability %} -{%- if 'receive' in conf_peer_group.address_family.ipv4_unicast.capability.orf.prefix_list %} - neighbor {{ pr_group }} capability orf prefix-list receive -{%- endif %} -{%- if 'send' in conf_peer_group.address_family.ipv4_unicast.capability.orf.prefix_list %} - neighbor {{ pr_group }} capability orf prefix-list send -{%- endif %} -{%- endif %} -{%- endif %} - -{%- if 'default_originate' in conf_peer_group.address_family.ipv4_unicast %} -{%- if 'route_map' in conf_peer_group.address_family.ipv4_unicast.default_originate %} - neighbor {{ pr_group }} default-originate route-map {{ conf_peer_group.address_family.ipv4_unicast.default_originate.route_map }} -{%- else %} - neighbor {{ pr_group }} default-originate -{%- endif %} -{%- endif %} - -{%- if 'distribute_list' in conf_peer_group.address_family.ipv4_unicast %} -{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.distribute_list %} - neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv4_unicast.distribute_list.export}} out -{%- endif %} -{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.distribute_list %} - neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv4_unicast.distribute_list.import}} in -{%- endif %} -{%- endif %} - -{%- if 'filter_list' in conf_peer_group.address_family.ipv4_unicast %} -{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.filter_list %} - neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv4_unicast.filter_list.export}} out -{%- endif %} -{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.filter_list %} - neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv4_unicast.filter_list.import}} in -{%- endif %} -{%- endif %} - -{%- if 'maximum_prefix' in conf_peer_group.address_family.ipv4_unicast %} - neighbor {{ pr_group }} maximum-prefix {{ conf_peer_group.address_family.ipv4_unicast.maximum_prefix }} -{%- endif %} - -{#- https://phabricator.vyos.net/T1817 #} -{%- if 'nexthop_self' in conf_peer_group.address_family.ipv4_unicast %} -{%- if 'force' in conf_peer_group.address_family.ipv4_unicast.nexthop_self %} - neighbor {{ pr_group }} next-hop-self force - neighbor {{ pr_group }} next-hop-self -{%- else %} - neighbor {{ pr_group }} next-hop-self -{%- endif %} -{%- endif %} - -{%- if 'route_server_client' in conf_peer_group.address_family.ipv4_unicast %} - neighbor {{ pr_group }} route-server-client -{%- endif %} - -{%- if 'route_map' in conf_peer_group.address_family.ipv4_unicast %} -{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.route_map %} - neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv4_unicast.route_map.export}} out -{%- endif %} -{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.route_map %} - neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv4_unicast.route_map.import}} in -{%- endif %} -{%- endif %} -{%- if 'prefix_list' in conf_peer_group.address_family.ipv4_unicast %} -{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.prefix_list %} - neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv4_unicast.prefix_list.export}} out -{%- endif %} -{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.prefix_list %} - neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv4_unicast.prefix_list.import}} in -{%- endif %} -{%- endif %} - -{%- if 'soft_reconfiguration' in conf_peer_group.address_family.ipv4_unicast %} -{%- if 'inbound' is defined %} - neighbor {{ pr_group }} soft-reconfiguration inbound -{%- endif %} -{%- endif %} - -{%- if 'unsuppress_map' in conf_peer_group.address_family.ipv4_unicast %} - neighbor {{ pr_group }} unsuppress-map {{conf_peer_group.address_family.ipv4_unicast.unsuppress_map}} -{%- endif %} - neighbor {{ pr_group }} activate + maximum-paths ibgp {{ maximum_paths.ibgp }} exit-address-family ! -{%- endif %} - -{%- if afi == "ipv6_unicast" %} +{% endif %} +{% endif %} ! - address-family ipv6 unicast - -{%- if 'allowas_in' in conf_peer_group.address_family.ipv6_unicast %} -{%- if 'number' in conf_peer_group.address_family.ipv6_unicast.allowas_in %} - neighbor {{ pr_group }} allowas-in {{ conf_peer_group.address_family.ipv6_unicast.allowas_in.number }} -{%- else %} - neighbor {{ pr_group }} allowas-in -{%- endif %} -{%- endif %} - -{#- START Single Params for peer-group afi6; set protocols bgp xxx peer-group FOO address-family ipv6-unicast #} -{%- if 'remove_private_as' in conf_peer_group.address_family.ipv6_unicast %} - neighbor {{ pr_group }} remove-private-AS -{%- endif %} - -{%- if 'route_reflector_client' in conf_peer_group.address_family.ipv6_unicast %} - neighbor {{ pr_group }} route-reflector-client -{%- endif %} - -{%- if 'weight' in conf_peer_group.address_family.ipv6_unicast %} - neighbor {{ pr_group }} weight {{ conf_peer_group.address_family.ipv6_unicast.weight }} -{%- endif %} -{#- END single params for peer-group afi6 #} - -{%- if 'attribute_unchanged' in conf_peer_group.address_family.ipv6_unicast %} -{%- if ( ('as_path' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged) and ('med' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged) ) %} - neighbor {{ pr_group }} attribute-unchanged as-path med -{%- elif ( ('as_path' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged) and ('next_hop' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged) ) %} - neighbor {{ pr_group }} attribute-unchanged as-path next-hop -{%- elif ( ('med' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged) and ('next_hop' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged) ) %} - neighbor {{ pr_group }} attribute-unchanged med next-hop -{%- elif 'as_path' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged %} - neighbor {{ pr_group }} attribute-unchanged as-path -{%- elif 'med' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged %} - neighbor {{ pr_group }} attribute-unchanged med -{%- elif 'next_hop' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged %} - neighbor {{ pr_group }} attribute-unchanged next-hop -{%- else %} - neighbor {{ pr_group }} attribute-unchanged as-path next-hop med -{%- endif %} -{%- endif %} -{#- END attribute-unchanged ipv6 #} - -{%- if 'capability' in conf_peer_group.address_family.ipv6_unicast %} -{%- if 'dynamic' in conf_peer_group.address_family.ipv6_unicast.capability %} -{#- exit from afi ipv6 unicast because 'dynamic' its a global parameter for peer-group in afi6. Other checks are ongoing in afi6. Also related T3037 #} - exit-address-family - neighbor {{ pr_group }} capability dynamic - address-family ipv6 unicast -{%- endif %} -{%- if 'orf' in conf_peer_group.address_family.ipv6_unicast.capability %} -{%- if 'receive' in conf_peer_group.address_family.ipv6_unicast.capability.orf.prefix_list %} - neighbor {{ pr_group }} capability orf prefix-list receive -{%- endif %} -{%- if 'send' in conf_peer_group.address_family.ipv6_unicast.capability.orf.prefix_list %} - neighbor {{ pr_group }} capability orf prefix-list send -{%- endif %} -{%- endif %} -{%- endif %} - -{%- if 'default_originate' in conf_peer_group.address_family.ipv6_unicast %} -{%- if 'route_map' in conf_peer_group.address_family.ipv6_unicast.default_originate %} - neighbor {{ pr_group }} default-originate route-map {{ conf_peer_group.address_family.ipv6_unicast.default_originate.route_map }} -{%- else %} - neighbor {{ pr_group }} default-originate -{%- endif %} -{%- endif %} - -{%- if 'distribute_list' in conf_peer_group.address_family.ipv6_unicast %} -{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.distribute_list %} - neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv6_unicast.distribute_list.export}} out -{%- endif %} -{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.distribute_list %} - neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv6_unicast.distribute_list.import}} in -{%- endif %} -{%- endif %} - -{%- if 'filter_list' in conf_peer_group.address_family.ipv6_unicast %} -{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.filter_list %} - neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv6_unicast.filter_list.export}} out -{%- endif %} -{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.filter_list %} - neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv6_unicast.filter_list.import}} in -{%- endif %} -{%- endif %} - -{%- if 'maximum_prefix' in conf_peer_group.address_family.ipv6_unicast %} - neighbor {{ pr_group }} maximum-prefix {{ conf_peer_group.address_family.ipv6_unicast.maximum_prefix }} -{%- endif %} - -{#- https://phabricator.vyos.net/T1817 #} -{%- if 'nexthop_self' in conf_peer_group.address_family.ipv6_unicast %} -{%- if 'force' in conf_peer_group.address_family.ipv6_unicast.nexthop_self %} - neighbor {{ pr_group }} next-hop-self force - neighbor {{ pr_group }} next-hop-self -{%- else %} - neighbor {{ pr_group }} next-hop-self -{%- endif %} -{%- endif %} - -{%- if 'route_server_client' in conf_peer_group.address_family.ipv6_unicast %} - neighbor {{ pr_group }} route-server-client -{%- endif %} - -{%- if 'route_map' in conf_peer_group.address_family.ipv6_unicast %} -{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.route_map %} - neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv6_unicast.route_map.export}} out -{%- endif %} -{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.route_map %} - neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv6_unicast.route_map.import}} in -{%- endif %} -{%- endif %} -{%- if 'prefix_list' in conf_peer_group.address_family.ipv6_unicast %} -{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.prefix_list %} - neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv6_unicast.prefix_list.export}} out -{%- endif %} -{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.prefix_list %} - neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv6_unicast.prefix_list.import}} in -{%- endif %} -{%- endif %} - -{%- if 'soft_reconfiguration' in conf_peer_group.address_family.ipv6_unicast %} -{%- if 'inbound' is defined %} - neighbor {{ pr_group }} soft-reconfiguration inbound -{%- endif %} -{%- endif %} - -{%- if 'unsuppress_map' in conf_peer_group.address_family.ipv6_unicast %} - neighbor {{ pr_group }} unsuppress-map {{conf_peer_group.address_family.ipv6_unicast.unsuppress_map}} -{%- endif %} - neighbor {{ pr_group }} activate - exit-address-family +{% if peer_group is defined and peer_group is not none %} +{% for peer, config in peer_group.items() %} +{{ bgp_neighbor(peer, config, true) }} +{% endfor %} +{% endif %} ! -{%- endif %} - -{%- endfor %} -{%- endif %} -{#- END peer-group afi; set protocols bgp xxx peer-group FOO address-family #} - -{%- endfor %} -{%- endif %} -{#- END peer-group; set protocol bgp xxx peer-group #} - -{#- START peer section; set protocol bgp xxx neighbor #} -{%- for peer in conf_bgp[asn].neighbor %} -{#- set peer-group as conf_peer #} -{%- set conf_peer = conf_bgp[asn].neighbor[peer] %} - -{#- First parameter for peer neighbor - remote-as #} -{%- if 'remote_as' in conf_peer %} - neighbor {{ peer }} remote-as {{ conf_peer.remote_as }} -{%- endif %} - -{%- if 'advertisement_interval' in conf_peer %} - neighbor {{ peer }} advertisement-interval {{ conf_peer.advertisement_interval }} -{%- endif %} - -{%- if 'bfd' in conf_peer %} -{%- if 'check_control_plane_failure' in conf_peer.bfd %} - neighbor {{ peer }} bfd - neighbor {{ peer }} bfd check-control-plane-failure -{%- else %} - neighbor {{ peer }} bfd -{%- endif %} -{%- endif %} - -{%- if 'capability' in conf_peer %} -{%- if 'dynamic' in conf_peer.capability %} - neighbor {{ peer }} capability dynamic -{%- endif %} -{%- if 'extended_nexthop' in conf_peer.capability %} - neighbor {{ peer }} capability extended-nexthop -{%- endif %} -{%- endif %} - -{%- if 'disable_capability_negotiation' in conf_peer %} - neighbor {{ peer }} disable-capability-negotiation -{%- endif %} - -{#- https://phabricator.vyos.net/T2844. 'disable-send-community' only for afi #} -{%- if 'disable_send_community' in conf_peer %} +{% if neighbor is defined and neighbor is not none %} +{% for n, config in neighbor.items() %} +{{ bgp_neighbor(n, config) }} +{% endfor %} +{% endif %} ! -{%- endif %} - -{%- if 'ebgp_multihop' in conf_peer %} - neighbor {{ peer }} ebgp-multihop {{conf_peer.ebgp_multihop}} -{%- endif %} - -{#- Need to check. 'Peer-group' needs to define before this section #} -{%- if 'interface' in conf_peer %} -{%- if 'peer_group' in conf_peer.interface %} - neighbor {{ peer }} interface peer-group {{conf_peer.interface.peer_group}} -{%- endif %} -{%- if 'remote_as' in conf_peer.interface %} - neighbor {{ peer }} interface remote-as {{conf_peer.interface.remote_as}} -{%- endif %} -{%- if 'v6only' in conf_peer.interface %} -{%- if 'peer_group' in conf_peer.interface.v6only %} - neighbor {{ peer }} peer-group {{conf_peer.interface.peer_group}} -{%- endif %} -{%- if 'remote_as' in conf_peer.interface.v6only %} - neighbor {{ peer }} interface v6only remote-as {{conf_peer.interface.v6only.remote_as}} -{%- endif %} -{%- endif %} -{%- endif %} - -{%- if 'local_as' in conf_peer %} -{%- for loc_asn in conf_peer.local_as %} -{%- if 'no_prepend' in conf_peer.local_as[loc_asn] %} - neighbor {{ peer }} local-as {{loc_asn}} no-prepend -{%- else %} - neighbor {{ peer }} local-as {{loc_asn}} -{%- endif %} -{%- endfor %} -{%- endif %} - -{%- if 'override_capability' in conf_peer %} - neighbor {{ peer }} override-capability -{%- endif %} - -{%- if 'passive' in conf_peer %} - neighbor {{ peer }} passive -{%- endif %} - -{%- if 'password' in conf_peer %} - neighbor {{ peer }} password {{ conf_peer.password }} -{%- endif %} - -{%- if 'peer_group' in conf_peer %} - neighbor {{ peer }} peer-group {{ conf_peer.peer_group }} -{%- endif %} - -{%- if 'port' in conf_peer %} - neighbor {{ peer }} port {{ conf_peer.port }} -{%- endif %} - -{%- if 'shutdown' in conf_peer %} - neighbor {{ peer }} shutdown -{%- endif %} - -{%- if 'strict_capability_match' in conf_peer %} - neighbor {{ peer }} strict-capability-match -{%- endif %} - -{#- set protocols bgp xxx neighbor x.x.x.x timers #} -{%- if 'timers' in conf_peer %} -{%- if ( ('connect' in conf_peer.timers) and ('holdtime' in conf_peer.timers) and ('keepalive' in conf_peer.timers ) ) %} - neighbor {{ peer }} timers {{conf_peer.timers.keepalive}} {{conf_peer.timers.holdtime}} - neighbor {{ peer }} timers connect {{conf_peer.timers.connect}} -{%- elif ( ('holdtime' in conf_peer.timers) and ('keepalive' in conf_peer.timers ) ) %} - neighbor {{ peer }} timers {{conf_peer.timers.keepalive}} {{conf_peer.timers.holdtime}} -{%- elif 'connect' in conf_peer.timers %} - neighbor {{ peer }} timers connect {{conf_peer.timers.connect}} -{%- endif %} -{%- endif %} - -{%- if 'ttl_security' in conf_peer %} -{%- if 'hops' in conf_peer.ttl_security %} - neighbor {{ peer }} ttl-security hops {{conf_peer.ttl_security.hops}} -{%- endif %} -{%- endif %} - -{%- if 'update_source' in conf_peer %} - neighbor {{ peer }} update-source {{ conf_peer.update_source }} -{%- endif %} - -{%- if 'description' in conf_peer %} - neighbor {{ peer }} description {{ conf_peer.description }} -{%- endif %} - -{#- START address family for peer; set protocols bgp xxx neighbor x.x.x.x address-family ipvX-unicast #} -{%- if 'address_family' in conf_peer %} -{%- for afi in conf_peer.address_family %} -{%- if afi == "ipv4_unicast" %} - ! - address-family ipv4 unicast - -{%- if 'allowas_in' in conf_peer.address_family.ipv4_unicast %} -{%- if 'number' in conf_peer.address_family.ipv4_unicast.allowas_in %} - neighbor {{ peer }} allowas-in {{ conf_peer.address_family.ipv4_unicast.allowas_in.number }} -{%- else %} - neighbor {{ peer }} allowas-in -{%- endif %} -{%- endif %} - -{#- START Single Params for neighbor; #} -{%- if 'as_override' in conf_peer.address_family.ipv4_unicast %} - neighbor {{ peer }} as-override -{%- endif %} - -{%- if 'remove_private_as' in conf_peer.address_family.ipv4_unicast %} - neighbor {{ peer }} remove-private-AS -{%- endif %} - -{%- if 'route_reflector_client' in conf_peer.address_family.ipv4_unicast %} - neighbor {{ peer }} route-reflector-client -{%- endif %} - -{%- if 'weight' in conf_peer.address_family.ipv4_unicast %} - neighbor {{ peer }} weight {{ conf_peer.address_family.ipv4_unicast.weight }} -{%- endif %} -{#- END single params for neighbor #} - -{%- if 'attribute_unchanged' in conf_peer.address_family.ipv4_unicast %} -{%- if ( ('as_path' in conf_peer.address_family.ipv4_unicast.attribute_unchanged) and ('med' in conf_peer.address_family.ipv4_unicast.attribute_unchanged) ) %} - neighbor {{ peer }} attribute-unchanged as-path med -{%- elif ( ('as_path' in conf_peer.address_family.ipv4_unicast.attribute_unchanged) and ('next_hop' in conf_peer.address_family.ipv4_unicast.attribute_unchanged) ) %} - neighbor {{ peer }} attribute-unchanged as-path next-hop -{%- elif ( ('med' in conf_peer.address_family.ipv4_unicast.attribute_unchanged) and ('next_hop' in conf_peer.address_family.ipv4_unicast.attribute_unchanged) ) %} - neighbor {{ peer }} attribute-unchanged med next-hop -{%- elif 'as_path' in conf_peer.address_family.ipv4_unicast.attribute_unchanged %} - neighbor {{ peer }} attribute-unchanged as-path -{%- elif 'med' in conf_peer.address_family.ipv4_unicast.attribute_unchanged %} - neighbor {{ peer }} attribute-unchanged med -{%- elif 'next_hop' in conf_peer.address_family.ipv4_unicast.attribute_unchanged %} - neighbor {{ peer }} attribute-unchanged next-hop -{%- else %} - neighbor {{ peer }} attribute-unchanged as-path next-hop med -{%- endif %} -{%- endif %} -{#- END attribute-unchanged #} - -{%- if 'capability' in conf_peer.address_family.ipv4_unicast %} -{%- if 'orf' in conf_peer.address_family.ipv4_unicast.capability %} -{%- if 'receive' in conf_peer.address_family.ipv4_unicast.capability.orf.prefix_list %} - neighbor {{ peer }} capability orf prefix-list receive -{%- endif %} -{%- if 'send' in conf_peer.address_family.ipv4_unicast.capability.orf.prefix_list %} - neighbor {{ peer }} capability orf prefix-list send -{%- endif %} -{%- endif %} -{%- endif %} - -{%- if 'default_originate' in conf_peer.address_family.ipv4_unicast %} -{%- if 'route_map' in conf_peer.address_family.ipv4_unicast.default_originate %} - neighbor {{ peer }} default-originate route-map {{ conf_peer.address_family.ipv4_unicast.default_originate.route_map }} -{%- else %} - neighbor {{ peer }} default-originate -{%- endif %} -{%- endif %} - -{%- if 'distribute_list' in conf_peer.address_family.ipv4_unicast %} -{%- if 'export' in conf_peer.address_family.ipv4_unicast.distribute_list %} - neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv4_unicast.distribute_list.export}} out -{%- endif %} -{%- if 'import' in conf_peer.address_family.ipv4_unicast.distribute_list %} - neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv4_unicast.distribute_list.import}} in -{%- endif %} -{%- endif %} - -{%- if 'filter_list' in conf_peer.address_family.ipv4_unicast %} -{%- if 'export' in conf_peer.address_family.ipv4_unicast.filter_list %} - neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv4_unicast.filter_list.export}} out -{%- endif %} -{%- if 'import' in conf_peer.address_family.ipv4_unicast.filter_list %} - neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv4_unicast.filter_list.import}} in -{%- endif %} -{%- endif %} - -{%- if 'maximum_prefix' in conf_peer.address_family.ipv4_unicast %} - neighbor {{ peer }} maximum-prefix {{ conf_peer.address_family.ipv4_unicast.maximum_prefix }} -{%- endif %} - -{#- https://phabricator.vyos.net/T1817 #} -{%- if 'nexthop_self' in conf_peer.address_family.ipv4_unicast %} -{%- if 'force' in conf_peer.address_family.ipv4_unicast.nexthop_self %} - neighbor {{ peer }} next-hop-self force - neighbor {{ peer }} next-hop-self -{%- else %} - neighbor {{ peer }} next-hop-self -{%- endif %} -{%- endif %} - -{%- if 'route_server_client' in conf_peer.address_family.ipv4_unicast %} - neighbor {{ peer }} route-server-client -{%- endif %} - -{%- if 'route_map' in conf_peer.address_family.ipv4_unicast %} -{%- if 'export' in conf_peer.address_family.ipv4_unicast.route_map %} - neighbor {{ peer }} route-map {{conf_peer.address_family.ipv4_unicast.route_map.export}} out -{%- endif %} -{%- if 'import' in conf_peer.address_family.ipv4_unicast.route_map %} - neighbor {{ peer }} route-map {{conf_peer.address_family.ipv4_unicast.route_map.import}} in -{%- endif %} -{%- endif %} -{%- if 'prefix_list' in conf_peer.address_family.ipv4_unicast %} -{%- if 'export' in conf_peer.address_family.ipv4_unicast.prefix_list %} - neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv4_unicast.prefix_list.export}} out -{%- endif %} -{%- if 'import' in conf_peer.address_family.ipv4_unicast.prefix_list %} - neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv4_unicast.prefix_list.import}} in -{%- endif %} -{%- endif %} - -{%- if 'soft_reconfiguration' in conf_peer.address_family.ipv4_unicast %} -{%- if 'inbound' is defined %} - neighbor {{ peer }} soft-reconfiguration inbound -{%- endif %} -{%- endif %} - -{%- if 'unsuppress_map' in conf_peer.address_family.ipv4_unicast %} - neighbor {{ peer }} unsuppress-map {{conf_peer.address_family.ipv4_unicast.unsuppress_map}} -{%- endif %} - neighbor {{ peer }} activate - exit-address-family - ! -{%- endif %} - -{%- if afi == "ipv6_unicast" %} - ! - address-family ipv6 unicast - -{%- if 'allowas_in' in conf_peer.address_family.ipv6_unicast %} -{%- if 'number' in conf_peer.address_family.ipv6_unicast.allowas_in %} - neighbor {{ peer }} allowas-in {{ conf_peer.address_family.ipv6_unicast.allowas_in.number }} -{%- else %} - neighbor {{ peer }} allowas-in -{%- endif %} -{%- endif %} - -{#- START Single Params for neighbor #} -{%- if 'as_override' in conf_peer.address_family.ipv6_unicast %} - neighbor {{ peer }} as-override -{%- endif %} - -{%- if 'remove_private_as' in conf_peer.address_family.ipv6_unicast %} - neighbor {{ peer }} remove-private-AS -{%- endif %} - -{%- if 'route_reflector_client' in conf_peer.address_family.ipv6_unicast %} - neighbor {{ peer }} route-reflector-client -{%- endif %} - -{%- if 'weight' in conf_peer.address_family.ipv6_unicast %} - neighbor {{ peer }} weight {{ conf_peer.address_family.ipv6_unicast.weight }} -{%- endif %} -{#- END single params for neighbor #} - -{%- if 'attribute_unchanged' in conf_peer.address_family.ipv6_unicast %} -{%- if ( ('as_path' in conf_peer.address_family.ipv6_unicast.attribute_unchanged) and ('med' in conf_peer.address_family.ipv6_unicast.attribute_unchanged) ) %} - neighbor {{ peer }} attribute-unchanged as-path med -{%- elif ( ('as_path' in conf_peer.address_family.ipv6_unicast.attribute_unchanged) and ('next_hop' in conf_peer.address_family.ipv6_unicast.attribute_unchanged) ) %} - neighbor {{ peer }} attribute-unchanged as-path next-hop -{%- elif ( ('med' in conf_peer.address_family.ipv6_unicast.attribute_unchanged) and ('next_hop' in conf_peer.address_family.ipv6_unicast.attribute_unchanged) ) %} - neighbor {{ peer }} attribute-unchanged med next-hop -{%- elif 'as_path' in conf_peer.address_family.ipv6_unicast.attribute_unchanged %} - neighbor {{ peer }} attribute-unchanged as-path -{%- elif 'med' in conf_peer.address_family.ipv6_unicast.attribute_unchanged %} - neighbor {{ peer }} attribute-unchanged med -{%- elif 'next_hop' in conf_peer.address_family.ipv6_unicast.attribute_unchanged %} - neighbor {{ peer }} attribute-unchanged next-hop -{%- else %} - neighbor {{ peer }} attribute-unchanged as-path next-hop med -{%- endif %} -{%- endif %} -{#- END attribute-unchanged #} - -{%- if 'capability' in conf_peer.address_family.ipv6_unicast %} -{%- if 'orf' in conf_peer.address_family.ipv6_unicast.capability %} -{%- if 'receive' in conf_peer.address_family.ipv6_unicast.capability.orf.prefix_list %} - neighbor {{ peer }} capability orf prefix-list receive -{%- endif %} -{%- if 'send' in conf_peer.address_family.ipv6_unicast.capability.orf.prefix_list %} - neighbor {{ peer }} capability orf prefix-list send -{%- endif %} -{%- endif %} -{%- endif %} - -{%- if 'default_originate' in conf_peer.address_family.ipv6_unicast %} -{%- if 'route_map' in conf_peer.address_family.ipv6_unicast.default_originate %} - neighbor {{ peer }} default-originate route-map {{ conf_peer.address_family.ipv6_unicast.default_originate.route_map }} -{%- else %} - neighbor {{ peer }} default-originate -{%- endif %} -{%- endif %} - -{%- if 'distribute_list' in conf_peer.address_family.ipv6_unicast %} -{%- if 'export' in conf_peer.address_family.ipv6_unicast.distribute_list %} - neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv6_unicast.distribute_list.export}} out -{%- endif %} -{%- if 'import' in conf_peer.address_family.ipv6_unicast.distribute_list %} - neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv6_unicast.distribute_list.import}} in -{%- endif %} -{%- endif %} - -{%- if 'filter_list' in conf_peer.address_family.ipv6_unicast %} -{%- if 'export' in conf_peer.address_family.ipv6_unicast.filter_list %} - neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv6_unicast.filter_list.export}} out -{%- endif %} -{%- if 'import' in conf_peer.address_family.ipv6_unicast.filter_list %} - neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv6_unicast.filter_list.import}} in -{%- endif %} -{%- endif %} - -{%- if 'maximum_prefix' in conf_peer.address_family.ipv6_unicast %} - neighbor {{ peer }} maximum-prefix {{ conf_peer.address_family.ipv6_unicast.maximum_prefix }} -{%- endif %} - -{#- https://phabricator.vyos.net/T1817 #} -{%- if 'nexthop_self' in conf_peer.address_family.ipv6_unicast %} -{%- if 'force' in conf_peer.address_family.ipv6_unicast.nexthop_self %} - neighbor {{ peer }} next-hop-self force - neighbor {{ peer }} next-hop-self -{%- else %} - neighbor {{ peer }} next-hop-self -{%- endif %} -{%- endif %} - -{%- if 'route_server_client' in conf_peer.address_family.ipv6_unicast %} - neighbor {{ peer }} route-server-client -{%- endif %} - -{%- if 'route_map' in conf_peer.address_family.ipv6_unicast %} -{%- if 'export' in conf_peer.address_family.ipv6_unicast.route_map %} - neighbor {{ peer }} route-map {{conf_peer.address_family.ipv6_unicast.route_map.export}} out -{%- endif %} -{%- if 'import' in conf_peer.address_family.ipv6_unicast.route_map %} - neighbor {{ peer }} route-map {{conf_peer.address_family.ipv6_unicast.route_map.import}} in -{%- endif %} -{%- endif %} -{%- if 'prefix_list' in conf_peer.address_family.ipv6_unicast %} -{%- if 'export' in conf_peer.address_family.ipv6_unicast.prefix_list %} - neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv6_unicast.prefix_list.export}} out -{%- endif %} -{%- if 'import' in conf_peer.address_family.ipv6_unicast.prefix_list %} - neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv6_unicast.prefix_list.import}} in -{%- endif %} -{%- endif %} - -{%- if 'soft_reconfiguration' in conf_peer.address_family.ipv6_unicast %} -{%- if 'inbound' is defined %} - neighbor {{ peer }} soft-reconfiguration inbound -{%- endif %} -{%- endif %} - -{%- if 'unsuppress_map' in conf_peer.address_family.ipv6_unicast %} - neighbor {{ peer }} unsuppress-map {{conf_peer.address_family.ipv6_unicast.unsuppress_map}} -{%- endif %} - neighbor {{ peer }} activate - exit-address-family - ! -{%- endif %} - -{%- endfor %} -{%- endif %} -{#- END address family for peer #} - -{%- endfor %} -{#- END peer section; set protocols bgp xxx neighbor #} - -{#- START parameters section; set protocol bgp xxx parameters #} -{%- if 'always_compare_med' in bgp_params %} +{% if parameters is defined %} +{% if parameters.always_compare_med is defined %} bgp always-compare-med -{%- endif %} - -{%- if 'bestpath' in bgp_params %} -{%- if 'compare_routerid' in bgp_params.bestpath %} +{% endif %} +{% if parameters.bestpath is defined and parameters.bestpath is not none %} +{% if parameters.bestpath.compare_routerid is defined %} bgp bestpath compare-routerid -{%- endif %} -{%- if 'as_path' in bgp_params.bestpath %} -{%- if 'confed' in bgp_params.bestpath.as_path %} - bgp bestpath as-path confed -{%- endif %} -{%- if 'ignore' in bgp_params.bestpath.as_path %} - bgp bestpath as-path ignore -{%- endif %} -{%- if 'multipath_relax' in bgp_params.bestpath.as_path %} - bgp bestpath as-path multipath-relax -{%- endif %} -{%- endif %} -{%- if 'med' in bgp_params.bestpath %} -{%- if ( ('confed' in bgp_params.bestpath.med) and ('missing_as_worst' in bgp_params.bestpath.med ) ) %} - bgp bestpath med confed missing-as-worst -{%- elif 'confed' in bgp_params.bestpath.med %} - bgp bestpath med confed -{%- elif 'missing_as_worst' in bgp_params.bestpath.med %} - bgp bestpath med missing-as-worst -{%- endif%} -{%- endif %} -{%- endif %} - -{%- if 'cluster_id' in bgp_params %} - bgp cluster-id {{ bgp_params.cluster_id }} -{%- endif %} - -{%- if 'confederation' in bgp_params %} -{%- if 'identifier' in bgp_params.confederation %} - bgp confederation identifier {{ bgp_params.confederation.identifier }} -{%- endif %} -{%- if 'peers' in bgp_params.confederation %} - bgp confederation peers {{ bgp_params.confederation.peers }} -{%- endif %} -{%- endif %} - -{#- Doesn't work in current FRR configuration; vtysh (bgp dampening 16 751 2001 61) #} -{%- if 'dampening' in bgp_params %} -{%- if ( ('half_life' in bgp_params.dampening) and ('max_suppress_time' in bgp_params.dampening) and ('re_use' in bgp_params.dampening) and ('start_suppress_time' in bgp_params.dampening ) ) %} - bgp dampening {{ bgp_params.dampening.half_life }} {{ bgp_params.dampening.re_use }} {{ bgp_params.dampening.start_suppress_time }} {{ bgp_params.dampening.max_suppress_time }} -{%- endif %} -{%- endif %} - -{%- if 'default' in bgp_params %} -{%- if 'local_pref' in bgp_params.default %} - bgp default local-preference {{ bgp_params.default.local_pref }} -{%- endif %} -{#- We use this is parameter as default in template (5-th string) #} -{%- if 'no_ipv4_unicast' in bgp_params.default %} +{% endif %} +{% if parameters.bestpath.as_path is defined and parameters.bestpath.as_path is not none %} +{% for option in parameters.bestpath.as_path %} + bgp bestpath as-path {{ option|replace('_', '-') }} +{% endfor %} +{% endif %} +{% if parameters.bestpath.med is defined and parameters.bestpath.med is not none %} + bgp bestpath med {{ 'confed' if parameters.bestpath.med.confed is defined }} {{ 'missing-as-worst' if parameters.bestpath.med.missing_as_worst is defined }} +{% endif %} +{% endif %} +{% if parameters.cluster_id is defined and parameters.cluster_id is not none %} + bgp cluster-id {{ parameters.cluster_id }} +{% endif %} +{% if parameters.confederation is defined and parameters.confederation is not none %} +{% if parameters.confederation.identifier is defined and parameters.confederation.identifier is not none %} + bgp confederation identifier {{ parameters.confederation.identifier }} +{% endif %} +{% if parameters.confederation.peers is defined and parameters.confederation.peers is not none %} + bgp confederation peers {{ parameters.confederation.peers }} +{% endif %} +{% endif %} +{% if parameters.dampening is defined and parameters.dampening is defined and parameters.dampening.half_life is defined and parameters.dampening.half_life is not none %} +{# Doesn't work in current FRR configuration; vtysh (bgp dampening 16 751 2001 61) #} + bgp dampening {{ parameters.dampening.half_life }} {{ parameters.dampening.re_use if parameters.dampening.re_use is defined }} {{ parameters.dampening.start_suppress_time if parameters.dampening.start_suppress_time is defined }} {{ parameters.dampening.max_suppress_time if parameters.dampening.max_suppress_time is defined }} +{% endif %} +{% if parameters.default is defined and parameters.default is not none %} +{% if parameters.default.local_pref is defined and parameters.default.local_pref is not none %} + bgp default local-preference {{ parameters.default.local_pref }} +{% endif %} +{% if parameters.default.no_ipv4_unicast is defined %} +{# We use this is parameter as default in template (5-th string) #} no bgp default ipv4-unicast -{%- endif %} -{%- endif %} - -{%- if 'deterministic_med' in bgp_params %} - bgp deterministic-med -{%- endif %} - -{%- if 'distance' in bgp_params %} -{%- if 'global' in bgp_params.distance %} -{%- if ( ('external' in bgp_params.distance.global) and ('internal' in bgp_params.distance.global) and ('local' in bgp_params.distance.global ) ) %} +{% endif %} +{% endif %} +{% if parameters.deterministic_med is defined %} + bgp deterministic-med +{% endif %} +{% if parameters.distance is defined and parameters.distance is not none %} ! address-family ipv4 unicast - distance bgp {{ bgp_params.distance.global.external }} {{ bgp_params.distance.global.internal }} {{ bgp_params.distance.global.local }} +{% if parameters.distance.global is defined and parameters.distance.global.external is defined and parameters.distance.global.internal is defined and parameters.distance.global.local is defined %} + distance bgp {{ parameters.distance.global.external }} {{ parameters.distance.global.internal }} {{ parameters.distance.global.local }} +{% endif %} +{% if parameters.distance.prefix is defined and parameters.distance.prefix is not none %} +{% for prefix in parameters.distance.prefix %} + distance {{ parameters.distance.prefix[prefix].distance }} {{ prefix }} +{% endfor %} +{% endif %} exit-address-family -! -{%- endif %} -{%- endif %} -{%- if 'prefix' in bgp_params.distance %} ! - address-family ipv4 unicast -{%- for prfx in bgp_params.distance.prefix %} - distance {{ bgp_params.distance.prefix[prfx].distance }} {{ prfx }} -{%- endfor %} - exit-address-family -! -{%- endif %} -{%- endif %} - -{%- if 'graceful_restart' in bgp_params %} -{%- if 'stalepath_time' in bgp_params.graceful_restart %} - bgp graceful-restart stalepath-time {{ bgp_params.graceful_restart.stalepath_time }} -{%- endif %} -{%- endif %} - -{%- if 'log_neighbor_changes' in bgp_params %} +{% endif %} +{% if parameters.graceful_restart is defined %} + bgp graceful-restart {{ 'stalepath-time ' + parameters.graceful_restart.stalepath_time if parameters.graceful_restart.stalepath_time is defined }} +{% endif %} +{% if parameters.log_neighbor_changes is defined %} bgp log-neighbor-changes -{%- endif %} - -{%- if 'network_import_check' in bgp_params %} - bgp network import-check -{%- endif %} - -{%- if 'no_client_to_client_reflection' in bgp_params %} +{% endif %} +{% if parameters.network_import_check is defined %} + bgp network import-check +{% endif %} +{% if parameters.no_client_to_client_reflection is defined %} no bgp client-to-client reflection -{%- endif %} - -{%- if 'no_fast_external_failover' in bgp_params %} +{% endif %} +{% if parameters.no_fast_external_failover is defined %} no bgp fast-external-failover -{%- endif %} - -{%- if 'router_id' in bgp_params %} - bgp router-id {{ bgp_params.router_id }} -{%- endif %} - -{#- END parameters; set protocols bgp xxx parameters #} - -{%- if 'timers' in conf_bgp[asn] %} -{%- if ( ('holdtime' in conf_bgp[asn].timers) and ('keepalive' in conf_bgp[asn].timers ) ) %} - timers bgp {{conf_bgp[asn].timers.keepalive}} {{conf_bgp[asn].timers.holdtime}} -{%- endif %} -{%- endif %} - -{%- if 'route_map' in conf_bgp[asn] %} -! -ip protocol bgp route-map {{conf_bgp[asn].route_map}} -{%- endif %} -! -{%- endfor -%} -{#- END asn; router bgp xxx #} +{% endif %} +{% if parameters.router_id is defined and parameters.router_id is not none %} + bgp router-id {{ parameters.router_id }} +{% endif %} +{% endif %} +{% if timers is defined and timers.keepalive is defined and timers.holdtime is defined %} + timers bgp {{ timers.keepalive }} {{ timers.holdtime }} +{% endif %} + ! +{% if route_map is defined and route_map is not none %} + ip protocol bgp route-map {{ route_map }} +{% endif %} + ! diff --git a/data/templates/frr/igmp.frr.tmpl b/data/templates/frr/igmp.frr.tmpl index de4696c1f..cdb7ee6cc 100644 --- a/data/templates/frr/igmp.frr.tmpl +++ b/data/templates/frr/igmp.frr.tmpl @@ -1,41 +1,41 @@ ! -{% for iface in old_ifaces -%} +{% for iface in old_ifaces %} interface {{ iface }} -{% for group in old_ifaces[iface].gr_join -%} -{% if old_ifaces[iface].gr_join[group] -%} -{% for source in old_ifaces[iface].gr_join[group] -%} +{% for group in old_ifaces[iface].gr_join %} +{% if old_ifaces[iface].gr_join[group] %} +{% for source in old_ifaces[iface].gr_join[group] %} no ip igmp join {{ group }} {{ source }} -{% endfor -%} -{% else -%} +{% endfor %} +{% else %} no ip igmp join {{ group }} -{% endif -%} -{% endfor -%} +{% endif %} +{% endfor %} no ip igmp ! -{% endfor -%} -{% for iface in ifaces -%} +{% endfor %} +{% for iface in ifaces %} interface {{ iface }} -{% if ifaces[iface].version -%} +{% if ifaces[iface].version %} ip igmp version {{ ifaces[iface].version }} -{% else -%} +{% else %} {# IGMP default version 3 #} ip igmp -{% endif -%} -{% if ifaces[iface].query_interval -%} +{% endif %} +{% if ifaces[iface].query_interval %} ip igmp query-interval {{ ifaces[iface].query_interval }} -{% endif -%} -{% if ifaces[iface].query_max_resp_time -%} +{% endif %} +{% if ifaces[iface].query_max_resp_time %} ip igmp query-max-response-time {{ ifaces[iface].query_max_resp_time }} -{% endif -%} -{% for group in ifaces[iface].gr_join -%} -{% if ifaces[iface].gr_join[group] -%} -{% for source in ifaces[iface].gr_join[group] -%} +{% endif %} +{% for group in ifaces[iface].gr_join %} +{% if ifaces[iface].gr_join[group] %} +{% for source in ifaces[iface].gr_join[group] %} ip igmp join {{ group }} {{ source }} -{% endfor -%} -{% else -%} +{% endfor %} +{% else %} ip igmp join {{ group }} -{% endif -%} -{% endfor -%} +{% endif %} +{% endfor %} ! -{% endfor -%} +{% endfor %} ! diff --git a/data/templates/frr/ldpd.frr.tmpl b/data/templates/frr/ldpd.frr.tmpl index 4b7e5c5ea..280df41eb 100644 --- a/data/templates/frr/ldpd.frr.tmpl +++ b/data/templates/frr/ldpd.frr.tmpl @@ -1,187 +1,120 @@ ! -{% if mpls_ldp -%} +{% if ldp is defined %} mpls ldp -{% if old_router_id -%} -no router-id {{ old_router_id }} -{% endif -%} -{% if router_id -%} -router-id {{ router_id }} -{% endif -%} -{% if old_ldp.cisco_interop_tlv -%} -no dual-stack cisco-interop -{% endif -%} -{% if ldp.cisco_interop_tlv -%} +{% if ldp.router_id is defined %} +router-id {{ ldp.router_id }} +{% endif %} +{% if ldp.parameters is defined %} +{% if ldp.parameters.cisco_interop_tlv is defined %} dual-stack cisco-interop -{% endif -%} -{% if old_ldp.transport_prefer_ipv4 -%} -no dual-stack transport-connection prefer ipv4 -{% endif -%} -{% if ldp.transport_prefer_ipv4 -%} +{% endif %} +{% if ldp.parameters.transport_prefer_ipv4 is defined%} dual-stack transport-connection prefer ipv4 -{% endif -%} -{% for neighbor_id in old_ldp.neighbors -%} -no neighbor {{neighbor_id}} password {{old_ldp.neighbors[neighbor_id].password}} -{% if 'ttl_security' is defined -%} -{% if 'disable' in old_ldp.neighbors[neighbor_id].ttl_security %} -no neighbor {{neighbor_id}} ttl-security disable -{% else -%} -no neighbor {{neighbor_id}} ttl-security hops {{old_ldp.neighbors[neighbor_id].ttl_security}} -{% endif -%} -{% endif -%} -{% if 'session_holdtime' is defined -%} -no neighbor {{neighbor_id}} session holdtime {{old_ldp.neighbors[neighbor_id].session_holdtime}} -{% endif -%} -{% endfor -%} -{% for neighbor_id in ldp.neighbors -%} -neighbor {{neighbor_id}} password {{ldp.neighbors[neighbor_id].password}} -{% if 'ttl_security' is defined -%} -{% if 'disable' in ldp.neighbors[neighbor_id].ttl_security %} -neighbor {{neighbor_id}} ttl-security disable -{% else -%} -neighbor {{neighbor_id}} ttl-security hops {{ldp.neighbors[neighbor_id].ttl_security}} -{% endif -%} -{% endif -%} -{% if 'session_holdtime' is defined -%} -neighbor {{neighbor_id}} session holdtime {{ldp.neighbors[neighbor_id].session_holdtime}} -{% endif -%} -{% endfor -%} +{% endif %} +{% endif %} +{% if ldp.neighbor is defined %} +{% for neighbors in ldp.neighbor %} +{% if ldp.neighbor[neighbors].password is defined %} +neighbor {{neighbors}} password {{ldp.neighbor[neighbors].password}} +{% endif %} +{% if ldp.neighbor[neighbors].ttl_security is defined %} +{% if 'disable' in ldp.neighbor[neighbors].ttl_security %} +neighbor {{neighbors}} ttl-security disable +{% else %} +neighbor {{neighbors}} ttl-security hops {{ldp.neighbor[neighbors].ttl_security}} +{% endif %} +{% endif %} +{% if ldp.neighbor[neighbors].session_holdtime is defined %} +neighbor {{neighbors}} session holdtime {{ldp.neighbor[neighbors].session_holdtime}} +{% endif %} +{% endfor %} +{% endif %} ! +{% if ldp.discovery is defined %} +{% if ldp.discovery.transport_ipv4_address is defined %} address-family ipv4 label local allocate host-routes -{% if old_ldp.export_ipv4_exp -%} -no label local advertise explicit-null -{% endif -%} -{% if ldp.export_ipv4_exp -%} +{% if ldp.discovery.transport_ipv4_address is defined %} +discovery transport-address {{ ldp.discovery.transport_ipv4_address }} +{% endif %} +{% if ldp.discovery.hello_ipv4_holdtime is defined %} +discovery hello holdtime {{ ldp.discovery.hello_ipv4_holdtime }} +{% endif %} +{% if ldp.discovery.hello_ipv4_interval is defined %} +discovery hello interval {{ ldp.discovery.hello_ipv4_interval }} +{% endif %} +{% if ldp.discovery.session_ipv4_holdtime is defined %} +session holdtime {{ ldp.discovery.session_ipv4_holdtime }} +{% endif %} +{% if ldp.export is defined %} +{% if ldp.export.ipv4.explicit_null is defined %} label local advertise explicit-null -{% endif -%} -{% if old_ldp.d_transp_ipv4 -%} -no discovery transport-address {{ old_ldp.d_transp_ipv4 }} -{% endif -%} -{% if ldp.d_transp_ipv4 -%} -discovery transport-address {{ ldp.d_transp_ipv4 }} -{% endif -%} -{% if old_ldp.hello_ipv4_holdtime -%} -no discovery hello holdtime {{ old_ldp.hello_ipv4_holdtime }} -{% endif -%} -{% if ldp.hello_ipv4_holdtime -%} -discovery hello holdtime {{ ldp.hello_ipv4_holdtime }} -{% endif -%} -{% if old_ldp.hello_ipv4_interval -%} -no discovery hello interval {{ old_ldp.hello_ipv4_interval }} -{% endif -%} -{% if ldp.hello_ipv4_interval -%} -discovery hello interval {{ ldp.hello_ipv4_interval }} -{% endif -%} -{% if old_ldp.ses_ipv4_hold -%} -no session holdtime {{ old_ldp.ses_ipv4_hold }} -{% endif -%} -{% if ldp.ses_ipv4_hold -%} -session holdtime {{ ldp.ses_ipv4_hold }} -{% endif -%} -{% if old_ldp.target_ipv4_enable -%} -no discovery targeted-hello accept -{% endif -%} -{% if ldp.target_ipv4_enable -%} +{% endif %} +{% endif %} +{% if ldp.targeted_neighbor is defined %} +{% if ldp.targeted_neighbor.ipv4.enable is defined %} discovery targeted-hello accept -{% endif -%} -{% if old_ldp.target_ipv4_hello_int -%} -no discovery targeted-hello interval {{ old_ldp.target_ipv4_hello_int }} -{% endif -%} -{% if ldp.target_ipv4_hello_int -%} -discovery targeted-hello interval {{ ldp.target_ipv4_hello_int }} -{% endif -%} -{% if old_ldp.target_ipv4_hello_hold -%} -no discovery targeted-hello holdtime {{ old_ldp.target_ipv4_hello_hold }} -{% endif -%} -{% if ldp.target_ipv4_hello_hold -%} -discovery targeted-hello holdtime {{ ldp.target_ipv4_hello_hold }} -{% endif -%} -{% for address in old_ldp.target_ipv4_addresses -%} -no neighbor {{address}} targeted -{% endfor -%} -{% for address in ldp.target_ipv4_addresses -%} -neighbor {{address}} targeted -{% endfor -%} -{% for interface in old_ldp.interfaces -%} -no interface {{interface}} -{% endfor -%} -{% for interface in ldp.interfaces -%} -interface {{interface}} -{% endfor -%} -! -! +{% endif %} +{% if ldp.targeted_neighbor.ipv4.hello_holdtime is defined %} +discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv4.hello_holdtime }} +{% endif %} +{% if ldp.targeted_neighbor.ipv4.hello_interval is defined %} +discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv4.hello_interval }} +{% endif %} +{% for addresses in ldp.targeted_neighbor.ipv4.address %} +neighbor {{addresses}} targeted +{% endfor %} +{% endif %} +{% for interfaces in ldp.interface %} +interface {{interfaces}} +{% endfor %} exit-address-family +{% else %} +no address-family ipv4 +{% endif %} +{% endif %} ! -{% if ldp.d_transp_ipv6 -%} +{% if ldp.discovery is defined %} +{% if ldp.discovery.transport_ipv6_address is defined %} address-family ipv6 label local allocate host-routes -{% if old_ldp.export_ipv6_exp -%} -no label local advertise explicit-null -{% endif -%} -{% if ldp.export_ipv6_exp -%} +{% if ldp.discovery.transport_ipv6_address is defined %} +discovery transport-address {{ ldp.discovery.transport_ipv6_address }} +{% endif %} +{% if ldp.discovery.hello_ipv6_holdtime is defined %} +discovery hello holdtime {{ ldp.discovery.hello_ipv6_holdtime }} +{% endif %} +{% if ldp.discovery.hello_ipv6_interval is defined %} +discovery hello interval {{ ldp.discovery.hello_ipv6_interval }} +{% endif %} +{% if ldp.discovery.session_ipv6_holdtime is defined %} +session holdtime {{ ldp.discovery.session_ipv6_holdtime }} +{% endif %} +{% if ldp.export is defined %} +{% if ldp.export.ipv6.explicit_null is defined %} label local advertise explicit-null -{% endif -%} -{% if old_ldp.ses_ipv6_hold -%} -no session holdtime {{ old_ldp.ses_ipv6_hold }} -{% endif -%} -{% if ldp.ses_ipv6_hold -%} -session holdtime {{ ldp.ses_ipv6_hold }} -{% endif -%} -{% if old_ldp.d_transp_ipv6 -%} -no discovery transport-address {{ old_ldp.d_transp_ipv6 }} -{% endif -%} -{% if ldp.d_transp_ipv6 -%} -discovery transport-address {{ ldp.d_transp_ipv6 }} -{% endif -%} -{% if old_ldp.hello_ipv6_holdtime -%} -no discovery hello holdtime {{ old_ldp.hello_ipv6_holdtime }} -{% endif -%} -{% if ldp.hello_ipv6_holdtime -%} -discovery hello holdtime {{ ldp.hello_ipv6_holdtime }} -{% endif -%} -{% if old_ldp.hello_ipv6_interval -%} -no discovery hello interval {{ old_ldp.hello_ipv6_interval }} -{% endif -%} -{% if ldp.hello_ipv6_interval -%} -discovery hello interval {{ ldp.hello_ipv6_interval }} -{% endif -%} -{% if old_ldp.target_ipv6_enable -%} -no discovery targeted-hello accept -{% endif -%} -{% if ldp.target_ipv6_enable -%} +{% endif %} +{% endif %} +{% if ldp.targeted_neighbor is defined %} +{% if ldp.targeted_neighbor.ipv6.enable is defined %} discovery targeted-hello accept -{% endif -%} -{% if old_ldp.target_ipv6_hello_int -%} -no discovery targeted-hello interval {{ old_ldp.target_ipv6_hello_int }} -{% endif -%} -{% if ldp.target_ipv6_hello_int -%} -discovery targeted-hello interval {{ ldp.target_ipv6_hello_int }} -{% endif -%} -{% if old_ldp.target_ipv6_hello_hold -%} -no discovery targeted-hello holdtime {{ old_ldp.target_ipv6_hello_hold }} -{% endif -%} -{% if ldp.target_ipv6_hello_hold -%} -discovery targeted-hello holdtime {{ ldp.target_ipv6_hello_hold }} -{% endif -%} -{% for address in old_ldp.target_ipv6_addresses -%} -no neighbor {{address}} targeted -{% endfor -%} -{% for address in ldp.target_ipv6_addresses -%} -neighbor {{address}} targeted -{% endfor -%} -{% for interface in old_ldp.interfaces -%} -no interface {{interface}} -{% endfor -%} -{% for interface in ldp.interfaces -%} -interface {{interface}} -{% endfor -%} -! +{% endif %} +{% if ldp.targeted_neighbor.ipv6.hello_holdtime is defined %} +discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv6.hello_holdtime }} +{% endif %} +{% if ldp.targeted_neighbor.ipv6.hello_interval is defined %} +discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv6.hello_interval }} +{% endif %} +{% for addresses in ldp.targeted_neighbor.ipv6.address %} +neighbor {{addresses}} targeted +{% endfor %} +{% endif %} +{% for interfaces in ldp.interface %} +interface {{interfaces}} +{% endfor %} exit-address-family -{% else -%} +{% else %} no address-family ipv6 -{% endif -%} -! -{% else -%} -no mpls ldp -{% endif -%} -!
\ No newline at end of file +{% endif %} +{% endif %} +{% endif %} diff --git a/data/templates/frr/pimd.frr.tmpl b/data/templates/frr/pimd.frr.tmpl index 1d1532c60..a5b56223a 100644 --- a/data/templates/frr/pimd.frr.tmpl +++ b/data/templates/frr/pimd.frr.tmpl @@ -1,34 +1,34 @@ ! -{% for rp_addr in old_pim.rp -%} -{% for group in old_pim.rp[rp_addr] -%} +{% for rp_addr in old_pim.rp %} +{% for group in old_pim.rp[rp_addr] %} no ip pim rp {{ rp_addr }} {{ group }} -{% endfor -%} -{% endfor -%} -{% if old_pim.rp_keep_alive -%} +{% endfor %} +{% endfor %} +{% if old_pim.rp_keep_alive %} no ip pim rp keep-alive-timer {{ old_pim.rp_keep_alive }} -{% endif -%} -{% for iface in old_pim.ifaces -%} +{% endif %} +{% for iface in old_pim.ifaces %} interface {{ iface }} no ip pim ! -{% endfor -%} -{% for iface in pim.ifaces -%} +{% endfor %} +{% for iface in pim.ifaces %} interface {{ iface }} ip pim -{% if pim.ifaces[iface].dr_prio -%} +{% if pim.ifaces[iface].dr_prio %} ip pim drpriority {{ pim.ifaces[iface].dr_prio }} -{% endif -%} -{% if pim.ifaces[iface].hello -%} +{% endif %} +{% if pim.ifaces[iface].hello %} ip pim hello {{ pim.ifaces[iface].hello }} -{% endif -%} +{% endif %} ! -{% endfor -%} -{% for rp_addr in pim.rp -%} -{% for group in pim.rp[rp_addr] -%} +{% endfor %} +{% for rp_addr in pim.rp %} +{% for group in pim.rp[rp_addr] %} ip pim rp {{ rp_addr }} {{ group }} -{% endfor -%} -{% endfor -%} -{% if pim.rp_keep_alive -%} +{% endfor %} +{% endfor %} +{% if pim.rp_keep_alive %} ip pim rp keep-alive-timer {{ pim.rp_keep_alive }} -{% endif -%} +{% endif %} ! diff --git a/data/templates/frr/rip.frr.tmpl b/data/templates/frr/rip.frr.tmpl index 60bc686bd..83df4e203 100644 --- a/data/templates/frr/rip.frr.tmpl +++ b/data/templates/frr/rip.frr.tmpl @@ -1,143 +1,143 @@ ! -{% if rip_conf -%} +{% if rip_conf %} router rip -{% if old_default_distance -%} +{% if old_default_distance %} no distance {{old_default_distance}} -{% endif -%} -{% if default_distance -%} +{% endif %} +{% if default_distance %} distance {{default_distance}} -{% endif -%} -{% if old_default_originate -%} +{% endif %} +{% if old_default_originate %} no default-information originate -{% endif -%} -{% if default_originate -%} +{% endif %} +{% if default_originate %} default-information originate -{% endif -%} -{% if old_rip.default_metric -%} +{% endif %} +{% if old_rip.default_metric %} no default-metric {{old_rip.default_metric}} -{% endif -%} -{% if rip.default_metric -%} +{% endif %} +{% if rip.default_metric %} default-metric {{rip.default_metric}} -{% endif -%} -{% for protocol in old_rip.redist -%} -{% if old_rip.redist[protocol]['metric'] and old_rip.redist[protocol]['route_map'] -%} +{% endif %} +{% for protocol in old_rip.redist %} +{% if old_rip.redist[protocol]['metric'] and old_rip.redist[protocol]['route_map'] %} no redistribute {{protocol}} metric {{rip.redist[protocol]['metric']}} route-map {{rip.redist[protocol]['route_map']}} -{% elif old_rip.redist[protocol]['metric'] -%} +{% elif old_rip.redist[protocol]['metric'] %} no redistribute {{protocol}} metric {{old_rip.redist[protocol]['metric']}} -{% elif old_rip.redist[protocol]['route_map'] -%} +{% elif old_rip.redist[protocol]['route_map'] %} no redistribute {{protocol}} route-map {{old_rip.redist[protocol]['route_map']}} -{% else -%} +{% else %} no redistribute {{protocol}} -{% endif -%} -{% endfor -%} -{% for protocol in rip.redist -%} -{% if rip.redist[protocol]['metric'] and rip.redist[protocol]['route_map'] -%} +{% endif %} +{% endfor %} +{% for protocol in rip.redist %} +{% if rip.redist[protocol]['metric'] and rip.redist[protocol]['route_map'] %} redistribute {{protocol}} metric {{rip.redist[protocol]['metric']}} route-map {{rip.redist[protocol]['route_map']}} -{% elif rip.redist[protocol]['metric'] -%} +{% elif rip.redist[protocol]['metric'] %} redistribute {{protocol}} metric {{rip.redist[protocol]['metric']}} -{% elif rip.redist[protocol]['route_map'] -%} +{% elif rip.redist[protocol]['route_map'] %} redistribute {{protocol}} route-map {{rip.redist[protocol]['route_map']}} -{% else -%} +{% else %} redistribute {{protocol}} -{% endif -%} -{% endfor -%} -{% for iface in old_rip.distribute -%} -{% if old_rip.distribute[iface].iface_access_list_in -%} +{% endif %} +{% endfor %} +{% for iface in old_rip.distribute %} +{% if old_rip.distribute[iface].iface_access_list_in %} no distribute-list {{old_rip.distribute[iface].iface_access_list_in}} in {{iface}} -{% endif -%} -{% if old_rip.distribute[iface].iface_access_list_out -%} +{% endif %} +{% if old_rip.distribute[iface].iface_access_list_out %} no distribute-list {{old_rip.distribute[iface].iface_access_list_out}} out {{iface}} -{% endif -%} -{% if old_rip.distribute[iface].iface_prefix_list_in -%} +{% endif %} +{% if old_rip.distribute[iface].iface_prefix_list_in %} no distribute-list prefix {{old_rip.distribute[iface].iface_prefix_list_in}} in {{iface}} -{% endif -%} -{% if old_rip.distribute[iface].iface_prefix_list_out -%} +{% endif %} +{% if old_rip.distribute[iface].iface_prefix_list_out %} no distribute-list prefix {{old_rip.distribute[iface].iface_prefix_list_out}} out {{iface}} -{% endif -%} -{% endfor -%} -{% for iface in rip.distribute -%} -{% if rip.distribute[iface].iface_access_list_in -%} +{% endif %} +{% endfor %} +{% for iface in rip.distribute %} +{% if rip.distribute[iface].iface_access_list_in %} distribute-list {{rip.distribute[iface].iface_access_list_in}} in {{iface}} -{% endif -%} -{% if rip.distribute[iface].iface_access_list_out -%} +{% endif %} +{% if rip.distribute[iface].iface_access_list_out %} distribute-list {{rip.distribute[iface].iface_access_list_out}} out {{iface}} -{% endif -%} -{% if rip.distribute[iface].iface_prefix_list_in -%} +{% endif %} +{% if rip.distribute[iface].iface_prefix_list_in %} distribute-list prefix {{rip.distribute[iface].iface_prefix_list_in}} in {{iface}} -{% endif -%} -{% if rip.distribute[iface].iface_prefix_list_out -%} +{% endif %} +{% if rip.distribute[iface].iface_prefix_list_out %} distribute-list prefix {{rip.distribute[iface].iface_prefix_list_out}} out {{iface}} -{% endif -%} -{% endfor -%} -{% if old_rip.dist_acl_in -%} +{% endif %} +{% endfor %} +{% if old_rip.dist_acl_in %} no distribute-list {{old_rip.dist_acl_in}} in -{% endif -%} -{% if rip.dist_acl_in -%} +{% endif %} +{% if rip.dist_acl_in %} distribute-list {{rip.dist_acl_in}} in -{% endif -%} -{% if old_rip.dist_acl_out -%} +{% endif %} +{% if old_rip.dist_acl_out %} no distribute-list {{old_rip.dist_acl_out}} out -{% endif -%} -{% if rip.dist_acl_out -%} +{% endif %} +{% if rip.dist_acl_out %} distribute-list {{rip.dist_acl_out}} out -{% endif -%} -{% if old_rip.dist_prfx_in -%} +{% endif %} +{% if old_rip.dist_prfx_in %} no distribute-list prefix {{old_rip.dist_prfx_in}} in -{% endif -%} -{% if rip.dist_prfx_in -%} +{% endif %} +{% if rip.dist_prfx_in %} distribute-list prefix {{rip.dist_prfx_in}} in -{% endif -%} -{% if old_rip.dist_prfx_out -%} +{% endif %} +{% if old_rip.dist_prfx_out %} no distribute-list prefix {{old_rip.dist_prfx_out}} out -{% endif -%} -{% if rip.dist_prfx_out -%} +{% endif %} +{% if rip.dist_prfx_out %} distribute-list prefix {{rip.dist_prfx_out}} out -{% endif -%} -{% for network in old_rip.networks -%} +{% endif %} +{% for network in old_rip.networks %} no network {{network}} -{% endfor -%} -{% for network in rip.networks -%} +{% endfor %} +{% for network in rip.networks %} network {{network}} -{% endfor -%} -{% for iface in old_rip.ifaces -%} +{% endfor %} +{% for iface in old_rip.ifaces %} no network {{iface}} -{% endfor -%} -{% for iface in rip.ifaces -%} +{% endfor %} +{% for iface in rip.ifaces %} network {{iface}} -{% endfor -%} -{% for neighbor in old_rip.neighbors -%} +{% endfor %} +{% for neighbor in old_rip.neighbors %} no neighbor {{neighbor}} -{% endfor -%} -{% for neighbor in rip.neighbors -%} +{% endfor %} +{% for neighbor in rip.neighbors %} neighbor {{neighbor}} -{% endfor -%} -{% for net in rip.net_distance -%} -{% if rip.net_distance[net].access_list and rip.net_distance[net].distance -%} +{% endfor %} +{% for net in rip.net_distance %} +{% if rip.net_distance[net].access_list and rip.net_distance[net].distance %} distance {{rip.net_distance[net].distance}} {{net}} {{rip.net_distance[net].access_list}} -{% else -%} +{% else %} distance {{rip.net_distance[net].distance}} {{net}} -{% endif -%} -{% endfor -%} -{% for passive_iface in old_rip.passive_iface -%} +{% endif %} +{% endfor %} +{% for passive_iface in old_rip.passive_iface %} no passive-interface {{passive_iface}} -{% endfor -%} -{% for passive_iface in rip.passive_iface -%} +{% endfor %} +{% for passive_iface in rip.passive_iface %} passive-interface {{passive_iface}} -{% endfor -%} -{% for route in old_rip.route -%} +{% endfor %} +{% for route in old_rip.route %} no route {{route}} -{% endfor -%} -{% for route in rip.route -%} +{% endfor %} +{% for route in rip.route %} route {{route}} -{% endfor -%} -{% if old_rip.timer_update or old_rip.timer_timeout or old_rip.timer_garbage -%} +{% endfor %} +{% if old_rip.timer_update or old_rip.timer_timeout or old_rip.timer_garbage %} no timers basic -{% endif -%} -{% if rip.timer_update or rip.timer_timeout or rip.timer_garbage -%} +{% endif %} +{% if rip.timer_update or rip.timer_timeout or rip.timer_garbage %} timers basic {{rip.timer_update}} {{rip.timer_timeout}} {{rip.timer_garbage}} -{% endif -%} +{% endif %} ! -{% else -%} +{% else %} no router rip ! -{% endif -%} +{% endif %} diff --git a/data/templates/frr/static_mcast.frr.tmpl b/data/templates/frr/static_mcast.frr.tmpl index 86d619ab0..38635af32 100644 --- a/data/templates/frr/static_mcast.frr.tmpl +++ b/data/templates/frr/static_mcast.frr.tmpl @@ -1,20 +1,20 @@ ! -{% for route_gr in old_mroute -%} -{% for nh in old_mroute[route_gr] -%} -{% if old_mroute[route_gr][nh] -%} +{% for route_gr in old_mroute %} +{% for nh in old_mroute[route_gr] %} +{% if old_mroute[route_gr][nh] %} no ip mroute {{ route_gr }} {{ nh }} {{ old_mroute[route_gr][nh] }} -{% else -%} +{% else %} no ip mroute {{ route_gr }} {{ nh }} -{% endif -%} -{% endfor -%} -{% endfor -%} -{% for route_gr in mroute -%} -{% for nh in mroute[route_gr] -%} -{% if mroute[route_gr][nh] -%} +{% endif %} +{% endfor %} +{% endfor %} +{% for route_gr in mroute %} +{% for nh in mroute[route_gr] %} +{% if mroute[route_gr][nh] %} ip mroute {{ route_gr }} {{ nh }} {{ mroute[route_gr][nh] }} -{% else -%} +{% else %} ip mroute {{ route_gr }} {{ nh }} -{% endif -%} -{% endfor -%} -{% endfor -%} +{% endif %} +{% endfor %} +{% endfor %} ! diff --git a/data/templates/ids/fastnetmon.tmpl b/data/templates/ids/fastnetmon.tmpl index 71a1b2bd7..1f6a1c808 100644 --- a/data/templates/ids/fastnetmon.tmpl +++ b/data/templates/ids/fastnetmon.tmpl @@ -27,34 +27,34 @@ enable_subnet_counters = off {% if "mirror" in mode %} mirror_afpacket = on -{% endif -%} +{% endif %} {% if "in" in direction %} process_incoming_traffic = on -{% endif -%} +{% endif %} {% if "out" in direction %} process_outgoing_traffic = on -{% endif -%} +{% endif %} {% for th in threshold %} {% if th == "fps" %} ban_for_flows = on threshold_flows = {{ threshold[th] }} -{% endif -%} +{% endif %} {% if th == "mbps" %} ban_for_bandwidth = on threshold_mbps = {{ threshold[th] }} -{% endif -%} +{% endif %} {% if th == "pps" %} ban_for_pps = on threshold_pps = {{ threshold[th] }} -{% endif -%} -{% endfor -%} +{% endif %} +{% endfor %} {% if listen_interface %} {% set value = listen_interface if listen_interface is string else listen_interface | join(',') %} interfaces = {{ value }} -{% endif -%} +{% endif %} {% if alert_script %} notify_script_path = {{ alert_script }} -{% endif -%} +{% endif %} diff --git a/data/templates/igmp-proxy/igmpproxy.conf.tmpl b/data/templates/igmp-proxy/igmpproxy.conf.tmpl index c7fc5cef5..e3966def3 100644 --- a/data/templates/igmp-proxy/igmpproxy.conf.tmpl +++ b/data/templates/igmp-proxy/igmpproxy.conf.tmpl @@ -2,36 +2,39 @@ # # autogenerated by igmp_proxy.py # -# The configuration file must define one upstream -# interface, and one or more downstream interfaces. +# The configuration file must define one upstream interface, and one or more +# downstream interfaces. # -# If multicast traffic originates outside the -# upstream subnet, the "altnet" option can be -# used in order to define legal multicast sources. -# (Se example...) +# If multicast traffic originates outside the upstream subnet, the "altnet" +# option can be used in order to define legal multicast sources. # -# The "quickleave" should be used to avoid saturation -# of the upstream link. The option should only -# be used if it's absolutely nessecary to -# accurately imitate just one Client. +# The "quickleave" should be used to avoid saturation of the upstream link. The +# option should only be used if it's absolutely nessecary to accurately imitate +# just one Client. # ######################################################## -{% if not disable_quickleave -%} +{% if disable_quickleave is not defined %} quickleave -{% endif -%} +{% endif %} +{% if interface is defined and interface is not none %} +{% for iface, config in interface.items() %} -{% for interface in interfaces %} -# Configuration for {{ interface.name }} ({{ interface.role }} interface) -{% if interface.role == 'disabled' -%} -phyint {{ interface.name }} disabled -{%- else -%} -phyint {{ interface.name }} {{ interface.role }} ratelimit 0 threshold {{ interface.threshold }} -{%- endif -%} -{%- for subnet in interface.alt_subnet %} +# Configuration for {{ iface }} ({{ config.role }} interface) +{% if config.role == 'disabled' %} +phyint {{ iface }} disabled +{% else %} +phyint {{ iface }} {{ config.role }} ratelimit 0 threshold {{ config.threshold }} +{% endif %} +{% if config.alt_subnet is defined and config.alt_subnet is not none %} +{% for subnet in config.alt_subnet %} altnet {{ subnet }} -{%- endfor %} -{%- for subnet in interface.whitelist %} +{% endfor %} +{% endif %} +{% if config.whitelist is defined and config.whitelist is not none %} +{% for subnet in config.whitelist %} whitelist {{ subnet }} -{%- endfor %} -{% endfor %} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} diff --git a/data/templates/lldp/vyos.conf.tmpl b/data/templates/lldp/vyos.conf.tmpl index e724f42c6..07bbaf604 100644 --- a/data/templates/lldp/vyos.conf.tmpl +++ b/data/templates/lldp/vyos.conf.tmpl @@ -2,19 +2,19 @@ configure system platform VyOS configure system description "VyOS {{ options.description }}" -{% if options.listen_on -%} +{% if options.listen_on %} configure system interface pattern "{{ ( options.listen_on | select('equalto','all') | map('replace','all','*') | list + options.listen_on | select('equalto','!all') | map('replace','!all','!*') | list + options.listen_on | reject('equalto','all') | reject('equalto','!all') | list ) | unique | join(",") }}" -{%- endif %} -{% if options.mgmt_addr -%} +{% endif %} +{% if options.mgmt_addr %} configure system ip management pattern {{ options.mgmt_addr | join(",") }} -{%- endif %} -{%- for loc in location -%} -{%- if loc.elin %} +{% endif %} +{% for loc in location %} +{% if loc.elin %} configure ports {{ loc.name }} med location elin "{{ loc.elin }}" -{%- endif %} -{%- if loc.coordinate_based %} +{% endif %} +{% if loc.coordinate_based %} configure ports {{ loc.name }} med location coordinate {% if loc.coordinate_based.latitude %}latitude {{ loc.coordinate_based.latitude }}{% endif %} {% if loc.coordinate_based.longitude %}longitude {{ loc.coordinate_based.longitude }}{% endif %} {% if loc.coordinate_based.altitude %}altitude {{ loc.coordinate_based.altitude }} m{% endif %} {% if loc.coordinate_based.datum %}datum {{ loc.coordinate_based.datum }}{% endif %} -{%- endif %} +{% endif %} {% endfor %} diff --git a/data/templates/netflow/uacctd.conf.tmpl b/data/templates/netflow/uacctd.conf.tmpl index d8615566f..fdf96e7c3 100644 --- a/data/templates/netflow/uacctd.conf.tmpl +++ b/data/templates/netflow/uacctd.conf.tmpl @@ -8,62 +8,62 @@ snaplen: {{ snaplen }} aggregate: in_iface,src_mac,dst_mac,vlan,src_host,dst_host,src_port,dst_port,proto,tos,flows plugin_pipe_size: {{ templatecfg['plugin_pipe_size'] }} plugin_buffer_size: {{ templatecfg['plugin_buffer_size'] }} -{%- if templatecfg['syslog-facility'] != none %} +{% if templatecfg['syslog-facility'] != none %} syslog: {{ templatecfg['syslog-facility'] }} -{%- endif %} -{%- if templatecfg['disable-imt'] == none %} +{% endif %} +{% if templatecfg['disable-imt'] == none %} imt_path: /tmp/uacctd.pipe imt_mem_pools_number: 169 -{%- endif %} +{% endif %} plugins: -{%- if templatecfg['netflow']['servers'] != none -%} +{% if templatecfg['netflow']['servers'] != none %} {% for server in templatecfg['netflow']['servers'] %} - {%- if loop.last -%}nfprobe[nf_{{ server['address'] }}]{%- else %}nfprobe[nf_{{ server['address'] }}],{%- endif %} - {%- endfor -%} + {% if loop.last %}nfprobe[nf_{{ server['address'] }}]{% else %}nfprobe[nf_{{ server['address'] }}],{% endif %} + {% endfor %} {% set plugins_presented = true %} -{%- endif %} -{%- if templatecfg['sflow']['servers'] != none -%} - {% if plugins_presented -%} - {%- for server in templatecfg['sflow']['servers'] -%} +{% endif %} +{% if templatecfg['sflow']['servers'] != none %} + {% if plugins_presented %} + {% for server in templatecfg['sflow']['servers'] %} ,sfprobe[sf_{{ server['address'] }}] - {%- endfor %} - {%- else %} - {%- for server in templatecfg['sflow']['servers'] %} - {%- if loop.last -%}sfprobe[sf_{{ server['address'] }}]{%- else %}sfprobe[sf_{{ server['address'] }}],{%- endif %} - {%- endfor %} - {%- endif -%} + {% endfor %} + {% else %} + {% for server in templatecfg['sflow']['servers'] %} + {% if loop.last %}sfprobe[sf_{{ server['address'] }}]{% else %}sfprobe[sf_{{ server['address'] }}],{% endif %} + {% endfor %} + {% endif %} {% set plugins_presented = true %} -{%- endif %} -{%- if templatecfg['disable-imt'] == none %} - {%- if plugins_presented -%},memory{%- else %}memory{%- endif %} -{%- endif %} -{%- if templatecfg['netflow']['servers'] != none %} -{%- for server in templatecfg['netflow']['servers'] %} +{% endif %} +{% if templatecfg['disable-imt'] == none %} + {% if plugins_presented %},memory{% else %}memory{% endif %} +{% endif %} +{% if templatecfg['netflow']['servers'] != none %} +{% for server in templatecfg['netflow']['servers'] %} nfprobe_receiver[nf_{{ server['address'] }}]: {{ server['address'] }}:{{ server['port'] }} nfprobe_version[nf_{{ server['address'] }}]: {{ templatecfg['netflow']['version'] }} -{%- if templatecfg['netflow']['engine-id'] != none %} +{% if templatecfg['netflow']['engine-id'] != none %} nfprobe_engine[nf_{{ server['address'] }}]: {{ templatecfg['netflow']['engine-id'] }} -{%- endif %} -{%- if templatecfg['netflow']['max-flows'] != none %} +{% endif %} +{% if templatecfg['netflow']['max-flows'] != none %} nfprobe_maxflows[nf_{{ server['address'] }}]: {{ templatecfg['netflow']['max-flows'] }} -{%- endif %} -{%- if templatecfg['netflow']['sampling-rate'] != none %} +{% endif %} +{% if templatecfg['netflow']['sampling-rate'] != none %} sampling_rate[nf_{{ server['address'] }}]: {{ templatecfg['netflow']['sampling-rate'] }} -{%- endif %} -{%- if templatecfg['netflow']['source-ip'] != none %} +{% endif %} +{% if templatecfg['netflow']['source-ip'] != none %} nfprobe_source_ip[nf_{{ server['address'] }}]: {{ templatecfg['netflow']['source-ip'] }} -{%- endif %} -{%- if templatecfg['netflow']['timeout_string'] != '' %} +{% endif %} +{% if templatecfg['netflow']['timeout_string'] != '' %} nfprobe_timeouts[nf_{{ server['address'] }}]: {{ templatecfg['netflow']['timeout_string'] }} -{%- endif %} -{%- endfor %} -{%- endif %} -{%- if templatecfg['sflow']['servers'] != none %} -{%- for server in templatecfg['sflow']['servers'] %} +{% endif %} +{% endfor %} +{% endif %} +{% if templatecfg['sflow']['servers'] != none %} +{% for server in templatecfg['sflow']['servers'] %} sfprobe_receiver[sf_{{ server['address'] }}]: {{ server['address'] }}:{{ server['port'] }} sfprobe_agentip[sf_{{ server['address'] }}]: {{ templatecfg['sflow']['agent-address'] }} -{%- if templatecfg['sflow']['sampling-rate'] != none %} +{% if templatecfg['sflow']['sampling-rate'] != none %} sampling_rate[sf_{{ server['address'] }}]: {{ templatecfg['sflow']['sampling-rate'] }} -{%- endif %} -{%- endfor %} +{% endif %} +{% endfor %} {% endif %} diff --git a/data/templates/ntp/ntp.conf.tmpl b/data/templates/ntp/ntp.conf.tmpl index bb0067bfb..3f319c89b 100644 --- a/data/templates/ntp/ntp.conf.tmpl +++ b/data/templates/ntp/ntp.conf.tmpl @@ -13,13 +13,13 @@ restrict -6 ::1 # # Configurable section # -{% if server %} -{% for srv in server %} -{% set options = '' %} -{% set options = options + 'noselect ' if server[srv].noselect is defined else '' %} -{% set options = options + 'preempt ' if server[srv].preempt is defined else '' %} -{% set options = options + 'prefer ' if server[srv].prefer is defined else '' %} -server {{ srv | replace('_', '-') }} iburst {{ options }} +{% if server is defined and server is not none %} +{% for server, config in server.items() %} +{% set association = 'server' %} +{% if config.pool is defined %} +{% set association = 'pool' %} +{% endif %} +{{ association }} {{ server | replace('_', '-') }} iburst {{ 'noselect' if config.noselect is defined }} {{ 'preempt' if config.preempt is defined }} {{ 'prefer' if config.prefer is defined }} {% endfor %} {% endif %} diff --git a/data/templates/openvpn/auth.pw.tmpl b/data/templates/openvpn/auth.pw.tmpl new file mode 100644 index 000000000..9b20c9742 --- /dev/null +++ b/data/templates/openvpn/auth.pw.tmpl @@ -0,0 +1,5 @@ +{# Autogenerated by interfaces-openvpn.py #} +{% if authentication is defined and authentication is not none %} +{{ authentication.username }} +{{ authentication.password }} +{% endif %} diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index 1fdf6b848..a1daaa078 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -14,9 +14,9 @@ dev {{ ifname }} persist-key iproute /usr/libexec/vyos/system/unpriv-ip {% if protocol == 'tcp-active' %} -proto tcp6-client +proto tcp-client {% elif protocol == 'tcp-passive' %} -proto tcp6-server +proto tcp-server {% else %} proto udp {% endif %} @@ -52,13 +52,14 @@ push "redirect-gateway def1" compress lzo {% endif %} -{% if 'client' in mode %} +{% if mode == 'client' %} # # OpenVPN Client mode # client nobind -{% elif 'server' in mode %} + +{% elif mode == 'server' %} # # OpenVPN Server mode # @@ -94,7 +95,7 @@ max-clients {{ server.max_connections }} client-config-dir /run/openvpn/ccd/{{ ifname }} {% endif %} {% endif %} -keepalive {{ keep_alive.interval }} {{ keep_alive.failure_count }} +keepalive {{ keep_alive.interval }} {{ keep_alive.interval|int * keep_alive.failure_count|int }} management /run/openvpn/openvpn-mgmt-intf unix {% if server is defined and server is not none %} {% if server.reject_unconfigured_clients is defined %} @@ -129,6 +130,7 @@ push "route-ipv6 {{ route6 }}" push "dhcp-option DNS6 {{ ns6 }}" {% endfor %} {% endif %} + {% else %} # # OpenVPN site-2-site mode @@ -136,19 +138,24 @@ push "dhcp-option DNS6 {{ ns6 }}" ping {{ keep_alive.interval }} ping-restart {{ keep_alive.failure_count }} -{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %} -{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %} +{% if device_type == 'tap' %} +{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %} +{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %} ifconfig {{ laddr }} {{ laddr_conf.subnet_mask }} -{% else %} -{% for raddr in remote_address %} -{% if raddr | is_ipv4 %} +{% endif %} +{% endfor %} +{% else %} +{% for laddr in local_address if laddr | is_ipv4 %} +{% for raddr in remote_address if raddr | is_ipv4 %} ifconfig {{ laddr }} {{ raddr }} -{% else %} +{% endfor %} +{% endfor %} +{% for laddr in local_address if laddr | is_ipv6 %} +{% for raddr in remote_address if raddr | is_ipv6 %} ifconfig-ipv6 {{ laddr }} {{ raddr }} -{% endif %} {% endfor %} -{% endif %} -{% endfor %} +{% endfor %} +{% endif %} {% endif %} {% if tls is defined and tls is not none %} diff --git a/data/templates/pppoe/ip-pre-up.script.tmpl b/data/templates/pppoe/ip-pre-up.script.tmpl index cf85ed067..a54e4e9bd 100644 --- a/data/templates/pppoe/ip-pre-up.script.tmpl +++ b/data/templates/pppoe/ip-pre-up.script.tmpl @@ -12,7 +12,7 @@ logger -t pppd[$DIALER_PID] "executing $0" echo "{{ description }}" > /sys/class/net/{{ ifname }}/ifalias -{% if vrf -%} +{% if vrf %} logger -t pppd[$DIALER_PID] "configuring dialer interface $6 for VRF {{ vrf }}" ip link set dev {{ ifname }} master {{ vrf }} {% endif %} diff --git a/data/templates/pppoe/ip-up.script.tmpl b/data/templates/pppoe/ip-up.script.tmpl index 568e21c4e..302756960 100644 --- a/data/templates/pppoe/ip-up.script.tmpl +++ b/data/templates/pppoe/ip-up.script.tmpl @@ -11,7 +11,7 @@ fi DIALER_PID=$(cat /var/run/{{ ifname }}.pid) logger -t pppd[$DIALER_PID] "executing $0" -{% if default_route != 'none' -%} +{% if default_route != 'none' %} # See https://phabricator.vyos.net/T2248 & T2220. Determine if we are enslaved # to a VRF, this is needed to properly insert the default route. @@ -28,14 +28,14 @@ if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then VRF_NAME="vrf ${VRF}" fi -{% if default_route == 'auto' -%} +{% if default_route == 'auto' %} # Only insert a new default route if there is no default route configured routes=$(vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep 0.0.0.0/0 | wc -l) if [ "$routes" -ne 0 ]; then exit 1 fi -{% elif default_route == 'force' -%} +{% elif default_route == 'force' %} # Retrieve current static default routes and remove it from the routing table vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep 0.0.0.0/0 | while read route ; do vtysh -c "conf t" ${VTY_OPT} -c "no ${route} ${VRF_NAME}" diff --git a/data/templates/pppoe/ipv6-up.script.tmpl b/data/templates/pppoe/ipv6-up.script.tmpl index d0a62478c..ed6102d6c 100644 --- a/data/templates/pppoe/ipv6-up.script.tmpl +++ b/data/templates/pppoe/ipv6-up.script.tmpl @@ -7,7 +7,7 @@ if [ "$6" != "{{ ifname }}" ]; then exit fi -{% if ipv6 is defined and ipv6.address is defined and ipv6.address.autoconf is defined -%} +{% if ipv6 is defined and ipv6.address is defined and ipv6.address.autoconf is defined %} # add some info to syslog DIALER_PID=$(cat /var/run/{{ ifname }}.pid) logger -t pppd[$DIALER_PID] "executing $0" @@ -45,7 +45,7 @@ echo 1 > /proc/sys/net/ipv6/conf/{{ ifname }}/autoconf systemctl start dhcp6c@{{ ifname }}.service {% endif %} -{% if default_route != 'none' -%} +{% if default_route != 'none' %} # See https://phabricator.vyos.net/T2248 & T2220. Determine if we are enslaved # to a VRF, this is needed to properly insert the default route. @@ -62,14 +62,14 @@ if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then VRF_NAME="vrf ${VRF}" fi -{% if default_route == 'auto' -%} +{% if default_route == 'auto' %} # Only insert a new default route if there is no default route configured routes=$(vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep ::/0 | wc -l) if [ "$routes" -ne 0 ]; then exit 1 fi -{% elif default_route == 'force' -%} +{% elif default_route == 'force' %} # Retrieve current static default routes and remove it from the routing table vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep ::/0 | while read route ; do vtysh -c "conf t" ${VTY_OPT} -c "no ${route} ${VRF_NAME}" diff --git a/data/templates/pppoe/peer.tmpl b/data/templates/pppoe/peer.tmpl index e909843a5..dd4272a98 100644 --- a/data/templates/pppoe/peer.tmpl +++ b/data/templates/pppoe/peer.tmpl @@ -53,12 +53,12 @@ mru {{ mtu }} {{ "usepeerdns" if no_peer_dns is not defined }} -{% if ipv6 is defined and ipv6.enable is defined -%} +{% if ipv6 is defined and ipv6.enable is defined %} +ipv6 ipv6cp-use-ipaddr {% endif %} -{% if service_name is defined -%} +{% if service_name is defined %} rp_pppoe_service "{{ service_name }}" {% endif %} @@ -67,9 +67,9 @@ demand # See T2249. PPP default route options should only be set when in on-demand # mode. As soon as we are not in on-demand mode the default-route handling is # passed to the ip-up.d/ip-down.s scripts which is required for VRF support. -{% if 'auto' in default_route -%} +{% if 'auto' in default_route %} defaultroute -{% elif 'force' in default_route -%} +{% elif 'force' in default_route %} defaultroute replacedefaultroute {% endif %} diff --git a/data/templates/router-advert/radvd.conf.tmpl b/data/templates/router-advert/radvd.conf.tmpl index cebfc54b5..2fde78fec 100644 --- a/data/templates/router-advert/radvd.conf.tmpl +++ b/data/templates/router-advert/radvd.conf.tmpl @@ -43,5 +43,5 @@ interface {{ iface }} { }; {% endif %} }; -{% endfor -%} +{% endfor %} {% endif %} diff --git a/data/templates/salt-minion/minion.tmpl b/data/templates/salt-minion/minion.tmpl index 9369573a4..405fb9131 100644 --- a/data/templates/salt-minion/minion.tmpl +++ b/data/templates/salt-minion/minion.tmpl @@ -35,7 +35,7 @@ log_level: {{ log_level }} # Set the location of the salt master server, if the master server cannot be # resolved, then the minion will fail to start. master: -{% for host in master -%} +{% for host in master %} - {{ host }} {% endfor %} diff --git a/data/templates/snmp/usr.snmpd.conf.tmpl b/data/templates/snmp/usr.snmpd.conf.tmpl index 9c0337fa8..e2c5ec102 100644 --- a/data/templates/snmp/usr.snmpd.conf.tmpl +++ b/data/templates/snmp/usr.snmpd.conf.tmpl @@ -1,6 +1,6 @@ ### Autogenerated by snmp.py ### -{%- for u in v3_users %} +{% for u in v3_users %} {{ u.mode }}user {{ u.name }} -{%- endfor %} +{% endfor %} rwuser {{ vyos_user }} diff --git a/data/templates/snmp/var.snmpd.conf.tmpl b/data/templates/snmp/var.snmpd.conf.tmpl index 6cbc687ef..c779587df 100644 --- a/data/templates/snmp/var.snmpd.conf.tmpl +++ b/data/templates/snmp/var.snmpd.conf.tmpl @@ -1,14 +1,14 @@ ### Autogenerated by snmp.py ### # user -{%- for u in v3_users %} -{%- if u.authOID == 'none' %} +{% for u in v3_users %} +{% if u.authOID == 'none' %} createUser {{ u.name }} -{%- else %} +{% else %} usmUser 1 3 0x{{ v3_engineid }} "{{ u.name }}" "{{ u.name }}" NULL {{ u.authOID }} 0x{{ u.authMasterKey }} {{ u.privOID }} 0x{{ u.privMasterKey }} 0x -{%- endif %} -{%- endfor %} +{% endif %} +{% endfor %} createUser {{ vyos_user }} MD5 "{{ vyos_user_pass }}" DES -{%- if v3_engineid %} +{% if v3_engineid %} oldEngineID 0x{{ v3_engineid }} -{%- endif %} +{% endif %} diff --git a/data/templates/syslog/rsyslog.conf.tmpl b/data/templates/syslog/rsyslog.conf.tmpl index a610d132f..10fbb9d3c 100644 --- a/data/templates/syslog/rsyslog.conf.tmpl +++ b/data/templates/syslog/rsyslog.conf.tmpl @@ -1,14 +1,14 @@ ## generated by syslog.py ## ## file based logging -{% if files['global']['marker'] -%} +{% if files['global']['marker'] %} $ModLoad immark {% if files['global']['marker-interval'] %} $MarkMessagePeriod {{files['global']['marker-interval']}} {% endif %} -{% endif -%} -{% if files['global']['preserver_fqdn'] -%} +{% endif %} +{% if files['global']['preserver_fqdn'] %} $PreserveFQDN on -{% endif -%} +{% endif %} {% for file in files %} $outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} {{files[file]['selectors']}} :omfile:${{file}} diff --git a/data/templates/vrf/vrf.conf.tmpl b/data/templates/vrf/vrf.conf.tmpl index 761b0bb6f..6d01d2b89 100644 --- a/data/templates/vrf/vrf.conf.tmpl +++ b/data/templates/vrf/vrf.conf.tmpl @@ -3,6 +3,6 @@ # Routing table ID to name mapping reference # id vrf name comment -{% for vrf in vrf_add -%} +{% for vrf in vrf_add %} {{ "%-10s" | format(vrf.table) }} {{ "%-16s" | format(vrf.name) }} # {{ vrf.description }} -{% endfor -%} +{% endfor %} diff --git a/data/templates/vrrp/keepalived.conf.tmpl b/data/templates/vrrp/keepalived.conf.tmpl index 210621681..d51522e45 100644 --- a/data/templates/vrrp/keepalived.conf.tmpl +++ b/data/templates/vrrp/keepalived.conf.tmpl @@ -9,9 +9,9 @@ global_defs { notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py } -{% for group in groups -%} +{% for group in groups %} -{% if group.health_check_script -%} +{% if group.health_check_script %} vrrp_script healthcheck_{{ group.name }} { script "{{ group.health_check_script }}" interval {{ group.health_check_interval }} @@ -22,9 +22,9 @@ vrrp_script healthcheck_{{ group.name }} { {% endif %} vrrp_instance {{ group.name }} { - {% if group.description -%} + {% if group.description %} # {{ group.description }} - {% endif -%} + {% endif %} state BACKUP interface {{ group.interface }} @@ -32,74 +32,74 @@ vrrp_instance {{ group.name }} { priority {{ group.priority }} advert_int {{ group.advertise_interval }} - {% if group.preempt -%} + {% if group.preempt %} preempt_delay {{ group.preempt_delay }} - {% else -%} + {% else %} nopreempt - {% endif -%} + {% endif %} - {% if group.peer_address -%} + {% if group.peer_address %} unicast_peer { {{ group.peer_address }} } - {% endif -%} + {% endif %} - {% if group.hello_source -%} - {%- if group.peer_address -%} + {% if group.hello_source %} + {% if group.peer_address %} unicast_src_ip {{ group.hello_source }} - {%- else -%} + {% else %} mcast_src_ip {{ group.hello_source }} - {%- endif %} - {% endif -%} + {% endif %} + {% endif %} - {% if group.use_vmac and group.peer_address -%} + {% if group.use_vmac and group.peer_address %} use_vmac {{group.interface}}v{{group.vrid}} vmac_xmit_base - {% elif group.use_vmac -%} + {% elif group.use_vmac %} use_vmac {{group.interface}}v{{group.vrid}} - {% endif -%} + {% endif %} - {% if group.auth_password -%} + {% if group.auth_password %} authentication { auth_pass "{{ group.auth_password }}" auth_type {{ group.auth_type }} } - {% endif -%} + {% endif %} virtual_ipaddress { - {% for addr in group.virtual_addresses -%} + {% for addr in group.virtual_addresses %} {{ addr }} - {% endfor -%} + {% endfor %} } - {% if group.virtual_addresses_excluded -%} + {% if group.virtual_addresses_excluded %} virtual_ipaddress_excluded { - {% for addr in group.virtual_addresses_excluded -%} + {% for addr in group.virtual_addresses_excluded %} {{ addr }} - {% endfor -%} + {% endfor %} } - {% endif -%} + {% endif %} - {% if group.health_check_script -%} + {% if group.health_check_script %} track_script { healthcheck_{{ group.name }} } - {% endif -%} + {% endif %} } -{% endfor -%} +{% endfor %} -{% for sync_group in sync_groups -%} +{% for sync_group in sync_groups %} vrrp_sync_group {{ sync_group.name }} { group { - {% for member in sync_group.members -%} + {% for member in sync_group.members %} {{ member }} - {% endfor -%} + {% endfor %} } - {% if sync_group.conntrack_sync -%} + {% if sync_group.conntrack_sync %} notify_master "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh master {{ sync_group.name }}" notify_backup "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh backup {{ sync_group.name }}" notify_fault "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh fault {{ sync_group.name }}" - {% endif -%} + {% endif %} } -{% endfor -%} +{% endfor %} diff --git a/data/templates/vyos-hostsd/hosts.tmpl b/data/templates/vyos-hostsd/hosts.tmpl index 566f9a5dd..be8692104 100644 --- a/data/templates/vyos-hostsd/hosts.tmpl +++ b/data/templates/vyos-hostsd/hosts.tmpl @@ -12,15 +12,15 @@ ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters -{% if hosts -%} +{% if hosts %} # From 'system static-host-mapping' and DHCP server -{%- for tag, taghosts in hosts.items() %} +{% for tag, taghosts in hosts.items() %} # {{ tag }} -{%- for host, hostprops in taghosts.items() %} -{%- if hostprops['address'] %} +{% for host, hostprops in taghosts.items() %} +{% if hostprops['address'] %} {{ hostprops['address'] }} {{ host }}{% for a in hostprops['aliases'] %} {{ a }}{% endfor %} -{%- endif %} -{%- endfor %} -{%- endfor %} -{%- endif %} +{% endif %} +{% endfor %} +{% endfor %} +{% endif %} diff --git a/data/templates/vyos-hostsd/resolv.conf.tmpl b/data/templates/vyos-hostsd/resolv.conf.tmpl index b920b2e5f..58a5f9312 100644 --- a/data/templates/vyos-hostsd/resolv.conf.tmpl +++ b/data/templates/vyos-hostsd/resolv.conf.tmpl @@ -1,26 +1,25 @@ ### Autogenerated by VyOS ### ### Do not edit, your changes will get overwritten ### -{#- the code below ensures the order of nameservers is determined first by #} +{# the code below ensures the order of nameservers is determined first by #} {# the order of tags, then by the order of nameservers within that tag #} -{%- for tag in name_server_tags_system %} -{%- if tag in name_servers %} +{% for tag in name_server_tags_system %} +{% if tag in name_servers %} # {{ tag }} -{%- for ns in name_servers[tag] %} +{% for ns in name_servers[tag] %} nameserver {{ ns }} -{%- endfor %} -{%- endif %} -{%- endfor %} +{% endfor %} +{% endif %} +{% endfor %} -{%- if domain_name %} +{% if domain_name %} domain {{ domain_name }} -{%- endif %} +{% endif %} {% for tag in name_server_tags_system %} -{%- if tag in search_domains %} +{% if tag in search_domains %} # {{ tag }} search {{ search_domains[tag]|join(' ') }} -{%- endif %} -{%- endfor %} - +{% endif %} +{% endfor %} diff --git a/data/templates/wifi/hostapd.conf.tmpl b/data/templates/wifi/hostapd.conf.tmpl index 16d9f7c98..e66e3472b 100644 --- a/data/templates/wifi/hostapd.conf.tmpl +++ b/data/templates/wifi/hostapd.conf.tmpl @@ -451,14 +451,6 @@ macaddr_acl=0 max_num_sta={{ max_stations }} {% endif %} -{% if wds is defined %} -# WDS (4-address frame) mode with per-station virtual interfaces -# (only supported with driver=nl80211) -# This mode allows associated stations to use 4-address frames to allow layer 2 -# bridging to be used. -wds_sta=1 -{% endif %} - {% if isolate_stations is defined %} # Client isolation can be used to prevent low-level bridging of frames between # associated stations in the BSS. By default, this bridging is allowed. diff --git a/data/templates/wwan/ip-pre-up.script.tmpl b/data/templates/wwan/ip-pre-up.script.tmpl index efc065bad..199150947 100644 --- a/data/templates/wwan/ip-pre-up.script.tmpl +++ b/data/templates/wwan/ip-pre-up.script.tmpl @@ -17,7 +17,7 @@ logger -t pppd[$DIALER_PID] "executing $0" echo "{{ description }}" > /sys/class/net/{{ ifname }}/ifalias -{% if vrf -%} +{% if vrf %} logger -t pppd[$DIALER_PID] "configuring interface {{ ifname }} for VRF {{ vrf }}" ip link set dev {{ ifname }} master {{ vrf }} {% endif %} |