diff options
Diffstat (limited to 'data')
-rw-r--r-- | data/configd-include.json | 3 | ||||
-rw-r--r-- | data/templates/containers/registry.tmpl | 5 | ||||
-rw-r--r-- | data/templates/containers/storage.tmpl | 5 | ||||
-rw-r--r-- | data/templates/dhcp-client/ipv4.tmpl | 4 | ||||
-rw-r--r-- | data/templates/firewall/nftables-nat66.tmpl | 20 | ||||
-rw-r--r-- | data/templates/frr/bgp.frr.tmpl | 74 | ||||
-rw-r--r-- | data/templates/frr/isis.frr.tmpl | 11 | ||||
-rw-r--r-- | data/templates/frr/ospf.frr.tmpl | 4 | ||||
-rw-r--r-- | data/templates/frr/policy.frr.tmpl | 297 | ||||
-rw-r--r-- | data/templates/frr/rip.frr.tmpl | 4 | ||||
-rw-r--r-- | data/templates/frr/static.frr.tmpl | 17 | ||||
-rw-r--r-- | data/templates/frr/static_mcast.frr.tmpl | 20 | ||||
-rw-r--r-- | data/templates/frr/vrf.frr.tmpl | 24 | ||||
-rw-r--r-- | data/templates/https/nginx.default.tmpl | 4 |
14 files changed, 435 insertions, 57 deletions
diff --git a/data/configd-include.json b/data/configd-include.json index aabd7232e..f241d0cb6 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -21,7 +21,6 @@ "interfaces-pppoe.py", "interfaces-pseudo-ethernet.py", "interfaces-tunnel.py", -"interfaces-erspan.py", "interfaces-vxlan.py", "interfaces-wireguard.py", "interfaces-wireless.py", @@ -31,6 +30,7 @@ "nat.py", "nat66.py", "ntp.py", +"policy.py", "policy-local-route.py", "protocols_bfd.py", "protocols_bgp.py", @@ -44,7 +44,6 @@ "protocols_ripng.py", "protocols_static.py", "protocols_static_multicast.py", -"protocols_vrf.py", "salt-minion.py", "service_console-server.py", "service_ids_fastnetmon.py", diff --git a/data/templates/containers/registry.tmpl b/data/templates/containers/registry.tmpl new file mode 100644 index 000000000..0347de673 --- /dev/null +++ b/data/templates/containers/registry.tmpl @@ -0,0 +1,5 @@ +### Autogenerated by /usr/libexec/vyos/conf_mode/containers.py ### + +{% if registry is defined and registry is not none %} +unqualified-search-registries = {{ registry }} +{% endif %} diff --git a/data/templates/containers/storage.tmpl b/data/templates/containers/storage.tmpl new file mode 100644 index 000000000..3a69b7252 --- /dev/null +++ b/data/templates/containers/storage.tmpl @@ -0,0 +1,5 @@ +### Autogenerated by /usr/libexec/vyos/conf_mode/containers.py ### + +[storage] + driver = "vfs" + graphroot = "/config/containers/storage" diff --git a/data/templates/dhcp-client/ipv4.tmpl b/data/templates/dhcp-client/ipv4.tmpl index 71b429db6..c934b7cdb 100644 --- a/data/templates/dhcp-client/ipv4.tmpl +++ b/data/templates/dhcp-client/ipv4.tmpl @@ -20,5 +20,9 @@ interface "{{ ifname }}" { # The require statement lists options that must be sent in order for an offer to be # accepted. Offers that do not contain all the listed options will be ignored! require subnet-mask; +{% if dhcp_options.reject is defined and dhcp_options.reject is not none %} + # Block addresses coming from theses dhcp servers if configured. + reject {{ dhcp_options.reject | join(', ') }}; +{% endif %} } diff --git a/data/templates/firewall/nftables-nat66.tmpl b/data/templates/firewall/nftables-nat66.tmpl index cdaeaad6a..e5c1b1b8d 100644 --- a/data/templates/firewall/nftables-nat66.tmpl +++ b/data/templates/firewall/nftables-nat66.tmpl @@ -1,9 +1,13 @@ #!/usr/sbin/nft -f {% macro nptv6_rule(rule,config, chain) %} -{% set src_prefix = "ip6 saddr " + config.source.prefix if config.source is defined and config.source.prefix is defined and config.source.prefix is not none %} -{% set dest_address = "ip6 daddr " + config.destination.address if config.destination is defined and config.destination.address is defined and config.destination.address is not none %} +{% set comment = '' %} +{% set base_log = '' %} +{% set src_prefix = "ip6 saddr " + config.source.prefix if config.source is defined and config.source.prefix is defined and config.source.prefix is not none %} +{% set dest_address = "ip6 daddr " + config.destination.address if config.destination is defined and config.destination.address is defined and config.destination.address is not none %} {% if chain == "PREROUTING" %} +{% set comment = "DST-NAT66-" + rule %} +{% set base_log = '[NAT66-DST-' + rule %} {% set interface = " iifname \"" + config.inbound_interface + "\"" if config.inbound_interface is defined and config.inbound_interface != 'any' else '' %} {% if config.translation.address | is_ip_network %} {# support 1:1 network translation #} @@ -13,6 +17,8 @@ {% endif %} {% set trns_address = dnat_type + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %} {% elif chain == "POSTROUTING" %} +{% set comment = 'SRC-NAT66-' + rule %} +{% set base_log = '[NAT66-SRC-' + rule %} {% if config.translation is defined and config.translation.address is defined and config.translation.address is not none %} {% if config.translation.address == 'masquerade' %} {% set trns_address = config.translation.address %} @@ -28,10 +34,12 @@ {% endif %} {% set interface = " oifname \"" + config.outbound_interface + "\"" if config.outbound_interface is defined else '' %} {% endif %} -{% set comment = "NPT-NAT-" + rule %} -{% if rule.log %} -{% set base_log = "[NPT-DST-" + rule %} -{% set log = base_log + "]" %} +{% if config.log is defined %} +{% if config.translation is defined and config.translation.address is defined and config.translation.address == 'masquerade' %} +{% set log = base_log +'-MASQ]' %} +{% else %} +{% set log = base_log + "]" %} +{% endif %} {% endif %} {% set output = "add rule ip6 nat " + chain + interface %} {# Count packets #} diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl index f7aeaeb9d..dafe45f59 100644 --- a/data/templates/frr/bgp.frr.tmpl +++ b/data/templates/frr/bgp.frr.tmpl @@ -90,8 +90,24 @@ {% for afi, afi_config in config.address_family.items() %} {% if afi == 'ipv4_unicast' %} address-family ipv4 unicast +{% elif afi == 'ipv4_multicast' %} + address-family ipv4 multicast +{% elif afi == 'ipv4_labeled_unicast' %} + address-family ipv4 labeled-unicast +{% elif afi == 'ipv4_vpn' %} + address-family ipv4 vpn +{% elif afi == 'ipv4_flowspec' %} + address-family ipv4 flowspec {% elif afi == 'ipv6_unicast' %} address-family ipv6 unicast +{% elif afi == 'ipv6_multicast' %} + address-family ipv6 multicast +{% elif afi == 'ipv6_labeled_unicast' %} + address-family ipv6 labeled-unicast +{% elif afi == 'ipv6_vpn' %} + address-family ipv6 vpn +{% elif afi == 'ipv6_flowspec' %} + address-family ipv6 flowspec {% elif afi == 'l2vpn_evpn' %} address-family l2vpn evpn {% endif %} @@ -104,6 +120,9 @@ {% if afi_config.allowas_in is defined and afi_config.allowas_in is not none %} neighbor {{ neighbor }} allowas-in {{ afi_config.allowas_in.number if afi_config.allowas_in.number is defined }} {% endif %} +{% if afi_config.as_override is defined %} + neighbor {{ neighbor }} as-override +{% endif %} {% if afi_config.remove_private_as is defined %} neighbor {{ neighbor }} remove-private-AS {% endif %} @@ -185,12 +204,16 @@ {% endif %} {% endmacro %} ! -router bgp {{ asn }} +router bgp {{ local_as }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% if parameters is defined and parameters.ebgp_requires_policy is defined %} bgp ebgp-requires-policy {% else %} no bgp ebgp-requires-policy {% endif %} +{% if parameters is defined and parameters.default is defined and parameters.default.no_ipv4_unicast is defined %} +{# Option must be set before any neighbor - see https://phabricator.vyos.net/T3463 #} + no bgp default ipv4-unicast +{% endif %} {# Workaround for T2100 until we have decided about a migration script #} no bgp network import-check {% if address_family is defined and address_family is not none %} @@ -198,8 +221,24 @@ router bgp {{ asn }} ! {% if afi == 'ipv4_unicast' %} address-family ipv4 unicast +{% elif afi == 'ipv4_multicast' %} + address-family ipv4 multicast +{% elif afi == 'ipv4_labeled_unicast' %} + address-family ipv4 labeled-unicast +{% elif afi == 'ipv4_vpn' %} + address-family ipv4 vpn +{% elif afi == 'ipv4_flowspec' %} + address-family ipv4 flowspec {% elif afi == 'ipv6_unicast' %} address-family ipv6 unicast +{% elif afi == 'ipv6_multicast' %} + address-family ipv6 multicast +{% elif afi == 'ipv6_labeled_unicast' %} + address-family ipv6 labeled-unicast +{% elif afi == 'ipv6_vpn' %} + address-family ipv6 vpn +{% elif afi == 'ipv6_flowspec' %} + address-family ipv6 flowspec {% elif afi == 'l2vpn_evpn' %} address-family l2vpn evpn {% endif %} @@ -231,11 +270,33 @@ router bgp {{ asn }} {% endif %} {% if afi_config.network is defined and afi_config.network is not none %} {% for network in afi_config.network %} - network {{ network }}{% if afi_config.network[network].route_map is defined %} route-map {{ afi_config.network[network].route_map }}{% endif %}{% if afi_config.network[network].backdoor is defined %} backdoor{% endif %} + network {{ network }}{% if afi_config.network[network].route_map is defined %} route-map {{ afi_config.network[network].route_map }}{% endif %}{% if afi_config.network[network].backdoor is defined %} backdoor{% endif %}{% if afi_config.network[network].rd is defined and afi_config.network[network].label is defined%} rd {{ afi_config.network[network].rd }} label {{ afi_config.network[network].label }}{% endif %} {####### we need this blank line!! #######} {% endfor %} {% endif %} +{% if afi_config.advertise is defined and afi_config.advertise is not none %} +{% for adv_afi, adv_afi_config in afi_config.advertise.items() %} +{% if adv_afi_config.unicast is defined and adv_afi_config.unicast is not none %} + advertise {{ adv_afi }} unicast {{ 'route-map ' + adv_afi_config.unicast.route_map if adv_afi_config.unicast.route_map is defined }} +{% endif %} +{% endfor %} +{% endif %} +{% if afi_config.distance is defined and afi_config.distance is not none %} +{% if afi_config.distance is defined and afi_config.distance.external is defined and afi_config.distance.internal is defined and afi_config.distance.local is defined %} + distance bgp {{ afi_config.distance.external }} {{ afi_config.distance.internal }} {{ afi_config.distance.local }} +{% endif %} +{% if afi_config.distance.prefix is defined and afi_config.distance.prefix is not none %} +{% for prefix in afi_config.distance.prefix %} + distance {{ afi_config.distance.prefix[prefix].distance }} {{ prefix }} +{% endfor %} +{% endif %} +{% endif %} +{% if afi_config.local_install is defined and afi_config.local_install is not none %} +{% for interface in afi_config.local_install.interface %} + local-install {{ interface }} +{% endfor %} +{% endif %} {% if afi_config.advertise_all_vni is defined %} advertise-all-vni {% endif %} @@ -359,16 +420,11 @@ router bgp {{ asn }} {% if parameters.default.local_pref is defined and parameters.default.local_pref is not none %} bgp default local-preference {{ parameters.default.local_pref }} {% endif %} -{% if parameters.default.no_ipv4_unicast is defined %} - no bgp default ipv4-unicast -{% endif %} {% endif %} {% if parameters.deterministic_med is defined %} bgp deterministic-med {% endif %} {% if parameters.distance is defined and parameters.distance is not none %} - ! - address-family ipv4 unicast {% if parameters.distance.global is defined and parameters.distance.global.external is defined and parameters.distance.global.internal is defined and parameters.distance.global.local is defined %} distance bgp {{ parameters.distance.global.external }} {{ parameters.distance.global.internal }} {{ parameters.distance.global.local }} {% endif %} @@ -377,8 +433,6 @@ router bgp {{ asn }} distance {{ parameters.distance.prefix[prefix].distance }} {{ prefix }} {% endfor %} {% endif %} - exit-address-family - ! {% endif %} {% if parameters.graceful_restart is defined %} bgp graceful-restart {{ 'stalepath-time ' + parameters.graceful_restart.stalepath_time if parameters.graceful_restart.stalepath_time is defined }} @@ -409,4 +463,4 @@ router bgp {{ asn }} {% if route_map is defined and route_map is not none %} ip protocol bgp route-map {{ route_map }} {% endif %} -! +!
\ No newline at end of file diff --git a/data/templates/frr/isis.frr.tmpl b/data/templates/frr/isis.frr.tmpl index 4460ab3b5..c8e11399e 100644 --- a/data/templates/frr/isis.frr.tmpl +++ b/data/templates/frr/isis.frr.tmpl @@ -1,5 +1,5 @@ ! -router isis {{ process }} +router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} net {{ net }} {% if dynamic_hostname is defined %} hostname dynamic @@ -133,8 +133,8 @@ router isis {{ process }} ! {% if interface is defined and interface is not none %} {% for iface, iface_config in interface.items() %} -interface {{ iface }} - ip router isis {{ process }} +interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} + ip router isis VyOS {% if iface_config.bfd is defined %} isis bfd {% endif %} @@ -173,3 +173,8 @@ interface {{ iface }} {% endif %} {% endfor %} {% endif %} +! +{% if route_map is defined and route_map is not none %} +ip protocol isis route-map {{ route_map }} +{% endif %} +! diff --git a/data/templates/frr/ospf.frr.tmpl b/data/templates/frr/ospf.frr.tmpl index 140b6b406..a47c64c89 100644 --- a/data/templates/frr/ospf.frr.tmpl +++ b/data/templates/frr/ospf.frr.tmpl @@ -1,7 +1,7 @@ ! {% if interface is defined and interface is not none %} {% for iface, iface_config in interface.items() %} -interface {{ iface }} +interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% if iface_config.authentication is defined and iface_config.authentication is not none %} {% if iface_config.authentication.plaintext_password is defined and iface_config.authentication.plaintext_password is not none %} ip ospf authentication-key {{ iface_config.authentication.plaintext_password }} @@ -50,7 +50,7 @@ interface {{ iface }} {% endfor %} {% endif %} ! -router ospf +router ospf {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% if access_list is defined and access_list is not none %} {% for acl, acl_config in access_list.items() %} {% for protocol in acl_config.export if acl_config.export is defined %} diff --git a/data/templates/frr/policy.frr.tmpl b/data/templates/frr/policy.frr.tmpl new file mode 100644 index 000000000..4f4b8705d --- /dev/null +++ b/data/templates/frr/policy.frr.tmpl @@ -0,0 +1,297 @@ +! +{% if access_list is defined and access_list is not none %} +{% for acl, acl_config in access_list.items() | natural_sort %} +{% if acl_config.description is defined and acl_config.description is not none %} +access-list {{ acl }} remark {{ acl_config.description }} +{% endif %} +{% if acl_config.rule is defined and acl_config.rule is not none %} +{% for rule, rule_config in acl_config.rule.items() | natural_sort %} +{% set ip = '' %} +{% set src = '' %} +{% set src_mask = '' %} +{% if rule_config.source is defined and rule_config.source.any is defined %} +{% set src = 'any' %} +{% elif rule_config.source is defined and rule_config.source.host is defined and rule_config.source.host is not none %} +{% set src = 'host ' + rule_config.source.host %} +{% elif rule_config.source is defined and rule_config.source.network is defined and rule_config.source.network is not none %} +{% set src = rule_config.source.network %} +{% set src_mask = rule_config.source.inverse_mask %} +{% endif %} +{% set dst = '' %} +{% set dst_mask = '' %} +{% if (acl|int >= 100 and acl|int <= 199) or (acl|int >= 2000 and acl|int <= 2699) %} +{% set ip = 'ip' %} +{% set dst = 'any' %} +{% if rule_config.destination is defined and rule_config.destination.any is defined %} +{% set dst = 'any' %} +{% elif rule_config.destination is defined and rule_config.destination.host is defined and rule_config.destination.host is not none %} +{% set dst = 'host ' + rule_config.destination.host %} +{% elif rule_config.destination is defined and rule_config.destination.network is defined and rule_config.destination.network is not none %} +{% set dst = rule_config.destination.network %} +{% set dst_mask = rule_config.destination.inverse_mask %} +{% endif %} +{% endif %} +access-list {{ acl }} seq {{ rule }} {{ rule_config.action }} {{ ip }} {{ src }} {{ src_mask }} {{ dst }} {{ dst_mask }} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} +! +{% if access_list6 is defined and access_list6 is not none %} +{% for acl, acl_config in access_list6.items() | natural_sort %} +{% if acl_config.description is defined and acl_config.description is not none %} +ipv6 access-list {{ acl }} remark {{ acl_config.description }} +{% endif %} +{% if acl_config.rule is defined and acl_config.rule is not none %} +{% for rule, rule_config in acl_config.rule.items() | natural_sort %} +{% set src = '' %} +{% if rule_config.source is defined and rule_config.source.any is defined %} +{% set src = 'any' %} +{% elif rule_config.source is defined and rule_config.source.network is defined and rule_config.source.network is not none %} +{% set src = rule_config.source.network %} +{% endif %} +ipv6 access-list {{ acl }} seq {{ rule }} {{ rule_config.action }} {{ src }} {{ 'exact-match' if rule_config.source.exact_match is defined }} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} +! +{% if as_path_list is defined and as_path_list is not none %} +{% for acl, acl_config in as_path_list.items() | natural_sort %} +{% if acl_config.rule is defined and acl_config.rule is not none %} +{% for rule, rule_config in acl_config.rule.items() | natural_sort %} +bgp as-path access-list {{ acl }} {{ rule_config.action }} {{ rule_config.regex }} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} +! +{% if community_list is defined and community_list is not none %} +{% for list, list_config in community_list.items() | natural_sort %} +{% if list_config.rule is defined and list_config.rule is not none %} +{% for rule, rule_config in list_config.rule.items() | natural_sort %} +{# by default, if casting to int fails it returns 0 #} +{% if list|int != 0 %} +bgp community-list {{ list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.regex }} +{% else %} +bgp community-list expanded {{ list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.regex }} +{% endif %} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} +! +{% if extcommunity_list is defined and extcommunity_list is not none %} +{% for list, list_config in extcommunity_list.items() | natural_sort %} +{% if list_config.rule is defined and list_config.rule is not none %} +{% for rule, rule_config in list_config.rule.items() | natural_sort %} +{# by default, if casting to int fails it returns 0 #} +{% if list|int != 0 %} +bgp extcommunity-list {{ list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.regex }} +{% else %} +bgp extcommunity-list expanded {{ list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.regex }} +{% endif %} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} +! +{% if large_community_list is defined and large_community_list is not none %} +{% for list, list_config in large_community_list.items() | natural_sort %} +{% if list_config.rule is defined and list_config.rule is not none %} +{% for rule, rule_config in list_config.rule.items() | natural_sort %} +{# by default, if casting to int fails it returns 0 #} +{% if list|int != 0 %} +bgp large-community-list {{ list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.regex }} +{% else %} +bgp large-community-list expanded {{ list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.regex }} +{% endif %} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} +! +{% if prefix_list is defined and prefix_list is not none %} +{% for prefix_list, prefix_list_config in prefix_list.items() | natural_sort %} +{% if prefix_list_config.description is defined and prefix_list_config.description is not none %} +ip prefix-list {{ prefix_list }} description {{ prefix_list_config.description }} +{% endif %} +{% if prefix_list_config.rule is defined and prefix_list_config.rule is not none %} +{% for rule, rule_config in prefix_list_config.rule.items() | natural_sort %} +ip prefix-list {{ prefix_list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.prefix }} {{ 'ge ' + rule_config.ge if rule_config.ge is defined }} {{ 'le ' + rule_config.le if rule_config.le is defined }} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} +! +{% if prefix_list6 is defined and prefix_list6 is not none %} +{% for prefix_list, prefix_list_config in prefix_list6.items() | natural_sort %} +{% if prefix_list_config.description is defined and prefix_list_config.description is not none %} +ipv6 prefix-list {{ prefix_list }} description {{ prefix_list_config.description }} +{% endif %} +{% if prefix_list_config.rule is defined and prefix_list_config.rule is not none %} +{% for rule, rule_config in prefix_list_config.rule.items() | natural_sort %} +ipv6 prefix-list {{ prefix_list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.prefix }} {{ 'ge ' + rule_config.ge if rule_config.ge is defined }} {{ 'le ' + rule_config.le if rule_config.le is defined }} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} +! +{% if route_map is defined and route_map is not none %} +{% for route_map, route_map_config in route_map.items() | natural_sort %} +{% if route_map_config.rule is defined and route_map_config.rule is not none %} +{% for rule, rule_config in route_map_config.rule.items() | natural_sort %} +route-map {{ route_map }} {{ rule_config.action }} {{ rule }} +{% if rule_config.call is defined and rule_config.call is not none %} + call {{ rule_config.call }} +{% endif %} +{% if rule_config.continue is defined and rule_config.continue is not none %} + on-match goto {{ rule_config.continue }} +{% endif %} +{% if rule_config.description is defined and rule_config.description is not none %} + description {{ rule_config.description }} +{% endif %} +{% if rule_config.match is defined and rule_config.match is not none %} +{% if rule_config.match.as_path is defined and rule_config.match.as_path is not none %} + match as-path {{ rule_config.match.as_path }} +{% endif %} +{% if rule_config.match.community is defined and rule_config.match.community.community_list is defined and rule_config.match.community.community_list is not none %} + match community {{ rule_config.match.community.community_list }} {{ 'exact-match' if rule_config.match.community.exact_match is defined }} +{% endif %} +{% if rule_config.match.extcommunity is defined and rule_config.match.extcommunity is not none %} + match extcommunity {{ rule_config.match.extcommunity }} +{% endif %} +{% if rule_config.match.interface is defined and rule_config.match.interface is not none %} + match interface {{ rule_config.match.interface }} +{% endif %} +{% if rule_config.match.ip is defined and rule_config.match.ip.address is defined and rule_config.match.ip.address.access_list is defined and rule_config.match.ip.address.access_list is not none %} + match ip address {{ rule_config.match.ip.address.access_list }} +{% endif %} +{% if rule_config.match.ip is defined and rule_config.match.ip.address is defined and rule_config.match.ip.address.prefix_list is defined and rule_config.match.ip.address.prefix_list is not none %} + match ip address prefix-list {{ rule_config.match.ip.address.prefix_list }} +{% endif %} +{% if rule_config.match.ip is defined and rule_config.match.ip.nexthop is defined and rule_config.match.ip.nexthop.access_list is defined and rule_config.match.ip.nexthop.access_list is not none %} + match ip next-hop {{ rule_config.match.ip.nexthop.access_list }} +{% endif %} +{% if rule_config.match.ip is defined and rule_config.match.ip.nexthop is defined and rule_config.match.ip.nexthop.prefix_list is defined and rule_config.match.ip.nexthop.prefix_list is not none %} + match ip next-hop prefix-list {{ rule_config.match.ip.nexthop.prefix_list }} +{% endif %} +{% if rule_config.match.ip is defined and rule_config.match.ip.route_source is defined and rule_config.match.ip.route_source.access_list is defined and rule_config.match.ip.route_source.access_list is not none %} + match ip route-source {{ rule_config.match.ip.route_source.access_list }} +{% endif %} +{% if rule_config.match.ip is defined and rule_config.match.ip.route_source is defined and rule_config.match.ip.route_source.prefix_list is defined and rule_config.match.ip.route_source.prefix_list is not none %} + match ip route-source prefix-list {{ rule_config.match.ip.route_source.prefix_list }} +{% endif %} +{% if rule_config.match.ipv6 is defined and rule_config.match.ipv6.address is defined and rule_config.match.ipv6.address.access_list is defined and rule_config.match.ipv6.address.access_list is not none %} + match ipv6 address {{ rule_config.match.ipv6.address.access_list }} +{% endif %} +{% if rule_config.match.ipv6 is defined and rule_config.match.ipv6.address is defined and rule_config.match.ipv6.address.prefix_list is defined and rule_config.match.ipv6.address.prefix_list is not none %} + match ipv6 address prefix-list {{ rule_config.match.ipv6.address.prefix_list }} +{% endif %} +{% if rule_config.match.ipv6 is defined and rule_config.match.ipv6.nexthop is defined and rule_config.match.ipv6.nexthop is not none %} + match ipv6 next-hop {{ rule_config.match.ipv6.nexthop }} +{% endif %} +{% if rule_config.match.large_community is defined and rule_config.match.large_community.large_community_list is defined and rule_config.match.large_community.large_community_list is not none %} + match large-community {{ rule_config.match.large_community.large_community_list }} +{% endif %} +{% if rule_config.match.local_preference is defined and rule_config.match.local_preference is not none %} + match local-preference {{ rule_config.match.local_preference }} +{% endif %} +{% if rule_config.match.metric is defined and rule_config.match.metric is not none %} + match metric {{ rule_config.match.metric }} +{% endif %} +{% if rule_config.match.origin is defined and rule_config.match.origin is not none %} + match origin {{ rule_config.match.origin }} +{% endif %} +{% if rule_config.match.peer is defined and rule_config.match.peer is not none %} + match peer {{ rule_config.match.peer }} +{% endif %} +{% if rule_config.match.rpki is defined and rule_config.match.rpki is not none %} + match rpki {{ rule_config.match.rpki }} +{% endif %} +{% if rule_config.match.tag is defined and rule_config.match.tag is not none %} + match tag {{ rule_config.match.tag }} +{% endif %} +{% endif %} +{% if rule_config.on_match is defined and rule_config.on_match is not none %} +{% if rule_config.on_match.next is defined %} + on-match next +{% endif %} +{% if rule_config.on_match.goto is defined and rule_config.on_match.goto is not none %} + on-match goto {{ rule_config.on_match.goto }} +{% endif %} +{% endif %} +{% if rule_config.set is defined and rule_config.set is not none %} +{% if rule_config.set.aggregator is defined and rule_config.set.aggregator.as is defined and rule_config.set.aggregator.ip is defined %} + set aggregator as {{ rule_config.set.aggregator.as }} {{ rule_config.set.aggregator.ip }} +{% endif %} +{% if rule_config.set.as_path_exclude is defined and rule_config.set.as_path_exclude is not none %} + set as-path exclude {{ rule_config.set.as_path_exclude }} +{% endif %} +{% if rule_config.set.as_path_prepend is defined and rule_config.set.as_path_prepend is not none %} + set as-path prepend {{ rule_config.set.as_path_prepend }} +{% endif %} +{% if rule_config.set.atomic_aggregate is defined %} + set atomic-aggregate +{% endif %} +{% if rule_config.set.comm_list is defined and rule_config.set.comm_list.comm_list is defined and rule_config.set.comm_list.comm_list is not none %} + set comm-list {{ rule_config.set.comm_list.comm_list }} {{ 'delete' if rule_config.set.comm_list.delete is defined }} +{% endif %} +{% if rule_config.set.community is defined and rule_config.set.community is not none %} + set community {{ rule_config.set.community }} +{% endif %} +{% if rule_config.set.distance is defined and rule_config.set.distance is not none %} + set distance {{ rule_config.set.distance }} +{% endif %} +{% if rule_config.set.extcommunity_rt is defined and rule_config.set.extcommunity_rt is not none %} + set extcommunity rt {{ rule_config.set.extcommunity_rt }} +{% endif %} +{% if rule_config.set.extcommunity_soo is defined and rule_config.set.extcommunity_soo is not none %} + set extcommunity soo {{ rule_config.set.extcommunity_soo }} +{% endif %} +{% if rule_config.set.ip_next_hop is defined and rule_config.set.ip_next_hop is not none %} + set ip next-hop {{ rule_config.set.ip_next_hop }} +{% endif %} +{% if rule_config.set.ipv6_next_hop is defined and rule_config.set.ipv6_next_hop.global is defined and rule_config.set.ipv6_next_hop.global is not none %} + set ipv6 next-hop global {{ rule_config.set.ipv6_next_hop.global }} +{% endif %} +{% if rule_config.set.ipv6_next_hop is defined and rule_config.set.ipv6_next_hop.local is defined and rule_config.set.ipv6_next_hop.local is not none %} + set ipv6 next-hop local {{ rule_config.set.ipv6_next_hop.local }} +{% endif %} +{% if rule_config.set.large_community is defined and rule_config.set.large_community is not none %} + set large-community {{ rule_config.set.large_community }} +{% endif %} +{% if rule_config.set.local_preference is defined and rule_config.set.local_preference is not none %} + set local-preference {{ rule_config.set.local_preference }} +{% endif %} +{% if rule_config.set.metric is defined and rule_config.set.metric is not none %} + set metric {{ rule_config.set.metric }} +{% endif %} +{% if rule_config.set.metric_type is defined and rule_config.set.metric_type is not none %} + set metric-type {{ rule_config.set.metric_type }} +{% endif %} +{% if rule_config.set.origin is defined and rule_config.set.origin is not none %} + set origin {{ rule_config.set.origin }} +{% endif %} +{% if rule_config.set.originator_id is defined and rule_config.set.originator_id is not none %} + set originator-id {{ rule_config.set.originator_id }} +{% endif %} +{% if rule_config.set.src is defined and rule_config.set.src is not none %} + set src {{ rule_config.set.src }} +{% endif %} +{% if rule_config.set.table is defined and rule_config.set.table is not none %} + set table {{ rule_config.set.table }} +{% endif %} +{% if rule_config.set.tag is defined and rule_config.set.tag is not none %} + set tag {{ rule_config.set.tag }} +{% endif %} +{% if rule_config.set.weight is defined and rule_config.set.weight is not none %} + set weight {{ rule_config.set.weight }} +{% endif %} +{% endif %} +{% endfor %} +! +{% endif %} +{% endfor %} +{% endif %} +! diff --git a/data/templates/frr/rip.frr.tmpl b/data/templates/frr/rip.frr.tmpl index bc92bddf9..cabc236f0 100644 --- a/data/templates/frr/rip.frr.tmpl +++ b/data/templates/frr/rip.frr.tmpl @@ -90,3 +90,7 @@ router rip {% endif %} {% include 'frr/rip_ripng.frr.j2' %} ! +{% if route_map is defined and route_map is not none %} +ip protocol rip route-map {{ route_map }} +{% endif %} +! diff --git a/data/templates/frr/static.frr.tmpl b/data/templates/frr/static.frr.tmpl index bb0ec80a5..db59a44c2 100644 --- a/data/templates/frr/static.frr.tmpl +++ b/data/templates/frr/static.frr.tmpl @@ -1,18 +1,29 @@ {% from 'frr/static_routes_macro.j2' import static_routes %} ! +{% set ip_prefix = 'ip' %} +{% set ipv6_prefix = 'ipv6' %} +{% if vrf is defined and vrf is not none %} +{# We need to add an additional whitespace in front of the prefix #} +{# when VRFs are in use, thus we use a variable for prefix handling #} +{% set ip_prefix = ' ip' %} +{% set ipv6_prefix = ' ipv6' %} +vrf {{ vrf }} +{% endif %} {# IPv4 routing #} {% if route is defined and route is not none %} {% for prefix, prefix_config in route.items() %} -{{ static_routes('ip', prefix, prefix_config) }} +{{ static_routes(ip_prefix, prefix, prefix_config) }} {%- endfor -%} {% endif %} -! {# IPv6 routing #} {% if route6 is defined and route6 is not none %} {% for prefix, prefix_config in route6.items() %} -{{ static_routes('ipv6', prefix, prefix_config) }} +{{ static_routes(ipv6_prefix, prefix, prefix_config) }} {%- endfor -%} {% endif %} +{% if vrf is defined and vrf is not none %} + exit-vrf +{% endif %} ! {# Policy route tables #} {% if table is defined and table is not none %} diff --git a/data/templates/frr/static_mcast.frr.tmpl b/data/templates/frr/static_mcast.frr.tmpl index 38635af32..4f114109a 100644 --- a/data/templates/frr/static_mcast.frr.tmpl +++ b/data/templates/frr/static_mcast.frr.tmpl @@ -1,20 +1,20 @@ ! {% for route_gr in old_mroute %} -{% for nh in old_mroute[route_gr] %} -{% if old_mroute[route_gr][nh] %} +{% for nh in old_mroute[route_gr] %} +{% if old_mroute[route_gr][nh] %} no ip mroute {{ route_gr }} {{ nh }} {{ old_mroute[route_gr][nh] }} -{% else %} +{% else %} no ip mroute {{ route_gr }} {{ nh }} -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} {% endfor %} {% for route_gr in mroute %} -{% for nh in mroute[route_gr] %} -{% if mroute[route_gr][nh] %} +{% for nh in mroute[route_gr] %} +{% if mroute[route_gr][nh] %} ip mroute {{ route_gr }} {{ nh }} {{ mroute[route_gr][nh] }} -{% else %} +{% else %} ip mroute {{ route_gr }} {{ nh }} -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} {% endfor %} ! diff --git a/data/templates/frr/vrf.frr.tmpl b/data/templates/frr/vrf.frr.tmpl index 8d3d8e9dd..299c9719e 100644 --- a/data/templates/frr/vrf.frr.tmpl +++ b/data/templates/frr/vrf.frr.tmpl @@ -1,25 +1,9 @@ -{% from 'frr/static_routes_macro.j2' import static_routes %} -! -{% if vrf is defined and vrf is not none %} -{% for vrf_name, vrf_config in vrf.items() %} -vrf {{ vrf_name }} +{% if name is defined and name is not none %} +{% for vrf, vrf_config in name.items() %} +vrf {{ vrf }} {% if vrf_config.vni is defined and vrf_config.vni is not none %} vni {{ vrf_config.vni }} {% endif %} -{% if vrf_config.static is defined and vrf_config.static is not none %} -{# IPv4 routes #} -{% if vrf_config.static.route is defined and vrf_config.static.route is not none %} -{% for prefix, prefix_config in vrf_config.static.route.items() %} - {{ static_routes('ip', prefix, prefix_config) }} -{%- endfor -%} -{% endif %} -{# IPv6 routes #} -{% if vrf_config.static.route6 is defined and vrf_config.static.route6 is not none %} -{% for prefix, prefix_config in vrf_config.static.route6.items() %} - {{ static_routes('ipv6', prefix, prefix_config) }} -{%- endfor -%} -{% endif %} -{% endif %} + exit-vrf {% endfor %} {% endif %} -! diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl index 81f8b3b8c..916764410 100644 --- a/data/templates/https/nginx.default.tmpl +++ b/data/templates/https/nginx.default.tmpl @@ -40,9 +40,11 @@ server { {% endif %} # proxy settings for HTTP API, if enabled; 503, if not - location ~ /(retrieve|configure|config-file|image|generate|show) { + location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc) { {% if server.api %} proxy_pass http://localhost:{{ server.api.port }}; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 600; proxy_buffering off; {% else %} |