diff options
Diffstat (limited to 'data')
-rw-r--r-- | data/configd-include.json | 1 | ||||
-rw-r--r-- | data/templates/frr/bgpd.frr.j2 | 40 | ||||
-rw-r--r-- | data/templates/frr/daemons.frr.tmpl | 3 | ||||
-rw-r--r-- | data/templates/frr/zebra.segment_routing.frr.j2 | 23 | ||||
-rw-r--r-- | data/templates/load-balancing/haproxy.cfg.j2 | 13 | ||||
-rw-r--r-- | data/templates/ocserv/ocserv_config.j2 | 5 |
6 files changed, 77 insertions, 8 deletions
diff --git a/data/configd-include.json b/data/configd-include.json index a762a6d4c..92d3863ce 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -53,6 +53,7 @@ "protocols_rip.py", "protocols_ripng.py", "protocols_rpki.py", +"protocols_segment_routing.py", "protocols_static.py", "protocols_static_multicast.py", "qos.py", diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2 index 6f81174ac..679ba8b04 100644 --- a/data/templates/frr/bgpd.frr.j2 +++ b/data/templates/frr/bgpd.frr.j2 @@ -470,6 +470,38 @@ router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }} {% endfor %} {% endif %} ! +{% if bmp is vyos_defined %} +{% if bmp.mirror_buffer_limit is vyos_defined %} + bmp mirror buffer-limit {{ bmp.mirror_buffer_limit }} + ! +{% endif %} +{% if bmp.target is vyos_defined %} +{% for bmp, bmp_config in bmp.target.items() %} + bmp targets {{ bmp }} +{% if bmp_config.mirror is vyos_defined %} + bmp mirror +{% endif %} +{% if bmp_config.monitor is vyos_defined %} +{% if bmp_config.monitor.ipv4_unicast.pre_policy is vyos_defined %} + bmp monitor ipv4 unicast pre-policy +{% endif %} +{% if bmp_config.monitor.ipv4_unicast.post_policy is vyos_defined %} + bmp monitor ipv4 unicast post-policy +{% endif %} +{% if bmp_config.monitor.ipv6_unicast.pre_policy is vyos_defined %} + bmp monitor ipv6 unicast pre-policy +{% endif %} +{% if bmp_config.monitor.ipv6_unicast.post_policy is vyos_defined %} + bmp monitor ipv6 unicast post-policy +{% endif %} +{% endif %} +{% if bmp_config.address is vyos_defined %} + bmp connect {{ bmp_config.address }} port {{ bmp_config.port }} min-retry {{ bmp_config.min_retry }} max-retry {{ bmp_config.max_retry }} +{% endif %} +{% endfor %} + exit +{% endif %} +{% endif %} {% if peer_group is vyos_defined %} {% for peer, config in peer_group.items() %} {{ bgp_neighbor(peer, config, true) }} @@ -588,6 +620,14 @@ bgp route-reflector allow-outbound-policy {% if parameters.tcp_keepalive.idle is vyos_defined and parameters.tcp_keepalive.interval is vyos_defined and parameters.tcp_keepalive.probes is vyos_defined %} bgp tcp-keepalive {{ parameters.tcp_keepalive.idle }} {{ parameters.tcp_keepalive.interval }} {{ parameters.tcp_keepalive.probes }} {% endif %} +{% if srv6.locator is vyos_defined %} + segment-routing srv6 + locator {{ srv6.locator }} + exit +{% endif %} +{% if sid.vpn.per_vrf.export is vyos_defined %} + sid vpn per-vrf export {{ sid.vpn.per_vrf.export }} +{% endif %} {% if timers.keepalive is vyos_defined and timers.holdtime is vyos_defined %} timers bgp {{ timers.keepalive }} {{ timers.holdtime }} {% endif %} diff --git a/data/templates/frr/daemons.frr.tmpl b/data/templates/frr/daemons.frr.tmpl index a65f0868a..c637e18bc 100644 --- a/data/templates/frr/daemons.frr.tmpl +++ b/data/templates/frr/daemons.frr.tmpl @@ -108,7 +108,6 @@ valgrind_enable=no frr_profile="traditional" -#MAX_FDS=1024 +MAX_FDS={{ descriptors }} #FRR_NO_ROOT="yes" - diff --git a/data/templates/frr/zebra.segment_routing.frr.j2 b/data/templates/frr/zebra.segment_routing.frr.j2 new file mode 100644 index 000000000..7b12fcdd0 --- /dev/null +++ b/data/templates/frr/zebra.segment_routing.frr.j2 @@ -0,0 +1,23 @@ +! +{% if srv6.locator is vyos_defined %} +segment-routing + srv6 + locators +{% for locator, locator_config in srv6.locator.items() %} + locator {{ locator }} +{% if locator_config.prefix is vyos_defined %} + prefix {{ locator_config.prefix }} block-len {{ locator_config.block_len }} node-len {{ locator_config.node_len }} func-bits {{ locator_config.func_bits }} +{% endif %} +{% if locator_config.behavior_usid is vyos_defined %} + behavior usid +{% endif %} + exit + ! +{% endfor %} + exit + ! +exit +! +exit +! +{% endif %} diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2 index a75ee9904..defb76fba 100644 --- a/data/templates/load-balancing/haproxy.cfg.j2 +++ b/data/templates/load-balancing/haproxy.cfg.j2 @@ -50,13 +50,19 @@ defaults {% if service is vyos_defined %} {% for front, front_config in service.items() %} frontend {{ front }} -{% set ssl_front = 'ssl crt /run/haproxy/' ~ front_config.ssl.certificate ~ '.pem' if front_config.ssl.certificate is vyos_defined else '' %} +{% set ssl_front = [] %} +{% if front_config.ssl.certificate is vyos_defined and front_config.ssl.certificate is iterable %} +{% for cert in front_config.ssl.certificate %} +{% set _ = ssl_front.append('crt /run/haproxy/' ~ cert ~ '.pem') %} +{% endfor %} +{% endif %} +{% set ssl_directive = 'ssl' if ssl_front else '' %} {% if front_config.listen_address is vyos_defined %} {% for address in front_config.listen_address %} - bind {{ address | bracketize_ipv6 }}:{{ front_config.port }} {{ ssl_front }} + bind {{ address | bracketize_ipv6 }}:{{ front_config.port }} {{ ssl_directive }} {{ ssl_front | join(' ') }} {% endfor %} {% else %} - bind :::{{ front_config.port }} v4v6 {{ ssl_front }} + bind :::{{ front_config.port }} v4v6 {{ ssl_directive }} {{ ssl_front | join(' ') }} {% endif %} {% if front_config.redirect_http_to_https is vyos_defined %} http-request redirect scheme https unless { ssl_fc } @@ -161,4 +167,3 @@ backend {{ back }} {% endfor %} {% endif %} - diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2 index 80ba357bc..b5e890c32 100644 --- a/data/templates/ocserv/ocserv_config.j2 +++ b/data/templates/ocserv/ocserv_config.j2 @@ -121,12 +121,12 @@ select-group = {{ grp }} {% endfor %} {% endif %} - +{% if http_security_headers is vyos_defined %} # HTTP security headers included-http-headers = Strict-Transport-Security: max-age=31536000 ; includeSubDomains included-http-headers = X-Frame-Options: deny included-http-headers = X-Content-Type-Options: nosniff -included-http-headers = Content-Security-Policy: default-src ´none´ +included-http-headers = Content-Security-Policy: default-src "none" included-http-headers = X-Permitted-Cross-Domain-Policies: none included-http-headers = Referrer-Policy: no-referrer included-http-headers = Clear-Site-Data: "cache","cookies","storage" @@ -136,3 +136,4 @@ included-http-headers = Cross-Origin-Resource-Policy: same-origin included-http-headers = X-XSS-Protection: 0 included-http-headers = Pragma: no-cache included-http-headers = Cache-control: no-store, no-cache +{% endif %} |