summaryrefslogtreecommitdiffstats
path: root/pillar/map.jinja
diff options
context:
space:
mode:
authorGeorg Pfuetzenreuter2023-01-30 05:43:53 +0100
committerGeorg Pfuetzenreuter2023-01-30 05:43:53 +0100
commitba6522ce5b0c2a4f851fe4826aa9f077a4d3d381 (patch)
treebfe9255230804bb93f39886aef60d5e44993cf50 /pillar/map.jinja
parent096bb24769cb2eb692b1fccd67ab40d091c88d0f (diff)
downloadsalt-ba6522ce5b0c2a4f851fe4826aa9f077a4d3d381.tar.gz
salt-ba6522ce5b0c2a4f851fe4826aa9f077a4d3d381.tar.bz2
salt-ba6522ce5b0c2a4f851fe4826aa9f077a4d3d381.zip
Refactor map/macro sourcing
- move pillar macros and map to base directory - move listener logic from macro to map - update includes respectively Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Diffstat (limited to 'pillar/map.jinja')
-rw-r--r--pillar/map.jinja95
1 files changed, 95 insertions, 0 deletions
diff --git a/pillar/map.jinja b/pillar/map.jinja
new file mode 100644
index 0000000..bb0a536
--- /dev/null
+++ b/pillar/map.jinja
@@ -0,0 +1,95 @@
+{%- from 'macros.jinja' import firewall_interfaces, listeners -%}
+{%- set firewall_interfaces = firewall_interfaces -%}
+{%- set listeners = listeners -%}
+{%- set minion = grains['id'] -%}
+
+{#- START Listener detection logic -#}
+
+{%- set listen_ips = [] -%}
+{%- set minion = grains['id'] -%}
+{%- set legal6s = ('fd29', '2a01:4f8:11e:2200') -%}
+{%- set ip4s = salt.saltutil.runner('mine.get', tgt=minion, fun='network.ip_addrs', tgt_type='glob') -%}
+{%- set ip6s = salt.saltutil.runner('mine.get', tgt=minion, fun='network.ip_addrs6', tgt_type='glob') -%}
+{%- if minion in ip4s -%}{%- for ip in ip4s[minion] -%}
+{%- if salt['network.is_private'](ip) -%}
+{%- do listen_ips.append(ip) -%}
+{%- endif -%}
+{%- endfor -%}{%- endif -%}
+{%- if minion in ip6s -%}{%- for ip in ip6s[minion] -%}
+{%- if ip.startswith(legal6s) -%}
+{%- do listen_ips.append(ip) -%}
+{%- endif -%}
+{%- endfor -%}{%- endif -%}
+
+{#- END Listener detection logic -%}
+
+
+{#- START Interface mapping logic -#}
+
+{%- set public = [] -%}
+{%- set internal = [] -%}
+{%- set backend = [] -%}
+
+{%- set internal6s = ('2a01:4f8:11e:2200') -%}
+{%- set backend6s = ('fd29:8e45:f292:ff80') -%}
+{#- to-do: get rid of illegal backend4s -#}
+{%- set backend4s = ('172.168.100') -%}
+{%- set excluded_interfaces = ('lo') -%}
+{%- set interfaces = salt.saltutil.runner('mine.get', tgt=minion, fun='network.interfaces', tgt_type='glob') -%}
+
+{%- if minion in interfaces -%}{%- for interface, ifconfig in interfaces[minion].items() -%}
+{%- if not interface.startswith(excluded_interfaces) -%}
+
+{%- if 'inet' in ifconfig -%}
+{%- for inetconf in ifconfig['inet'] -%}
+{%- set ip4 = inetconf['address'] -%}
+
+{%- if salt['network.is_private'](ip4) -%}
+
+{%- if not interface in internal -%}
+{%- do internal.append(interface) -%}
+{%- endif -%}
+
+{%- elif ip4.startswith(backend4s) -%}
+
+{%- if not interface in backend -%}
+{%- do backend.append(interface) -%}
+{%- endif -%}
+
+{%- else -%}
+
+{%- if not interface in public -%}
+{%- do public.append(interface) -%}
+{%- endif -%}
+
+{%- endif %}
+
+{%- endfor %}
+{%- endif %}
+
+{%- if 'inet6' in ifconfig -%}
+{%- for inet6conf in ifconfig['inet6'] -%}
+{%- set ip6 = inet6conf['address'] -%}
+
+{%- if ip6.startswith(internal6s) -%}
+
+{%- if not interface in internal -%}
+{%- do internal.append(interface) -%}
+{%- endif -%}
+
+{%- elif ip6.startswith(backend6s) -%}
+
+{%- if not interface in backend -%}
+{%- do backend.append(interface) -%}
+{%- endif -%}
+
+{%- endif -%}
+
+{%- endfor -%}
+{%- endif -%}
+
+{%- endif -%}
+{%- endfor -%}{%- endif -%}
+
+{#- END Interface mapping logic -#}
+