From ba6522ce5b0c2a4f851fe4826aa9f077a4d3d381 Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Mon, 30 Jan 2023 05:43:53 +0100 Subject: Refactor map/macro sourcing - move pillar macros and map to base directory - move listener logic from macro to map - update includes respectively Signed-off-by: Georg Pfuetzenreuter --- pillar/map.jinja | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 pillar/map.jinja (limited to 'pillar/map.jinja') diff --git a/pillar/map.jinja b/pillar/map.jinja new file mode 100644 index 0000000..bb0a536 --- /dev/null +++ b/pillar/map.jinja @@ -0,0 +1,95 @@ +{%- from 'macros.jinja' import firewall_interfaces, listeners -%} +{%- set firewall_interfaces = firewall_interfaces -%} +{%- set listeners = listeners -%} +{%- set minion = grains['id'] -%} + +{#- START Listener detection logic -#} + +{%- set listen_ips = [] -%} +{%- set minion = grains['id'] -%} +{%- set legal6s = ('fd29', '2a01:4f8:11e:2200') -%} +{%- set ip4s = salt.saltutil.runner('mine.get', tgt=minion, fun='network.ip_addrs', tgt_type='glob') -%} +{%- set ip6s = salt.saltutil.runner('mine.get', tgt=minion, fun='network.ip_addrs6', tgt_type='glob') -%} +{%- if minion in ip4s -%}{%- for ip in ip4s[minion] -%} +{%- if salt['network.is_private'](ip) -%} +{%- do listen_ips.append(ip) -%} +{%- endif -%} +{%- endfor -%}{%- endif -%} +{%- if minion in ip6s -%}{%- for ip in ip6s[minion] -%} +{%- if ip.startswith(legal6s) -%} +{%- do listen_ips.append(ip) -%} +{%- endif -%} +{%- endfor -%}{%- endif -%} + +{#- END Listener detection logic -%} + + +{#- START Interface mapping logic -#} + +{%- set public = [] -%} +{%- set internal = [] -%} +{%- set backend = [] -%} + +{%- set internal6s = ('2a01:4f8:11e:2200') -%} +{%- set backend6s = ('fd29:8e45:f292:ff80') -%} +{#- to-do: get rid of illegal backend4s -#} +{%- set backend4s = ('172.168.100') -%} +{%- set excluded_interfaces = ('lo') -%} +{%- set interfaces = salt.saltutil.runner('mine.get', tgt=minion, fun='network.interfaces', tgt_type='glob') -%} + +{%- if minion in interfaces -%}{%- for interface, ifconfig in interfaces[minion].items() -%} +{%- if not interface.startswith(excluded_interfaces) -%} + +{%- if 'inet' in ifconfig -%} +{%- for inetconf in ifconfig['inet'] -%} +{%- set ip4 = inetconf['address'] -%} + +{%- if salt['network.is_private'](ip4) -%} + +{%- if not interface in internal -%} +{%- do internal.append(interface) -%} +{%- endif -%} + +{%- elif ip4.startswith(backend4s) -%} + +{%- if not interface in backend -%} +{%- do backend.append(interface) -%} +{%- endif -%} + +{%- else -%} + +{%- if not interface in public -%} +{%- do public.append(interface) -%} +{%- endif -%} + +{%- endif %} + +{%- endfor %} +{%- endif %} + +{%- if 'inet6' in ifconfig -%} +{%- for inet6conf in ifconfig['inet6'] -%} +{%- set ip6 = inet6conf['address'] -%} + +{%- if ip6.startswith(internal6s) -%} + +{%- if not interface in internal -%} +{%- do internal.append(interface) -%} +{%- endif -%} + +{%- elif ip6.startswith(backend6s) -%} + +{%- if not interface in backend -%} +{%- do backend.append(interface) -%} +{%- endif -%} + +{%- endif -%} + +{%- endfor -%} +{%- endif -%} + +{%- endif -%} +{%- endfor -%}{%- endif -%} + +{#- END Interface mapping logic -#} + -- cgit v1.2.3