summaryrefslogtreecommitdiffstats
path: root/pillar/map.jinja
blob: bb0a536c92e9ce4d6cb7e423a7e72d4523cf504c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
{%- from 'macros.jinja' import firewall_interfaces, listeners -%}
{%- set firewall_interfaces = firewall_interfaces -%}
{%- set listeners = listeners -%}
{%- set minion = grains['id'] -%}

{#- START Listener detection logic -#}

{%- set listen_ips = [] -%}
{%- set minion = grains['id'] -%}
{%- set legal6s = ('fd29', '2a01:4f8:11e:2200') -%}
{%- set ip4s = salt.saltutil.runner('mine.get', tgt=minion, fun='network.ip_addrs', tgt_type='glob') -%}
{%- set ip6s = salt.saltutil.runner('mine.get', tgt=minion, fun='network.ip_addrs6', tgt_type='glob') -%}
{%- if minion in ip4s -%}{%- for ip in ip4s[minion] -%}
{%- if salt['network.is_private'](ip) -%}
{%- do listen_ips.append(ip) -%}
{%- endif -%}
{%- endfor -%}{%- endif -%}
{%- if minion in ip6s -%}{%- for ip in ip6s[minion] -%}
{%- if ip.startswith(legal6s) -%}
{%- do listen_ips.append(ip) -%}
{%- endif -%}
{%- endfor -%}{%- endif -%}

{#- END Listener detection logic -%}


{#- START Interface mapping logic -#}

{%- set public = [] -%}
{%- set internal = [] -%}
{%- set backend = [] -%}

{%- set internal6s = ('2a01:4f8:11e:2200') -%}
{%- set backend6s = ('fd29:8e45:f292:ff80') -%}
{#- to-do: get rid of illegal backend4s -#}
{%- set backend4s = ('172.168.100') -%}
{%- set excluded_interfaces = ('lo') -%}
{%- set interfaces = salt.saltutil.runner('mine.get', tgt=minion, fun='network.interfaces', tgt_type='glob') -%}

{%- if minion in interfaces -%}{%- for interface, ifconfig in interfaces[minion].items() -%}
{%- if not interface.startswith(excluded_interfaces) -%}

{%- if 'inet' in ifconfig -%}
{%- for inetconf in ifconfig['inet'] -%}
{%- set ip4 = inetconf['address'] -%}

{%- if salt['network.is_private'](ip4) -%}

{%- if not interface in internal -%}
{%- do internal.append(interface) -%}
{%- endif -%}

{%- elif ip4.startswith(backend4s) -%}

{%- if not interface in backend -%}
{%- do backend.append(interface) -%}
{%- endif -%}

{%- else -%}

{%- if not interface in public -%}
{%- do public.append(interface) -%}
{%- endif -%}

{%- endif %}

{%- endfor %}
{%- endif %}

{%- if 'inet6' in ifconfig -%}
{%- for inet6conf in ifconfig['inet6'] -%}
{%- set ip6 = inet6conf['address'] -%}

{%- if ip6.startswith(internal6s) -%}

{%- if not interface in internal -%}
{%- do internal.append(interface) -%}
{%- endif -%}

{%- elif ip6.startswith(backend6s) -%}

{%- if not interface in backend -%}
{%- do backend.append(interface) -%}
{%- endif -%}

{%- endif -%}

{%- endfor -%}
{%- endif -%}

{%- endif -%}
{%- endfor -%}{%- endif -%}

{#- END Interface mapping logic -#}