From 06cc1dbd59bad0ba13d5a7d952501cd91e6bb789 Mon Sep 17 00:00:00 2001
From: Tom Teichler <tom.teichler@teckids.org>
Date: Sun, 8 Jan 2023 17:36:17 +0100
Subject: [PATCH] Install and configure bird

---
 roles/firewall/files/shorewall/macro.BGP |  1 +
 roles/firewall/files/shorewall/rules     |  3 +++
 roles/firewall/tasks/main.yml            |  1 +
 roles/firewall/templates/bird.conf.j2    | 28 ++++++++++++++++++++++++
 4 files changed, 33 insertions(+)
 create mode 100644 roles/firewall/files/shorewall/macro.BGP
 create mode 100644 roles/firewall/templates/bird.conf.j2

diff --git a/roles/firewall/files/shorewall/macro.BGP b/roles/firewall/files/shorewall/macro.BGP
new file mode 100644
index 0000000..787a625
--- /dev/null
+++ b/roles/firewall/files/shorewall/macro.BGP
@@ -0,0 +1 @@
+PARAM	-	-	tcp	179
diff --git a/roles/firewall/files/shorewall/rules b/roles/firewall/files/shorewall/rules
index 05227da..49a8833 100644
--- a/roles/firewall/files/shorewall/rules
+++ b/roles/firewall/files/shorewall/rules
@@ -160,6 +160,9 @@ ACCEPT                         all                     kube:$METALLB_RADIUS
 # API
 Web/ACCEPT			public:$GITLAB01	fw:$KUBE_API_PUBLIC
 
+# BGP
+BGP/ACCEPT			kube			fw
+
 ##### Kubernetes end
 
 # HAProxy
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index 88bb3d1..db5ced1 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -17,6 +17,7 @@
       - haproxy
       - shorewall
       - shorewall6
+      - bird2
     state: present
 - name: Copy static config files
   ansible.builtin.copy:
diff --git a/roles/firewall/templates/bird.conf.j2 b/roles/firewall/templates/bird.conf.j2
new file mode 100644
index 0000000..88fd68a
--- /dev/null
+++ b/roles/firewall/templates/bird.conf.j2
@@ -0,0 +1,28 @@
+log syslog all;
+
+protocol device {
+}
+
+protocol direct {
+	ipv4;			# Connect to default IPv4 table
+	ipv6;			# ... and to default IPv6 table
+}
+
+protocol kernel {
+	ipv4 {			# Connect protocol to IPv4 table by channel
+	      export all;	# Export to protocol. default is export none
+	};
+}
+
+protocol bgp k8s {
+    router id {{ bird_router_id }};
+
+    local as 64567;
+ 
+    ipv4 {
+        import all;
+        export none;
+    };
+ 
+    neighbor range 10.98.1.0/24 as 64512;
+};
-- 
GitLab