-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.yml.j2
108 lines (98 loc) · 2.06 KB
/
config.yml.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
{{ ansible_managed | comment }}
---
# yaml-language-server: $schema=https://ifstate.net/schema/ifstate.conf.schema.json
defaults:
# defaults
- match:
- ifname: ""
clear_addresses: yes
link:
state: down
master: null
interfaces:
- name: lom1
link:
kind: physical
businfo: '0000:02:00.0'
- name: lom2
link:
kind: physical
businfo: '0000:02:00.1'
- name: eth2
link:
state: up
kind: physical
businfo: '0000:06:00.0'
master: bond0
- name: eth3
link:
state: up
kind: physical
businfo: '0000:06:00.1'
master: bond0
- name: bond0
link:
state: up
kind: bond
# 802.3ad
bond_mode: 4
bond_ad_lacp_rate: 1
# layer3+4
bond_xmit_hash_policy: 1
bond_miimon: 100
bond_updelay: 300
- name: {{ ip_mgmt_vlan.name }}
addresses:
- {{ ip_mgmt_address }}
link:
kind: vlan
link: bond0
vlan_id: {{ ip_mgmt_vlan.vid }}
state: up
routing:
routes:
- to: ::/0
via: {{ ip_mgmt_gateway }}
rules: []
namespaces:
peering:
options:
sysctl:
all: &peering-sysctl
ipv6:
# this machine should not participate in SLAAC
accept_ra: 0
autoconf: 0
# no redirects nor evil RH0
accept_redirects: 0
accept_source_route: 0
# no forwarding
forwarding: 0
ipv4:
# no redirects nor source route
accept_redirects: 0
send_redirects: 0
accept_source_route: 0
# handle arp requests strict
arp_ignore: 1
arp_notify: 1
# do strict rp filtering
rp_filter: 1
# no forwarding
forwarding: 0
default: *peering-sysctl
interfaces:
- name: ixp-peering
addresses:
{% for ip in ip_peering_addresses|sort %}
- {{ ip }}
{% endfor %}
link:
kind: vlan
link: bond0
link_netns: null
vlan_id: 600
state: up
routing:
routes: []
rules: []