Georg Pfuetzenreuter
4581bd4a6a
For use in nginx pillars. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
99 lines
2.6 KiB
Django/Jinja
99 lines
2.6 KiB
Django/Jinja
{%- set sslbase = '/etc/ssl' -%}
|
|
{%- from 'macros.jinja' import nginx_crtkeypair with context -%}
|
|
{%- from 'macros.jinja' import firewall_interfaces, listeners -%}
|
|
{%- set firewall_interfaces = firewall_interfaces -%}
|
|
{%- set listeners = listeners -%}
|
|
{%- set nginx_crtkeypair = nginx_crtkeypair -%}
|
|
{%- set minion = grains['id'] -%}
|
|
|
|
{#- START Listener detection logic -#}
|
|
|
|
{%- set listen_ips = [] -%}
|
|
{%- set minion = grains['id'] -%}
|
|
{%- set legal6s = ('fd29', '2a01:4f8:11e:2200') -%}
|
|
{%- set ip4s = salt.saltutil.runner('mine.get', tgt=minion, fun='network.ip_addrs', tgt_type='glob') -%}
|
|
{%- set ip6s = salt.saltutil.runner('mine.get', tgt=minion, fun='network.ip_addrs6', tgt_type='glob') -%}
|
|
{%- if minion in ip4s -%}{%- for ip in ip4s[minion] -%}
|
|
{%- if salt['network.is_private'](ip) -%}
|
|
{%- do listen_ips.append(ip) -%}
|
|
{%- endif -%}
|
|
{%- endfor -%}{%- endif -%}
|
|
{%- if minion in ip6s -%}{%- for ip in ip6s[minion] -%}
|
|
{%- if ip.startswith(legal6s) -%}
|
|
{%- do listen_ips.append(ip) -%}
|
|
{%- endif -%}
|
|
{%- endfor -%}{%- endif -%}
|
|
|
|
{#- END Listener detection logic -%}
|
|
|
|
|
|
{#- START Interface mapping logic -#}
|
|
|
|
{%- set public = [] -%}
|
|
{%- set internal = [] -%}
|
|
{%- set backend = [] -%}
|
|
|
|
{%- set internal6s = ('2a01:4f8:11e:2200') -%}
|
|
{%- set backend6s = ('fd29:8e45:f292:ff80') -%}
|
|
{#- to-do: get rid of illegal backend4s -#}
|
|
{%- set backend4s = ('172.168.100') -%}
|
|
{%- set excluded_interfaces = ('lo') -%}
|
|
{%- set interfaces = salt.saltutil.runner('mine.get', tgt=minion, fun='network.interfaces', tgt_type='glob') -%}
|
|
|
|
{%- if minion in interfaces -%}{%- for interface, ifconfig in interfaces[minion].items() -%}
|
|
{%- if not interface.startswith(excluded_interfaces) -%}
|
|
|
|
{%- if 'inet' in ifconfig -%}
|
|
{%- for inetconf in ifconfig['inet'] -%}
|
|
{%- set ip4 = inetconf['address'] -%}
|
|
|
|
{%- if salt['network.is_private'](ip4) -%}
|
|
|
|
{%- if not interface in internal -%}
|
|
{%- do internal.append(interface) -%}
|
|
{%- endif -%}
|
|
|
|
{%- elif ip4.startswith(backend4s) -%}
|
|
|
|
{%- if not interface in backend -%}
|
|
{%- do backend.append(interface) -%}
|
|
{%- endif -%}
|
|
|
|
{%- else -%}
|
|
|
|
{%- if not interface in public -%}
|
|
{%- do public.append(interface) -%}
|
|
{%- endif -%}
|
|
|
|
{%- endif %}
|
|
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
|
|
{%- if 'inet6' in ifconfig -%}
|
|
{%- for inet6conf in ifconfig['inet6'] -%}
|
|
{%- set ip6 = inet6conf['address'] -%}
|
|
|
|
{%- if ip6.startswith(internal6s) -%}
|
|
|
|
{%- if not interface in internal -%}
|
|
{%- do internal.append(interface) -%}
|
|
{%- endif -%}
|
|
|
|
{%- elif ip6.startswith(backend6s) -%}
|
|
|
|
{%- if not interface in backend -%}
|
|
{%- do backend.append(interface) -%}
|
|
{%- endif -%}
|
|
|
|
{%- endif -%}
|
|
|
|
{%- endfor -%}
|
|
{%- endif -%}
|
|
|
|
{%- endif -%}
|
|
{%- endfor -%}{%- endif -%}
|
|
|
|
{#- END Interface mapping logic -#}
|
|
|