173 lines
4.8 KiB
Python
173 lines
4.8 KiB
Python
|
routeros['/ip/dns'] = {
|
||
|
'servers': '8.8.8.8',
|
||
|
}
|
||
|
|
||
|
for service in (
|
||
|
'api-ssl', # slow :(
|
||
|
'ftp', # we can download files via HTTP
|
||
|
'telnet',
|
||
|
'www-ssl', # slow :(
|
||
|
'winbox',
|
||
|
):
|
||
|
routeros[f'/ip/service?name={service}'] = {
|
||
|
'disabled': True,
|
||
|
}
|
||
|
|
||
|
for service in (
|
||
|
'api',
|
||
|
'ssh',
|
||
|
'www',
|
||
|
):
|
||
|
routeros[f'/ip/service?name={service}'] = {
|
||
|
'disabled': False,
|
||
|
}
|
||
|
|
||
|
LOGGING_TOPICS = (
|
||
|
'critical',
|
||
|
'error',
|
||
|
'info',
|
||
|
'stp',
|
||
|
'warning',
|
||
|
)
|
||
|
|
||
|
for topic in LOGGING_TOPICS:
|
||
|
routeros[f'/system/logging?action=memory&topics={topic}'] = {}
|
||
|
|
||
|
if node.metadata.get('routeros/syslog-server', None):
|
||
|
routeros['/system/logging/action?name=remote'] = {
|
||
|
'target': 'remote',
|
||
|
'remote': node.metadata.get('routeros/syslog-server'),
|
||
|
'remote-port': 514,
|
||
|
}
|
||
|
for topic in LOGGING_TOPICS:
|
||
|
routeros[f'/system/logging?action=remote&topics={topic}'] = {}
|
||
|
|
||
|
routeros['/snmp'] = {
|
||
|
'enabled': True,
|
||
|
}
|
||
|
routeros['/snmp/community?name=public'] = {
|
||
|
'addresses': '::/0',
|
||
|
'disabled': False,
|
||
|
'read-access': True,
|
||
|
'write-access': False,
|
||
|
}
|
||
|
|
||
|
routeros['/system/clock'] = {
|
||
|
'time-zone-autodetect': False,
|
||
|
'time-zone-name': 'UTC',
|
||
|
}
|
||
|
|
||
|
routeros['/system/identity'] = {
|
||
|
'name': node.name,
|
||
|
# doing this first gives us some chance to notice an IP mixup
|
||
|
'before': {'routeros:'},
|
||
|
}
|
||
|
|
||
|
routeros['/system/ntp/client'] = {
|
||
|
'enabled': True,
|
||
|
'server-dns-names': 'de.pool.ntp.org',
|
||
|
}
|
||
|
|
||
|
if node.metadata.get('routeros/gateway'):
|
||
|
routeros['/ip/route?dst-address=0.0.0.0/0'] = {
|
||
|
'gateway': node.metadata.get('routeros/gateway'),
|
||
|
}
|
||
|
|
||
|
routeros['/interface/bridge?name=bridge'] = {
|
||
|
'priority': node.metadata.get('routeros/bridge_priority', '0x8000'),
|
||
|
'protocol-mode': 'rstp',
|
||
|
'vlan-filtering': True,
|
||
|
}
|
||
|
|
||
|
# assign bridge ports
|
||
|
for port_name, port_conf in node.metadata.get('routeros/ports').items():
|
||
|
if port_conf.get('delete'):
|
||
|
routeros[f'/interface/bridge/port?interface={port_name}'] = {
|
||
|
'delete': True,
|
||
|
'tags': {'routeros-port'},
|
||
|
'needs': {f'routeros:/interface?name={port_name}'},
|
||
|
}
|
||
|
else:
|
||
|
pvid = port_conf.get('pvid')
|
||
|
if not pvid:
|
||
|
for vlan_name, vlan_conf in node.metadata.get('routeros/vlans').items():
|
||
|
if port_name in vlan_conf.get('untagged', []):
|
||
|
if pvid:
|
||
|
raise ValueError(
|
||
|
f"{node.name}: port {port_name} untagged "
|
||
|
f"in VLANs {pvid} and {vlan_conf['id']}"
|
||
|
)
|
||
|
else:
|
||
|
pvid = vlan_conf['id']
|
||
|
|
||
|
# Field must not be present of some port types.
|
||
|
if port_conf.get('hw'):
|
||
|
hw = {'hw': port_conf['hw']}
|
||
|
else:
|
||
|
hw = {}
|
||
|
|
||
|
routeros[f'/interface/bridge/port?interface={port_name}'] = {
|
||
|
'bridge': 'bridge',
|
||
|
'_comment': port_conf.get('description', ''),
|
||
|
'disabled': False,
|
||
|
**hw,
|
||
|
'pvid': pvid or '1',
|
||
|
'tags': {'routeros-port'},
|
||
|
'needs': {
|
||
|
f'routeros:/interface?name={port_name}',
|
||
|
'routeros:/interface/bridge?name=bridge',
|
||
|
'tag:routeros-bridge-vlan', # or we end up with dynamic VLANs after setting pvid to an unknown VLAN
|
||
|
},
|
||
|
}
|
||
|
|
||
|
routeros[f'/interface?name={port_name}'] = {
|
||
|
'_comment': port_conf.get('description', ''),
|
||
|
'disabled': port_conf.get('disabled', False)
|
||
|
and not port_conf.get('delete', False),
|
||
|
}
|
||
|
|
||
|
|
||
|
# create IPs
|
||
|
for ip, ip_conf in node.metadata.get('routeros/ips').items():
|
||
|
routeros[f'/ip/address?address={ip}'] = {
|
||
|
'interface': ip_conf['interface'],
|
||
|
'tags': {'routeros-ip'},
|
||
|
'needs': {
|
||
|
'tag:routeros-vlan',
|
||
|
},
|
||
|
}
|
||
|
|
||
|
for vlan, conf in node.metadata.get('routeros/vlans').items():
|
||
|
if conf['delete']:
|
||
|
# delete old VLANs
|
||
|
routeros[f'/interface/vlan?name={vlan}'] = {
|
||
|
'delete': True,
|
||
|
}
|
||
|
|
||
|
routeros[f"/interface/bridge/vlan?vlan-ids={conf['id']}"] = {
|
||
|
'delete': True,
|
||
|
}
|
||
|
else:
|
||
|
# create vlans
|
||
|
routeros[f'/interface/vlan?name={vlan}'] = {
|
||
|
'vlan-id': conf['id'],
|
||
|
'interface': 'bridge',
|
||
|
'tags': {'routeros-vlan'},
|
||
|
'needs': {
|
||
|
'routeros:/interface/bridge?name=bridge',
|
||
|
},
|
||
|
}
|
||
|
|
||
|
# assign ports to vlans
|
||
|
routeros[f"/interface/bridge/vlan?vlan-ids={conf['id']}"] = {
|
||
|
'bridge': 'bridge',
|
||
|
'untagged': sorted(conf['untagged']),
|
||
|
'tagged': sorted(conf['tagged']),
|
||
|
'_comment': vlan,
|
||
|
'tags': {'routeros-bridge-vlan'},
|
||
|
'needs': {
|
||
|
'routeros:/interface/bridge?name=bridge',
|
||
|
'tag:routeros-vlan',
|
||
|
},
|
||
|
}
|