routeros wip

2025-06-30 09:56:08 +02:00 · 2025-06-30 09:56:08 +02:00 · d54eff344f
commit d54eff344f
parent 79a54578b8
8 changed files with 229 additions and 10 deletions
--- a/bundles/routeros/README.md
+++ b/bundles/routeros/README.md
@ -0,0 +1,8 @@
+- reset (hold reset for 5-10 seconds, until user light starts flashing)
+- open webinterface under 192.168.88.1
+- set password
+- vlans need to be configured and an additional ip needs to be assined to a vlan which es later accessible preferably through an untagged port
+- for example add 10.0.0.62/24 to "home" vlan
+- this happens on the first apply
+- when vlan filering gets enabled, the apply freezes and the switch is no longer available under the old ip
+- now that filtering is active, the switch is available under its new ip, because now you dont speak to the bridge anymore, where the old ip was residing, but to the vlan interface, where the new ip is residing
--- a/bundles/routeros/items.py
+++ b/bundles/routeros/items.py
@ -1,3 +1,120 @@
+routeros['/ip/dns'] = {
+    'servers': '8.8.8.8',
+}
+
 routeros['/system/identity'] = {
    'name': node.name,
 }
+
+# for service in (
+#     'api-ssl',  # slow :(
+#     'ftp',  # we can download files via HTTP
+#     'telnet',
+#     'www-ssl',  # slow :(
+#     'winbox',
+# ):
+#     routeros[f'/ip/service?name={service}'] = {
+#         'disabled': True,
+#     }
+
+# LOGGING_TOPICS = (
+#     'critical',
+#     'error',
+#     'info',
+#     'stp',
+#     'warning',
+# )
+# for topic in LOGGING_TOPICS:
+#     routeros[f'/system/logging?action=memory&topics={topic}'] = {}
+
+# routeros['/snmp'] = {
+#     'enabled': True,
+# }
+# routeros['/snmp/community?name=public'] = {
+#     'addresses': '0.0.0.0/0',
+#     'disabled': False,
+#     'read-access': True,
+#     'write-access': False,
+# }
+
+# routeros['/system/clock'] = {
+#     'time-zone-autodetect': False,
+#     'time-zone-name': 'UTC',
+# }
+
+# routeros['/ip/neighbor/discovery-settings'] = {
+#     'protocol': 'cdp,lldp,mndp',
+# }
+
+# routeros['/ip/route?dst-address=0.0.0.0/0'] = {
+#     'gateway': node.metadata.get('routeros/gateway'),
+# }
+
+for vlan_name, vlan_id in node.metadata.get('routeros/vlans').items():
+    routeros[f'/interface/vlan?name={vlan_name}'] = {
+        'vlan-id': vlan_id,
+        'interface': 'bridge',
+        'tags': {
+            'routeros-vlan',
+        },
+        'needs': {
+            #'routeros:/interface/bridge?name=bridge',
+        },
+    }
+
+    routeros[f"/interface/bridge/vlan?vlan-ids={vlan_id}"] = {
+        'bridge': 'bridge',
+        'untagged': sorted(node.metadata.get(f'routeros/vlan_ports/{vlan_name}/untagged')),
+        'tagged': sorted(node.metadata.get(f'routeros/vlan_ports/{vlan_name}/tagged')),
+        '_comment': vlan_name,
+        'tags': {'routeros-bridge-vlan'},
+        'needs': {
+            #'routeros:/interface/bridge?name=bridge',
+            'tag:routeros-vlan',
+        },
+    }
+
+# create IPs
+for ip, ip_conf in node.metadata.get('routeros/ips').items():
+    routeros[f'/ip/address?address={ip}'] = {
+        'interface': ip_conf['interface'],
+        'tags': {
+            'routeros-ip',
+        },
+        'needs': {
+            'tag:routeros-vlan',
+        },
+    }
+
+routeros['/interface/bridge?name=bridge'] = {
+    'vlan-filtering': True, # ENABLE AFTER PORT VLANS ARE SET UP
+    'igmp-snooping': False,
+    'priority': node.metadata.get('routeros/bridge_priority'),
+    'protocol-mode': 'rstp',
+    'needs': {
+        'tag:routeros-vlan',
+        'tag:routeros-ip',
+    },
+}
+
+# purge unused vlans
+routeros['/interface/vlan'] = {
+    'purge': {
+        'id-by': 'name',
+    },
+    'needed_by': {
+        'tag:routeros-vlan',
+    }
+}
+
+routeros['/interface/bridge/vlan'] = {
+    'purge': {
+        'id-by': 'vlan-ids',
+        'keep': {
+            'dynamic': True,
+        },
+    },
+    'needed_by': {
+        'tag:routeros-vlan',
+    }
+}
--- a/bundles/routeros/metadata.py
+++ b/bundles/routeros/metadata.py
@ -0,0 +1,26 @@
+defaults = {}
+
+
+@metadata_reactor.provides(
+    'routeros/vlan_ports',
+)
+def routeros__(metadata):
+    return {
+        'routeros': {
+            'vlan_ports': {
+                vlan_name: {
+                    'untagged': {
+                        port_name
+                            for port_name, port_conf in metadata.get('routeros/ports').items()
+                            if vlan_name == metadata.get(f'routeros/vlan_groups/{port_conf["vlan_group"]}/untagged')
+                    },
+                    'tagged': {
+                        port_name
+                            for port_name, port_conf in metadata.get('routeros/ports').items()
+                            if vlan_name in metadata.get(f'routeros/vlan_groups/{port_conf["vlan_group"]}/tagged')
+                    },
+                }
+                        for vlan_name in metadata.get('routeros/vlans').keys()
+            },
+        },
+    }
--- a/groups/os/routeros.py
+++ b/groups/os/routeros.py
@ -9,6 +9,37 @@
        'routeros',
    ],
    'metadata': {
+        'routeros': {
+            'gateway': '10.0.0.1',
+            'bridge_priority': '0x8000',
+            'ports': {},
+            'vlans': {
+                'home': '1',
+                'iot': '2',
+                'internet': '3',
+                'proxmox': '4',
+                'gast': '9',
+                'rolf': '51',
+            },
+            'vlan_groups': {
+                'infra': {
+                    'untagged': 'home',
+                    'tagged': {
+                        'iot',
+                        'internet',
+                        'proxmox',
+                        'gast',
+                        'rolf',
+                    },
+                },
+            },
+            'vlan_ports': {},
+            'ips': {
+                '10.0.0.62/24': {
+                    'interface': 'home',
+                },
+            },
+        },
    },
    'os': 'routeros',
 }
--- a/nodes/home.switch-rack-10g.py
+++ b/nodes/home.switch-rack-10g.py
--- a/nodes/home.switch-vorratsraum-poe.py
+++ b/nodes/home.switch-vorratsraum-poe.py
@ -0,0 +1,17 @@
+{
+    'hostname': '10.0.0.60',
+    'password': '!decrypt:encrypt$gAAAAABoYVzxzO0R_bnW3S3Ggiq2LCCAGaKtXToviGZjgIlH2NpL9ojO8aNlSPPcGTKbn5z5RxSxjOlL161U0Ctdf6Rns2e5I5p5TIcsQ7c9qnAiaV-Hhuw=',
+    'groups': [
+        'routeros',
+    ],
+    'metadata': {
+        'id': 'e6a24df7-eed1-404e-af78-15ebcbcc02a2',
+        'routeros': {
+            'ports': {
+                'ether1': {
+                    'vlan_group': 'infra',
+                },
+            },
+        },
+    },
+}
--- a/nodes/home.switch-wohnzimmer-10g.py
+++ b/nodes/home.switch-wohnzimmer-10g.py
@ -0,0 +1,30 @@
+{
+    #'hostname': '192.168.88.1',
+    'hostname': '10.0.0.62',
+    'password': '!decrypt:encrypt$gAAAAABoYFSyt2JAsdePXiHim1RdQwbarJedhAOE3XpS2rGMBx-F5eCWRCIyLU2g2ocUDUIDfgH3nBipUCkdcd0Bv4vbK-yqKmGSeSH7YXLYwq3ZWuCDsLM=',
+    'groups': [
+        'routeros',
+    ],
+    'metadata': {
+        'id': 'e6a24df7-eed1-404e-af78-15ebcbcc02a2',
+        'routeros': {
+            'ports': {
+                'ether1': {
+                    'vlan_group': 'infra',
+                },
+                'ether2': {
+                    'vlan_group': 'infra',
+                },
+                'ether3': {
+                    'vlan_group': 'infra',
+                },
+                'ether4': {
+                    'vlan_group': 'infra',
+                },
+                'ether5': {
+                    'vlan_group': 'infra',
+                },
+            },
+        },
+    },
+}
--- a/nodes/home.wohnzimmer-switch-10g.py
+++ b/nodes/home.wohnzimmer-switch-10g.py
@ -1,10 +0,0 @@
-{
-    'hostname': '10.0.0.62',
-    'password': '!decrypt:encrypt$gAAAAABoYFSyt2JAsdePXiHim1RdQwbarJedhAOE3XpS2rGMBx-F5eCWRCIyLU2g2ocUDUIDfgH3nBipUCkdcd0Bv4vbK-yqKmGSeSH7YXLYwq3ZWuCDsLM=',
-    'groups': [
-        'routeros',
-    ],
-    'metadata': {
-        'id': 'e6a24df7-eed1-404e-af78-15ebcbcc02a2',
-    },
-}