• General
  • usEnglish

  • Automating DN42 setups

As I've once heard, only a lazy sysadmin is a good sysadmin. It is sensible that one should automate as much as possible. However, in my case, I still have a completely un-automated setup.

But of course, I'd like to change that. And–as always–there are many ways to do it. That's why I'd like to know: How does dn42 automate their setups? How are your configs stored and how are they applied on your routers?

In my case, especially automated VyOS setups are of interest, but I'm also interested in setups with other operating systems and routing software. In the end I assume that in an automated setup, the only major difference will be the way the configuration (changes) are applied to the machine while everything before that stays (roughly) the same. Also, other dn42ers should be able to learn from this thread, as well 😉

14 days later

I've been exploring this a little big recently. In general to automate things you need a database and scripts to compile them into configs, and apply them.
To automate peering from a database entry, what I have right now is

  1. Generate a wireguard config based on (port, remote, local4, peer4, local6, peer6), then use wq-quick to bring up that interface
  2. Generate a bird config based on (ASN, peer4, peer6), then use birdc c to reload the configuration.

The procedure works well in the workflow of a) manually adding a entry, b) run the deployment script on edge node

To truly automate the peering process, the data gathering has to be implemented. I've wrote a sshd in python to

  1. Auth user based on ASN -> MNT -> person -> auth sshkey
  2. Collect the peering info
  3. Perform sanity check and add to database
  4. Trigger the re-deployment to apply it locally or remotely

Currently it's kind of working right now, and maybe I can opensource it once it's deployed and tested it on neo.ccp.ovh.