space_server: add graceful reboot script

[esmil: call the script just reboot-graceful]
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>
Signed-off-by: Emil Renner Berthing <esmil@labitat.dk>

2 files changed, 44 insertions, 0 deletions

diff --git a/roles/space_server/files/reboot-graceful.sh b/roles/space_server/files/reboot-graceful.sh
new file mode 100644
index 0000000..3fb117a
--- /dev/null
+++ b/roles/space_server/files/reboot-graceful.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# Background:
+#   RFC 8327 / BCP 214
+#     Mitigating the Negative Impact of Maintenance through
+#     BGP Session Culling
+#     https://datatracker.ietf.org/doc/html/rfc8327
+
+disable_bgp_local_peers() {
+	# peers that are multi-homed, and wishes advance
+	# notice before reboots, so BGP can do it's thing
+	# and re-route traffic.
+
+	# asbjorn
+	birdc disable asbjorn_ipv4
+	birdc disable asbjorn_ipv6
+}
+
+enable_bgp_culling() {
+	# BGP culling through nftables is assumed
+	# unnecessary at this time, as there properly
+	# aren't any multi-hop sessions routed across
+	# the space server, except maybe BGP.tools feeds.
+	true # implement when needed
+}
+
+disable_bgp_local_peers
+enable_bgp_culling
+
+# wait for routes to be withdrawn and synced
+sleep 5
+
+# reboot system
+exec systemctl reboot
diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml
index 829481b..0a9487c 100644
--- a/roles/space_server/tasks/main.yml
+++ b/roles/space_server/tasks/main.yml
@@ -45,6 +45,16 @@
   tags:
   - pam
 
+- name: Add graceful reboot script
+  copy:
+    dest: '/usr/local/sbin/reboot-graceful'
+    src: reboot-graceful.sh
+    owner: root
+    group: root
+    mode: 0755
+  tags:
+  - reboot
+
 - import_tasks: kernel.yml
   tags: kernel
 - import_tasks: gettys.yml