Freifunk-Troisdorf/ansible.fftdf.supernode
5
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Have fun

Browse Source
This commit is contained in:
Roman Katrincak 2015-11-28 15:25:29 +01:00
parent c6e94dc462
commit 1733978af2
12 changed files with 1372 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
README.md
View File

@ -1,2 +1,21 @@
# ansible.fftdf.supernode
Ansible yml file to manage Freifunk Troisdorf supernodes
At this time you have to start it explicit with the target server
example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf5"
You need this information in your hosts (/etc/ansible/hosts) file:
#example, I hope self explaining
[troisdorf5]
78.46.233.212
[troisdorf5:vars]
sn_hostname=troisdorf5
sn_dhcp_range=10.188.115.1 10.188.115.254
sn_dhcp_dns=10.188.1.100, 10.188.1.23
sn_dhcp_router=10.188.255.5
sn_mesh_IPv6=fda0:747e:ab29:7405:255::5
sn_mesh_IPv4=10.188.255.5
sn_mesh_MAC=a2:8c:ae:6f:f6:05
sn_fqdn=freifunk-troisdorf.de
sn_l2tp_tb_port=53844

13
files/authorized_keys Normal file
View File

@ -0,0 +1,13 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDPUaWm37b93Lqmg1wMj0qvUURBKpWsRiRUzzRAaQrIdhcZjo0Gkw4vv7tpFQCmvWqxUpzH00GDKjLrMvNfcv+5b0Ctl06Bo+e4nb2SVsFhjaP9MLIjHiKpgivIPx9aKwxKx/VjsW920eWOG+VaDKIJTxPGUYedaUgIktvhutAbOyRR/OJlIZ3Qs0cnyT4KTM4pe4br2p3+mNs6J7G+z8Lw99WiUBfUwsRLVO68nJA2PKlJNEUGJycngqV06iQpcDfei88DFRMetN9bhVYxWFIzCQfjjqs8dkomEhfFQwfOTYiOouhaycZABwU4pPmQwZIkp1q4KduodU/KYsf78WitYgavHVInWBQuAUljafwQpTLHy8AI6M3XmbKi5rvNZiy4hoxfaT7rYJGuBoTwsZEHI7Sf26XsyQKJdu29mmIYPpzPKP7VAyjAVLqruLX1Yy0oZuM22YFFj5MHuoEN3WdXOYymvZyOM05xXeQk6gVh3EE6MpbK8CFz1KPNEjd+vce1zUyACDvqdt6ZIjqmUdivBsvHDTqMgH9mSxjjjwLy+Sd7snXx0bqksTdPChAlXN9vs3ez8FJl0P4inzjza8l8zGqaa2A1CsO8dRcyojohczLYoTHWQTB3tVIdcj55UIE= Roman
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUlPYUqsisJoBT5iDOc7OQXadZyFgI2Z+n+ARPg7OLgkw4SCORAOd53x6KYQZFhq9LP6Dv+kNkk3Qvd/uIr8avG3nxRcHWSIU9ICUmGzEp+W7dT1ExzhVkFxQG7f219ifjRO95xeQNI45MdVKBytQoQGNMoNLXTOZfW5mYr5yQWePa2OmdJLPWrAoHpS2PgrcqWzqdSBuKLdPQgr8KKHGvn9Wf/t9/6/foYfBlzf+emfxZY0M7vJUcCkpK+m66ECE2/eu9aE3m4oBOImivy9/yCta2BASJKCycYoTijRlihcllT3zSt2AGlK7OKpZRDlvFOPuL4yw1LsreBRkkdcAZ reka
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb1l5B82IeYYmapacMPR1KQV7r24Qc7K9v33Wtfyi3GuF6sz/Z014ZvtI6TwodvjWH5yx0yh+zY8BQzgb29zQm6vCjnAzDX2QdJJtAruNcl3Ib8rnp4dIRtSRwxwTP/QSltuSokMMoCoKI3Zl0i4MvlCCezjSVWzmfeTr8OA9pDz1eJ9hZn87IaBghVIOIpZYvoxhE7GAbctqA+Jx3XUoWyY4LJpgMA4Y2q9YjQ9bWNyQb5FuwCp4akapwDFEvbTDY0DyAHKmm7txv+5q5RkxfFq3K/DtcILbm0wtAsqM7VZu2TYOj+KiEHJmJMAq+yYNEWzMTsnr7mjqz8I5uOA0V jan@gefion
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNx2LqPdxwg26i4PytNUIbabqf7eb9gIp6dgwwIqFUnqbnTcilzxlm1FZoH+yMKvYY0G+ZNPG9Zs59QWE/m+mPBOjmrf5N4EH3BW3L/VRLesFMokXHtxkXZzX8CD7c+C0DGmcWfQNMD9tOYsKVm3No3Yr1Hy/WmVQbdEjpkowGpl/y1GFjZqa0dGBhVwAzdHjxsKkpbbVJDDzBwY6WReV+b6Ychgk4S58caJWXAZhkv/2bnaGW1SloHST+GBZrFa+JYbS0D1eortfpPsSR0AMqReJ+NSBKopOYC+WbqEFk9V5VJgbIsT27hRLk3Ctn8MuBUCP1vzn6gyPK91o/ZZqH jan@odin
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVxoI2GdqqnK0eKsx5xXiYca19toxB+s9lHb9u9gdmJ52tsl75XZVT2R44o5Yu8KciSPx+khzj7vL3RWieVTrPGhlbYQnOuK73x420rGejjAyDFPQWQxw98Bx0a7VHBsSUpndcnlLBMPe6bIOLI8j7c/sV26rEOAF7LshuONq4E5SMUTL4bp2dhfBgC8SjGdevBpwR1rCBIt51jhvS/asBIUZNrabG3NPwNoaRLELUbFZm7vLF777GWuBzM0G41iImb8nuC1q9WSt66ShhSxLthvl1wdyvixgCgY5yM3eOVJHheMWR6mwE2ZdAeLAFjfXKBqoH5My7a4K96wyUMptD nodeadmin@update1
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA5OYOF+VBtXXxv/wZkT5K3P7QAUJaM88zJqeGh8NJCO7EDg9jLoWLzAP7LnM9XEA4ycWdl8HX1+EUKqVXAbSNItTZZkO9LCbIiIe1w8oJd2j9hY0IpxPqbz9ePPZh0JtxAZMh3NgOoSiND0leAeOt0lTlDPh4g3G4KvR33d9PIj5ZerU47ceLyy4xEwNbZDKD04+frpq1W+lDqglR0jV/h/pcoQTAEBflbmGLeXIXRsR6zq/of4Wx/MlX18VD9SXPLGXvQ5c4lt5PvV/oeHz4gEjPv2hrI3s3fyWakadAuI9ah48CaEgpVReUGjtYDc0PskvjAH/+slqIHW1D5El+R1Z/2wn/aEGokFHUc0SiFb3NAOwxWvMtUHhXi9ZiTHt0p/0FwWZ1pxqRzODvK8uZ7LAJRGe6q9NYQkIax6SLOfWm4MFWDpDLgWz5MSbPqo+Kfo0614z1mxA3vpY53lUqEGRx4I6z/PDaOHMFd3sxhSMPGvmMvAOLTRofFppwUq1YqQkd6embsJjBN0gU9AilpL5Q2il0OoW4g0rUR8HPJczuDzmHZTXpPU2dY6MhAJ0sbNmk0XhmyoEH9/A1zPEHmirTcBMmbFUsYmR6+MnHEhxnRu5PQpXqcu2vN+JAeasgJShRl7g+rHIdutswHUAWWyfgaD0GF3f6zuOLooz1XQU= localadmin@tst-ansible

7
files/bataddif.sh.j2 Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
INTERFACE="$3"
ip link set address {{ sn_mesh_MAC }} dev $INTERFACE
ip link set dev $INTERFACE up mtu 1312
/usr/sbin/batctl if add $INTERFACE

4
files/batdelif.sh Normal file
View File

@ -0,0 +1,4 @@
#!/bin/bash
INTERFACE="$3"
/usr/sbin/batctl if del $INTERFACE

922
files/collectd.conf.j2 Normal file
View File

@ -0,0 +1,922 @@
# Config file for collectd(1).
#
# Some plugins need additional configuration and are disabled by default.
# Please read collectd.conf(5) for details.
#
# You should also read /usr/share/doc/collectd-core/README.Debian.plugins
# before enabling any more plugins.
Hostname "{{ sn_hostname }}"
FQDNLookup true
BaseDir "/var/lib/collectd"
PluginDir "/usr/lib/collectd"
#TypesDB "/usr/share/collectd/types.db" "/etc/collectd/my_types.db"
Interval 100
Timeout 2
ReadThreads 5
LoadPlugin write_graphite
<Plugin write_graphite>
<Carbon>
Host "10.188.1.27"
Port "2003"
Prefix "collectd.gateways."
StoreRates true
AlwaysAppendDS false
EscapeCharacter "_"
</Carbon>
</Plugin>
LoadPlugin syslog
LoadPlugin interface
LoadPlugin cpu
LoadPlugin df
LoadPlugin disk
LoadPlugin entropy
LoadPlugin irq
LoadPlugin load
LoadPlugin memory
LoadPlugin openvpn
LoadPlugin processes
LoadPlugin swap
LoadPlugin rrdtool
LoadPlugin users
<Plugin rrdtool>
DataDir "/var/lib/collectd/rrd"
# CacheTimeout 120
# CacheFlush 900
# WritesPerSecond 30
# RandomTimeout 0
#
# The following settings are rather advanced
# and should usually not be touched:
# StepSize 10
# HeartBeat 20
# RRARows 1200
# RRATimespan 158112000
# XFF 0.1
</Plugin>
#<Plugin logfile>
# LogLevel "info"
# File STDOUT
# Timestamp true
# PrintSeverity false
#</Plugin>
<Plugin syslog>
LogLevel info
</Plugin>
<Plugin interface>
Interface "eth0"
Interface "bat0"
Interface "fastd-tro"
Interface "mullvad"
IgnoreSelected false
</Plugin>
#####################################################################
#LoadPlugin amqp
#LoadPlugin apache
#LoadPlugin apcups
#LoadPlugin ascent
#LoadPlugin battery
#LoadPlugin bind
#LoadPlugin conntrack
#LoadPlugin contextswitch
#LoadPlugin cpufreq
#LoadPlugin csv
#LoadPlugin curl
#LoadPlugin curl_json
#LoadPlugin curl_xml
#LoadPlugin dbi
#LoadPlugin dns
#LoadPlugin email
#LoadPlugin ethstat
#LoadPlugin exec
#LoadPlugin filecount
#LoadPlugin fscache
#LoadPlugin gmond
#LoadPlugin hddtemp
#LoadPlugin ipmi
#LoadPlugin iptables
#LoadPlugin ipvs
#LoadPlugin java
#LoadPlugin libvirt
#LoadPlugin madwifi
#LoadPlugin mbmon
#LoadPlugin md
#LoadPlugin memcachec
#LoadPlugin memcached
#LoadPlugin multimeter
#LoadPlugin mysql
#LoadPlugin netlink
#LoadPlugin network
#LoadPlugin nfs
#LoadPlugin nginx
#LoadPlugin notify_desktop
#LoadPlugin notify_email
#LoadPlugin ntpd
#LoadPlugin numa
#LoadPlugin nut
#LoadPlugin olsrd
#<LoadPlugin perl>
# Globals true
#</LoadPlugin>
#LoadPlugin pinba
#LoadPlugin ping
#LoadPlugin postgresql
#LoadPlugin powerdns
#LoadPlugin protocols
#<LoadPlugin python>
# Globals true
#</LoadPlugin>
#LoadPlugin rrdcached
#LoadPlugin sensors
#LoadPlugin serial
#LoadPlugin snmp
#LoadPlugin table
#LoadPlugin tail
#LoadPlugin tcpconns
#LoadPlugin teamspeak2
#LoadPlugin ted
#LoadPlugin thermal
#LoadPlugin tokyotyrant
#LoadPlugin unixsock
#LoadPlugin uptime
#LoadPlugin uuid
#LoadPlugin varnish
#LoadPlugin vmem
#LoadPlugin vserver
#LoadPlugin wireless
#LoadPlugin write_http
#LoadPlugin write_mongodb
#<Plugin amqp>
# <Publish "name">
# Host "localhost"
# Port "5672"
# VHost "/"
# User "guest"
# Password "guest"
# Exchange "amq.fanout"
# RoutingKey "collectd"
# Persistent false
# StoreRates false
# </Publish>
#</Plugin>
#<Plugin apache>
# <Instance "foo">
# URL "http://localhost/server-status?auto"
# User "www-user"
# Password "secret"
# VerifyPeer false
# VerifyHost false
# CACert "/etc/ssl/ca.crt"
# Server "apache"
# </Instance>
#
# <Instance "bar">
# URL "http://some.domain.tld/status?auto"
# Host "some.domain.tld"
# Server "lighttpd"
# </Instance>
#</Plugin>
#<Plugin apcups>
# Host "localhost"
# Port "3551"
#</Plugin>
#<Plugin ascent>
# URL "http://localhost/ascent/status/"
# User "www-user"
# Password "secret"
# VerifyPeer false
# VerifyHost false
# CACert "/etc/ssl/ca.crt"
#</Plugin>
#<Plugin "bind">
# URL "http://localhost:8053/"
#
# ParseTime false
#
# OpCodes true
# QTypes true
# ServerStats true
# ZoneMaintStats true
# ResolverStats false
# MemoryStats true
#
# <View "_default">
# QTypes true
# ResolverStats true
# CacheRRSets true
#
# Zone "127.in-addr.arpa/IN"
# </View>
#</Plugin>
#<Plugin csv>
# DataDir "/var/lib/collectd/csv"
# StoreRates false
#</Plugin>
#<Plugin curl>
# <Page "stock_quotes">
# URL "http://finance.google.com/finance?q=NYSE%3AAMD"
# User "foo"
# Password "bar"
# VerifyPeer false
# VerifyHost false
# CACert "/etc/ssl/ca.crt"
# MeasureResponseTime false
# <Match>
# Regex "<span +class=\"pr\"[^>]*> *([0-9]*\\.[0-9]+) *</span>"
# DSType "GaugeAverage"
# Type "stock_value"
# Instance "AMD"
# </Match>
# </Page>
#</Plugin>
#<Plugin curl_json>
## See: http://wiki.apache.org/couchdb/Runtime_Statistics
# <URL "http://localhost:5984/_stats">
# Instance "httpd"
# <Key "httpd/requests/count">
# Type "http_requests"
# </Key>
#
# <Key "httpd_request_methods/*/count">
# Type "http_request_methods"
# </Key>
#
# <Key "httpd_status_codes/*/count">
# Type "http_response_codes"
# </Key>
# </URL>
## Database status metrics:
# <URL "http://localhost:5984/_all_dbs">
# Instance "dbs"
# <Key "*/doc_count">
# Type "gauge"
# </Key>
# <Key "*/doc_del_count">
# Type "counter"
# </Key>
# <Key "*/disk_size">
# Type "bytes"
# </Key>
# </URL>
#</Plugin>
#<Plugin "curl_xml">
# <URL "http://localhost/stats.xml">
# Host "my_host"
# Instance "some_instance"
# User "collectd"
# Password "thaiNg0I"
# VerifyPeer true
# VerifyHost true
# CACert "/path/to/ca.crt"
#
# <XPath "table[@id=\"magic_level\"]/tr">
# Type "magic_level"
# InstancePrefix "prefix-"
# InstanceFrom "td[1]"
# ValuesFrom "td[2]/span[@class=\"level\"]"
# </XPath>
# </URL>
#</Plugin>
#<Plugin dbi>
# <Query "num_of_customers">
# Statement "SELECT 'customers' AS c_key, COUNT(*) AS c_value \
# FROM customers_tbl"
# MinVersion 40102
# MaxVersion 50042
# <Result>
# Type "gauge"
# InstancePrefix "customer"
# InstancesFrom "c_key"
# ValuesFrom "c_value"
# </Result>
# </Query>
#
# <Database "customers_db">
# Driver "mysql"
# DriverOption "host" "localhost"
# DriverOption "username" "collectd"
# DriverOption "password" "secret"
# DriverOption "dbname" "custdb0"
# SelectDB "custdb0"
# Query "num_of_customers"
# Query "..."
# </Database>
#</Plugin>
#<Plugin df>
# Device "/dev/sda1"
# Device "192.168.0.2:/mnt/nfs"
# MountPoint "/home"
# FSType "ext3"
# IgnoreSelected false
# ReportByDevice false
# ReportReserved false
# ReportInodes false
#</Plugin>
#<Plugin disk>
# Disk "hda"
# Disk "/sda[23]/"
# IgnoreSelected false
#</Plugin>
#<Plugin dns>
# Interface "eth0"
# IgnoreSource "192.168.0.1"
# SelectNumericQueryTypes false
#</Plugin>
#<Plugin email>
# SocketFile "/var/run/collectd-email"
# SocketGroup "collectd"
# SocketPerms "0770"
# MaxConns 5
#</Plugin>
#<Plugin ethstat>
# Interface "eth0"
# Map "rx_csum_offload_errors" "if_rx_errors" "checksum_offload"
# Map "multicast" "if_multicast"
# MappedOnly false
#</Plugin>
#<Plugin exec>
# Exec user "/path/to/exec"
# Exec "user:group" "/path/to/exec"
# NotificationExec user "/path/to/exec"
#</Plugin>
#<Plugin filecount>
# <Directory "/path/to/dir">
# Instance "foodir"
# Name "*.conf"
# MTime "-5m"
# Size "+10k"
# Recursive true
# IncludeHidden false
# </Directory>
#</Plugin>
#<Plugin gmond>
# MCReceiveFrom "239.2.11.71" "8649"
#
# <Metric "swap_total">
# Type "swap"
# TypeInstance "total"
# DataSource "value"
# </Metric>
#
# <Metric "swap_free">
# Type "swap"
# TypeInstance "free"
# DataSource "value"
# </Metric>
#</Plugin>
#<Plugin hddtemp>
# Host "127.0.0.1"
# Port 7634
#</Plugin>
#<Plugin interface>
# Interface "eth0"
# IgnoreSelected false
#</Plugin>
#<Plugin ipmi>
# Sensor "some_sensor"
# Sensor "another_one"
# IgnoreSelected false
# NotifySensorAdd false
# NotifySensorRemove true
# NotifySensorNotPresent false
#</Plugin>
#<Plugin iptables>
# Chain "table" "chain"
#</Plugin>
#<Plugin irq>
# Irq 7
# Irq 8
# Irq 9
# IgnoreSelected true
#</Plugin>
#<Plugin java>
# JVMArg "-verbose:jni"
# JVMArg "-Djava.class.path=/usr/share/collectd/java/collectd-api.jar"
#
# LoadPlugin "org.collectd.java.GenericJMX"
# <Plugin "GenericJMX">
# # See /usr/share/doc/collectd/examples/GenericJMX.conf
# # for an example config.
# </Plugin>
#</Plugin>
#<Plugin libvirt>
# Connection "xen:///"
# RefreshInterval 60
# Domain "name"
# BlockDevice "name:device"
# InterfaceDevice "name:device"
# IgnoreSelected false
# HostnameFormat name
# InterfaceFormat name
#</Plugin>
#<Plugin madwifi>
# Interface "wlan0"
# IgnoreSelected false
# Source "SysFS"
# WatchSet "None"
# WatchAdd "node_octets"
# WatchAdd "node_rssi"
# WatchAdd "is_rx_acl"
# WatchAdd "is_scan_active"
#</Plugin>
#<Plugin mbmon>
# Host "127.0.0.1"
# Port 411
#</Plugin>
#<Plugin md>
# Device "/dev/md0"
# IgnoreSelected false
#</Plugin>
#<Plugin memcachec>
# <Page "plugin_instance">
# Server "localhost"
# Key "page_key"
# <Match>
# Regex "(\\d+) bytes sent"
# ExcludeRegex "<lines to be excluded>"
# DSType CounterAdd
# Type "ipt_octets"
# Instance "type_instance"
# </Match>
# </Page>
#</Plugin>
#<Plugin memcached>
# Socket "/var/run/memcached.sock"
# or:
# Host "127.0.0.1"
# Port "11211"
#</Plugin>
#<Plugin mysql>
# <Database db_name>
# Host "database.serv.er"
# Port "3306"
# User "db_user"
# Password "secret"
# Database "db_name"
# MasterStats true
# </Database>
#
# <Database db_name2>
# Host "localhost"
# Socket "/var/run/mysql/mysqld.sock"
# SlaveStats true
# SlaveNotifications true
# </Database>
#</Plugin>
#<Plugin netlink>
# Interface "All"
# VerboseInterface "All"
# QDisc "eth0" "pfifo_fast-1:0"
# Class "ppp0" "htb-1:10"
# Filter "ppp0" "u32-1:0"
# IgnoreSelected false
#</Plugin>
#<Plugin network>
# # client setup:
# Server "ff18::efc0:4a42" "25826"
# <Server "239.192.74.66" "25826">
# SecurityLevel Encrypt
# Username "user"
# Password "secret"
# Interface "eth0"
# </Server>
# TimeToLive "128"
#
# # server setup:
# Listen "ff18::efc0:4a42" "25826"
# <Listen "239.192.74.66" "25826">
# SecurityLevel Sign
# AuthFile "/etc/collectd/passwd"
# Interface "eth0"
# </Listen>
# MaxPacketSize 1024
#
# # proxy setup (client and server as above):
# Forward true
#
# # statistics about the network plugin itself
# ReportStats false
#
# # "garbage collection"
# CacheFlush 1800
#</Plugin>
#<Plugin nginx>
# URL "http://localhost/status?auto"
# User "www-user"
# Password "secret"
# VerifyPeer false
# VerifyHost false
# CACert "/etc/ssl/ca.crt"
#</Plugin>
#<Plugin notify_desktop>
# OkayTimeout 1000
# WarningTimeout 5000
# FailureTimeout 0
#</Plugin>
#<Plugin notify_email>
# SMTPServer "localhost"
# SMTPPort 25
# SMTPUser "my-username"
# SMTPPassword "my-password"
# From "collectd@main0server.com"
# # <WARNING/FAILURE/OK> on <hostname>.
# # Beware! Do not use not more than two placeholders (%)!
# Subject "[collectd] %s on %s!"
# Recipient "email1@domain1.net"
# Recipient "email2@domain2.com"
#</Plugin>
#<Plugin ntpd>
# Host "localhost"
# Port 123
# ReverseLookups false
#</Plugin>
#<Plugin nut>
# UPS "upsname@hostname:port"
#</Plugin>
#<Plugin olsrd>
# Host "127.0.0.1"
# Port "2006"
# CollectLinks "Summary"
# CollectRoutes "Summary"
# CollectTopology "Summary"
#</Plugin>
#<Plugin openvpn>
# StatusFile "/etc/openvpn/openvpn-status.log"
# ImprovedNamingSchema false
# CollectCompression true
# CollectIndividualUsers true
# CollectUserCount false
#</Plugin>
#<Plugin perl>
# IncludeDir "/my/include/path"
# BaseName "Collectd::Plugins"
# EnableDebugger ""
# LoadPlugin Monitorus
# LoadPlugin OpenVZ
#
# <Plugin foo>
# Foo "Bar"
# Qux "Baz"
# </Plugin>
#</Plugin>
#<Plugin pinba>
# Address "::0"
# Port "30002"
# <View "name">
# Host "host name"
# Server "server name"
# Script "script name"
# <View>
#</Plugin>
#<Plugin ping>
# Host "host.foo.bar"
# Host "host.baz.qux"
# Interval 1.0
# Timeout 0.9
# TTL 255
# SourceAddress "1.2.3.4"
# Device "eth0"
# MaxMissed -1
#</Plugin>
#<Plugin postgresql>
# <Query magic>
# Statement "SELECT magic FROM wizard WHERE host = $1;"
# Param hostname
#
# <Result>
# Type gauge
# InstancePrefix "magic"
# ValuesFrom "magic"
# </Result>
# </Query>
#
# <Query rt36_tickets>
# Statement "SELECT COUNT(type) AS count, type \
# FROM (SELECT CASE \
# WHEN resolved = 'epoch' THEN 'open' \
# ELSE 'resolved' END AS type \
# FROM tickets) type \
# GROUP BY type;"
#
# <Result>
# Type counter
# InstancePrefix "rt36_tickets"
# InstancesFrom "type"
# ValuesFrom "count"
# </Result>
# </Query>
#
# <Database foo>
# Host "hostname"
# Port 5432
# User "username"
# Password "secret"
#
# SSLMode "prefer"
# KRBSrvName "kerberos_service_name"
#
# Query magic
# </Database>
#
# <Database bar>
# Interval 60
# Service "service_name"
#
# Query backend # predefined
# Query rt36_tickets
# </Database>
#</Plugin>
#<Plugin powerdns>
# <Server "server_name">
# Collect "latency"
# Collect "udp-answers" "udp-queries"
# Socket "/var/run/pdns.controlsocket"
# </Server>
# <Recursor "recursor_name">
# Collect "questions"
# Collect "cache-hits" "cache-misses"
# Socket "/var/run/pdns_recursor.controlsocket"
# </Recursor>
# LocalSocket "/opt/collectd/var/run/collectd-powerdns"
#</Plugin>
#<Plugin processes>
# Process "name"
# ProcessMatch "foobar" "/usr/bin/perl foobar\\.pl.*"
#</Plugin>
#<Plugin protocols>
# Value "/^Tcp:/"
# IgnoreSelected false
#</Plugin>
#<Plugin python>
# ModulePath "/path/to/your/python/modules"
# LogTraces true
# Interactive true
# Import "spam"
#
# <Module spam>
# spam "wonderful" "lovely"
# </Module>
#</Plugin>
#<Plugin rrdcached>
# DaemonAddress "unix:/var/run/rrdcached.sock"
# DataDir "/var/lib/rrdcached/db/collectd"
# CreateFiles true
# CollectStatistics true
#</Plugin>
#<Plugin sensors>
# SensorConfigFile "/etc/sensors3.conf"
# Sensor "it8712-isa-0290/temperature-temp1"
# Sensor "it8712-isa-0290/fanspeed-fan3"
# Sensor "it8712-isa-0290/voltage-in8"
# IgnoreSelected false
#</Plugin>
# See /usr/share/doc/collectd/examples/snmp-data.conf.gz for a
# comprehensive sample configuration.
#<Plugin snmp>
# <Data "powerplus_voltge_input">
# Type "voltage"
# Table false
# Instance "input_line1"
# Scale 0.1
# Values "SNMPv2-SMI::enterprises.6050.5.4.1.1.2.1"
# </Data>
# <Data "hr_users">
# Type "users"
# Table false
# Instance ""
# Shift -1
# Values "HOST-RESOURCES-MIB::hrSystemNumUsers.0"
# </Data>
# <Data "std_traffic">
# Type "if_octets"
# Table true
# InstancePrefix "traffic"
# Instance "IF-MIB::ifDescr"
# Values "IF-MIB::ifInOctets" "IF-MIB::ifOutOctets"
# </Data>
#
# <Host "some.switch.mydomain.org">
# Address "192.168.0.2"
# Version 1
# Community "community_string"
# Collect "std_traffic"
# Inverval 120
# </Host>
# <Host "some.server.mydomain.org">
# Address "192.168.0.42"
# Version 2
# Community "another_string"
# Collect "std_traffic" "hr_users"
# </Host>
# <Host "some.ups.mydomain.org">
# Address "192.168.0.3"
# Version 1
# Community "more_communities"
# Collect "powerplus_voltge_input"
# Interval 300
# </Host>
#</Plugin>
#<Plugin swap>
# ReportByDevice false
#</Plugin>
#<Plugin table>
# <Table "/proc/slabinfo">
# Instance "slabinfo"
# Separator " "
# <Result>
# Type gauge
# InstancePrefix "active_objs"
# InstancesFrom 0
# ValuesFrom 1
# </Result>
# <Result>
# Type gauge
# InstancePrefix "objperslab"
# InstancesFrom 0
# ValuesFrom 4
# </Result>
# </Table>
#</Plugin>
#<Plugin "tail">
# <File "/var/log/exim4/mainlog">
# Instance "exim"
# <Match>
# Regex "S=([1-9][0-9]*)"
# DSType "CounterAdd"
# Type "ipt_bytes"
# Instance "total"
# </Match>
# <Match>
# Regex "\\<R=local_user\\>"
# ExcludeRegex "\\<R=local_user\\>.*mail_spool defer"
# DSType "CounterInc"
# Type "counter"
# Instance "local_user"
# </Match>
# </File>
#</Plugin>
#<Plugin tcpconns>
# ListeningPorts false
# LocalPort "25"
# RemotePort "25"
#</Plugin>
#<Plugin teamspeak2>
# Host "127.0.0.1"
# Port "51234"
# Server "8767"
#</Plugin>
#<Plugin ted>
# Device "/dev/ttyUSB0"
# Retries 0
#</Plugin>
#<Plugin thermal>
# ForceUseProcfs false
# Device "THRM"
# IgnoreSelected false
#</Plugin>
#<Plugin tokyotyrant>
# Host "localhost"
# Port "1978"
#</Plugin>
#<Plugin unixsock>
# SocketFile "/var/run/collectd-unixsock"
# SocketGroup "collectd"
# SocketPerms "0660"
# DeleteSocket false
#</Plugin>
#<Plugin uuid>
# UUIDFile "/etc/uuid"
#</Plugin>
#<Plugin varnish>
# <Instance>
# CollectCache true
# CollectBackend true
# CollectConnections true
# CollectSHM true
# CollectESI false
# CollectFetch false
# CollectHCB false
# CollectSMA false
# CollectSMS false
# CollectSM false
# CollectTotals false
# CollectWorkers false
# </Instance>
#
# <Instance "myinstance">
# CollectCache true
# </Instance>
#</Plugin>
#<Plugin vmem>
# Verbose false
#</Plugin>
#<Plugin write_http>
# <URL "http://example.com/collectd-post">
# User "collectd"
# Password "secret"
# VerifyPeer true
# VerifyHost true
# CACert "/etc/ssl/ca.crt"
# Format "Command"
# StoreRates false
# </URL>
#</Plugin>
#<Plugin write_mongodb>
# <Node "example">
# Host "localhost"
# Port "27017"
# Timeout 1000
# StoreRates false
# <Node>
#</Plugin>
Include "/etc/collectd/filters.conf"
Include "/etc/collectd/thresholds.conf"

14
files/dhcpd.conf.j2 Normal file
View File

@ -0,0 +1,14 @@
ddns-update-style none;
option domain-name "fftdf";
default-lease-time 300;
max-lease-time 3600;
log-facility local7;
subnet 10.188.0.0 netmask 255.255.0.0 {
authoritative;
range {{ sn_dhcp_range }};
option domain-name-servers {{ sn_dhcp_dns }};
option routers {{ sn_dhcp_router }};
interface bat0;
}

44
files/gre_backbone.sh Normal file
View File

@ -0,0 +1,44 @@
#!/bin/sh
# Server name ending must be a single digit number
communityname="troisdorf"
server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6"
domain="freifunk-troisdorf.de"
mtu=1500
# community MAC address, without the last Byte (:)!
communitymacaddress="a2:8c:ae:6f:f6"
# Network part of the network, without the trailing dot
communitynetwork="10.188"
# IPv6 network
communitynetworkv6="fda0:747e:ab29:7405:255::"
# Third octet from the server range
octet3rd="255"
# CIDR muss /16 sein
localserver=$(hostname)
for i in $server; do
(
for j in $server; do
if [ $i != $j ]; then
if [ $i = $(hostname) ]; then
ip link add $j type gretap local $(hostname -I | cut -f1 -d' ') remote $(dig +short $j.$domain) dev eth0 nopmtudisc
ip link set dev $j mtu $mtu
ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev $j
ip link set $j up
batctl if add $j
fi
fi
done
)
done
# configure bat0
ip link set address $communitymacaddress$:0{localserver#$communityname} dev bat0
ip link set up dev bat0
ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
ip -6 addr add fda0:747e:ab29:7405:255::${localserver#$communityname}/64 dev bat0
alfred -i bat0 > /dev/null 2>&1 &
batadv-vis -i bat0 -s > /dev/null 2>&1 &

50
files/keepalive.sh Normal file
View File

@ -0,0 +1,50 @@
#!/bin/bash
INTERFACE=eth0 # Set to name of VPN interface
shopt -s nullglob
# Test whether gateway is connected to the outer world via VPN
ping -q -I $INTERFACE 8.8.8.8 -c 4 -i 1 -W 5 >/dev/null 2>&1
if test $? -eq 0; then
NEW_STATE=server
else
NEW_STATE=off
fi
# Iterate through network interfaces in sys file system
for MESH in /sys/class/net/*/mesh; do
# Check whether gateway modus needs to be changed
OLD_STATE="$(cat $MESH/gw_mode)"
[ "$OLD_STATE" == "$NEW_STATE" ] && continue
echo $NEW_STATE > $MESH/gw_mode
echo 92MBit/92MBit > $MESH/gw_bandwidth
logger "batman gateway mode changed to $NEW_STATE"
# Check whether gateway modus has been deactivated
if [ "$NEW_STATE" == "off" ]; then
# Shutdown DHCP server to prevent renewal of leases
/usr/sbin/service isc-dhcp-server stop
fi
# Check whether gateway modus has been activated
if [ "$NEW_STATE" == "server" ]; then
# Restart DHCP server
/usr/sbin/service isc-dhcp-server start
fi
exit 0
done
if [ "$NEW_STATE" == "server" ]; then
/usr/sbin/service isc-dhcp-server status 2>&1> /dev/null
if $? -ne 0
then
/usr/sbin/service isc-dhcp-server restart
fi
fi
if [ "$NEW_STATE" == "off" ]; then
/usr/sbin/service isc-dhcp-server status 2>&1> /dev/null
if $? -eq 0
then
/usr/sbin/service isc-dhcp-server stop
fi
fi

51
files/l2tp_broker.cfg.j2 Normal file
View File

@ -0,0 +1,51 @@
[broker]
; IP address the broker will listen and accept tunnels on
address={{ ansible_default_ipv4.address }}
; Ports where the broker will listen on
port={{ sn_l2tp_tb_port }}
; Interface with that IP address
interface=eth0
; Maximum number of cached cookies, required for establishing a
; session with the broker
max_cookies=1024
; Maximum number of tunnels that will be allowed by the broker
max_tunnels=100
; Tunnel port base
port_base=15000
; Tunnel id base
tunnel_id_base=100
; Tunnel timeout interval in seconds
tunnel_timeout=60
; Should PMTU discovery be enabled
pmtu_discovery=false
; Namespace (for running multiple brokers); note that you must also
; configure disjunct ports, and tunnel identifiers in order for
; namespacing to work
namespace=troisdorf
[log]
; Log filename
filename=/var/log/tunneldigger-broker.log
; Verbosity
verbosity=DEBUG
; Should IP addresses be logged or not
log_ip_addresses=false
[hooks]
; Arguments to the session.{up,pre-down,down} hooks are as follows:
;
; <tunnel_id> <session_id> <interface> <mtu> <endpoint_ip> <endpoint_port> <local_port>
;
; Arguments to the session.mtu-changed hook are as follows:
;
; <tunnel_id> <session_id> <interface> <old_mtu> <new_mtu>
;
; Called after the tunnel interface goes up
session.up=/srv/tunneldigger/bataddif.sh
; Called just before the tunnel interface goes down
session.pre-down=/srv/tunneldigger/batdelif.sh
; Called after the tunnel interface goes down
session.down=
; Called after the tunnel MTU gets changed because of PMTU discovery
session.mtu-changed=

9
files/start-broker.sh Normal file
View File

@ -0,0 +1,9 @@
#!/bin/bash
WDIR=/srv/tunneldigger
VIRTUALENV_DIR=/srv/tunneldigger
cd $WDIR
source $VIRTUALENV_DIR/bin/activate
bin/python broker/l2tp_broker.py l2tp_broker.cfg

9
files/tunneldigger.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description = Start tunneldigger L2TPv3 broker
After = network.target
[Service]
ExecStart = /srv/tunneldigger/start-broker.sh
[Install]
WantedBy = multi-user.target

230
install.sn.yml Normal file
View File

@ -0,0 +1,230 @@
# First install ssh-key at remote computer
# In case of python error start:
# ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y"
# Version 3.1, gre-backbone
- name: Install Freifunk Troisdorf super node
# hosts: FreifunkSupernodesL2TP
hosts: '{{ target }}'
sudo: False
user: root
gather_facts: False
vars:
common_required_packages:
- git
- make
- gcc
- build-essential
- pkg-config
- libgps-dev
- libnl-3-dev
- libjansson-dev
- isc-dhcp-server
# - openvpn
- collectd
- libcap-dev
- iproute
- libnetfilter-conntrack3
- python-dev
- libevent-dev
- ebtables
- python-virtualenv
- iptables-persistent
- batctl
- iftop
- screen
- bridge-utils
- tcpdump
modules_required:
- batman-adv
- nf_conntrack_netlink
- nf_conntrack
- nfnetlink
- l2tp_netlink
- l2tp_core
- l2tp_eth
tunneldigger_scripts:
- start-broker.sh
- batdelif.sh
tunneldigger_service:
- tunneldigger.service
# openvpn_files:
# - mullvad_linux.conf
# - mullvad.key
# - mullvad.crt
# - ca.crt
# - crl.pem
# openvpn_scripts:
# - up.sh
# - down.sh
check_gw_script:
- keepalive.sh
backbone_script:
- gre_backbone.sh
system_startup:
- "# Routing einschalten"
- /sbin/sysctl -w net.ipv6.conf.all.forwarding=1
- /sbin/sysctl -w net.ipv4.ip_forward=1
# - "# Routing Tabelle 42 fuer Freifunk anlegen, wenn noch nicht vorhanden"
# - #/bin/grep 42 /etc/iproute2/rt_tables || echo '42 42' >> /etc/iproute2/rt_tables"
# - "# Freifunk Daten sollen mit 0x1 markiert werden"
# - /sbin/iptables -t mangle -A PREROUTING -i bat0 -j MARK --set-xmark 0x1
# - "# Erstmal unreachable melden, ausser OpenVPN ist aufgebaut"
# - "#/sbin/ip route add unreachable default table 42"
# - "# Alles was mit 0x1 markiert ist soll nach Routing Tabelle 42 behandelt werden"
# - "/sbin/ip rule add from all fwmark 0x1 table 42 priority 4"
- "#NAT auf eth0 aktivieren"
- /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- "#GRE Backbone aufbauen"
- /opt/freifunk/gre_backbone.sh
authorized_keys:
- authorized_keys
tasks:
- name: Remove cdrom in sources.list
raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list"
- name: Make this server ansible compatible
raw: "apt-get update && apt-get install python -y"
- name: Add backport repo to source list #target: /etc/apt/sources.list.d
apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present
- name: Update apt cache
apt: update_cache=yes
# - name: Install new kernel
# apt: name=linux-image-4.2.0-0.bpo.1-amd64 state=present
# register: kernel4
- name: Gathering facts
setup:
- name: Set IPv4 in hostfile
lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv4.address }}' line='{{ ansible_default_ipv4.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present
- name: Set IPv6 in hostfile
lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv6.address }}' line='{{ ansible_default_ipv6.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present
when: ansible_default_ipv6.address is defined
- name: set hostname
hostname: name='{{ sn_hostname }}'
register: hostname
- name: Reboot the server
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
when: hosts.changed
when: hostname.changed
- name: waiting for server to come back
local_action:
wait_for
host={{ inventory_hostname }}
port=22
delay=15
timeout=300
when: hosts.changed
when: hostname.changed
- name: Install common required packages
apt: state=installed pkg={{ item }}
with_items: common_required_packages
register: apt_updates
- name: Install Linux headers
shell: "apt-get install linux-headers-$(uname -r) -y"
when: apt_updates.changed
- name: Add modules
lineinfile: dest=/etc/modules line={{ item }}
with_items: modules_required
register: modules_req
- name: Load modules
modprobe: name={{ item }}
with_items: modules_required
when: modules_req.changed
- name: Get Tunneldigger
git: repo=https://github.com/wlanslovenija/tunneldigger.git
dest=/srv/tunneldigger
register: tunneldigger
- name: Configure tunneldigger
command: "{{item}}"
with_items:
- virtualenv /srv/tunneldigger/ -p python2.7
when: tunneldigger.changed
- name: Tunneldigger requirements
pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/
when: tunneldigger.changed
- name: Copy l2tp broker config template
template: src=./files/l2tp_broker.cfg.j2 dest=/srv/tunneldigger/l2tp_broker.cfg owner=root group=root mode=0444
when: tunneldigger.changed
- name: Copy tunneldigger script template
template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500
when: tunneldigger.changed
- name: Copy tunneldigger scripts
copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500
with_items: tunneldigger_scripts
when: tunneldigger.changed
- name: Copy tunneldigger service file
copy: src=./files/{{ item }} dest=/etc/systemd/system/tunneldigger.service owner=root group=root mode=0444
with_items: tunneldigger_service
when: tunneldigger.changed
- name: Tunneldigger reload
command: "{{item}}"
with_items:
- systemctl daemon-reload
- systemctl enable tunneldigger.service
when: tunneldigger.changed
- name: Check if alfred is installed
command: dpkg-query -W alfred
register: alfred_check_deb
failed_when: alfred_check_deb.rc > 1
changed_when: alfred_check_deb.rc == 1
- name: Download alfred
get_url:
url="https://firmware.freifunk-wuppertal.net/deb/alfred_2015.0_amd64.deb"
dest="/tmp/alfred_2015.0_amd64.deb"
when: alfred_check_deb.rc == 1
- name: Install alfred
apt: deb="/tmp/alfred_2015.0_amd64.deb"
sudo: False
when: alfred_check_deb.rc == 1
# - name: copy openvpn files
# copy: src=./files/{{ item }} dest=/etc/openvpn owner=root group=root mode=0400
# with_items: openvpn_files
# - name: copy openvpn scripts
# copy: src=./files/{{ item }} dest=/etc/openvpn owner=root group=root mode=0500
# with_items: openvpn_scripts
- name: Create freifunk directory
file: path=/opt/freifunk state=directory mode=0755
- name: Check gateway / keepalive script
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
with_items: check_gw_script
register: check_gw
- name: Add cron job with check gateway script
cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root"
when: check_gw.changed
- name: Copy dhcpd template file
template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
- name: Copy backbone script
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
with_items: backbone_script
- name: Collectd template file
template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
- name: configure rc.local 1st
lineinfile: dest=/etc/rc.local line="{{ item }}" state=present
with_items: system_startup
register: rc
- name: configure rc.local 2nd
lineinfile: dest=/etc/rc.local line="exit 0" state=absent
when: rc.changed
- name: configure rc.local 3rd
lineinfile: dest=/etc/rc.local line="exit 0" state=present
when: rc.changed
- name: SSH authorized_keys
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
with_items: authorized_keys
- name: Reboot the server finally
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
when: tunneldigger.changed
- name: waiting for server to come back
local_action:
wait_for
host={{ inventory_hostname }}
port=22
delay=15
timeout=300
when: tunneldigger.changed