Freifunk-Troisdorf/ansible.fftdf.supernode
5
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Have fun

Browse Source
This commit is contained in:
Roman Katrincak 2015-11-28 15:25:29 +01:00
parent c6e94dc462
commit 1733978af2
12 changed files with 1372 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
README.md
View File

@ -1,2 +1,21 @@
# ansible.fftdf.supernode # ansible.fftdf.supernode
Ansible yml file to manage Freifunk Troisdorf supernodes Ansible yml file to manage Freifunk Troisdorf supernodes
At this time you have to start it explicit with the target server
example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf5"
You need this information in your hosts (/etc/ansible/hosts) file:
#example, I hope self explaining
[troisdorf5]
78.46.233.212
[troisdorf5:vars]
sn_hostname=troisdorf5
sn_dhcp_range=10.188.115.1 10.188.115.254
sn_dhcp_dns=10.188.1.100, 10.188.1.23
sn_dhcp_router=10.188.255.5
sn_mesh_IPv6=fda0:747e:ab29:7405:255::5
sn_mesh_IPv4=10.188.255.5
sn_mesh_MAC=a2:8c:ae:6f:f6:05
sn_fqdn=freifunk-troisdorf.de
sn_l2tp_tb_port=53844

13
files/authorized_keys Normal file
View File

@ -0,0 +1,13 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDPUaWm37b93Lqmg1wMj0qvUURBKpWsRiRUzzRAaQrIdhcZjo0Gkw4vv7tpFQCmvWqxUpzH00GDKjLrMvNfcv+5b0Ctl06Bo+e4nb2SVsFhjaP9MLIjHiKpgivIPx9aKwxKx/VjsW920eWOG+VaDKIJTxPGUYedaUgIktvhutAbOyRR/OJlIZ3Qs0cnyT4KTM4pe4br2p3+mNs6J7G+z8Lw99WiUBfUwsRLVO68nJA2PKlJNEUGJycngqV06iQpcDfei88DFRMetN9bhVYxWFIzCQfjjqs8dkomEhfFQwfOTYiOouhaycZABwU4pPmQwZIkp1q4KduodU/KYsf78WitYgavHVInWBQuAUljafwQpTLHy8AI6M3XmbKi5rvNZiy4hoxfaT7rYJGuBoTwsZEHI7Sf26XsyQKJdu29mmIYPpzPKP7VAyjAVLqruLX1Yy0oZuM22YFFj5MHuoEN3WdXOYymvZyOM05xXeQk6gVh3EE6MpbK8CFz1KPNEjd+vce1zUyACDvqdt6ZIjqmUdivBsvHDTqMgH9mSxjjjwLy+Sd7snXx0bqksTdPChAlXN9vs3ez8FJl0P4inzjza8l8zGqaa2A1CsO8dRcyojohczLYoTHWQTB3tVIdcj55UIE= Roman
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUlPYUqsisJoBT5iDOc7OQXadZyFgI2Z+n+ARPg7OLgkw4SCORAOd53x6KYQZFhq9LP6Dv+kNkk3Qvd/uIr8avG3nxRcHWSIU9ICUmGzEp+W7dT1ExzhVkFxQG7f219ifjRO95xeQNI45MdVKBytQoQGNMoNLXTOZfW5mYr5yQWePa2OmdJLPWrAoHpS2PgrcqWzqdSBuKLdPQgr8KKHGvn9Wf/t9/6/foYfBlzf+emfxZY0M7vJUcCkpK+m66ECE2/eu9aE3m4oBOImivy9/yCta2BASJKCycYoTijRlihcllT3zSt2AGlK7OKpZRDlvFOPuL4yw1LsreBRkkdcAZ reka
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb1l5B82IeYYmapacMPR1KQV7r24Qc7K9v33Wtfyi3GuF6sz/Z014ZvtI6TwodvjWH5yx0yh+zY8BQzgb29zQm6vCjnAzDX2QdJJtAruNcl3Ib8rnp4dIRtSRwxwTP/QSltuSokMMoCoKI3Zl0i4MvlCCezjSVWzmfeTr8OA9pDz1eJ9hZn87IaBghVIOIpZYvoxhE7GAbctqA+Jx3XUoWyY4LJpgMA4Y2q9YjQ9bWNyQb5FuwCp4akapwDFEvbTDY0DyAHKmm7txv+5q5RkxfFq3K/DtcILbm0wtAsqM7VZu2TYOj+KiEHJmJMAq+yYNEWzMTsnr7mjqz8I5uOA0V jan@gefion
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNx2LqPdxwg26i4PytNUIbabqf7eb9gIp6dgwwIqFUnqbnTcilzxlm1FZoH+yMKvYY0G+ZNPG9Zs59QWE/m+mPBOjmrf5N4EH3BW3L/VRLesFMokXHtxkXZzX8CD7c+C0DGmcWfQNMD9tOYsKVm3No3Yr1Hy/WmVQbdEjpkowGpl/y1GFjZqa0dGBhVwAzdHjxsKkpbbVJDDzBwY6WReV+b6Ychgk4S58caJWXAZhkv/2bnaGW1SloHST+GBZrFa+JYbS0D1eortfpPsSR0AMqReJ+NSBKopOYC+WbqEFk9V5VJgbIsT27hRLk3Ctn8MuBUCP1vzn6gyPK91o/ZZqH jan@odin
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVxoI2GdqqnK0eKsx5xXiYca19toxB+s9lHb9u9gdmJ52tsl75XZVT2R44o5Yu8KciSPx+khzj7vL3RWieVTrPGhlbYQnOuK73x420rGejjAyDFPQWQxw98Bx0a7VHBsSUpndcnlLBMPe6bIOLI8j7c/sV26rEOAF7LshuONq4E5SMUTL4bp2dhfBgC8SjGdevBpwR1rCBIt51jhvS/asBIUZNrabG3NPwNoaRLELUbFZm7vLF777GWuBzM0G41iImb8nuC1q9WSt66ShhSxLthvl1wdyvixgCgY5yM3eOVJHheMWR6mwE2ZdAeLAFjfXKBqoH5My7a4K96wyUMptD nodeadmin@update1
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA5OYOF+VBtXXxv/wZkT5K3P7QAUJaM88zJqeGh8NJCO7EDg9jLoWLzAP7LnM9XEA4ycWdl8HX1+EUKqVXAbSNItTZZkO9LCbIiIe1w8oJd2j9hY0IpxPqbz9ePPZh0JtxAZMh3NgOoSiND0leAeOt0lTlDPh4g3G4KvR33d9PIj5ZerU47ceLyy4xEwNbZDKD04+frpq1W+lDqglR0jV/h/pcoQTAEBflbmGLeXIXRsR6zq/of4Wx/MlX18VD9SXPLGXvQ5c4lt5PvV/oeHz4gEjPv2hrI3s3fyWakadAuI9ah48CaEgpVReUGjtYDc0PskvjAH/+slqIHW1D5El+R1Z/2wn/aEGokFHUc0SiFb3NAOwxWvMtUHhXi9ZiTHt0p/0FwWZ1pxqRzODvK8uZ7LAJRGe6q9NYQkIax6SLOfWm4MFWDpDLgWz5MSbPqo+Kfo0614z1mxA3vpY53lUqEGRx4I6z/PDaOHMFd3sxhSMPGvmMvAOLTRofFppwUq1YqQkd6embsJjBN0gU9AilpL5Q2il0OoW4g0rUR8HPJczuDzmHZTXpPU2dY6MhAJ0sbNmk0XhmyoEH9/A1zPEHmirTcBMmbFUsYmR6+MnHEhxnRu5PQpXqcu2vN+JAeasgJShRl7g+rHIdutswHUAWWyfgaD0GF3f6zuOLooz1XQU= localadmin@tst-ansible

7
files/bataddif.sh.j2 Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
INTERFACE="$3"
ip link set address {{ sn_mesh_MAC }} dev $INTERFACE
ip link set dev $INTERFACE up mtu 1312
/usr/sbin/batctl if add $INTERFACE

4
files/batdelif.sh Normal file
View File

@ -0,0 +1,4 @@
#!/bin/bash
INTERFACE="$3"
/usr/sbin/batctl if del $INTERFACE

922
files/collectd.conf.j2 Normal file
View File

@ -0,0 +1,922 @@
# Config file for collectd(1).
#
# Some plugins need additional configuration and are disabled by default.
# Please read collectd.conf(5) for details.
#
# You should also read /usr/share/doc/collectd-core/README.Debian.plugins
# before enabling any more plugins.
Hostname "{{ sn_hostname }}"
FQDNLookup true
BaseDir "/var/lib/collectd"
PluginDir "/usr/lib/collectd"
#TypesDB "/usr/share/collectd/types.db" "/etc/collectd/my_types.db"
Interval 100
Timeout 2
ReadThreads 5
LoadPlugin write_graphite
<Plugin write_graphite>
<Carbon>
Host "10.188.1.27"
Port "2003"
Prefix "collectd.gateways."
StoreRates true
AlwaysAppendDS false
EscapeCharacter "_"
</Carbon>
</Plugin>
LoadPlugin syslog
LoadPlugin interface
LoadPlugin cpu
LoadPlugin df
LoadPlugin disk
LoadPlugin entropy
LoadPlugin irq
LoadPlugin load
LoadPlugin memory
LoadPlugin openvpn
LoadPlugin processes
LoadPlugin swap
LoadPlugin rrdtool
LoadPlugin users
<Plugin rrdtool>
DataDir "/var/lib/collectd/rrd"
# CacheTimeout 120
# CacheFlush 900
# WritesPerSecond 30
# RandomTimeout 0
#
# The following settings are rather advanced
# and should usually not be touched:
# StepSize 10
# HeartBeat 20
# RRARows 1200
# RRATimespan 158112000
# XFF 0.1
</Plugin>
#<Plugin logfile>
# LogLevel "info"
# File STDOUT
# Timestamp true
# PrintSeverity false
#</Plugin>
<Plugin syslog>
LogLevel info
</Plugin>
<Plugin interface>
Interface "eth0"
Interface "bat0"
Interface "fastd-tro"
Interface "mullvad"
IgnoreSelected false
</Plugin>
#####################################################################
#LoadPlugin amqp
#LoadPlugin apache
#LoadPlugin apcups
#LoadPlugin ascent
#LoadPlugin battery
#LoadPlugin bind
#LoadPlugin conntrack
#LoadPlugin contextswitch
#LoadPlugin cpufreq
#LoadPlugin csv
#LoadPlugin curl
#LoadPlugin curl_json
#LoadPlugin curl_xml
#LoadPlugin dbi
#LoadPlugin dns
#LoadPlugin email
#LoadPlugin ethstat
#LoadPlugin exec
#LoadPlugin filecount
#LoadPlugin fscache
#LoadPlugin gmond
#LoadPlugin hddtemp
#LoadPlugin ipmi
#LoadPlugin iptables
#LoadPlugin ipvs
#LoadPlugin java
#LoadPlugin libvirt
#LoadPlugin madwifi
#LoadPlugin mbmon
#LoadPlugin md
#LoadPlugin memcachec
#LoadPlugin memcached
#LoadPlugin multimeter
#LoadPlugin mysql
#LoadPlugin netlink
#LoadPlugin network
#LoadPlugin nfs
#LoadPlugin nginx
#LoadPlugin notify_desktop
#LoadPlugin notify_email
#LoadPlugin ntpd
#LoadPlugin numa
#LoadPlugin nut
#LoadPlugin olsrd
#<LoadPlugin perl>
# Globals true
#</LoadPlugin>
#LoadPlugin pinba
#LoadPlugin ping
#LoadPlugin postgresql
#LoadPlugin powerdns
#LoadPlugin protocols
#<LoadPlugin python>
# Globals true
#</LoadPlugin>
#LoadPlugin rrdcached
#LoadPlugin sensors
#LoadPlugin serial
#LoadPlugin snmp
#LoadPlugin table
#LoadPlugin tail
#LoadPlugin tcpconns
#LoadPlugin teamspeak2
#LoadPlugin ted
#LoadPlugin thermal
#LoadPlugin tokyotyrant
#LoadPlugin unixsock
#LoadPlugin uptime
#LoadPlugin uuid
#LoadPlugin varnish
#LoadPlugin vmem
#LoadPlugin vserver
#LoadPlugin wireless
#LoadPlugin write_http
#LoadPlugin write_mongodb
#<Plugin amqp>
# <Publish "name">
# Host "localhost"
# Port "5672"
# VHost "/"
# User "guest"
# Password "guest"
# Exchange "amq.fanout"
# RoutingKey "collectd"
# Persistent false
# StoreRates false
# </Publish>
#</Plugin>
#<Plugin apache>
# <Instance "foo">
# URL "http://localhost/server-status?auto"
# User "www-user"
# Password "secret"
# VerifyPeer false
# VerifyHost false
# CACert "/etc/ssl/ca.crt"
# Server "apache"
# </Instance>
#
# <Instance "bar">
# URL "http://some.domain.tld/status?auto"
# Host "some.domain.tld"
# Server "lighttpd"
# </Instance>
#</Plugin>
#<Plugin apcups>
# Host "localhost"
# Port "3551"
#</Plugin>
#<Plugin ascent>
# URL "http://localhost/ascent/status/"
# User "www-user"
# Password "secret"
# VerifyPeer false
# VerifyHost false
# CACert "/etc/ssl/ca.crt"
#</Plugin>
#<Plugin "bind">
# URL "http://localhost:8053/"
#
# ParseTime false
#
# OpCodes true
# QTypes true
# ServerStats true
# ZoneMaintStats true
# ResolverStats false
# MemoryStats true
#
# <View "_default">
# QTypes true
# ResolverStats true
# CacheRRSets true
#
# Zone "127.in-addr.arpa/IN"
# </View>
#</Plugin>
#<Plugin csv>
# DataDir "/var/lib/collectd/csv"
# StoreRates false
#</Plugin>
#<Plugin curl>
# <Page "stock_quotes">
# URL "http://finance.google.com/finance?q=NYSE%3AAMD"
# User "foo"
# Password "bar"
# VerifyPeer false
# VerifyHost false
# CACert "/etc/ssl/ca.crt"
# MeasureResponseTime false
# <Match>
# Regex "<span +class=\"pr\"[^>]*> *([0-9]*\\.[0-9]+) *</span>"
# DSType "GaugeAverage"
# Type "stock_value"
# Instance "AMD"
# </Match>
# </Page>
#</Plugin>
#<Plugin curl_json>
## See: http://wiki.apache.org/couchdb/Runtime_Statistics
# <URL "http://localhost:5984/_stats">
# Instance "httpd"
# <Key "httpd/requests/count">
# Type "http_requests"
# </Key>
#
# <Key "httpd_request_methods/*/count">
# Type "http_request_methods"
# </Key>
#
# <Key "httpd_status_codes/*/count">
# Type "http_response_codes"
# </Key>
# </URL>
## Database status metrics:
# <URL "http://localhost:5984/_all_dbs">
# Instance "dbs"
# <Key "*/doc_count">
# Type "gauge"
# </Key>
# <Key "*/doc_del_count">
# Type "counter"
# </Key>
# <Key "*/disk_size">
# Type "bytes"
# </Key>
# </URL>
#</Plugin>
#<Plugin "curl_xml">
# <URL "http://localhost/stats.xml">
# Host "my_host"
# Instance "some_instance"
# User "collectd"
# Password "thaiNg0I"
# VerifyPeer true
# VerifyHost true
# CACert "/path/to/ca.crt"
#
# <XPath "table[@id=\"magic_level\"]/tr">
# Type "magic_level"
# InstancePrefix "prefix-"
# InstanceFrom "td[1]"
# ValuesFrom "td[2]/span[@class=\"level\"]"
# </XPath>
# </URL>
#</Plugin>
#<Plugin dbi>
# <Query "num_of_customers">
# Statement "SELECT 'customers' AS c_key, COUNT(*) AS c_value \
# FROM customers_tbl"
# MinVersion 40102
# MaxVersion 50042
# <Result>
# Type "gauge"
# InstancePrefix "customer"
# InstancesFrom "c_key"
# ValuesFrom "c_value"
# </Result>
# </Query>
#
# <Database "customers_db">
# Driver "mysql"
# DriverOption "host" "localhost"
# DriverOption "username" "collectd"
# DriverOption "password" "secret"
# DriverOption "dbname" "custdb0"
# SelectDB "custdb0"
# Query "num_of_customers"
# Query "..."
# </Database>
#</Plugin>
#<Plugin df>
# Device "/dev/sda1"
# Device "192.168.0.2:/mnt/nfs"
# MountPoint "/home"
# FSType "ext3"
# IgnoreSelected false
# ReportByDevice false
# ReportReserved false
# ReportInodes false
#</Plugin>
#<Plugin disk>
# Disk "hda"
# Disk "/sda[23]/"
# IgnoreSelected false
#</Plugin>
#<Plugin dns>
# Interface "eth0"
# IgnoreSource "192.168.0.1"
# SelectNumericQueryTypes false
#</Plugin>
#<Plugin email>
# SocketFile "/var/run/collectd-email"
# SocketGroup "collectd"
# SocketPerms "0770"
# MaxConns 5
#</Plugin>
#<Plugin ethstat>
# Interface "eth0"
# Map "rx_csum_offload_errors" "if_rx_errors" "checksum_offload"
# Map "multicast" "if_multicast"
# MappedOnly false
#</Plugin>
#<Plugin exec>
# Exec user "/path/to/exec"
# Exec "user:group" "/path/to/exec"
# NotificationExec user "/path/to/exec"
#</Plugin>
#<Plugin filecount>
# <Directory "/path/to/dir">
# Instance "foodir"
# Name "*.conf"
# MTime "-5m"
# Size "+10k"
# Recursive true
# IncludeHidden false
# </Directory>
#</Plugin>
#<Plugin gmond>
# MCReceiveFrom "239.2.11.71" "8649"
#
# <Metric "swap_total">
# Type "swap"
# TypeInstance "total"
# DataSource "value"
# </Metric>
#
# <Metric "swap_free">
# Type "swap"
# TypeInstance "free"
# DataSource "value"
# </Metric>
#</Plugin>
#<Plugin hddtemp>
# Host "127.0.0.1"
# Port 7634
#</Plugin>
#<Plugin interface>
# Interface "eth0"
# IgnoreSelected false
#</Plugin>
#<Plugin ipmi>
# Sensor "some_sensor"
# Sensor "another_one"
# IgnoreSelected false
# NotifySensorAdd false
# NotifySensorRemove true
# NotifySensorNotPresent false
#</Plugin>
#<Plugin iptables>
# Chain "table" "chain"
#</Plugin>
#<Plugin irq>
# Irq 7
# Irq 8
# Irq 9
# IgnoreSelected true
#</Plugin>
#<Plugin java>
# JVMArg "-verbose:jni"
# JVMArg "-Djava.class.path=/usr/share/collectd/java/collectd-api.jar"
#
# LoadPlugin "org.collectd.java.GenericJMX"
# <Plugin "GenericJMX">
# # See /usr/share/doc/collectd/examples/GenericJMX.conf
# # for an example config.
# </Plugin>
#</Plugin>
#<Plugin libvirt>
# Connection "xen:///"
# RefreshInterval 60
# Domain "name"
# BlockDevice "name:device"
# InterfaceDevice "name:device"
# IgnoreSelected false
# HostnameFormat name
# InterfaceFormat name
#</Plugin>
#<Plugin madwifi>
# Interface "wlan0"
# IgnoreSelected false
# Source "SysFS"
# WatchSet "None"
# WatchAdd "node_octets"
# WatchAdd "node_rssi"
# WatchAdd "is_rx_acl"
# WatchAdd "is_scan_active"
#</Plugin>
#<Plugin mbmon>
# Host "127.0.0.1"
# Port 411
#</Plugin>
#<Plugin md>
# Device "/dev/md0"
# IgnoreSelected false
#</Plugin>
#<Plugin memcachec>
# <Page "plugin_instance">
# Server "localhost"
# Key "page_key"
# <Match>
# Regex "(\\d+) bytes sent"
# ExcludeRegex "<lines to be excluded>"
# DSType CounterAdd
# Type "ipt_octets"
# Instance "type_instance"
# </Match>
# </Page>
#</Plugin>
#<Plugin memcached>
# Socket "/var/run/memcached.sock"
# or:
# Host "127.0.0.1"
# Port "11211"
#</Plugin>
#<Plugin mysql>
# <Database db_name>
# Host "database.serv.er"
# Port "3306"
# User "db_user"
# Password "secret"
# Database "db_name"
# MasterStats true
# </Database>
#
# <Database db_name2>
# Host "localhost"
# Socket "/var/run/mysql/mysqld.sock"
# SlaveStats true
# SlaveNotifications true
# </Database>
#</Plugin>
#<Plugin netlink>
# Interface "All"
# VerboseInterface "All"
# QDisc "eth0" "pfifo_fast-1:0"
# Class "ppp0" "htb-1:10"
# Filter "ppp0" "u32-1:0"
# IgnoreSelected false
#</Plugin>
#<Plugin network>
# # client setup:
# Server "ff18::efc0:4a42" "25826"
# <Server "239.192.74.66" "25826">
# SecurityLevel Encrypt
# Username "user"
# Password "secret"
# Interface "eth0"
# </Server>
# TimeToLive "128"
#
# # server setup:
# Listen "ff18::efc0:4a42" "25826"
# <Listen "239.192.74.66" "25826">
# SecurityLevel Sign
# AuthFile "/etc/collectd/passwd"
# Interface "eth0"
# </Listen>
# MaxPacketSize 1024
#
# # proxy setup (client and server as above):
# Forward true
#
# # statistics about the network plugin itself
# ReportStats false
#
# # "garbage collection"
# CacheFlush 1800
#</Plugin>
#<Plugin nginx>
# URL "http://localhost/status?auto"
# User "www-user"
# Password "secret"
# VerifyPeer false
# VerifyHost false
# CACert "/etc/ssl/ca.crt"
#</Plugin>
#<Plugin notify_desktop>
# OkayTimeout 1000
# WarningTimeout 5000
# FailureTimeout 0
#</Plugin>
#<Plugin notify_email>
# SMTPServer "localhost"
# SMTPPort 25
# SMTPUser "my-username"
# SMTPPassword "my-password"
# From "collectd@main0server.com"
# # <WARNING/FAILURE/OK> on <hostname>.
# # Beware! Do not use not more than two placeholders (%)!
# Subject "[collectd] %s on %s!"
# Recipient "email1@domain1.net"
# Recipient "email2@domain2.com"
#</Plugin>
#<Plugin ntpd>
# Host "localhost"
# Port 123
# ReverseLookups false
#</Plugin>
#<Plugin nut>
# UPS "upsname@hostname:port"
#</Plugin>
#<Plugin olsrd>
# Host "127.0.0.1"
# Port "2006"
# CollectLinks "Summary"
# CollectRoutes "Summary"
# CollectTopology "Summary"
#</Plugin>
#<Plugin openvpn>
# StatusFile "/etc/openvpn/openvpn-status.log"
# ImprovedNamingSchema false
# CollectCompression true
# CollectIndividualUsers true
# CollectUserCount false
#</Plugin>
#<Plugin perl>
# IncludeDir "/my/include/path"
# BaseName "Collectd::Plugins"
# EnableDebugger ""
# LoadPlugin Monitorus
# LoadPlugin OpenVZ
#
# <Plugin foo>
# Foo "Bar"
# Qux "Baz"
# </Plugin>
#</Plugin>
#<Plugin pinba>
# Address "::0"
# Port "30002"
# <View "name">
# Host "host name"
# Server "server name"
# Script "script name"
# <View>
#</Plugin>
#<Plugin ping>
# Host "host.foo.bar"
# Host "host.baz.qux"
# Interval 1.0
# Timeout 0.9
# TTL 255
# SourceAddress "1.2.3.4"
# Device "eth0"
# MaxMissed -1
#</Plugin>
#<Plugin postgresql>
# <Query magic>
# Statement "SELECT magic FROM wizard WHERE host = $1;"
# Param hostname
#
# <Result>
# Type gauge
# InstancePrefix "magic"
# ValuesFrom "magic"
# </Result>
# </Query>
#
# <Query rt36_tickets>
# Statement "SELECT COUNT(type) AS count, type \
# FROM (SELECT CASE \
# WHEN resolved = 'epoch' THEN 'open' \
# ELSE 'resolved' END AS type \
# FROM tickets) type \
# GROUP BY type;"
#
# <Result>
# Type counter
# InstancePrefix "rt36_tickets"
# InstancesFrom "type"
# ValuesFrom "count"
# </Result>
# </Query>
#
# <Database foo>
# Host "hostname"
# Port 5432
# User "username"
# Password "secret"
#
# SSLMode "prefer"
# KRBSrvName "kerberos_service_name"
#
# Query magic
# </Database>
#
# <Database bar>
# Interval 60
# Service "service_name"
#
# Query backend # predefined
# Query rt36_tickets
# </Database>
#</Plugin>
#<Plugin powerdns>
# <Server "server_name">
# Collect "latency"
# Collect "udp-answers" "udp-queries"
# Socket "/var/run/pdns.controlsocket"
# </Server>
# <Recursor "recursor_name">
# Collect "questions"
# Collect "cache-hits" "cache-misses"
# Socket "/var/run/pdns_recursor.controlsocket"
# </Recursor>
# LocalSocket "/opt/collectd/var/run/collectd-powerdns"
#</Plugin>
#<Plugin processes>
# Process "name"
# ProcessMatch "foobar" "/usr/bin/perl foobar\\.pl.*"
#</Plugin>
#<Plugin protocols>
# Value "/^Tcp:/"
# IgnoreSelected false
#</Plugin>
#<Plugin python>
# ModulePath "/path/to/your/python/modules"
# LogTraces true
# Interactive true
# Import "spam"
#
# <Module spam>
# spam "wonderful" "lovely"
# </Module>
#</Plugin>
#<Plugin rrdcached>
# DaemonAddress "unix:/var/run/rrdcached.sock"
# DataDir "/var/lib/rrdcached/db/collectd"
# CreateFiles true
# CollectStatistics true
#</Plugin>
#<Plugin sensors>
# SensorConfigFile "/etc/sensors3.conf"
# Sensor "it8712-isa-0290/temperature-temp1"
# Sensor "it8712-isa-0290/fanspeed-fan3"
# Sensor "it8712-isa-0290/voltage-in8"
# IgnoreSelected false
#</Plugin>
# See /usr/share/doc/collectd/examples/snmp-data.conf.gz for a
# comprehensive sample configuration.
#<Plugin snmp>
# <Data "powerplus_voltge_input">
# Type "voltage"
# Table false
# Instance "input_line1"
# Scale 0.1
# Values "SNMPv2-SMI::enterprises.6050.5.4.1.1.2.1"
# </Data>
# <Data "hr_users">
# Type "users"
# Table false
# Instance ""
# Shift -1
# Values "HOST-RESOURCES-MIB::hrSystemNumUsers.0"
# </Data>
# <Data "std_traffic">
# Type "if_octets"
# Table true
# InstancePrefix "traffic"
# Instance "IF-MIB::ifDescr"
# Values "IF-MIB::ifInOctets" "IF-MIB::ifOutOctets"
# </Data>
#
# <Host "some.switch.mydomain.org">
# Address "192.168.0.2"
# Version 1
# Community "community_string"
# Collect "std_traffic"
# Inverval 120
# </Host>
# <Host "some.server.mydomain.org">
# Address "192.168.0.42"
# Version 2
# Community "another_string"
# Collect "std_traffic" "hr_users"
# </Host>
# <Host "some.ups.mydomain.org">
# Address "192.168.0.3"
# Version 1
# Community "more_communities"
# Collect "powerplus_voltge_input"
# Interval 300
# </Host>
#</Plugin>
#<Plugin swap>
# ReportByDevice false
#</Plugin>
#<Plugin table>
# <Table "/proc/slabinfo">
# Instance "slabinfo"
# Separator " "
# <Result>
# Type gauge
# InstancePrefix "active_objs"
# InstancesFrom 0
# ValuesFrom 1
# </Result>
# <Result>
# Type gauge
# InstancePrefix "objperslab"
# InstancesFrom 0
# ValuesFrom 4
# </Result>
# </Table>
#</Plugin>
#<Plugin "tail">
# <File "/var/log/exim4/mainlog">
# Instance "exim"
# <Match>
# Regex "S=([1-9][0-9]*)"
# DSType "CounterAdd"
# Type "ipt_bytes"
# Instance "total"
# </Match>
# <Match>
# Regex "\\<R=local_user\\>"
# ExcludeRegex "\\<R=local_user\\>.*mail_spool defer"
# DSType "CounterInc"
# Type "counter"
# Instance "local_user"
# </Match>
# </File>
#</Plugin>
#<Plugin tcpconns>
# ListeningPorts false
# LocalPort "25"
# RemotePort "25"
#</Plugin>
#<Plugin teamspeak2>
# Host "127.0.0.1"
# Port "51234"
# Server "8767"
#</Plugin>
#<Plugin ted>
# Device "/dev/ttyUSB0"
# Retries 0
#</Plugin>
#<Plugin thermal>
# ForceUseProcfs false
# Device "THRM"
# IgnoreSelected false
#</Plugin>
#<Plugin tokyotyrant>
# Host "localhost"
# Port "1978"
#</Plugin>
#<Plugin unixsock>
# SocketFile "/var/run/collectd-unixsock"
# SocketGroup "collectd"
# SocketPerms "0660"
# DeleteSocket false
#</Plugin>
#<Plugin uuid>
# UUIDFile "/etc/uuid"
#</Plugin>
#<Plugin varnish>
# <Instance>
# CollectCache true
# CollectBackend true
# CollectConnections true
# CollectSHM true
# CollectESI false
# CollectFetch false
# CollectHCB false
# CollectSMA false
# CollectSMS false
# CollectSM false
# CollectTotals false
# CollectWorkers false
# </Instance>
#
# <Instance "myinstance">
# CollectCache true
# </Instance>
#</Plugin>
#<Plugin vmem>
# Verbose false
#</Plugin>
#<Plugin write_http>
# <URL "http://example.com/collectd-post">
# User "collectd"
# Password "secret"
# VerifyPeer true
# VerifyHost true
# CACert "/etc/ssl/ca.crt"
# Format "Command"
# StoreRates false
# </URL>
#</Plugin>
#<Plugin write_mongodb>
# <Node "example">
# Host "localhost"
# Port "27017"
# Timeout 1000
# StoreRates false
# <Node>
#</Plugin>
Include "/etc/collectd/filters.conf"
Include "/etc/collectd/thresholds.conf"

14
files/dhcpd.conf.j2 Normal file
View File

@ -0,0 +1,14 @@
ddns-update-style none;
option domain-name "fftdf";
default-lease-time 300;
max-lease-time 3600;
log-facility local7;
subnet 10.188.0.0 netmask 255.255.0.0 {
authoritative;
range {{ sn_dhcp_range }};
option domain-name-servers {{ sn_dhcp_dns }};
option routers {{ sn_dhcp_router }};
interface bat0;
}

44
files/gre_backbone.sh Normal file
View File

@ -0,0 +1,44 @@
#!/bin/sh
# Server name ending must be a single digit number
communityname="troisdorf"
server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6"
domain="freifunk-troisdorf.de"
mtu=1500
# community MAC address, without the last Byte (:)!
communitymacaddress="a2:8c:ae:6f:f6"
# Network part of the network, without the trailing dot
communitynetwork="10.188"
# IPv6 network
communitynetworkv6="fda0:747e:ab29:7405:255::"
# Third octet from the server range
octet3rd="255"
# CIDR muss /16 sein
localserver=$(hostname)
for i in $server; do
(
for j in $server; do
if [ $i != $j ]; then
if [ $i = $(hostname) ]; then
ip link add $j type gretap local $(hostname -I | cut -f1 -d' ') remote $(dig +short $j.$domain) dev eth0 nopmtudisc
ip link set dev $j mtu $mtu
ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev $j
ip link set $j up
batctl if add $j
fi
fi
done
)
done
# configure bat0
ip link set address $communitymacaddress$:0{localserver#$communityname} dev bat0
ip link set up dev bat0
ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
ip -6 addr add fda0:747e:ab29:7405:255::${localserver#$communityname}/64 dev bat0
alfred -i bat0 > /dev/null 2>&1 &
batadv-vis -i bat0 -s > /dev/null 2>&1 &

50
files/keepalive.sh Normal file
View File

@ -0,0 +1,50 @@
#!/bin/bash
INTERFACE=eth0 # Set to name of VPN interface
shopt -s nullglob
# Test whether gateway is connected to the outer world via VPN
ping -q -I $INTERFACE 8.8.8.8 -c 4 -i 1 -W 5 >/dev/null 2>&1
if test $? -eq 0; then
NEW_STATE=server
else
NEW_STATE=off
fi
# Iterate through network interfaces in sys file system
for MESH in /sys/class/net/*/mesh; do
# Check whether gateway modus needs to be changed
OLD_STATE="$(cat $MESH/gw_mode)"
[ "$OLD_STATE" == "$NEW_STATE" ] && continue
echo $NEW_STATE > $MESH/gw_mode
echo 92MBit/92MBit > $MESH/gw_bandwidth
logger "batman gateway mode changed to $NEW_STATE"
# Check whether gateway modus has been deactivated
if [ "$NEW_STATE" == "off" ]; then
# Shutdown DHCP server to prevent renewal of leases
/usr/sbin/service isc-dhcp-server stop
fi
# Check whether gateway modus has been activated
if [ "$NEW_STATE" == "server" ]; then
# Restart DHCP server
/usr/sbin/service isc-dhcp-server start
fi
exit 0
done
if [ "$NEW_STATE" == "server" ]; then
/usr/sbin/service isc-dhcp-server status 2>&1> /dev/null
if $? -ne 0
then
/usr/sbin/service isc-dhcp-server restart
fi
fi
if [ "$NEW_STATE" == "off" ]; then
/usr/sbin/service isc-dhcp-server status 2>&1> /dev/null
if $? -eq 0
then
/usr/sbin/service isc-dhcp-server stop
fi
fi

51
files/l2tp_broker.cfg.j2 Normal file
View File

@ -0,0 +1,51 @@
[broker]
; IP address the broker will listen and accept tunnels on
address={{ ansible_default_ipv4.address }}
; Ports where the broker will listen on
port={{ sn_l2tp_tb_port }}
; Interface with that IP address
interface=eth0
; Maximum number of cached cookies, required for establishing a
; session with the broker
max_cookies=1024
; Maximum number of tunnels that will be allowed by the broker
max_tunnels=100
; Tunnel port base
port_base=15000
; Tunnel id base
tunnel_id_base=100
; Tunnel timeout interval in seconds
tunnel_timeout=60
; Should PMTU discovery be enabled
pmtu_discovery=false
; Namespace (for running multiple brokers); note that you must also
; configure disjunct ports, and tunnel identifiers in order for
; namespacing to work
namespace=troisdorf
[log]
; Log filename
filename=/var/log/tunneldigger-broker.log
; Verbosity
verbosity=DEBUG
; Should IP addresses be logged or not
log_ip_addresses=false
[hooks]
; Arguments to the session.{up,pre-down,down} hooks are as follows:
;
; <tunnel_id> <session_id> <interface> <mtu> <endpoint_ip> <endpoint_port> <local_port>
;
; Arguments to the session.mtu-changed hook are as follows:
;
; <tunnel_id> <session_id> <interface> <old_mtu> <new_mtu>
;
; Called after the tunnel interface goes up
session.up=/srv/tunneldigger/bataddif.sh
; Called just before the tunnel interface goes down
session.pre-down=/srv/tunneldigger/batdelif.sh
; Called after the tunnel interface goes down
session.down=
; Called after the tunnel MTU gets changed because of PMTU discovery
session.mtu-changed=

9
files/start-broker.sh Normal file
View File

@ -0,0 +1,9 @@
#!/bin/bash
WDIR=/srv/tunneldigger
VIRTUALENV_DIR=/srv/tunneldigger
cd $WDIR
source $VIRTUALENV_DIR/bin/activate
bin/python broker/l2tp_broker.py l2tp_broker.cfg

9
files/tunneldigger.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description = Start tunneldigger L2TPv3 broker
After = network.target
[Service]
ExecStart = /srv/tunneldigger/start-broker.sh
[Install]
WantedBy = multi-user.target

230
install.sn.yml Normal file
View File

@ -0,0 +1,230 @@
# First install ssh-key at remote computer
# In case of python error start:
# ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y"
# Version 3.1, gre-backbone
- name: Install Freifunk Troisdorf super node
# hosts: FreifunkSupernodesL2TP
hosts: '{{ target }}'
sudo: False
user: root
gather_facts: False
vars:
common_required_packages:
- git
- make
- gcc
- build-essential
- pkg-config
- libgps-dev
- libnl-3-dev
- libjansson-dev
- isc-dhcp-server
# - openvpn
- collectd
- libcap-dev
- iproute
- libnetfilter-conntrack3
- python-dev
- libevent-dev
- ebtables
- python-virtualenv
- iptables-persistent
- batctl
- iftop
- screen
- bridge-utils
- tcpdump
modules_required:
- batman-adv
- nf_conntrack_netlink
- nf_conntrack
- nfnetlink
- l2tp_netlink
- l2tp_core
- l2tp_eth
tunneldigger_scripts:
- start-broker.sh
- batdelif.sh
tunneldigger_service:
- tunneldigger.service
# openvpn_files:
# - mullvad_linux.conf
# - mullvad.key
# - mullvad.crt
# - ca.crt
# - crl.pem
# openvpn_scripts:
# - up.sh
# - down.sh
check_gw_script:
- keepalive.sh
backbone_script:
- gre_backbone.sh
system_startup:
- "# Routing einschalten"
- /sbin/sysctl -w net.ipv6.conf.all.forwarding=1
- /sbin/sysctl -w net.ipv4.ip_forward=1
# - "# Routing Tabelle 42 fuer Freifunk anlegen, wenn noch nicht vorhanden"
# - #/bin/grep 42 /etc/iproute2/rt_tables || echo '42 42' >> /etc/iproute2/rt_tables"
# - "# Freifunk Daten sollen mit 0x1 markiert werden"
# - /sbin/iptables -t mangle -A PREROUTING -i bat0 -j MARK --set-xmark 0x1
# - "# Erstmal unreachable melden, ausser OpenVPN ist aufgebaut"
# - "#/sbin/ip route add unreachable default table 42"
# - "# Alles was mit 0x1 markiert ist soll nach Routing Tabelle 42 behandelt werden"
# - "/sbin/ip rule add from all fwmark 0x1 table 42 priority 4"
- "#NAT auf eth0 aktivieren"
- /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- "#GRE Backbone aufbauen"
- /opt/freifunk/gre_backbone.sh
authorized_keys:
- authorized_keys
tasks:
- name: Remove cdrom in sources.list
raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list"
- name: Make this server ansible compatible
raw: "apt-get update && apt-get install python -y"
- name: Add backport repo to source list #target: /etc/apt/sources.list.d
apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present
- name: Update apt cache
apt: update_cache=yes
# - name: Install new kernel
# apt: name=linux-image-4.2.0-0.bpo.1-amd64 state=present
# register: kernel4
- name: Gathering facts
setup:
- name: Set IPv4 in hostfile
lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv4.address }}' line='{{ ansible_default_ipv4.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present
- name: Set IPv6 in hostfile
lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv6.address }}' line='{{ ansible_default_ipv6.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present
when: ansible_default_ipv6.address is defined
- name: set hostname
hostname: name='{{ sn_hostname }}'
register: hostname
- name: Reboot the server
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
when: hosts.changed
when: hostname.changed
- name: waiting for server to come back
local_action:
wait_for
host={{ inventory_hostname }}
port=22
delay=15
timeout=300
when: hosts.changed
when: hostname.changed
- name: Install common required packages
apt: state=installed pkg={{ item }}
with_items: common_required_packages
register: apt_updates
- name: Install Linux headers
shell: "apt-get install linux-headers-$(uname -r) -y"
when: apt_updates.changed
- name: Add modules
lineinfile: dest=/etc/modules line={{ item }}
with_items: modules_required
register: modules_req
- name: Load modules
modprobe: name={{ item }}
with_items: modules_required
when: modules_req.changed
- name: Get Tunneldigger
git: repo=https://github.com/wlanslovenija/tunneldigger.git
dest=/srv/tunneldigger
register: tunneldigger
- name: Configure tunneldigger
command: "{{item}}"
with_items:
- virtualenv /srv/tunneldigger/ -p python2.7
when: tunneldigger.changed
- name: Tunneldigger requirements
pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/
when: tunneldigger.changed
- name: Copy l2tp broker config template
template: src=./files/l2tp_broker.cfg.j2 dest=/srv/tunneldigger/l2tp_broker.cfg owner=root group=root mode=0444
when: tunneldigger.changed
- name: Copy tunneldigger script template
template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500
when: tunneldigger.changed
- name: Copy tunneldigger scripts
copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500
with_items: tunneldigger_scripts
when: tunneldigger.changed
- name: Copy tunneldigger service file
copy: src=./files/{{ item }} dest=/etc/systemd/system/tunneldigger.service owner=root group=root mode=0444
with_items: tunneldigger_service
when: tunneldigger.changed
- name: Tunneldigger reload
command: "{{item}}"
with_items:
- systemctl daemon-reload
- systemctl enable tunneldigger.service
when: tunneldigger.changed
- name: Check if alfred is installed
command: dpkg-query -W alfred
register: alfred_check_deb
failed_when: alfred_check_deb.rc > 1
changed_when: alfred_check_deb.rc == 1
- name: Download alfred
get_url:
url="https://firmware.freifunk-wuppertal.net/deb/alfred_2015.0_amd64.deb"
dest="/tmp/alfred_2015.0_amd64.deb"
when: alfred_check_deb.rc == 1
- name: Install alfred
apt: deb="/tmp/alfred_2015.0_amd64.deb"
sudo: False
when: alfred_check_deb.rc == 1
# - name: copy openvpn files
# copy: src=./files/{{ item }} dest=/etc/openvpn owner=root group=root mode=0400
# with_items: openvpn_files
# - name: copy openvpn scripts
# copy: src=./files/{{ item }} dest=/etc/openvpn owner=root group=root mode=0500
# with_items: openvpn_scripts
- name: Create freifunk directory
file: path=/opt/freifunk state=directory mode=0755
- name: Check gateway / keepalive script
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
with_items: check_gw_script
register: check_gw
- name: Add cron job with check gateway script
cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root"
when: check_gw.changed
- name: Copy dhcpd template file
template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
- name: Copy backbone script
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
with_items: backbone_script
- name: Collectd template file
template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
- name: configure rc.local 1st
lineinfile: dest=/etc/rc.local line="{{ item }}" state=present
with_items: system_startup
register: rc
- name: configure rc.local 2nd
lineinfile: dest=/etc/rc.local line="exit 0" state=absent
when: rc.changed
- name: configure rc.local 3rd
lineinfile: dest=/etc/rc.local line="exit 0" state=present
when: rc.changed
- name: SSH authorized_keys
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
with_items: authorized_keys
- name: Reboot the server finally
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
when: tunneldigger.changed
- name: waiting for server to come back
local_action:
wait_for
host={{ inventory_hostname }}
port=22
delay=15
timeout=300
when: tunneldigger.changed