Freifunk-Troisdorf/ansible.fftdf.supernode
5
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Merge pull request #4 from Freifunk-Troisdorf/stebifan-patch-1

Browse Source 
Changed Config for Bridge and All in one Supernode #v3.0
This commit is contained in:
stebifan 2016-01-27 20:01:48 +01:00
commit 204541557e
10 changed files with 101 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
files/bataddif.sh.j2
View File

@ -1,30 +1,8 @@
#!/bin/bash #!/bin/bash
INTERFACE="$3" INTERFACE="$3"
#MAC="$8" MAC="$8"
#BLACKLISTFILE=/opt/freifunk/blockliste.txt brctl=/sbin/brctl
batctl=/usr/local/sbin/batctl
#if [ -f /opt/freifunk/blockliste.txt ]
#if [ -f $BLACKLISTFILE ]
# then
# BLOCKLISTE=$(cat /opt/freifunk/blockliste.txt)
# else
# touch=$BLOCKLISTE
#fi
#for i in $BLOCKLISTE;
#do
# if [[ $i == $MAC ]]; then
# exit 1
# fi
#done
#ip link set address {{ sn_mesh_MAC }} dev $INTERFACE
#ifconfig $INTERFACE hw ether {{ sn_mesh_MAC }}
/bin/ip link set dev $INTERFACE up mtu 1312 /bin/ip link set dev $INTERFACE up mtu 1312
#/sbin/sysctl net.ipv4.conf.$INTERFACE.rp_filter=0 #echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast
$brctl addif br-nodes $INTERFACE
$batctl if add $INTERFACE
echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast

2
files/batdelif.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/bash
INTERFACE="$3" INTERFACE="$3"
/usr/local/sbin/batctl if del $INTERFACE /sbin/brctl delif br-nodes $INTERFACE

2
files/collectd.conf.j2
View File

@ -30,7 +30,7 @@ LoadPlugin filecount
<Plugin "filecount"> <Plugin "filecount">
<Directory "/opt/freifunk/tunneldigger_interfaces"> <Directory "/opt/freifunk/tunneldigger_interfaces">
Instance "tunneldigger-connections" Instance "tunneldigger-connections"
Name "l2tp1*" Name "l2tp*"
</Directory> </Directory>
</Plugin> </Plugin>
<Plugin write_graphite> <Plugin write_graphite>

8
files/collectd_td_stat.sh
View File

@ -6,9 +6,11 @@ fi
#Remove old Interfaces #Remove old Interfaces
rm /opt/freifunk/tunneldigger_interfaces/* rm /opt/freifunk/tunneldigger_interfaces/*
#Create Interace files #Create Interace files
for i in `/usr/local/sbin/batctl if | grep l2tp1`; for i in `/sbin/brctl show br-nodes | grep l2tp`;
do do
touch /opt/freifunk/tunneldigger_interfaces/$i touch /opt/freifunk/tunneldigger_interfaces/$i
done done
#Remove Active file #Remove wrong file
rm /opt/freifunk/tunneldigger_interfaces/active rm /opt/freifunk/tunneldigger_interfaces/no
rm /opt/freifunk/tunneldigger_interfaces/br-*
rm /opt/freifunk/tunneldigger_interfaces/8*

29
files/keepalive.exit.sh.j2 Normal file
View File

@ -0,0 +1,29 @@
#!/bin/sh
#
# -q quiet
# -c nb of pings
HOST1=8.8.8.8
HOST2=8.8.4.4
BATCTL=/usr/local/sbin/batctl
ping -q -c5 $HOST1 > /dev/null
if [ $? -eq 0 ]
then
echo "ok"
$BATCTL gw server 100Mbit/100Mbit
else
echo "$HOST1 NICHT ok"
ping -q -c5 $HOST2 > /dev/null
if [ $? -eq 0 ]
then
echo "$HOST2 ok"
$BATCTL gw server 100Mbit/100Mbit
else
echo "$HOST2 NICHT ok"
$BATCTL gw off
fi
fi

4
files/keepalive.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
# Version 1.5 # Version 1.6
# Parameter setzen # Parameter setzen
GATEWAY1ext=185.66.193.105 GATEWAY1ext=185.66.193.105
GATEWAY2ext=185.66.193.106 GATEWAY2ext=185.66.193.106
@ -24,7 +24,7 @@ if [ $(hostname) = "troisdorf1" ] || [ $(hostname) = "troisdorf2" ]
DEFAULT_GATEWAY=$GATEWAY2 DEFAULT_GATEWAY=$GATEWAY2
DEFAULT_GATEWAYext=$GATEWAY2ext DEFAULT_GATEWAYext=$GATEWAY2ext
FALLBACK_GATEWAY=$GATEWAY1 FALLBACK_GATEWAY=$GATEWAY1
FALLBACK_GATEWAY=$GATEWAY1ext FALLBACK_GATEWAYext=$GATEWAY1ext
DEFAULT_GATEWAYv6=$GATEWAY2v6 DEFAULT_GATEWAYv6=$GATEWAY2v6
FALLBACK_GATEWAYv6=$GATEWAY1v6 FALLBACK_GATEWAYv6=$GATEWAY1v6

11
files/l2tp_backbone.sh.exit.j2
View File

@ -2,8 +2,8 @@
# Version 6 # Version 6
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!! # Der servername muss mit einer einstelligen Zahl aufhoeren!!!!!
communityname="troisdorf" communityname="troisdorf"
#server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9" server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
server="troisdorf7 {{ sn_hostname }}" #server="troisdorf7 {{ sn_hostname }}"
domain="freifunk-troisdorf.de" domain="freifunk-troisdorf.de"
mtu={{ sn_mtu }} mtu={{ sn_mtu }}
# community MAC address, without the last Byte (:)! # community MAC address, without the last Byte (:)!
@ -54,5 +54,8 @@ $ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 de
$alfred -i bat0 > /dev/null 2>&1 & $alfred -i bat0 > /dev/null 2>&1 &
/bin/sleep 15 /bin/sleep 15
$batadv -i bat0 -s > /dev/null 2>&1 & $batadv -i bat0 -s > /dev/null 2>&1 &
/usr/sbin/service bind9 restart /bin/systemctl restart isc-dhcp-server
/usr/local/sbin/batctl gw client 3 /bin/systemctl restart bind9
#/usr/local/sbin/batctl gw client 3
/usr/local/sbin/batctl gw server 100Mbit/100Mbit

31
files/sn_startup.exit.sh.j2
View File

@ -1,4 +1,5 @@
#!/bin/sh #!/bin/sh
# Version 1.7
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
@ -45,11 +46,23 @@ done
# Allow MAC address spoofing # Allow MAC address spoofing
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 /sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
# Create Tunneldigger Bridge
/sbin/brctl addbr br-nodes
/sbin/ip link set dev br-nodes up
/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP
/usr/local/sbin/batctl if add br-nodes
sleep 5 sleep 5
# stop tunneldigger # Fixing the nf_conntrack … dropping packets error
/bin/systemctl disable tunneldigger # hashsize = nf_conntrack_max / 4
/bin/systemctl stop tunneldigger sysctl -w net.netfilter.nf_conntrack_max=131072
echo 32768 > /sys/module/nf_conntrack/parameters/hashsize
# Against Denial of Service attacks from internal network
# Check with: sysctl -a | grep conntrack | grep timeout
sysctl -w net.ipv4.netfilter.ip_conntrack_generic_timeout=240
sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=54000
# restart bird # restart bird
/bin/systemctl start bird /bin/systemctl start bird
@ -57,12 +70,12 @@ sleep 5
/bin/systemctl enable bird /bin/systemctl enable bird
/bin/systemctl enable bird6 /bin/systemctl enable bird6
# stop radvd # Start tunneldigger
/bin/systemctl disable radvd /bin/systemctl restart tunneldigger
/bin/systemctl stop radvd /bin/systemctl enable tunneldigger
# restart DHCP # radvd restart
/bin/systemctl disable isc-dhcp-server /bin/systemctl restart radvd
/bin/systemctl stop isc-dhcp-server /bin/systemctl enable radvd
exit 0 exit 0

17
files/sn_startup.sh.j2
View File

@ -1,4 +1,5 @@
#!/bin/sh #!/bin/sh
# Version 1.7
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
@ -40,8 +41,24 @@ done
# Allow MAC address spoofing # Allow MAC address spoofing
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 /sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
# Create Tunneldigger Bridge
/sbin/brctl addbr br-nodes
/sbin/ip link set dev br-nodes up
/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP
/usr/local/sbin/batctl if add br-nodes
sleep 5 sleep 5
# Fixing the nf_conntrack … dropping packets error
# hashsize = nf_conntrack_max / 4
sysctl -w net.netfilter.nf_conntrack_max=131072
echo 32768 > /sys/module/nf_conntrack/parameters/hashsize
# Against Denial of Service attacks from internal network
# Check with: sysctl -a | grep conntrack | grep timeout
sysctl -w net.ipv4.netfilter.ip_conntrack_generic_timeout=240
sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=54000
# Start tunneldigger # Start tunneldigger
/bin/systemctl restart tunneldigger /bin/systemctl restart tunneldigger
/bin/systemctl enable tunneldigger /bin/systemctl enable tunneldigger

27
install.sn.yml
View File

@ -9,7 +9,7 @@
user: root user: root
gather_facts: False gather_facts: False
vars: vars:
snversion: master_v2.1 snversion: master_v3.0.0
batmanversion: v2015.2 batmanversion: v2015.2
common_required_packages: common_required_packages:
- git - git
@ -71,8 +71,8 @@
raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list" raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list"
- name: Make this server ansible compatible - name: Make this server ansible compatible
raw: "apt-get update && apt-get install python -y" raw: "apt-get update && apt-get install python -y"
- name: Add backport repo to source list #target: /etc/apt/sources.list.d # - name: Add backport repo to source list #target: /etc/apt/sources.list.d
apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present # apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present
- name: Update apt cache - name: Update apt cache
apt: update_cache=yes apt: update_cache=yes
- name: Gathering facts - name: Gathering facts
@ -192,25 +192,26 @@
with_items: logrotate_config with_items: logrotate_config
- name: Create freifunk directory - name: Create freifunk directory
file: path=/opt/freifunk state=directory mode=0755 file: path=/opt/freifunk state=directory mode=0755
- name: Check gateway / keepalive script - name: Check gateway / keepalive script supernode
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
with_items: check_gw_script with_items: check_gw_script
register: check_gw register: check_gw
when: sn_exit is undefined when: sn_exit is undefined
- name: Check gateway / keepalive script super- and exitnode
template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500
register: check_gw
when: sn_exit is defined
- name: Add cron job with check gateway script - name: Add cron job with check gateway script
cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root" cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root"
when: check_gw.changed when: check_gw.changed
- name: Tunneldigger stats - name: Tunneldigger stats
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
with_items: tunneld_stats_file with_items: tunneld_stats_file
register: tunneld_stats register: tunneld_stats
when: sn_exit is undefined # when: sn_exit is undefined
- name: Add cron job tunneldigger stats - name: Add cron job tunneldigger stats
cron: name=tunneld_stats job="/opt/freifunk/collectd_td_stat.sh > /dev/null 2>&1" user="root" cron: name=tunneld_stats job="/opt/freifunk/collectd_td_stat.sh > /dev/null 2>&1" user="root"
when: tunneld_stats.changed when: tunneld_stats.changed
- name: Copy dhcpd template file - name: Copy dhcpd template file
template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
register: dhcpd register: dhcpd
@ -229,23 +230,24 @@
cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh"
- name: Add cron startup script - name: Add cron startup script
cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh"
- name: Copy backbone script - name: Copy backbone script
template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
when: sn_exit is undefined when: sn_exit is undefined
- name: Copy backbone script - name: Copy backbone script
template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
when: sn_exit is defined when: sn_exit is defined
- name: Collectd template file - name: Collectd template file
template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
register: collectd register: collectd
- name: Restart collectd - name: Restart collectd
service: name=collectd state=restarted service: name=collectd state=restarted
when: collectd.changed when: collectd.changed
- name: configure startup script - name: configure startup script supernode
template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_exit is undefined when: sn_exit is undefined
- name: Exit node startup script super- and exitnode
template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_exit is defined
- name: SSH authorized_keys - name: SSH authorized_keys
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
with_items: authorized_keys with_items: authorized_keys
@ -265,9 +267,6 @@
- name: Interface configuration with ffrl gre tunnel - name: Interface configuration with ffrl gre tunnel
copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544 copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544
when: sn_exit is defined when: sn_exit is defined
- name: Exit node startup script
template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_exit is defined
- apt: update_cache=yes - apt: update_cache=yes
- name: Install bird - name: Install bird
apt: state=installed pkg=bird apt: state=installed pkg=bird