Merge pull request #4 from Freifunk-Troisdorf/stebifan-patch-1

Changed Config for Bridge and All in one Supernode #v3.0
This commit is contained in:
stebifan 2016-01-27 20:01:48 +01:00
commit 204541557e
10 changed files with 101 additions and 60 deletions

View File

@ -1,30 +1,8 @@
#!/bin/bash
INTERFACE="$3"
#MAC="$8"
#BLACKLISTFILE=/opt/freifunk/blockliste.txt
batctl=/usr/local/sbin/batctl
MAC="$8"
brctl=/sbin/brctl
#if [ -f /opt/freifunk/blockliste.txt ]
#if [ -f $BLACKLISTFILE ]
# then
# BLOCKLISTE=$(cat /opt/freifunk/blockliste.txt)
# else
# touch=$BLOCKLISTE
#fi
#for i in $BLOCKLISTE;
#do
# if [[ $i == $MAC ]]; then
# exit 1
# fi
#done
#ip link set address {{ sn_mesh_MAC }} dev $INTERFACE
#ifconfig $INTERFACE hw ether {{ sn_mesh_MAC }}
/bin/ip link set dev $INTERFACE up mtu 1312
#/sbin/sysctl net.ipv4.conf.$INTERFACE.rp_filter=0
$batctl if add $INTERFACE
echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast
#echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast
$brctl addif br-nodes $INTERFACE

View File

@ -1,4 +1,4 @@
#!/bin/bash
INTERFACE="$3"
/usr/local/sbin/batctl if del $INTERFACE
/sbin/brctl delif br-nodes $INTERFACE

View File

@ -30,7 +30,7 @@ LoadPlugin filecount
<Plugin "filecount">
<Directory "/opt/freifunk/tunneldigger_interfaces">
Instance "tunneldigger-connections"
Name "l2tp1*"
Name "l2tp*"
</Directory>
</Plugin>
<Plugin write_graphite>

View File

@ -6,9 +6,11 @@ fi
#Remove old Interfaces
rm /opt/freifunk/tunneldigger_interfaces/*
#Create Interace files
for i in `/usr/local/sbin/batctl if | grep l2tp1`;
for i in `/sbin/brctl show br-nodes | grep l2tp`;
do
touch /opt/freifunk/tunneldigger_interfaces/$i
done
#Remove Active file
rm /opt/freifunk/tunneldigger_interfaces/active
#Remove wrong file
rm /opt/freifunk/tunneldigger_interfaces/no
rm /opt/freifunk/tunneldigger_interfaces/br-*
rm /opt/freifunk/tunneldigger_interfaces/8*

View File

@ -0,0 +1,29 @@
#!/bin/sh
#
# -q quiet
# -c nb of pings
HOST1=8.8.8.8
HOST2=8.8.4.4
BATCTL=/usr/local/sbin/batctl
ping -q -c5 $HOST1 > /dev/null
if [ $? -eq 0 ]
then
echo "ok"
$BATCTL gw server 100Mbit/100Mbit
else
echo "$HOST1 NICHT ok"
ping -q -c5 $HOST2 > /dev/null
if [ $? -eq 0 ]
then
echo "$HOST2 ok"
$BATCTL gw server 100Mbit/100Mbit
else
echo "$HOST2 NICHT ok"
$BATCTL gw off
fi
fi

View File

@ -1,5 +1,5 @@
#!/bin/bash
# Version 1.5
# Version 1.6
# Parameter setzen
GATEWAY1ext=185.66.193.105
GATEWAY2ext=185.66.193.106
@ -24,7 +24,7 @@ if [ $(hostname) = "troisdorf1" ] || [ $(hostname) = "troisdorf2" ]
DEFAULT_GATEWAY=$GATEWAY2
DEFAULT_GATEWAYext=$GATEWAY2ext
FALLBACK_GATEWAY=$GATEWAY1
FALLBACK_GATEWAY=$GATEWAY1ext
FALLBACK_GATEWAYext=$GATEWAY1ext
DEFAULT_GATEWAYv6=$GATEWAY2v6
FALLBACK_GATEWAYv6=$GATEWAY1v6

View File

@ -2,8 +2,8 @@
# Version 6
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!!
communityname="troisdorf"
#server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
server="troisdorf7 {{ sn_hostname }}"
server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
#server="troisdorf7 {{ sn_hostname }}"
domain="freifunk-troisdorf.de"
mtu={{ sn_mtu }}
# community MAC address, without the last Byte (:)!
@ -54,5 +54,8 @@ $ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 de
$alfred -i bat0 > /dev/null 2>&1 &
/bin/sleep 15
$batadv -i bat0 -s > /dev/null 2>&1 &
/usr/sbin/service bind9 restart
/usr/local/sbin/batctl gw client 3
/bin/systemctl restart isc-dhcp-server
/bin/systemctl restart bind9
#/usr/local/sbin/batctl gw client 3
/usr/local/sbin/batctl gw server 100Mbit/100Mbit

View File

@ -1,4 +1,5 @@
#!/bin/sh
# Version 1.7
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
@ -45,11 +46,23 @@ done
# Allow MAC address spoofing
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
# Create Tunneldigger Bridge
/sbin/brctl addbr br-nodes
/sbin/ip link set dev br-nodes up
/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP
/usr/local/sbin/batctl if add br-nodes
sleep 5
# stop tunneldigger
/bin/systemctl disable tunneldigger
/bin/systemctl stop tunneldigger
# Fixing the nf_conntrack … dropping packets error
# hashsize = nf_conntrack_max / 4
sysctl -w net.netfilter.nf_conntrack_max=131072
echo 32768 > /sys/module/nf_conntrack/parameters/hashsize
# Against Denial of Service attacks from internal network
# Check with: sysctl -a | grep conntrack | grep timeout
sysctl -w net.ipv4.netfilter.ip_conntrack_generic_timeout=240
sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=54000
# restart bird
/bin/systemctl start bird
@ -57,12 +70,12 @@ sleep 5
/bin/systemctl enable bird
/bin/systemctl enable bird6
# stop radvd
/bin/systemctl disable radvd
/bin/systemctl stop radvd
# Start tunneldigger
/bin/systemctl restart tunneldigger
/bin/systemctl enable tunneldigger
# restart DHCP
/bin/systemctl disable isc-dhcp-server
/bin/systemctl stop isc-dhcp-server
# radvd restart
/bin/systemctl restart radvd
/bin/systemctl enable radvd
exit 0

View File

@ -1,4 +1,5 @@
#!/bin/sh
# Version 1.7
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
@ -40,8 +41,24 @@ done
# Allow MAC address spoofing
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
# Create Tunneldigger Bridge
/sbin/brctl addbr br-nodes
/sbin/ip link set dev br-nodes up
/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP
/usr/local/sbin/batctl if add br-nodes
sleep 5
# Fixing the nf_conntrack … dropping packets error
# hashsize = nf_conntrack_max / 4
sysctl -w net.netfilter.nf_conntrack_max=131072
echo 32768 > /sys/module/nf_conntrack/parameters/hashsize
# Against Denial of Service attacks from internal network
# Check with: sysctl -a | grep conntrack | grep timeout
sysctl -w net.ipv4.netfilter.ip_conntrack_generic_timeout=240
sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=54000
# Start tunneldigger
/bin/systemctl restart tunneldigger
/bin/systemctl enable tunneldigger

View File

@ -9,7 +9,7 @@
user: root
gather_facts: False
vars:
snversion: master_v2.1
snversion: master_v3.0.0
batmanversion: v2015.2
common_required_packages:
- git
@ -71,8 +71,8 @@
raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list"
- name: Make this server ansible compatible
raw: "apt-get update && apt-get install python -y"
- name: Add backport repo to source list #target: /etc/apt/sources.list.d
apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present
# - name: Add backport repo to source list #target: /etc/apt/sources.list.d
# apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present
- name: Update apt cache
apt: update_cache=yes
- name: Gathering facts
@ -192,25 +192,26 @@
with_items: logrotate_config
- name: Create freifunk directory
file: path=/opt/freifunk state=directory mode=0755
- name: Check gateway / keepalive script
- name: Check gateway / keepalive script supernode
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
with_items: check_gw_script
register: check_gw
when: sn_exit is undefined
- name: Check gateway / keepalive script super- and exitnode
template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500
register: check_gw
when: sn_exit is defined
- name: Add cron job with check gateway script
cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root"
when: check_gw.changed
- name: Tunneldigger stats
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
with_items: tunneld_stats_file
register: tunneld_stats
when: sn_exit is undefined
# when: sn_exit is undefined
- name: Add cron job tunneldigger stats
cron: name=tunneld_stats job="/opt/freifunk/collectd_td_stat.sh > /dev/null 2>&1" user="root"
when: tunneld_stats.changed
- name: Copy dhcpd template file
template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
register: dhcpd
@ -229,23 +230,24 @@
cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh"
- name: Add cron startup script
cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh"
- name: Copy backbone script
template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
when: sn_exit is undefined
- name: Copy backbone script
template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
when: sn_exit is defined
- name: Collectd template file
template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
register: collectd
- name: Restart collectd
service: name=collectd state=restarted
when: collectd.changed
- name: configure startup script
- name: configure startup script supernode
template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_exit is undefined
- name: Exit node startup script super- and exitnode
template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_exit is defined
- name: SSH authorized_keys
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
with_items: authorized_keys
@ -265,9 +267,6 @@
- name: Interface configuration with ffrl gre tunnel
copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544
when: sn_exit is defined
- name: Exit node startup script
template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_exit is defined
- apt: update_cache=yes
- name: Install bird
apt: state=installed pkg=bird