From a718c39f1de409838aff8a359bff38e7f7bcab8b Mon Sep 17 00:00:00 2001 From: Roman Katrincak Date: Tue, 1 Dec 2015 10:35:28 +0100 Subject: [PATCH 01/29] Restart collectd when configuration change --- install.sn.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/install.sn.yml b/install.sn.yml index b826742..e4a7214 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -1,7 +1,6 @@ # First install ssh-key at remote computer # In case of python error start: # ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y" -# Version 3.2, gre-backbone - name: Install Freifunk Troisdorf super node # hosts: FreifunkSupernodesL2TP @@ -146,6 +145,7 @@ git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger register: tunneldigger + when: apt_updates.changed - name: Configure tunneldigger command: "{{item}}" with_items: @@ -210,6 +210,10 @@ with_items: backbone_script - name: Collectd template file template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 + register: collectd + - name: Restart collectd + service: name=collectd state=restarted + when: collectd.changed - name: configure rc.local 1st lineinfile: dest=/etc/rc.local line="{{ item }}" state=present with_items: system_startup From f01abf0271a2321abaecd8de43e469b3eb20beb5 Mon Sep 17 00:00:00 2001 From: Roman Katrincak Date: Tue, 1 Dec 2015 12:55:02 +0100 Subject: [PATCH 02/29] New Supernode Admin SSH Key --- files/authorized_keys | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/files/authorized_keys b/files/authorized_keys index 7cc6678..5e1a015 100644 --- a/files/authorized_keys +++ b/files/authorized_keys @@ -2,12 +2,7 @@ ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDP ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUlPYUqsisJoBT5iDOc7OQXadZyFgI2Z+n+ARPg7OLgkw4SCORAOd53x6KYQZFhq9LP6Dv+kNkk3Qvd/uIr8avG3nxRcHWSIU9ICUmGzEp+W7dT1ExzhVkFxQG7f219ifjRO95xeQNI45MdVKBytQoQGNMoNLXTOZfW5mYr5yQWePa2OmdJLPWrAoHpS2PgrcqWzqdSBuKLdPQgr8KKHGvn9Wf/t9/6/foYfBlzf+emfxZY0M7vJUcCkpK+m66ECE2/eu9aE3m4oBOImivy9/yCta2BASJKCycYoTijRlihcllT3zSt2AGlK7OKpZRDlvFOPuL4yw1LsreBRkkdcAZ reka - -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb1l5B82IeYYmapacMPR1KQV7r24Qc7K9v33Wtfyi3GuF6sz/Z014ZvtI6TwodvjWH5yx0yh+zY8BQzgb29zQm6vCjnAzDX2QdJJtAruNcl3Ib8rnp4dIRtSRwxwTP/QSltuSokMMoCoKI3Zl0i4MvlCCezjSVWzmfeTr8OA9pDz1eJ9hZn87IaBghVIOIpZYvoxhE7GAbctqA+Jx3XUoWyY4LJpgMA4Y2q9YjQ9bWNyQb5FuwCp4akapwDFEvbTDY0DyAHKmm7txv+5q5RkxfFq3K/DtcILbm0wtAsqM7VZu2TYOj+KiEHJmJMAq+yYNEWzMTsnr7mjqz8I5uOA0V jan@gefion - -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNx2LqPdxwg26i4PytNUIbabqf7eb9gIp6dgwwIqFUnqbnTcilzxlm1FZoH+yMKvYY0G+ZNPG9Zs59QWE/m+mPBOjmrf5N4EH3BW3L/VRLesFMokXHtxkXZzX8CD7c+C0DGmcWfQNMD9tOYsKVm3No3Yr1Hy/WmVQbdEjpkowGpl/y1GFjZqa0dGBhVwAzdHjxsKkpbbVJDDzBwY6WReV+b6Ychgk4S58caJWXAZhkv/2bnaGW1SloHST+GBZrFa+JYbS0D1eortfpPsSR0AMqReJ+NSBKopOYC+WbqEFk9V5VJgbIsT27hRLk3Ctn8MuBUCP1vzn6gyPK91o/ZZqH jan@odin - -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVxoI2GdqqnK0eKsx5xXiYca19toxB+s9lHb9u9gdmJ52tsl75XZVT2R44o5Yu8KciSPx+khzj7vL3RWieVTrPGhlbYQnOuK73x420rGejjAyDFPQWQxw98Bx0a7VHBsSUpndcnlLBMPe6bIOLI8j7c/sV26rEOAF7LshuONq4E5SMUTL4bp2dhfBgC8SjGdevBpwR1rCBIt51jhvS/asBIUZNrabG3NPwNoaRLELUbFZm7vLF777GWuBzM0G41iImb8nuC1q9WSt66ShhSxLthvl1wdyvixgCgY5yM3eOVJHheMWR6mwE2ZdAeLAFjfXKBqoH5My7a4K96wyUMptD nodeadmin@update1 - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA5OYOF+VBtXXxv/wZkT5K3P7QAUJaM88zJqeGh8NJCO7EDg9jLoWLzAP7LnM9XEA4ycWdl8HX1+EUKqVXAbSNItTZZkO9LCbIiIe1w8oJd2j9hY0IpxPqbz9ePPZh0JtxAZMh3NgOoSiND0leAeOt0lTlDPh4g3G4KvR33d9PIj5ZerU47ceLyy4xEwNbZDKD04+frpq1W+lDqglR0jV/h/pcoQTAEBflbmGLeXIXRsR6zq/of4Wx/MlX18VD9SXPLGXvQ5c4lt5PvV/oeHz4gEjPv2hrI3s3fyWakadAuI9ah48CaEgpVReUGjtYDc0PskvjAH/+slqIHW1D5El+R1Z/2wn/aEGokFHUc0SiFb3NAOwxWvMtUHhXi9ZiTHt0p/0FwWZ1pxqRzODvK8uZ7LAJRGe6q9NYQkIax6SLOfWm4MFWDpDLgWz5MSbPqo+Kfo0614z1mxA3vpY53lUqEGRx4I6z/PDaOHMFd3sxhSMPGvmMvAOLTRofFppwUq1YqQkd6embsJjBN0gU9AilpL5Q2il0OoW4g0rUR8HPJczuDzmHZTXpPU2dY6MhAJ0sbNmk0XhmyoEH9/A1zPEHmirTcBMmbFUsYmR6+MnHEhxnRu5PQpXqcu2vN+JAeasgJShRl7g+rHIdutswHUAWWyfgaD0GF3f6zuOLooz1XQU= localadmin@tst-ansible + +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDA2KJvzjFxFrjJvxJj/AZ3rPKGT15JUnV7LhTo0BuXITwx+DpEK6u2m3yjigf2B8ws4VbpL7ceWyP8L3wspozqbqOgyYrQ9TISipkNV9O/DzR+F8R7mhn5mV7+pEOJu1Ba6rtYTfJTcloRKklfO9UjaFLwM69H0GNsomcKMd5Kl4c7DMMwcpXfhb8b7ET5agtfAhXU0CHalnhdAVCwmsC3mj9blOLlX4lxFLonGKVcZB7nWQEmvVAG+9yp6UWZZzeBCPea8Bw4hUVAZcsbK9XLbE4D+gUoxHu2oKGRja4kUnYmlWZOyqlUGbRD6bUxmnW1aBCh8x+b91YLlGv38vT6Y/sy0tPOoVK5kHxJ2yQmnlpgRzgBZf8Kl9ouO/onvExR787C+6TGG834ROW3SaiEeta0RvWwLzugexotT02qqpJmlIXu+gpvN+O9LSfQWzcaCFJTB6MD8mox1ks/W15Uij1pCeleUmiFdVtmt3PCs/ouuG1Uhm9MSWOBNwdFlTpAngopqBHSKYpTY+LhDD9Bv+U4Tno3i4dIGLYqNVmaRij2A0jZeSKOi/OgAaQsD7CzrDhn7C8dlsBFzPjtpFNqgk2Ss5bv3dpfQhBKsaxAe0X5W57vqJD+986039H3fj9/2o2PGuWCNr1LCWSjiy8t/P++cbn0rGdJAIexgTj3Q== supernodeadmin@update1 + From 6e9eea7f62764f811301793aadb5424a04a73cfb Mon Sep 17 00:00:00 2001 From: Roman Katrincak Date: Thu, 3 Dec 2015 22:01:23 +0100 Subject: [PATCH 03/29] Minor fixes Split traffic ICMP & TCP/UDP <1024 with local exit TCP/UDP =>1024 exit @ Freifunk backbone Start script now in cron @reboot --- files/bataddif.sh.j2 | 1 + files/collectd.conf.j2 | 2 +- files/gre_backbone.sh | 28 ++++++++++++------------ files/l2tp_broker.cfg.j2 | 2 +- files/sn_startup.sh.j2 | 41 +++++++++++++++++++++++++++++++++++ install.sn.yml | 47 +++++++++++++++------------------------- 6 files changed, 75 insertions(+), 46 deletions(-) create mode 100644 files/sn_startup.sh.j2 diff --git a/files/bataddif.sh.j2 b/files/bataddif.sh.j2 index c88786e..156b54e 100644 --- a/files/bataddif.sh.j2 +++ b/files/bataddif.sh.j2 @@ -23,5 +23,6 @@ INTERFACE="$3" #ip link set address {{ sn_mesh_MAC }} dev $INTERFACE ifconfig $INTERFACE hw ether {{ sn_mesh_MAC }} ip link set dev $INTERFACE up mtu 1312 +/sbin/sysctl net.ipv4.conf.$INTERFACE.rp_filter=0 /usr/sbin/batctl if add $INTERFACE diff --git a/files/collectd.conf.j2 b/files/collectd.conf.j2 index e0334b8..fdc8ff8 100644 --- a/files/collectd.conf.j2 +++ b/files/collectd.conf.j2 @@ -35,7 +35,7 @@ LoadPlugin entropy LoadPlugin irq LoadPlugin load LoadPlugin memory -LoadPlugin openvpn +#LoadPlugin openvpn LoadPlugin processes LoadPlugin swap LoadPlugin rrdtool diff --git a/files/gre_backbone.sh b/files/gre_backbone.sh index 9a5683d..940b248 100644 --- a/files/gre_backbone.sh +++ b/files/gre_backbone.sh @@ -13,7 +13,7 @@ communitynetworkv6="fda0:747e:ab29:7405:255::" # Third octet from the server range octet3rd="255" # CIDR muss /16 sein -localserver=$(hostname) +localserver=$(/bin/hostname) for i in $server; do @@ -21,12 +21,12 @@ for i in $server; do for j in $server; do if [ $i != $j ]; then - if [ $i = $(hostname) ]; then - ip link add $j type gretap local $(hostname -I | cut -f1 -d' ') remote $(dig +short $j.$domain) dev eth0 nopmtudisc - ip link set dev $j mtu $mtu - ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev $j - ip link set $j up - batctl if add $j + if [ $i = $(/bin/hostname) ]; then + /sbin/ip link add $j type gretap local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') remote $(/usr/bin/dig +short $j.$domain) dev eth0 nopmtudisc + /sbin/ip link set dev $j mtu $mtu + /sbin/ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev $j + /sbin/ip link set $j up + /usr/sbin/batctl if add $j fi fi @@ -36,10 +36,10 @@ for i in $server; do done # configure bat0 -ip link set address $communitymacaddress$:0${localserver#$communityname} dev bat0 -ip link set up dev bat0 -ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 -ip -6 addr add fda0:747e:ab29:7405:255::${localserver#$communityname}/64 dev bat0 -alfred -i bat0 > /dev/null 2>&1 & -batadv-vis -i bat0 -s > /dev/null 2>&1 & -service bind9 restart +/sbin/ip link set address $communitymacaddress$:0${localserver#$communityname} dev bat0 +/sbin/ip link set up dev bat0 +/sbin/ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 +/sbin/ip -6 addr add fda0:747e:ab29:7405:255::${localserver#$communityname}/64 dev bat0 +/usr/sbin/alfred -i bat0 > /dev/null 2>&1 & +/usr/sbin/batadv-vis -i bat0 -s > /dev/null 2>&1 & +/usr/sbin/service bind9 restart diff --git a/files/l2tp_broker.cfg.j2 b/files/l2tp_broker.cfg.j2 index c9a0cf8..78a14f6 100644 --- a/files/l2tp_broker.cfg.j2 +++ b/files/l2tp_broker.cfg.j2 @@ -9,7 +9,7 @@ interface=eth0 ; session with the broker max_cookies=1024 ; Maximum number of tunnels that will be allowed by the broker -max_tunnels=100 +max_tunnels=50 ; Tunnel port base port_base=15000 ; Tunnel id base diff --git a/files/sn_startup.sh.j2 b/files/sn_startup.sh.j2 new file mode 100644 index 0000000..4eeb555 --- /dev/null +++ b/files/sn_startup.sh.j2 @@ -0,0 +1,41 @@ +#!/bin/sh + +# Stop tunneldigger until bat0 is up +/usr/sbin/service tunneldigger stop + +# Set unreachable for table 200 +/bin/ip route add unreachable 0.0.0.0/0 table iffy + +while ! ping -c 1 -W 1 {{ sn_iffy_traffic }}; do + echo "Waiting for {{ sn_iffy_traffic }} - network interface might be down..." + sleep 5 +done + + +# Activate IP forwarding +/sbin/sysctl -w net.ipv6.conf.all.forwarding=1 +/sbin/sysctl -w net.ipv4.ip_forward=1 + +# Routing table 200 for traffic above port 1023 +/bin/grep 200 /etc/iproute2/rt_tables || /bin/echo 200 iffy >> /etc/iproute2/rt_tables + +# Set table for traffice with mark 4 +/bin/ip rule add fwmark 0x4 table iffy + +# Set mark 4 to traffic above port 1023 +/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 1024:65535 -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 +/sbin/iptables -t mangle -A PREROUTING -p udp --dport 1024:65535 -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 + +# NAT on eth0 +/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + +# Allow MAC address spoofing +/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 + +# Set gateway for table 200 +/bin/ip route replace default via {{ sn_iffy_traffic }} table iffy + +# Start tunneldigger +/usr/sbin/service tunneldigger start + +exit 0 diff --git a/install.sn.yml b/install.sn.yml index e4a7214..57f6dab 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -63,22 +63,6 @@ - keepalive.sh backbone_script: - gre_backbone.sh - system_startup: - - "# Routing einschalten" - - /sbin/sysctl -w net.ipv6.conf.all.forwarding=1 - - /sbin/sysctl -w net.ipv4.ip_forward=1 -# - "# Routing Tabelle 42 fuer Freifunk anlegen, wenn noch nicht vorhanden" -# - #/bin/grep 42 /etc/iproute2/rt_tables || echo '42 42' >> /etc/iproute2/rt_tables" -# - "# Freifunk Daten sollen mit 0x1 markiert werden" -# - /sbin/iptables -t mangle -A PREROUTING -i bat0 -j MARK --set-xmark 0x1 -# - "# Erstmal unreachable melden, ausser OpenVPN ist aufgebaut" -# - "#/sbin/ip route add unreachable default table 42" -# - "# Alles was mit 0x1 markiert ist soll nach Routing Tabelle 42 behandelt werden" -# - "/sbin/ip rule add from all fwmark 0x1 table 42 priority 4" - - "#NAT auf eth0 aktivieren" - - /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE - - "#GRE Backbone aufbauen" - - /opt/freifunk/gre_backbone.sh authorized_keys: - authorized_keys @@ -103,14 +87,13 @@ when: ansible_default_ipv6.address is defined - name: set hostname hostname: name='{{ sn_hostname }}' - register: hostname + register: sethostname - name: Reboot the server shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 poll: 0 ignore_errors: true - when: hosts.changed - when: hostname.changed + when: sethostname.changed - name: disable multi CPU Kernel (SMP) lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present register: grubnosmp @@ -125,7 +108,7 @@ delay=15 timeout=300 when: hosts.changed - when: hostname.changed + when: sethostname.changed - name: Install common required packages apt: state=installed pkg={{ item }} with_items: common_required_packages @@ -205,6 +188,10 @@ when: check_gw.changed - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 + - name: Add cron backbone script + cron: name=backbone special_time=reboot job="/opt/freifunk/gre_backbone.sh" + - name: Add cron startup script + cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" - name: Copy backbone script copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 with_items: backbone_script @@ -214,16 +201,8 @@ - name: Restart collectd service: name=collectd state=restarted when: collectd.changed - - name: configure rc.local 1st - lineinfile: dest=/etc/rc.local line="{{ item }}" state=present - with_items: system_startup - register: rc - - name: configure rc.local 2nd - lineinfile: dest=/etc/rc.local line="exit 0" state=absent - when: rc.changed - - name: configure rc.local 3rd - lineinfile: dest=/etc/rc.local line="exit 0" state=present - when: rc.changed + - name: configure startup script + template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 - name: SSH authorized_keys copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 with_items: authorized_keys @@ -252,3 +231,11 @@ template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544 - name: Add cron job with alfred info script cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root" + - name: Send notification message via Slack + local_action: + module: slack + token: + msg: "{{ inventory_hostname }} completed" + channel: "#technik" + username: "Ansible on {{ inventory_hostname }}" + parse: 'none' From a596fa870f796f3a79ac1fa953b39ae00da0be7f Mon Sep 17 00:00:00 2001 From: Roman Katrincak Date: Sun, 6 Dec 2015 21:41:30 +0100 Subject: [PATCH 04/29] - Switched to alfred v15.1 from git - Add logrotate config (only 1 day history) --- files/alfred.sh.j2 | 2 +- files/gre_backbone.sh | 2 +- files/logrotate.conf | 34 ++++++++++++++++++++++++++++++++ files/sn_startup.sh.j2 | 25 ++++++++++++------------ install.sn.yml | 44 ++++++++++++++++++++++++++++-------------- 5 files changed, 79 insertions(+), 28 deletions(-) create mode 100644 files/logrotate.conf diff --git a/files/alfred.sh.j2 b/files/alfred.sh.j2 index 7da0925..3d1d88e 100644 --- a/files/alfred.sh.j2 +++ b/files/alfred.sh.j2 @@ -37,7 +37,7 @@ EOF if [ -f $tempfile ] then - /bin/cat "$tempfile" | /bin/gzip | /usr/sbin/alfred -s 158 + /bin/cat "$tempfile" | /bin/gzip | /usr/local/sbin/alfred -s 158 fi if [ -f $tempfile ] diff --git a/files/gre_backbone.sh b/files/gre_backbone.sh index 940b248..0e0debc 100644 --- a/files/gre_backbone.sh +++ b/files/gre_backbone.sh @@ -40,6 +40,6 @@ done /sbin/ip link set up dev bat0 /sbin/ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 /sbin/ip -6 addr add fda0:747e:ab29:7405:255::${localserver#$communityname}/64 dev bat0 -/usr/sbin/alfred -i bat0 > /dev/null 2>&1 & +/usr/local/sbin/alfred -i bat0 > /dev/null 2>&1 & /usr/sbin/batadv-vis -i bat0 -s > /dev/null 2>&1 & /usr/sbin/service bind9 restart diff --git a/files/logrotate.conf b/files/logrotate.conf new file mode 100644 index 0000000..b31a038 --- /dev/null +++ b/files/logrotate.conf @@ -0,0 +1,34 @@ +# see "man logrotate" for details +# rotate log files weekly +#weekly +daily + +# keep 4 weeks worth of backlogs +#rotate 4 +rotate 0 + +# create new (empty) log files after rotating old ones +create + +# uncomment this if you want your log files compressed +#compress + +# packages drop log rotation information into this directory +include /etc/logrotate.d + +# no packages own wtmp, or btmp -- we'll rotate them here +/var/log/wtmp { + missingok + monthly + create 0664 root utmp + rotate 1 +} + +/var/log/btmp { + missingok + monthly + create 0660 root utmp + rotate 1 +} + +# system-specific logs may be configured here diff --git a/files/sn_startup.sh.j2 b/files/sn_startup.sh.j2 index 4eeb555..0025380 100644 --- a/files/sn_startup.sh.j2 +++ b/files/sn_startup.sh.j2 @@ -1,30 +1,31 @@ #!/bin/sh # Stop tunneldigger until bat0 is up -/usr/sbin/service tunneldigger stop +#/usr/sbin/service tunneldigger stop # Set unreachable for table 200 -/bin/ip route add unreachable 0.0.0.0/0 table iffy +#/bin/ip route add unreachable 0.0.0.0/0 table iffy -while ! ping -c 1 -W 1 {{ sn_iffy_traffic }}; do - echo "Waiting for {{ sn_iffy_traffic }} - network interface might be down..." - sleep 5 -done +#while ! ping -c 1 -W 1 {{ sn_iffy_traffic }}; do +# echo "Waiting for {{ sn_iffy_traffic }} - network interface might be down..." +# sleep 5 +#done # Activate IP forwarding /sbin/sysctl -w net.ipv6.conf.all.forwarding=1 /sbin/sysctl -w net.ipv4.ip_forward=1 +/sbin/sysctl kernel.panic=10 # Routing table 200 for traffic above port 1023 -/bin/grep 200 /etc/iproute2/rt_tables || /bin/echo 200 iffy >> /etc/iproute2/rt_tables +#/bin/grep 200 /etc/iproute2/rt_tables || /bin/echo 200 iffy >> /etc/iproute2/rt_tables # Set table for traffice with mark 4 -/bin/ip rule add fwmark 0x4 table iffy +#/bin/ip rule add fwmark 0x4 table iffy # Set mark 4 to traffic above port 1023 -/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 1024:65535 -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 -/sbin/iptables -t mangle -A PREROUTING -p udp --dport 1024:65535 -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 +#/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 1024:65535 -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 +#/sbin/iptables -t mangle -A PREROUTING -p udp --dport 1024:65535 -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 # NAT on eth0 /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE @@ -33,9 +34,9 @@ done /sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 # Set gateway for table 200 -/bin/ip route replace default via {{ sn_iffy_traffic }} table iffy +#/bin/ip route replace default via {{ sn_iffy_traffic }} table iffy # Start tunneldigger -/usr/sbin/service tunneldigger start +#/usr/sbin/service tunneldigger start exit 0 diff --git a/install.sn.yml b/install.sn.yml index 57f6dab..98c5b85 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -65,6 +65,9 @@ - gre_backbone.sh authorized_keys: - authorized_keys + logrotate_config: + - logrotate.conf + tasks: - name: Remove cdrom in sources.list @@ -157,26 +160,39 @@ - systemctl daemon-reload - systemctl enable tunneldigger.service when: tunneldigger.changed - - name: Check if alfred is installed - command: dpkg-query -W alfred - register: alfred_check_deb - failed_when: alfred_check_deb.rc > 1 - changed_when: alfred_check_deb.rc == 1 - - name: Download alfred - get_url: - url="https://firmware.freifunk-wuppertal.net/deb/alfred_2015.0_amd64.deb" - dest="/tmp/alfred_2015.0_amd64.deb" - when: alfred_check_deb.rc == 1 - - name: Install alfred - apt: deb="/tmp/alfred_2015.0_amd64.deb" - sudo: False - when: alfred_check_deb.rc == 1 + - name: Copy logrotate config + copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 + with_items: logrotate_config + - shell: test -f /usr/local/sbin/alfred + register: alfred_file + failed_when: alfred_file.rc > 1 + changed_when: alfred_file.rc == 1 + - name: Get alfred + git: repo=http://git.open-mesh.org/alfred.git + dest=/tmp/alfred + register: git_alfred + when: alfred_file.rc == 1 + - name: make alfred + shell: cd /tmp/alfred && git checkout v2015.1 && make && make install + register: git_alfred + when: alfred_file.rc == 1 + +# - name: Download alfred +# get_url: +# url="https://firmware.freifunk-wuppertal.net/deb/alfred_2015.0_amd64.deb" +# dest="/tmp/alfred_2015.0_amd64.deb" +# when: alfred_check_deb.rc == 1 +# - name: Install alfred +# apt: deb="/tmp/alfred_2015.0_amd64.deb" +# sudo: False +# when: alfred_check_deb.rc == 1 # - name: copy openvpn files # copy: src=./files/{{ item }} dest=/etc/openvpn owner=root group=root mode=0400 # with_items: openvpn_files # - name: copy openvpn scripts # copy: src=./files/{{ item }} dest=/etc/openvpn owner=root group=root mode=0500 # with_items: openvpn_scripts + - name: Create freifunk directory file: path=/opt/freifunk state=directory mode=0755 - name: Check gateway / keepalive script From 163f43c1a188a96cc609d073c6eb00796fe658ac Mon Sep 17 00:00:00 2001 From: Roman Katrincak Date: Wed, 9 Dec 2015 12:53:42 +0100 Subject: [PATCH 05/29] Minor fixes --- files/alfred.sh.j2 | 2 +- files/gre_backbone.sh | 2 +- files/l2tp_broker.cfg.j2 | 2 +- install.sn.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/files/alfred.sh.j2 b/files/alfred.sh.j2 index 3d1d88e..a6cbcfa 100644 --- a/files/alfred.sh.j2 +++ b/files/alfred.sh.j2 @@ -2,7 +2,7 @@ release=$(/bin/uname -r) nodeid=$( /bin/echo {{ sn_mesh_MAC }} | /bin/sed s/://g) -meshh_if=$(/bin/cat /sys/class/net/*/address | /bin/grep -v ^00:00:00) +meshh_if=$(/bin/cat /sys/class/net/troisdorf*/address | /bin/grep -v ^00:00:00) tempfile=/tmp/alfred_info if [ -f $tempfile ] diff --git a/files/gre_backbone.sh b/files/gre_backbone.sh index 0e0debc..d22d7ef 100644 --- a/files/gre_backbone.sh +++ b/files/gre_backbone.sh @@ -1,7 +1,7 @@ #!/bin/sh # Server name ending must be a single digit number communityname="troisdorf" -server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6" +server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf9" domain="freifunk-troisdorf.de" mtu=1500 # community MAC address, without the last Byte (:)! diff --git a/files/l2tp_broker.cfg.j2 b/files/l2tp_broker.cfg.j2 index 78a14f6..8060e21 100644 --- a/files/l2tp_broker.cfg.j2 +++ b/files/l2tp_broker.cfg.j2 @@ -9,7 +9,7 @@ interface=eth0 ; session with the broker max_cookies=1024 ; Maximum number of tunnels that will be allowed by the broker -max_tunnels=50 +max_tunnels=150 ; Tunnel port base port_base=15000 ; Tunnel id base diff --git a/install.sn.yml b/install.sn.yml index 98c5b85..c84e35a 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -250,7 +250,7 @@ - name: Send notification message via Slack local_action: module: slack - token: + token: "{{ slack_token }}" msg: "{{ inventory_hostname }} completed" channel: "#technik" username: "Ansible on {{ inventory_hostname }}" From 84f4373ea4e4cc76923b4b31b8e4c7d57f9cd614 Mon Sep 17 00:00:00 2001 From: Roman Katrincak Date: Sun, 13 Dec 2015 13:33:33 +0100 Subject: [PATCH 06/29] - Add radvd - minor fixes --- files/alfred.sh.j2 | 2 ++ files/bataddif.sh.j2 | 6 ++-- files/collectd.conf.j2 | 2 +- files/gre_backbone.sh | 15 +++++++-- files/radvd.conf.j2 | 12 +++++++ files/sn_startup.sh.j2 | 9 ++++-- install.sn.yml | 72 +++++++++++++++++++++++++----------------- 7 files changed, 80 insertions(+), 38 deletions(-) create mode 100644 files/radvd.conf.j2 diff --git a/files/alfred.sh.j2 b/files/alfred.sh.j2 index a6cbcfa..65445de 100644 --- a/files/alfred.sh.j2 +++ b/files/alfred.sh.j2 @@ -1,5 +1,7 @@ #!/bin/sh +exit 0 + release=$(/bin/uname -r) nodeid=$( /bin/echo {{ sn_mesh_MAC }} | /bin/sed s/://g) meshh_if=$(/bin/cat /sys/class/net/troisdorf*/address | /bin/grep -v ^00:00:00) diff --git a/files/bataddif.sh.j2 b/files/bataddif.sh.j2 index 156b54e..9ad7be5 100644 --- a/files/bataddif.sh.j2 +++ b/files/bataddif.sh.j2 @@ -2,7 +2,7 @@ INTERFACE="$3" #MAC="$8" #BLACKLISTFILE=/opt/freifunk/blockliste.txt - +batctl=/usr/local/sbin/batctl #if [ -f /opt/freifunk/blockliste.txt ] @@ -22,7 +22,7 @@ INTERFACE="$3" #ip link set address {{ sn_mesh_MAC }} dev $INTERFACE ifconfig $INTERFACE hw ether {{ sn_mesh_MAC }} -ip link set dev $INTERFACE up mtu 1312 +/bin/ip link set dev $INTERFACE up mtu 1312 /sbin/sysctl net.ipv4.conf.$INTERFACE.rp_filter=0 -/usr/sbin/batctl if add $INTERFACE +$batctl if add $INTERFACE diff --git a/files/collectd.conf.j2 b/files/collectd.conf.j2 index fdc8ff8..c27fb62 100644 --- a/files/collectd.conf.j2 +++ b/files/collectd.conf.j2 @@ -159,7 +159,7 @@ LoadPlugin users #LoadPlugin thermal #LoadPlugin tokyotyrant #LoadPlugin unixsock -#LoadPlugin uptime +LoadPlugin uptime #LoadPlugin uuid #LoadPlugin varnish diff --git a/files/gre_backbone.sh b/files/gre_backbone.sh index d22d7ef..64abcf6 100644 --- a/files/gre_backbone.sh +++ b/files/gre_backbone.sh @@ -14,6 +14,10 @@ communitynetworkv6="fda0:747e:ab29:7405:255::" octet3rd="255" # CIDR muss /16 sein localserver=$(/bin/hostname) +# files +batadv=/usr/local/sbin/batadv-vis +alfred=/usr/local/sbin/alfred +batctl=/usr/local/sbin/batctl for i in $server; do @@ -26,7 +30,7 @@ for i in $server; do /sbin/ip link set dev $j mtu $mtu /sbin/ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev $j /sbin/ip link set $j up - /usr/sbin/batctl if add $j + $batctl if add $j fi fi @@ -40,6 +44,11 @@ done /sbin/ip link set up dev bat0 /sbin/ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 /sbin/ip -6 addr add fda0:747e:ab29:7405:255::${localserver#$communityname}/64 dev bat0 -/usr/local/sbin/alfred -i bat0 > /dev/null 2>&1 & -/usr/sbin/batadv-vis -i bat0 -s > /dev/null 2>&1 & + +/usr/bin/killall alfred +/usr/bin/killall batadv-vis +/bin/sleep 5 +$alfred -i bat0 > /dev/null 2>&1 & +/bin/sleep 15 +$batadv -i bat0 -s > /dev/null 2>&1 & /usr/sbin/service bind9 restart diff --git a/files/radvd.conf.j2 b/files/radvd.conf.j2 new file mode 100644 index 0000000..b4c45bd --- /dev/null +++ b/files/radvd.conf.j2 @@ -0,0 +1,12 @@ +interface bat0 { + AdvSendAdvert on; + IgnoreIfMissing on; + MaxRtrAdvInterval 200; + RDNSS {{ sn_mesh_IPv6 }} {}; + prefix fda0:747e:ab29:7405::/64 { + AdvOnLink on; + AdvAutonomous on; + AdvRouterAddr on; + }; +}; + diff --git a/files/sn_startup.sh.j2 b/files/sn_startup.sh.j2 index 0025380..96aaa6a 100644 --- a/files/sn_startup.sh.j2 +++ b/files/sn_startup.sh.j2 @@ -1,5 +1,7 @@ #!/bin/sh +curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} + # Stop tunneldigger until bat0 is up #/usr/sbin/service tunneldigger stop @@ -15,7 +17,7 @@ # Activate IP forwarding /sbin/sysctl -w net.ipv6.conf.all.forwarding=1 /sbin/sysctl -w net.ipv4.ip_forward=1 -/sbin/sysctl kernel.panic=10 +/sbin/sysctl kernel.panic=1 # Routing table 200 for traffic above port 1023 #/bin/grep 200 /etc/iproute2/rt_tables || /bin/echo 200 iffy >> /etc/iproute2/rt_tables @@ -37,6 +39,9 @@ #/bin/ip route replace default via {{ sn_iffy_traffic }} table iffy # Start tunneldigger -#/usr/sbin/service tunneldigger start +/usr/sbin/service tunneldigger restart + +# radvd restart +/usr/sbin/service radvd restart exit 0 diff --git a/install.sn.yml b/install.sn.yml index c84e35a..34ca20a 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -29,12 +29,15 @@ - ebtables - python-virtualenv - iptables-persistent - - batctl +# - batctl - iftop - screen - bridge-utils - tcpdump - bind9 + - radvd + - curl + - htop modules_required: - batman-adv - nf_conntrack_netlink @@ -112,13 +115,15 @@ timeout=300 when: hosts.changed when: sethostname.changed + - apt: update_cache=yes - name: Install common required packages apt: state=installed pkg={{ item }} with_items: common_required_packages - register: apt_updates - - name: Install Linux headers - shell: "apt-get install linux-headers-$(uname -r) -y" - when: apt_updates.changed + register: aptupdates +# - name: Install Linux headers +# shell: > +# apt-get install linux-headers-$(uname -r) -y +# when: aptupdates.changed - name: Add modules lineinfile: dest=/etc/modules line={{ item }} with_items: modules_required @@ -127,11 +132,41 @@ modprobe: name={{ item }} with_items: modules_required when: modules_req.changed + + - name: Install Linux headers + shell: > + apt-get install linux-headers-$(uname -r) -y + when: aptupdates.changed + - name: Get batman-adv + git: repo=https://git.open-mesh.org/batman-adv.git + dest=/tmp/batman-adv + when: aptupdates.changed + register: getbatman + - name: Install batman-adv + shell: cd /tmp/batman-adv && git checkout master && make && make install + when: getbatman.changed + - name: Get batctl + git: repo=http://git.open-mesh.org/batctl.git + dest=/tmp/batctl + when: aptupdates.changed + register: getbatctl + - name: Install batctl + shell: cd /tmp/batctl && git checkout master && make && make install + when: getbatctl.changed + - name: Get alfred + git: repo=http://git.open-mesh.org/alfred.git + dest=/tmp/alfred + when: aptupdates.changed + register: getalfred + - name: Install alfred + shell: cd /tmp/alfred && git checkout master && make && make install + when: getalfred.changed + - name: Get Tunneldigger git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger register: tunneldigger - when: apt_updates.changed + when: aptupdates.changed - name: Configure tunneldigger command: "{{item}}" with_items: @@ -163,29 +198,6 @@ - name: Copy logrotate config copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 with_items: logrotate_config - - shell: test -f /usr/local/sbin/alfred - register: alfred_file - failed_when: alfred_file.rc > 1 - changed_when: alfred_file.rc == 1 - - name: Get alfred - git: repo=http://git.open-mesh.org/alfred.git - dest=/tmp/alfred - register: git_alfred - when: alfred_file.rc == 1 - - name: make alfred - shell: cd /tmp/alfred && git checkout v2015.1 && make && make install - register: git_alfred - when: alfred_file.rc == 1 - -# - name: Download alfred -# get_url: -# url="https://firmware.freifunk-wuppertal.net/deb/alfred_2015.0_amd64.deb" -# dest="/tmp/alfred_2015.0_amd64.deb" -# when: alfred_check_deb.rc == 1 -# - name: Install alfred -# apt: deb="/tmp/alfred_2015.0_amd64.deb" -# sudo: False -# when: alfred_check_deb.rc == 1 # - name: copy openvpn files # copy: src=./files/{{ item }} dest=/etc/openvpn owner=root group=root mode=0400 # with_items: openvpn_files @@ -229,6 +241,8 @@ lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present - name: Copy option template template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 + - name: Copy radvd config template + template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 - name: Reboot the server finally shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 From bedbc7f304b0b371a594e5407d8a428ce6b1fe91 Mon Sep 17 00:00:00 2001 From: Roman Katrincak Date: Sun, 13 Dec 2015 14:03:42 +0100 Subject: [PATCH 07/29] Clean up and rearrange the tasks --- install.sn.yml | 35 ++++++----------------------------- 1 file changed, 6 insertions(+), 29 deletions(-) diff --git a/install.sn.yml b/install.sn.yml index 34ca20a..eeb47e8 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -19,7 +19,6 @@ - libnl-3-dev - libjansson-dev - isc-dhcp-server -# - openvpn - collectd - libcap-dev - iproute @@ -53,15 +52,6 @@ - tunneldigger.service bind_zone_fftdf: - named.conf.fftdf -# openvpn_files: -# - mullvad_linux.conf -# - mullvad.key -# - mullvad.crt -# - ca.crt -# - crl.pem -# openvpn_scripts: -# - up.sh -# - down.sh check_gw_script: - keepalive.sh backbone_script: @@ -94,18 +84,18 @@ - name: set hostname hostname: name='{{ sn_hostname }}' register: sethostname - - name: Reboot the server - shell: sleep 2 && shutdown -r now "Ansible updates triggered" - async: 1 - poll: 0 - ignore_errors: true - when: sethostname.changed - name: disable multi CPU Kernel (SMP) lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present register: grubnosmp - name: Update grub shell: update-grub2 when: grubnosmp.changed + - name: Reboot the server + shell: sleep 2 && shutdown -r now "Ansible updates triggered" + async: 1 + poll: 0 + ignore_errors: true + when: sethostname.changed - name: waiting for server to come back local_action: wait_for @@ -120,10 +110,6 @@ apt: state=installed pkg={{ item }} with_items: common_required_packages register: aptupdates -# - name: Install Linux headers -# shell: > -# apt-get install linux-headers-$(uname -r) -y -# when: aptupdates.changed - name: Add modules lineinfile: dest=/etc/modules line={{ item }} with_items: modules_required @@ -132,7 +118,6 @@ modprobe: name={{ item }} with_items: modules_required when: modules_req.changed - - name: Install Linux headers shell: > apt-get install linux-headers-$(uname -r) -y @@ -161,7 +146,6 @@ - name: Install alfred shell: cd /tmp/alfred && git checkout master && make && make install when: getalfred.changed - - name: Get Tunneldigger git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger @@ -198,13 +182,6 @@ - name: Copy logrotate config copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 with_items: logrotate_config -# - name: copy openvpn files -# copy: src=./files/{{ item }} dest=/etc/openvpn owner=root group=root mode=0400 -# with_items: openvpn_files -# - name: copy openvpn scripts -# copy: src=./files/{{ item }} dest=/etc/openvpn owner=root group=root mode=0500 -# with_items: openvpn_scripts - - name: Create freifunk directory file: path=/opt/freifunk state=directory mode=0755 - name: Check gateway / keepalive script From b08a586d1bf59ab8b6fdb1859125c8b6c57c887e Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Sun, 13 Dec 2015 14:24:33 +0100 Subject: [PATCH 08/29] CLI Test --- install.sn.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sn.yml b/install.sn.yml index eeb47e8..dbb5f8a 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -1,6 +1,7 @@ # First install ssh-key at remote computer # In case of python error start: # ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y" +# Version 1.0 - name: Install Freifunk Troisdorf super node # hosts: FreifunkSupernodesL2TP From 51cc01a485f90987263aac0a314157b0aa2b92b5 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Mon, 14 Dec 2015 20:07:50 +0100 Subject: [PATCH 09/29] Minor fixes --- files/alfred.sh.j2 | 50 ------------------- files/{gre_backbone.sh => gre_backbone.sh.j2} | 11 ++-- files/sn_startup.sh.j2 | 7 ++- install.sn.yml | 9 +--- 4 files changed, 14 insertions(+), 63 deletions(-) delete mode 100644 files/alfred.sh.j2 rename files/{gre_backbone.sh => gre_backbone.sh.j2} (68%) diff --git a/files/alfred.sh.j2 b/files/alfred.sh.j2 deleted file mode 100644 index 65445de..0000000 --- a/files/alfred.sh.j2 +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh - -exit 0 - -release=$(/bin/uname -r) -nodeid=$( /bin/echo {{ sn_mesh_MAC }} | /bin/sed s/://g) -meshh_if=$(/bin/cat /sys/class/net/troisdorf*/address | /bin/grep -v ^00:00:00) -tempfile=/tmp/alfred_info - -if [ -f $tempfile ] - then - /bin/rm $tempfile -fi - -/bin/cat > $tempfile < Date: Tue, 15 Dec 2015 17:01:49 +0100 Subject: [PATCH 10/29] switched from batman-adv 2014.3.0 to master --- install.sn.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/install.sn.yml b/install.sn.yml index 5678a94..6e6e7b0 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -29,7 +29,6 @@ - ebtables - python-virtualenv - iptables-persistent -# - batctl - iftop - screen - bridge-utils @@ -70,9 +69,9 @@ apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present - name: Update apt cache apt: update_cache=yes - - name: Install new kernel - apt: name=linux-image-4.2.0-0.bpo.1-amd64 state=present - register: kernel4 +# - name: Install new kernel +# apt: name=linux-image-4.2.0-0.bpo.1-amd64 state=present +# register: kernel4 - name: Gathering facts setup: - name: Set IPv4 in hostfile @@ -136,6 +135,7 @@ register: getbatctl - name: Install batctl shell: cd /tmp/batctl && git checkout master && make && make install +# shell: cd /tmp/batctl && git checkout v2014.3.0 && make && make install when: getbatctl.changed - name: Get alfred git: repo=http://git.open-mesh.org/alfred.git @@ -236,7 +236,7 @@ local_action: module: slack token: "{{ slack_token }}" - msg: "{{ inventory_hostname }} completed" + msg: "{{ inventory_hostname }} completed with branch testing" channel: "#technik" username: "Ansible on {{ inventory_hostname }}" parse: 'none' From 8d4388b4e1258920feea7132839a2fc9a3be53cc Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Tue, 15 Dec 2015 17:56:07 +0100 Subject: [PATCH 11/29] changed path to batman bin --- files/batdelif.sh | 2 +- install.sn.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/files/batdelif.sh b/files/batdelif.sh index dbe3614..65fc46d 100644 --- a/files/batdelif.sh +++ b/files/batdelif.sh @@ -1,4 +1,4 @@ #!/bin/bash INTERFACE="$3" -/usr/sbin/batctl if del $INTERFACE +/usr/local/sbin/batctl if del $INTERFACE diff --git a/install.sn.yml b/install.sn.yml index 6e6e7b0..8a3f4a8 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -134,8 +134,8 @@ when: aptupdates.changed register: getbatctl - name: Install batctl - shell: cd /tmp/batctl && git checkout master && make && make install -# shell: cd /tmp/batctl && git checkout v2014.3.0 && make && make install +# shell: cd /tmp/batctl && git checkout master && make && make install + shell: cd /tmp/batctl && git checkout v2015.2 && make && make install when: getbatctl.changed - name: Get alfred git: repo=http://git.open-mesh.org/alfred.git From 65454f7ed48e06c26bbc73f4bc1c8ed130646686 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Thu, 17 Dec 2015 11:21:59 +0100 Subject: [PATCH 12/29] Kernel 3.x and Alfred is back --- files/alfred.sh.j2 | 51 ++++++++++++++++++++++++++++++++++++++++ files/bataddif.sh.j2 | 6 +++-- files/gre_backbone.sh.j2 | 6 ++--- install.sn.yml | 22 ++++++++++------- 4 files changed, 72 insertions(+), 13 deletions(-) create mode 100644 files/alfred.sh.j2 diff --git a/files/alfred.sh.j2 b/files/alfred.sh.j2 new file mode 100644 index 0000000..bc03367 --- /dev/null +++ b/files/alfred.sh.j2 @@ -0,0 +1,51 @@ +#!/bin/sh + +release=$(/bin/uname -r) +nodeid=$( /bin/echo {{ sn_mesh_MAC }} | /bin/sed s/://g) +#meshh_if=$(/bin/cat /sys/class/net/troisdorf*/address | /bin/grep -v ^00:00:00) +meshh_if=$(/bin/cat /sys/class/net/l2tp*/address | /bin/grep -v ^00:00:00) +tempfile=/tmp/alfred_info + +if [ -f $tempfile ] + then + /bin/rm $tempfile +fi + +/bin/cat > $tempfile < /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast diff --git a/files/gre_backbone.sh.j2 b/files/gre_backbone.sh.j2 index 41fb365..8c1e16f 100644 --- a/files/gre_backbone.sh.j2 +++ b/files/gre_backbone.sh.j2 @@ -3,7 +3,7 @@ communityname="troisdorf" server="troisdorf0 {{ sn_hostname }}" domain="freifunk-troisdorf.de" -mtu=1400 +mtu=1500 # community MAC address, without the last Byte (:)! communitymacaddress="a2:8c:ae:6f:f6" # Network part of the network, without the trailing dot @@ -26,8 +26,8 @@ for i in $server; do if [ $i != $j ]; then if [ $i = $(/bin/hostname) ]; then -# /sbin/ip link add $j type gretap local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') remote $(/usr/bin/dig +short $j.$domain) dev eth0 nopmtudisc - /sbin/ip link add $j type gretap local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') remote $(/usr/bin/dig +short $j.$domain) dev eth0 + /sbin/ip link add $j type gretap local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') remote $(/usr/bin/dig +short $j.$domain) dev eth0 nopmtudisc +# /sbin/ip link add $j type gretap local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') remote $(/usr/bin/dig +short $j.$domain) dev eth0 /sbin/ip link set dev $j mtu $mtu # /sbin/ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev $j # /sbin/ip link set address $communitymacaddress$:0${localserver#$communityname} dev $j diff --git a/install.sn.yml b/install.sn.yml index 8a3f4a8..bdefdb5 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -218,6 +218,12 @@ template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 - name: Copy radvd config template template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 + + - name: Alfed message + template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544 + - name: Add cron job with alfred info script + cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root" + - name: Reboot the server finally shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 @@ -232,11 +238,11 @@ delay=15 timeout=300 when: tunneldigger.changed - - name: Send notification message via Slack - local_action: - module: slack - token: "{{ slack_token }}" - msg: "{{ inventory_hostname }} completed with branch testing" - channel: "#technik" - username: "Ansible on {{ inventory_hostname }}" - parse: 'none' +# - name: Send notification message via Slack +# local_action: +# module: slack +# token: "{{ slack_token }}" +# msg: "{{ inventory_hostname }} completed with branch testing" +# channel: "#technik" +# username: "Ansible on {{ inventory_hostname }}" +# parse: 'none' From db3f35baff7a19ae7efa021313b07f9e8a3ff23e Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Thu, 17 Dec 2015 11:23:51 +0100 Subject: [PATCH 13/29] Kernel 3.x and Alfred is back --- install.sn.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/install.sn.yml b/install.sn.yml index bdefdb5..fb9a5cd 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -238,11 +238,11 @@ delay=15 timeout=300 when: tunneldigger.changed -# - name: Send notification message via Slack -# local_action: -# module: slack -# token: "{{ slack_token }}" -# msg: "{{ inventory_hostname }} completed with branch testing" -# channel: "#technik" -# username: "Ansible on {{ inventory_hostname }}" -# parse: 'none' + - name: Send notification message via Slack + local_action: + module: slack + token: "{{ slack_token }}" + msg: "{{ inventory_hostname }} completed with branch testing" + channel: "#technik" + username: "Ansible on {{ inventory_hostname }}" + parse: 'none' From 3c6f36a9972e50c3a279e7fcabd4428e49940083 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Fri, 18 Dec 2015 08:53:46 +0100 Subject: [PATCH 14/29] Version control added --- install.sn.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install.sn.yml b/install.sn.yml index fb9a5cd..a79aaef 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -10,6 +10,7 @@ user: root gather_facts: False vars: + snversion: testing_v1.0 common_required_packages: - git - make @@ -230,6 +231,8 @@ poll: 0 ignore_errors: true when: tunneldigger.changed + - name: Wirte version information + shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version - name: waiting for server to come back local_action: wait_for From 925115dc3c8d874ac32cacfd5b6f4c7497c7405d Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Sun, 20 Dec 2015 15:23:21 +0100 Subject: [PATCH 15/29] Batman 2015.1 --- install.sn.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/install.sn.yml b/install.sn.yml index a79aaef..42c4e34 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -1,7 +1,6 @@ # First install ssh-key at remote computer # In case of python error start: # ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y" -# Version 1.0 - name: Install Freifunk Troisdorf super node # hosts: FreifunkSupernodesL2TP @@ -10,7 +9,7 @@ user: root gather_facts: False vars: - snversion: testing_v1.0 + snversion: testing_v1.1 common_required_packages: - git - make @@ -135,8 +134,7 @@ when: aptupdates.changed register: getbatctl - name: Install batctl -# shell: cd /tmp/batctl && git checkout master && make && make install - shell: cd /tmp/batctl && git checkout v2015.2 && make && make install + shell: cd /tmp/batctl && git checkout v2015.1 && make && make install when: getbatctl.changed - name: Get alfred git: repo=http://git.open-mesh.org/alfred.git From 3970526a7642f60570a17ce59b3da35d11335fba Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Sun, 20 Dec 2015 15:49:46 +0100 Subject: [PATCH 16/29] Housekeeping, same like testing v1.1 --- install.sn.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/install.sn.yml b/install.sn.yml index 42c4e34..a6c1230 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: testing_v1.1 + snversion: master_v1.2 common_required_packages: - git - make @@ -69,9 +69,6 @@ apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present - name: Update apt cache apt: update_cache=yes -# - name: Install new kernel -# apt: name=linux-image-4.2.0-0.bpo.1-amd64 state=present -# register: kernel4 - name: Gathering facts setup: - name: Set IPv4 in hostfile @@ -217,12 +214,10 @@ template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 - name: Copy radvd config template template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 - - name: Alfed message template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544 - name: Add cron job with alfred info script cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root" - - name: Reboot the server finally shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 From 7572453d44cd69062cadbe1b77daf911daa5e1cc Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Mon, 21 Dec 2015 00:20:51 +0100 Subject: [PATCH 17/29] Change back to l2tp Backbone --- files/l2tp_backbone.sh.j2 | 56 +++++++++++++++++++++++++++++++++++++++ install.sn.yml | 10 ++++--- l2tp_backbone.sh | 56 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 118 insertions(+), 4 deletions(-) create mode 100644 files/l2tp_backbone.sh.j2 create mode 100755 l2tp_backbone.sh diff --git a/files/l2tp_backbone.sh.j2 b/files/l2tp_backbone.sh.j2 new file mode 100644 index 0000000..41925c7 --- /dev/null +++ b/files/l2tp_backbone.sh.j2 @@ -0,0 +1,56 @@ +#!/bin/sh +# Version 5 +# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!! +communityname="troisdorf" +#server="troisdorf0 troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9 " +server="troisdorf0 {{ sn_hostname }}" +domain="freifunk-troisdorf.de" +mtu=1400 +# community MAC address, without the last Byte (:)! +communitymacaddress="a2:8c:ae:6f:f6" +tunnelPrefix=10 +sessionPrefix=1 +# Netzwerkteil des Netzes, ohne abschliessenden Punkt +communitynetwork="10.188" +# IPv6 network +communitynetworkv6="fda0:747e:ab29:7405:255::" +# Drittes Octet des serverbereichs +octet3rd="255" +# CIDR muss /16 sein +localserver=$(/bin/hostname) +batadv=/usr/local/sbin/batadv-vis +alfred=/usr/local/sbin/alfred +batctl=/usr/local/sbin/batctl +ip=/sbin/ip +dig=/usr/bin/dig + +for i in $server; do +( + for j in $server; do + if [ $i != $j ]; then + if [ $i = $localserver ]; then + ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname} + ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname} + #ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j + ip link set dev l2tp-$j mtu $mtu + ip link set up l2tp-$j + $batctl if add l2tp-$j + fi + fi + done +) +done + +# Rest starten +$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 +#$ip link set address $communitymacaddress:ff dev bat0 +$ip link set up dev bat0 +$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 +$ip -6 addr add $communitynetworkv6${localserver#$communityname}/64 dev bat0 + +/usr/bin/killall alfred +/usr/bin/killall batadv-vis +/bin/sleep 5 +$alfred -i bat0 > /dev/null 2>&1 & +/bin/sleep 15 +$batadv -i bat0 -s > /dev/null 2>&1 & diff --git a/install.sn.yml b/install.sn.yml index a6c1230..89a638b 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v1.2 + snversion: master_v1.4 common_required_packages: - git - make @@ -37,6 +37,8 @@ - radvd - curl - htop + - psmisc + - dnsutils modules_required: - batman-adv - nf_conntrack_netlink @@ -189,11 +191,11 @@ - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 - name: Add cron backbone script - cron: name=backbone special_time=reboot job="/opt/freifunk/gre_backbone.sh" + cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" - name: Add cron startup script cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" - name: Copy backbone script - template: src=./files/gre_backbone.sh.j2 dest=/opt/freifunk/gre_backbone.sh owner=root group=root mode=0544 + template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 - name: Collectd template file template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 register: collectd @@ -238,7 +240,7 @@ local_action: module: slack token: "{{ slack_token }}" - msg: "{{ inventory_hostname }} completed with branch testing" + msg: "{{ inventory_hostname }} completed with {{ snversion }}" channel: "#technik" username: "Ansible on {{ inventory_hostname }}" parse: 'none' diff --git a/l2tp_backbone.sh b/l2tp_backbone.sh new file mode 100755 index 0000000..c3fffb4 --- /dev/null +++ b/l2tp_backbone.sh @@ -0,0 +1,56 @@ +#!/bin/sh +# Version 5 +# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!! +communityname="troisdorf" +#server="troisdorf0 troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9 " +server="troisdorf0 troisdorf9" +domain="freifunk-troisdorf.de" +mtu=1400 +# community MAC address, without the last Byte (:)! +communitymacaddress="a2:8c:ae:6f:f6" +tunnelPrefix=10 +sessionPrefix=1 +# Netzwerkteil des Netzes, ohne abschliessenden Punkt +communitynetwork="10.188" +# IPv6 network +communitynetworkv6="fda0:747e:ab29:7405:255::" +# Drittes Octet des serverbereichs +octet3rd="255" +# CIDR muss /16 sein +localserver=$(/bin/hostname) +batadv=/usr/local/sbin/batadv-vis +alfred=/usr/local/sbin/alfred +batctl=/usr/local/sbin/batctl +ip=/sbin/ip +dig=/usr/bin/dig + +for i in $server; do +( + for j in $server; do + if [ $i != $j ]; then + if [ $i = $localserver ]; then + ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname} + ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname} + #ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j + ip link set dev l2tp-$j mtu $mtu + ip link set up l2tp-$j + $batctl if add l2tp-$j + fi + fi + done +) +done + +# Rest starten +$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 +#$ip link set address $communitymacaddress:ff dev bat0 +$ip link set up dev bat0 +$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 +$ip -6 addr add $communitynetworkv6${localserver#$communityname}/64 dev bat0 + +/usr/bin/killall alfred +/usr/bin/killall batadv-vis +/bin/sleep 5 +$alfred -i bat0 > /dev/null 2>&1 & +/bin/sleep 15 +$batadv -i bat0 -s > /dev/null 2>&1 & From 6cf59a6384da1792516ac18f8f14a55a3a675da7 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Mon, 21 Dec 2015 00:21:32 +0100 Subject: [PATCH 18/29] Change back to l2tp Backbone --- l2tp_backbone.sh | 56 ------------------------------------------------ 1 file changed, 56 deletions(-) delete mode 100755 l2tp_backbone.sh diff --git a/l2tp_backbone.sh b/l2tp_backbone.sh deleted file mode 100755 index c3fffb4..0000000 --- a/l2tp_backbone.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh -# Version 5 -# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!! -communityname="troisdorf" -#server="troisdorf0 troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9 " -server="troisdorf0 troisdorf9" -domain="freifunk-troisdorf.de" -mtu=1400 -# community MAC address, without the last Byte (:)! -communitymacaddress="a2:8c:ae:6f:f6" -tunnelPrefix=10 -sessionPrefix=1 -# Netzwerkteil des Netzes, ohne abschliessenden Punkt -communitynetwork="10.188" -# IPv6 network -communitynetworkv6="fda0:747e:ab29:7405:255::" -# Drittes Octet des serverbereichs -octet3rd="255" -# CIDR muss /16 sein -localserver=$(/bin/hostname) -batadv=/usr/local/sbin/batadv-vis -alfred=/usr/local/sbin/alfred -batctl=/usr/local/sbin/batctl -ip=/sbin/ip -dig=/usr/bin/dig - -for i in $server; do -( - for j in $server; do - if [ $i != $j ]; then - if [ $i = $localserver ]; then - ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname} - ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname} - #ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j - ip link set dev l2tp-$j mtu $mtu - ip link set up l2tp-$j - $batctl if add l2tp-$j - fi - fi - done -) -done - -# Rest starten -$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 -#$ip link set address $communitymacaddress:ff dev bat0 -$ip link set up dev bat0 -$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 -$ip -6 addr add $communitynetworkv6${localserver#$communityname}/64 dev bat0 - -/usr/bin/killall alfred -/usr/bin/killall batadv-vis -/bin/sleep 5 -$alfred -i bat0 > /dev/null 2>&1 & -/bin/sleep 15 -$batadv -i bat0 -s > /dev/null 2>&1 & From 9f47bd12745dcb64a5d71eab73332dceaeec247d Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Mon, 21 Dec 2015 00:57:53 +0100 Subject: [PATCH 19/29] Bind restart after l2tp backbone script --- files/l2tp_backbone.sh.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/files/l2tp_backbone.sh.j2 b/files/l2tp_backbone.sh.j2 index 41925c7..c8cbbb8 100644 --- a/files/l2tp_backbone.sh.j2 +++ b/files/l2tp_backbone.sh.j2 @@ -54,3 +54,4 @@ $ip -6 addr add $communitynetworkv6${localserver#$communityname}/64 dev bat0 $alfred -i bat0 > /dev/null 2>&1 & /bin/sleep 15 $batadv -i bat0 -s > /dev/null 2>&1 & +/usr/sbin/service bind9 restart From 7d7ce7fc033467911cfe07d92fb19613fe0257b5 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Mon, 21 Dec 2015 16:14:13 +0100 Subject: [PATCH 20/29] Add L2TP backbone script for ffswitch server --- files/l2tp_backbone.sh.j2 | 2 +- files/l2tp_backbone_ffswitch.sh.j2 | 56 ++++++++++++++++++++++++++++++ install.sn.yml | 26 +++++++++++--- 3 files changed, 79 insertions(+), 5 deletions(-) create mode 100644 files/l2tp_backbone_ffswitch.sh.j2 diff --git a/files/l2tp_backbone.sh.j2 b/files/l2tp_backbone.sh.j2 index c8cbbb8..90bf7ef 100644 --- a/files/l2tp_backbone.sh.j2 +++ b/files/l2tp_backbone.sh.j2 @@ -2,7 +2,7 @@ # Version 5 # Der servername muss mit einer einstelligen Zahl aufhoeren!!!!! communityname="troisdorf" -#server="troisdorf0 troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9 " +#server="troisdorf0 troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9" server="troisdorf0 {{ sn_hostname }}" domain="freifunk-troisdorf.de" mtu=1400 diff --git a/files/l2tp_backbone_ffswitch.sh.j2 b/files/l2tp_backbone_ffswitch.sh.j2 new file mode 100644 index 0000000..8f2a2a3 --- /dev/null +++ b/files/l2tp_backbone_ffswitch.sh.j2 @@ -0,0 +1,56 @@ +#!/bin/sh +# Version 5 +# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!! +communityname="troisdorf" +server="troisdorf0 troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9" +#server="troisdorf0 {{ sn_hostname }}" +domain="freifunk-troisdorf.de" +mtu=1400 +# community MAC address, without the last Byte (:)! +communitymacaddress="a2:8c:ae:6f:f6" +tunnelPrefix=10 +sessionPrefix=1 +# Netzwerkteil des Netzes, ohne abschliessenden Punkt +communitynetwork="10.188" +# IPv6 network +communitynetworkv6="fda0:747e:ab29:7405:255::" +# Drittes Octet des serverbereichs +octet3rd="255" +# CIDR muss /16 sein +localserver=$(/bin/hostname) +batadv=/usr/local/sbin/batadv-vis +alfred=/usr/local/sbin/alfred +batctl=/usr/local/sbin/batctl +ip=/sbin/ip +dig=/usr/bin/dig + +for i in $server; do +( + for j in $server; do + if [ $i != $j ]; then + if [ $i = $localserver ]; then + ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname} + ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname} + #ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j + ip link set dev l2tp-$j mtu $mtu + ip link set up l2tp-$j + $batctl if add l2tp-$j + fi + fi + done +) +done + +# Rest starten +$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 +#$ip link set address $communitymacaddress:ff dev bat0 +$ip link set up dev bat0 +$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 +$ip -6 addr add $communitynetworkv6${localserver#$communityname}/64 dev bat0 + +/usr/bin/killall alfred +/usr/bin/killall batadv-vis +/bin/sleep 5 +$alfred -i bat0 > /dev/null 2>&1 & +/bin/sleep 15 +$batadv -i bat0 -s > /dev/null 2>&1 & diff --git a/install.sn.yml b/install.sn.yml index 89a638b..e603b49 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,8 @@ user: root gather_facts: False vars: - snversion: master_v1.4 + snversion: master_v1.7 + batmanversion: v2015.2 common_required_packages: - git - make @@ -124,8 +125,11 @@ dest=/tmp/batman-adv when: aptupdates.changed register: getbatman + - name: Get batman-adv no rebrotcast patch + get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch - name: Install batman-adv - shell: cd /tmp/batman-adv && git checkout master && make && make install + shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install +# shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install when: getbatman.changed - name: Get batctl git: repo=http://git.open-mesh.org/batctl.git @@ -133,7 +137,7 @@ when: aptupdates.changed register: getbatctl - name: Install batctl - shell: cd /tmp/batctl && git checkout v2015.1 && make && make install + shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install when: getbatctl.changed - name: Get alfred git: repo=http://git.open-mesh.org/alfred.git @@ -141,13 +145,14 @@ when: aptupdates.changed register: getalfred - name: Install alfred - shell: cd /tmp/alfred && git checkout master && make && make install + shell: cd /tmp/alfred && git checkout {{ batmanversion }} && make && make install when: getalfred.changed - name: Get Tunneldigger git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger register: tunneldigger when: aptupdates.changed + when: ffswitch is undefined - name: Configure tunneldigger command: "{{item}}" with_items: @@ -185,17 +190,25 @@ copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 with_items: check_gw_script register: check_gw + when: ffswitch is undefined - name: Add cron job with check gateway script cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root" when: check_gw.changed + when: ffswitch is undefined - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 + when: ffswitch is undefined - name: Add cron backbone script cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" - name: Add cron startup script cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" - name: Copy backbone script template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 + when: ffswitch is undefined + - name: Copy backbone script + template: src=./files/l2tp_backbone_ffswitch.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 + when: ffswitch is defined + register: ffswitchl2tp - name: Collectd template file template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 register: collectd @@ -210,12 +223,16 @@ - name: Copy secondary zone file copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644 with_items: bind_zone_fftdf + when: ffswitch is undefined - name: Bind9, activate fftdf zone lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present + when: ffswitch is undefined - name: Copy option template template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 + when: ffswitch is undefined - name: Copy radvd config template template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 + when: ffswitch is undefined - name: Alfed message template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544 - name: Add cron job with alfred info script @@ -226,6 +243,7 @@ poll: 0 ignore_errors: true when: tunneldigger.changed + when: ffswitchl2tp.changed - name: Wirte version information shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version - name: waiting for server to come back From 519067f28e96908b66308b8b5ef08843bf66e2fe Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Mon, 21 Dec 2015 21:14:03 +0100 Subject: [PATCH 21/29] Switched to full mesh --- files/l2tp_backbone.sh.j2 | 4 ++-- install.sn.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/files/l2tp_backbone.sh.j2 b/files/l2tp_backbone.sh.j2 index 90bf7ef..bdbd65c 100644 --- a/files/l2tp_backbone.sh.j2 +++ b/files/l2tp_backbone.sh.j2 @@ -2,8 +2,8 @@ # Version 5 # Der servername muss mit einer einstelligen Zahl aufhoeren!!!!! communityname="troisdorf" -#server="troisdorf0 troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9" -server="troisdorf0 {{ sn_hostname }}" +server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9" +#server="troisdorf0 {{ sn_hostname }}" domain="freifunk-troisdorf.de" mtu=1400 # community MAC address, without the last Byte (:)! diff --git a/install.sn.yml b/install.sn.yml index e603b49..68a636c 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v1.7 + snversion: master_v1.8 batmanversion: v2015.2 common_required_packages: - git From 92f77319630152ceaeab2add92a7a4da0d940988 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Mon, 21 Dec 2015 21:17:21 +0100 Subject: [PATCH 22/29] Switched to full mesh --- install.sn.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/install.sn.yml b/install.sn.yml index 68a636c..23cf2e1 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -152,7 +152,7 @@ dest=/srv/tunneldigger register: tunneldigger when: aptupdates.changed - when: ffswitch is undefined +# when: ffswitch is undefined - name: Configure tunneldigger command: "{{item}}" with_items: @@ -190,25 +190,25 @@ copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 with_items: check_gw_script register: check_gw - when: ffswitch is undefined +# when: ffswitch is undefined - name: Add cron job with check gateway script cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root" when: check_gw.changed - when: ffswitch is undefined +# when: ffswitch is undefined - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 - when: ffswitch is undefined +# when: ffswitch is undefined - name: Add cron backbone script cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" - name: Add cron startup script cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" - name: Copy backbone script template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 - when: ffswitch is undefined - - name: Copy backbone script - template: src=./files/l2tp_backbone_ffswitch.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 - when: ffswitch is defined - register: ffswitchl2tp +# when: ffswitch is undefined +# - name: Copy backbone script +# template: src=./files/l2tp_backbone_ffswitch.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 +# when: ffswitch is defined +# register: ffswitchl2tp - name: Collectd template file template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 register: collectd @@ -223,16 +223,16 @@ - name: Copy secondary zone file copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644 with_items: bind_zone_fftdf - when: ffswitch is undefined +# when: ffswitch is undefined - name: Bind9, activate fftdf zone lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present - when: ffswitch is undefined +# when: ffswitch is undefined - name: Copy option template template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 - when: ffswitch is undefined +# when: ffswitch is undefined - name: Copy radvd config template template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 - when: ffswitch is undefined +# when: ffswitch is undefined - name: Alfed message template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544 - name: Add cron job with alfred info script @@ -243,7 +243,7 @@ poll: 0 ignore_errors: true when: tunneldigger.changed - when: ffswitchl2tp.changed +# when: ffswitchl2tp.changed - name: Wirte version information shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version - name: waiting for server to come back From 42a00b1d92610bef680010249f2b6efc76ad1bb4 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Mon, 21 Dec 2015 21:31:36 +0100 Subject: [PATCH 23/29] Switched to full mesh --- files/sn_startup.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/sn_startup.sh.j2 b/files/sn_startup.sh.j2 index 0fd2a9d..23a3eef 100644 --- a/files/sn_startup.sh.j2 +++ b/files/sn_startup.sh.j2 @@ -33,7 +33,7 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Allow MAC address spoofing -/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 +#/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 # Set gateway for table 200 #/bin/ip route replace default via {{ sn_iffy_traffic }} table iffy From cc173ba8c5fd85686eef4c764fc91bf7c1c039c4 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Tue, 22 Dec 2015 20:30:16 +0100 Subject: [PATCH 24/29] central MTU management --- files/dhcpd.conf.j2 | 6 +++++- files/gre_backbone.sh.j2 | 2 +- files/l2tp_backbone.sh.j2 | 2 +- files/l2tp_backbone_ffswitch.sh.j2 | 2 +- install.sn.yml | 23 +++++++---------------- 5 files changed, 15 insertions(+), 20 deletions(-) diff --git a/files/dhcpd.conf.j2 b/files/dhcpd.conf.j2 index 95998d0..060cced 100644 --- a/files/dhcpd.conf.j2 +++ b/files/dhcpd.conf.j2 @@ -1,3 +1,4 @@ +# Version 1.2 ddns-update-style none; option domain-name "fftdf"; default-lease-time 300; @@ -9,6 +10,9 @@ range {{ sn_dhcp_range }}; option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns }}; option routers {{ sn_dhcp_router }}; interface bat0; - +} +host database { + hardware ethernet 5e:51:68:d6:6a:69; + fixed-address 10.188.1.27; } diff --git a/files/gre_backbone.sh.j2 b/files/gre_backbone.sh.j2 index 8c1e16f..b4af165 100644 --- a/files/gre_backbone.sh.j2 +++ b/files/gre_backbone.sh.j2 @@ -3,7 +3,7 @@ communityname="troisdorf" server="troisdorf0 {{ sn_hostname }}" domain="freifunk-troisdorf.de" -mtu=1500 +mtu={{ sn_mtu }} # community MAC address, without the last Byte (:)! communitymacaddress="a2:8c:ae:6f:f6" # Network part of the network, without the trailing dot diff --git a/files/l2tp_backbone.sh.j2 b/files/l2tp_backbone.sh.j2 index bdbd65c..d5ec362 100644 --- a/files/l2tp_backbone.sh.j2 +++ b/files/l2tp_backbone.sh.j2 @@ -5,7 +5,7 @@ communityname="troisdorf" server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9" #server="troisdorf0 {{ sn_hostname }}" domain="freifunk-troisdorf.de" -mtu=1400 +mtu={{ sn_mtu }} # community MAC address, without the last Byte (:)! communitymacaddress="a2:8c:ae:6f:f6" tunnelPrefix=10 diff --git a/files/l2tp_backbone_ffswitch.sh.j2 b/files/l2tp_backbone_ffswitch.sh.j2 index 8f2a2a3..abb5702 100644 --- a/files/l2tp_backbone_ffswitch.sh.j2 +++ b/files/l2tp_backbone_ffswitch.sh.j2 @@ -5,7 +5,7 @@ communityname="troisdorf" server="troisdorf0 troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9" #server="troisdorf0 {{ sn_hostname }}" domain="freifunk-troisdorf.de" -mtu=1400 +mtu={{ sn_mtu }} # community MAC address, without the last Byte (:)! communitymacaddress="a2:8c:ae:6f:f6" tunnelPrefix=10 diff --git a/install.sn.yml b/install.sn.yml index 23cf2e1..8c9aabb 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v1.8 + snversion: master_v1.8.3 batmanversion: v2015.2 common_required_packages: - git @@ -126,7 +126,8 @@ when: aptupdates.changed register: getbatman - name: Get batman-adv no rebrotcast patch - get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch + get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch + when: getbatman.changed - name: Install batman-adv shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install # shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install @@ -152,7 +153,6 @@ dest=/srv/tunneldigger register: tunneldigger when: aptupdates.changed -# when: ffswitch is undefined - name: Configure tunneldigger command: "{{item}}" with_items: @@ -190,25 +190,21 @@ copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 with_items: check_gw_script register: check_gw -# when: ffswitch is undefined - name: Add cron job with check gateway script cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root" when: check_gw.changed -# when: ffswitch is undefined - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 -# when: ffswitch is undefined + register: dhcpd + - name: Restart dhcpd + service: name=isc-dhcp-server state=restarted + when: dhcpd.changed - name: Add cron backbone script cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" - name: Add cron startup script cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" - name: Copy backbone script template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 -# when: ffswitch is undefined -# - name: Copy backbone script -# template: src=./files/l2tp_backbone_ffswitch.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 -# when: ffswitch is defined -# register: ffswitchl2tp - name: Collectd template file template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 register: collectd @@ -223,16 +219,12 @@ - name: Copy secondary zone file copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644 with_items: bind_zone_fftdf -# when: ffswitch is undefined - name: Bind9, activate fftdf zone lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present -# when: ffswitch is undefined - name: Copy option template template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 -# when: ffswitch is undefined - name: Copy radvd config template template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 -# when: ffswitch is undefined - name: Alfed message template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544 - name: Add cron job with alfred info script @@ -243,7 +235,6 @@ poll: 0 ignore_errors: true when: tunneldigger.changed -# when: ffswitchl2tp.changed - name: Wirte version information shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version - name: waiting for server to come back From 70df4ac8b35f69e4c0d2761bd5119d35b9f6973a Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Tue, 22 Dec 2015 21:42:07 +0100 Subject: [PATCH 25/29] central MTU management --- files/authorized_keys | 1 + install.sn.yml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/files/authorized_keys b/files/authorized_keys index 5e1a015..90c7b09 100644 --- a/files/authorized_keys +++ b/files/authorized_keys @@ -6,3 +6,4 @@ ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA5OYOF+VBtXXxv/wZkT5K3P7QAUJaM88zJqeGh8NJCO7E ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDA2KJvzjFxFrjJvxJj/AZ3rPKGT15JUnV7LhTo0BuXITwx+DpEK6u2m3yjigf2B8ws4VbpL7ceWyP8L3wspozqbqOgyYrQ9TISipkNV9O/DzR+F8R7mhn5mV7+pEOJu1Ba6rtYTfJTcloRKklfO9UjaFLwM69H0GNsomcKMd5Kl4c7DMMwcpXfhb8b7ET5agtfAhXU0CHalnhdAVCwmsC3mj9blOLlX4lxFLonGKVcZB7nWQEmvVAG+9yp6UWZZzeBCPea8Bw4hUVAZcsbK9XLbE4D+gUoxHu2oKGRja4kUnYmlWZOyqlUGbRD6bUxmnW1aBCh8x+b91YLlGv38vT6Y/sy0tPOoVK5kHxJ2yQmnlpgRzgBZf8Kl9ouO/onvExR787C+6TGG834ROW3SaiEeta0RvWwLzugexotT02qqpJmlIXu+gpvN+O9LSfQWzcaCFJTB6MD8mox1ks/W15Uij1pCeleUmiFdVtmt3PCs/ouuG1Uhm9MSWOBNwdFlTpAngopqBHSKYpTY+LhDD9Bv+U4Tno3i4dIGLYqNVmaRij2A0jZeSKOi/OgAaQsD7CzrDhn7C8dlsBFzPjtpFNqgk2Ss5bv3dpfQhBKsaxAe0X5W57vqJD+986039H3fj9/2o2PGuWCNr1LCWSjiy8t/P++cbn0rGdJAIexgTj3Q== supernodeadmin@update1 +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUTvOdUbtWOmQ1HHh1rNm9LvGozlVPOu0XVcmZ2/NfSOrDbnN99Y4o2Q2mm/ZITWtEZkijnS+LdqB/SO+I2c8NWQO3+gCd9WzI/pqRso2eDIMtPfidnEGdUi4+hHmT96TGOh6P/SrR71646AJkQr5vxLDs/U/57uyTxNwgHFYb1zfekeK4J8gm9StfiGTdfFDTQsYQljrO0YxGrNG2koRXDwgUca4kGjx/HYwnjtl1nDRSAa8HvgxqAASFFrqSOhCkrlCgxoKZZwGIFccYTcAJFDhqIG32q2tRAQOtqxy5OWbTkJLBTBaR7dG4W9iYHbV6vscfNQD7Ml3aMrS+TA0x stefan@ff-stefan@tst-office diff --git a/install.sn.yml b/install.sn.yml index 8c9aabb..fc679de 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v1.8.3 + snversion: master_v1.8.4 batmanversion: v2015.2 common_required_packages: - git @@ -199,6 +199,7 @@ - name: Restart dhcpd service: name=isc-dhcp-server state=restarted when: dhcpd.changed + ignore_errors: yes - name: Add cron backbone script cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" - name: Add cron startup script From a388307c6d82d838bd334597d9559ff9b88aa291 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Thu, 24 Dec 2015 00:12:53 +0100 Subject: [PATCH 26/29] Tunneldigger load balancing v1.9.0 --- install.sn.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/install.sn.yml b/install.sn.yml index fc679de..c365aaf 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v1.8.4 + snversion: master_v1.9.0 batmanversion: v2015.2 common_required_packages: - git @@ -149,7 +149,8 @@ shell: cd /tmp/alfred && git checkout {{ batmanversion }} && make && make install when: getalfred.changed - name: Get Tunneldigger - git: repo=https://github.com/wlanslovenija/tunneldigger.git +# git: repo=https://github.com/wlanslovenija/tunneldigger.git + git: repo=https://github.com/ffrl/tunneldigger.git dest=/srv/tunneldigger register: tunneldigger when: aptupdates.changed From 8c1c6ffeb3dcdbf9217c2120df74adc8494f88ec Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Fri, 25 Dec 2015 21:52:39 +0100 Subject: [PATCH 27/29] Block RFC1918 and APIPA destination via eth0 --- files/sn_startup.sh.j2 | 7 ++++++- install.sn.yml | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/files/sn_startup.sh.j2 b/files/sn_startup.sh.j2 index 23a3eef..8fbf7e7 100644 --- a/files/sn_startup.sh.j2 +++ b/files/sn_startup.sh.j2 @@ -13,6 +13,11 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", # sleep 5 #done +# Block RFC1918 and APIPA destination via WAN +/sbin/iptables -P OUTPUT ACCEPT +for i in 10.0.0.0/8 172.16.0.0/12 169.254.0.0/16 192.168.0.0/16; do +/sbin/iptables -A OUTPUT -o eth0 -d $i -j DROP +done # Activate IP forwarding /sbin/sysctl -w net.ipv6.conf.all.forwarding=1 @@ -33,7 +38,7 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Allow MAC address spoofing -#/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 +/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 # Set gateway for table 200 #/bin/ip route replace default via {{ sn_iffy_traffic }} table iffy diff --git a/install.sn.yml b/install.sn.yml index c365aaf..a043eb2 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v1.9.0 + snversion: master_v1.9.1 batmanversion: v2015.2 common_required_packages: - git From 2e6bd7d22e25e1ee6be2798fce9ecfe591d81800 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Sat, 26 Dec 2015 20:25:44 +0100 Subject: [PATCH 28/29] Add dhcpd static configuration and ntp --- files/dhcpd.conf.j2 | 6 +----- install.sn.yml | 14 +++++++++++++- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/files/dhcpd.conf.j2 b/files/dhcpd.conf.j2 index 060cced..d23aa06 100644 --- a/files/dhcpd.conf.j2 +++ b/files/dhcpd.conf.j2 @@ -11,8 +11,4 @@ option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns }}; option routers {{ sn_dhcp_router }}; interface bat0; } -host database { - hardware ethernet 5e:51:68:d6:6a:69; - fixed-address 10.188.1.27; -} - +include "/opt/freifunk/static-dhcp/static.conf"; diff --git a/install.sn.yml b/install.sn.yml index a043eb2..2c7809b 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v1.9.1 + snversion: master_v1.9.3 batmanversion: v2015.2 common_required_packages: - git @@ -40,6 +40,7 @@ - htop - psmisc - dnsutils + - ntp modules_required: - batman-adv - nf_conntrack_netlink @@ -108,6 +109,8 @@ apt: state=installed pkg={{ item }} with_items: common_required_packages register: aptupdates + - name: Set clock + shell: ntpd -q -g - name: Add modules lineinfile: dest=/etc/modules line={{ item }} with_items: modules_required @@ -197,6 +200,15 @@ - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 register: dhcpd + + - name: Clone static DHCP config + git: repo=https://github.com/Freifunk-Troisdorf/static-dhcp + dest=/opt/freifunk/static-dhcp + when: dhcpd.changed + - name: Add cron static DHCP + cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh" + when: dhcpd.changed + - name: Restart dhcpd service: name=isc-dhcp-server state=restarted when: dhcpd.changed From 3d54aea283db5ac748de43ff0d6b7400c375a39a Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Sat, 26 Dec 2015 23:14:54 +0100 Subject: [PATCH 29/29] Add ntp hard sync --- install.sn.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sn.yml b/install.sn.yml index 2c7809b..77c0d15 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -110,7 +110,7 @@ with_items: common_required_packages register: aptupdates - name: Set clock - shell: ntpd -q -g + shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start - name: Add modules lineinfile: dest=/etc/modules line={{ item }} with_items: modules_required