From e085ddd3a515494c3771c0862b40e82cf4a7d733 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Tue, 17 May 2016 23:42:37 +0200 Subject: [PATCH 01/10] new-new-net --- ...d-troisdorf1.conf => bird-troisdorf4.conf} | 0 ...d-troisdorf2.conf => bird-troisdorf7.conf} | 0 ...-troisdorf1.conf => bird6-troisdorf4.conf} | 0 ...-troisdorf2.conf => bird6-troisdorf7.conf} | 0 files/dhcpd.conf.j2 | 4 +- files/dhcpd6.conf.j2 | 11 +---- ...faces-troisdorf1 => interfaces-troisdorf4} | 0 ...faces-troisdorf2 => interfaces-troisdorf7} | 0 files/l2tp_backbone.sh.exit.j2 | 43 ++++++++++--------- 9 files changed, 26 insertions(+), 32 deletions(-) rename files/{bird-troisdorf1.conf => bird-troisdorf4.conf} (100%) rename files/{bird-troisdorf2.conf => bird-troisdorf7.conf} (100%) rename files/{bird6-troisdorf1.conf => bird6-troisdorf4.conf} (100%) rename files/{bird6-troisdorf2.conf => bird6-troisdorf7.conf} (100%) rename files/{interfaces-troisdorf1 => interfaces-troisdorf4} (100%) rename files/{interfaces-troisdorf2 => interfaces-troisdorf7} (100%) diff --git a/files/bird-troisdorf1.conf b/files/bird-troisdorf4.conf similarity index 100% rename from files/bird-troisdorf1.conf rename to files/bird-troisdorf4.conf diff --git a/files/bird-troisdorf2.conf b/files/bird-troisdorf7.conf similarity index 100% rename from files/bird-troisdorf2.conf rename to files/bird-troisdorf7.conf diff --git a/files/bird6-troisdorf1.conf b/files/bird6-troisdorf4.conf similarity index 100% rename from files/bird6-troisdorf1.conf rename to files/bird6-troisdorf4.conf diff --git a/files/bird6-troisdorf2.conf b/files/bird6-troisdorf7.conf similarity index 100% rename from files/bird6-troisdorf2.conf rename to files/bird6-troisdorf7.conf diff --git a/files/dhcpd.conf.j2 b/files/dhcpd.conf.j2 index e226e31..8cd5205 100644 --- a/files/dhcpd.conf.j2 +++ b/files/dhcpd.conf.j2 @@ -4,10 +4,10 @@ option domain-name "fftdf"; default-lease-time 300; max-lease-time 3600; log-facility local7; -subnet 10.188.0.0 netmask 255.255.0.0 { +subnet {{ sn_mesh_IPv4_net }} netmask 255.255.224.0 { authoritative; range {{ sn_dhcp_range }}; -option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns_v4 }}; +option domain-name-servers {{ sn_mesh_IPv4 }}; option routers {{ sn_mesh_IPv4 }}; option interface-mtu {{ sn_mtu }}; interface bat0; diff --git a/files/dhcpd6.conf.j2 b/files/dhcpd6.conf.j2 index e16eb8b..2a79b20 100644 --- a/files/dhcpd6.conf.j2 +++ b/files/dhcpd6.conf.j2 @@ -6,17 +6,10 @@ authoritative; default-lease-time 300; max-lease-time 600; -#option dhcp6.name-servers {{ sn_mesh_IPv6 }}; -option dhcp6.name-servers {{ sn_mesh_IPv6 }}, {{ sn_dhcp_dns_v6 }}; +option dhcp6.name-servers {{ sn_mesh_IPv6 }}; option dhcp6.domain-search "fftdf"; -subnet6 2a03:2260:121::/64 { -# -# # Range for clients -# range6 2a03:2260:121::201 2a03:2260:121::ffff; -# -# # Range for clients requesting a temporary address -# range6 2a03:2260:121::/64 temporary; +subnet6 {{ sn_mesh_IPv6_net }} { } diff --git a/files/interfaces-troisdorf1 b/files/interfaces-troisdorf4 similarity index 100% rename from files/interfaces-troisdorf1 rename to files/interfaces-troisdorf4 diff --git a/files/interfaces-troisdorf2 b/files/interfaces-troisdorf7 similarity index 100% rename from files/interfaces-troisdorf2 rename to files/interfaces-troisdorf7 diff --git a/files/l2tp_backbone.sh.exit.j2 b/files/l2tp_backbone.sh.exit.j2 index 28e4b2a..58da4c1 100644 --- a/files/l2tp_backbone.sh.exit.j2 +++ b/files/l2tp_backbone.sh.exit.j2 @@ -1,5 +1,5 @@ #!/bin/sh -# Version 6 +# Version 7 # Der servername muss mit einer einstelligen Zahl aufhoeren!!!!! communityname="troisdorf" server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9" @@ -24,30 +24,31 @@ batctl=/usr/local/sbin/batctl ip=/sbin/ip dig=/usr/bin/dig -for i in $server; do -( - for j in $server; do - if [ $i != $j ]; then - if [ $i = $localserver ]; then - ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname} - ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname} - #ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j - ip link set dev l2tp-$j mtu $mtu - ip link set up l2tp-$j - $batctl if add l2tp-$j - fi - fi - done -) -done +#for i in $server; do +#( +# for j in $server; do +# if [ $i != $j ]; then +# if [ $i = $localserver ]; then +# ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname} +# ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname} +# #ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j +# ip link set dev l2tp-$j mtu $mtu +# ip link set up l2tp-$j +# $batctl if add l2tp-$j +# fi +# fi +# done +#) +#done # Rest starten $ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 $ip link set up dev bat0 -$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 -$ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 dev bat0 -$ip route add {{ snx_ffrl_IPv4 }}/32 via {{ snx_mesh_IPv4 }} table 42 -$ip route add {{ snx_ffrl_IPv4 }}/32 via {{ snx_mesh_IPv4 }} +#$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 +$ip addr add {{ sn_mesh_IPv4 }}/19 broadcast {{ sn_mesh_IPv4_brcast }} dev bat0 +#$ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 dev bat0 +$ip -6 addr add {{ sn_mesh_IPv6 }}/64 dev bat0 +$ip route add 10.188.0.0/16 via 10.188.x.254 table 42 /usr/bin/killall batadv-vis /bin/sleep 15 From e3be9b0e0f867e196f08b9a7bbaff52790c0e7ed Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Tue, 17 May 2016 23:50:08 +0200 Subject: [PATCH 02/10] newn-new-net --- files/named.conf.fftdf | 6 ------ files/radvd.conf.j2 | 3 +-- files/sn_startup.exit.sh.j2 | 4 ++-- 3 files changed, 3 insertions(+), 10 deletions(-) delete mode 100644 files/named.conf.fftdf diff --git a/files/named.conf.fftdf b/files/named.conf.fftdf deleted file mode 100644 index 0807a3e..0000000 --- a/files/named.conf.fftdf +++ /dev/null @@ -1,6 +0,0 @@ -zone "fftdf" { - type slave; - masters { 10.188.1.100; }; - file "/var/lib/bind/db.fftdf"; -}; - diff --git a/files/radvd.conf.j2 b/files/radvd.conf.j2 index 6951b8e..10737a0 100644 --- a/files/radvd.conf.j2 +++ b/files/radvd.conf.j2 @@ -3,8 +3,7 @@ interface bat0 { IgnoreIfMissing on; MaxRtrAdvInterval 200; RDNSS {{ sn_mesh_IPv6 }} {}; -# prefix fda0:747e:ab29:7405::/64 { - prefix 2a03:2260:121::/64 { + prefix {{ sn_mesh_IPv6_net }} { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; diff --git a/files/sn_startup.exit.sh.j2 b/files/sn_startup.exit.sh.j2 index 9c44143..51ce325 100644 --- a/files/sn_startup.exit.sh.j2 +++ b/files/sn_startup.exit.sh.j2 @@ -19,11 +19,11 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", # Set mark 4 to Freifunk traffic /sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 -/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4 +/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4 # All from FF IPv4 via routing table 42 /bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42 -/bin/ip -6 rule add from 2a03:2260:121::/64 lookup 42 +/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42 # Allow MAC address spoofing /sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 From 559d2cc19598269c3a294def0382bca05a2950ad Mon Sep 17 00:00:00 2001 From: Stefan Hoffmann Date: Wed, 18 May 2016 00:36:33 +0200 Subject: [PATCH 03/10] Tunneldigger Backup Config --- files/l2tp_broker.cfg-backup.j2 | 51 +++++++++++++++++++++++++++++++ files/start-broker-backup.sh | 9 ++++++ files/tunneldigger-backup.service | 9 ++++++ 3 files changed, 69 insertions(+) create mode 100644 files/l2tp_broker.cfg-backup.j2 create mode 100644 files/start-broker-backup.sh create mode 100644 files/tunneldigger-backup.service diff --git a/files/l2tp_broker.cfg-backup.j2 b/files/l2tp_broker.cfg-backup.j2 new file mode 100644 index 0000000..debcd1d --- /dev/null +++ b/files/l2tp_broker.cfg-backup.j2 @@ -0,0 +1,51 @@ +[broker] +; IP address the broker will listen and accept tunnels on +address={{ ansible_default_ipv4.address }} +; Ports where the broker will listen on +port={{ sn_l2tp_tb_backup_port }} +; Interface with that IP address +interface=eth0 +; Maximum number of cached cookies, required for establishing a +; session with the broker +max_cookies=1024 +; Maximum number of tunnels that will be allowed by the broker +max_tunnels=150 +; Tunnel port base +port_base=25000 +; Tunnel id base +tunnel_id_base=500 +; Tunnel timeout interval in seconds +tunnel_timeout=60 +; Should PMTU discovery be enabled +pmtu_discovery=false +; Namespace (for running multiple brokers); note that you must also +; configure disjunct ports, and tunnel identifiers in order for +; namespacing to work +namespace=backup + +[log] +; Log filename +filename=/var/log/tunneldigger-broker-backup.log +; Verbosity +verbosity=DEBUG +; Should IP addresses be logged or not +log_ip_addresses=false + +[hooks] +; Arguments to the session.{up,pre-down,down} hooks are as follows: +; +; +; +; Arguments to the session.mtu-changed hook are as follows: +; +; +; + +; Called after the tunnel interface goes up +session.up=/srv/tunneldigger/bataddif.sh +; Called just before the tunnel interface goes down +session.pre-down=/srv/tunneldigger/batdelif.sh +; Called after the tunnel interface goes down +session.down= +; Called after the tunnel MTU gets changed because of PMTU discovery +session.mtu-changed= diff --git a/files/start-broker-backup.sh b/files/start-broker-backup.sh new file mode 100644 index 0000000..8f05c33 --- /dev/null +++ b/files/start-broker-backup.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +WDIR=/srv/tunneldigger +VIRTUALENV_DIR=/srv/tunneldigger + +cd $WDIR +source $VIRTUALENV_DIR/bin/activate + +bin/python broker/l2tp_broker.py l2tp_broker-backup.cfg diff --git a/files/tunneldigger-backup.service b/files/tunneldigger-backup.service new file mode 100644 index 0000000..afa351b --- /dev/null +++ b/files/tunneldigger-backup.service @@ -0,0 +1,9 @@ +[Unit] +Description = Start tunneldigger L2TPv3 broker +After = network.target + +[Service] +ExecStart = /srv/tunneldigger/start-broker-backup.sh + +[Install] +WantedBy = multi-user.target From dfa92530ec30a36ce3e7664adce54f00678ddbc1 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Wed, 18 May 2016 20:27:11 +0200 Subject: [PATCH 04/10] new-new-new-newer-net --- install.sn.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/install.sn.yml b/install.sn.yml index 6f6f94a..f253f7b 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -51,9 +51,14 @@ - l2tp_eth tunneldigger_scripts: - start-broker.sh + - start-broker-backup.sh - batdelif.sh tunneldigger_service: - tunneldigger.service + - tunneldigger-backup.service + broker_cfg + - l2tp_broker.cfg-backup.j2 + - l2tp_broker.cfg.j2 bind_zone_fftdf: - named.conf.fftdf check_gw_script: @@ -160,7 +165,8 @@ pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/ when: tunneldigger.changed - name: Copy l2tp broker config template - template: src=./files/l2tp_broker.cfg.j2 dest=/srv/tunneldigger/l2tp_broker.cfg owner=root group=root mode=0444 + template: src=./files/{{ item }} dest=/srv/ owner=root group=root mode=0444 + with_items: broker_cfg when: tunneldigger.changed - name: Copy tunneldigger script template template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500 From 6a2a18f8a783711b9ceb5f443c921926d21463e0 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Fri, 20 May 2016 21:58:25 +0200 Subject: [PATCH 05/10] new-new-net --- install.sn.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/install.sn.yml b/install.sn.yml index f253f7b..37b201e 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -56,11 +56,11 @@ tunneldigger_service: - tunneldigger.service - tunneldigger-backup.service - broker_cfg + broker_cfg: - l2tp_broker.cfg-backup.j2 - l2tp_broker.cfg.j2 - bind_zone_fftdf: - - named.conf.fftdf +# bind_zone_fftdf: +# - named.conf.fftdf check_gw_script: - keepalive.sh authorized_keys: @@ -252,9 +252,9 @@ - name: SSH authorized_keys copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 with_items: authorized_keys - - name: Copy secondary zone file - copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644 - with_items: bind_zone_fftdf +# - name: Copy secondary zone file +# copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644 +# with_items: bind_zone_fftdf - name: Bind9, activate fftdf zone lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present - name: Copy option template From c8cbc23f99b2e69f3d11056a7ef3ed75028e3302 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Fri, 20 May 2016 23:13:42 +0200 Subject: [PATCH 06/10] new_new_net --- ..._broker.cfg-backup.j2 => l2tp_broker-backup.cfg} | 0 files/{l2tp_broker.cfg.j2 => l2tp_broker.cfg} | 0 install.sn.yml | 13 +++++++------ 3 files changed, 7 insertions(+), 6 deletions(-) rename files/{l2tp_broker.cfg-backup.j2 => l2tp_broker-backup.cfg} (100%) rename files/{l2tp_broker.cfg.j2 => l2tp_broker.cfg} (100%) diff --git a/files/l2tp_broker.cfg-backup.j2 b/files/l2tp_broker-backup.cfg similarity index 100% rename from files/l2tp_broker.cfg-backup.j2 rename to files/l2tp_broker-backup.cfg diff --git a/files/l2tp_broker.cfg.j2 b/files/l2tp_broker.cfg similarity index 100% rename from files/l2tp_broker.cfg.j2 rename to files/l2tp_broker.cfg diff --git a/install.sn.yml b/install.sn.yml index 37b201e..ad104a1 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v3.0.14 + snversion: master_v3.0.15 batmanversion: v2015.2 common_required_packages: - git @@ -57,8 +57,8 @@ - tunneldigger.service - tunneldigger-backup.service broker_cfg: - - l2tp_broker.cfg-backup.j2 - - l2tp_broker.cfg.j2 + - l2tp_broker-backup.cfg + - l2tp_broker.cfg # bind_zone_fftdf: # - named.conf.fftdf check_gw_script: @@ -165,7 +165,7 @@ pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/ when: tunneldigger.changed - name: Copy l2tp broker config template - template: src=./files/{{ item }} dest=/srv/ owner=root group=root mode=0444 + template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444 with_items: broker_cfg when: tunneldigger.changed - name: Copy tunneldigger script template @@ -175,8 +175,8 @@ copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500 with_items: tunneldigger_scripts when: tunneldigger.changed - - name: Copy tunneldigger service file - copy: src=./files/{{ item }} dest=/etc/systemd/system/tunneldigger.service owner=root group=root mode=0444 + - name: Copy tunneldigger service template + copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444 with_items: tunneldigger_service when: tunneldigger.changed - name: Tunneldigger reload @@ -184,6 +184,7 @@ with_items: - systemctl daemon-reload - systemctl enable tunneldigger.service + - systemctl enable tunneldigger-backup.service when: tunneldigger.changed - name: Copy logrotate config copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 From ed9222a3b4d0a09568a55e143cfbfa86aa9adede Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Thu, 26 May 2016 22:38:20 +0200 Subject: [PATCH 07/10] new-new-net --- files/l2tp_backbone.sh.exit.j2 | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/files/l2tp_backbone.sh.exit.j2 b/files/l2tp_backbone.sh.exit.j2 index 58da4c1..f56d720 100644 --- a/files/l2tp_backbone.sh.exit.j2 +++ b/files/l2tp_backbone.sh.exit.j2 @@ -1,5 +1,8 @@ #!/bin/sh -# Version 7 +# Version 8 + +sleep 120 + # Der servername muss mit einer einstelligen Zahl aufhoeren!!!!! communityname="troisdorf" server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9" @@ -11,12 +14,12 @@ communitymacaddress="a2:8c:ae:6f:f6" tunnelPrefix=10 sessionPrefix=1 # Netzwerkteil des Netzes, ohne abschliessenden Punkt -communitynetwork="10.188" +#communitynetwork="10.188" # IPv6 network #communitynetworkv6="fda0:747e:ab29:7405:255::" -communitynetworkv6="2a03:2260:121::" +#communitynetworkv6="2a03:2260:121::" # Drittes Octet des serverbereichs -octet3rd="255" +#octet3rd="255" # CIDR muss /16 sein localserver=$(/bin/hostname) batadv=/usr/local/sbin/batadv-vis @@ -44,11 +47,12 @@ dig=/usr/bin/dig # Rest starten $ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 $ip link set up dev bat0 -#$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 $ip addr add {{ sn_mesh_IPv4 }}/19 broadcast {{ sn_mesh_IPv4_brcast }} dev bat0 -#$ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 dev bat0 $ip -6 addr add {{ sn_mesh_IPv6 }}/64 dev bat0 -$ip route add 10.188.0.0/16 via 10.188.x.254 table 42 +$ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }} table 42 +$ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }} +$ip -6 route add 2a03:2260:121::/56 via {{ sn_mesh_IPv6_xfer }} table 42 +$ip -6 route add 2a03:2260:121::/56 via {{ sn_mesh_IPv6_xfer }} /usr/bin/killall batadv-vis /bin/sleep 15 From 3e4b83d964a4b79005482b23960476585b6b04d8 Mon Sep 17 00:00:00 2001 From: Stefan Hoffmann Date: Sat, 28 May 2016 01:41:07 +0200 Subject: [PATCH 08/10] Added DNS Configs --- files/fftdf/db.188.10 | 22 +++++++++++++++++++ ...b.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa | 20 +++++++++++++++++ files/fftdf/db.fftdf | 22 +++++++++++++++++++ files/fftdf/fftdf.conf | 21 ++++++++++++++++++ files/named.conf.local | 10 +++++++++ 5 files changed, 95 insertions(+) create mode 100644 files/fftdf/db.188.10 create mode 100644 files/fftdf/db.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa create mode 100644 files/fftdf/db.fftdf create mode 100644 files/fftdf/fftdf.conf create mode 100644 files/named.conf.local diff --git a/files/fftdf/db.188.10 b/files/fftdf/db.188.10 new file mode 100644 index 0000000..2d6dad7 --- /dev/null +++ b/files/fftdf/db.188.10 @@ -0,0 +1,22 @@ +;; db.188.10 +;; Reverse lookup zone for fftdf +;; +$TTL 2D +@ IN SOA fftdf. root.fftdf. ( + 2014071300 ; Serial + 8H ; Refresh + 2H ; Retry + 4W ; Expire + 2D ) ; TTL Negative Cache + +@ IN NS dns1.infra.fftdf. + +1.0 IN PTR nextnode.fftdf. +;; Update Servers +22.1 IN PTR update1.infra.fftdf. +23.1 IN PTR update2.infra.fftdf. +24.1 IN PTR update3.infra.fftdf. +25.1 IN PTR update4.infra.fftdf. +;; Map Server +21.1 IN PTR map.infa.fftdf. +1.1 IN PTR gateway1.infra.fftdf. \ No newline at end of file diff --git a/files/fftdf/db.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa b/files/fftdf/db.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa new file mode 100644 index 0000000..49903e0 --- /dev/null +++ b/files/fftdf/db.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa @@ -0,0 +1,20 @@ +;; db.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa +;; IPv6 reverse lookup zone for fftdf +;; +$TTL 2D +$ORIGIN 5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa. +@ IN SOA fftdf. root.fftdf. ( + 2014071301 ; Serial + 8H ; Refresh + 2H ; Retry + 4W ; Expire + 2D ) ; TTL Negative Cache +@ NS dns1.infra.fftdf. + +1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR nextnode.fftdf. +2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR update1.infra.fftdf. +3.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR update1.infra.fftdf. +4.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR update1.infra.fftdf. +5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR update1.infra.fftdf. +1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR map.infra.fftdf. +1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR gateway1.infra.fftdf. \ No newline at end of file diff --git a/files/fftdf/db.fftdf b/files/fftdf/db.fftdf new file mode 100644 index 0000000..56b405d --- /dev/null +++ b/files/fftdf/db.fftdf @@ -0,0 +1,22 @@ +;; db.fftdf +;; Forwardlookupzone für .fftdf +;; +$TTL 600 +@ IN SOA fftdf. root.fftdf. ( + 2015584543 ; Serial + 8H ; Refresh + 2H ; Retry + 4W ; Expire + 3H ) ; NX (TTL Negativ Cache) + +@ IN NS {{ sn_hostname }}.infra.fftdf. + IN A {{ sn_mesh_ipv4 }} + IN AAAA {{ sn_mesh_ipv6 }} +localhost IN A 127.0.0.1 + IN AAAA ::1 +nextnode IN A 10.188.0.1 + IN AAAA 2a03:2260:121::1 +;; Update Servers +update1.infra IN AAAA 2a03:2260:121::22 +update2.infra IN AAAA 2a03:2260:121::23 +update3.infra IN AAAA 2a03:2260:121::24 diff --git a/files/fftdf/fftdf.conf b/files/fftdf/fftdf.conf new file mode 100644 index 0000000..7d40d95 --- /dev/null +++ b/files/fftdf/fftdf.conf @@ -0,0 +1,21 @@ +// Zone declarations for Freifunk Troisdorf + +zone "fftdf" { + type master; + file "/etc/bind/fftdf/db.fftdf"; +}; + +zone "nodes.fftdf" { + type master; + file "/etc/bind/fftdf/db.nodes.fftdf"; +}; + +zone "188.10.in-addr.arpa" { + type master; + file "/etc/bind/fftdf/db.188.10"; +}; + +zone "5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa" { + type master; + file "/etc/bind/fftdf/db.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa"; +}; \ No newline at end of file diff --git a/files/named.conf.local b/files/named.conf.local new file mode 100644 index 0000000..db75b20 --- /dev/null +++ b/files/named.conf.local @@ -0,0 +1,10 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + +// Include Freifunk Troisdorf (fftdf) zones +include "/etc/bind/fftdf/fftdf.conf"; \ No newline at end of file From 2ce8651c26cd3df2ceaee0617a03434a00da688f Mon Sep 17 00:00:00 2001 From: Stefan Hoffmann Date: Sat, 28 May 2016 12:26:12 +0200 Subject: [PATCH 09/10] DNS Integration --- files/fftdf/fftdf.conf | 15 --------------- install.sn.yml | 39 ++++++++++++++++++--------------------- 2 files changed, 18 insertions(+), 36 deletions(-) diff --git a/files/fftdf/fftdf.conf b/files/fftdf/fftdf.conf index 7d40d95..e94dfa6 100644 --- a/files/fftdf/fftdf.conf +++ b/files/fftdf/fftdf.conf @@ -3,19 +3,4 @@ zone "fftdf" { type master; file "/etc/bind/fftdf/db.fftdf"; -}; - -zone "nodes.fftdf" { - type master; - file "/etc/bind/fftdf/db.nodes.fftdf"; -}; - -zone "188.10.in-addr.arpa" { - type master; - file "/etc/bind/fftdf/db.188.10"; -}; - -zone "5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa" { - type master; - file "/etc/bind/fftdf/db.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa"; }; \ No newline at end of file diff --git a/install.sn.yml b/install.sn.yml index ad104a1..5a8e20d 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -3,13 +3,12 @@ # ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y" - name: Install Freifunk Troisdorf super node -# hosts: FreifunkSupernodesL2TP hosts: '{{ target }}' sudo: False user: root gather_facts: False vars: - snversion: master_v3.0.15 + snversion: master_v3.0.14 batmanversion: v2015.2 common_required_packages: - git @@ -57,10 +56,10 @@ - tunneldigger.service - tunneldigger-backup.service broker_cfg: - - l2tp_broker-backup.cfg - - l2tp_broker.cfg -# bind_zone_fftdf: -# - named.conf.fftdf + - l2tp_broker.cfg-backup.j2 + - l2tp_broker.cfg.j2 + bind_zone_fftdf: + - named.conf.fftdf check_gw_script: - keepalive.sh authorized_keys: @@ -76,8 +75,6 @@ raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list" - name: Make this server ansible compatible raw: "apt-get update && apt-get install python -y" -# - name: Add backport repo to source list #target: /etc/apt/sources.list.d -# apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present - name: Update apt cache apt: update_cache=yes - name: Gathering facts @@ -130,17 +127,14 @@ shell: > apt-get install linux-headers-$(uname -r) -y when: aptupdates.changed +# Install Batman-adv and batctl # - name: Get batman-adv git: repo=https://git.open-mesh.org/batman-adv.git dest=/tmp/batman-adv when: aptupdates.changed register: getbatman -# - name: Get batman-adv no rebrotcast patch -# get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch -# when: getbatman.changed - name: Install batman-adv shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install -# shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install when: getbatman.changed - name: Get batctl git: repo=http://git.open-mesh.org/batctl.git @@ -150,8 +144,8 @@ - name: Install batctl shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install when: getbatctl.changed +# Install Tunneldigger # - name: Get Tunneldigger -# git: repo=https://github.com/wlanslovenija/tunneldigger.git git: repo=https://github.com/ffrl/tunneldigger.git dest=/srv/tunneldigger register: tunneldigger @@ -165,7 +159,7 @@ pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/ when: tunneldigger.changed - name: Copy l2tp broker config template - template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444 + template: src=./files/{{ item }} dest=/srv/ owner=root group=root mode=0444 with_items: broker_cfg when: tunneldigger.changed - name: Copy tunneldigger script template @@ -175,8 +169,8 @@ copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500 with_items: tunneldigger_scripts when: tunneldigger.changed - - name: Copy tunneldigger service template - copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444 + - name: Copy tunneldigger service file + copy: src=./files/{{ item }} dest=/etc/systemd/system/ owner=root group=root mode=0444 with_items: tunneldigger_service when: tunneldigger.changed - name: Tunneldigger reload @@ -184,7 +178,6 @@ with_items: - systemctl daemon-reload - systemctl enable tunneldigger.service - - systemctl enable tunneldigger-backup.service when: tunneldigger.changed - name: Copy logrotate config copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 @@ -253,13 +246,17 @@ - name: SSH authorized_keys copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 with_items: authorized_keys -# - name: Copy secondary zone file -# copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644 -# with_items: bind_zone_fftdf - name: Bind9, activate fftdf zone - lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present + lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/fftdf/fftdf.conf";' state=present - name: Copy option template template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 + - name: Create fftdf directory + file: path=/etc/bind/fftdf state=directory + - name: Copy FFTDF Zones + copy: src=./files/fftdf/{{ item }} dest=/etc/bind/fftdf/{{ item }} owner=root group=bind mode=644 + with_items: + - fftdf.conf + - db.fftdf - name: Copy radvd config template template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 - name: Interface configuration with ffrl gre tunnel From 57e6976ca9aa106714b521b6c7be55d40130471d Mon Sep 17 00:00:00 2001 From: Stefan Hoffmann Date: Sat, 28 May 2016 12:27:49 +0200 Subject: [PATCH 10/10] Removed Old DNS Files --- files/fftdf/db.188.10 | 22 ------------------- ...b.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa | 20 ----------------- 2 files changed, 42 deletions(-) delete mode 100644 files/fftdf/db.188.10 delete mode 100644 files/fftdf/db.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa diff --git a/files/fftdf/db.188.10 b/files/fftdf/db.188.10 deleted file mode 100644 index 2d6dad7..0000000 --- a/files/fftdf/db.188.10 +++ /dev/null @@ -1,22 +0,0 @@ -;; db.188.10 -;; Reverse lookup zone for fftdf -;; -$TTL 2D -@ IN SOA fftdf. root.fftdf. ( - 2014071300 ; Serial - 8H ; Refresh - 2H ; Retry - 4W ; Expire - 2D ) ; TTL Negative Cache - -@ IN NS dns1.infra.fftdf. - -1.0 IN PTR nextnode.fftdf. -;; Update Servers -22.1 IN PTR update1.infra.fftdf. -23.1 IN PTR update2.infra.fftdf. -24.1 IN PTR update3.infra.fftdf. -25.1 IN PTR update4.infra.fftdf. -;; Map Server -21.1 IN PTR map.infa.fftdf. -1.1 IN PTR gateway1.infra.fftdf. \ No newline at end of file diff --git a/files/fftdf/db.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa b/files/fftdf/db.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa deleted file mode 100644 index 49903e0..0000000 --- a/files/fftdf/db.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa +++ /dev/null @@ -1,20 +0,0 @@ -;; db.5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa -;; IPv6 reverse lookup zone for fftdf -;; -$TTL 2D -$ORIGIN 5.0.4.7.9.2.b.a.e.7.4.7.0.a.d.f.ip6.arpa. -@ IN SOA fftdf. root.fftdf. ( - 2014071301 ; Serial - 8H ; Refresh - 2H ; Retry - 4W ; Expire - 2D ) ; TTL Negative Cache -@ NS dns1.infra.fftdf. - -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR nextnode.fftdf. -2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR update1.infra.fftdf. -3.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR update1.infra.fftdf. -4.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR update1.infra.fftdf. -5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR update1.infra.fftdf. -1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR map.infra.fftdf. -1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR gateway1.infra.fftdf. \ No newline at end of file