Freifunk-Troisdorf/ansible.fftdf.supernode
5
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Merge pull request #9 from Freifunk-Troisdorf/rojoka-patch-1

Browse Source 
Changes logrotate, sn_startup > interfaces, house keeping
This commit is contained in:
rojoka 2016-04-23 11:38:57 +02:00
commit 96930f83c1
4 changed files with 43 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
files/interfaces-troisdorf5
View File

@ -15,6 +15,12 @@ iface lo inet6 loopback
# The primary network interface # The primary network interface
allow-hotplug eth0 allow-hotplug eth0
iface eth0 inet dhcp iface eth0 inet dhcp
post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
allow-hotplug eth1 allow-hotplug eth1
iface eth1 inet6 static iface eth1 inet6 static
address 2a01:4f8:172:f4b::5 address 2a01:4f8:172:f4b::5
@ -29,8 +35,16 @@ auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static iface gre-bb-a.ak.ber inet static
address 100.64.2.151 address 100.64.2.151
netmask 255.255.255.254 netmask 255.255.255.254
<<<<<<< HEAD
pre-up ip tunnel add $IFACE mode gre local 5.9.76.198 remote 185.66.195.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
=======
pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.195.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.195.0 ttl 255
>>>>>>> origin/master
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-down ip tunnel del $IFACE post-down ip tunnel del $IFACE
iface gre-bb-a.ak.ber inet6 static iface gre-bb-a.ak.ber inet6 static
@ -42,8 +56,16 @@ auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static iface gre-bb-b.ak.ber inet static
address 100.64.2.153 address 100.64.2.153
netmask 255.255.255.254 netmask 255.255.255.254
<<<<<<< HEAD
pre-up ip tunnel add $IFACE mode gre local 5.9.76.198 remote 185.66.195.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
=======
pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.195.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.195.1 ttl 255
>>>>>>> origin/master
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-down ip tunnel del $IFACE post-down ip tunnel del $IFACE
iface gre-bb-b.ak.ber inet6 static iface gre-bb-b.ak.ber inet6 static
@ -56,8 +78,16 @@ auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static iface gre-bb-a.ix.dus inet static
address 100.64.2.155 address 100.64.2.155
netmask 255.255.255.254 netmask 255.255.255.254
<<<<<<< HEAD
pre-up ip tunnel add $IFACE mode gre local 5.9.76.198 remote 185.66.193.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
=======
pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.193.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.193.0 ttl 255
>>>>>>> origin/master
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-down ip tunnel del $IFACE post-down ip tunnel del $IFACE
iface gre-bb-a.ix.dus inet6 static iface gre-bb-a.ix.dus inet6 static
@ -70,8 +100,16 @@ auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static iface gre-bb-b.ix.dus inet static
address 100.64.2.157 address 100.64.2.157
netmask 255.255.255.254 netmask 255.255.255.254
<<<<<<< HEAD
pre-up ip tunnel add $IFACE mode gre local 5.9.76.198 remote 185.66.193.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
=======
pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.193.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.193.1 ttl 255
>>>>>>> origin/master
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-down ip tunnel del $IFACE post-down ip tunnel del $IFACE
iface gre-bb-b.ix.dus inet6 static iface gre-bb-b.ix.dus inet6 static

2
files/logrotate.conf
View File

@ -5,7 +5,7 @@ daily
# keep 4 weeks worth of backlogs # keep 4 weeks worth of backlogs
#rotate 4 #rotate 4
rotate 0 rotate 1
# create new (empty) log files after rotating old ones # create new (empty) log files after rotating old ones
create create

16
files/sn_startup.exit.sh.j2
View File

@ -3,12 +3,6 @@
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
# Block RFC1918 and APIPA destination via WAN
/sbin/iptables -P OUTPUT ACCEPT
for i in 10.0.0.0/8 172.16.0.0/12 169.254.0.0/16 192.168.0.0/16; do
/sbin/iptables -A OUTPUT -o eth0 -d $i -j DROP
done
# Activate IP forwarding # Activate IP forwarding
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1 /sbin/sysctl -w net.ipv6.conf.all.forwarding=1
/sbin/sysctl -w net.ipv4.ip_forward=1 /sbin/sysctl -w net.ipv4.ip_forward=1
@ -27,16 +21,6 @@ done
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 /sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4 /sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4
# NAT on eth0
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# NAT on GRE Freifunk interface
/sbin/iptables -t nat -A POSTROUTING -o gre-+ -j SNAT --to-source {{ sn_ffrl_IPv4 }}
# MTU
/sbin/iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-+ -j TCPMSS --set-mss 1312
/sbin/ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-+ -j TCPMSS --set-mss 1312
# All from FF IPv4 via routing table 42 # All from FF IPv4 via routing table 42
/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42 /bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
/bin/ip -6 rule add from 2a03:2260:121::/64 lookup 42 /bin/ip -6 rule add from 2a03:2260:121::/64 lookup 42

8
install.sn.yml
View File

@ -9,7 +9,11 @@
user: root user: root
gather_facts: False gather_facts: False
vars: vars:
<<<<<<< HEAD
snversion: master_v3.0.7
=======
snversion: master_v3.0.8 snversion: master_v3.0.8
>>>>>>> master
batmanversion: v2015.2 batmanversion: v2015.2
common_required_packages: common_required_packages:
- git - git
@ -255,10 +259,6 @@
template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
- name: Copy radvd config template - name: Copy radvd config template
template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444
- name: Alfed message
template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544
- name: Add cron job with alfred info script
cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root"
- name: Interface configuration with ffrl gre tunnel - name: Interface configuration with ffrl gre tunnel
copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544 copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544
when: sn_exit is defined when: sn_exit is defined