Merge pull request #20 from Freifunk-Troisdorf/2019
2019 fixes to master
This commit is contained in:
commit
b59571d87b
40
README.md
40
README.md
@ -1,34 +1,12 @@
|
||||
# ansible.fftdf.supernode
|
||||
Ansible yml file to manage Freifunk Troisdorf supernodes
|
||||
Ansible file to manage Freifunk Troisdorf supernodes
|
||||
example: ansible-playbook install.sn.yml -l hosts
|
||||
|
||||
At this time you have to start it explicit with the target server
|
||||
example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf5"
|
||||
example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf[4,5,6]"
|
||||
To install a individual host you have to start it explicit with the target server
|
||||
example: ansible-playbook install.sn.yml -l hosts -l troisdorf7 -v
|
||||
|
||||
You need this information in your hosts (/etc/ansible/hosts) file:
|
||||
#example, I hope self explaining
|
||||
[troisdorf5]
|
||||
78.46.233.212
|
||||
|
||||
[troisdorf5:vars]
|
||||
sn_hostname=troisdorf5
|
||||
sn_dhcp_range=10.188.116.1 10.188.119.254
|
||||
sn_dhcp_dns=10.188.1.100, 10.188.1.23
|
||||
sn_dhcp_router=10.188.255.5
|
||||
sn_mesh_IPv6=fda0:747e:ab29:7405:255::5
|
||||
sn_mesh_IPv4=10.188.255.5
|
||||
sn_mesh_MAC=a2:8c:ae:6f:f6:05
|
||||
sn_fqdn=freifunk-troisdorf.de
|
||||
sn_l2tp_tb_port=53844
|
||||
|
||||
[troisdorf4:vars]
|
||||
sn_hostname=troisdorf4
|
||||
sn_dhcp_range=10.188.112.1 10.188.115.254
|
||||
sn_dhcp_dns=10.188.255.4, 10.188.1.100
|
||||
sn_dhcp_router=10.188.255.4
|
||||
sn_mesh_IPv6=fda0:747e:ab29:7405:255::4
|
||||
sn_mesh_IPv4=10.188.255.4
|
||||
sn_mesh_MAC=a2:8c:ae:6f:f6:04
|
||||
sn_fqdn=freifunk-troisdorf.de
|
||||
sn_l2tp_tb_port=53842
|
||||
The hosts file is the most important file.
|
||||
|
||||
You will find some example files:
|
||||
files/hosts.example
|
||||
files/root_pwd.yml.example
|
||||
files/slack_token.yml.example
|
||||
|
3
Todo
3
Todo
@ -38,6 +38,3 @@ ip -6 route add 2a03:2260:121:6000::/64 via 2a03:2260:121:7000::2 table 42
|
||||
|
||||
==================================================================
|
||||
|
||||
2. Freifunk Yanic Installieren
|
||||
|
||||
3. chmod 644 /etc/logrotate.conf
|
||||
|
@ -1 +0,0 @@
|
||||
<mxfile userAgent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0_2 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A421 Safari/604.1" version="7.5.5" editor="www.draw.io" type="github"><diagram>UzV2zq1wL0osyPDNT0nNUTV2VTV2LsrPL4GwciucU3NyVI0MMlNUjV1UjYwMgFjVyA2HrCFY1qAgsSg1rwSLBiADYTaQg2Y1AA==</diagram></mxfile>
|
@ -2,8 +2,4 @@ ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDP
|
||||
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux
|
||||
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA5OYOF+VBtXXxv/wZkT5K3P7QAUJaM88zJqeGh8NJCO7EDg9jLoWLzAP7LnM9XEA4ycWdl8HX1+EUKqVXAbSNItTZZkO9LCbIiIe1w8oJd2j9hY0IpxPqbz9ePPZh0JtxAZMh3NgOoSiND0leAeOt0lTlDPh4g3G4KvR33d9PIj5ZerU47ceLyy4xEwNbZDKD04+frpq1W+lDqglR0jV/h/pcoQTAEBflbmGLeXIXRsR6zq/of4Wx/MlX18VD9SXPLGXvQ5c4lt5PvV/oeHz4gEjPv2hrI3s3fyWakadAuI9ah48CaEgpVReUGjtYDc0PskvjAH/+slqIHW1D5El+R1Z/2wn/aEGokFHUc0SiFb3NAOwxWvMtUHhXi9ZiTHt0p/0FwWZ1pxqRzODvK8uZ7LAJRGe6q9NYQkIax6SLOfWm4MFWDpDLgWz5MSbPqo+Kfo0614z1mxA3vpY53lUqEGRx4I6z/PDaOHMFd3sxhSMPGvmMvAOLTRofFppwUq1YqQkd6embsJjBN0gU9AilpL5Q2il0OoW4g0rUR8HPJczuDzmHZTXpPU2dY6MhAJ0sbNmk0XhmyoEH9/A1zPEHmirTcBMmbFUsYmR6+MnHEhxnRu5PQpXqcu2vN+JAeasgJShRl7g+rHIdutswHUAWWyfgaD0GF3f6zuOLooz1XQU= localadmin@tst-ansible
|
||||
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDA2KJvzjFxFrjJvxJj/AZ3rPKGT15JUnV7LhTo0BuXITwx+DpEK6u2m3yjigf2B8ws4VbpL7ceWyP8L3wspozqbqOgyYrQ9TISipkNV9O/DzR+F8R7mhn5mV7+pEOJu1Ba6rtYTfJTcloRKklfO9UjaFLwM69H0GNsomcKMd5Kl4c7DMMwcpXfhb8b7ET5agtfAhXU0CHalnhdAVCwmsC3mj9blOLlX4lxFLonGKVcZB7nWQEmvVAG+9yp6UWZZzeBCPea8Bw4hUVAZcsbK9XLbE4D+gUoxHu2oKGRja4kUnYmlWZOyqlUGbRD6bUxmnW1aBCh8x+b91YLlGv38vT6Y/sy0tPOoVK5kHxJ2yQmnlpgRzgBZf8Kl9ouO/onvExR787C+6TGG834ROW3SaiEeta0RvWwLzugexotT02qqpJmlIXu+gpvN+O9LSfQWzcaCFJTB6MD8mox1ks/W15Uij1pCeleUmiFdVtmt3PCs/ouuG1Uhm9MSWOBNwdFlTpAngopqBHSKYpTY+LhDD9Bv+U4Tno3i4dIGLYqNVmaRij2A0jZeSKOi/OgAaQsD7CzrDhn7C8dlsBFzPjtpFNqgk2Ss5bv3dpfQhBKsaxAe0X5W57vqJD+986039H3fj9/2o2PGuWCNr1LCWSjiy8t/P++cbn0rGdJAIexgTj3Q== supernodeadmin@update1
|
||||
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUTvOdUbtWOmQ1HHh1rNm9LvGozlVPOu0XVcmZ2/NfSOrDbnN99Y4o2Q2mm/ZITWtEZkijnS+LdqB/SO+I2c8NWQO3+gCd9WzI/pqRso2eDIMtPfidnEGdUi4+hHmT96TGOh6P/SrR71646AJkQr5vxLDs/U/57uyTxNwgHFYb1zfekeK4J8gm9StfiGTdfFDTQsYQljrO0YxGrNG2koRXDwgUca4kGjx/HYwnjtl1nDRSAa8HvgxqAASFFrqSOhCkrlCgxoKZZwGIFccYTcAJFDhqIG32q2tRAQOtqxy5OWbTkJLBTBaR7dG4W9iYHbV6vscfNQD7Ml3aMrS+TA0x stefan@ff-stefan@tst-office
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsaIe542Vk0/sH0GEEMPhjDHBip0PI6OX/teuTLu/osvdb9Hj7432HUlEsiw8cfkCZBXtkQGlYXRVjiZkRxc8CzDpOkq75ZcqTfhmf/tCejBbgSFfdruViU11cFHIdznOqe3PeFM+8BJzHf2Gwnb5P/Q0RDYQ05Hfr9LhQVw3IXM2VInE+xR0sMj2rNr8g8lYa9X/+boElwqFiJqaRyb61XI0DYIXuxFQkg/E2bxvrtbrYJt9Pv5Mu0HYY2Q+xGqOGwPjxtqIixG9ne4EkiQkshFhfnTegfRMmhuSa0G6+Qqh5e4RPbtCGOW27tqXNUo0zDtcNaoWqUCIDkplTlUsimXT8PO+qiwMpXuVBYiwLat3N97kin8GAXoxYdrYdALopLbbkWx/7e06vqwBmF4tsPMcTRKOEIJgWIAVyxxr999Q5GNWA52m7iTNIWH1ExeTm/FQrbU4QCY6YThqhC3AVTYcUINNVZuFp19tNkNydUDOqPtwG0c+Bi8y15RBPUzQDbTgTR3zayuiOc26MYH4SGoSGNKeQjbJWr8MDsGi+NGMs2crYXirYVziPPXdY+im3fBH3UuRDkfbfvl4gXpDYxEUh/8GYdMLnttk2ifoBtlynEhxyunoKm7Z3V8mTikON70/ko6QkOmei/r/F+V9Se6FFsOTUIufwu6BC9+hBkw== localadmin@ansible
|
||||
|
@ -14,5 +14,4 @@ do
|
||||
fi
|
||||
done
|
||||
|
||||
#echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast
|
||||
$brctl addif br-nodes $INTERFACE
|
||||
|
@ -1,6 +0,0 @@
|
||||
#!/bin/bash
|
||||
datum=$(date "+%b %d")
|
||||
hostname=$(hostname)
|
||||
clients=$(cat /var/log/syslog | grep "$(date "+%b %d")" | grep DHCPACK | grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' | sort | uniq | wc -l)
|
||||
echo "nc.gateways."$hostname" $clients `date +%s`" | nc -n -q 5 10.188.0.10 2003
|
||||
echo "0 Uniq-Clients count=$clients - $clients Uniq Clients heute"
|
@ -1,392 +0,0 @@
|
||||
#! /bin/bash
|
||||
#
|
||||
# Script to check Internet connection speed using speedtest-cli
|
||||
#
|
||||
# Jon Witts - 20150228
|
||||
#
|
||||
#########################################################################################################################################################
|
||||
#
|
||||
# Nagios Exit Codes
|
||||
#
|
||||
# 0 = OK = The plugin was able to check the service and it appeared to be functioning properly
|
||||
# 1 = Warning = The plugin was able to check the service, but it appeared to be above some warning
|
||||
# threshold or did not appear to be working properly
|
||||
# 2 = Critical = The plugin detected that either the service was not running or it was above some critical threshold
|
||||
# 3 = Unknown = Invalid command line arguments were supplied to the plugin or low-level failures internal
|
||||
# to the plugin (such as unable to fork, or open a tcp socket) that prevent it from performing the specified operation.
|
||||
# Higher-level errors (such as name resolution errors, socket timeouts, etc) are outside of the control of plugins
|
||||
# and should generally NOT be reported as UNKNOWN states.
|
||||
#
|
||||
########################################################################################################################################################
|
||||
|
||||
plugin_name="Nagios speedtest-cli plugin"
|
||||
version="1.2 2015022818.19"
|
||||
|
||||
#####################################################################
|
||||
#
|
||||
# CHANGELOG
|
||||
#
|
||||
# Version 1.0 - Initial Release
|
||||
#
|
||||
# Version 1.1 - Added requirement to use server id in test and need to define
|
||||
# full path to speedtest binary - thanks to Sigurdur Bjarnason
|
||||
# for changes and improvements
|
||||
#
|
||||
# Version 1.2 - Added ability to check speed from an internal Speedtest Mini
|
||||
# server. Idea sugested by Erik Brouwer
|
||||
#
|
||||
#
|
||||
#
|
||||
|
||||
#####################################################################
|
||||
# function to output script usage
|
||||
usage()
|
||||
{
|
||||
cat << EOF
|
||||
******************************************************************************************
|
||||
|
||||
$plugin_name - Version: $version
|
||||
|
||||
OPTIONS:
|
||||
-h Show this message
|
||||
-w Download Warning Level - *Required* - integer or floating point
|
||||
-c Download Critical Level - *Required* - integer or floating point
|
||||
-W Upload Warning Level - *Required* - integer or floating point
|
||||
-C Upload Critical Level - *Required* - integer or floating point
|
||||
-l Location of speedtest server - *Required * - takes either "i" or "e". If you pass "i" for
|
||||
Internal then you will need to pass the URL of the Mini Server to the "s" option. If you pass
|
||||
"e" for External then you must pass the server integer to the "s" option.
|
||||
-s Server integer or URL for the speedtest server to test against - *Required* - Run
|
||||
"speedtest --list | less" to find your nearest server and note the number of the server
|
||||
or use the URL of an internal Speedtest Mini Server
|
||||
-p Output Performance Data
|
||||
-v Output plugin version
|
||||
-V Output debug info for testing
|
||||
|
||||
This script will output the Internet Connection Speed using speedtest-cli to Nagios.
|
||||
|
||||
You need to have installed speedtest-cli on your system first and ensured that it is
|
||||
working by calling "speedtest --simple".
|
||||
|
||||
See here: https://github.com/sivel/speedtest-cli for info about speedtest-cli
|
||||
|
||||
First you MUST define the location of your speedtest install in the script or this will
|
||||
not work.
|
||||
|
||||
The speedtest-cli can take some time to return its result. I recommend that you set the
|
||||
service_check_timeout value in your main nagios.cfg to 120 to allow time for
|
||||
this script to run; but test yourself and adjust accordingly.
|
||||
|
||||
You also need to have access to bc on your system for this script to work and that it
|
||||
exists in your path.
|
||||
|
||||
Your warning levels must be higher than your critical levels for both upload and download.
|
||||
|
||||
Performance Data will output upload and download speed against matching warning and
|
||||
critical levels.
|
||||
|
||||
Jon Witts
|
||||
|
||||
******************************************************************************************
|
||||
EOF
|
||||
}
|
||||
|
||||
#####################################################################
|
||||
# function to output error if speedtest binary location not set
|
||||
locundef()
|
||||
{
|
||||
cat << EOF
|
||||
******************************************************************************************
|
||||
|
||||
$plugin_name - Version: $version
|
||||
|
||||
You have not defined the location of the speedtest binary in the script! You MUST do
|
||||
this before running the script. See line 170 of the script!
|
||||
|
||||
******************************************************************************************
|
||||
EOF
|
||||
}
|
||||
|
||||
#####################################################################
|
||||
# function to check if a variable is numeric
|
||||
# expects variable to check as first argument
|
||||
# and human description of variable as second
|
||||
isnumeric()
|
||||
{
|
||||
re='^[0-9]+([.][0-9]+)?$'
|
||||
if ! [[ $1 =~ $re ]]; then
|
||||
echo $2" with a value of: "$1" is not a number!"
|
||||
usage
|
||||
exit 3
|
||||
fi
|
||||
}
|
||||
|
||||
#####################################################################
|
||||
# functions for floating point operations - require bc!
|
||||
|
||||
#####################################################################
|
||||
# Default scale used by float functions.
|
||||
|
||||
float_scale=3
|
||||
|
||||
#####################################################################
|
||||
# Evaluate a floating point number expression.
|
||||
|
||||
function float_eval()
|
||||
{
|
||||
local stat=0
|
||||
local result=0.0
|
||||
if [[ $# -gt 0 ]]; then
|
||||
result=$(echo "scale=$float_scale; $*" | bc -q 2>/dev/null)
|
||||
stat=$?
|
||||
if [[ $stat -eq 0 && -z "$result" ]]; then stat=1; fi
|
||||
fi
|
||||
echo $result
|
||||
return $stat
|
||||
}
|
||||
|
||||
#####################################################################
|
||||
# Evaluate a floating point number conditional expression.
|
||||
|
||||
function float_cond()
|
||||
{
|
||||
local cond=0
|
||||
if [[ $# -gt 0 ]]; then
|
||||
cond=$(echo "$*" | bc -q 2>/dev/null)
|
||||
if [[ -z "$cond" ]]; then cond=0; fi
|
||||
if [[ "$cond" != 0 && "$cond" != 1 ]]; then cond=0; fi
|
||||
fi
|
||||
local stat=$((cond == 0))
|
||||
return $stat
|
||||
}
|
||||
|
||||
########### End of functions ########################################
|
||||
|
||||
# Set up the variable for the location of the speedtest binary.
|
||||
# Edit the line below so that the variable is defined as the location
|
||||
# to speedtest on your system. On mine it is /usr/local/bin
|
||||
# Ensure to leave the last slash off!
|
||||
# You MUST define this or the script will not run!
|
||||
STb=/usr/bin
|
||||
|
||||
# Set up the variables to take the arguments
|
||||
DLw=150.00
|
||||
DLc=100.00
|
||||
ULw=150.00
|
||||
ULc=100.00
|
||||
Loc=e
|
||||
# Server ID, if 0 using nearest server
|
||||
SEs=0
|
||||
#PerfData=TRUE
|
||||
PerfData=
|
||||
debug=
|
||||
|
||||
# Retrieve the arguments using getopts
|
||||
while getopts "hw:c:W:C:l:s:pvV" OPTION
|
||||
do
|
||||
case $OPTION in
|
||||
h)
|
||||
usage
|
||||
exit 3
|
||||
;;
|
||||
w)
|
||||
DLw=$OPTARG
|
||||
;;
|
||||
c)
|
||||
DLc=$OPTARG
|
||||
;;
|
||||
W)
|
||||
ULw=$OPTARG
|
||||
;;
|
||||
C)
|
||||
ULc=$OPTARG
|
||||
;;
|
||||
l)
|
||||
Loc=$OPTARG
|
||||
;;
|
||||
s)
|
||||
SEs=$OPTARG
|
||||
;;
|
||||
p)
|
||||
PerfData="TRUE"
|
||||
;;
|
||||
v)
|
||||
echo "$plugin_name. Version number: $version"
|
||||
exit 3
|
||||
;;
|
||||
V)
|
||||
debug="TRUE"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
||||
# Check if the Speedtest binary variable $STb has been defined and exit with warning if not
|
||||
if [[ -z $STb ]]
|
||||
then
|
||||
locundef
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# Check for empty arguments and exit to usage if found
|
||||
if [[ -z $DLw ]] || [[ -z $DLc ]] || [[ -z $ULw ]] || [[ -z $ULc ]] || [[ -z $Loc ]] || [[ -z $SEs ]]
|
||||
then
|
||||
usage
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# Check for invalid argument passed to $Loc and exit to usage if found
|
||||
if [[ "$Loc" != "e" ]] && [[ "$Loc" != "i" ]]
|
||||
then
|
||||
usage
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# Check for non-numeric arguments
|
||||
isnumeric $DLw "Download Warning Level"
|
||||
isnumeric $DLc "Download Critical Level"
|
||||
isnumeric $ULw "Upload Warning Level"
|
||||
isnumeric $ULc "Upload Critical Level"
|
||||
#isnumeric $Serv "Server Number ID"
|
||||
|
||||
# Check that warning levels are not less than critical levels
|
||||
if float_cond "$DLw < $DLc"; then
|
||||
echo "\$DLw is less than \$DLc!"
|
||||
usage
|
||||
exit 3
|
||||
elif float_cond "$ULw < $ULc"; then
|
||||
echo "\$ULw is less than \$ULc!"
|
||||
usage
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# Output arguments for debug
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "Download Warning Level = "$DLw
|
||||
echo "Download Critical Level = "$DLc
|
||||
echo "Upload Warning Level = "$ULw
|
||||
echo "Upload Critical Level = "$ULc
|
||||
echo "Server Location = "$Loc
|
||||
echo "Server URL or Integer = "$SEs
|
||||
fi
|
||||
|
||||
#Set command up depending upon internal or external
|
||||
if [ "$Loc" == "e" ]; then
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "External Server defined"
|
||||
fi
|
||||
if [ "$SEs" == "0" ]; then
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "no SEs specified"
|
||||
fi
|
||||
command=$($STb/speedtest --simple)
|
||||
else
|
||||
command=$($STb/speedtest --server=$SEs --simple)
|
||||
fi
|
||||
elif [ "$Loc" == "i" ]; then
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "Internal Server defined"
|
||||
fi
|
||||
command=$($STb/speedtest --mini=$SEs --simple)
|
||||
else
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "We should never get here as we checked the contents of Location variable earlier!"
|
||||
fi
|
||||
usage
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# Get the output of the speedtest into an array
|
||||
# so we can begin to process it
|
||||
i=1
|
||||
typeset -a array
|
||||
|
||||
array=($command)
|
||||
|
||||
# Check if array empty or not having at least 9 indicies
|
||||
element_count=${#array[@]}
|
||||
expected_count="9"
|
||||
|
||||
# Output array indicies count for debug
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "count = $element_count"
|
||||
fi
|
||||
|
||||
if [ "$element_count" -ne "$expected_count" ]; then
|
||||
echo "You do not have the expected number of indices in your output from SpeedTest. Is it correctly installed?"
|
||||
usage
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# echo contents of speedtest for debug
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "$command"
|
||||
fi
|
||||
|
||||
# split array into our variables for processing
|
||||
ping=${array[1]}
|
||||
pingUOM=${array[2]}
|
||||
download=${array[4]}
|
||||
downloadUOM=${array[5]}
|
||||
upload=${array[7]}
|
||||
uploadUOM=${array[8]}
|
||||
|
||||
# echo each array for debug
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "Ping = "$ping
|
||||
echo "Download = "$download
|
||||
echo "Upload = "$upload
|
||||
fi
|
||||
|
||||
#set up our nagios status and exit code variables
|
||||
status=
|
||||
nagcode=
|
||||
|
||||
# now we check to see if returned values are within defined ranges
|
||||
# we will make use of bc for our math!
|
||||
if float_cond "$download < $DLc"; then
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "Download less than critical limit. \$download = $download and \$DLc = $DLc "
|
||||
fi
|
||||
status="CRITICAL"
|
||||
nagcode=2
|
||||
elif float_cond "$upload < $ULc"; then
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "Upload less than critical limit. \$upload = $upload and \$ULc = $ULc"
|
||||
fi
|
||||
status="CRITICAL"
|
||||
nagcode=2
|
||||
elif float_cond "$download < $DLw"; then
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "Download less than warning limit. \$download = $download and \$DLw = $DLw"
|
||||
fi
|
||||
status="WARNING"
|
||||
nagcode=1
|
||||
elif float_cond "$upload < $ULw"; then
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "Upload less than warning limit. \$upload = $upload and \$ULw = $ULw"
|
||||
fi
|
||||
status="WARNING"
|
||||
nagcode=1
|
||||
else
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "Everything within bounds!"
|
||||
fi
|
||||
status="OK"
|
||||
nagcode=0
|
||||
fi
|
||||
|
||||
#nagout="$status - Ping = $ping $pingUOM Download = $download $downloadUOM Upload = $upload $uploadUOM"
|
||||
#perfout="|'download'=$download;$DLw;$DLc 'upload'=$upload;$ULw;$ULc"
|
||||
nagout="$nagcode speedtest-cli download=$download;$DLw;$DLc|upload=$upload;$ULw;$ULc|ping=$ping;250;500 Ping = $ping $pingUOM Download = $download $downloadUOM Upload = $upload $uploadUOM"
|
||||
|
||||
# append perfout if argument was passed to script
|
||||
if [ "$PerfData" == "TRUE" ]; then
|
||||
if [ "$debug" == "TRUE" ]; then
|
||||
echo "PerfData requested!"
|
||||
fi
|
||||
nagout=$nagout$perfout
|
||||
fi
|
||||
|
||||
echo $nagout
|
||||
exit $nagcode
|
@ -1,28 +0,0 @@
|
||||
service check_mk
|
||||
{
|
||||
type = UNLISTED
|
||||
port = 6556
|
||||
socket_type = stream
|
||||
protocol = tcp
|
||||
wait = no
|
||||
user = root
|
||||
server = /usr/bin/check_mk_agent
|
||||
|
||||
# listen on IPv4 AND IPv6 when available on this host
|
||||
#flags = IPv6
|
||||
|
||||
# If you use fully redundant monitoring and poll the client
|
||||
# from more then one monitoring servers in parallel you might
|
||||
# want to use the agent cache wrapper:
|
||||
#server = /usr/bin/check_mk_caching_agent
|
||||
|
||||
# configure the IP address(es) of your Nagios server here:
|
||||
only_from = 78.47.37.172
|
||||
|
||||
# Don't be too verbose. Don't log every check. This might be
|
||||
# commented out for debugging. If this option is commented out
|
||||
# the default options will be used for this service.
|
||||
log_on_success =
|
||||
|
||||
disable = no
|
||||
}
|
@ -1,70 +0,0 @@
|
||||
#!/bin/bash
|
||||
#/usr/lib/check_mk_agent/local
|
||||
export LANG=de_DE.UTF-8
|
||||
|
||||
function confline # get first line from file $1 mathing $2, stripped of # and ; comment lines, stripped spaces and tabs down to spaces, remove trailing ;
|
||||
{
|
||||
echo $(cat $1|grep -v '^$\|^\s*\#'|sed -e "s/[[:space:]]\+/ /g"|sed s/^\ //|sed s/\;//|grep -i "$2"|head -n 1)
|
||||
}
|
||||
|
||||
function ati # ipv4 to longint
|
||||
{
|
||||
ip4=$1; ipno=0
|
||||
for (( i=0 ; i<4 ; ++i )); do
|
||||
((ipno+=${ip4%%.*}*$((254**$((3-${i})))))) # .0 .255 should not be counted
|
||||
ip4=${ip4#*.}
|
||||
done
|
||||
echo $ipno
|
||||
}
|
||||
|
||||
## static data
|
||||
bat_version=$(batctl -v);
|
||||
kernel=$(uname -r);
|
||||
release=$(lsb_release -ds);
|
||||
|
||||
## Batman
|
||||
echo "0 Batman-Version Version=$bat_version; $bat_version"
|
||||
list=$(ls -F /sys/kernel/debug/batman_adv|grep /)
|
||||
for i in $list; do
|
||||
z=$(ls /sys/kernel/debug/batman_adv/$i|wc -l)
|
||||
if [ $z -ge 9 ]; then
|
||||
b=$(echo $i|cut -d '/' -f1)
|
||||
router=$(($(batctl -m $b o|wc -l)-2 ))
|
||||
clients=$(grep -cEo "\[.*W.*\]+" /sys/kernel/debug/batman_adv/$b/transtable_global)
|
||||
gateways=$(( $(batctl -m $b gwl|wc -l) -1 ))
|
||||
ips=$(( $(batctl -m $b dc|wc -l) - 2))
|
||||
wlow=$(( $router * 20 / 100 ))
|
||||
clow=$(( $router * 5 / 100 ))
|
||||
wlimit=$(( $router * 5 ))
|
||||
climit=$(( $router * 10 ))
|
||||
echo "P Batman-$b Router=$router.0;5:250;1:500|Clients=$clients.0;$wlow.0:$wlimit.0;$clow.0:$climit.0|Gateways=$gateways.0;0:3;0:5;|IPs=$ips.0";
|
||||
fi;
|
||||
done
|
||||
|
||||
## isc-dhcpd-server leases
|
||||
# needs script https://github.com/eulenfunk/scripts/blob/master/dhcpleases
|
||||
if [ -r /opt/freifunk/dhcpleases ] ; then
|
||||
totalleases=2040
|
||||
activeleases=$(python /opt/freifunk/dhcpleases|grep "^| Total"|cut -d":" -f2|sed s/\ //)
|
||||
remainingleases=$(($totalleases - $activeleases))
|
||||
actwarn=$(($totalleases * 75 / 100))
|
||||
actcrit=$(($totalleases * 90 / 100))
|
||||
echo "P Dhcp-Leases active-leases=$activeleases.0;5:$actwarn;1:$actcrit active:$activeleases remaining:$remainingleases pool=$totalleases";
|
||||
fi
|
||||
|
||||
#L2TP
|
||||
l_tunnel=$(ip a |grep l2tp | grep br-nodes -c);
|
||||
tunneldigger=$(ifconfig|grep br-nodes -c);
|
||||
echo "P L2TP Clients=$l_tunnel.0;1:100;0:150|Tunneldiggerbridges=$tunneldigger.0;0.1:1;0.1:2; L2TP-Clients:$l_tunnel Tunneldiggerbridges:$tunneldigger"
|
||||
|
||||
## Conntrack
|
||||
conntrack=$(conntrack -C);
|
||||
conntrack_limit=$(sysctl -a 2>/dev/null |grep net.nf_conntrack_max|cut -d ' ' -f 3);
|
||||
conntrack_remain=$(echo $conntrack_limit - $conntrack|bc)
|
||||
wlow=0.1
|
||||
clow=1.1
|
||||
wlimit=$(echo $conntrack_limit *0.7|bc)
|
||||
climit=$(echo $conntrack_limit *0.9|bc)
|
||||
wrlimit=$(echo $conntrack_limit *0.3|bc)
|
||||
crlimit=$(echo $conntrack_limit *0.1|bc)
|
||||
echo "P Conntrack conntrack=$conntrack.0;$wlow:$wlimit;$clow:$climit|conntrack_remain=$conntrack_remain.0;$wrlimit:$conntrack_limit;$crlimit:$conntrack_limit; Conntrack:$conntrack Conntrack-Remain:$conntrack_remain Conntrack-Limit:$conntrack_limit"
|
@ -1,54 +0,0 @@
|
||||
# Config file for collectd(1).
|
||||
#
|
||||
# Some plugins need additional configuration and are disabled by default.
|
||||
# Please read collectd.conf(5) for details.
|
||||
#
|
||||
# You should also read /usr/share/doc/collectd-core/README.Debian.plugins
|
||||
# before enabling any more plugins.
|
||||
|
||||
## General ##
|
||||
|
||||
Hostname "{{ sn_hostname }}"
|
||||
FQDNLookup true
|
||||
BaseDir "/var/lib/collectd"
|
||||
PluginDir "/usr/lib/collectd"
|
||||
Interval 60
|
||||
Timeout 2
|
||||
ReadThreads 5
|
||||
|
||||
## Load Plugins ##
|
||||
LoadPlugin write_graphite
|
||||
LoadPlugin syslog
|
||||
LoadPlugin cpu
|
||||
LoadPlugin load
|
||||
LoadPlugin memory
|
||||
LoadPlugin processes
|
||||
LoadPlugin conntrack
|
||||
LoadPlugin users
|
||||
LoadPlugin uptime
|
||||
LoadPlugin interface
|
||||
LoadPlugin filecount
|
||||
<Plugin "filecount">
|
||||
<Directory "/opt/freifunk/tunneldigger_interfaces">
|
||||
Instance "tunneldigger-connections"
|
||||
Name "l2tp*"
|
||||
</Directory>
|
||||
</Plugin>
|
||||
<Plugin write_graphite>
|
||||
<Carbon>
|
||||
Host "10.188.0.10"
|
||||
Port "2003"
|
||||
Prefix "collectd.gateways."
|
||||
StoreRates true
|
||||
AlwaysAppendDS false
|
||||
EscapeCharacter "_"
|
||||
</Carbon>
|
||||
</Plugin>
|
||||
|
||||
<Plugin syslog>
|
||||
LogLevel info
|
||||
</Plugin>
|
||||
|
||||
###########################################################
|
||||
Include "/etc/collectd/filters.conf"
|
||||
Include "/etc/collectd/thresholds.conf"
|
@ -1,6 +1,6 @@
|
||||
# Version 1.3
|
||||
ddns-update-style none;
|
||||
option domain-name "fftdf";
|
||||
option domain-name "ff";
|
||||
default-lease-time 300;
|
||||
max-lease-time 3600;
|
||||
log-facility local7;
|
||||
|
@ -8,7 +8,7 @@ max-lease-time 600;
|
||||
|
||||
option dhcp6.name-servers {{ sn_mesh_IPv6 }};
|
||||
|
||||
option dhcp6.domain-search "fftdf";
|
||||
option dhcp6.domain-search "ff";
|
||||
|
||||
subnet6 {{ sn_mesh_IPv6_net }} {
|
||||
}
|
||||
|
260
files/dhcpleases
260
files/dhcpleases
@ -1,260 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
# source: http://askubuntu.com/revisions/fb67e8e2-efd4-4d0e-bb2f-416855fd8369/view-source
|
||||
# by http://askubuntu.com/users/499043/dfsmith
|
||||
import datetime, bisect
|
||||
|
||||
def parse_timestamp(raw_str):
|
||||
tokens = raw_str.split()
|
||||
|
||||
if len(tokens) == 1:
|
||||
if tokens[0].lower() == 'never':
|
||||
return 'never';
|
||||
|
||||
else:
|
||||
raise Exception('Parse error in timestamp')
|
||||
|
||||
elif len(tokens) == 3:
|
||||
return datetime.datetime.strptime(' '.join(tokens[1:]),
|
||||
'%Y/%m/%d %H:%M:%S')
|
||||
|
||||
else:
|
||||
raise Exception('Parse error in timestamp')
|
||||
|
||||
|
||||
def timestamp_is_ge(t1, t2):
|
||||
if t1 == 'never':
|
||||
return True
|
||||
|
||||
elif t2 == 'never':
|
||||
return False
|
||||
|
||||
else:
|
||||
return t1 >= t2
|
||||
|
||||
|
||||
def timestamp_is_lt(t1, t2):
|
||||
if t1 == 'never':
|
||||
return False
|
||||
|
||||
elif t2 == 'never':
|
||||
return t1 != 'never'
|
||||
|
||||
else:
|
||||
return t1 < t2
|
||||
|
||||
|
||||
def timestamp_is_between(t, tstart, tend):
|
||||
return timestamp_is_ge(t, tstart) and timestamp_is_lt(t, tend)
|
||||
|
||||
|
||||
def parse_hardware(raw_str):
|
||||
tokens = raw_str.split()
|
||||
|
||||
if len(tokens) == 2:
|
||||
return tokens[1]
|
||||
|
||||
else:
|
||||
raise Exception('Parse error in hardware')
|
||||
|
||||
|
||||
def strip_endquotes(raw_str):
|
||||
return raw_str.strip('"')
|
||||
|
||||
|
||||
def identity(raw_str):
|
||||
return raw_str
|
||||
|
||||
|
||||
def parse_binding_state(raw_str):
|
||||
tokens = raw_str.split()
|
||||
|
||||
if len(tokens) == 2:
|
||||
return tokens[1]
|
||||
|
||||
else:
|
||||
raise Exception('Parse error in binding state')
|
||||
|
||||
|
||||
def parse_next_binding_state(raw_str):
|
||||
tokens = raw_str.split()
|
||||
|
||||
if len(tokens) == 3:
|
||||
return tokens[2]
|
||||
|
||||
else:
|
||||
raise Exception('Parse error in next binding state')
|
||||
|
||||
|
||||
def parse_rewind_binding_state(raw_str):
|
||||
tokens = raw_str.split()
|
||||
|
||||
if len(tokens) == 3:
|
||||
return tokens[2]
|
||||
|
||||
else:
|
||||
raise Exception('Parse error in next binding state')
|
||||
|
||||
|
||||
def parse_leases_file(leases_file):
|
||||
valid_keys = {
|
||||
'starts': parse_timestamp,
|
||||
'ends': parse_timestamp,
|
||||
'tstp': parse_timestamp,
|
||||
'tsfp': parse_timestamp,
|
||||
'atsfp': parse_timestamp,
|
||||
'cltt': parse_timestamp,
|
||||
'hardware': parse_hardware,
|
||||
'binding': parse_binding_state,
|
||||
'next': parse_next_binding_state,
|
||||
'rewind': parse_rewind_binding_state,
|
||||
'uid': strip_endquotes,
|
||||
'client-hostname': strip_endquotes,
|
||||
'option': identity,
|
||||
'set': identity,
|
||||
'on': identity,
|
||||
'abandoned': None,
|
||||
'bootp': None,
|
||||
'reserved': None,
|
||||
}
|
||||
|
||||
leases_db = {}
|
||||
|
||||
lease_rec = {}
|
||||
in_lease = False
|
||||
in_failover = False
|
||||
|
||||
for line in leases_file:
|
||||
if line.lstrip().startswith('#'):
|
||||
continue
|
||||
|
||||
tokens = line.split()
|
||||
|
||||
if len(tokens) == 0:
|
||||
continue
|
||||
|
||||
key = tokens[0].lower()
|
||||
|
||||
if key == 'lease':
|
||||
if not in_lease:
|
||||
ip_address = tokens[1]
|
||||
|
||||
lease_rec = {'ip_address' : ip_address}
|
||||
in_lease = True
|
||||
|
||||
else:
|
||||
raise Exception('Parse error in leases file')
|
||||
|
||||
elif key == 'failover':
|
||||
in_failover = True
|
||||
elif key == '}':
|
||||
if in_lease:
|
||||
for k in valid_keys:
|
||||
if callable(valid_keys[k]):
|
||||
lease_rec[k] = lease_rec.get(k, '')
|
||||
else:
|
||||
lease_rec[k] = False
|
||||
|
||||
ip_address = lease_rec['ip_address']
|
||||
|
||||
if ip_address in leases_db:
|
||||
leases_db[ip_address].insert(0, lease_rec)
|
||||
|
||||
else:
|
||||
leases_db[ip_address] = [lease_rec]
|
||||
|
||||
lease_rec = {}
|
||||
in_lease = False
|
||||
|
||||
elif in_failover:
|
||||
in_failover = False
|
||||
continue
|
||||
else:
|
||||
raise Exception('Parse error in leases file')
|
||||
|
||||
elif key in valid_keys:
|
||||
if in_lease:
|
||||
value = line[(line.index(key) + len(key)):]
|
||||
value = value.strip().rstrip(';').rstrip()
|
||||
|
||||
if callable(valid_keys[key]):
|
||||
lease_rec[key] = valid_keys[key](value)
|
||||
else:
|
||||
lease_rec[key] = True
|
||||
|
||||
else:
|
||||
raise Exception('Parse error in leases file')
|
||||
|
||||
else:
|
||||
if in_lease:
|
||||
raise Exception('Parse error in leases file')
|
||||
|
||||
if in_lease:
|
||||
raise Exception('Parse error in leases file')
|
||||
|
||||
return leases_db
|
||||
|
||||
|
||||
def round_timedelta(tdelta):
|
||||
return datetime.timedelta(tdelta.days,
|
||||
tdelta.seconds + (0 if tdelta.microseconds < 500000 else 1))
|
||||
|
||||
|
||||
def timestamp_now():
|
||||
n = datetime.datetime.utcnow()
|
||||
return datetime.datetime(n.year, n.month, n.day, n.hour, n.minute,
|
||||
n.second + (0 if n.microsecond < 500000 else 1))
|
||||
|
||||
|
||||
def lease_is_active(lease_rec, as_of_ts):
|
||||
return timestamp_is_between(as_of_ts, lease_rec['starts'],
|
||||
lease_rec['ends'])
|
||||
|
||||
|
||||
def ipv4_to_int(ipv4_addr):
|
||||
parts = ipv4_addr.split('.')
|
||||
return (int(parts[0]) << 24) + (int(parts[1]) << 16) + \
|
||||
(int(parts[2]) << 8) + int(parts[3])
|
||||
|
||||
|
||||
def select_active_leases(leases_db, as_of_ts):
|
||||
retarray = []
|
||||
sortedarray = []
|
||||
|
||||
for ip_address in leases_db:
|
||||
lease_rec = leases_db[ip_address][0]
|
||||
|
||||
if lease_is_active(lease_rec, as_of_ts):
|
||||
ip_as_int = ipv4_to_int(ip_address)
|
||||
insertpos = bisect.bisect(sortedarray, ip_as_int)
|
||||
sortedarray.insert(insertpos, ip_as_int)
|
||||
retarray.insert(insertpos, lease_rec)
|
||||
|
||||
return retarray
|
||||
|
||||
|
||||
##############################################################################
|
||||
|
||||
|
||||
myfile = open('/var/lib/dhcp/dhcpd.leases', 'r')
|
||||
leases = parse_leases_file(myfile)
|
||||
myfile.close()
|
||||
|
||||
now = timestamp_now()
|
||||
report_dataset = select_active_leases(leases, now)
|
||||
|
||||
print('+------------------------------------------------------------------------------')
|
||||
print('| DHCPD ACTIVE LEASES REPORT')
|
||||
print('+-----------------+-------------------+----------------------+-----------------')
|
||||
print('| IP Address | MAC Address | Expires (days,H:M:S) | Client Hostname ')
|
||||
print('+-----------------+-------------------+----------------------+-----------------')
|
||||
|
||||
for lease in report_dataset:
|
||||
print('| ' + format(lease['ip_address'], '<15') + ' | ' + \
|
||||
format(lease['hardware'], '<17') + ' | ' + \
|
||||
format(str((lease['ends'] - now) if lease['ends'] != 'never' else 'never'), '>20') + ' | ' + \
|
||||
lease['client-hostname'])
|
||||
|
||||
print('+-----------------+-------------------+----------------------+-----------------')
|
||||
print('| Total Active Leases: ' + str(len(report_dataset)))
|
||||
print('| Report generated (UTC): ' + str(now))
|
||||
print('+------------------------------------------------------------------------------')
|
@ -1,15 +1,15 @@
|
||||
;; db.fftdf
|
||||
;; Forwardlookupzone für .fftdf
|
||||
;; db.ff
|
||||
;; Forwardlookupzone für .ff
|
||||
;;
|
||||
$TTL 600
|
||||
@ IN SOA fftdf. root.fftdf. (
|
||||
@ IN SOA ff. root.ff. (
|
||||
2015584544 ; Serial
|
||||
8H ; Refresh
|
||||
2H ; Retry
|
||||
4W ; Expire
|
||||
3H ) ; NX (TTL Negativ Cache)
|
||||
|
||||
@ IN NS {{ sn_hostname }}.infra.fftdf.
|
||||
@ IN NS {{ sn_hostname }}.infra.ff.
|
||||
IN A {{ sn_mesh_IPv4 }}
|
||||
IN AAAA {{ sn_mesh_IPv6 }}
|
||||
localhost IN A 127.0.0.1
|
6
files/ff/ff.conf
Normal file
6
files/ff/ff.conf
Normal file
@ -0,0 +1,6 @@
|
||||
// Zone declarations for Freifunk
|
||||
|
||||
zone "ff" {
|
||||
type master;
|
||||
file "/etc/bind/ff/db.ff";
|
||||
};
|
@ -1,6 +0,0 @@
|
||||
// Zone declarations for Freifunk Troisdorf
|
||||
|
||||
zone "fftdf" {
|
||||
type master;
|
||||
file "/etc/bind/fftdf/db.fftdf";
|
||||
};
|
164
files/hosts.example
Normal file
164
files/hosts.example
Normal file
@ -0,0 +1,164 @@
|
||||
# This is the default ansible 'hosts' file.
|
||||
#
|
||||
# It should live in /etc/ansible/hosts
|
||||
#
|
||||
# - Comments begin with the '#' character
|
||||
# - Blank lines are ignored
|
||||
# - Groups of hosts are delimited by [header] elements
|
||||
# - You can enter hostnames or ip addresses
|
||||
# - A hostname/ip can be a member of multiple groups
|
||||
|
||||
# Ex 1: Ungrouped hosts, specify before any group headers.
|
||||
|
||||
#green.example.com
|
||||
#blue.example.com
|
||||
#192.168.100.1
|
||||
#192.168.100.10
|
||||
|
||||
# Ex 2: A collection of hosts belonging to the 'webservers' group
|
||||
|
||||
#[webservers]
|
||||
#alpha.example.org
|
||||
#beta.example.org
|
||||
#192.168.1.100
|
||||
#192.168.1.110
|
||||
|
||||
# If you have multiple hosts following a pattern you can specify
|
||||
# them like this:
|
||||
|
||||
#www[001:006].example.com
|
||||
|
||||
# Ex 3: A collection of database servers in the 'dbservers' group
|
||||
|
||||
#[dbservers]
|
||||
#
|
||||
#db01.intranet.mydomain.net
|
||||
#db02.intranet.mydomain.net
|
||||
#10.25.1.56
|
||||
#10.25.1.57
|
||||
|
||||
# Here's another example of host ranges, this time there are no
|
||||
# leading 0s:
|
||||
|
||||
#db-[99:101]-node.example.com
|
||||
|
||||
|
||||
|
||||
[freifunk_Lohmar]
|
||||
82.165.139.113 ansible_ssh_port=2222
|
||||
|
||||
[freifunk]
|
||||
46.4.138.180 ansible_ssh_port=2222
|
||||
46.4.138.181 ansible_ssh_port=2222
|
||||
46.4.138.182 ansible_ssh_port=2222
|
||||
46.4.138.183 ansible_ssh_port=2222
|
||||
46.4.138.188 ansible_ssh_port=22
|
||||
46.4.138.189 ansible_ssh_port=22
|
||||
|
||||
[freifunk_sn:children]
|
||||
troisdorf4
|
||||
troisdorf5
|
||||
troisdorf6
|
||||
troisdorf7
|
||||
|
||||
[freifunk_sn_l2tp:children]
|
||||
troisdorf4
|
||||
troisdorf5
|
||||
troisdorf6
|
||||
troisdorf7
|
||||
|
||||
[freifunk_sn:vars]
|
||||
ansible_ssh_port=22
|
||||
ansible_ssh_user=root
|
||||
sn_mtu=1312
|
||||
sn_l2tp_tb_port=53842
|
||||
sn_l2tp_tb_backup_port=53840
|
||||
sn_fqdn=freifunk-troisdorf.de
|
||||
static_dhcp_repo=https://github.com/Freifunk-Troisdorf/static-dhcp.git
|
||||
root_password_file=/home/localadmin/root_pwd.yml
|
||||
slack_token_file=/home/localadmin/slack_token.yml
|
||||
|
||||
[troisdorf4]
|
||||
4.freifunk-troisdorf.de
|
||||
|
||||
[troisdorf4:vars]
|
||||
sn_number=4
|
||||
sn_hostname=troisdorf4
|
||||
sn_dhcp_range=10.188.8.0 10.188.15.254
|
||||
sn_mesh_IPv6=2a03:2260:121:4000::4
|
||||
sn_mesh_IPv6_net=2a03:2260:121:4000::/64
|
||||
sn_mesh_IPv6_xfer=2a03:2260:121:4000::2
|
||||
sn_mesh_IPv4=10.188.0.4
|
||||
sn_mesh_IPv4_brcast=10.188.31.255
|
||||
sn_mesh_IPv4_net=10.188.0.0
|
||||
sn_mesh_IPv4_xfer=10.188.0.2
|
||||
sn_mesh_MAC=a2:8c:ae:6f:f6:04
|
||||
ul_mesh_MAC=a2:8c:ae:6f:f6:40
|
||||
sn_ffrl_IPv4=185.66.193.104
|
||||
sn_exit=1
|
||||
sn_interface_name=eth0
|
||||
yanic_domain=tdf
|
||||
|
||||
|
||||
[troisdorf5]
|
||||
5.fftdf.de
|
||||
|
||||
[troisdorf5:vars]
|
||||
sn_number=5
|
||||
sn_hostname=troisdorf5
|
||||
sn_dhcp_range=10.188.40.0 10.188.47.255
|
||||
sn_mesh_IPv6=2a03:2260:121:5000::5
|
||||
sn_mesh_IPv6_net=2a03:2260:121:5000::/64
|
||||
sn_mesh_IPv6_xfer=2a03:2260:121:5000::2
|
||||
sn_mesh_IPv4=10.188.32.5
|
||||
sn_mesh_IPv4_brcast=10.188.63.255
|
||||
sn_mesh_IPv4_net=10.188.32.0
|
||||
sn_mesh_IPv4_xfer=10.188.32.2
|
||||
sn_mesh_MAC=a2:8c:ae:6f:f6:05
|
||||
ul_mesh_MAC=a2:8c:ae:6f:f6:50
|
||||
sn_ffrl_IPv4=185.66.193.105
|
||||
sn_exit=1
|
||||
sn_interface_name=eth0
|
||||
yanic_domain=inn
|
||||
|
||||
[troisdorf6]
|
||||
6.fftdf.de
|
||||
|
||||
[troisdorf6:vars]
|
||||
sn_number=6
|
||||
sn_hostname=troisdorf6
|
||||
sn_dhcp_range=10.188.72.0 10.188.79.255
|
||||
sn_mesh_IPv6=2a03:2260:121:6000::6
|
||||
sn_mesh_IPv6_net=2a03:2260:121:6000::/64
|
||||
sn_mesh_IPv6_xfer=2a03:2260:121:6000::2
|
||||
sn_mesh_IPv4=10.188.64.6
|
||||
sn_mesh_IPv4_brcast=10.188.95.255
|
||||
sn_mesh_IPv4_net=10.188.64.0
|
||||
sn_mesh_IPv4_xfer=10.188.64.2
|
||||
sn_mesh_MAC=a2:8c:ae:6f:f6:06
|
||||
ul_mesh_MAC=a2:8c:ae:6f:f6:60
|
||||
sn_ffrl_IPv4=185.66.193.106
|
||||
sn_exit=1
|
||||
sn_interface_name=eth0
|
||||
yanic_domain=flu
|
||||
|
||||
[troisdorf7]
|
||||
7.fftdf.de
|
||||
|
||||
[troisdorf7:vars]
|
||||
sn_number=7
|
||||
sn_hostname=troisdorf7
|
||||
sn_dhcp_range=10.188.104.0 10.188.111.255
|
||||
sn_mesh_IPv6=2a03:2260:121:7000::7
|
||||
sn_mesh_IPv6_net=2a03:2260:121:7000::/64
|
||||
sn_mesh_IPv6_xfer=2a03:2260:121:7000::2
|
||||
sn_mesh_IPv4=10.188.96.7
|
||||
sn_mesh_IPv4_brcast=10.188.127.255
|
||||
sn_mesh_IPv4_net=10.188.96.0
|
||||
sn_mesh_IPv4_xfer=10.188.96.2
|
||||
sn_mesh_MAC=a2:8c:ae:6f:f6:07
|
||||
ul_mesh_MAC=a2:8c:ae:6f:f6:70
|
||||
sn_ffrl_IPv4=185.66.193.107
|
||||
sn_local_exit=1
|
||||
sn_interface_name=ens18
|
||||
yanic_domain=evt
|
@ -13,21 +13,21 @@ iface lo inet6 loopback
|
||||
|
||||
|
||||
# The primary network interface
|
||||
allow-hotplug eth0
|
||||
iface eth0 inet static
|
||||
address 212.129.50.141
|
||||
allow-hotplug {{ sn_interface_name }}
|
||||
iface {{ sn_interface_name }} inet static
|
||||
address 46.4.156.114
|
||||
netmask 255.255.255.255
|
||||
gateway 163.172.210.1
|
||||
pointopoint 163.172.210.1
|
||||
post-up iptables -P OUTPUT ACCEPT
|
||||
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
|
||||
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
|
||||
post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP
|
||||
post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
|
||||
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
|
||||
auto 6to4
|
||||
iface 6to4 inet6 6to4
|
||||
local 212.129.50.141
|
||||
local 46.4.156.114
|
||||
|
||||
# GRE Tunnel zum Rheinland Backbone
|
||||
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
|
||||
@ -37,7 +37,7 @@ auto gre-bb-a.ak.ber
|
||||
iface gre-bb-a.ak.ber inet static
|
||||
address 100.64.6.13
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.195.0 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.0 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
||||
@ -54,7 +54,7 @@ auto gre-bb-b.ak.ber
|
||||
iface gre-bb-b.ak.ber inet static
|
||||
address 100.64.6.19
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.195.1 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.1 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
||||
@ -72,7 +72,7 @@ auto gre-bb-a.ix.dus
|
||||
iface gre-bb-a.ix.dus inet static
|
||||
address 100.64.6.17
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.193.0 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.0 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
||||
@ -90,7 +90,7 @@ auto gre-bb-b.ix.dus
|
||||
iface gre-bb-b.ix.dus inet static
|
||||
address 100.64.6.23
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.193.1 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.1 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
||||
@ -107,7 +107,7 @@ auto gre-bb-a.fra3.f
|
||||
iface gre-bb-a.fra3.f inet static
|
||||
address 100.64.6.15
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.194.0 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.0 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
||||
@ -125,7 +125,7 @@ auto gre-bb-b.fra3.f
|
||||
iface gre-bb-b.fra3.f inet static
|
||||
address 100.64.6.21
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.194.1 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.1 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
@ -9,25 +9,25 @@ iface lo inet loopback
|
||||
up ip address add 185.66.193.105/32 dev lo
|
||||
|
||||
iface lo inet6 loopback
|
||||
up ip address add 203:2260:121:5000::105/52 dev lo
|
||||
up ip address add 2a03:2260:121:5000::105/52 dev lo
|
||||
|
||||
|
||||
# The primary network interface
|
||||
allow-hotplug eth0
|
||||
iface eth0 inet static
|
||||
address 62.210.5.90
|
||||
allow-hotplug {{ sn_interface_name }}
|
||||
iface {{ sn_interface_name }} inet static
|
||||
address 46.4.156.115
|
||||
netmask 255.255.255.255
|
||||
gateway 163.172.210.1
|
||||
pointopoint 163.172.210.1
|
||||
post-up iptables -P OUTPUT ACCEPT
|
||||
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
|
||||
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
|
||||
post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP
|
||||
post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
|
||||
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
|
||||
auto 6to4
|
||||
iface 6to4 inet6 6to4
|
||||
local 62.210.5.90
|
||||
local 46.4.156.115
|
||||
|
||||
# GRE Tunnel zum Rheinland Backbone
|
||||
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
|
||||
@ -37,7 +37,7 @@ auto gre-bb-a.ak.ber
|
||||
iface gre-bb-a.ak.ber inet static
|
||||
address 100.64.2.151
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.195.0 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.195.0 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
||||
@ -54,7 +54,7 @@ auto gre-bb-b.ak.ber
|
||||
iface gre-bb-b.ak.ber inet static
|
||||
address 100.64.2.153
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.195.1 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.195.1 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
||||
@ -72,7 +72,7 @@ auto gre-bb-a.ix.dus
|
||||
iface gre-bb-a.ix.dus inet static
|
||||
address 100.64.2.155
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.193.0 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.193.0 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
||||
@ -90,7 +90,7 @@ auto gre-bb-b.ix.dus
|
||||
iface gre-bb-b.ix.dus inet static
|
||||
address 100.64.2.157
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.193.1 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.193.1 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
@ -13,25 +13,24 @@ iface lo inet6 loopback
|
||||
|
||||
|
||||
# The primary network interface
|
||||
allow-hotplug eth0
|
||||
#iface eth0 inet dhcp
|
||||
iface eth0 inet static
|
||||
address 62.210.12.122
|
||||
allow-hotplug {{ sn_interface_name }}
|
||||
iface {{ sn_interface_name }} inet static
|
||||
address 46.4.156.116
|
||||
netmask 255.255.255.255
|
||||
gateway 163.172.210.1
|
||||
pointopoint 163.172.210.1
|
||||
post-up iptables -P OUTPUT ACCEPT
|
||||
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
|
||||
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
|
||||
post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP
|
||||
post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
|
||||
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
|
||||
|
||||
auto 6to4
|
||||
iface 6to4 inet6 6to4
|
||||
local 62.210.12.122
|
||||
local 46.4.156.116
|
||||
post-up ip6tables -P OUTPUT ACCEPT
|
||||
post-up ip6tables -A OUTPUT -o eth0 -d fc00::/7 -j DROP
|
||||
post-up ip6tables -A OUTPUT -o $IFACE -d fc00::/7 -j DROP
|
||||
|
||||
# GRE Tunnel zum Rheinland Backbone
|
||||
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
|
||||
@ -41,7 +40,7 @@ auto gre-bb-a.ak.ber
|
||||
iface gre-bb-a.ak.ber inet static
|
||||
address 100.64.2.159
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.195.0 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.195.0 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
||||
@ -58,7 +57,7 @@ auto gre-bb-b.ak.ber
|
||||
iface gre-bb-b.ak.ber inet static
|
||||
address 100.64.2.161
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.195.1 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.195.1 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
||||
@ -76,7 +75,7 @@ auto gre-bb-a.ix.dus
|
||||
iface gre-bb-a.ix.dus inet static
|
||||
address 100.64.2.163
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.193.0 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.193.0 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
||||
@ -94,7 +93,7 @@ auto gre-bb-b.ix.dus
|
||||
iface gre-bb-b.ix.dus inet static
|
||||
address 100.64.2.165
|
||||
netmask 255.255.255.254
|
||||
pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.193.1 ttl 255
|
||||
pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.193.1 ttl 255
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
|
||||
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
|
||||
post-up ip link set $IFACE mtu 1400
|
@ -13,21 +13,20 @@ iface lo inet6 loopback
|
||||
|
||||
|
||||
# The primary network interface
|
||||
allow-hotplug eth0
|
||||
iface eth0 inet static
|
||||
address 212.83.154.70
|
||||
netmask 255.255.255.255
|
||||
gateway 163.172.42.1
|
||||
pointopoint 163.172.42.1
|
||||
allow-hotplug {{ sn_interface_name }}
|
||||
iface {{ sn_interface_name }} inet static
|
||||
address 93.241.53.100
|
||||
netmask 255.255.255.0
|
||||
gateway 93.241.53.1
|
||||
post-up iptables -P OUTPUT ACCEPT
|
||||
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
|
||||
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
|
||||
post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP
|
||||
post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
|
||||
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
auto 6to4
|
||||
iface 6to4 inet6 6to4
|
||||
local 212.83.154.70
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
|
||||
post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
|
||||
post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
|
||||
#auto 6to4
|
||||
# iface 6to4 inet6 6to4
|
||||
# local 212.83.154.70
|
||||
|
||||
# GRE Tunnel zum Rheinland Backbone
|
||||
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
|
@ -1,19 +0,0 @@
|
||||
#!/bin/bash
|
||||
while [ true ] ; do
|
||||
#Check Tunneldigger Connections
|
||||
if ! [ -d /opt/freifunk/tunneldigger_interfaces ]; then
|
||||
mkdir /opt/freifunk/tunneldigger_interfaces
|
||||
fi
|
||||
#Remove old Interfaces
|
||||
rm /opt/freifunk/tunneldigger_interfaces/*
|
||||
#Create Interace files
|
||||
for i in `/sbin/brctl show br-nodes | grep l2tp`;
|
||||
do
|
||||
touch /opt/freifunk/tunneldigger_interfaces/$i
|
||||
done
|
||||
#Remove wrong file
|
||||
rm /opt/freifunk/tunneldigger_interfaces/no
|
||||
rm /opt/freifunk/tunneldigger_interfaces/br-*
|
||||
rm /opt/freifunk/tunneldigger_interfaces/8*
|
||||
sleep 60
|
||||
done
|
@ -3,16 +3,9 @@
|
||||
sleep 60
|
||||
batctl=/usr/local/sbin/batctl
|
||||
ip=/sbin/ip
|
||||
communitymacaddress="a2:8c:ae:6f:f6"
|
||||
communitymacaddress="{{ communitymac }}"
|
||||
localserver=$(/bin/hostname)
|
||||
communityname=troisdorf
|
||||
|
||||
# L2tp to Map
|
||||
$ip l2tp add tunnel remote 163.172.225.200 local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id {{ sn_number }}0 peer_tunnel_id 0{{ sn_number }} encap udp udp_sport 300{{ sn_number }}0 udp_dport 3000{{ sn_number }}
|
||||
$ip l2tp add session name l2tp-map tunnel_id {{ sn_number }}0 session_id 1{{ sn_number }}0 peer_session_id 2{{ sn_number }}0
|
||||
$ip link set dev l2tp-map mtu 1312
|
||||
$ip link set up l2tp-map
|
||||
$batctl if add l2tp-map
|
||||
communityname={{ communityname }}
|
||||
|
||||
# Rest Starten
|
||||
$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0
|
||||
|
@ -1,51 +0,0 @@
|
||||
[broker]
|
||||
; IP address the broker will listen and accept tunnels on
|
||||
address={{ ansible_default_ipv4.address }}
|
||||
; Ports where the broker will listen on
|
||||
port={{ sn_l2tp_tb_backup_port }}
|
||||
; Interface with that IP address
|
||||
interface=eth0
|
||||
; Maximum number of cached cookies, required for establishing a
|
||||
; session with the broker
|
||||
max_cookies=1024
|
||||
; Maximum number of tunnels that will be allowed by the broker
|
||||
max_tunnels=150
|
||||
; Tunnel port base
|
||||
port_base=25000
|
||||
; Tunnel id base
|
||||
tunnel_id_base=500
|
||||
; Tunnel timeout interval in seconds
|
||||
tunnel_timeout=60
|
||||
; Should PMTU discovery be enabled
|
||||
pmtu_discovery=false
|
||||
; Namespace (for running multiple brokers); note that you must also
|
||||
; configure disjunct ports, and tunnel identifiers in order for
|
||||
; namespacing to work
|
||||
namespace=backup
|
||||
|
||||
[log]
|
||||
; Log filename
|
||||
filename=/var/log/tunneldigger-broker-backup.log
|
||||
; Verbosity
|
||||
verbosity=DEBUG
|
||||
; Should IP addresses be logged or not
|
||||
log_ip_addresses=false
|
||||
|
||||
[hooks]
|
||||
; Arguments to the session.{up,pre-down,down} hooks are as follows:
|
||||
;
|
||||
; <tunnel_id> <session_id> <interface> <mtu> <endpoint_ip> <endpoint_port> <local_port>
|
||||
;
|
||||
; Arguments to the session.mtu-changed hook are as follows:
|
||||
;
|
||||
; <tunnel_id> <session_id> <interface> <old_mtu> <new_mtu>
|
||||
;
|
||||
|
||||
; Called after the tunnel interface goes up
|
||||
session.up=/srv/tunneldigger/bataddif.sh
|
||||
; Called just before the tunnel interface goes down
|
||||
session.pre-down=/srv/tunneldigger/batdelif.sh
|
||||
; Called after the tunnel interface goes down
|
||||
session.down=
|
||||
; Called after the tunnel MTU gets changed because of PMTU discovery
|
||||
session.mtu-changed=
|
@ -4,7 +4,7 @@ address={{ ansible_default_ipv4.address }}
|
||||
; Ports where the broker will listen on
|
||||
port={{ sn_l2tp_tb_port }}
|
||||
; Interface with that IP address
|
||||
interface=eth0
|
||||
interface={{ sn_interface_name }}
|
||||
; Maximum number of cached cookies, required for establishing a
|
||||
; session with the broker
|
||||
max_cookies=1024
|
||||
@ -21,7 +21,19 @@ pmtu_discovery=false
|
||||
; Namespace (for running multiple brokers); note that you must also
|
||||
; configure disjunct ports, and tunnel identifiers in order for
|
||||
; namespacing to work
|
||||
namespace=troisdorf
|
||||
namespace={{ communityname }}
|
||||
|
||||
; Reject connections if there are less than N seconds since the last connection.
|
||||
; Can be less than a second (e.g., 0.1).
|
||||
connection_rate_limit=2
|
||||
|
||||
; Set PMTU to a fixed value. Use 0 for automatic PMTU discovery. A non-0 value also disables
|
||||
; PMTU discovery on the client side, by having the server not respond to client-side PMTU
|
||||
; discovery probes.
|
||||
pmtu=0
|
||||
|
||||
; The batman device of this Hood (e.g. bat2)
|
||||
batdev=bat0
|
||||
|
||||
[log]
|
||||
; Log filename
|
||||
|
@ -6,5 +6,5 @@
|
||||
// organization
|
||||
//include "/etc/bind/zones.rfc1918";
|
||||
|
||||
// Include Freifunk Troisdorf (fftdf) zones
|
||||
include "/etc/bind/fftdf/fftdf.conf";
|
||||
// Include Freifunk (ff) zones
|
||||
include "/etc/bind/ff/ff.conf";
|
||||
|
1
files/root_pwd.yml.example
Normal file
1
files/root_pwd.yml.example
Normal file
@ -0,0 +1 @@
|
||||
sn_rootpasswd: xyz
|
1
files/slack_token.yml.example
Normal file
1
files/slack_token.yml.example
Normal file
@ -0,0 +1 @@
|
||||
slack_token: "XYZ"
|
@ -1,13 +0,0 @@
|
||||
# ----------
|
||||
# Configuration
|
||||
# Describes the Incoming Webhook allowing you to post messages into Slack.
|
||||
# After the configuration, copy this file to /etc or your home directory.
|
||||
# NOTE : Please rename this file to '.slacktee', if you'd like to place this in your home directory.
|
||||
# ----------
|
||||
webhook_url="https://hooks.slack.com/services/{{ slack_token }}" # Incoming Webhooks integration URL. See https://my.slack.com/services/new/incoming-webhook
|
||||
upload_token="" # The user's API authentication token, only used for file uploads. See https://api.slack.com/#auth
|
||||
channel="technik" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'.
|
||||
tmp_dir="/tmp" # Temporary file is created in this directory.
|
||||
username="slacktee" # Default username to post messages.
|
||||
icon="ghost" # Default emoji or a direct url to an image to post messages. You don't have to wrap emoji with ':'. See http://www.emoji-cheat-sheet.com.
|
||||
attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used.
|
@ -1,6 +1,8 @@
|
||||
#!/bin/sh
|
||||
# Version 1.91
|
||||
|
||||
sleep 5
|
||||
|
||||
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
|
||||
|
||||
# Activate IP forwarding
|
||||
@ -34,11 +36,23 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted",
|
||||
/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP
|
||||
/usr/local/sbin/batctl if add br-nodes
|
||||
|
||||
sleep 5
|
||||
|
||||
#Stop all Services - Started from keepalive.sh
|
||||
/bin/systemctl stop radvd
|
||||
/bin/systemctl stop tunneldigger
|
||||
/bin/systemctl stop bird
|
||||
/bin/systemctl stop bird6
|
||||
/bin/sleep 90
|
||||
/bin/systemctl restart radvd
|
||||
/bin/sleep 2
|
||||
/bin/systemctl retsrat tunneldigger
|
||||
/bin/sleep 2
|
||||
/bin/systemctl restart bird
|
||||
/bin/sleep 2
|
||||
/bin/systemctl restart bird6
|
||||
/bin/sleep 2
|
||||
/bin/systemctl restart respondd
|
||||
/bin/sleep 2
|
||||
/bin/systemctl stop isc-dhcp-server
|
||||
/bin/sleep 2
|
||||
/usr/bin/killall dhcpd
|
||||
/bin/sleep 2
|
||||
/bin/rm /var/run/dhcpd.pid
|
||||
/bin/sleep 2
|
||||
/bin/systemctl start isc-dhcp-server
|
||||
exit 0
|
||||
|
||||
|
57
files/sn_startup.local.exit.sh.j2
Normal file
57
files/sn_startup.local.exit.sh.j2
Normal file
@ -0,0 +1,57 @@
|
||||
#!/bin/sh
|
||||
# Version 1.91
|
||||
|
||||
sleep 5
|
||||
|
||||
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
|
||||
|
||||
# Activate IP forwarding
|
||||
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
|
||||
/sbin/sysctl -w net.ipv4.ip_forward=1
|
||||
|
||||
# restart when kernel panic
|
||||
/sbin/sysctl kernel.panic=1
|
||||
|
||||
# Routing table 42
|
||||
/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables
|
||||
|
||||
# Set table for traffice with mark 4
|
||||
/bin/ip rule add fwmark 0x4 table 42
|
||||
/bin/ip -6 rule add fwmark 0x4 table 42
|
||||
|
||||
# Set mark 4 to Freifunk traffic
|
||||
#/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
|
||||
#/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
|
||||
|
||||
# All from FF IPv4 via routing table 42
|
||||
#/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
|
||||
#/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42
|
||||
|
||||
# Allow MAC address spoofing
|
||||
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
|
||||
|
||||
# Create Tunneldigger Bridge
|
||||
/sbin/brctl addbr br-nodes
|
||||
/sbin/ip link set dev br-nodes up address 2E:9D:FA:A1:6B:0{{ sn_number }}
|
||||
/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP
|
||||
/usr/local/sbin/batctl if add br-nodes
|
||||
|
||||
/bin/sleep 90
|
||||
/bin/systemctl restart radvd
|
||||
/bin/sleep 2
|
||||
/bin/systemctl retsrat tunneldigger
|
||||
/bin/sleep 2
|
||||
/bin/systemctl restart bird
|
||||
/bin/sleep 2
|
||||
/bin/systemctl restart bird6
|
||||
/bin/sleep 2
|
||||
/bin/systemctl restart respondd
|
||||
/bin/sleep 2
|
||||
/bin/systemctl stop isc-dhcp-server
|
||||
/bin/sleep 2
|
||||
/usr/bin/killall dhcpd
|
||||
/bin/sleep 2
|
||||
/bin/rm /var/run/dhcpd.pid
|
||||
/bin/sleep 2
|
||||
/bin/systemctl start isc-dhcp-server
|
||||
exit 0
|
@ -1,9 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
WDIR=/srv/tunneldigger
|
||||
VIRTUALENV_DIR=/srv/tunneldigger
|
||||
|
||||
cd $WDIR
|
||||
source $VIRTUALENV_DIR/bin/activate
|
||||
|
||||
bin/python broker/l2tp_broker.py l2tp_broker-backup.cfg
|
@ -1,9 +1,11 @@
|
||||
#!/bin/bash
|
||||
|
||||
WDIR=/srv/tunneldigger
|
||||
VIRTUALENV_DIR=/srv/tunneldigger
|
||||
WDIR=/srv/tunneldigger/env_tunneldigger
|
||||
VIRTUALENV_DIR=/srv/tunneldigger/env_tunneldigger
|
||||
|
||||
cd $WDIR
|
||||
source $VIRTUALENV_DIR/bin/activate
|
||||
|
||||
bin/python broker/l2tp_broker.py l2tp_broker.cfg
|
||||
$VIRTUALENV_DIR/bin/python -m tunneldigger_broker.main ../l2tp_broker.cfg
|
||||
#bin/python broker/l2tp_broker.py ../l2tp_broker.cfg
|
||||
|
||||
|
@ -1,65 +0,0 @@
|
||||
#!/bin/bash
|
||||
help () {
|
||||
echo "Supernode Settings:"
|
||||
echo "status | off | on"
|
||||
}
|
||||
|
||||
status () {
|
||||
supernode_status=$(/bin/cat /etc/supernode-status/supernode.status)
|
||||
supernode_mode=$(/bin/cat /etc/supernode-status/supernode.mode)
|
||||
|
||||
echo -e "\nSupernode Status: (Ist-Zustand)"
|
||||
if [ $supernode_status == 0 ]; then
|
||||
echo "Supernode ist Abgeschaltet"
|
||||
elif [ $supernode_status == 1 ]; then
|
||||
echo "Supernode läuft (Automatik inkl. Backup)"
|
||||
elif [ $supernode_status == 2 ]; then
|
||||
echo "Supernode läuft (Backup Netz Aktiv)"
|
||||
elif [ $supernode_status == 3 ]; then
|
||||
echo "Supernode läuft (Backup deaktiviert)"
|
||||
fi
|
||||
echo -e "\nSupernode Status: (Soll-Zustand)"
|
||||
if [ $supernode_mode == 0 ]; then
|
||||
echo "Supernode ist Abgeschaltet"
|
||||
elif [ $supernode_mode == 1 ]; then
|
||||
echo "Supernode läuft (Automatik inkl. Backup)"
|
||||
elif [ $supernode_mode == 2 ]; then
|
||||
echo "Supernode läuft (Backup Netz Aktiv)"
|
||||
elif [ $supernode_mode == 3 ]; then
|
||||
echo "Supernode läuft (Backup deaktiviert)"
|
||||
fi
|
||||
echo -e "\nService Status"
|
||||
for service in bird bird6 dhcpd radvd python named
|
||||
do
|
||||
if [ "$(/bin/cat /etc/supernode-status/$service.status)" = "1" ]; then
|
||||
echo -e "$service läuft"
|
||||
else
|
||||
echo -e "$service aus"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
off () {
|
||||
echo 0 > /etc/supernode-status/supernode.mode
|
||||
/usr/sbin/service tunneldigger stop
|
||||
/usr/sbin/service bind9 stop
|
||||
/usr/sbin/service bird stop
|
||||
/usr/sbin/service bird6 stop
|
||||
/usr/sbin/service isc-dhcp-server stop
|
||||
/usr/sbin/service radvd stop
|
||||
/usr/local/sbin/batctl gw off
|
||||
echo "Supernode Aus"
|
||||
}
|
||||
|
||||
on () {
|
||||
echo 1 > /etc/supernode-status/supernode.mode
|
||||
/usr/sbin/service tunneldigger restart
|
||||
/usr/sbin/service bind9 restart
|
||||
/usr/sbin/service bird restart
|
||||
/usr/sbin/service bird6 restart
|
||||
/usr/sbin/service isc-dhcp-server restart
|
||||
/usr/sbin/service radvd restart
|
||||
/usr/local/sbin/batctl gw server 100Mbit/100Mbit
|
||||
echo "Supernode An"
|
||||
}
|
||||
$1
|
@ -1,9 +0,0 @@
|
||||
[Unit]
|
||||
Description = Start tunneldigger L2TPv3 broker
|
||||
After = network.target
|
||||
|
||||
[Service]
|
||||
ExecStart = /srv/tunneldigger/start-broker-backup.sh
|
||||
|
||||
[Install]
|
||||
WantedBy = multi-user.target
|
199
files/yanic.conf.j2
Normal file
199
files/yanic.conf.j2
Normal file
@ -0,0 +1,199 @@
|
||||
# This is the config file for Yanic written in "Tom's Obvious, Minimal Language."
|
||||
# syntax: https://github.com/toml-lang/toml
|
||||
# (if you need somethink multiple times, checkout out the [[array of table]] section)
|
||||
|
||||
# Send respondd request to update information
|
||||
[respondd]
|
||||
enable = true
|
||||
# Delay startup until a multiple of the period since zero time
|
||||
synchronize = "1m"
|
||||
# how often request per multicast
|
||||
collect_interval = "1m"
|
||||
|
||||
[[respondd.interfaces]]
|
||||
# name of interface on which this collector is running
|
||||
ifname = "bat0"
|
||||
# ip address which is used for sending
|
||||
# (optional - without definition used a address of ifname - prefered link local)
|
||||
#ip_address = "fd2f:5119:f2d::5"
|
||||
# disable sending multicast respondd request
|
||||
# (for receiving only respondd packages e.g. database respondd)
|
||||
#send_no_request = false
|
||||
# multicast address to destination of respondd
|
||||
# (optional - without definition used default ff05::2:1001)
|
||||
#multicast_address = "ff02::2:1001"
|
||||
# define a port to listen
|
||||
# if not set or set to 0 the kernel will use a random free port at its own
|
||||
#port = 10001
|
||||
|
||||
# A little build-in webserver, which statically serves a directory.
|
||||
# This is useful for testing purposes or for a little standalone installation.
|
||||
[webserver]
|
||||
enable = true
|
||||
bind = "0.0.0.0:80"
|
||||
webroot = "/opt/freifunk/yanic/"
|
||||
|
||||
|
||||
[nodes]
|
||||
# Cache file
|
||||
# a json file to cache all data collected directly from respondd
|
||||
state_path = "/var/lib/yanic/state.json"
|
||||
# prune data in RAM, cache-file and output json files (i.e. nodes.json)
|
||||
# that were inactive for longer than
|
||||
prune_after = "7d"
|
||||
# Export nodes and graph periodically
|
||||
save_interval = "5s"
|
||||
# Set node to offline if not seen within this period
|
||||
offline_after = "10m"
|
||||
|
||||
|
||||
## [[nodes.output.example]]
|
||||
# Each output format has its own config block and needs to be enabled by adding:
|
||||
#enable = true
|
||||
#
|
||||
# For each output format there can be set different filters
|
||||
#[nodes.output.example.filter]
|
||||
#
|
||||
# WARNING: if it is not set, it will publish contact information of other persons
|
||||
# Set to true, if you did not want the json files to contain the owner information
|
||||
#no_owner = true
|
||||
#
|
||||
# List of nodeids of nodes that should be filtered out, so they won't appear in output
|
||||
#blacklist = ["00112233445566", "1337f0badead"]
|
||||
#
|
||||
# List of site_codes of nodes that should be included in the output
|
||||
#sites = ["ffhb"]
|
||||
#
|
||||
# set has_location to true if you want to include only nodes that have geo-coordinates set
|
||||
# (setting this to false has no sensible effect, unless you'd want to hide nodes that have coordinates)
|
||||
#has_location = true
|
||||
|
||||
|
||||
#[respondd.sites.fftdf]
|
||||
#domains = ["tdf-tdf"]
|
||||
|
||||
#[nodes.output.meshviewer-ffrgb.filter]
|
||||
#no_owner = true
|
||||
#blacklist = []
|
||||
#sites = ["flu","tdf","inn"]
|
||||
|
||||
|
||||
|
||||
|
||||
#[nodes.output.example.filter.in_area]
|
||||
# nodes outside this area are not shown on the map but are still listed as a node without coordinates
|
||||
#latitude_min = 34.30
|
||||
#latitude_max = 71.85
|
||||
#longitude_min = -24.96
|
||||
#longitude_max = 39.72
|
||||
|
||||
|
||||
# definition for the new more compressed meshviewer.json
|
||||
[[nodes.output.meshviewer-ffrgb]]
|
||||
enable = true
|
||||
path = "/opt/freifunk/yanic/meshviewer.json"
|
||||
|
||||
[nodes.output.meshviewer-ffrgb.filter]
|
||||
# WARNING: if it is not set, it will publish contact information of other persons
|
||||
no_owner = false
|
||||
#blacklist = ["00112233445566", "1337f0badead"]
|
||||
#sites = ["ffhb"]
|
||||
#has_location = true
|
||||
|
||||
#[nodes.output.meshviewer-ffrgb.filter.in_area]
|
||||
#latitude_min = 34.30
|
||||
#latitude_max = 71.85
|
||||
#longitude_min = -24.96
|
||||
#longitude_max = 39.72
|
||||
|
||||
|
||||
# definition for nodes.json
|
||||
[[nodes.output.meshviewer]]
|
||||
enable = true
|
||||
# The structure version of the output which should be generated (i.e. nodes.json)
|
||||
# version 1 is accepted by the legacy meshviewer (which is the master branch)
|
||||
# i.e. https://github.com/ffnord/meshviewer/tree/master
|
||||
# version 2 is accepted by the new versions of meshviewer (which are in the legacy develop branch or newer)
|
||||
# i.e. https://github.com/ffnord/meshviewer/tree/dev
|
||||
# https://github.com/ffrgb/meshviewer/tree/develop
|
||||
version = 2
|
||||
# path where to store nodes.json
|
||||
nodes_path = "/opt/freifunk/yanic/nodes.json"
|
||||
# path where to store graph.json
|
||||
graph_path = "/opt/freifunk/yanic/graph.json"
|
||||
|
||||
[nodes.output.meshviewer.filter]
|
||||
# WARNING: if it is not set, it will publish contact information of other persons
|
||||
no_owner = false
|
||||
|
||||
|
||||
# definition for nodelist.json
|
||||
[[nodes.output.nodelist]]
|
||||
enable = true
|
||||
path = "/opt/freifunk/yanic/nodelist.json"
|
||||
|
||||
[nodes.output.nodelist.filter]
|
||||
# WARNING: if it is not set, it will publish contact information of other persons
|
||||
no_owner = false
|
||||
|
||||
|
||||
|
||||
[database]
|
||||
# this will send delete commands to the database to prune data
|
||||
# which is older than:
|
||||
delete_after = "7d"
|
||||
# how often run the cleaning
|
||||
delete_interval = "1h"
|
||||
|
||||
## [[database.connection.example]]
|
||||
# Each database-connection has its own config block and needs to be enabled by adding:
|
||||
#enable = true
|
||||
|
||||
# Save collected data to InfluxDB.
|
||||
# There are the following measurments:
|
||||
# node: store node specific data i.e. clients memory, airtime
|
||||
# global: store global data, i.e. count of clients and nodes
|
||||
# firmware: store the count of nodes tagged with firmware
|
||||
# model: store the count of nodes tagged with hardware model
|
||||
[[database.connection.influxdb]]
|
||||
enable = true
|
||||
address = "http://195.201.17.16:8886"
|
||||
database = "freifunk"
|
||||
username = "freifunk"
|
||||
password = "dude1990"
|
||||
|
||||
# Tagging of the data (optional)
|
||||
[database.connection.influxdb.tags]
|
||||
# Tags used by Yanic would override the tags from this config
|
||||
# nodeid, hostname, owner, model, firmware_base, firmware_release,frequency11g and frequency11a are tags which are already used
|
||||
#tagname1 = "tagvalue 1"
|
||||
# some useful e.g.:
|
||||
#system = "productive"
|
||||
#site = "ffhb"
|
||||
|
||||
# Graphite settings
|
||||
[[database.connection.graphite]]
|
||||
enable = false
|
||||
address = "localhost:2003"
|
||||
# Graphite is replacing every "." in the metric name with a slash "/" and uses
|
||||
# that for the file system hierarchy it generates. it is recommended to at least
|
||||
# move the metrics out of the root namespace (that would be the empty prefix).
|
||||
# If you only intend to run one community and only freifunk on your graphite node
|
||||
# then the prefix can be set to anything (including the empty string) since you
|
||||
# probably wont care much about "polluting" the namespace.
|
||||
prefix = "freifunk"
|
||||
|
||||
# respondd (yanic)
|
||||
# forward collected respondd package to a address
|
||||
# (e.g. to another respondd collector like a central yanic instance or hopglass)
|
||||
[[database.connection.respondd]]
|
||||
enable = false
|
||||
# type of network to create a connection
|
||||
type = "udp6"
|
||||
# destination address to connect/send respondd package
|
||||
address = "stats.bremen.freifunk.net:11001"
|
||||
|
||||
# Logging
|
||||
[[database.connection.logging]]
|
||||
enable = false
|
||||
path = "/var/log/yanic.log"
|
161
hosts
Normal file
161
hosts
Normal file
@ -0,0 +1,161 @@
|
||||
# This is the default ansible 'hosts' file.
|
||||
#
|
||||
# It should live in /etc/ansible/hosts
|
||||
#
|
||||
# - Comments begin with the '#' character
|
||||
# - Blank lines are ignored
|
||||
# - Groups of hosts are delimited by [header] elements
|
||||
# - You can enter hostnames or ip addresses
|
||||
# - A hostname/ip can be a member of multiple groups
|
||||
|
||||
# Ex 1: Ungrouped hosts, specify before any group headers.
|
||||
|
||||
#green.example.com
|
||||
#blue.example.com
|
||||
#192.168.100.1
|
||||
#192.168.100.10
|
||||
|
||||
# Ex 2: A collection of hosts belonging to the 'webservers' group
|
||||
|
||||
#[webservers]
|
||||
#alpha.example.org
|
||||
#beta.example.org
|
||||
#192.168.1.100
|
||||
#192.168.1.110
|
||||
|
||||
# If you have multiple hosts following a pattern you can specify
|
||||
# them like this:
|
||||
|
||||
#www[001:006].example.com
|
||||
|
||||
# Ex 3: A collection of database servers in the 'dbservers' group
|
||||
|
||||
#[dbservers]
|
||||
#
|
||||
#db01.intranet.mydomain.net
|
||||
#db02.intranet.mydomain.net
|
||||
#10.25.1.56
|
||||
#10.25.1.57
|
||||
|
||||
# Here's another example of host ranges, this time there are no
|
||||
# leading 0s:
|
||||
|
||||
#db-[99:101]-node.example.com
|
||||
|
||||
|
||||
[freifunk]
|
||||
#46.4.138.180 ansible_ssh_port=2222
|
||||
#46.4.138.181 ansible_ssh_port=2222
|
||||
#46.4.138.182 ansible_ssh_port=2222
|
||||
#46.4.138.183 ansible_ssh_port=2222
|
||||
#46.4.138.188 ansible_ssh_port=22
|
||||
#46.4.138.189 ansible_ssh_port=22
|
||||
|
||||
[freifunk_sn:children]
|
||||
troisdorf4
|
||||
troisdorf5
|
||||
troisdorf6
|
||||
troisdorf7
|
||||
|
||||
#[freifunk_sn_l2tp:children]
|
||||
#troisdorf4
|
||||
#troisdorf5
|
||||
#troisdorf6
|
||||
#troisdorf7
|
||||
|
||||
[freifunk_sn:vars]
|
||||
ansible_ssh_port=22
|
||||
ansible_ssh_user=root
|
||||
sn_mtu=1312
|
||||
sn_l2tp_tb_port=53842
|
||||
sn_fqdn=freifunk-troisdorf.de
|
||||
static_dhcp_repo=https://github.com/Freifunk-Troisdorf/static-dhcp.git
|
||||
root_password_file=/home/localadmin/root_pwd.yml
|
||||
slack_token_file=/home/localadmin/slack_token.yml
|
||||
communitymac=a2:8c:ae:6f:f6
|
||||
communityname=troisdorf
|
||||
|
||||
[troisdorf4]
|
||||
4.freifunk-troisdorf.de
|
||||
|
||||
[troisdorf4:vars]
|
||||
sn_number=4
|
||||
sn_hostname=troisdorf4
|
||||
sn_dhcp_range=10.188.8.0 10.188.15.254
|
||||
sn_mesh_IPv6=2a03:2260:121:4000::4
|
||||
sn_mesh_IPv6_net=2a03:2260:121:4000::/64
|
||||
sn_mesh_IPv6_xfer=2a03:2260:121:4000::2
|
||||
sn_mesh_IPv4=10.188.0.4
|
||||
sn_mesh_IPv4_brcast=10.188.31.255
|
||||
sn_mesh_IPv4_net=10.188.0.0
|
||||
sn_mesh_IPv4_xfer=10.188.0.2
|
||||
sn_mesh_MAC=a2:8c:ae:6f:f6:04
|
||||
ul_mesh_MAC=a2:8c:ae:6f:f6:40
|
||||
sn_ffrl_IPv4=185.66.193.104
|
||||
sn_exit=1
|
||||
sn_interface_name=eth0
|
||||
yanic_domain=tdf
|
||||
|
||||
|
||||
[troisdorf5]
|
||||
5.fftdf.de
|
||||
|
||||
[troisdorf5:vars]
|
||||
sn_number=5
|
||||
sn_hostname=troisdorf5
|
||||
sn_dhcp_range=10.188.40.0 10.188.47.255
|
||||
sn_mesh_IPv6=2a03:2260:121:5000::5
|
||||
sn_mesh_IPv6_net=2a03:2260:121:5000::/64
|
||||
sn_mesh_IPv6_xfer=2a03:2260:121:5000::2
|
||||
sn_mesh_IPv4=10.188.32.5
|
||||
sn_mesh_IPv4_brcast=10.188.63.255
|
||||
sn_mesh_IPv4_net=10.188.32.0
|
||||
sn_mesh_IPv4_xfer=10.188.32.2
|
||||
sn_mesh_MAC=a2:8c:ae:6f:f6:05
|
||||
ul_mesh_MAC=a2:8c:ae:6f:f6:50
|
||||
sn_ffrl_IPv4=185.66.193.105
|
||||
sn_exit=1
|
||||
sn_interface_name=eth0
|
||||
yanic_domain=inn
|
||||
|
||||
[troisdorf6]
|
||||
6.fftdf.de
|
||||
|
||||
[troisdorf6:vars]
|
||||
sn_number=6
|
||||
sn_hostname=troisdorf6
|
||||
sn_dhcp_range=10.188.72.0 10.188.79.255
|
||||
sn_mesh_IPv6=2a03:2260:121:6000::6
|
||||
sn_mesh_IPv6_net=2a03:2260:121:6000::/64
|
||||
sn_mesh_IPv6_xfer=2a03:2260:121:6000::2
|
||||
sn_mesh_IPv4=10.188.64.6
|
||||
sn_mesh_IPv4_brcast=10.188.95.255
|
||||
sn_mesh_IPv4_net=10.188.64.0
|
||||
sn_mesh_IPv4_xfer=10.188.64.2
|
||||
sn_mesh_MAC=a2:8c:ae:6f:f6:06
|
||||
ul_mesh_MAC=a2:8c:ae:6f:f6:60
|
||||
sn_ffrl_IPv4=185.66.193.106
|
||||
sn_exit=1
|
||||
sn_interface_name=eth0
|
||||
yanic_domain=flu
|
||||
|
||||
[troisdorf7]
|
||||
7.fftdf.de
|
||||
|
||||
[troisdorf7:vars]
|
||||
sn_number=7
|
||||
sn_hostname=troisdorf7
|
||||
sn_dhcp_range=10.188.104.0 10.188.111.255
|
||||
sn_mesh_IPv6=2a03:2260:121:7000::7
|
||||
sn_mesh_IPv6_net=2a03:2260:121:7000::/64
|
||||
sn_mesh_IPv6_xfer=2a03:2260:121:7000::2
|
||||
sn_mesh_IPv4=10.188.96.7
|
||||
sn_mesh_IPv4_brcast=10.188.127.255
|
||||
sn_mesh_IPv4_net=10.188.96.0
|
||||
sn_mesh_IPv4_xfer=10.188.96.2
|
||||
sn_mesh_MAC=a2:8c:ae:6f:f6:07
|
||||
ul_mesh_MAC=a2:8c:ae:6f:f6:70
|
||||
sn_ffrl_IPv4=185.66.193.107
|
||||
sn_local_exit=1
|
||||
sn_interface_name=ens18
|
||||
yanic_domain=evt
|
242
install.sn.yml
242
install.sn.yml
@ -3,14 +3,13 @@
|
||||
# ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y"
|
||||
|
||||
- name: Install Freifunk Troisdorf super node
|
||||
# hosts: FreifunkSupernodesL2TP
|
||||
hosts: '{{ target }}'
|
||||
hosts: all
|
||||
sudo: False
|
||||
user: root
|
||||
gather_facts: False
|
||||
vars:
|
||||
snversion: master_v3.0.16
|
||||
batmanversion: v2017.4
|
||||
# Internal verion number
|
||||
snversion: 2019_v3.1.7
|
||||
common_required_packages:
|
||||
- git
|
||||
- make
|
||||
@ -21,7 +20,6 @@
|
||||
- libnl-3-dev
|
||||
- libjansson-dev
|
||||
- isc-dhcp-server
|
||||
- collectd
|
||||
- libcap-dev
|
||||
- iproute
|
||||
- libnetfilter-conntrack3
|
||||
@ -43,7 +41,13 @@
|
||||
- ntp
|
||||
- libnl-genl-3-dev
|
||||
- virtualenv
|
||||
- linux-image-extra-4.4.0-127-generic
|
||||
- batman-adv
|
||||
- batctl
|
||||
- libffi-dev
|
||||
- libnetfilter-conntrack-dev
|
||||
- libnfnetlink-dev
|
||||
- speedtest-cli
|
||||
- ethtool
|
||||
modules_required:
|
||||
- batman-adv
|
||||
- nf_conntrack_netlink
|
||||
@ -54,33 +58,40 @@
|
||||
- l2tp_eth
|
||||
tunneldigger_scripts:
|
||||
- start-broker.sh
|
||||
- start-broker-backup.sh
|
||||
- batdelif.sh
|
||||
tunneldigger_service:
|
||||
- tunneldigger.service
|
||||
- tunneldigger-backup.service
|
||||
respondd_service:
|
||||
- respondd_service
|
||||
broker_cfg:
|
||||
- l2tp_broker-backup.cfg
|
||||
- l2tp_broker.cfg
|
||||
# bind_zone_fftdf:
|
||||
# - named.conf.fftdf
|
||||
check_gw_script:
|
||||
- keepalive.sh
|
||||
authorized_keys:
|
||||
- authorized_keys
|
||||
logrotate_config:
|
||||
- logrotate.conf
|
||||
supernode_config:
|
||||
- supernode.mode
|
||||
- loadbalancing.mode
|
||||
|
||||
tasks:
|
||||
- name: Remove cdrom in sources.list
|
||||
raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list"
|
||||
- name: Make this server ansible compatible
|
||||
raw: "apt-get update && apt-get install python -y"
|
||||
# - name: Add backport repo to source list #target: /etc/apt/sources.list.d
|
||||
# apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present
|
||||
raw: "apt-get update && apt-get install python apt-transport-https dirmngr -y"
|
||||
- name: Adding Freifuck GPG Key
|
||||
raw: "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B2522557E6AB9BF5"
|
||||
# apt_key:
|
||||
# id: B2522557E6AB9BF5
|
||||
# url: https://keyserver.ubuntu.com
|
||||
# url: https://pool.sks-keyservers.net
|
||||
# url: https://sks.pod01.fleetstreetops.com
|
||||
# state: present
|
||||
|
||||
- name: Import Slack token
|
||||
include_vars: "{{ slack_token_file }}"
|
||||
- name: Import root password
|
||||
include_vars: "{{ root_password_file }}"
|
||||
- name: Add Freifuck repo to source list
|
||||
apt_repository: repo='deb https://freifuck.de/debian stretch main' state=present
|
||||
- name: Add backport repo to source list
|
||||
apt_repository: repo='deb http://http.debian.net/debian stretch-backports main' state=present
|
||||
- name: Update apt cache
|
||||
apt: update_cache=yes
|
||||
- name: Gathering facts
|
||||
@ -93,14 +104,14 @@
|
||||
- name: set hostname
|
||||
hostname: name='{{ sn_hostname }}'
|
||||
register: sethostname
|
||||
- name: disable multi CPU Kernel (SMP)
|
||||
- name: disable multi CPU Kernel (SMP) # Batman don not like SMP
|
||||
lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present
|
||||
register: grubnosmp
|
||||
- name: Update grub
|
||||
shell: update-grub2
|
||||
when: grubnosmp.changed
|
||||
- name: Reboot the server
|
||||
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
|
||||
shell: sleep 2 && shutdown -r now "Ansible updates triggered, no SMP"
|
||||
async: 1
|
||||
poll: 0
|
||||
ignore_errors: true
|
||||
@ -114,125 +125,59 @@
|
||||
timeout=300
|
||||
when: hosts.changed
|
||||
when: sethostname.changed
|
||||
- apt: update_cache=yes
|
||||
- name: Install common required packages
|
||||
apt: state=installed pkg={{ item }}
|
||||
with_items: common_required_packages
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
update_cache: yes
|
||||
with_items: "{{ common_required_packages }}"
|
||||
register: aptupdates
|
||||
- name: Set clock
|
||||
shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start
|
||||
# - name: Add modules
|
||||
# lineinfile: dest=/etc/modules line={{ item }}
|
||||
# with_items: modules_required
|
||||
# register: modules_req
|
||||
# - name: Load modules
|
||||
# modprobe: name={{ item }}
|
||||
# with_items: modules_required
|
||||
# when: modules_req.changed
|
||||
- name: Install Linux headers
|
||||
shell: >
|
||||
apt-get install linux-headers-$(uname -r) -y
|
||||
when: aptupdates.changed
|
||||
- name: Get batman-adv
|
||||
git: repo=https://git.open-mesh.org/batman-adv.git
|
||||
dest=/tmp/batman-adv
|
||||
when: aptupdates.changed
|
||||
register: getbatman
|
||||
# - name: Get batman-adv no rebrotcast patch
|
||||
# get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch
|
||||
# when: getbatman.changed
|
||||
- name: Install batman-adv
|
||||
shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install
|
||||
# shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install
|
||||
when: getbatman.changed
|
||||
- name: Get batctl
|
||||
git: repo=http://git.open-mesh.org/batctl.git
|
||||
dest=/tmp/batctl
|
||||
when: aptupdates.changed
|
||||
register: getbatctl
|
||||
- name: Install batctl
|
||||
shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install
|
||||
when: getbatctl.changed
|
||||
- name: Get Tunneldigger
|
||||
# git: repo=https://github.com/wlanslovenija/tunneldigger.git
|
||||
git: repo=https://github.com/ffrl/tunneldigger.git
|
||||
dest=/srv/tunneldigger
|
||||
git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger
|
||||
register: tunneldigger
|
||||
when: aptupdates.changed
|
||||
- name: Configure tunneldigger
|
||||
command: "{{item}}"
|
||||
with_items:
|
||||
- virtualenv /srv/tunneldigger/ -p python2.7
|
||||
when: tunneldigger.changed
|
||||
- name: Tunneldigger requirements
|
||||
pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/
|
||||
raw: "cd /srv/tunneldigger && virtualenv env_tunneldigger && source env_tunneldigger/bin/activate && cd broker && python setup.py install"
|
||||
when: tunneldigger.changed
|
||||
- name: Copy l2tp broker config template
|
||||
template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444
|
||||
with_items: broker_cfg
|
||||
with_items: "{{ broker_cfg }}"
|
||||
when: tunneldigger.changed
|
||||
- name: Copy tunneldigger script template
|
||||
template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500
|
||||
when: tunneldigger.changed
|
||||
- name: Copy tunneldigger scripts
|
||||
copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500
|
||||
with_items: tunneldigger_scripts
|
||||
with_items: "{{ tunneldigger_scripts }}"
|
||||
when: tunneldigger.changed
|
||||
- name: Copy tunneldigger service template
|
||||
copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444
|
||||
with_items: tunneldigger_service
|
||||
with_items: "{{ tunneldigger_service }}"
|
||||
when: tunneldigger.changed
|
||||
##########
|
||||
- name: Add modules
|
||||
lineinfile: dest=/etc/modules line={{ item }}
|
||||
with_items: modules_required
|
||||
with_items: "{{ modules_required }}"
|
||||
register: modules_req
|
||||
- name: Load modules
|
||||
modprobe: name={{ item }}
|
||||
with_items: modules_required
|
||||
when: modules_req.changed
|
||||
#########
|
||||
- name: Tunneldigger reload
|
||||
command: "{{item}}"
|
||||
with_items:
|
||||
- systemctl daemon-reload
|
||||
- systemctl enable tunneldigger.service
|
||||
- systemctl enable tunneldigger-backup.service
|
||||
when: tunneldigger.changed
|
||||
- name: Copy logrotate config
|
||||
copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500
|
||||
with_items: logrotate_config
|
||||
with_items: "{{logrotate_config}}"
|
||||
- name: Create freifunk directory
|
||||
file: path=/opt/freifunk state=directory mode=0755
|
||||
- name: Create keepalive directory
|
||||
file: path=/etc/supernode-status state=directory mode=0755
|
||||
- name: Create supernode config files
|
||||
file: path=/etc/supernode-status/{{ item }} state=touch owner=root group=root mode=0644
|
||||
with_items: supernode_config
|
||||
- name: Supernode set default mode
|
||||
lineinfile: dest=/etc/supernode-status/{{ item }} regexp=^0 line=0
|
||||
with_items: supernode_config
|
||||
- name: Check gateway / keepalive script supernode
|
||||
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
|
||||
with_items: check_gw_script
|
||||
register: check_gw
|
||||
when: sn_exit is undefined
|
||||
- name: Check gateway / keepalive script super- and exitnode
|
||||
template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500
|
||||
register: check_gw
|
||||
when: sn_exit is defined
|
||||
- name: Add cron job with check gateway script
|
||||
cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root"
|
||||
when: check_gw.changed
|
||||
- name: Supernode Config script super- and exitnode
|
||||
copy: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500
|
||||
when: sn_exit is defined
|
||||
- name: Copy dhcpd template file
|
||||
template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
|
||||
register: dhcpd
|
||||
- name: Copy dhcpd6 template file
|
||||
template: src=./files/dhcpd6.conf.j2 dest=/etc/dhcp/dhcpd6.conf owner=root group=root mode=0444
|
||||
- name: Clone static DHCP config
|
||||
git: repo=https://github.com/Freifunk-Troisdorf/static-dhcp
|
||||
dest=/opt/freifunk/static-dhcp
|
||||
git: repo="{{ static_dhcp_repo }}" dest=/opt/freifunk/static-dhcp
|
||||
when: dhcpd.changed
|
||||
- name: Add cron static DHCP
|
||||
cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh"
|
||||
@ -245,64 +190,75 @@
|
||||
cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh"
|
||||
- name: Add cron startup script
|
||||
cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh"
|
||||
- name: Copy backbone script
|
||||
template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
|
||||
when: sn_exit is undefined
|
||||
- name: Copy backbone script
|
||||
template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
|
||||
when: sn_exit is defined
|
||||
- name: Collectd template file
|
||||
template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
|
||||
register: collectd
|
||||
- name: Restart collectd
|
||||
service: name=collectd state=restarted
|
||||
when: collectd.changed
|
||||
- name: configure startup script supernode
|
||||
template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
|
||||
when: sn_exit is undefined
|
||||
- name: Exit node startup script super- and exitnode
|
||||
template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
|
||||
when: sn_exit is defined
|
||||
- name: Exit node startup script super- and exitnode
|
||||
template: src=./files/sn_startup.local.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
|
||||
when: sn_local_exit is defined
|
||||
- name: SSH authorized_keys
|
||||
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
|
||||
with_items: authorized_keys
|
||||
- name: Bind9, activate fftdf zone
|
||||
lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/fftdf/fftdf.conf";' state=present
|
||||
with_items: "{{ authorized_keys }}"
|
||||
- name: Bind9, activate ff zone
|
||||
lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/ff/ff.conf";' state=present
|
||||
- name: Copy option template
|
||||
template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
|
||||
- name: Create fftdf directory
|
||||
file: path=/etc/bind/fftdf state=directory
|
||||
- name: Copy FFTDF Zones
|
||||
copy: src=./files/fftdf/{{ item }} dest=/etc/bind/fftdf/{{ item }} owner=root group=bind mode=644
|
||||
- name: Create ff directory
|
||||
file: path=/etc/bind/ff state=directory
|
||||
- name: Copy FF Zones
|
||||
copy: src=./files/ff/{{ item }} dest=/etc/bind/ff/{{ item }} owner=root group=bind mode=644
|
||||
with_items:
|
||||
- fftdf.conf
|
||||
- name: Copy fftdf Zone config template
|
||||
template: src=./files/fftdf/db.fftdf.j2 dest=/etc/bind/fftdf/db.fftdf owner=radvd group=root mode=0444
|
||||
- ff.conf
|
||||
- name: Copy ff Zone config template
|
||||
template: src=./files/ff/db.ff.j2 dest=/etc/bind/ff/db.ff owner=bind group=root mode=0444
|
||||
- name: Copy radvd config template
|
||||
template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444
|
||||
- name: Interface configuration with ffrl gre tunnel
|
||||
copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544
|
||||
when: sn_exit is defined
|
||||
template: src=./files/interfaces-{{ sn_hostname }}.j2 dest=/etc/network/interfaces owner=root group=root mode=0544
|
||||
- apt: update_cache=yes
|
||||
- name: Install bird
|
||||
apt: state=installed pkg=bird
|
||||
when: sn_exit is defined
|
||||
apt: state=present pkg=bird
|
||||
- name: Bird configuration
|
||||
copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444
|
||||
when: sn_exit is defined
|
||||
- name: Bird configuration
|
||||
copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444
|
||||
when: sn_exit is defined
|
||||
- name: Get speedtest-cli
|
||||
get_url: url=https://raw.githubusercontent.com/MightySCollins/speedtest-cli/master/speedtest_cli.py dest=/usr/bin/speedtest-cli
|
||||
- name: Change rights speedtest-cli
|
||||
file: path=/usr/bin/speedtest-cli owner=root group=root mode=0755
|
||||
- name: Create Yanic user
|
||||
user:
|
||||
name: yanic
|
||||
comment: "Yanic service user"
|
||||
- name: Create Yanic folder
|
||||
file: path=/opt/freifunk/yanic state=directory mode=0755 owner=yanic group=yanic
|
||||
- name: Copy Yanic config template
|
||||
template: src=./files/yanic.conf.j2 dest=/etc/yanic.conf owner=yanic group=yanic mode=0444
|
||||
- name: Shit go stuff
|
||||
shell: cd /usr/local && wget wget https://dl.google.com/go/go1.13.1.linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz && tar xvf go-release-linux-amd64.tar.gz && rm go-release-linux-amd64.tar.gz
|
||||
- name: Adjust path for go
|
||||
lineinfile:
|
||||
dest: /root/.bashrc
|
||||
line: "{{ item }}"
|
||||
with_items:
|
||||
- export GOPATH=/opt/go
|
||||
- export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
|
||||
- name: Compile go
|
||||
shell: go get -v -u github.com/Freifunk-Troisdorf/yanic
|
||||
- name: Copy and enable yanic service
|
||||
shell: cp /opt/go/src/github.com/Freifunk-Troisdorf/yanic/contrib/init/linux-systemd/yanic.service /lib/systemd/system/yanic.service && systemctl daemon-reload && systemctl enable yanic
|
||||
- name: Get respondd
|
||||
git: repo=https://github.com/Freifunk-Troisdorf/mesh-announce.git dest=/opt/mesh-announce
|
||||
- name: Copy respondd service template
|
||||
shell: cp /opt/mesh-announce/respondd.service /etc/systemd/system
|
||||
- name: Enable respondd service
|
||||
shell: systemctl daemon-reload && systemctl enable respondd
|
||||
- name: Copy Slacktee Config
|
||||
template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544
|
||||
- name: Copy Slacktee
|
||||
copy: src=./files/slacktee.sh dest=/usr/local/bin/slacktee.sh owner=root group=root mode=0744
|
||||
- name: set netfilter rules
|
||||
lineinfile: dest=/etc/sysctl.conf line="{{ item }}"
|
||||
lineinfile:
|
||||
dest: /etc/sysctl.conf
|
||||
line: "{{ item }}"
|
||||
with_items:
|
||||
- net.ipv4.netfilter.ip_conntrack_generic_timeout = 240
|
||||
- net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000
|
||||
@ -315,18 +271,20 @@
|
||||
when: modprobe1.stat.exists == False
|
||||
- name: check /etc/modprobe.conf
|
||||
lineinfile: dest=/etc/modprobe.conf line="options ip_conntrack hashsize=65536"
|
||||
- name: Change root password
|
||||
user:
|
||||
name: root
|
||||
password: "{{ sn_rootpasswd }}"
|
||||
- name: Logrotate rights
|
||||
file: path=/etc/logrotate.conf mode=0644 owner=root group=root
|
||||
- name: Wirte version information
|
||||
shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version
|
||||
- name: Reboot the server finally
|
||||
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
|
||||
async: 1
|
||||
poll: 0
|
||||
ignore_errors: true
|
||||
when: tunneldigger.changed
|
||||
- name: Logrotate rights
|
||||
file: path=/etc/logrotate.conf mode=0644 owner=root group=root
|
||||
- name: Change root password
|
||||
user: name=root password={{ sn_rootpasswd }}
|
||||
- name: Wirte version information
|
||||
shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version
|
||||
- name: waiting for server to come back
|
||||
local_action:
|
||||
wait_for
|
||||
|
Loading…
Reference in New Issue
Block a user