diff --git a/README.md b/README.md index 70236ec..0155002 100644 --- a/README.md +++ b/README.md @@ -1,34 +1,12 @@ -# ansible.fftdf.supernode -Ansible yml file to manage Freifunk Troisdorf supernodes +Ansible file to manage Freifunk Troisdorf supernodes +example: ansible-playbook install.sn.yml -l hosts -At this time you have to start it explicit with the target server -example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf5" -example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf[4,5,6]" +To install a individual host you have to start it explicit with the target server +example: ansible-playbook install.sn.yml -l hosts -l troisdorf7 -v -You need this information in your hosts (/etc/ansible/hosts) file: -#example, I hope self explaining -[troisdorf5] -78.46.233.212 - -[troisdorf5:vars] -sn_hostname=troisdorf5 -sn_dhcp_range=10.188.116.1 10.188.119.254 -sn_dhcp_dns=10.188.1.100, 10.188.1.23 -sn_dhcp_router=10.188.255.5 -sn_mesh_IPv6=fda0:747e:ab29:7405:255::5 -sn_mesh_IPv4=10.188.255.5 -sn_mesh_MAC=a2:8c:ae:6f:f6:05 -sn_fqdn=freifunk-troisdorf.de -sn_l2tp_tb_port=53844 - -[troisdorf4:vars] -sn_hostname=troisdorf4 -sn_dhcp_range=10.188.112.1 10.188.115.254 -sn_dhcp_dns=10.188.255.4, 10.188.1.100 -sn_dhcp_router=10.188.255.4 -sn_mesh_IPv6=fda0:747e:ab29:7405:255::4 -sn_mesh_IPv4=10.188.255.4 -sn_mesh_MAC=a2:8c:ae:6f:f6:04 -sn_fqdn=freifunk-troisdorf.de -sn_l2tp_tb_port=53842 +The hosts file is the most important file. +You will find some example files: +files/hosts.example +files/root_pwd.yml.example +files/slack_token.yml.example diff --git a/Todo b/Todo index e72c9c0..1ff3375 100644 --- a/Todo +++ b/Todo @@ -38,6 +38,3 @@ ip -6 route add 2a03:2260:121:6000::/64 via 2a03:2260:121:7000::2 table 42 ================================================================== -2. Freifunk Yanic Installieren - -3. chmod 644 /etc/logrotate.conf diff --git a/Untitled Diagram.xml b/Untitled Diagram.xml deleted file mode 100644 index 16f766d..0000000 --- a/Untitled Diagram.xml +++ /dev/null @@ -1 +0,0 @@ -UzV2zq1wL0osyPDNT0nNUTV2VTV2LsrPL4GwciucU3NyVI0MMlNUjV1UjYwMgFjVyA2HrCFY1qAgsSg1rwSLBiADYTaQg2Y1AA== \ No newline at end of file diff --git a/files/authorized_keys b/files/authorized_keys index 90c7b09..3604bb2 100644 --- a/files/authorized_keys +++ b/files/authorized_keys @@ -2,8 +2,4 @@ ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDP ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux -ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA5OYOF+VBtXXxv/wZkT5K3P7QAUJaM88zJqeGh8NJCO7EDg9jLoWLzAP7LnM9XEA4ycWdl8HX1+EUKqVXAbSNItTZZkO9LCbIiIe1w8oJd2j9hY0IpxPqbz9ePPZh0JtxAZMh3NgOoSiND0leAeOt0lTlDPh4g3G4KvR33d9PIj5ZerU47ceLyy4xEwNbZDKD04+frpq1W+lDqglR0jV/h/pcoQTAEBflbmGLeXIXRsR6zq/of4Wx/MlX18VD9SXPLGXvQ5c4lt5PvV/oeHz4gEjPv2hrI3s3fyWakadAuI9ah48CaEgpVReUGjtYDc0PskvjAH/+slqIHW1D5El+R1Z/2wn/aEGokFHUc0SiFb3NAOwxWvMtUHhXi9ZiTHt0p/0FwWZ1pxqRzODvK8uZ7LAJRGe6q9NYQkIax6SLOfWm4MFWDpDLgWz5MSbPqo+Kfo0614z1mxA3vpY53lUqEGRx4I6z/PDaOHMFd3sxhSMPGvmMvAOLTRofFppwUq1YqQkd6embsJjBN0gU9AilpL5Q2il0OoW4g0rUR8HPJczuDzmHZTXpPU2dY6MhAJ0sbNmk0XhmyoEH9/A1zPEHmirTcBMmbFUsYmR6+MnHEhxnRu5PQpXqcu2vN+JAeasgJShRl7g+rHIdutswHUAWWyfgaD0GF3f6zuOLooz1XQU= localadmin@tst-ansible - -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDA2KJvzjFxFrjJvxJj/AZ3rPKGT15JUnV7LhTo0BuXITwx+DpEK6u2m3yjigf2B8ws4VbpL7ceWyP8L3wspozqbqOgyYrQ9TISipkNV9O/DzR+F8R7mhn5mV7+pEOJu1Ba6rtYTfJTcloRKklfO9UjaFLwM69H0GNsomcKMd5Kl4c7DMMwcpXfhb8b7ET5agtfAhXU0CHalnhdAVCwmsC3mj9blOLlX4lxFLonGKVcZB7nWQEmvVAG+9yp6UWZZzeBCPea8Bw4hUVAZcsbK9XLbE4D+gUoxHu2oKGRja4kUnYmlWZOyqlUGbRD6bUxmnW1aBCh8x+b91YLlGv38vT6Y/sy0tPOoVK5kHxJ2yQmnlpgRzgBZf8Kl9ouO/onvExR787C+6TGG834ROW3SaiEeta0RvWwLzugexotT02qqpJmlIXu+gpvN+O9LSfQWzcaCFJTB6MD8mox1ks/W15Uij1pCeleUmiFdVtmt3PCs/ouuG1Uhm9MSWOBNwdFlTpAngopqBHSKYpTY+LhDD9Bv+U4Tno3i4dIGLYqNVmaRij2A0jZeSKOi/OgAaQsD7CzrDhn7C8dlsBFzPjtpFNqgk2Ss5bv3dpfQhBKsaxAe0X5W57vqJD+986039H3fj9/2o2PGuWCNr1LCWSjiy8t/P++cbn0rGdJAIexgTj3Q== supernodeadmin@update1 - -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUTvOdUbtWOmQ1HHh1rNm9LvGozlVPOu0XVcmZ2/NfSOrDbnN99Y4o2Q2mm/ZITWtEZkijnS+LdqB/SO+I2c8NWQO3+gCd9WzI/pqRso2eDIMtPfidnEGdUi4+hHmT96TGOh6P/SrR71646AJkQr5vxLDs/U/57uyTxNwgHFYb1zfekeK4J8gm9StfiGTdfFDTQsYQljrO0YxGrNG2koRXDwgUca4kGjx/HYwnjtl1nDRSAa8HvgxqAASFFrqSOhCkrlCgxoKZZwGIFccYTcAJFDhqIG32q2tRAQOtqxy5OWbTkJLBTBaR7dG4W9iYHbV6vscfNQD7Ml3aMrS+TA0x stefan@ff-stefan@tst-office +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsaIe542Vk0/sH0GEEMPhjDHBip0PI6OX/teuTLu/osvdb9Hj7432HUlEsiw8cfkCZBXtkQGlYXRVjiZkRxc8CzDpOkq75ZcqTfhmf/tCejBbgSFfdruViU11cFHIdznOqe3PeFM+8BJzHf2Gwnb5P/Q0RDYQ05Hfr9LhQVw3IXM2VInE+xR0sMj2rNr8g8lYa9X/+boElwqFiJqaRyb61XI0DYIXuxFQkg/E2bxvrtbrYJt9Pv5Mu0HYY2Q+xGqOGwPjxtqIixG9ne4EkiQkshFhfnTegfRMmhuSa0G6+Qqh5e4RPbtCGOW27tqXNUo0zDtcNaoWqUCIDkplTlUsimXT8PO+qiwMpXuVBYiwLat3N97kin8GAXoxYdrYdALopLbbkWx/7e06vqwBmF4tsPMcTRKOEIJgWIAVyxxr999Q5GNWA52m7iTNIWH1ExeTm/FQrbU4QCY6YThqhC3AVTYcUINNVZuFp19tNkNydUDOqPtwG0c+Bi8y15RBPUzQDbTgTR3zayuiOc26MYH4SGoSGNKeQjbJWr8MDsGi+NGMs2crYXirYVziPPXdY+im3fBH3UuRDkfbfvl4gXpDYxEUh/8GYdMLnttk2ifoBtlynEhxyunoKm7Z3V8mTikON70/ko6QkOmei/r/F+V9Se6FFsOTUIufwu6BC9+hBkw== localadmin@ansible diff --git a/files/bataddif.sh.j2 b/files/bataddif.sh.j2 index b029432..8796dd6 100644 --- a/files/bataddif.sh.j2 +++ b/files/bataddif.sh.j2 @@ -14,5 +14,4 @@ do fi done -#echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast $brctl addif br-nodes $INTERFACE diff --git a/files/check_mk-dhcp.sh b/files/check_mk-dhcp.sh deleted file mode 100644 index 90a4827..0000000 --- a/files/check_mk-dhcp.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -datum=$(date "+%b %d") -hostname=$(hostname) -clients=$(cat /var/log/syslog | grep "$(date "+%b %d")" | grep DHCPACK | grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' | sort | uniq | wc -l) -echo "nc.gateways."$hostname" $clients `date +%s`" | nc -n -q 5 10.188.0.10 2003 -echo "0 Uniq-Clients count=$clients - $clients Uniq Clients heute" diff --git a/files/check_mk-speedtest-cli b/files/check_mk-speedtest-cli deleted file mode 100644 index abe634a..0000000 --- a/files/check_mk-speedtest-cli +++ /dev/null @@ -1,392 +0,0 @@ -#! /bin/bash -# -# Script to check Internet connection speed using speedtest-cli -# -# Jon Witts - 20150228 -# -######################################################################################################################################################### -# -# Nagios Exit Codes -# -# 0 = OK = The plugin was able to check the service and it appeared to be functioning properly -# 1 = Warning = The plugin was able to check the service, but it appeared to be above some warning -# threshold or did not appear to be working properly -# 2 = Critical = The plugin detected that either the service was not running or it was above some critical threshold -# 3 = Unknown = Invalid command line arguments were supplied to the plugin or low-level failures internal -# to the plugin (such as unable to fork, or open a tcp socket) that prevent it from performing the specified operation. -# Higher-level errors (such as name resolution errors, socket timeouts, etc) are outside of the control of plugins -# and should generally NOT be reported as UNKNOWN states. -# -######################################################################################################################################################## - -plugin_name="Nagios speedtest-cli plugin" -version="1.2 2015022818.19" - -##################################################################### -# -# CHANGELOG -# -# Version 1.0 - Initial Release -# -# Version 1.1 - Added requirement to use server id in test and need to define -# full path to speedtest binary - thanks to Sigurdur Bjarnason -# for changes and improvements -# -# Version 1.2 - Added ability to check speed from an internal Speedtest Mini -# server. Idea sugested by Erik Brouwer -# -# -# - -##################################################################### -# function to output script usage -usage() -{ - cat << EOF - ****************************************************************************************** - - $plugin_name - Version: $version - - OPTIONS: - -h Show this message - -w Download Warning Level - *Required* - integer or floating point - -c Download Critical Level - *Required* - integer or floating point - -W Upload Warning Level - *Required* - integer or floating point - -C Upload Critical Level - *Required* - integer or floating point - -l Location of speedtest server - *Required * - takes either "i" or "e". If you pass "i" for - Internal then you will need to pass the URL of the Mini Server to the "s" option. If you pass - "e" for External then you must pass the server integer to the "s" option. - -s Server integer or URL for the speedtest server to test against - *Required* - Run - "speedtest --list | less" to find your nearest server and note the number of the server - or use the URL of an internal Speedtest Mini Server - -p Output Performance Data - -v Output plugin version - -V Output debug info for testing - - This script will output the Internet Connection Speed using speedtest-cli to Nagios. - - You need to have installed speedtest-cli on your system first and ensured that it is - working by calling "speedtest --simple". - - See here: https://github.com/sivel/speedtest-cli for info about speedtest-cli - - First you MUST define the location of your speedtest install in the script or this will - not work. - - The speedtest-cli can take some time to return its result. I recommend that you set the - service_check_timeout value in your main nagios.cfg to 120 to allow time for - this script to run; but test yourself and adjust accordingly. - - You also need to have access to bc on your system for this script to work and that it - exists in your path. - - Your warning levels must be higher than your critical levels for both upload and download. - - Performance Data will output upload and download speed against matching warning and - critical levels. - - Jon Witts - - ****************************************************************************************** -EOF -} - -##################################################################### -# function to output error if speedtest binary location not set -locundef() -{ - cat << EOF - ****************************************************************************************** - - $plugin_name - Version: $version - - You have not defined the location of the speedtest binary in the script! You MUST do - this before running the script. See line 170 of the script! - - ****************************************************************************************** -EOF -} - -##################################################################### -# function to check if a variable is numeric -# expects variable to check as first argument -# and human description of variable as second -isnumeric() -{ - re='^[0-9]+([.][0-9]+)?$' - if ! [[ $1 =~ $re ]]; then - echo $2" with a value of: "$1" is not a number!" - usage - exit 3 - fi -} - -##################################################################### -# functions for floating point operations - require bc! - -##################################################################### -# Default scale used by float functions. - -float_scale=3 - -##################################################################### -# Evaluate a floating point number expression. - -function float_eval() -{ - local stat=0 - local result=0.0 - if [[ $# -gt 0 ]]; then - result=$(echo "scale=$float_scale; $*" | bc -q 2>/dev/null) - stat=$? - if [[ $stat -eq 0 && -z "$result" ]]; then stat=1; fi - fi - echo $result - return $stat -} - -##################################################################### -# Evaluate a floating point number conditional expression. - -function float_cond() -{ - local cond=0 - if [[ $# -gt 0 ]]; then - cond=$(echo "$*" | bc -q 2>/dev/null) - if [[ -z "$cond" ]]; then cond=0; fi - if [[ "$cond" != 0 && "$cond" != 1 ]]; then cond=0; fi - fi - local stat=$((cond == 0)) - return $stat -} - -########### End of functions ######################################## - -# Set up the variable for the location of the speedtest binary. -# Edit the line below so that the variable is defined as the location -# to speedtest on your system. On mine it is /usr/local/bin -# Ensure to leave the last slash off! -# You MUST define this or the script will not run! -STb=/usr/bin - -# Set up the variables to take the arguments -DLw=150.00 -DLc=100.00 -ULw=150.00 -ULc=100.00 -Loc=e -# Server ID, if 0 using nearest server -SEs=0 -#PerfData=TRUE -PerfData= -debug= - -# Retrieve the arguments using getopts -while getopts "hw:c:W:C:l:s:pvV" OPTION -do - case $OPTION in - h) - usage - exit 3 - ;; - w) - DLw=$OPTARG - ;; - c) - DLc=$OPTARG - ;; - W) - ULw=$OPTARG - ;; - C) - ULc=$OPTARG - ;; - l) - Loc=$OPTARG - ;; - s) - SEs=$OPTARG - ;; - p) - PerfData="TRUE" - ;; - v) - echo "$plugin_name. Version number: $version" - exit 3 - ;; - V) - debug="TRUE" - ;; -esac -done - - -# Check if the Speedtest binary variable $STb has been defined and exit with warning if not -if [[ -z $STb ]] -then - locundef - exit 3 -fi - -# Check for empty arguments and exit to usage if found -if [[ -z $DLw ]] || [[ -z $DLc ]] || [[ -z $ULw ]] || [[ -z $ULc ]] || [[ -z $Loc ]] || [[ -z $SEs ]] -then - usage - exit 3 -fi - -# Check for invalid argument passed to $Loc and exit to usage if found -if [[ "$Loc" != "e" ]] && [[ "$Loc" != "i" ]] -then - usage - exit 3 -fi - -# Check for non-numeric arguments -isnumeric $DLw "Download Warning Level" -isnumeric $DLc "Download Critical Level" -isnumeric $ULw "Upload Warning Level" -isnumeric $ULc "Upload Critical Level" -#isnumeric $Serv "Server Number ID" - -# Check that warning levels are not less than critical levels -if float_cond "$DLw < $DLc"; then - echo "\$DLw is less than \$DLc!" - usage - exit 3 -elif float_cond "$ULw < $ULc"; then - echo "\$ULw is less than \$ULc!" - usage - exit 3 -fi - -# Output arguments for debug -if [ "$debug" == "TRUE" ]; then - echo "Download Warning Level = "$DLw - echo "Download Critical Level = "$DLc - echo "Upload Warning Level = "$ULw - echo "Upload Critical Level = "$ULc - echo "Server Location = "$Loc - echo "Server URL or Integer = "$SEs -fi - -#Set command up depending upon internal or external -if [ "$Loc" == "e" ]; then - if [ "$debug" == "TRUE" ]; then - echo "External Server defined" - fi - if [ "$SEs" == "0" ]; then - if [ "$debug" == "TRUE" ]; then - echo "no SEs specified" - fi - command=$($STb/speedtest --simple) - else - command=$($STb/speedtest --server=$SEs --simple) - fi -elif [ "$Loc" == "i" ]; then - if [ "$debug" == "TRUE" ]; then - echo "Internal Server defined" - fi - command=$($STb/speedtest --mini=$SEs --simple) -else - if [ "$debug" == "TRUE" ]; then - echo "We should never get here as we checked the contents of Location variable earlier!" - fi - usage - exit 3 -fi - -# Get the output of the speedtest into an array -# so we can begin to process it -i=1 -typeset -a array - -array=($command) - -# Check if array empty or not having at least 9 indicies -element_count=${#array[@]} -expected_count="9" - -# Output array indicies count for debug -if [ "$debug" == "TRUE" ]; then - echo "count = $element_count" -fi - -if [ "$element_count" -ne "$expected_count" ]; then - echo "You do not have the expected number of indices in your output from SpeedTest. Is it correctly installed?" - usage - exit 3 -fi - -# echo contents of speedtest for debug -if [ "$debug" == "TRUE" ]; then - echo "$command" -fi - -# split array into our variables for processing -ping=${array[1]} -pingUOM=${array[2]} -download=${array[4]} -downloadUOM=${array[5]} -upload=${array[7]} -uploadUOM=${array[8]} - -# echo each array for debug -if [ "$debug" == "TRUE" ]; then - echo "Ping = "$ping - echo "Download = "$download - echo "Upload = "$upload -fi - -#set up our nagios status and exit code variables -status= -nagcode= - -# now we check to see if returned values are within defined ranges -# we will make use of bc for our math! -if float_cond "$download < $DLc"; then - if [ "$debug" == "TRUE" ]; then - echo "Download less than critical limit. \$download = $download and \$DLc = $DLc " - fi - status="CRITICAL" - nagcode=2 -elif float_cond "$upload < $ULc"; then - if [ "$debug" == "TRUE" ]; then - echo "Upload less than critical limit. \$upload = $upload and \$ULc = $ULc" - fi - status="CRITICAL" - nagcode=2 -elif float_cond "$download < $DLw"; then - if [ "$debug" == "TRUE" ]; then - echo "Download less than warning limit. \$download = $download and \$DLw = $DLw" - fi - status="WARNING" - nagcode=1 -elif float_cond "$upload < $ULw"; then - if [ "$debug" == "TRUE" ]; then - echo "Upload less than warning limit. \$upload = $upload and \$ULw = $ULw" - fi - status="WARNING" - nagcode=1 -else - if [ "$debug" == "TRUE" ]; then - echo "Everything within bounds!" - fi - status="OK" - nagcode=0 -fi - -#nagout="$status - Ping = $ping $pingUOM Download = $download $downloadUOM Upload = $upload $uploadUOM" -#perfout="|'download'=$download;$DLw;$DLc 'upload'=$upload;$ULw;$ULc" -nagout="$nagcode speedtest-cli download=$download;$DLw;$DLc|upload=$upload;$ULw;$ULc|ping=$ping;250;500 Ping = $ping $pingUOM Download = $download $downloadUOM Upload = $upload $uploadUOM" - -# append perfout if argument was passed to script -if [ "$PerfData" == "TRUE" ]; then - if [ "$debug" == "TRUE" ]; then - echo "PerfData requested!" - fi - nagout=$nagout$perfout -fi - -echo $nagout -exit $nagcode diff --git a/files/check_mk.conf b/files/check_mk.conf deleted file mode 100644 index 96807a5..0000000 --- a/files/check_mk.conf +++ /dev/null @@ -1,28 +0,0 @@ -service check_mk -{ - type = UNLISTED - port = 6556 - socket_type = stream - protocol = tcp - wait = no - user = root - server = /usr/bin/check_mk_agent - - # listen on IPv4 AND IPv6 when available on this host - #flags = IPv6 - - # If you use fully redundant monitoring and poll the client - # from more then one monitoring servers in parallel you might - # want to use the agent cache wrapper: - #server = /usr/bin/check_mk_caching_agent - - # configure the IP address(es) of your Nagios server here: - only_from = 78.47.37.172 - - # Don't be too verbose. Don't log every check. This might be - # commented out for debugging. If this option is commented out - # the default options will be used for this service. - log_on_success = - - disable = no -} diff --git a/files/ckeck_mk-supernode b/files/ckeck_mk-supernode deleted file mode 100644 index 19a902c..0000000 --- a/files/ckeck_mk-supernode +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -#/usr/lib/check_mk_agent/local -export LANG=de_DE.UTF-8 - -function confline # get first line from file $1 mathing $2, stripped of # and ; comment lines, stripped spaces and tabs down to spaces, remove trailing ; -{ - echo $(cat $1|grep -v '^$\|^\s*\#'|sed -e "s/[[:space:]]\+/ /g"|sed s/^\ //|sed s/\;//|grep -i "$2"|head -n 1) -} - -function ati # ipv4 to longint -{ - ip4=$1; ipno=0 - for (( i=0 ; i<4 ; ++i )); do - ((ipno+=${ip4%%.*}*$((254**$((3-${i})))))) # .0 .255 should not be counted - ip4=${ip4#*.} - done - echo $ipno -} - -## static data -bat_version=$(batctl -v); -kernel=$(uname -r); -release=$(lsb_release -ds); - -## Batman -echo "0 Batman-Version Version=$bat_version; $bat_version" -list=$(ls -F /sys/kernel/debug/batman_adv|grep /) -for i in $list; do - z=$(ls /sys/kernel/debug/batman_adv/$i|wc -l) - if [ $z -ge 9 ]; then - b=$(echo $i|cut -d '/' -f1) - router=$(($(batctl -m $b o|wc -l)-2 )) - clients=$(grep -cEo "\[.*W.*\]+" /sys/kernel/debug/batman_adv/$b/transtable_global) - gateways=$(( $(batctl -m $b gwl|wc -l) -1 )) - ips=$(( $(batctl -m $b dc|wc -l) - 2)) - wlow=$(( $router * 20 / 100 )) - clow=$(( $router * 5 / 100 )) - wlimit=$(( $router * 5 )) - climit=$(( $router * 10 )) - echo "P Batman-$b Router=$router.0;5:250;1:500|Clients=$clients.0;$wlow.0:$wlimit.0;$clow.0:$climit.0|Gateways=$gateways.0;0:3;0:5;|IPs=$ips.0"; - fi; - done - -## isc-dhcpd-server leases -# needs script https://github.com/eulenfunk/scripts/blob/master/dhcpleases -if [ -r /opt/freifunk/dhcpleases ] ; then - totalleases=2040 - activeleases=$(python /opt/freifunk/dhcpleases|grep "^| Total"|cut -d":" -f2|sed s/\ //) - remainingleases=$(($totalleases - $activeleases)) - actwarn=$(($totalleases * 75 / 100)) - actcrit=$(($totalleases * 90 / 100)) - echo "P Dhcp-Leases active-leases=$activeleases.0;5:$actwarn;1:$actcrit active:$activeleases remaining:$remainingleases pool=$totalleases"; - fi - -#L2TP -l_tunnel=$(ip a |grep l2tp | grep br-nodes -c); -tunneldigger=$(ifconfig|grep br-nodes -c); -echo "P L2TP Clients=$l_tunnel.0;1:100;0:150|Tunneldiggerbridges=$tunneldigger.0;0.1:1;0.1:2; L2TP-Clients:$l_tunnel Tunneldiggerbridges:$tunneldigger" - -## Conntrack -conntrack=$(conntrack -C); -conntrack_limit=$(sysctl -a 2>/dev/null |grep net.nf_conntrack_max|cut -d ' ' -f 3); -conntrack_remain=$(echo $conntrack_limit - $conntrack|bc) -wlow=0.1 -clow=1.1 -wlimit=$(echo $conntrack_limit *0.7|bc) -climit=$(echo $conntrack_limit *0.9|bc) -wrlimit=$(echo $conntrack_limit *0.3|bc) -crlimit=$(echo $conntrack_limit *0.1|bc) -echo "P Conntrack conntrack=$conntrack.0;$wlow:$wlimit;$clow:$climit|conntrack_remain=$conntrack_remain.0;$wrlimit:$conntrack_limit;$crlimit:$conntrack_limit; Conntrack:$conntrack Conntrack-Remain:$conntrack_remain Conntrack-Limit:$conntrack_limit" diff --git a/files/collectd.conf.j2 b/files/collectd.conf.j2 deleted file mode 100644 index de68c08..0000000 --- a/files/collectd.conf.j2 +++ /dev/null @@ -1,54 +0,0 @@ -# Config file for collectd(1). -# -# Some plugins need additional configuration and are disabled by default. -# Please read collectd.conf(5) for details. -# -# You should also read /usr/share/doc/collectd-core/README.Debian.plugins -# before enabling any more plugins. - -## General ## - -Hostname "{{ sn_hostname }}" -FQDNLookup true -BaseDir "/var/lib/collectd" -PluginDir "/usr/lib/collectd" -Interval 60 -Timeout 2 -ReadThreads 5 - -## Load Plugins ## -LoadPlugin write_graphite -LoadPlugin syslog -LoadPlugin cpu -LoadPlugin load -LoadPlugin memory -LoadPlugin processes -LoadPlugin conntrack -LoadPlugin users -LoadPlugin uptime -LoadPlugin interface -LoadPlugin filecount - - - Instance "tunneldigger-connections" - Name "l2tp*" - - - - - Host "10.188.0.10" - Port "2003" - Prefix "collectd.gateways." - StoreRates true - AlwaysAppendDS false - EscapeCharacter "_" - - - - - LogLevel info - - -########################################################### -Include "/etc/collectd/filters.conf" -Include "/etc/collectd/thresholds.conf" diff --git a/files/dhcpd.conf.j2 b/files/dhcpd.conf.j2 index 8cd5205..d381959 100644 --- a/files/dhcpd.conf.j2 +++ b/files/dhcpd.conf.j2 @@ -1,6 +1,6 @@ # Version 1.3 ddns-update-style none; -option domain-name "fftdf"; +option domain-name "ff"; default-lease-time 300; max-lease-time 3600; log-facility local7; diff --git a/files/dhcpd6.conf.j2 b/files/dhcpd6.conf.j2 index 2a79b20..670a0d8 100644 --- a/files/dhcpd6.conf.j2 +++ b/files/dhcpd6.conf.j2 @@ -8,7 +8,7 @@ max-lease-time 600; option dhcp6.name-servers {{ sn_mesh_IPv6 }}; -option dhcp6.domain-search "fftdf"; +option dhcp6.domain-search "ff"; subnet6 {{ sn_mesh_IPv6_net }} { } diff --git a/files/dhcpleases b/files/dhcpleases deleted file mode 100644 index 40465c2..0000000 --- a/files/dhcpleases +++ /dev/null @@ -1,260 +0,0 @@ -#!/usr/bin/python -# source: http://askubuntu.com/revisions/fb67e8e2-efd4-4d0e-bb2f-416855fd8369/view-source -# by http://askubuntu.com/users/499043/dfsmith -import datetime, bisect - -def parse_timestamp(raw_str): - tokens = raw_str.split() - - if len(tokens) == 1: - if tokens[0].lower() == 'never': - return 'never'; - - else: - raise Exception('Parse error in timestamp') - - elif len(tokens) == 3: - return datetime.datetime.strptime(' '.join(tokens[1:]), - '%Y/%m/%d %H:%M:%S') - - else: - raise Exception('Parse error in timestamp') - - -def timestamp_is_ge(t1, t2): - if t1 == 'never': - return True - - elif t2 == 'never': - return False - - else: - return t1 >= t2 - - -def timestamp_is_lt(t1, t2): - if t1 == 'never': - return False - - elif t2 == 'never': - return t1 != 'never' - - else: - return t1 < t2 - - -def timestamp_is_between(t, tstart, tend): - return timestamp_is_ge(t, tstart) and timestamp_is_lt(t, tend) - - -def parse_hardware(raw_str): - tokens = raw_str.split() - - if len(tokens) == 2: - return tokens[1] - - else: - raise Exception('Parse error in hardware') - - -def strip_endquotes(raw_str): - return raw_str.strip('"') - - -def identity(raw_str): - return raw_str - - -def parse_binding_state(raw_str): - tokens = raw_str.split() - - if len(tokens) == 2: - return tokens[1] - - else: - raise Exception('Parse error in binding state') - - -def parse_next_binding_state(raw_str): - tokens = raw_str.split() - - if len(tokens) == 3: - return tokens[2] - - else: - raise Exception('Parse error in next binding state') - - -def parse_rewind_binding_state(raw_str): - tokens = raw_str.split() - - if len(tokens) == 3: - return tokens[2] - - else: - raise Exception('Parse error in next binding state') - - -def parse_leases_file(leases_file): - valid_keys = { - 'starts': parse_timestamp, - 'ends': parse_timestamp, - 'tstp': parse_timestamp, - 'tsfp': parse_timestamp, - 'atsfp': parse_timestamp, - 'cltt': parse_timestamp, - 'hardware': parse_hardware, - 'binding': parse_binding_state, - 'next': parse_next_binding_state, - 'rewind': parse_rewind_binding_state, - 'uid': strip_endquotes, - 'client-hostname': strip_endquotes, - 'option': identity, - 'set': identity, - 'on': identity, - 'abandoned': None, - 'bootp': None, - 'reserved': None, - } - - leases_db = {} - - lease_rec = {} - in_lease = False - in_failover = False - - for line in leases_file: - if line.lstrip().startswith('#'): - continue - - tokens = line.split() - - if len(tokens) == 0: - continue - - key = tokens[0].lower() - - if key == 'lease': - if not in_lease: - ip_address = tokens[1] - - lease_rec = {'ip_address' : ip_address} - in_lease = True - - else: - raise Exception('Parse error in leases file') - - elif key == 'failover': - in_failover = True - elif key == '}': - if in_lease: - for k in valid_keys: - if callable(valid_keys[k]): - lease_rec[k] = lease_rec.get(k, '') - else: - lease_rec[k] = False - - ip_address = lease_rec['ip_address'] - - if ip_address in leases_db: - leases_db[ip_address].insert(0, lease_rec) - - else: - leases_db[ip_address] = [lease_rec] - - lease_rec = {} - in_lease = False - - elif in_failover: - in_failover = False - continue - else: - raise Exception('Parse error in leases file') - - elif key in valid_keys: - if in_lease: - value = line[(line.index(key) + len(key)):] - value = value.strip().rstrip(';').rstrip() - - if callable(valid_keys[key]): - lease_rec[key] = valid_keys[key](value) - else: - lease_rec[key] = True - - else: - raise Exception('Parse error in leases file') - - else: - if in_lease: - raise Exception('Parse error in leases file') - - if in_lease: - raise Exception('Parse error in leases file') - - return leases_db - - -def round_timedelta(tdelta): - return datetime.timedelta(tdelta.days, - tdelta.seconds + (0 if tdelta.microseconds < 500000 else 1)) - - -def timestamp_now(): - n = datetime.datetime.utcnow() - return datetime.datetime(n.year, n.month, n.day, n.hour, n.minute, - n.second + (0 if n.microsecond < 500000 else 1)) - - -def lease_is_active(lease_rec, as_of_ts): - return timestamp_is_between(as_of_ts, lease_rec['starts'], - lease_rec['ends']) - - -def ipv4_to_int(ipv4_addr): - parts = ipv4_addr.split('.') - return (int(parts[0]) << 24) + (int(parts[1]) << 16) + \ - (int(parts[2]) << 8) + int(parts[3]) - - -def select_active_leases(leases_db, as_of_ts): - retarray = [] - sortedarray = [] - - for ip_address in leases_db: - lease_rec = leases_db[ip_address][0] - - if lease_is_active(lease_rec, as_of_ts): - ip_as_int = ipv4_to_int(ip_address) - insertpos = bisect.bisect(sortedarray, ip_as_int) - sortedarray.insert(insertpos, ip_as_int) - retarray.insert(insertpos, lease_rec) - - return retarray - - -############################################################################## - - -myfile = open('/var/lib/dhcp/dhcpd.leases', 'r') -leases = parse_leases_file(myfile) -myfile.close() - -now = timestamp_now() -report_dataset = select_active_leases(leases, now) - -print('+------------------------------------------------------------------------------') -print('| DHCPD ACTIVE LEASES REPORT') -print('+-----------------+-------------------+----------------------+-----------------') -print('| IP Address | MAC Address | Expires (days,H:M:S) | Client Hostname ') -print('+-----------------+-------------------+----------------------+-----------------') - -for lease in report_dataset: - print('| ' + format(lease['ip_address'], '<15') + ' | ' + \ - format(lease['hardware'], '<17') + ' | ' + \ - format(str((lease['ends'] - now) if lease['ends'] != 'never' else 'never'), '>20') + ' | ' + \ - lease['client-hostname']) - -print('+-----------------+-------------------+----------------------+-----------------') -print('| Total Active Leases: ' + str(len(report_dataset))) -print('| Report generated (UTC): ' + str(now)) -print('+------------------------------------------------------------------------------') diff --git a/files/fftdf/db.fftdf.j2 b/files/ff/db.ff.j2 similarity index 89% rename from files/fftdf/db.fftdf.j2 rename to files/ff/db.ff.j2 index 0216c3a..a46175e 100644 --- a/files/fftdf/db.fftdf.j2 +++ b/files/ff/db.ff.j2 @@ -1,15 +1,15 @@ -;; db.fftdf -;; Forwardlookupzone für .fftdf +;; db.ff +;; Forwardlookupzone für .ff ;; $TTL 600 -@ IN SOA fftdf. root.fftdf. ( +@ IN SOA ff. root.ff. ( 2015584544 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 3H ) ; NX (TTL Negativ Cache) -@ IN NS {{ sn_hostname }}.infra.fftdf. +@ IN NS {{ sn_hostname }}.infra.ff. IN A {{ sn_mesh_IPv4 }} IN AAAA {{ sn_mesh_IPv6 }} localhost IN A 127.0.0.1 diff --git a/files/ff/ff.conf b/files/ff/ff.conf new file mode 100644 index 0000000..c720df4 --- /dev/null +++ b/files/ff/ff.conf @@ -0,0 +1,6 @@ +// Zone declarations for Freifunk + +zone "ff" { + type master; + file "/etc/bind/ff/db.ff"; +}; diff --git a/files/fftdf/fftdf.conf b/files/fftdf/fftdf.conf deleted file mode 100644 index e94dfa6..0000000 --- a/files/fftdf/fftdf.conf +++ /dev/null @@ -1,6 +0,0 @@ -// Zone declarations for Freifunk Troisdorf - -zone "fftdf" { - type master; - file "/etc/bind/fftdf/db.fftdf"; -}; \ No newline at end of file diff --git a/files/hosts.example b/files/hosts.example new file mode 100644 index 0000000..6af41d7 --- /dev/null +++ b/files/hosts.example @@ -0,0 +1,164 @@ +# This is the default ansible 'hosts' file. +# +# It should live in /etc/ansible/hosts +# +# - Comments begin with the '#' character +# - Blank lines are ignored +# - Groups of hosts are delimited by [header] elements +# - You can enter hostnames or ip addresses +# - A hostname/ip can be a member of multiple groups + +# Ex 1: Ungrouped hosts, specify before any group headers. + +#green.example.com +#blue.example.com +#192.168.100.1 +#192.168.100.10 + +# Ex 2: A collection of hosts belonging to the 'webservers' group + +#[webservers] +#alpha.example.org +#beta.example.org +#192.168.1.100 +#192.168.1.110 + +# If you have multiple hosts following a pattern you can specify +# them like this: + +#www[001:006].example.com + +# Ex 3: A collection of database servers in the 'dbservers' group + +#[dbservers] +# +#db01.intranet.mydomain.net +#db02.intranet.mydomain.net +#10.25.1.56 +#10.25.1.57 + +# Here's another example of host ranges, this time there are no +# leading 0s: + +#db-[99:101]-node.example.com + + + +[freifunk_Lohmar] +82.165.139.113 ansible_ssh_port=2222 + +[freifunk] +46.4.138.180 ansible_ssh_port=2222 +46.4.138.181 ansible_ssh_port=2222 +46.4.138.182 ansible_ssh_port=2222 +46.4.138.183 ansible_ssh_port=2222 +46.4.138.188 ansible_ssh_port=22 +46.4.138.189 ansible_ssh_port=22 + +[freifunk_sn:children] +troisdorf4 +troisdorf5 +troisdorf6 +troisdorf7 + +[freifunk_sn_l2tp:children] +troisdorf4 +troisdorf5 +troisdorf6 +troisdorf7 + +[freifunk_sn:vars] +ansible_ssh_port=22 +ansible_ssh_user=root +sn_mtu=1312 +sn_l2tp_tb_port=53842 +sn_l2tp_tb_backup_port=53840 +sn_fqdn=freifunk-troisdorf.de +static_dhcp_repo=https://github.com/Freifunk-Troisdorf/static-dhcp.git +root_password_file=/home/localadmin/root_pwd.yml +slack_token_file=/home/localadmin/slack_token.yml + +[troisdorf4] +4.freifunk-troisdorf.de + +[troisdorf4:vars] +sn_number=4 +sn_hostname=troisdorf4 +sn_dhcp_range=10.188.8.0 10.188.15.254 +sn_mesh_IPv6=2a03:2260:121:4000::4 +sn_mesh_IPv6_net=2a03:2260:121:4000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:4000::2 +sn_mesh_IPv4=10.188.0.4 +sn_mesh_IPv4_brcast=10.188.31.255 +sn_mesh_IPv4_net=10.188.0.0 +sn_mesh_IPv4_xfer=10.188.0.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:04 +ul_mesh_MAC=a2:8c:ae:6f:f6:40 +sn_ffrl_IPv4=185.66.193.104 +sn_exit=1 +sn_interface_name=eth0 +yanic_domain=tdf + + +[troisdorf5] +5.fftdf.de + +[troisdorf5:vars] +sn_number=5 +sn_hostname=troisdorf5 +sn_dhcp_range=10.188.40.0 10.188.47.255 +sn_mesh_IPv6=2a03:2260:121:5000::5 +sn_mesh_IPv6_net=2a03:2260:121:5000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:5000::2 +sn_mesh_IPv4=10.188.32.5 +sn_mesh_IPv4_brcast=10.188.63.255 +sn_mesh_IPv4_net=10.188.32.0 +sn_mesh_IPv4_xfer=10.188.32.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:05 +ul_mesh_MAC=a2:8c:ae:6f:f6:50 +sn_ffrl_IPv4=185.66.193.105 +sn_exit=1 +sn_interface_name=eth0 +yanic_domain=inn + +[troisdorf6] +6.fftdf.de + +[troisdorf6:vars] +sn_number=6 +sn_hostname=troisdorf6 +sn_dhcp_range=10.188.72.0 10.188.79.255 +sn_mesh_IPv6=2a03:2260:121:6000::6 +sn_mesh_IPv6_net=2a03:2260:121:6000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:6000::2 +sn_mesh_IPv4=10.188.64.6 +sn_mesh_IPv4_brcast=10.188.95.255 +sn_mesh_IPv4_net=10.188.64.0 +sn_mesh_IPv4_xfer=10.188.64.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:06 +ul_mesh_MAC=a2:8c:ae:6f:f6:60 +sn_ffrl_IPv4=185.66.193.106 +sn_exit=1 +sn_interface_name=eth0 +yanic_domain=flu + +[troisdorf7] +7.fftdf.de + +[troisdorf7:vars] +sn_number=7 +sn_hostname=troisdorf7 +sn_dhcp_range=10.188.104.0 10.188.111.255 +sn_mesh_IPv6=2a03:2260:121:7000::7 +sn_mesh_IPv6_net=2a03:2260:121:7000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:7000::2 +sn_mesh_IPv4=10.188.96.7 +sn_mesh_IPv4_brcast=10.188.127.255 +sn_mesh_IPv4_net=10.188.96.0 +sn_mesh_IPv4_xfer=10.188.96.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:07 +ul_mesh_MAC=a2:8c:ae:6f:f6:70 +sn_ffrl_IPv4=185.66.193.107 +sn_local_exit=1 +sn_interface_name=ens18 +yanic_domain=evt diff --git a/files/interfaces-troisdorf4 b/files/interfaces-troisdorf4.j2 similarity index 83% rename from files/interfaces-troisdorf4 rename to files/interfaces-troisdorf4.j2 index 3784e32..ff9d7f1 100644 --- a/files/interfaces-troisdorf4 +++ b/files/interfaces-troisdorf4.j2 @@ -13,21 +13,21 @@ iface lo inet6 loopback # The primary network interface -allow-hotplug eth0 -iface eth0 inet static - address 212.129.50.141 +allow-hotplug {{ sn_interface_name }} +iface {{ sn_interface_name }} inet static + address 46.4.156.114 netmask 255.255.255.255 gateway 163.172.210.1 pointopoint 163.172.210.1 post-up iptables -P OUTPUT ACCEPT - post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP - post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP + post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE auto 6to4 iface 6to4 inet6 6to4 - local 212.129.50.141 + local 46.4.156.114 # GRE Tunnel zum Rheinland Backbone # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen @@ -37,7 +37,7 @@ auto gre-bb-a.ak.ber iface gre-bb-a.ak.ber inet static address 100.64.6.13 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.195.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -54,7 +54,7 @@ auto gre-bb-b.ak.ber iface gre-bb-b.ak.ber inet static address 100.64.6.19 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.195.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -72,7 +72,7 @@ auto gre-bb-a.ix.dus iface gre-bb-a.ix.dus inet static address 100.64.6.17 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.193.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -90,7 +90,7 @@ auto gre-bb-b.ix.dus iface gre-bb-b.ix.dus inet static address 100.64.6.23 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.193.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -107,7 +107,7 @@ auto gre-bb-a.fra3.f iface gre-bb-a.fra3.f inet static address 100.64.6.15 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.194.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -125,7 +125,7 @@ auto gre-bb-b.fra3.f iface gre-bb-b.fra3.f inet static address 100.64.6.21 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.194.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 diff --git a/files/interfaces-troisdorf5 b/files/interfaces-troisdorf5.j2 similarity index 79% rename from files/interfaces-troisdorf5 rename to files/interfaces-troisdorf5.j2 index fea611f..07ec939 100644 --- a/files/interfaces-troisdorf5 +++ b/files/interfaces-troisdorf5.j2 @@ -9,25 +9,25 @@ iface lo inet loopback up ip address add 185.66.193.105/32 dev lo iface lo inet6 loopback - up ip address add 203:2260:121:5000::105/52 dev lo + up ip address add 2a03:2260:121:5000::105/52 dev lo # The primary network interface -allow-hotplug eth0 -iface eth0 inet static - address 62.210.5.90 +allow-hotplug {{ sn_interface_name }} +iface {{ sn_interface_name }} inet static + address 46.4.156.115 netmask 255.255.255.255 gateway 163.172.210.1 pointopoint 163.172.210.1 post-up iptables -P OUTPUT ACCEPT - post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP - post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP + post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE auto 6to4 iface 6to4 inet6 6to4 - local 62.210.5.90 + local 46.4.156.115 # GRE Tunnel zum Rheinland Backbone # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen @@ -37,7 +37,7 @@ auto gre-bb-a.ak.ber iface gre-bb-a.ak.ber inet static address 100.64.2.151 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.195.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.195.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -54,7 +54,7 @@ auto gre-bb-b.ak.ber iface gre-bb-b.ak.ber inet static address 100.64.2.153 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.195.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.195.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -72,7 +72,7 @@ auto gre-bb-a.ix.dus iface gre-bb-a.ix.dus inet static address 100.64.2.155 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.193.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.193.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -90,7 +90,7 @@ auto gre-bb-b.ix.dus iface gre-bb-b.ix.dus inet static address 100.64.2.157 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.193.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.193.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 diff --git a/files/interfaces-troisdorf6 b/files/interfaces-troisdorf6.j2 similarity index 79% rename from files/interfaces-troisdorf6 rename to files/interfaces-troisdorf6.j2 index ceb6352..113874b 100644 --- a/files/interfaces-troisdorf6 +++ b/files/interfaces-troisdorf6.j2 @@ -13,25 +13,24 @@ iface lo inet6 loopback # The primary network interface -allow-hotplug eth0 -#iface eth0 inet dhcp -iface eth0 inet static - address 62.210.12.122 +allow-hotplug {{ sn_interface_name }} +iface {{ sn_interface_name }} inet static + address 46.4.156.116 netmask 255.255.255.255 gateway 163.172.210.1 pointopoint 163.172.210.1 post-up iptables -P OUTPUT ACCEPT - post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP - post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP + post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE auto 6to4 iface 6to4 inet6 6to4 - local 62.210.12.122 + local 46.4.156.116 post-up ip6tables -P OUTPUT ACCEPT - post-up ip6tables -A OUTPUT -o eth0 -d fc00::/7 -j DROP + post-up ip6tables -A OUTPUT -o $IFACE -d fc00::/7 -j DROP # GRE Tunnel zum Rheinland Backbone # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen @@ -41,7 +40,7 @@ auto gre-bb-a.ak.ber iface gre-bb-a.ak.ber inet static address 100.64.2.159 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.195.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.195.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -58,7 +57,7 @@ auto gre-bb-b.ak.ber iface gre-bb-b.ak.ber inet static address 100.64.2.161 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.195.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.195.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -76,7 +75,7 @@ auto gre-bb-a.ix.dus iface gre-bb-a.ix.dus inet static address 100.64.2.163 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.193.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.193.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -94,7 +93,7 @@ auto gre-bb-b.ix.dus iface gre-bb-b.ix.dus inet static address 100.64.2.165 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.193.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.193.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 diff --git a/files/interfaces-troisdorf7 b/files/interfaces-troisdorf7.j2 similarity index 90% rename from files/interfaces-troisdorf7 rename to files/interfaces-troisdorf7.j2 index 45ce4c5..214e566 100644 --- a/files/interfaces-troisdorf7 +++ b/files/interfaces-troisdorf7.j2 @@ -13,21 +13,20 @@ iface lo inet6 loopback # The primary network interface -allow-hotplug eth0 -iface eth0 inet static - address 212.83.154.70 - netmask 255.255.255.255 - gateway 163.172.42.1 - pointopoint 163.172.42.1 +allow-hotplug {{ sn_interface_name }} +iface {{ sn_interface_name }} inet static + address 93.241.53.100 + netmask 255.255.255.0 + gateway 93.241.53.1 post-up iptables -P OUTPUT ACCEPT - post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP - post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -auto 6to4 - iface 6to4 inet6 6to4 - local 212.83.154.70 + post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP + post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE +#auto 6to4 +# iface 6to4 inet6 6to4 +# local 212.83.154.70 # GRE Tunnel zum Rheinland Backbone # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen diff --git a/files/keepalive.exit.sh.j2 b/files/keepalive.exit.sh.j2 deleted file mode 100644 index 4e4ea3b..0000000 --- a/files/keepalive.exit.sh.j2 +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -while [ true ] ; do -#Check Tunneldigger Connections - if ! [ -d /opt/freifunk/tunneldigger_interfaces ]; then - mkdir /opt/freifunk/tunneldigger_interfaces - fi -#Remove old Interfaces - rm /opt/freifunk/tunneldigger_interfaces/* -#Create Interace files - for i in `/sbin/brctl show br-nodes | grep l2tp`; - do - touch /opt/freifunk/tunneldigger_interfaces/$i - done -#Remove wrong file - rm /opt/freifunk/tunneldigger_interfaces/no - rm /opt/freifunk/tunneldigger_interfaces/br-* - rm /opt/freifunk/tunneldigger_interfaces/8* - sleep 60 -done diff --git a/files/l2tp_backbone.sh.exit.j2 b/files/l2tp_backbone.sh.exit.j2 index 65f98bf..225743d 100644 --- a/files/l2tp_backbone.sh.exit.j2 +++ b/files/l2tp_backbone.sh.exit.j2 @@ -3,16 +3,9 @@ sleep 60 batctl=/usr/local/sbin/batctl ip=/sbin/ip -communitymacaddress="a2:8c:ae:6f:f6" +communitymacaddress="{{ communitymac }}" localserver=$(/bin/hostname) -communityname=troisdorf - -# L2tp to Map -$ip l2tp add tunnel remote 163.172.225.200 local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id {{ sn_number }}0 peer_tunnel_id 0{{ sn_number }} encap udp udp_sport 300{{ sn_number }}0 udp_dport 3000{{ sn_number }} -$ip l2tp add session name l2tp-map tunnel_id {{ sn_number }}0 session_id 1{{ sn_number }}0 peer_session_id 2{{ sn_number }}0 -$ip link set dev l2tp-map mtu 1312 -$ip link set up l2tp-map -$batctl if add l2tp-map +communityname={{ communityname }} # Rest Starten $ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 diff --git a/files/l2tp_broker-backup.cfg b/files/l2tp_broker-backup.cfg deleted file mode 100644 index debcd1d..0000000 --- a/files/l2tp_broker-backup.cfg +++ /dev/null @@ -1,51 +0,0 @@ -[broker] -; IP address the broker will listen and accept tunnels on -address={{ ansible_default_ipv4.address }} -; Ports where the broker will listen on -port={{ sn_l2tp_tb_backup_port }} -; Interface with that IP address -interface=eth0 -; Maximum number of cached cookies, required for establishing a -; session with the broker -max_cookies=1024 -; Maximum number of tunnels that will be allowed by the broker -max_tunnels=150 -; Tunnel port base -port_base=25000 -; Tunnel id base -tunnel_id_base=500 -; Tunnel timeout interval in seconds -tunnel_timeout=60 -; Should PMTU discovery be enabled -pmtu_discovery=false -; Namespace (for running multiple brokers); note that you must also -; configure disjunct ports, and tunnel identifiers in order for -; namespacing to work -namespace=backup - -[log] -; Log filename -filename=/var/log/tunneldigger-broker-backup.log -; Verbosity -verbosity=DEBUG -; Should IP addresses be logged or not -log_ip_addresses=false - -[hooks] -; Arguments to the session.{up,pre-down,down} hooks are as follows: -; -; -; -; Arguments to the session.mtu-changed hook are as follows: -; -; -; - -; Called after the tunnel interface goes up -session.up=/srv/tunneldigger/bataddif.sh -; Called just before the tunnel interface goes down -session.pre-down=/srv/tunneldigger/batdelif.sh -; Called after the tunnel interface goes down -session.down= -; Called after the tunnel MTU gets changed because of PMTU discovery -session.mtu-changed= diff --git a/files/l2tp_broker.cfg b/files/l2tp_broker.cfg index 8060e21..d38104e 100644 --- a/files/l2tp_broker.cfg +++ b/files/l2tp_broker.cfg @@ -4,7 +4,7 @@ address={{ ansible_default_ipv4.address }} ; Ports where the broker will listen on port={{ sn_l2tp_tb_port }} ; Interface with that IP address -interface=eth0 +interface={{ sn_interface_name }} ; Maximum number of cached cookies, required for establishing a ; session with the broker max_cookies=1024 @@ -21,7 +21,19 @@ pmtu_discovery=false ; Namespace (for running multiple brokers); note that you must also ; configure disjunct ports, and tunnel identifiers in order for ; namespacing to work -namespace=troisdorf +namespace={{ communityname }} + +; Reject connections if there are less than N seconds since the last connection. +; Can be less than a second (e.g., 0.1). +connection_rate_limit=2 + +; Set PMTU to a fixed value. Use 0 for automatic PMTU discovery. A non-0 value also disables +; PMTU discovery on the client side, by having the server not respond to client-side PMTU +; discovery probes. +pmtu=0 + +; The batman device of this Hood (e.g. bat2) +batdev=bat0 [log] ; Log filename diff --git a/files/named.conf.local b/files/named.conf.local index db75b20..09a1335 100644 --- a/files/named.conf.local +++ b/files/named.conf.local @@ -6,5 +6,5 @@ // organization //include "/etc/bind/zones.rfc1918"; -// Include Freifunk Troisdorf (fftdf) zones -include "/etc/bind/fftdf/fftdf.conf"; \ No newline at end of file +// Include Freifunk (ff) zones +include "/etc/bind/ff/ff.conf"; diff --git a/files/root_pwd.yml.example b/files/root_pwd.yml.example new file mode 100644 index 0000000..f7fc8a5 --- /dev/null +++ b/files/root_pwd.yml.example @@ -0,0 +1 @@ +sn_rootpasswd: xyz diff --git a/files/slack_token.yml.example b/files/slack_token.yml.example new file mode 100644 index 0000000..06980a3 --- /dev/null +++ b/files/slack_token.yml.example @@ -0,0 +1 @@ +slack_token: "XYZ" diff --git a/files/slacktee.conf b/files/slacktee.conf deleted file mode 100644 index 375e2ac..0000000 --- a/files/slacktee.conf +++ /dev/null @@ -1,13 +0,0 @@ -# ---------- -# Configuration -# Describes the Incoming Webhook allowing you to post messages into Slack. -# After the configuration, copy this file to /etc or your home directory. -# NOTE : Please rename this file to '.slacktee', if you'd like to place this in your home directory. -# ---------- -webhook_url="https://hooks.slack.com/services/{{ slack_token }}" # Incoming Webhooks integration URL. See https://my.slack.com/services/new/incoming-webhook -upload_token="" # The user's API authentication token, only used for file uploads. See https://api.slack.com/#auth -channel="technik" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'. -tmp_dir="/tmp" # Temporary file is created in this directory. -username="slacktee" # Default username to post messages. -icon="ghost" # Default emoji or a direct url to an image to post messages. You don't have to wrap emoji with ':'. See http://www.emoji-cheat-sheet.com. -attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used. diff --git a/files/sn_startup.exit.sh.j2 b/files/sn_startup.exit.sh.j2 index 51ce325..040bc3c 100644 --- a/files/sn_startup.exit.sh.j2 +++ b/files/sn_startup.exit.sh.j2 @@ -1,6 +1,8 @@ #!/bin/sh # Version 1.91 +sleep 5 + curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} # Activate IP forwarding @@ -34,11 +36,23 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", /sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP /usr/local/sbin/batctl if add br-nodes -sleep 5 - -#Stop all Services - Started from keepalive.sh -/bin/systemctl stop radvd -/bin/systemctl stop tunneldigger -/bin/systemctl stop bird -/bin/systemctl stop bird6 +/bin/sleep 90 +/bin/systemctl restart radvd +/bin/sleep 2 +/bin/systemctl retsrat tunneldigger +/bin/sleep 2 +/bin/systemctl restart bird +/bin/sleep 2 +/bin/systemctl restart bird6 +/bin/sleep 2 +/bin/systemctl restart respondd +/bin/sleep 2 +/bin/systemctl stop isc-dhcp-server +/bin/sleep 2 +/usr/bin/killall dhcpd +/bin/sleep 2 +/bin/rm /var/run/dhcpd.pid +/bin/sleep 2 +/bin/systemctl start isc-dhcp-server exit 0 + diff --git a/files/sn_startup.local.exit.sh.j2 b/files/sn_startup.local.exit.sh.j2 new file mode 100644 index 0000000..7ea1f2d --- /dev/null +++ b/files/sn_startup.local.exit.sh.j2 @@ -0,0 +1,57 @@ +#!/bin/sh +# Version 1.91 + +sleep 5 + +curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} + +# Activate IP forwarding +/sbin/sysctl -w net.ipv6.conf.all.forwarding=1 +/sbin/sysctl -w net.ipv4.ip_forward=1 + +# restart when kernel panic +/sbin/sysctl kernel.panic=1 + +# Routing table 42 +/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables + +# Set table for traffice with mark 4 +/bin/ip rule add fwmark 0x4 table 42 +/bin/ip -6 rule add fwmark 0x4 table 42 + +# Set mark 4 to Freifunk traffic +#/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 +#/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4 + +# All from FF IPv4 via routing table 42 +#/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42 +#/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42 + +# Allow MAC address spoofing +/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 + +# Create Tunneldigger Bridge +/sbin/brctl addbr br-nodes +/sbin/ip link set dev br-nodes up address 2E:9D:FA:A1:6B:0{{ sn_number }} +/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP +/usr/local/sbin/batctl if add br-nodes + +/bin/sleep 90 +/bin/systemctl restart radvd +/bin/sleep 2 +/bin/systemctl retsrat tunneldigger +/bin/sleep 2 +/bin/systemctl restart bird +/bin/sleep 2 +/bin/systemctl restart bird6 +/bin/sleep 2 +/bin/systemctl restart respondd +/bin/sleep 2 +/bin/systemctl stop isc-dhcp-server +/bin/sleep 2 +/usr/bin/killall dhcpd +/bin/sleep 2 +/bin/rm /var/run/dhcpd.pid +/bin/sleep 2 +/bin/systemctl start isc-dhcp-server +exit 0 diff --git a/files/start-broker-backup.sh b/files/start-broker-backup.sh deleted file mode 100644 index 8f05c33..0000000 --- a/files/start-broker-backup.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -WDIR=/srv/tunneldigger -VIRTUALENV_DIR=/srv/tunneldigger - -cd $WDIR -source $VIRTUALENV_DIR/bin/activate - -bin/python broker/l2tp_broker.py l2tp_broker-backup.cfg diff --git a/files/start-broker.sh b/files/start-broker.sh index 22450e0..86c0837 100644 --- a/files/start-broker.sh +++ b/files/start-broker.sh @@ -1,9 +1,11 @@ #!/bin/bash -WDIR=/srv/tunneldigger -VIRTUALENV_DIR=/srv/tunneldigger +WDIR=/srv/tunneldigger/env_tunneldigger +VIRTUALENV_DIR=/srv/tunneldigger/env_tunneldigger cd $WDIR source $VIRTUALENV_DIR/bin/activate -bin/python broker/l2tp_broker.py l2tp_broker.cfg +$VIRTUALENV_DIR/bin/python -m tunneldigger_broker.main ../l2tp_broker.cfg +#bin/python broker/l2tp_broker.py ../l2tp_broker.cfg + diff --git a/files/supernode b/files/supernode deleted file mode 100644 index 19a8b28..0000000 --- a/files/supernode +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash -help () { -echo "Supernode Settings:" -echo "status | off | on" -} - -status () { - supernode_status=$(/bin/cat /etc/supernode-status/supernode.status) - supernode_mode=$(/bin/cat /etc/supernode-status/supernode.mode) - - echo -e "\nSupernode Status: (Ist-Zustand)" - if [ $supernode_status == 0 ]; then - echo "Supernode ist Abgeschaltet" - elif [ $supernode_status == 1 ]; then - echo "Supernode läuft (Automatik inkl. Backup)" - elif [ $supernode_status == 2 ]; then - echo "Supernode läuft (Backup Netz Aktiv)" - elif [ $supernode_status == 3 ]; then - echo "Supernode läuft (Backup deaktiviert)" - fi - echo -e "\nSupernode Status: (Soll-Zustand)" - if [ $supernode_mode == 0 ]; then - echo "Supernode ist Abgeschaltet" - elif [ $supernode_mode == 1 ]; then - echo "Supernode läuft (Automatik inkl. Backup)" - elif [ $supernode_mode == 2 ]; then - echo "Supernode läuft (Backup Netz Aktiv)" - elif [ $supernode_mode == 3 ]; then - echo "Supernode läuft (Backup deaktiviert)" - fi - echo -e "\nService Status" - for service in bird bird6 dhcpd radvd python named - do - if [ "$(/bin/cat /etc/supernode-status/$service.status)" = "1" ]; then - echo -e "$service läuft" - else - echo -e "$service aus" - fi - done -} - -off () { - echo 0 > /etc/supernode-status/supernode.mode - /usr/sbin/service tunneldigger stop - /usr/sbin/service bind9 stop - /usr/sbin/service bird stop - /usr/sbin/service bird6 stop - /usr/sbin/service isc-dhcp-server stop - /usr/sbin/service radvd stop - /usr/local/sbin/batctl gw off - echo "Supernode Aus" -} - -on () { - echo 1 > /etc/supernode-status/supernode.mode - /usr/sbin/service tunneldigger restart - /usr/sbin/service bind9 restart - /usr/sbin/service bird restart - /usr/sbin/service bird6 restart - /usr/sbin/service isc-dhcp-server restart - /usr/sbin/service radvd restart - /usr/local/sbin/batctl gw server 100Mbit/100Mbit - echo "Supernode An" -} -$1 diff --git a/files/tunneldigger-backup.service b/files/tunneldigger-backup.service deleted file mode 100644 index afa351b..0000000 --- a/files/tunneldigger-backup.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description = Start tunneldigger L2TPv3 broker -After = network.target - -[Service] -ExecStart = /srv/tunneldigger/start-broker-backup.sh - -[Install] -WantedBy = multi-user.target diff --git a/files/yanic.conf.j2 b/files/yanic.conf.j2 new file mode 100644 index 0000000..2ca74e3 --- /dev/null +++ b/files/yanic.conf.j2 @@ -0,0 +1,199 @@ +# This is the config file for Yanic written in "Tom's Obvious, Minimal Language." +# syntax: https://github.com/toml-lang/toml +# (if you need somethink multiple times, checkout out the [[array of table]] section) + +# Send respondd request to update information +[respondd] +enable = true +# Delay startup until a multiple of the period since zero time +synchronize = "1m" +# how often request per multicast +collect_interval = "1m" + +[[respondd.interfaces]] +# name of interface on which this collector is running +ifname = "bat0" +# ip address which is used for sending +# (optional - without definition used a address of ifname - prefered link local) +#ip_address = "fd2f:5119:f2d::5" +# disable sending multicast respondd request +# (for receiving only respondd packages e.g. database respondd) +#send_no_request = false +# multicast address to destination of respondd +# (optional - without definition used default ff05::2:1001) +#multicast_address = "ff02::2:1001" +# define a port to listen +# if not set or set to 0 the kernel will use a random free port at its own +#port = 10001 + +# A little build-in webserver, which statically serves a directory. +# This is useful for testing purposes or for a little standalone installation. +[webserver] +enable = true +bind = "0.0.0.0:80" +webroot = "/opt/freifunk/yanic/" + + +[nodes] +# Cache file +# a json file to cache all data collected directly from respondd +state_path = "/var/lib/yanic/state.json" +# prune data in RAM, cache-file and output json files (i.e. nodes.json) +# that were inactive for longer than +prune_after = "7d" +# Export nodes and graph periodically +save_interval = "5s" +# Set node to offline if not seen within this period +offline_after = "10m" + + +## [[nodes.output.example]] +# Each output format has its own config block and needs to be enabled by adding: +#enable = true +# +# For each output format there can be set different filters +#[nodes.output.example.filter] +# +# WARNING: if it is not set, it will publish contact information of other persons +# Set to true, if you did not want the json files to contain the owner information +#no_owner = true +# +# List of nodeids of nodes that should be filtered out, so they won't appear in output +#blacklist = ["00112233445566", "1337f0badead"] +# +# List of site_codes of nodes that should be included in the output +#sites = ["ffhb"] +# +# set has_location to true if you want to include only nodes that have geo-coordinates set +# (setting this to false has no sensible effect, unless you'd want to hide nodes that have coordinates) +#has_location = true + + +#[respondd.sites.fftdf] +#domains = ["tdf-tdf"] + +#[nodes.output.meshviewer-ffrgb.filter] +#no_owner = true +#blacklist = [] +#sites = ["flu","tdf","inn"] + + + + +#[nodes.output.example.filter.in_area] +# nodes outside this area are not shown on the map but are still listed as a node without coordinates +#latitude_min = 34.30 +#latitude_max = 71.85 +#longitude_min = -24.96 +#longitude_max = 39.72 + + +# definition for the new more compressed meshviewer.json +[[nodes.output.meshviewer-ffrgb]] +enable = true +path = "/opt/freifunk/yanic/meshviewer.json" + +[nodes.output.meshviewer-ffrgb.filter] +# WARNING: if it is not set, it will publish contact information of other persons +no_owner = false +#blacklist = ["00112233445566", "1337f0badead"] +#sites = ["ffhb"] +#has_location = true + +#[nodes.output.meshviewer-ffrgb.filter.in_area] +#latitude_min = 34.30 +#latitude_max = 71.85 +#longitude_min = -24.96 +#longitude_max = 39.72 + + +# definition for nodes.json +[[nodes.output.meshviewer]] +enable = true +# The structure version of the output which should be generated (i.e. nodes.json) +# version 1 is accepted by the legacy meshviewer (which is the master branch) +# i.e. https://github.com/ffnord/meshviewer/tree/master +# version 2 is accepted by the new versions of meshviewer (which are in the legacy develop branch or newer) +# i.e. https://github.com/ffnord/meshviewer/tree/dev +# https://github.com/ffrgb/meshviewer/tree/develop +version = 2 +# path where to store nodes.json +nodes_path = "/opt/freifunk/yanic/nodes.json" +# path where to store graph.json +graph_path = "/opt/freifunk/yanic/graph.json" + +[nodes.output.meshviewer.filter] +# WARNING: if it is not set, it will publish contact information of other persons +no_owner = false + + +# definition for nodelist.json +[[nodes.output.nodelist]] +enable = true +path = "/opt/freifunk/yanic/nodelist.json" + +[nodes.output.nodelist.filter] +# WARNING: if it is not set, it will publish contact information of other persons +no_owner = false + + + +[database] +# this will send delete commands to the database to prune data +# which is older than: +delete_after = "7d" +# how often run the cleaning +delete_interval = "1h" + +## [[database.connection.example]] +# Each database-connection has its own config block and needs to be enabled by adding: +#enable = true + +# Save collected data to InfluxDB. +# There are the following measurments: +# node: store node specific data i.e. clients memory, airtime +# global: store global data, i.e. count of clients and nodes +# firmware: store the count of nodes tagged with firmware +# model: store the count of nodes tagged with hardware model +[[database.connection.influxdb]] +enable = true +address = "http://195.201.17.16:8886" +database = "freifunk" +username = "freifunk" +password = "dude1990" + +# Tagging of the data (optional) +[database.connection.influxdb.tags] +# Tags used by Yanic would override the tags from this config +# nodeid, hostname, owner, model, firmware_base, firmware_release,frequency11g and frequency11a are tags which are already used +#tagname1 = "tagvalue 1" +# some useful e.g.: +#system = "productive" +#site = "ffhb" + +# Graphite settings +[[database.connection.graphite]] +enable = false +address = "localhost:2003" +# Graphite is replacing every "." in the metric name with a slash "/" and uses +# that for the file system hierarchy it generates. it is recommended to at least +# move the metrics out of the root namespace (that would be the empty prefix). +# If you only intend to run one community and only freifunk on your graphite node +# then the prefix can be set to anything (including the empty string) since you +# probably wont care much about "polluting" the namespace. +prefix = "freifunk" + +# respondd (yanic) +# forward collected respondd package to a address +# (e.g. to another respondd collector like a central yanic instance or hopglass) +[[database.connection.respondd]] +enable = false +# type of network to create a connection +type = "udp6" +# destination address to connect/send respondd package +address = "stats.bremen.freifunk.net:11001" + +# Logging +[[database.connection.logging]] +enable = false +path = "/var/log/yanic.log" \ No newline at end of file diff --git a/hosts b/hosts new file mode 100644 index 0000000..8441572 --- /dev/null +++ b/hosts @@ -0,0 +1,161 @@ +# This is the default ansible 'hosts' file. +# +# It should live in /etc/ansible/hosts +# +# - Comments begin with the '#' character +# - Blank lines are ignored +# - Groups of hosts are delimited by [header] elements +# - You can enter hostnames or ip addresses +# - A hostname/ip can be a member of multiple groups + +# Ex 1: Ungrouped hosts, specify before any group headers. + +#green.example.com +#blue.example.com +#192.168.100.1 +#192.168.100.10 + +# Ex 2: A collection of hosts belonging to the 'webservers' group + +#[webservers] +#alpha.example.org +#beta.example.org +#192.168.1.100 +#192.168.1.110 + +# If you have multiple hosts following a pattern you can specify +# them like this: + +#www[001:006].example.com + +# Ex 3: A collection of database servers in the 'dbservers' group + +#[dbservers] +# +#db01.intranet.mydomain.net +#db02.intranet.mydomain.net +#10.25.1.56 +#10.25.1.57 + +# Here's another example of host ranges, this time there are no +# leading 0s: + +#db-[99:101]-node.example.com + + +[freifunk] +#46.4.138.180 ansible_ssh_port=2222 +#46.4.138.181 ansible_ssh_port=2222 +#46.4.138.182 ansible_ssh_port=2222 +#46.4.138.183 ansible_ssh_port=2222 +#46.4.138.188 ansible_ssh_port=22 +#46.4.138.189 ansible_ssh_port=22 + +[freifunk_sn:children] +troisdorf4 +troisdorf5 +troisdorf6 +troisdorf7 + +#[freifunk_sn_l2tp:children] +#troisdorf4 +#troisdorf5 +#troisdorf6 +#troisdorf7 + +[freifunk_sn:vars] +ansible_ssh_port=22 +ansible_ssh_user=root +sn_mtu=1312 +sn_l2tp_tb_port=53842 +sn_fqdn=freifunk-troisdorf.de +static_dhcp_repo=https://github.com/Freifunk-Troisdorf/static-dhcp.git +root_password_file=/home/localadmin/root_pwd.yml +slack_token_file=/home/localadmin/slack_token.yml +communitymac=a2:8c:ae:6f:f6 +communityname=troisdorf + +[troisdorf4] +4.freifunk-troisdorf.de + +[troisdorf4:vars] +sn_number=4 +sn_hostname=troisdorf4 +sn_dhcp_range=10.188.8.0 10.188.15.254 +sn_mesh_IPv6=2a03:2260:121:4000::4 +sn_mesh_IPv6_net=2a03:2260:121:4000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:4000::2 +sn_mesh_IPv4=10.188.0.4 +sn_mesh_IPv4_brcast=10.188.31.255 +sn_mesh_IPv4_net=10.188.0.0 +sn_mesh_IPv4_xfer=10.188.0.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:04 +ul_mesh_MAC=a2:8c:ae:6f:f6:40 +sn_ffrl_IPv4=185.66.193.104 +sn_exit=1 +sn_interface_name=eth0 +yanic_domain=tdf + + +[troisdorf5] +5.fftdf.de + +[troisdorf5:vars] +sn_number=5 +sn_hostname=troisdorf5 +sn_dhcp_range=10.188.40.0 10.188.47.255 +sn_mesh_IPv6=2a03:2260:121:5000::5 +sn_mesh_IPv6_net=2a03:2260:121:5000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:5000::2 +sn_mesh_IPv4=10.188.32.5 +sn_mesh_IPv4_brcast=10.188.63.255 +sn_mesh_IPv4_net=10.188.32.0 +sn_mesh_IPv4_xfer=10.188.32.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:05 +ul_mesh_MAC=a2:8c:ae:6f:f6:50 +sn_ffrl_IPv4=185.66.193.105 +sn_exit=1 +sn_interface_name=eth0 +yanic_domain=inn + +[troisdorf6] +6.fftdf.de + +[troisdorf6:vars] +sn_number=6 +sn_hostname=troisdorf6 +sn_dhcp_range=10.188.72.0 10.188.79.255 +sn_mesh_IPv6=2a03:2260:121:6000::6 +sn_mesh_IPv6_net=2a03:2260:121:6000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:6000::2 +sn_mesh_IPv4=10.188.64.6 +sn_mesh_IPv4_brcast=10.188.95.255 +sn_mesh_IPv4_net=10.188.64.0 +sn_mesh_IPv4_xfer=10.188.64.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:06 +ul_mesh_MAC=a2:8c:ae:6f:f6:60 +sn_ffrl_IPv4=185.66.193.106 +sn_exit=1 +sn_interface_name=eth0 +yanic_domain=flu + +[troisdorf7] +7.fftdf.de + +[troisdorf7:vars] +sn_number=7 +sn_hostname=troisdorf7 +sn_dhcp_range=10.188.104.0 10.188.111.255 +sn_mesh_IPv6=2a03:2260:121:7000::7 +sn_mesh_IPv6_net=2a03:2260:121:7000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:7000::2 +sn_mesh_IPv4=10.188.96.7 +sn_mesh_IPv4_brcast=10.188.127.255 +sn_mesh_IPv4_net=10.188.96.0 +sn_mesh_IPv4_xfer=10.188.96.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:07 +ul_mesh_MAC=a2:8c:ae:6f:f6:70 +sn_ffrl_IPv4=185.66.193.107 +sn_local_exit=1 +sn_interface_name=ens18 +yanic_domain=evt diff --git a/install.sn.yml b/install.sn.yml index 931c20e..dd5acdf 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -3,14 +3,13 @@ # ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y" - name: Install Freifunk Troisdorf super node -# hosts: FreifunkSupernodesL2TP - hosts: '{{ target }}' + hosts: all sudo: False user: root gather_facts: False vars: - snversion: master_v3.0.16 - batmanversion: v2017.4 +# Internal verion number + snversion: 2019_v3.1.7 common_required_packages: - git - make @@ -21,7 +20,6 @@ - libnl-3-dev - libjansson-dev - isc-dhcp-server - - collectd - libcap-dev - iproute - libnetfilter-conntrack3 @@ -43,7 +41,13 @@ - ntp - libnl-genl-3-dev - virtualenv - - linux-image-extra-4.4.0-127-generic + - batman-adv + - batctl + - libffi-dev + - libnetfilter-conntrack-dev + - libnfnetlink-dev + - speedtest-cli + - ethtool modules_required: - batman-adv - nf_conntrack_netlink @@ -54,33 +58,40 @@ - l2tp_eth tunneldigger_scripts: - start-broker.sh - - start-broker-backup.sh - batdelif.sh tunneldigger_service: - tunneldigger.service - - tunneldigger-backup.service + respondd_service: + - respondd_service broker_cfg: - - l2tp_broker-backup.cfg - l2tp_broker.cfg -# bind_zone_fftdf: -# - named.conf.fftdf - check_gw_script: - - keepalive.sh authorized_keys: - authorized_keys logrotate_config: - logrotate.conf - supernode_config: - - supernode.mode - - loadbalancing.mode tasks: - name: Remove cdrom in sources.list raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list" - name: Make this server ansible compatible - raw: "apt-get update && apt-get install python -y" -# - name: Add backport repo to source list #target: /etc/apt/sources.list.d -# apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present + raw: "apt-get update && apt-get install python apt-transport-https dirmngr -y" + - name: Adding Freifuck GPG Key + raw: "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B2522557E6AB9BF5" +# apt_key: +# id: B2522557E6AB9BF5 +# url: https://keyserver.ubuntu.com +# url: https://pool.sks-keyservers.net +# url: https://sks.pod01.fleetstreetops.com +# state: present + + - name: Import Slack token + include_vars: "{{ slack_token_file }}" + - name: Import root password + include_vars: "{{ root_password_file }}" + - name: Add Freifuck repo to source list + apt_repository: repo='deb https://freifuck.de/debian stretch main' state=present + - name: Add backport repo to source list + apt_repository: repo='deb http://http.debian.net/debian stretch-backports main' state=present - name: Update apt cache apt: update_cache=yes - name: Gathering facts @@ -93,14 +104,14 @@ - name: set hostname hostname: name='{{ sn_hostname }}' register: sethostname - - name: disable multi CPU Kernel (SMP) + - name: disable multi CPU Kernel (SMP) # Batman don not like SMP lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present register: grubnosmp - name: Update grub shell: update-grub2 when: grubnosmp.changed - name: Reboot the server - shell: sleep 2 && shutdown -r now "Ansible updates triggered" + shell: sleep 2 && shutdown -r now "Ansible updates triggered, no SMP" async: 1 poll: 0 ignore_errors: true @@ -114,125 +125,59 @@ timeout=300 when: hosts.changed when: sethostname.changed - - apt: update_cache=yes - name: Install common required packages - apt: state=installed pkg={{ item }} - with_items: common_required_packages + apt: + name: "{{ item }}" + state: present + update_cache: yes + with_items: "{{ common_required_packages }}" register: aptupdates - name: Set clock shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start -# - name: Add modules -# lineinfile: dest=/etc/modules line={{ item }} -# with_items: modules_required -# register: modules_req -# - name: Load modules -# modprobe: name={{ item }} -# with_items: modules_required -# when: modules_req.changed - - name: Install Linux headers - shell: > - apt-get install linux-headers-$(uname -r) -y - when: aptupdates.changed - - name: Get batman-adv - git: repo=https://git.open-mesh.org/batman-adv.git - dest=/tmp/batman-adv - when: aptupdates.changed - register: getbatman -# - name: Get batman-adv no rebrotcast patch -# get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch -# when: getbatman.changed - - name: Install batman-adv - shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install -# shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install - when: getbatman.changed - - name: Get batctl - git: repo=http://git.open-mesh.org/batctl.git - dest=/tmp/batctl - when: aptupdates.changed - register: getbatctl - - name: Install batctl - shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install - when: getbatctl.changed - name: Get Tunneldigger -# git: repo=https://github.com/wlanslovenija/tunneldigger.git - git: repo=https://github.com/ffrl/tunneldigger.git - dest=/srv/tunneldigger + git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger register: tunneldigger when: aptupdates.changed - name: Configure tunneldigger - command: "{{item}}" - with_items: - - virtualenv /srv/tunneldigger/ -p python2.7 - when: tunneldigger.changed - - name: Tunneldigger requirements - pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/ + raw: "cd /srv/tunneldigger && virtualenv env_tunneldigger && source env_tunneldigger/bin/activate && cd broker && python setup.py install" when: tunneldigger.changed - name: Copy l2tp broker config template template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444 - with_items: broker_cfg + with_items: "{{ broker_cfg }}" when: tunneldigger.changed - name: Copy tunneldigger script template template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500 when: tunneldigger.changed - name: Copy tunneldigger scripts copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500 - with_items: tunneldigger_scripts + with_items: "{{ tunneldigger_scripts }}" when: tunneldigger.changed - name: Copy tunneldigger service template copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444 - with_items: tunneldigger_service + with_items: "{{ tunneldigger_service }}" when: tunneldigger.changed -########## - name: Add modules lineinfile: dest=/etc/modules line={{ item }} - with_items: modules_required + with_items: "{{ modules_required }}" register: modules_req - - name: Load modules - modprobe: name={{ item }} - with_items: modules_required - when: modules_req.changed -######### - name: Tunneldigger reload command: "{{item}}" with_items: - systemctl daemon-reload - systemctl enable tunneldigger.service - - systemctl enable tunneldigger-backup.service when: tunneldigger.changed - name: Copy logrotate config copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 - with_items: logrotate_config + with_items: "{{logrotate_config}}" - name: Create freifunk directory file: path=/opt/freifunk state=directory mode=0755 - - name: Create keepalive directory - file: path=/etc/supernode-status state=directory mode=0755 - - name: Create supernode config files - file: path=/etc/supernode-status/{{ item }} state=touch owner=root group=root mode=0644 - with_items: supernode_config - - name: Supernode set default mode - lineinfile: dest=/etc/supernode-status/{{ item }} regexp=^0 line=0 - with_items: supernode_config - - name: Check gateway / keepalive script supernode - copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 - with_items: check_gw_script - register: check_gw - when: sn_exit is undefined - - name: Check gateway / keepalive script super- and exitnode - template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500 - register: check_gw - when: sn_exit is defined - - name: Add cron job with check gateway script - cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root" - when: check_gw.changed - - name: Supernode Config script super- and exitnode - copy: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500 - when: sn_exit is defined - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 register: dhcpd + - name: Copy dhcpd6 template file + template: src=./files/dhcpd6.conf.j2 dest=/etc/dhcp/dhcpd6.conf owner=root group=root mode=0444 - name: Clone static DHCP config - git: repo=https://github.com/Freifunk-Troisdorf/static-dhcp - dest=/opt/freifunk/static-dhcp + git: repo="{{ static_dhcp_repo }}" dest=/opt/freifunk/static-dhcp when: dhcpd.changed - name: Add cron static DHCP cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh" @@ -245,64 +190,75 @@ cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" - name: Add cron startup script cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" - - name: Copy backbone script - template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 - when: sn_exit is undefined - name: Copy backbone script template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 - when: sn_exit is defined - - name: Collectd template file - template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 - register: collectd - - name: Restart collectd - service: name=collectd state=restarted - when: collectd.changed - - name: configure startup script supernode - template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 - when: sn_exit is undefined - name: Exit node startup script super- and exitnode template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 when: sn_exit is defined + - name: Exit node startup script super- and exitnode + template: src=./files/sn_startup.local.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 + when: sn_local_exit is defined - name: SSH authorized_keys copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 - with_items: authorized_keys - - name: Bind9, activate fftdf zone - lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/fftdf/fftdf.conf";' state=present + with_items: "{{ authorized_keys }}" + - name: Bind9, activate ff zone + lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/ff/ff.conf";' state=present - name: Copy option template template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 - - name: Create fftdf directory - file: path=/etc/bind/fftdf state=directory - - name: Copy FFTDF Zones - copy: src=./files/fftdf/{{ item }} dest=/etc/bind/fftdf/{{ item }} owner=root group=bind mode=644 + - name: Create ff directory + file: path=/etc/bind/ff state=directory + - name: Copy FF Zones + copy: src=./files/ff/{{ item }} dest=/etc/bind/ff/{{ item }} owner=root group=bind mode=644 with_items: - - fftdf.conf - - name: Copy fftdf Zone config template - template: src=./files/fftdf/db.fftdf.j2 dest=/etc/bind/fftdf/db.fftdf owner=radvd group=root mode=0444 + - ff.conf + - name: Copy ff Zone config template + template: src=./files/ff/db.ff.j2 dest=/etc/bind/ff/db.ff owner=bind group=root mode=0444 - name: Copy radvd config template template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 - name: Interface configuration with ffrl gre tunnel - copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544 - when: sn_exit is defined + template: src=./files/interfaces-{{ sn_hostname }}.j2 dest=/etc/network/interfaces owner=root group=root mode=0544 - apt: update_cache=yes - name: Install bird - apt: state=installed pkg=bird - when: sn_exit is defined + apt: state=present pkg=bird - name: Bird configuration copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444 - when: sn_exit is defined - name: Bird configuration copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444 - when: sn_exit is defined - - name: Get speedtest-cli - get_url: url=https://raw.githubusercontent.com/MightySCollins/speedtest-cli/master/speedtest_cli.py dest=/usr/bin/speedtest-cli - - name: Change rights speedtest-cli - file: path=/usr/bin/speedtest-cli owner=root group=root mode=0755 + - name: Create Yanic user + user: + name: yanic + comment: "Yanic service user" + - name: Create Yanic folder + file: path=/opt/freifunk/yanic state=directory mode=0755 owner=yanic group=yanic + - name: Copy Yanic config template + template: src=./files/yanic.conf.j2 dest=/etc/yanic.conf owner=yanic group=yanic mode=0444 + - name: Shit go stuff + shell: cd /usr/local && wget wget https://dl.google.com/go/go1.13.1.linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz && tar xvf go-release-linux-amd64.tar.gz && rm go-release-linux-amd64.tar.gz + - name: Adjust path for go + lineinfile: + dest: /root/.bashrc + line: "{{ item }}" + with_items: + - export GOPATH=/opt/go + - export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin + - name: Compile go + shell: go get -v -u github.com/Freifunk-Troisdorf/yanic + - name: Copy and enable yanic service + shell: cp /opt/go/src/github.com/Freifunk-Troisdorf/yanic/contrib/init/linux-systemd/yanic.service /lib/systemd/system/yanic.service && systemctl daemon-reload && systemctl enable yanic + - name: Get respondd + git: repo=https://github.com/Freifunk-Troisdorf/mesh-announce.git dest=/opt/mesh-announce + - name: Copy respondd service template + shell: cp /opt/mesh-announce/respondd.service /etc/systemd/system + - name: Enable respondd service + shell: systemctl daemon-reload && systemctl enable respondd - name: Copy Slacktee Config template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544 - name: Copy Slacktee copy: src=./files/slacktee.sh dest=/usr/local/bin/slacktee.sh owner=root group=root mode=0744 - name: set netfilter rules - lineinfile: dest=/etc/sysctl.conf line="{{ item }}" + lineinfile: + dest: /etc/sysctl.conf + line: "{{ item }}" with_items: - net.ipv4.netfilter.ip_conntrack_generic_timeout = 240 - net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000 @@ -315,18 +271,20 @@ when: modprobe1.stat.exists == False - name: check /etc/modprobe.conf lineinfile: dest=/etc/modprobe.conf line="options ip_conntrack hashsize=65536" + - name: Change root password + user: + name: root + password: "{{ sn_rootpasswd }}" + - name: Logrotate rights + file: path=/etc/logrotate.conf mode=0644 owner=root group=root + - name: Wirte version information + shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version - name: Reboot the server finally shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 poll: 0 ignore_errors: true when: tunneldigger.changed - - name: Logrotate rights - file: path=/etc/logrotate.conf mode=0644 owner=root group=root - - name: Change root password - user: name=root password={{ sn_rootpasswd }} - - name: Wirte version information - shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version - name: waiting for server to come back local_action: wait_for