From 33730decce9934a6c82664d9e12b24b7c7baecbd Mon Sep 17 00:00:00 2001 From: Freifunk Troisdorf Date: Sun, 20 Jan 2019 12:12:29 +0100 Subject: [PATCH 01/19] Neue Version gestartet --- install.sn.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sn.yml b/install.sn.yml index 931c20e..caee829 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v3.0.16 + snversion: master_v3.1.1 batmanversion: v2017.4 common_required_packages: - git From 24d8a6c970acd2517015f1f077595e643a23b305 Mon Sep 17 00:00:00 2001 From: Freifunk Troisdorf Date: Sun, 20 Jan 2019 20:48:00 +0100 Subject: [PATCH 02/19] Fixed to Ansible 2.5 --- files/interfaces-troisdorf7 | 27 +++-- install.sn.retry | 1 + install.sn.yml | 197 ++++++++++++++++++++---------------- 3 files changed, 122 insertions(+), 103 deletions(-) create mode 100644 install.sn.retry diff --git a/files/interfaces-troisdorf7 b/files/interfaces-troisdorf7 index 45ce4c5..cd6ca9b 100644 --- a/files/interfaces-troisdorf7 +++ b/files/interfaces-troisdorf7 @@ -13,21 +13,20 @@ iface lo inet6 loopback # The primary network interface -allow-hotplug eth0 -iface eth0 inet static - address 212.83.154.70 - netmask 255.255.255.255 - gateway 163.172.42.1 - pointopoint 163.172.42.1 +allow-hotplug ens18 +iface ens18 inet static + address 93.241.53.100 + netmask 255.255.255.0 + gateway 93.241.53.1 post-up iptables -P OUTPUT ACCEPT - post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP - post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -auto 6to4 - iface 6to4 inet6 6to4 - local 212.83.154.70 + post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP + post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE +#auto 6to4 +# iface 6to4 inet6 6to4 +# local 212.83.154.70 # GRE Tunnel zum Rheinland Backbone # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen diff --git a/install.sn.retry b/install.sn.retry new file mode 100644 index 0000000..c48c4ed --- /dev/null +++ b/install.sn.retry @@ -0,0 +1 @@ +7.fftdf.de diff --git a/install.sn.yml b/install.sn.yml index caee829..f1b08a7 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -21,7 +21,6 @@ - libnl-3-dev - libjansson-dev - isc-dhcp-server - - collectd - libcap-dev - iproute - libnetfilter-conntrack3 @@ -43,7 +42,8 @@ - ntp - libnl-genl-3-dev - virtualenv - - linux-image-extra-4.4.0-127-generic + - batman-adv + - batctl modules_required: - batman-adv - nf_conntrack_netlink @@ -64,23 +64,32 @@ - l2tp_broker.cfg # bind_zone_fftdf: # - named.conf.fftdf - check_gw_script: - - keepalive.sh +# check_gw_script: +# - keepalive.sh authorized_keys: - authorized_keys logrotate_config: - logrotate.conf - supernode_config: - - supernode.mode - - loadbalancing.mode +# supernode_config: +# - supernode.mode +# - loadbalancing.mode tasks: - name: Remove cdrom in sources.list raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list" - name: Make this server ansible compatible - raw: "apt-get update && apt-get install python -y" -# - name: Add backport repo to source list #target: /etc/apt/sources.list.d -# apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present + raw: "apt-get update && apt-get install python apt-transport-https dirmngr -y" + - name: Adding Freifuck GPG Key + raw: "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B2522557E6AB9BF5" +# apt_key: +# id: B2522557E6AB9BF5 +# url: https://keyserver.ubuntu.com +# url: https://pool.sks-keyservers.net +# url: https://sks.pod01.fleetstreetops.com +# state: present + + - name: Add backport repo to source list + apt_repository: repo='deb https://freifuck.de/debian stretch main' state=present - name: Update apt cache apt: update_cache=yes - name: Gathering facts @@ -100,7 +109,7 @@ shell: update-grub2 when: grubnosmp.changed - name: Reboot the server - shell: sleep 2 && shutdown -r now "Ansible updates triggered" + shell: sleep 2 && shutdown -r now "Ansible updates triggered, no SMP" async: 1 poll: 0 ignore_errors: true @@ -114,10 +123,13 @@ timeout=300 when: hosts.changed when: sethostname.changed - - apt: update_cache=yes +# - apt: update_cache=yes - name: Install common required packages - apt: state=installed pkg={{ item }} - with_items: common_required_packages + apt: + name: "{{ item }}" + state: present + update_cache: yes + with_items: "{{ common_required_packages }}" register: aptupdates - name: Set clock shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start @@ -129,68 +141,70 @@ # modprobe: name={{ item }} # with_items: modules_required # when: modules_req.changed - - name: Install Linux headers - shell: > - apt-get install linux-headers-$(uname -r) -y - when: aptupdates.changed - - name: Get batman-adv - git: repo=https://git.open-mesh.org/batman-adv.git - dest=/tmp/batman-adv - when: aptupdates.changed - register: getbatman +# - name: Install Linux headers +# shell: > +# apt-get install linux-headers-$(uname -r) -y +# when: aptupdates.changed +# - name: Get batman-adv +# git: repo=https://git.open-mesh.org/batman-adv.git +# dest=/tmp/batman-adv +# when: aptupdates.changed +# register: getbatman # - name: Get batman-adv no rebrotcast patch # get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch # when: getbatman.changed - - name: Install batman-adv - shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install +# - name: Install batman-adv +# shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install # shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install - when: getbatman.changed - - name: Get batctl - git: repo=http://git.open-mesh.org/batctl.git - dest=/tmp/batctl - when: aptupdates.changed - register: getbatctl - - name: Install batctl - shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install - when: getbatctl.changed +# when: getbatman.changed +# - name: Get batctl +# git: repo=http://git.open-mesh.org/batctl.git +# dest=/tmp/batctl +# when: aptupdates.changed +# register: getbatctl +# - name: Install batctl +# shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install +# when: getbatctl.changed - name: Get Tunneldigger -# git: repo=https://github.com/wlanslovenija/tunneldigger.git - git: repo=https://github.com/ffrl/tunneldigger.git - dest=/srv/tunneldigger + git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger +# git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger version=v0.3.0 +# git: repo=https://github.com/ffrl/tunneldigger.git dest=/srv/tunneldigger +# version: release-0.22 register: tunneldigger when: aptupdates.changed - name: Configure tunneldigger command: "{{item}}" with_items: - - virtualenv /srv/tunneldigger/ -p python2.7 +# - virtualenv /srv/tunneldigger/ -p python2.7 + - virtualenv /srv/tunneldigger/ when: tunneldigger.changed - name: Tunneldigger requirements pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/ when: tunneldigger.changed - name: Copy l2tp broker config template template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444 - with_items: broker_cfg + with_items: "{{ broker_cfg }}" when: tunneldigger.changed - name: Copy tunneldigger script template template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500 when: tunneldigger.changed - name: Copy tunneldigger scripts copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500 - with_items: tunneldigger_scripts + with_items: "{{ tunneldigger_scripts }}" when: tunneldigger.changed - name: Copy tunneldigger service template copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444 - with_items: tunneldigger_service + with_items: "{{ tunneldigger_service }}" when: tunneldigger.changed ########## - name: Add modules lineinfile: dest=/etc/modules line={{ item }} - with_items: modules_required + with_items: "{{ modules_required }}" register: modules_req - - name: Load modules - modprobe: name={{ item }} - with_items: modules_required - when: modules_req.changed +# - name: Load modules +# modprobe: name= "{{ item }}" +# with_items: "{{ modules_required }}" +# when: modules_req.changed ######### - name: Tunneldigger reload command: "{{item}}" @@ -201,32 +215,32 @@ when: tunneldigger.changed - name: Copy logrotate config copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 - with_items: logrotate_config + with_items: "{{logrotate_config}}" - name: Create freifunk directory file: path=/opt/freifunk state=directory mode=0755 - - name: Create keepalive directory - file: path=/etc/supernode-status state=directory mode=0755 - - name: Create supernode config files - file: path=/etc/supernode-status/{{ item }} state=touch owner=root group=root mode=0644 - with_items: supernode_config - - name: Supernode set default mode - lineinfile: dest=/etc/supernode-status/{{ item }} regexp=^0 line=0 - with_items: supernode_config - - name: Check gateway / keepalive script supernode - copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 - with_items: check_gw_script - register: check_gw - when: sn_exit is undefined - - name: Check gateway / keepalive script super- and exitnode - template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500 - register: check_gw - when: sn_exit is defined - - name: Add cron job with check gateway script - cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root" - when: check_gw.changed - - name: Supernode Config script super- and exitnode - copy: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500 - when: sn_exit is defined +# - name: Create keepalive directory +# file: path=/etc/supernode-status state=directory mode=0755 +# - name: Create supernode config files +# file: path=/etc/supernode-status/{{ item }} state=touch owner=root group=root mode=0644 +# with_items: supernode_config +# - name: Supernode set default mode +# lineinfile: dest=/etc/supernode-status/{{ item }} regexp=^0 line=0 +# with_items: supernode_config +# - name: Check gateway / keepalive script supernode +# copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 +# with_items: check_gw_script +# register: check_gw +# when: sn_exit is undefined +# - name: Check gateway / keepalive script super- and exitnode +# template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500 +# register: check_gw +# when: sn_exit is defined +# - name: Add cron job with check gateway script +# cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root" +# when: check_gw.changed +# - name: Supernode Config script super- and exitnode +# copy: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500 +# when: sn_exit is defined - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 register: dhcpd @@ -251,12 +265,12 @@ - name: Copy backbone script template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 when: sn_exit is defined - - name: Collectd template file - template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 - register: collectd - - name: Restart collectd - service: name=collectd state=restarted - when: collectd.changed +# - name: Collectd template file +# template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 +# register: collectd +# - name: Restart collectd +# service: name=collectd state=restarted +# when: collectd.changed - name: configure startup script supernode template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 when: sn_exit is undefined @@ -265,7 +279,7 @@ when: sn_exit is defined - name: SSH authorized_keys copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 - with_items: authorized_keys + with_items: "{{ authorized_keys }}" - name: Bind9, activate fftdf zone lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/fftdf/fftdf.conf";' state=present - name: Copy option template @@ -285,7 +299,7 @@ when: sn_exit is defined - apt: update_cache=yes - name: Install bird - apt: state=installed pkg=bird + apt: state=present pkg=bird when: sn_exit is defined - name: Bird configuration copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444 @@ -293,16 +307,18 @@ - name: Bird configuration copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444 when: sn_exit is defined - - name: Get speedtest-cli - get_url: url=https://raw.githubusercontent.com/MightySCollins/speedtest-cli/master/speedtest_cli.py dest=/usr/bin/speedtest-cli - - name: Change rights speedtest-cli - file: path=/usr/bin/speedtest-cli owner=root group=root mode=0755 +# - name: Get speedtest-cli +# get_url: url=https://raw.githubusercontent.com/MightySCollins/speedtest-cli/master/speedtest_cli.py dest=/usr/bin/speedtest-cli +# - name: Change rights speedtest-cli +# file: path=/usr/bin/speedtest-cli owner=root group=root mode=0755 - name: Copy Slacktee Config template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544 - name: Copy Slacktee copy: src=./files/slacktee.sh dest=/usr/local/bin/slacktee.sh owner=root group=root mode=0744 - name: set netfilter rules - lineinfile: dest=/etc/sysctl.conf line="{{ item }}" + lineinfile: + dest: /etc/sysctl.conf + line: "{{ item }}" with_items: - net.ipv4.netfilter.ip_conntrack_generic_timeout = 240 - net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000 @@ -315,18 +331,20 @@ when: modprobe1.stat.exists == False - name: check /etc/modprobe.conf lineinfile: dest=/etc/modprobe.conf line="options ip_conntrack hashsize=65536" + - name: Change root password + user: + name: root + password: "{{ sn_rootpasswd }}" + - name: Logrotate rights + file: path=/etc/logrotate.conf mode=0644 owner=root group=root + - name: Wirte version information + shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version - name: Reboot the server finally shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 poll: 0 ignore_errors: true when: tunneldigger.changed - - name: Logrotate rights - file: path=/etc/logrotate.conf mode=0644 owner=root group=root - - name: Change root password - user: name=root password={{ sn_rootpasswd }} - - name: Wirte version information - shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version - name: waiting for server to come back local_action: wait_for @@ -343,3 +361,4 @@ channel: "#technik" username: "Ansible on {{ inventory_hostname }}" parse: 'none' + From b1f766c9469c2e6f79bf5d4763593e29db0441f9 Mon Sep 17 00:00:00 2001 From: Freifunk Troisdorf Date: Thu, 24 Jan 2019 21:10:11 +0100 Subject: [PATCH 03/19] Tunneldigger repaired / new repo --- files/l2tp_broker.cfg | 14 +++++++++++++- files/start-broker.sh | 8 +++++--- install.sn.yml | 28 ++++++++++++++++++---------- 3 files changed, 36 insertions(+), 14 deletions(-) diff --git a/files/l2tp_broker.cfg b/files/l2tp_broker.cfg index 8060e21..a741273 100644 --- a/files/l2tp_broker.cfg +++ b/files/l2tp_broker.cfg @@ -4,7 +4,7 @@ address={{ ansible_default_ipv4.address }} ; Ports where the broker will listen on port={{ sn_l2tp_tb_port }} ; Interface with that IP address -interface=eth0 +interface=ens18 ; Maximum number of cached cookies, required for establishing a ; session with the broker max_cookies=1024 @@ -23,6 +23,18 @@ pmtu_discovery=false ; namespacing to work namespace=troisdorf +; Reject connections if there are less than N seconds since the last connection. +; Can be less than a second (e.g., 0.1). +connection_rate_limit=2 + +; Set PMTU to a fixed value. Use 0 for automatic PMTU discovery. A non-0 value also disables +; PMTU discovery on the client side, by having the server not respond to client-side PMTU +; discovery probes. +pmtu=0 + +; The batman device of this Hood (e.g. bat2) +batdev=bat0 + [log] ; Log filename filename=/var/log/tunneldigger-broker.log diff --git a/files/start-broker.sh b/files/start-broker.sh index 22450e0..86c0837 100644 --- a/files/start-broker.sh +++ b/files/start-broker.sh @@ -1,9 +1,11 @@ #!/bin/bash -WDIR=/srv/tunneldigger -VIRTUALENV_DIR=/srv/tunneldigger +WDIR=/srv/tunneldigger/env_tunneldigger +VIRTUALENV_DIR=/srv/tunneldigger/env_tunneldigger cd $WDIR source $VIRTUALENV_DIR/bin/activate -bin/python broker/l2tp_broker.py l2tp_broker.cfg +$VIRTUALENV_DIR/bin/python -m tunneldigger_broker.main ../l2tp_broker.cfg +#bin/python broker/l2tp_broker.py ../l2tp_broker.cfg + diff --git a/install.sn.yml b/install.sn.yml index f1b08a7..e73ea67 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v3.1.1 + snversion: master_v3.1.3 batmanversion: v2017.4 common_required_packages: - git @@ -44,6 +44,9 @@ - virtualenv - batman-adv - batctl + - libffi-dev + - libnetfilter-conntrack-dev + - libnfnetlink-dev modules_required: - batman-adv - nf_conntrack_netlink @@ -88,8 +91,10 @@ # url: https://sks.pod01.fleetstreetops.com # state: present - - name: Add backport repo to source list + - name: Add Freifuck repo to source list apt_repository: repo='deb https://freifuck.de/debian stretch main' state=present + - name: Add backport repo to source list + apt_repository: repo='deb http://http.debian.net/debian stretch-backports main' state=present - name: Update apt cache apt: update_cache=yes - name: Gathering facts @@ -166,21 +171,24 @@ # shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install # when: getbatctl.changed - name: Get Tunneldigger - git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger -# git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger version=v0.3.0 +# git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger +# git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger version=v0.1.0 +# git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger # git: repo=https://github.com/ffrl/tunneldigger.git dest=/srv/tunneldigger + git: repo=https://github.com/rohammer/tunneldigger.git dest=/srv/tunneldigger # version: release-0.22 register: tunneldigger when: aptupdates.changed - name: Configure tunneldigger - command: "{{item}}" - with_items: + raw: "cd /srv/tunneldigger && virtualenv env_tunneldigger && source env_tunneldigger/bin/activate && cd broker && python setup.py install" +# command: "{{item}}" +# with_items: # - virtualenv /srv/tunneldigger/ -p python2.7 - - virtualenv /srv/tunneldigger/ - when: tunneldigger.changed - - name: Tunneldigger requirements - pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/ +# - virtualenv /srv/tunneldigger/ when: tunneldigger.changed +# - name: Tunneldigger requirements +# pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/ +# when: tunneldigger.changed - name: Copy l2tp broker config template template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444 with_items: "{{ broker_cfg }}" From 41e55996acf83fb068c34b74b3cda90fb69d195b Mon Sep 17 00:00:00 2001 From: Freifunk Troisdorf Date: Tue, 5 Feb 2019 21:40:58 +0100 Subject: [PATCH 04/19] Housekeeping --- files/authorized_keys | 6 +- files/bataddif.sh.j2 | 1 - files/check_mk-dhcp.sh | 6 - files/check_mk-speedtest-cli | 392 ------------------------------ files/check_mk.conf | 28 --- files/ckeck_mk-supernode | 70 ------ files/collectd.conf.j2 | 54 ---- files/dhcpleases | 260 -------------------- files/keepalive.exit.sh.j2 | 19 -- files/l2tp_backbone.sh.exit.j2 | 7 - files/l2tp_broker-backup.cfg | 51 ---- files/slacktee.conf | 13 - files/sn_startup.exit.sh.j2 | 11 +- files/start-broker-backup.sh | 9 - files/supernode | 65 ----- files/tunneldigger-backup.service | 9 - install.sn.yml | 10 +- 17 files changed, 11 insertions(+), 1000 deletions(-) delete mode 100644 files/check_mk-dhcp.sh delete mode 100644 files/check_mk-speedtest-cli delete mode 100644 files/check_mk.conf delete mode 100644 files/ckeck_mk-supernode delete mode 100644 files/collectd.conf.j2 delete mode 100644 files/dhcpleases delete mode 100644 files/keepalive.exit.sh.j2 delete mode 100644 files/l2tp_broker-backup.cfg delete mode 100644 files/slacktee.conf delete mode 100644 files/start-broker-backup.sh delete mode 100644 files/supernode delete mode 100644 files/tunneldigger-backup.service diff --git a/files/authorized_keys b/files/authorized_keys index 90c7b09..3604bb2 100644 --- a/files/authorized_keys +++ b/files/authorized_keys @@ -2,8 +2,4 @@ ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDP ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux -ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA5OYOF+VBtXXxv/wZkT5K3P7QAUJaM88zJqeGh8NJCO7EDg9jLoWLzAP7LnM9XEA4ycWdl8HX1+EUKqVXAbSNItTZZkO9LCbIiIe1w8oJd2j9hY0IpxPqbz9ePPZh0JtxAZMh3NgOoSiND0leAeOt0lTlDPh4g3G4KvR33d9PIj5ZerU47ceLyy4xEwNbZDKD04+frpq1W+lDqglR0jV/h/pcoQTAEBflbmGLeXIXRsR6zq/of4Wx/MlX18VD9SXPLGXvQ5c4lt5PvV/oeHz4gEjPv2hrI3s3fyWakadAuI9ah48CaEgpVReUGjtYDc0PskvjAH/+slqIHW1D5El+R1Z/2wn/aEGokFHUc0SiFb3NAOwxWvMtUHhXi9ZiTHt0p/0FwWZ1pxqRzODvK8uZ7LAJRGe6q9NYQkIax6SLOfWm4MFWDpDLgWz5MSbPqo+Kfo0614z1mxA3vpY53lUqEGRx4I6z/PDaOHMFd3sxhSMPGvmMvAOLTRofFppwUq1YqQkd6embsJjBN0gU9AilpL5Q2il0OoW4g0rUR8HPJczuDzmHZTXpPU2dY6MhAJ0sbNmk0XhmyoEH9/A1zPEHmirTcBMmbFUsYmR6+MnHEhxnRu5PQpXqcu2vN+JAeasgJShRl7g+rHIdutswHUAWWyfgaD0GF3f6zuOLooz1XQU= localadmin@tst-ansible - -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDA2KJvzjFxFrjJvxJj/AZ3rPKGT15JUnV7LhTo0BuXITwx+DpEK6u2m3yjigf2B8ws4VbpL7ceWyP8L3wspozqbqOgyYrQ9TISipkNV9O/DzR+F8R7mhn5mV7+pEOJu1Ba6rtYTfJTcloRKklfO9UjaFLwM69H0GNsomcKMd5Kl4c7DMMwcpXfhb8b7ET5agtfAhXU0CHalnhdAVCwmsC3mj9blOLlX4lxFLonGKVcZB7nWQEmvVAG+9yp6UWZZzeBCPea8Bw4hUVAZcsbK9XLbE4D+gUoxHu2oKGRja4kUnYmlWZOyqlUGbRD6bUxmnW1aBCh8x+b91YLlGv38vT6Y/sy0tPOoVK5kHxJ2yQmnlpgRzgBZf8Kl9ouO/onvExR787C+6TGG834ROW3SaiEeta0RvWwLzugexotT02qqpJmlIXu+gpvN+O9LSfQWzcaCFJTB6MD8mox1ks/W15Uij1pCeleUmiFdVtmt3PCs/ouuG1Uhm9MSWOBNwdFlTpAngopqBHSKYpTY+LhDD9Bv+U4Tno3i4dIGLYqNVmaRij2A0jZeSKOi/OgAaQsD7CzrDhn7C8dlsBFzPjtpFNqgk2Ss5bv3dpfQhBKsaxAe0X5W57vqJD+986039H3fj9/2o2PGuWCNr1LCWSjiy8t/P++cbn0rGdJAIexgTj3Q== supernodeadmin@update1 - -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUTvOdUbtWOmQ1HHh1rNm9LvGozlVPOu0XVcmZ2/NfSOrDbnN99Y4o2Q2mm/ZITWtEZkijnS+LdqB/SO+I2c8NWQO3+gCd9WzI/pqRso2eDIMtPfidnEGdUi4+hHmT96TGOh6P/SrR71646AJkQr5vxLDs/U/57uyTxNwgHFYb1zfekeK4J8gm9StfiGTdfFDTQsYQljrO0YxGrNG2koRXDwgUca4kGjx/HYwnjtl1nDRSAa8HvgxqAASFFrqSOhCkrlCgxoKZZwGIFccYTcAJFDhqIG32q2tRAQOtqxy5OWbTkJLBTBaR7dG4W9iYHbV6vscfNQD7Ml3aMrS+TA0x stefan@ff-stefan@tst-office +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsaIe542Vk0/sH0GEEMPhjDHBip0PI6OX/teuTLu/osvdb9Hj7432HUlEsiw8cfkCZBXtkQGlYXRVjiZkRxc8CzDpOkq75ZcqTfhmf/tCejBbgSFfdruViU11cFHIdznOqe3PeFM+8BJzHf2Gwnb5P/Q0RDYQ05Hfr9LhQVw3IXM2VInE+xR0sMj2rNr8g8lYa9X/+boElwqFiJqaRyb61XI0DYIXuxFQkg/E2bxvrtbrYJt9Pv5Mu0HYY2Q+xGqOGwPjxtqIixG9ne4EkiQkshFhfnTegfRMmhuSa0G6+Qqh5e4RPbtCGOW27tqXNUo0zDtcNaoWqUCIDkplTlUsimXT8PO+qiwMpXuVBYiwLat3N97kin8GAXoxYdrYdALopLbbkWx/7e06vqwBmF4tsPMcTRKOEIJgWIAVyxxr999Q5GNWA52m7iTNIWH1ExeTm/FQrbU4QCY6YThqhC3AVTYcUINNVZuFp19tNkNydUDOqPtwG0c+Bi8y15RBPUzQDbTgTR3zayuiOc26MYH4SGoSGNKeQjbJWr8MDsGi+NGMs2crYXirYVziPPXdY+im3fBH3UuRDkfbfvl4gXpDYxEUh/8GYdMLnttk2ifoBtlynEhxyunoKm7Z3V8mTikON70/ko6QkOmei/r/F+V9Se6FFsOTUIufwu6BC9+hBkw== localadmin@ansible diff --git a/files/bataddif.sh.j2 b/files/bataddif.sh.j2 index b029432..8796dd6 100644 --- a/files/bataddif.sh.j2 +++ b/files/bataddif.sh.j2 @@ -14,5 +14,4 @@ do fi done -#echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast $brctl addif br-nodes $INTERFACE diff --git a/files/check_mk-dhcp.sh b/files/check_mk-dhcp.sh deleted file mode 100644 index 90a4827..0000000 --- a/files/check_mk-dhcp.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -datum=$(date "+%b %d") -hostname=$(hostname) -clients=$(cat /var/log/syslog | grep "$(date "+%b %d")" | grep DHCPACK | grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' | sort | uniq | wc -l) -echo "nc.gateways."$hostname" $clients `date +%s`" | nc -n -q 5 10.188.0.10 2003 -echo "0 Uniq-Clients count=$clients - $clients Uniq Clients heute" diff --git a/files/check_mk-speedtest-cli b/files/check_mk-speedtest-cli deleted file mode 100644 index abe634a..0000000 --- a/files/check_mk-speedtest-cli +++ /dev/null @@ -1,392 +0,0 @@ -#! /bin/bash -# -# Script to check Internet connection speed using speedtest-cli -# -# Jon Witts - 20150228 -# -######################################################################################################################################################### -# -# Nagios Exit Codes -# -# 0 = OK = The plugin was able to check the service and it appeared to be functioning properly -# 1 = Warning = The plugin was able to check the service, but it appeared to be above some warning -# threshold or did not appear to be working properly -# 2 = Critical = The plugin detected that either the service was not running or it was above some critical threshold -# 3 = Unknown = Invalid command line arguments were supplied to the plugin or low-level failures internal -# to the plugin (such as unable to fork, or open a tcp socket) that prevent it from performing the specified operation. -# Higher-level errors (such as name resolution errors, socket timeouts, etc) are outside of the control of plugins -# and should generally NOT be reported as UNKNOWN states. -# -######################################################################################################################################################## - -plugin_name="Nagios speedtest-cli plugin" -version="1.2 2015022818.19" - -##################################################################### -# -# CHANGELOG -# -# Version 1.0 - Initial Release -# -# Version 1.1 - Added requirement to use server id in test and need to define -# full path to speedtest binary - thanks to Sigurdur Bjarnason -# for changes and improvements -# -# Version 1.2 - Added ability to check speed from an internal Speedtest Mini -# server. Idea sugested by Erik Brouwer -# -# -# - -##################################################################### -# function to output script usage -usage() -{ - cat << EOF - ****************************************************************************************** - - $plugin_name - Version: $version - - OPTIONS: - -h Show this message - -w Download Warning Level - *Required* - integer or floating point - -c Download Critical Level - *Required* - integer or floating point - -W Upload Warning Level - *Required* - integer or floating point - -C Upload Critical Level - *Required* - integer or floating point - -l Location of speedtest server - *Required * - takes either "i" or "e". If you pass "i" for - Internal then you will need to pass the URL of the Mini Server to the "s" option. If you pass - "e" for External then you must pass the server integer to the "s" option. - -s Server integer or URL for the speedtest server to test against - *Required* - Run - "speedtest --list | less" to find your nearest server and note the number of the server - or use the URL of an internal Speedtest Mini Server - -p Output Performance Data - -v Output plugin version - -V Output debug info for testing - - This script will output the Internet Connection Speed using speedtest-cli to Nagios. - - You need to have installed speedtest-cli on your system first and ensured that it is - working by calling "speedtest --simple". - - See here: https://github.com/sivel/speedtest-cli for info about speedtest-cli - - First you MUST define the location of your speedtest install in the script or this will - not work. - - The speedtest-cli can take some time to return its result. I recommend that you set the - service_check_timeout value in your main nagios.cfg to 120 to allow time for - this script to run; but test yourself and adjust accordingly. - - You also need to have access to bc on your system for this script to work and that it - exists in your path. - - Your warning levels must be higher than your critical levels for both upload and download. - - Performance Data will output upload and download speed against matching warning and - critical levels. - - Jon Witts - - ****************************************************************************************** -EOF -} - -##################################################################### -# function to output error if speedtest binary location not set -locundef() -{ - cat << EOF - ****************************************************************************************** - - $plugin_name - Version: $version - - You have not defined the location of the speedtest binary in the script! You MUST do - this before running the script. See line 170 of the script! - - ****************************************************************************************** -EOF -} - -##################################################################### -# function to check if a variable is numeric -# expects variable to check as first argument -# and human description of variable as second -isnumeric() -{ - re='^[0-9]+([.][0-9]+)?$' - if ! [[ $1 =~ $re ]]; then - echo $2" with a value of: "$1" is not a number!" - usage - exit 3 - fi -} - -##################################################################### -# functions for floating point operations - require bc! - -##################################################################### -# Default scale used by float functions. - -float_scale=3 - -##################################################################### -# Evaluate a floating point number expression. - -function float_eval() -{ - local stat=0 - local result=0.0 - if [[ $# -gt 0 ]]; then - result=$(echo "scale=$float_scale; $*" | bc -q 2>/dev/null) - stat=$? - if [[ $stat -eq 0 && -z "$result" ]]; then stat=1; fi - fi - echo $result - return $stat -} - -##################################################################### -# Evaluate a floating point number conditional expression. - -function float_cond() -{ - local cond=0 - if [[ $# -gt 0 ]]; then - cond=$(echo "$*" | bc -q 2>/dev/null) - if [[ -z "$cond" ]]; then cond=0; fi - if [[ "$cond" != 0 && "$cond" != 1 ]]; then cond=0; fi - fi - local stat=$((cond == 0)) - return $stat -} - -########### End of functions ######################################## - -# Set up the variable for the location of the speedtest binary. -# Edit the line below so that the variable is defined as the location -# to speedtest on your system. On mine it is /usr/local/bin -# Ensure to leave the last slash off! -# You MUST define this or the script will not run! -STb=/usr/bin - -# Set up the variables to take the arguments -DLw=150.00 -DLc=100.00 -ULw=150.00 -ULc=100.00 -Loc=e -# Server ID, if 0 using nearest server -SEs=0 -#PerfData=TRUE -PerfData= -debug= - -# Retrieve the arguments using getopts -while getopts "hw:c:W:C:l:s:pvV" OPTION -do - case $OPTION in - h) - usage - exit 3 - ;; - w) - DLw=$OPTARG - ;; - c) - DLc=$OPTARG - ;; - W) - ULw=$OPTARG - ;; - C) - ULc=$OPTARG - ;; - l) - Loc=$OPTARG - ;; - s) - SEs=$OPTARG - ;; - p) - PerfData="TRUE" - ;; - v) - echo "$plugin_name. Version number: $version" - exit 3 - ;; - V) - debug="TRUE" - ;; -esac -done - - -# Check if the Speedtest binary variable $STb has been defined and exit with warning if not -if [[ -z $STb ]] -then - locundef - exit 3 -fi - -# Check for empty arguments and exit to usage if found -if [[ -z $DLw ]] || [[ -z $DLc ]] || [[ -z $ULw ]] || [[ -z $ULc ]] || [[ -z $Loc ]] || [[ -z $SEs ]] -then - usage - exit 3 -fi - -# Check for invalid argument passed to $Loc and exit to usage if found -if [[ "$Loc" != "e" ]] && [[ "$Loc" != "i" ]] -then - usage - exit 3 -fi - -# Check for non-numeric arguments -isnumeric $DLw "Download Warning Level" -isnumeric $DLc "Download Critical Level" -isnumeric $ULw "Upload Warning Level" -isnumeric $ULc "Upload Critical Level" -#isnumeric $Serv "Server Number ID" - -# Check that warning levels are not less than critical levels -if float_cond "$DLw < $DLc"; then - echo "\$DLw is less than \$DLc!" - usage - exit 3 -elif float_cond "$ULw < $ULc"; then - echo "\$ULw is less than \$ULc!" - usage - exit 3 -fi - -# Output arguments for debug -if [ "$debug" == "TRUE" ]; then - echo "Download Warning Level = "$DLw - echo "Download Critical Level = "$DLc - echo "Upload Warning Level = "$ULw - echo "Upload Critical Level = "$ULc - echo "Server Location = "$Loc - echo "Server URL or Integer = "$SEs -fi - -#Set command up depending upon internal or external -if [ "$Loc" == "e" ]; then - if [ "$debug" == "TRUE" ]; then - echo "External Server defined" - fi - if [ "$SEs" == "0" ]; then - if [ "$debug" == "TRUE" ]; then - echo "no SEs specified" - fi - command=$($STb/speedtest --simple) - else - command=$($STb/speedtest --server=$SEs --simple) - fi -elif [ "$Loc" == "i" ]; then - if [ "$debug" == "TRUE" ]; then - echo "Internal Server defined" - fi - command=$($STb/speedtest --mini=$SEs --simple) -else - if [ "$debug" == "TRUE" ]; then - echo "We should never get here as we checked the contents of Location variable earlier!" - fi - usage - exit 3 -fi - -# Get the output of the speedtest into an array -# so we can begin to process it -i=1 -typeset -a array - -array=($command) - -# Check if array empty or not having at least 9 indicies -element_count=${#array[@]} -expected_count="9" - -# Output array indicies count for debug -if [ "$debug" == "TRUE" ]; then - echo "count = $element_count" -fi - -if [ "$element_count" -ne "$expected_count" ]; then - echo "You do not have the expected number of indices in your output from SpeedTest. Is it correctly installed?" - usage - exit 3 -fi - -# echo contents of speedtest for debug -if [ "$debug" == "TRUE" ]; then - echo "$command" -fi - -# split array into our variables for processing -ping=${array[1]} -pingUOM=${array[2]} -download=${array[4]} -downloadUOM=${array[5]} -upload=${array[7]} -uploadUOM=${array[8]} - -# echo each array for debug -if [ "$debug" == "TRUE" ]; then - echo "Ping = "$ping - echo "Download = "$download - echo "Upload = "$upload -fi - -#set up our nagios status and exit code variables -status= -nagcode= - -# now we check to see if returned values are within defined ranges -# we will make use of bc for our math! -if float_cond "$download < $DLc"; then - if [ "$debug" == "TRUE" ]; then - echo "Download less than critical limit. \$download = $download and \$DLc = $DLc " - fi - status="CRITICAL" - nagcode=2 -elif float_cond "$upload < $ULc"; then - if [ "$debug" == "TRUE" ]; then - echo "Upload less than critical limit. \$upload = $upload and \$ULc = $ULc" - fi - status="CRITICAL" - nagcode=2 -elif float_cond "$download < $DLw"; then - if [ "$debug" == "TRUE" ]; then - echo "Download less than warning limit. \$download = $download and \$DLw = $DLw" - fi - status="WARNING" - nagcode=1 -elif float_cond "$upload < $ULw"; then - if [ "$debug" == "TRUE" ]; then - echo "Upload less than warning limit. \$upload = $upload and \$ULw = $ULw" - fi - status="WARNING" - nagcode=1 -else - if [ "$debug" == "TRUE" ]; then - echo "Everything within bounds!" - fi - status="OK" - nagcode=0 -fi - -#nagout="$status - Ping = $ping $pingUOM Download = $download $downloadUOM Upload = $upload $uploadUOM" -#perfout="|'download'=$download;$DLw;$DLc 'upload'=$upload;$ULw;$ULc" -nagout="$nagcode speedtest-cli download=$download;$DLw;$DLc|upload=$upload;$ULw;$ULc|ping=$ping;250;500 Ping = $ping $pingUOM Download = $download $downloadUOM Upload = $upload $uploadUOM" - -# append perfout if argument was passed to script -if [ "$PerfData" == "TRUE" ]; then - if [ "$debug" == "TRUE" ]; then - echo "PerfData requested!" - fi - nagout=$nagout$perfout -fi - -echo $nagout -exit $nagcode diff --git a/files/check_mk.conf b/files/check_mk.conf deleted file mode 100644 index 96807a5..0000000 --- a/files/check_mk.conf +++ /dev/null @@ -1,28 +0,0 @@ -service check_mk -{ - type = UNLISTED - port = 6556 - socket_type = stream - protocol = tcp - wait = no - user = root - server = /usr/bin/check_mk_agent - - # listen on IPv4 AND IPv6 when available on this host - #flags = IPv6 - - # If you use fully redundant monitoring and poll the client - # from more then one monitoring servers in parallel you might - # want to use the agent cache wrapper: - #server = /usr/bin/check_mk_caching_agent - - # configure the IP address(es) of your Nagios server here: - only_from = 78.47.37.172 - - # Don't be too verbose. Don't log every check. This might be - # commented out for debugging. If this option is commented out - # the default options will be used for this service. - log_on_success = - - disable = no -} diff --git a/files/ckeck_mk-supernode b/files/ckeck_mk-supernode deleted file mode 100644 index 19a902c..0000000 --- a/files/ckeck_mk-supernode +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -#/usr/lib/check_mk_agent/local -export LANG=de_DE.UTF-8 - -function confline # get first line from file $1 mathing $2, stripped of # and ; comment lines, stripped spaces and tabs down to spaces, remove trailing ; -{ - echo $(cat $1|grep -v '^$\|^\s*\#'|sed -e "s/[[:space:]]\+/ /g"|sed s/^\ //|sed s/\;//|grep -i "$2"|head -n 1) -} - -function ati # ipv4 to longint -{ - ip4=$1; ipno=0 - for (( i=0 ; i<4 ; ++i )); do - ((ipno+=${ip4%%.*}*$((254**$((3-${i})))))) # .0 .255 should not be counted - ip4=${ip4#*.} - done - echo $ipno -} - -## static data -bat_version=$(batctl -v); -kernel=$(uname -r); -release=$(lsb_release -ds); - -## Batman -echo "0 Batman-Version Version=$bat_version; $bat_version" -list=$(ls -F /sys/kernel/debug/batman_adv|grep /) -for i in $list; do - z=$(ls /sys/kernel/debug/batman_adv/$i|wc -l) - if [ $z -ge 9 ]; then - b=$(echo $i|cut -d '/' -f1) - router=$(($(batctl -m $b o|wc -l)-2 )) - clients=$(grep -cEo "\[.*W.*\]+" /sys/kernel/debug/batman_adv/$b/transtable_global) - gateways=$(( $(batctl -m $b gwl|wc -l) -1 )) - ips=$(( $(batctl -m $b dc|wc -l) - 2)) - wlow=$(( $router * 20 / 100 )) - clow=$(( $router * 5 / 100 )) - wlimit=$(( $router * 5 )) - climit=$(( $router * 10 )) - echo "P Batman-$b Router=$router.0;5:250;1:500|Clients=$clients.0;$wlow.0:$wlimit.0;$clow.0:$climit.0|Gateways=$gateways.0;0:3;0:5;|IPs=$ips.0"; - fi; - done - -## isc-dhcpd-server leases -# needs script https://github.com/eulenfunk/scripts/blob/master/dhcpleases -if [ -r /opt/freifunk/dhcpleases ] ; then - totalleases=2040 - activeleases=$(python /opt/freifunk/dhcpleases|grep "^| Total"|cut -d":" -f2|sed s/\ //) - remainingleases=$(($totalleases - $activeleases)) - actwarn=$(($totalleases * 75 / 100)) - actcrit=$(($totalleases * 90 / 100)) - echo "P Dhcp-Leases active-leases=$activeleases.0;5:$actwarn;1:$actcrit active:$activeleases remaining:$remainingleases pool=$totalleases"; - fi - -#L2TP -l_tunnel=$(ip a |grep l2tp | grep br-nodes -c); -tunneldigger=$(ifconfig|grep br-nodes -c); -echo "P L2TP Clients=$l_tunnel.0;1:100;0:150|Tunneldiggerbridges=$tunneldigger.0;0.1:1;0.1:2; L2TP-Clients:$l_tunnel Tunneldiggerbridges:$tunneldigger" - -## Conntrack -conntrack=$(conntrack -C); -conntrack_limit=$(sysctl -a 2>/dev/null |grep net.nf_conntrack_max|cut -d ' ' -f 3); -conntrack_remain=$(echo $conntrack_limit - $conntrack|bc) -wlow=0.1 -clow=1.1 -wlimit=$(echo $conntrack_limit *0.7|bc) -climit=$(echo $conntrack_limit *0.9|bc) -wrlimit=$(echo $conntrack_limit *0.3|bc) -crlimit=$(echo $conntrack_limit *0.1|bc) -echo "P Conntrack conntrack=$conntrack.0;$wlow:$wlimit;$clow:$climit|conntrack_remain=$conntrack_remain.0;$wrlimit:$conntrack_limit;$crlimit:$conntrack_limit; Conntrack:$conntrack Conntrack-Remain:$conntrack_remain Conntrack-Limit:$conntrack_limit" diff --git a/files/collectd.conf.j2 b/files/collectd.conf.j2 deleted file mode 100644 index de68c08..0000000 --- a/files/collectd.conf.j2 +++ /dev/null @@ -1,54 +0,0 @@ -# Config file for collectd(1). -# -# Some plugins need additional configuration and are disabled by default. -# Please read collectd.conf(5) for details. -# -# You should also read /usr/share/doc/collectd-core/README.Debian.plugins -# before enabling any more plugins. - -## General ## - -Hostname "{{ sn_hostname }}" -FQDNLookup true -BaseDir "/var/lib/collectd" -PluginDir "/usr/lib/collectd" -Interval 60 -Timeout 2 -ReadThreads 5 - -## Load Plugins ## -LoadPlugin write_graphite -LoadPlugin syslog -LoadPlugin cpu -LoadPlugin load -LoadPlugin memory -LoadPlugin processes -LoadPlugin conntrack -LoadPlugin users -LoadPlugin uptime -LoadPlugin interface -LoadPlugin filecount - - - Instance "tunneldigger-connections" - Name "l2tp*" - - - - - Host "10.188.0.10" - Port "2003" - Prefix "collectd.gateways." - StoreRates true - AlwaysAppendDS false - EscapeCharacter "_" - - - - - LogLevel info - - -########################################################### -Include "/etc/collectd/filters.conf" -Include "/etc/collectd/thresholds.conf" diff --git a/files/dhcpleases b/files/dhcpleases deleted file mode 100644 index 40465c2..0000000 --- a/files/dhcpleases +++ /dev/null @@ -1,260 +0,0 @@ -#!/usr/bin/python -# source: http://askubuntu.com/revisions/fb67e8e2-efd4-4d0e-bb2f-416855fd8369/view-source -# by http://askubuntu.com/users/499043/dfsmith -import datetime, bisect - -def parse_timestamp(raw_str): - tokens = raw_str.split() - - if len(tokens) == 1: - if tokens[0].lower() == 'never': - return 'never'; - - else: - raise Exception('Parse error in timestamp') - - elif len(tokens) == 3: - return datetime.datetime.strptime(' '.join(tokens[1:]), - '%Y/%m/%d %H:%M:%S') - - else: - raise Exception('Parse error in timestamp') - - -def timestamp_is_ge(t1, t2): - if t1 == 'never': - return True - - elif t2 == 'never': - return False - - else: - return t1 >= t2 - - -def timestamp_is_lt(t1, t2): - if t1 == 'never': - return False - - elif t2 == 'never': - return t1 != 'never' - - else: - return t1 < t2 - - -def timestamp_is_between(t, tstart, tend): - return timestamp_is_ge(t, tstart) and timestamp_is_lt(t, tend) - - -def parse_hardware(raw_str): - tokens = raw_str.split() - - if len(tokens) == 2: - return tokens[1] - - else: - raise Exception('Parse error in hardware') - - -def strip_endquotes(raw_str): - return raw_str.strip('"') - - -def identity(raw_str): - return raw_str - - -def parse_binding_state(raw_str): - tokens = raw_str.split() - - if len(tokens) == 2: - return tokens[1] - - else: - raise Exception('Parse error in binding state') - - -def parse_next_binding_state(raw_str): - tokens = raw_str.split() - - if len(tokens) == 3: - return tokens[2] - - else: - raise Exception('Parse error in next binding state') - - -def parse_rewind_binding_state(raw_str): - tokens = raw_str.split() - - if len(tokens) == 3: - return tokens[2] - - else: - raise Exception('Parse error in next binding state') - - -def parse_leases_file(leases_file): - valid_keys = { - 'starts': parse_timestamp, - 'ends': parse_timestamp, - 'tstp': parse_timestamp, - 'tsfp': parse_timestamp, - 'atsfp': parse_timestamp, - 'cltt': parse_timestamp, - 'hardware': parse_hardware, - 'binding': parse_binding_state, - 'next': parse_next_binding_state, - 'rewind': parse_rewind_binding_state, - 'uid': strip_endquotes, - 'client-hostname': strip_endquotes, - 'option': identity, - 'set': identity, - 'on': identity, - 'abandoned': None, - 'bootp': None, - 'reserved': None, - } - - leases_db = {} - - lease_rec = {} - in_lease = False - in_failover = False - - for line in leases_file: - if line.lstrip().startswith('#'): - continue - - tokens = line.split() - - if len(tokens) == 0: - continue - - key = tokens[0].lower() - - if key == 'lease': - if not in_lease: - ip_address = tokens[1] - - lease_rec = {'ip_address' : ip_address} - in_lease = True - - else: - raise Exception('Parse error in leases file') - - elif key == 'failover': - in_failover = True - elif key == '}': - if in_lease: - for k in valid_keys: - if callable(valid_keys[k]): - lease_rec[k] = lease_rec.get(k, '') - else: - lease_rec[k] = False - - ip_address = lease_rec['ip_address'] - - if ip_address in leases_db: - leases_db[ip_address].insert(0, lease_rec) - - else: - leases_db[ip_address] = [lease_rec] - - lease_rec = {} - in_lease = False - - elif in_failover: - in_failover = False - continue - else: - raise Exception('Parse error in leases file') - - elif key in valid_keys: - if in_lease: - value = line[(line.index(key) + len(key)):] - value = value.strip().rstrip(';').rstrip() - - if callable(valid_keys[key]): - lease_rec[key] = valid_keys[key](value) - else: - lease_rec[key] = True - - else: - raise Exception('Parse error in leases file') - - else: - if in_lease: - raise Exception('Parse error in leases file') - - if in_lease: - raise Exception('Parse error in leases file') - - return leases_db - - -def round_timedelta(tdelta): - return datetime.timedelta(tdelta.days, - tdelta.seconds + (0 if tdelta.microseconds < 500000 else 1)) - - -def timestamp_now(): - n = datetime.datetime.utcnow() - return datetime.datetime(n.year, n.month, n.day, n.hour, n.minute, - n.second + (0 if n.microsecond < 500000 else 1)) - - -def lease_is_active(lease_rec, as_of_ts): - return timestamp_is_between(as_of_ts, lease_rec['starts'], - lease_rec['ends']) - - -def ipv4_to_int(ipv4_addr): - parts = ipv4_addr.split('.') - return (int(parts[0]) << 24) + (int(parts[1]) << 16) + \ - (int(parts[2]) << 8) + int(parts[3]) - - -def select_active_leases(leases_db, as_of_ts): - retarray = [] - sortedarray = [] - - for ip_address in leases_db: - lease_rec = leases_db[ip_address][0] - - if lease_is_active(lease_rec, as_of_ts): - ip_as_int = ipv4_to_int(ip_address) - insertpos = bisect.bisect(sortedarray, ip_as_int) - sortedarray.insert(insertpos, ip_as_int) - retarray.insert(insertpos, lease_rec) - - return retarray - - -############################################################################## - - -myfile = open('/var/lib/dhcp/dhcpd.leases', 'r') -leases = parse_leases_file(myfile) -myfile.close() - -now = timestamp_now() -report_dataset = select_active_leases(leases, now) - -print('+------------------------------------------------------------------------------') -print('| DHCPD ACTIVE LEASES REPORT') -print('+-----------------+-------------------+----------------------+-----------------') -print('| IP Address | MAC Address | Expires (days,H:M:S) | Client Hostname ') -print('+-----------------+-------------------+----------------------+-----------------') - -for lease in report_dataset: - print('| ' + format(lease['ip_address'], '<15') + ' | ' + \ - format(lease['hardware'], '<17') + ' | ' + \ - format(str((lease['ends'] - now) if lease['ends'] != 'never' else 'never'), '>20') + ' | ' + \ - lease['client-hostname']) - -print('+-----------------+-------------------+----------------------+-----------------') -print('| Total Active Leases: ' + str(len(report_dataset))) -print('| Report generated (UTC): ' + str(now)) -print('+------------------------------------------------------------------------------') diff --git a/files/keepalive.exit.sh.j2 b/files/keepalive.exit.sh.j2 deleted file mode 100644 index 4e4ea3b..0000000 --- a/files/keepalive.exit.sh.j2 +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -while [ true ] ; do -#Check Tunneldigger Connections - if ! [ -d /opt/freifunk/tunneldigger_interfaces ]; then - mkdir /opt/freifunk/tunneldigger_interfaces - fi -#Remove old Interfaces - rm /opt/freifunk/tunneldigger_interfaces/* -#Create Interace files - for i in `/sbin/brctl show br-nodes | grep l2tp`; - do - touch /opt/freifunk/tunneldigger_interfaces/$i - done -#Remove wrong file - rm /opt/freifunk/tunneldigger_interfaces/no - rm /opt/freifunk/tunneldigger_interfaces/br-* - rm /opt/freifunk/tunneldigger_interfaces/8* - sleep 60 -done diff --git a/files/l2tp_backbone.sh.exit.j2 b/files/l2tp_backbone.sh.exit.j2 index 65f98bf..19dfbad 100644 --- a/files/l2tp_backbone.sh.exit.j2 +++ b/files/l2tp_backbone.sh.exit.j2 @@ -7,13 +7,6 @@ communitymacaddress="a2:8c:ae:6f:f6" localserver=$(/bin/hostname) communityname=troisdorf -# L2tp to Map -$ip l2tp add tunnel remote 163.172.225.200 local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id {{ sn_number }}0 peer_tunnel_id 0{{ sn_number }} encap udp udp_sport 300{{ sn_number }}0 udp_dport 3000{{ sn_number }} -$ip l2tp add session name l2tp-map tunnel_id {{ sn_number }}0 session_id 1{{ sn_number }}0 peer_session_id 2{{ sn_number }}0 -$ip link set dev l2tp-map mtu 1312 -$ip link set up l2tp-map -$batctl if add l2tp-map - # Rest Starten $ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 $ip link set up dev bat0 diff --git a/files/l2tp_broker-backup.cfg b/files/l2tp_broker-backup.cfg deleted file mode 100644 index debcd1d..0000000 --- a/files/l2tp_broker-backup.cfg +++ /dev/null @@ -1,51 +0,0 @@ -[broker] -; IP address the broker will listen and accept tunnels on -address={{ ansible_default_ipv4.address }} -; Ports where the broker will listen on -port={{ sn_l2tp_tb_backup_port }} -; Interface with that IP address -interface=eth0 -; Maximum number of cached cookies, required for establishing a -; session with the broker -max_cookies=1024 -; Maximum number of tunnels that will be allowed by the broker -max_tunnels=150 -; Tunnel port base -port_base=25000 -; Tunnel id base -tunnel_id_base=500 -; Tunnel timeout interval in seconds -tunnel_timeout=60 -; Should PMTU discovery be enabled -pmtu_discovery=false -; Namespace (for running multiple brokers); note that you must also -; configure disjunct ports, and tunnel identifiers in order for -; namespacing to work -namespace=backup - -[log] -; Log filename -filename=/var/log/tunneldigger-broker-backup.log -; Verbosity -verbosity=DEBUG -; Should IP addresses be logged or not -log_ip_addresses=false - -[hooks] -; Arguments to the session.{up,pre-down,down} hooks are as follows: -; -; -; -; Arguments to the session.mtu-changed hook are as follows: -; -; -; - -; Called after the tunnel interface goes up -session.up=/srv/tunneldigger/bataddif.sh -; Called just before the tunnel interface goes down -session.pre-down=/srv/tunneldigger/batdelif.sh -; Called after the tunnel interface goes down -session.down= -; Called after the tunnel MTU gets changed because of PMTU discovery -session.mtu-changed= diff --git a/files/slacktee.conf b/files/slacktee.conf deleted file mode 100644 index 375e2ac..0000000 --- a/files/slacktee.conf +++ /dev/null @@ -1,13 +0,0 @@ -# ---------- -# Configuration -# Describes the Incoming Webhook allowing you to post messages into Slack. -# After the configuration, copy this file to /etc or your home directory. -# NOTE : Please rename this file to '.slacktee', if you'd like to place this in your home directory. -# ---------- -webhook_url="https://hooks.slack.com/services/{{ slack_token }}" # Incoming Webhooks integration URL. See https://my.slack.com/services/new/incoming-webhook -upload_token="" # The user's API authentication token, only used for file uploads. See https://api.slack.com/#auth -channel="technik" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'. -tmp_dir="/tmp" # Temporary file is created in this directory. -username="slacktee" # Default username to post messages. -icon="ghost" # Default emoji or a direct url to an image to post messages. You don't have to wrap emoji with ':'. See http://www.emoji-cheat-sheet.com. -attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used. diff --git a/files/sn_startup.exit.sh.j2 b/files/sn_startup.exit.sh.j2 index 51ce325..1e53d76 100644 --- a/files/sn_startup.exit.sh.j2 +++ b/files/sn_startup.exit.sh.j2 @@ -35,10 +35,9 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", /usr/local/sbin/batctl if add br-nodes sleep 5 - -#Stop all Services - Started from keepalive.sh -/bin/systemctl stop radvd -/bin/systemctl stop tunneldigger -/bin/systemctl stop bird -/bin/systemctl stop bird6 +/bin/systemctl restart radvd +/bin/systemctl retsrat tunneldigger +/bin/systemctl restart bird +/bin/systemctl restart bird6 +/bin/systemctl restart isc-dhcp-server exit 0 diff --git a/files/start-broker-backup.sh b/files/start-broker-backup.sh deleted file mode 100644 index 8f05c33..0000000 --- a/files/start-broker-backup.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -WDIR=/srv/tunneldigger -VIRTUALENV_DIR=/srv/tunneldigger - -cd $WDIR -source $VIRTUALENV_DIR/bin/activate - -bin/python broker/l2tp_broker.py l2tp_broker-backup.cfg diff --git a/files/supernode b/files/supernode deleted file mode 100644 index 19a8b28..0000000 --- a/files/supernode +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash -help () { -echo "Supernode Settings:" -echo "status | off | on" -} - -status () { - supernode_status=$(/bin/cat /etc/supernode-status/supernode.status) - supernode_mode=$(/bin/cat /etc/supernode-status/supernode.mode) - - echo -e "\nSupernode Status: (Ist-Zustand)" - if [ $supernode_status == 0 ]; then - echo "Supernode ist Abgeschaltet" - elif [ $supernode_status == 1 ]; then - echo "Supernode läuft (Automatik inkl. Backup)" - elif [ $supernode_status == 2 ]; then - echo "Supernode läuft (Backup Netz Aktiv)" - elif [ $supernode_status == 3 ]; then - echo "Supernode läuft (Backup deaktiviert)" - fi - echo -e "\nSupernode Status: (Soll-Zustand)" - if [ $supernode_mode == 0 ]; then - echo "Supernode ist Abgeschaltet" - elif [ $supernode_mode == 1 ]; then - echo "Supernode läuft (Automatik inkl. Backup)" - elif [ $supernode_mode == 2 ]; then - echo "Supernode läuft (Backup Netz Aktiv)" - elif [ $supernode_mode == 3 ]; then - echo "Supernode läuft (Backup deaktiviert)" - fi - echo -e "\nService Status" - for service in bird bird6 dhcpd radvd python named - do - if [ "$(/bin/cat /etc/supernode-status/$service.status)" = "1" ]; then - echo -e "$service läuft" - else - echo -e "$service aus" - fi - done -} - -off () { - echo 0 > /etc/supernode-status/supernode.mode - /usr/sbin/service tunneldigger stop - /usr/sbin/service bind9 stop - /usr/sbin/service bird stop - /usr/sbin/service bird6 stop - /usr/sbin/service isc-dhcp-server stop - /usr/sbin/service radvd stop - /usr/local/sbin/batctl gw off - echo "Supernode Aus" -} - -on () { - echo 1 > /etc/supernode-status/supernode.mode - /usr/sbin/service tunneldigger restart - /usr/sbin/service bind9 restart - /usr/sbin/service bird restart - /usr/sbin/service bird6 restart - /usr/sbin/service isc-dhcp-server restart - /usr/sbin/service radvd restart - /usr/local/sbin/batctl gw server 100Mbit/100Mbit - echo "Supernode An" -} -$1 diff --git a/files/tunneldigger-backup.service b/files/tunneldigger-backup.service deleted file mode 100644 index afa351b..0000000 --- a/files/tunneldigger-backup.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description = Start tunneldigger L2TPv3 broker -After = network.target - -[Service] -ExecStart = /srv/tunneldigger/start-broker-backup.sh - -[Install] -WantedBy = multi-user.target diff --git a/install.sn.yml b/install.sn.yml index e73ea67..a387655 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v3.1.3 + snversion: master_v3.1.4 batmanversion: v2017.4 common_required_packages: - git @@ -57,13 +57,13 @@ - l2tp_eth tunneldigger_scripts: - start-broker.sh - - start-broker-backup.sh +# - start-broker-backup.sh - batdelif.sh tunneldigger_service: - tunneldigger.service - - tunneldigger-backup.service +# - tunneldigger-backup.service broker_cfg: - - l2tp_broker-backup.cfg +# - l2tp_broker-backup.cfg - l2tp_broker.cfg # bind_zone_fftdf: # - named.conf.fftdf @@ -219,7 +219,7 @@ with_items: - systemctl daemon-reload - systemctl enable tunneldigger.service - - systemctl enable tunneldigger-backup.service +# - systemctl enable tunneldigger-backup.service when: tunneldigger.changed - name: Copy logrotate config copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 From 75c9e1b7516a8f760d45813bb90d5abe7d1bb50e Mon Sep 17 00:00:00 2001 From: Freifunk Troisdorf Date: Tue, 5 Feb 2019 21:43:29 +0100 Subject: [PATCH 05/19] Housekeeping --- Untitled Diagram.xml | 1 - 1 file changed, 1 deletion(-) delete mode 100644 Untitled Diagram.xml diff --git a/Untitled Diagram.xml b/Untitled Diagram.xml deleted file mode 100644 index 16f766d..0000000 --- a/Untitled Diagram.xml +++ /dev/null @@ -1 +0,0 @@ -UzV2zq1wL0osyPDNT0nNUTV2VTV2LsrPL4GwciucU3NyVI0MMlNUjV1UjYwMgFjVyA2HrCFY1qAgsSg1rwSLBiADYTaQg2Y1AA== \ No newline at end of file From 919a3e1b98f0f9dc07591a7f257dfc77d9ff4499 Mon Sep 17 00:00:00 2001 From: stebifan Date: Thu, 7 Feb 2019 19:09:18 +0100 Subject: [PATCH 06/19] Fork Tunneldigger Repo to Troisdorf --- install.sn.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sn.yml b/install.sn.yml index a387655..7a6531f 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -175,7 +175,7 @@ # git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger version=v0.1.0 # git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger # git: repo=https://github.com/ffrl/tunneldigger.git dest=/srv/tunneldigger - git: repo=https://github.com/rohammer/tunneldigger.git dest=/srv/tunneldigger + git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger # version: release-0.22 register: tunneldigger when: aptupdates.changed From d9975193bded1a586f3092fc894c5351fb27aa0f Mon Sep 17 00:00:00 2001 From: Freifunk Troisdorf Date: Fri, 8 Feb 2019 00:18:44 +0100 Subject: [PATCH 07/19] housekeeping --- files/dhcpd.conf.j2 | 2 +- files/dhcpd6.conf.j2 | 2 +- files/{fftdf/db.fftdf.j2 => ff/db.ff.j2} | 8 +- files/ff/ff.conf | 6 + files/fftdf/fftdf.conf | 6 - ...es-troisdorf4 => interfaces-troisdorf4.j2} | 14 +- ...es-troisdorf5 => interfaces-troisdorf5.j2} | 14 +- ...es-troisdorf6 => interfaces-troisdorf6.j2} | 17 +-- ...es-troisdorf7 => interfaces-troisdorf7.j2} | 4 +- files/named.conf.local | 4 +- files/sn_startup.local.exit.sh.j2 | 43 ++++++ install.sn.yml | 140 +++--------------- 12 files changed, 101 insertions(+), 159 deletions(-) rename files/{fftdf/db.fftdf.j2 => ff/db.ff.j2} (89%) create mode 100644 files/ff/ff.conf delete mode 100644 files/fftdf/fftdf.conf rename files/{interfaces-troisdorf4 => interfaces-troisdorf4.j2} (93%) rename files/{interfaces-troisdorf5 => interfaces-troisdorf5.j2} (90%) rename files/{interfaces-troisdorf6 => interfaces-troisdorf6.j2} (89%) rename files/{interfaces-troisdorf7 => interfaces-troisdorf7.j2} (98%) create mode 100644 files/sn_startup.local.exit.sh.j2 diff --git a/files/dhcpd.conf.j2 b/files/dhcpd.conf.j2 index 8cd5205..d381959 100644 --- a/files/dhcpd.conf.j2 +++ b/files/dhcpd.conf.j2 @@ -1,6 +1,6 @@ # Version 1.3 ddns-update-style none; -option domain-name "fftdf"; +option domain-name "ff"; default-lease-time 300; max-lease-time 3600; log-facility local7; diff --git a/files/dhcpd6.conf.j2 b/files/dhcpd6.conf.j2 index 2a79b20..670a0d8 100644 --- a/files/dhcpd6.conf.j2 +++ b/files/dhcpd6.conf.j2 @@ -8,7 +8,7 @@ max-lease-time 600; option dhcp6.name-servers {{ sn_mesh_IPv6 }}; -option dhcp6.domain-search "fftdf"; +option dhcp6.domain-search "ff"; subnet6 {{ sn_mesh_IPv6_net }} { } diff --git a/files/fftdf/db.fftdf.j2 b/files/ff/db.ff.j2 similarity index 89% rename from files/fftdf/db.fftdf.j2 rename to files/ff/db.ff.j2 index 0216c3a..a46175e 100644 --- a/files/fftdf/db.fftdf.j2 +++ b/files/ff/db.ff.j2 @@ -1,15 +1,15 @@ -;; db.fftdf -;; Forwardlookupzone für .fftdf +;; db.ff +;; Forwardlookupzone für .ff ;; $TTL 600 -@ IN SOA fftdf. root.fftdf. ( +@ IN SOA ff. root.ff. ( 2015584544 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 3H ) ; NX (TTL Negativ Cache) -@ IN NS {{ sn_hostname }}.infra.fftdf. +@ IN NS {{ sn_hostname }}.infra.ff. IN A {{ sn_mesh_IPv4 }} IN AAAA {{ sn_mesh_IPv6 }} localhost IN A 127.0.0.1 diff --git a/files/ff/ff.conf b/files/ff/ff.conf new file mode 100644 index 0000000..c720df4 --- /dev/null +++ b/files/ff/ff.conf @@ -0,0 +1,6 @@ +// Zone declarations for Freifunk + +zone "ff" { + type master; + file "/etc/bind/ff/db.ff"; +}; diff --git a/files/fftdf/fftdf.conf b/files/fftdf/fftdf.conf deleted file mode 100644 index e94dfa6..0000000 --- a/files/fftdf/fftdf.conf +++ /dev/null @@ -1,6 +0,0 @@ -// Zone declarations for Freifunk Troisdorf - -zone "fftdf" { - type master; - file "/etc/bind/fftdf/db.fftdf"; -}; \ No newline at end of file diff --git a/files/interfaces-troisdorf4 b/files/interfaces-troisdorf4.j2 similarity index 93% rename from files/interfaces-troisdorf4 rename to files/interfaces-troisdorf4.j2 index 3784e32..1ab9164 100644 --- a/files/interfaces-troisdorf4 +++ b/files/interfaces-troisdorf4.j2 @@ -13,18 +13,18 @@ iface lo inet6 loopback # The primary network interface -allow-hotplug eth0 -iface eth0 inet static +allow-hotplug {{ sn_interface_name }} +iface {{ sn_interface_name }} inet static address 212.129.50.141 netmask 255.255.255.255 gateway 163.172.210.1 pointopoint 163.172.210.1 post-up iptables -P OUTPUT ACCEPT - post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP - post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP + post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE auto 6to4 iface 6to4 inet6 6to4 local 212.129.50.141 diff --git a/files/interfaces-troisdorf5 b/files/interfaces-troisdorf5.j2 similarity index 90% rename from files/interfaces-troisdorf5 rename to files/interfaces-troisdorf5.j2 index fea611f..68d1394 100644 --- a/files/interfaces-troisdorf5 +++ b/files/interfaces-troisdorf5.j2 @@ -13,18 +13,18 @@ iface lo inet6 loopback # The primary network interface -allow-hotplug eth0 -iface eth0 inet static +allow-hotplug {{ sn_interface_name }} +iface {{ sn_interface_name }} inet static address 62.210.5.90 netmask 255.255.255.255 gateway 163.172.210.1 pointopoint 163.172.210.1 post-up iptables -P OUTPUT ACCEPT - post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP - post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP + post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE auto 6to4 iface 6to4 inet6 6to4 local 62.210.5.90 diff --git a/files/interfaces-troisdorf6 b/files/interfaces-troisdorf6.j2 similarity index 89% rename from files/interfaces-troisdorf6 rename to files/interfaces-troisdorf6.j2 index ceb6352..1877aa5 100644 --- a/files/interfaces-troisdorf6 +++ b/files/interfaces-troisdorf6.j2 @@ -13,25 +13,24 @@ iface lo inet6 loopback # The primary network interface -allow-hotplug eth0 -#iface eth0 inet dhcp -iface eth0 inet static +allow-hotplug {{ sn_interface_name }} +iface {{ sn_interface_name }} inet static address 62.210.12.122 netmask 255.255.255.255 gateway 163.172.210.1 pointopoint 163.172.210.1 post-up iptables -P OUTPUT ACCEPT - post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP - post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP - post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP + post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP + post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE auto 6to4 iface 6to4 inet6 6to4 local 62.210.12.122 post-up ip6tables -P OUTPUT ACCEPT - post-up ip6tables -A OUTPUT -o eth0 -d fc00::/7 -j DROP + post-up ip6tables -A OUTPUT -o $IFACE -d fc00::/7 -j DROP # GRE Tunnel zum Rheinland Backbone # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen diff --git a/files/interfaces-troisdorf7 b/files/interfaces-troisdorf7.j2 similarity index 98% rename from files/interfaces-troisdorf7 rename to files/interfaces-troisdorf7.j2 index cd6ca9b..214e566 100644 --- a/files/interfaces-troisdorf7 +++ b/files/interfaces-troisdorf7.j2 @@ -13,8 +13,8 @@ iface lo inet6 loopback # The primary network interface -allow-hotplug ens18 -iface ens18 inet static +allow-hotplug {{ sn_interface_name }} +iface {{ sn_interface_name }} inet static address 93.241.53.100 netmask 255.255.255.0 gateway 93.241.53.1 diff --git a/files/named.conf.local b/files/named.conf.local index db75b20..09a1335 100644 --- a/files/named.conf.local +++ b/files/named.conf.local @@ -6,5 +6,5 @@ // organization //include "/etc/bind/zones.rfc1918"; -// Include Freifunk Troisdorf (fftdf) zones -include "/etc/bind/fftdf/fftdf.conf"; \ No newline at end of file +// Include Freifunk (ff) zones +include "/etc/bind/ff/ff.conf"; diff --git a/files/sn_startup.local.exit.sh.j2 b/files/sn_startup.local.exit.sh.j2 new file mode 100644 index 0000000..bd648ae --- /dev/null +++ b/files/sn_startup.local.exit.sh.j2 @@ -0,0 +1,43 @@ +#!/bin/sh +# Version 1.91 + +curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} + +# Activate IP forwarding +/sbin/sysctl -w net.ipv6.conf.all.forwarding=1 +/sbin/sysctl -w net.ipv4.ip_forward=1 + +# restart when kernel panic +/sbin/sysctl kernel.panic=1 + +# Routing table 42 +/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables + +# Set table for traffice with mark 4 +/bin/ip rule add fwmark 0x4 table 42 +/bin/ip -6 rule add fwmark 0x4 table 42 + +# Set mark 4 to Freifunk traffic +#/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 +#/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4 + +# All from FF IPv4 via routing table 42 +#/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42 +#/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42 + +# Allow MAC address spoofing +/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 + +# Create Tunneldigger Bridge +/sbin/brctl addbr br-nodes +/sbin/ip link set dev br-nodes up address 2E:9D:FA:A1:6B:0{{ sn_number }} +/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP +/usr/local/sbin/batctl if add br-nodes + +sleep 5 +/bin/systemctl restart radvd +/bin/systemctl retsrat tunneldigger +/bin/systemctl restart bird +/bin/systemctl restart bird6 +/bin/systemctl restart isc-dhcp-server +exit 0 diff --git a/install.sn.yml b/install.sn.yml index 7a6531f..1a494c2 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v3.1.4 + snversion: master_v3.1.5 batmanversion: v2017.4 common_required_packages: - git @@ -47,6 +47,7 @@ - libffi-dev - libnetfilter-conntrack-dev - libnfnetlink-dev + - speedtest-cli modules_required: - batman-adv - nf_conntrack_netlink @@ -57,25 +58,15 @@ - l2tp_eth tunneldigger_scripts: - start-broker.sh -# - start-broker-backup.sh - batdelif.sh tunneldigger_service: - tunneldigger.service -# - tunneldigger-backup.service broker_cfg: -# - l2tp_broker-backup.cfg - l2tp_broker.cfg -# bind_zone_fftdf: -# - named.conf.fftdf -# check_gw_script: -# - keepalive.sh authorized_keys: - authorized_keys logrotate_config: - logrotate.conf -# supernode_config: -# - supernode.mode -# - loadbalancing.mode tasks: - name: Remove cdrom in sources.list @@ -91,6 +82,10 @@ # url: https://sks.pod01.fleetstreetops.com # state: present + - name: Import Slack token + include_vars: "{{ slack_token_file }}" + - name: Import root password + include_vars: "{{ root_password_file }}" - name: Add Freifuck repo to source list apt_repository: repo='deb https://freifuck.de/debian stretch main' state=present - name: Add backport repo to source list @@ -128,7 +123,6 @@ timeout=300 when: hosts.changed when: sethostname.changed -# - apt: update_cache=yes - name: Install common required packages apt: name: "{{ item }}" @@ -138,57 +132,13 @@ register: aptupdates - name: Set clock shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start -# - name: Add modules -# lineinfile: dest=/etc/modules line={{ item }} -# with_items: modules_required -# register: modules_req -# - name: Load modules -# modprobe: name={{ item }} -# with_items: modules_required -# when: modules_req.changed -# - name: Install Linux headers -# shell: > -# apt-get install linux-headers-$(uname -r) -y -# when: aptupdates.changed -# - name: Get batman-adv -# git: repo=https://git.open-mesh.org/batman-adv.git -# dest=/tmp/batman-adv -# when: aptupdates.changed -# register: getbatman -# - name: Get batman-adv no rebrotcast patch -# get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch -# when: getbatman.changed -# - name: Install batman-adv -# shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install -# shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install -# when: getbatman.changed -# - name: Get batctl -# git: repo=http://git.open-mesh.org/batctl.git -# dest=/tmp/batctl -# when: aptupdates.changed -# register: getbatctl -# - name: Install batctl -# shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install -# when: getbatctl.changed - name: Get Tunneldigger -# git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger -# git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger version=v0.1.0 -# git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger -# git: repo=https://github.com/ffrl/tunneldigger.git dest=/srv/tunneldigger git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger -# version: release-0.22 register: tunneldigger when: aptupdates.changed - name: Configure tunneldigger raw: "cd /srv/tunneldigger && virtualenv env_tunneldigger && source env_tunneldigger/bin/activate && cd broker && python setup.py install" -# command: "{{item}}" -# with_items: -# - virtualenv /srv/tunneldigger/ -p python2.7 -# - virtualenv /srv/tunneldigger/ when: tunneldigger.changed -# - name: Tunneldigger requirements -# pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/ -# when: tunneldigger.changed - name: Copy l2tp broker config template template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444 with_items: "{{ broker_cfg }}" @@ -204,57 +154,26 @@ copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444 with_items: "{{ tunneldigger_service }}" when: tunneldigger.changed -########## - name: Add modules lineinfile: dest=/etc/modules line={{ item }} with_items: "{{ modules_required }}" register: modules_req -# - name: Load modules -# modprobe: name= "{{ item }}" -# with_items: "{{ modules_required }}" -# when: modules_req.changed -######### - name: Tunneldigger reload command: "{{item}}" with_items: - systemctl daemon-reload - systemctl enable tunneldigger.service -# - systemctl enable tunneldigger-backup.service when: tunneldigger.changed - name: Copy logrotate config copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 with_items: "{{logrotate_config}}" - name: Create freifunk directory file: path=/opt/freifunk state=directory mode=0755 -# - name: Create keepalive directory -# file: path=/etc/supernode-status state=directory mode=0755 -# - name: Create supernode config files -# file: path=/etc/supernode-status/{{ item }} state=touch owner=root group=root mode=0644 -# with_items: supernode_config -# - name: Supernode set default mode -# lineinfile: dest=/etc/supernode-status/{{ item }} regexp=^0 line=0 -# with_items: supernode_config -# - name: Check gateway / keepalive script supernode -# copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 -# with_items: check_gw_script -# register: check_gw -# when: sn_exit is undefined -# - name: Check gateway / keepalive script super- and exitnode -# template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500 -# register: check_gw -# when: sn_exit is defined -# - name: Add cron job with check gateway script -# cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root" -# when: check_gw.changed -# - name: Supernode Config script super- and exitnode -# copy: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500 -# when: sn_exit is defined - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 register: dhcpd - name: Clone static DHCP config - git: repo=https://github.com/Freifunk-Troisdorf/static-dhcp - dest=/opt/freifunk/static-dhcp + git: repo="{{ static_dhcp_repo }}" dest=/opt/freifunk/static-dhcp when: dhcpd.changed - name: Add cron static DHCP cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh" @@ -267,58 +186,40 @@ cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" - name: Add cron startup script cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" - - name: Copy backbone script - template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 - when: sn_exit is undefined - name: Copy backbone script template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 - when: sn_exit is defined -# - name: Collectd template file -# template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 -# register: collectd -# - name: Restart collectd -# service: name=collectd state=restarted -# when: collectd.changed - - name: configure startup script supernode - template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 - when: sn_exit is undefined - name: Exit node startup script super- and exitnode template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 when: sn_exit is defined + - name: Exit node startup script super- and exitnode + template: src=./files/sn_startup.local.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 + when: sn_local_exit is defined - name: SSH authorized_keys copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 with_items: "{{ authorized_keys }}" - - name: Bind9, activate fftdf zone - lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/fftdf/fftdf.conf";' state=present + - name: Bind9, activate ff zone + lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/ff/ff.conf";' state=present - name: Copy option template template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 - - name: Create fftdf directory - file: path=/etc/bind/fftdf state=directory - - name: Copy FFTDF Zones - copy: src=./files/fftdf/{{ item }} dest=/etc/bind/fftdf/{{ item }} owner=root group=bind mode=644 + - name: Create ff directory + file: path=/etc/bind/ff state=directory + - name: Copy FF Zones + copy: src=./files/ff/{{ item }} dest=/etc/bind/ff/{{ item }} owner=root group=bind mode=644 with_items: - - fftdf.conf - - name: Copy fftdf Zone config template - template: src=./files/fftdf/db.fftdf.j2 dest=/etc/bind/fftdf/db.fftdf owner=radvd group=root mode=0444 + - ff.conf + - name: Copy ff Zone config template + template: src=./files/ff/db.ff.j2 dest=/etc/bind/ff/db.ff owner=bind group=root mode=0444 - name: Copy radvd config template template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 - name: Interface configuration with ffrl gre tunnel - copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544 - when: sn_exit is defined + template: src=./files/interfaces-{{ sn_hostname }}.j2 dest=/etc/network/interfaces owner=root group=root mode=0544 - apt: update_cache=yes - name: Install bird apt: state=present pkg=bird - when: sn_exit is defined - name: Bird configuration copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444 - when: sn_exit is defined - name: Bird configuration copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444 - when: sn_exit is defined -# - name: Get speedtest-cli -# get_url: url=https://raw.githubusercontent.com/MightySCollins/speedtest-cli/master/speedtest_cli.py dest=/usr/bin/speedtest-cli -# - name: Change rights speedtest-cli -# file: path=/usr/bin/speedtest-cli owner=root group=root mode=0755 - name: Copy Slacktee Config template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544 - name: Copy Slacktee @@ -369,4 +270,3 @@ channel: "#technik" username: "Ansible on {{ inventory_hostname }}" parse: 'none' - From b5a000701668878c3eccd29118d1a663221fb80c Mon Sep 17 00:00:00 2001 From: stebifan Date: Fri, 8 Feb 2019 19:23:03 +0100 Subject: [PATCH 08/19] Add Yanic Conf --- files/yanic.conf | 204 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 204 insertions(+) create mode 100644 files/yanic.conf diff --git a/files/yanic.conf b/files/yanic.conf new file mode 100644 index 0000000..6f89d97 --- /dev/null +++ b/files/yanic.conf @@ -0,0 +1,204 @@ +# This is the config file for Yanic written in "Tom's Obvious, Minimal Language." +# syntax: https://github.com/toml-lang/toml +# (if you need somethink multiple times, checkout out the [[array of table]] section) + +# Send respondd request to update information +[respondd] +enable = true +# Delay startup until a multiple of the period since zero time +synchronize = "1m" +# how often request per multicast +collect_interval = "1m" + +# table of a site to save stats for (not exists for global only) +#[respondd.sites.example] +## list of domains on this site to save stats for (empty for global only) +#domains = [] +## example +[respondd.sites.ff] +domains = ["city"] + +# interface that has an IP in your mesh network +[[respondd.interfaces]] +# name of interface on which this collector is running +ifname = "bat0" +# ip address which is used for sending +# (optional - without definition used a address of ifname) +#ip_address = "fd2f:5119:f2d::5" +# disable sending multicast respondd request +# (for receiving only respondd packages e.g. database respondd) +#send_no_request = false +# multicast address to destination of respondd +# (optional - without definition used batman default ff02::2:1001) +#multicast_address = "ff05::2:1001" +# define a port to listen +# if not set or set to 0 the kernel will use a random free port at its own +#port = 10001 + +# A little build-in webserver, which statically serves a directory. +# This is useful for testing purposes or for a little standalone installation. +[webserver] +enable = true +bind = "0.0.0.0:80" +webroot = "/opt/freifunk/yanic" + + +[nodes] +# Cache file +# a json file to cache all data collected directly from respondd +state_path = "/opt/freifunk/yanic/state.json" +# prune data in RAM, cache-file and output json files (i.e. nodes.json) +# that were inactive for longer than +prune_after = "7d" +# Export nodes and graph periodically +save_interval = "5s" +# Set node to offline if not seen within this period +offline_after = "10m" + + +## [[nodes.output.example]] +# Each output format has its own config block and needs to be enabled by adding: +#enable = true +# +# For each output format there can be set different filters +#[nodes.output.example.filter] +# +# WARNING: if it is not set, it will publish contact information of other persons +# Set to true, if you did not want the json files to contain the owner information +#no_owner = true +# +# List of nodeids of nodes that should be filtered out, so they won't appear in output +#blacklist = ["00112233445566", "1337f0badead"] +# +# List of site_codes of nodes that should be included in the output +#sites = ["ffhb"] +# +# replace the site_code with the domain_code in this output +# e.g. site_code='ffhb',domain_code='city' => site_code='city', domain_code='' +#domain_as_site = true +# +# append on the site_code the domain_code with a '.' in this output +# e.g. site_code='ffhb',domain_code='city' => site_code='ffhb.city', domain_code='' +#domain_append_site = true +# +# set has_location to true if you want to include only nodes that have geo-coordinates set +# (setting this to false has no sensible effect, unless you'd want to hide nodes that have coordinates) +#has_location = true + +#[nodes.output.example.filter.in_area] +# nodes outside this area are not shown on the map but are still listed as a node without coordinates +#latitude_min = 34.30 +#latitude_max = 71.85 +#longitude_min = -24.96 +#longitude_max = 39.72 + + +# definition for the new more compressed meshviewer.json +[[nodes.output.meshviewer-ff]] +enable = true +path = "/opt/freifunk/yanic/meshviewer.json" + +[nodes.output.meshviewer-ff.filter] +# WARNING: if it is not set, it will publish contact information of other persons +no_owner = true +#blacklist = ["00112233445566", "1337f0badead"] +#sites = ["ffhb"] +#has_location = true + +#[nodes.output.meshviewer-ff.filter.in_area] +#latitude_min = 34.30 +#latitude_max = 71.85 +#longitude_min = -24.96 +#longitude_max = 39.72 + + +# definition for nodes.json +[[nodes.output.meshviewer]] +enable = true +# The structure version of the output which should be generated (i.e. nodes.json) +# version 1 is accepted by the legacy meshviewer (which is the master branch) +# i.e. https://github.com/ffnord/meshviewer/tree/master +# version 2 is accepted by the new versions of meshviewer (which are in the legacy develop branch or newer) +# i.e. https://github.com/ffnord/meshviewer/tree/dev +# https://github.com/ffrgb/meshviewer/tree/develop +version = 2 +# path where to store nodes.json +nodes_path = "/opt/freifunk/yanic/nodes.json" +# path where to store graph.json +graph_path = "/opt/freifunk/yanic/graph.json" + +[nodes.output.meshviewer.filter] +# WARNING: if it is not set, it will publish contact information of other persons +no_owner = true + + +# definition for nodelist.json +[[nodes.output.nodelist]] +enable = true +path = "/opt/freifunk/yanic/nodelist.json" + +[nodes.output.nodelist.filter] +# WARNING: if it is not set, it will publish contact information of other persons +no_owner = true + + + +[database] +# this will send delete commands to the database to prune data +# which is older than: +delete_after = "7d" +# how often run the cleaning +delete_interval = "1h" + +## [[database.connection.example]] +# Each database-connection has its own config block and needs to be enabled by adding: +#enable = true + +# Save collected data to InfluxDB. +# There are the following measurments: +# node: store node specific data i.e. clients memory, airtime +# global: store global data, i.e. count of clients and nodes +# firmware: store the count of nodes tagged with firmware +# model: store the count of nodes tagged with hardware model +[[database.connection.influxdb]] +enable = false +address = "http://localhost:8086" +database = "ffhb" +username = "" +password = "" + +# Tagging of the data (optional) +[database.connection.influxdb.tags] +# Tags used by Yanic would override the tags from this config +# nodeid, hostname, owner, model, firmware_base, firmware_release,frequency11g and frequency11a are tags which are already used +#tagname1 = "tagvalue 1" +# some useful e.g.: +#system = "productive" +#site = "ffhb" + +# Graphite settings +[[database.connection.graphite]] +enable = false +address = "localhost:2003" +# Graphite is replacing every "." in the metric name with a slash "/" and uses +# that for the file system hierarchy it generates. it is recommended to at least +# move the metrics out of the root namespace (that would be the empty prefix). +# If you only intend to run one community and only freifunk on your graphite node +# then the prefix can be set to anything (including the empty string) since you +# probably wont care much about "polluting" the namespace. +prefix = "freifunk" + +# respondd (yanic) +# forward collected respondd package to a address +# (e.g. to another respondd collector like a central yanic instance or hopglass) +[[database.connection.respondd]] +enable = false +# type of network to create a connection +type = "udp6" +# destination address to connect/send respondd package +address = "stats.bremen.freifunk.net:11001" + +# Logging +[[database.connection.logging]] +enable = false +path = "/var/log/yanic.log" From b8a868f76c3a441130b8e013770a752cd9df3818 Mon Sep 17 00:00:00 2001 From: stebifan Date: Fri, 8 Feb 2019 19:32:26 +0100 Subject: [PATCH 09/19] make yanic.conf to .j2 --- files/{yanic.conf => yanic.conf.j2} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename files/{yanic.conf => yanic.conf.j2} (99%) diff --git a/files/yanic.conf b/files/yanic.conf.j2 similarity index 99% rename from files/yanic.conf rename to files/yanic.conf.j2 index 6f89d97..202e0d2 100644 --- a/files/yanic.conf +++ b/files/yanic.conf.j2 @@ -16,7 +16,7 @@ collect_interval = "1m" #domains = [] ## example [respondd.sites.ff] -domains = ["city"] +domains = ["{{ yanic_domain }}"] # interface that has an IP in your mesh network [[respondd.interfaces]] From bc161d2506598849ec22a0d4e2884b33b6e466c4 Mon Sep 17 00:00:00 2001 From: stebifan Date: Fri, 8 Feb 2019 21:04:16 +0100 Subject: [PATCH 10/19] Yanic Bugfix --- files/yanic.conf.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/files/yanic.conf.j2 b/files/yanic.conf.j2 index 202e0d2..727c261 100644 --- a/files/yanic.conf.j2 +++ b/files/yanic.conf.j2 @@ -39,7 +39,7 @@ ifname = "bat0" # This is useful for testing purposes or for a little standalone installation. [webserver] enable = true -bind = "0.0.0.0:80" +bind = "0.0.0.0:8080" webroot = "/opt/freifunk/yanic" @@ -94,18 +94,18 @@ offline_after = "10m" # definition for the new more compressed meshviewer.json -[[nodes.output.meshviewer-ff]] +[[nodes.output.meshviewer-ffrgb]] enable = true path = "/opt/freifunk/yanic/meshviewer.json" -[nodes.output.meshviewer-ff.filter] +[nodes.output.meshviewer-ffrgb.filter] # WARNING: if it is not set, it will publish contact information of other persons no_owner = true #blacklist = ["00112233445566", "1337f0badead"] #sites = ["ffhb"] #has_location = true -#[nodes.output.meshviewer-ff.filter.in_area] +#[nodes.output.meshviewer-ffrgb.filter.in_area] #latitude_min = 34.30 #latitude_max = 71.85 #longitude_min = -24.96 From 49ce07f3c2953f08c3e6aba9da2af3b171e77ffd Mon Sep 17 00:00:00 2001 From: Freifunk Troisdorf Date: Fri, 8 Feb 2019 23:15:57 +0100 Subject: [PATCH 11/19] Added yanic and resondd. ISC-DHCP hickup workaround --- files/sn_startup.exit.sh.j2 | 17 ++++++++++++++-- files/sn_startup.local.exit.sh.j2 | 16 +++++++++++++-- install.sn.retry | 1 - install.sn.yml | 34 ++++++++++++++++++++++++++++++- 4 files changed, 62 insertions(+), 6 deletions(-) delete mode 100644 install.sn.retry diff --git a/files/sn_startup.exit.sh.j2 b/files/sn_startup.exit.sh.j2 index 1e53d76..f564ee0 100644 --- a/files/sn_startup.exit.sh.j2 +++ b/files/sn_startup.exit.sh.j2 @@ -1,6 +1,8 @@ #!/bin/sh # Version 1.91 +sleep 5 + curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} # Activate IP forwarding @@ -34,10 +36,21 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", /sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP /usr/local/sbin/batctl if add br-nodes -sleep 5 +/bin/sleep 90 /bin/systemctl restart radvd +/bin/sleep 2 /bin/systemctl retsrat tunneldigger +/bin/sleep 2 /bin/systemctl restart bird +/bin/sleep 2 /bin/systemctl restart bird6 -/bin/systemctl restart isc-dhcp-server +/bin/sleep 2 +/bin/systemctl stop isc-dhcp-server +/bin/sleep 2 +/usr/bin/killall dhcpd +/bin/sleep 2 +/bin/rm /var/run/dhcpd.pid +/bin/sleep 2 +/bin/systemctl start isc-dhcp-server exit 0 + diff --git a/files/sn_startup.local.exit.sh.j2 b/files/sn_startup.local.exit.sh.j2 index bd648ae..b0c8423 100644 --- a/files/sn_startup.local.exit.sh.j2 +++ b/files/sn_startup.local.exit.sh.j2 @@ -1,6 +1,8 @@ #!/bin/sh # Version 1.91 +sleep 5 + curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} # Activate IP forwarding @@ -34,10 +36,20 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", /sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP /usr/local/sbin/batctl if add br-nodes -sleep 5 +/bin/sleep 90 /bin/systemctl restart radvd +/bin/sleep 2 /bin/systemctl retsrat tunneldigger +/bin/sleep 2 /bin/systemctl restart bird +/bin/sleep 2 /bin/systemctl restart bird6 -/bin/systemctl restart isc-dhcp-server +/bin/sleep 2 +/bin/systemctl stop isc-dhcp-server +/bin/sleep 2 +/usr/bin/killall dhcpd +/bin/sleep 2 +/bin/rm /var/run/dhcpd.pid +/bin/sleep 2 +/bin/systemctl start isc-dhcp-server exit 0 diff --git a/install.sn.retry b/install.sn.retry deleted file mode 100644 index c48c4ed..0000000 --- a/install.sn.retry +++ /dev/null @@ -1 +0,0 @@ -7.fftdf.de diff --git a/install.sn.yml b/install.sn.yml index 1a494c2..efead34 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v3.1.5 + snversion: master_v3.1.6 batmanversion: v2017.4 common_required_packages: - git @@ -48,6 +48,7 @@ - libnetfilter-conntrack-dev - libnfnetlink-dev - speedtest-cli + - ethtool modules_required: - batman-adv - nf_conntrack_netlink @@ -61,6 +62,8 @@ - batdelif.sh tunneldigger_service: - tunneldigger.service + respondd_service: + - respondd_service broker_cfg: - l2tp_broker.cfg authorized_keys: @@ -172,6 +175,8 @@ - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 register: dhcpd + - name: Copy dhcpd6 template file + template: src=./files/dhcpd6.conf.j2 dest=/etc/dhcp/dhcpd6.conf owner=root group=root mode=0444 - name: Clone static DHCP config git: repo="{{ static_dhcp_repo }}" dest=/opt/freifunk/static-dhcp when: dhcpd.changed @@ -220,6 +225,33 @@ copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444 - name: Bird configuration copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444 + - name: Create Yanic user + user: + name: yanic + comment: "Yanic service user" + - name: Create Yanic folder + file: path=/opt/freifunk/yanic state=directory mode=0755 owner=yanic group=yanic + - name: Copy Yanic config template + template: src=./files/yanic.conf.j2 dest=/etc/yanic.conf owner=yanic group=yanic mode=0444 + - name: Shit go stuff + shell: cd /usr/local && wget https://storage.googleapis.com/golang/go1.9.1.linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz && tar xvf go-release-linux-amd64.tar.gz && rm go-release-linux-amd64.tar.gz + - name: Adjust path for go + lineinfile: + dest: /root/.bashrc + line: "{{ item }}" + with_items: + - export GOPATH=/opt/go + - export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin + - name: Compile go + shell: go get -v -u github.com/Freifunk-Troisdorf/yanic + - name: Copy and enable yanic service + shell: cp /opt/go/src/github.com/Freifunk-Troisdorf/yanic/contrib/init/linux-systemd/yanic.service /lib/systemd/system/yanic.service && systemctl daemon-reload && systemctl enable yanic + - name: Get respondd + git: repo=https://github.com/Freifunk-Troisdorf/mesh-announce.git dest=/opt/mesh-announce + - name: Copy respondd service template + shell: cp /opt/mesh-announce/respondd.service /etc/systemd/system + - name: Enable respondd service + shell: systemctl daemon-reload && systemctl enable respondd - name: Copy Slacktee Config template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544 - name: Copy Slacktee From ac72952a0b2d683e56ef28e5a674127806eaf261 Mon Sep 17 00:00:00 2001 From: stebifan Date: Sat, 9 Feb 2019 08:37:50 +0100 Subject: [PATCH 12/19] Add Respondd restart after boot --- files/sn_startup.exit.sh.j2 | 2 ++ files/sn_startup.local.exit.sh.j2 | 2 ++ 2 files changed, 4 insertions(+) diff --git a/files/sn_startup.exit.sh.j2 b/files/sn_startup.exit.sh.j2 index f564ee0..040bc3c 100644 --- a/files/sn_startup.exit.sh.j2 +++ b/files/sn_startup.exit.sh.j2 @@ -45,6 +45,8 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", /bin/sleep 2 /bin/systemctl restart bird6 /bin/sleep 2 +/bin/systemctl restart respondd +/bin/sleep 2 /bin/systemctl stop isc-dhcp-server /bin/sleep 2 /usr/bin/killall dhcpd diff --git a/files/sn_startup.local.exit.sh.j2 b/files/sn_startup.local.exit.sh.j2 index b0c8423..7ea1f2d 100644 --- a/files/sn_startup.local.exit.sh.j2 +++ b/files/sn_startup.local.exit.sh.j2 @@ -45,6 +45,8 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", /bin/sleep 2 /bin/systemctl restart bird6 /bin/sleep 2 +/bin/systemctl restart respondd +/bin/sleep 2 /bin/systemctl stop isc-dhcp-server /bin/sleep 2 /usr/bin/killall dhcpd From 54a43b50a250c4d5a45ead7a21c56713ea707d89 Mon Sep 17 00:00:00 2001 From: Freifunk Troisdorf Date: Sat, 9 Feb 2019 09:20:10 +0100 Subject: [PATCH 13/19] Added example files --- files/hosts.example | 164 ++++++++++++++++++++++++++++++++++ files/root_pwd.yml.example | 1 + files/slack_token.yml.example | 1 + 3 files changed, 166 insertions(+) create mode 100644 files/hosts.example create mode 100644 files/root_pwd.yml.example create mode 100644 files/slack_token.yml.example diff --git a/files/hosts.example b/files/hosts.example new file mode 100644 index 0000000..6af41d7 --- /dev/null +++ b/files/hosts.example @@ -0,0 +1,164 @@ +# This is the default ansible 'hosts' file. +# +# It should live in /etc/ansible/hosts +# +# - Comments begin with the '#' character +# - Blank lines are ignored +# - Groups of hosts are delimited by [header] elements +# - You can enter hostnames or ip addresses +# - A hostname/ip can be a member of multiple groups + +# Ex 1: Ungrouped hosts, specify before any group headers. + +#green.example.com +#blue.example.com +#192.168.100.1 +#192.168.100.10 + +# Ex 2: A collection of hosts belonging to the 'webservers' group + +#[webservers] +#alpha.example.org +#beta.example.org +#192.168.1.100 +#192.168.1.110 + +# If you have multiple hosts following a pattern you can specify +# them like this: + +#www[001:006].example.com + +# Ex 3: A collection of database servers in the 'dbservers' group + +#[dbservers] +# +#db01.intranet.mydomain.net +#db02.intranet.mydomain.net +#10.25.1.56 +#10.25.1.57 + +# Here's another example of host ranges, this time there are no +# leading 0s: + +#db-[99:101]-node.example.com + + + +[freifunk_Lohmar] +82.165.139.113 ansible_ssh_port=2222 + +[freifunk] +46.4.138.180 ansible_ssh_port=2222 +46.4.138.181 ansible_ssh_port=2222 +46.4.138.182 ansible_ssh_port=2222 +46.4.138.183 ansible_ssh_port=2222 +46.4.138.188 ansible_ssh_port=22 +46.4.138.189 ansible_ssh_port=22 + +[freifunk_sn:children] +troisdorf4 +troisdorf5 +troisdorf6 +troisdorf7 + +[freifunk_sn_l2tp:children] +troisdorf4 +troisdorf5 +troisdorf6 +troisdorf7 + +[freifunk_sn:vars] +ansible_ssh_port=22 +ansible_ssh_user=root +sn_mtu=1312 +sn_l2tp_tb_port=53842 +sn_l2tp_tb_backup_port=53840 +sn_fqdn=freifunk-troisdorf.de +static_dhcp_repo=https://github.com/Freifunk-Troisdorf/static-dhcp.git +root_password_file=/home/localadmin/root_pwd.yml +slack_token_file=/home/localadmin/slack_token.yml + +[troisdorf4] +4.freifunk-troisdorf.de + +[troisdorf4:vars] +sn_number=4 +sn_hostname=troisdorf4 +sn_dhcp_range=10.188.8.0 10.188.15.254 +sn_mesh_IPv6=2a03:2260:121:4000::4 +sn_mesh_IPv6_net=2a03:2260:121:4000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:4000::2 +sn_mesh_IPv4=10.188.0.4 +sn_mesh_IPv4_brcast=10.188.31.255 +sn_mesh_IPv4_net=10.188.0.0 +sn_mesh_IPv4_xfer=10.188.0.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:04 +ul_mesh_MAC=a2:8c:ae:6f:f6:40 +sn_ffrl_IPv4=185.66.193.104 +sn_exit=1 +sn_interface_name=eth0 +yanic_domain=tdf + + +[troisdorf5] +5.fftdf.de + +[troisdorf5:vars] +sn_number=5 +sn_hostname=troisdorf5 +sn_dhcp_range=10.188.40.0 10.188.47.255 +sn_mesh_IPv6=2a03:2260:121:5000::5 +sn_mesh_IPv6_net=2a03:2260:121:5000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:5000::2 +sn_mesh_IPv4=10.188.32.5 +sn_mesh_IPv4_brcast=10.188.63.255 +sn_mesh_IPv4_net=10.188.32.0 +sn_mesh_IPv4_xfer=10.188.32.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:05 +ul_mesh_MAC=a2:8c:ae:6f:f6:50 +sn_ffrl_IPv4=185.66.193.105 +sn_exit=1 +sn_interface_name=eth0 +yanic_domain=inn + +[troisdorf6] +6.fftdf.de + +[troisdorf6:vars] +sn_number=6 +sn_hostname=troisdorf6 +sn_dhcp_range=10.188.72.0 10.188.79.255 +sn_mesh_IPv6=2a03:2260:121:6000::6 +sn_mesh_IPv6_net=2a03:2260:121:6000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:6000::2 +sn_mesh_IPv4=10.188.64.6 +sn_mesh_IPv4_brcast=10.188.95.255 +sn_mesh_IPv4_net=10.188.64.0 +sn_mesh_IPv4_xfer=10.188.64.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:06 +ul_mesh_MAC=a2:8c:ae:6f:f6:60 +sn_ffrl_IPv4=185.66.193.106 +sn_exit=1 +sn_interface_name=eth0 +yanic_domain=flu + +[troisdorf7] +7.fftdf.de + +[troisdorf7:vars] +sn_number=7 +sn_hostname=troisdorf7 +sn_dhcp_range=10.188.104.0 10.188.111.255 +sn_mesh_IPv6=2a03:2260:121:7000::7 +sn_mesh_IPv6_net=2a03:2260:121:7000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:7000::2 +sn_mesh_IPv4=10.188.96.7 +sn_mesh_IPv4_brcast=10.188.127.255 +sn_mesh_IPv4_net=10.188.96.0 +sn_mesh_IPv4_xfer=10.188.96.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:07 +ul_mesh_MAC=a2:8c:ae:6f:f6:70 +sn_ffrl_IPv4=185.66.193.107 +sn_local_exit=1 +sn_interface_name=ens18 +yanic_domain=evt diff --git a/files/root_pwd.yml.example b/files/root_pwd.yml.example new file mode 100644 index 0000000..f7fc8a5 --- /dev/null +++ b/files/root_pwd.yml.example @@ -0,0 +1 @@ +sn_rootpasswd: xyz diff --git a/files/slack_token.yml.example b/files/slack_token.yml.example new file mode 100644 index 0000000..06980a3 --- /dev/null +++ b/files/slack_token.yml.example @@ -0,0 +1 @@ +slack_token: "XYZ" From ce71e121394f9a2e4a6a283e1ae8727707dfc835 Mon Sep 17 00:00:00 2001 From: Freifunk Troisdorf Date: Sat, 9 Feb 2019 12:14:11 +0100 Subject: [PATCH 14/19] Fixed wrong IPv6 address (5.fftdf.de) --- files/interfaces-troisdorf5.j2 | 2 +- install.sn.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/files/interfaces-troisdorf5.j2 b/files/interfaces-troisdorf5.j2 index 68d1394..e600361 100644 --- a/files/interfaces-troisdorf5.j2 +++ b/files/interfaces-troisdorf5.j2 @@ -9,7 +9,7 @@ iface lo inet loopback up ip address add 185.66.193.105/32 dev lo iface lo inet6 loopback - up ip address add 203:2260:121:5000::105/52 dev lo + up ip address add 2a03:2260:121:5000::105/52 dev lo # The primary network interface diff --git a/install.sn.yml b/install.sn.yml index efead34..4637202 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,8 +9,8 @@ user: root gather_facts: False vars: - snversion: master_v3.1.6 - batmanversion: v2017.4 +# Internal verion number + snversion: 2019_v3.1.6 common_required_packages: - git - make @@ -105,7 +105,7 @@ - name: set hostname hostname: name='{{ sn_hostname }}' register: sethostname - - name: disable multi CPU Kernel (SMP) + - name: disable multi CPU Kernel (SMP) # Batman don not like SMP lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present register: grubnosmp - name: Update grub From 09f971ff9c0bd47b323606d8cb1f5946940a1eab Mon Sep 17 00:00:00 2001 From: Freifunk Troisdorf Date: Sat, 9 Feb 2019 12:38:48 +0100 Subject: [PATCH 15/19] Replace fixed value with variables --- files/l2tp_backbone.sh.exit.j2 | 4 ++-- files/l2tp_broker.cfg | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/files/l2tp_backbone.sh.exit.j2 b/files/l2tp_backbone.sh.exit.j2 index 19dfbad..225743d 100644 --- a/files/l2tp_backbone.sh.exit.j2 +++ b/files/l2tp_backbone.sh.exit.j2 @@ -3,9 +3,9 @@ sleep 60 batctl=/usr/local/sbin/batctl ip=/sbin/ip -communitymacaddress="a2:8c:ae:6f:f6" +communitymacaddress="{{ communitymac }}" localserver=$(/bin/hostname) -communityname=troisdorf +communityname={{ communityname }} # Rest Starten $ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 diff --git a/files/l2tp_broker.cfg b/files/l2tp_broker.cfg index a741273..d38104e 100644 --- a/files/l2tp_broker.cfg +++ b/files/l2tp_broker.cfg @@ -4,7 +4,7 @@ address={{ ansible_default_ipv4.address }} ; Ports where the broker will listen on port={{ sn_l2tp_tb_port }} ; Interface with that IP address -interface=ens18 +interface={{ sn_interface_name }} ; Maximum number of cached cookies, required for establishing a ; session with the broker max_cookies=1024 @@ -21,7 +21,7 @@ pmtu_discovery=false ; Namespace (for running multiple brokers); note that you must also ; configure disjunct ports, and tunnel identifiers in order for ; namespacing to work -namespace=troisdorf +namespace={{ communityname }} ; Reject connections if there are less than N seconds since the last connection. ; Can be less than a second (e.g., 0.1). From 62f423666094e4081ee5e3a00ab576f5203a114a Mon Sep 17 00:00:00 2001 From: Freifunk Troisdorf Date: Sat, 9 Feb 2019 15:07:47 +0100 Subject: [PATCH 16/19] Move hosts file in to ansible directory. New readme file --- README.md | 40 +++--------- hosts | 161 +++++++++++++++++++++++++++++++++++++++++++++++++ install.sn.yml | 3 +- 3 files changed, 171 insertions(+), 33 deletions(-) create mode 100644 hosts diff --git a/README.md b/README.md index 70236ec..0155002 100644 --- a/README.md +++ b/README.md @@ -1,34 +1,12 @@ -# ansible.fftdf.supernode -Ansible yml file to manage Freifunk Troisdorf supernodes +Ansible file to manage Freifunk Troisdorf supernodes +example: ansible-playbook install.sn.yml -l hosts -At this time you have to start it explicit with the target server -example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf5" -example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf[4,5,6]" +To install a individual host you have to start it explicit with the target server +example: ansible-playbook install.sn.yml -l hosts -l troisdorf7 -v -You need this information in your hosts (/etc/ansible/hosts) file: -#example, I hope self explaining -[troisdorf5] -78.46.233.212 - -[troisdorf5:vars] -sn_hostname=troisdorf5 -sn_dhcp_range=10.188.116.1 10.188.119.254 -sn_dhcp_dns=10.188.1.100, 10.188.1.23 -sn_dhcp_router=10.188.255.5 -sn_mesh_IPv6=fda0:747e:ab29:7405:255::5 -sn_mesh_IPv4=10.188.255.5 -sn_mesh_MAC=a2:8c:ae:6f:f6:05 -sn_fqdn=freifunk-troisdorf.de -sn_l2tp_tb_port=53844 - -[troisdorf4:vars] -sn_hostname=troisdorf4 -sn_dhcp_range=10.188.112.1 10.188.115.254 -sn_dhcp_dns=10.188.255.4, 10.188.1.100 -sn_dhcp_router=10.188.255.4 -sn_mesh_IPv6=fda0:747e:ab29:7405:255::4 -sn_mesh_IPv4=10.188.255.4 -sn_mesh_MAC=a2:8c:ae:6f:f6:04 -sn_fqdn=freifunk-troisdorf.de -sn_l2tp_tb_port=53842 +The hosts file is the most important file. +You will find some example files: +files/hosts.example +files/root_pwd.yml.example +files/slack_token.yml.example diff --git a/hosts b/hosts new file mode 100644 index 0000000..8441572 --- /dev/null +++ b/hosts @@ -0,0 +1,161 @@ +# This is the default ansible 'hosts' file. +# +# It should live in /etc/ansible/hosts +# +# - Comments begin with the '#' character +# - Blank lines are ignored +# - Groups of hosts are delimited by [header] elements +# - You can enter hostnames or ip addresses +# - A hostname/ip can be a member of multiple groups + +# Ex 1: Ungrouped hosts, specify before any group headers. + +#green.example.com +#blue.example.com +#192.168.100.1 +#192.168.100.10 + +# Ex 2: A collection of hosts belonging to the 'webservers' group + +#[webservers] +#alpha.example.org +#beta.example.org +#192.168.1.100 +#192.168.1.110 + +# If you have multiple hosts following a pattern you can specify +# them like this: + +#www[001:006].example.com + +# Ex 3: A collection of database servers in the 'dbservers' group + +#[dbservers] +# +#db01.intranet.mydomain.net +#db02.intranet.mydomain.net +#10.25.1.56 +#10.25.1.57 + +# Here's another example of host ranges, this time there are no +# leading 0s: + +#db-[99:101]-node.example.com + + +[freifunk] +#46.4.138.180 ansible_ssh_port=2222 +#46.4.138.181 ansible_ssh_port=2222 +#46.4.138.182 ansible_ssh_port=2222 +#46.4.138.183 ansible_ssh_port=2222 +#46.4.138.188 ansible_ssh_port=22 +#46.4.138.189 ansible_ssh_port=22 + +[freifunk_sn:children] +troisdorf4 +troisdorf5 +troisdorf6 +troisdorf7 + +#[freifunk_sn_l2tp:children] +#troisdorf4 +#troisdorf5 +#troisdorf6 +#troisdorf7 + +[freifunk_sn:vars] +ansible_ssh_port=22 +ansible_ssh_user=root +sn_mtu=1312 +sn_l2tp_tb_port=53842 +sn_fqdn=freifunk-troisdorf.de +static_dhcp_repo=https://github.com/Freifunk-Troisdorf/static-dhcp.git +root_password_file=/home/localadmin/root_pwd.yml +slack_token_file=/home/localadmin/slack_token.yml +communitymac=a2:8c:ae:6f:f6 +communityname=troisdorf + +[troisdorf4] +4.freifunk-troisdorf.de + +[troisdorf4:vars] +sn_number=4 +sn_hostname=troisdorf4 +sn_dhcp_range=10.188.8.0 10.188.15.254 +sn_mesh_IPv6=2a03:2260:121:4000::4 +sn_mesh_IPv6_net=2a03:2260:121:4000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:4000::2 +sn_mesh_IPv4=10.188.0.4 +sn_mesh_IPv4_brcast=10.188.31.255 +sn_mesh_IPv4_net=10.188.0.0 +sn_mesh_IPv4_xfer=10.188.0.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:04 +ul_mesh_MAC=a2:8c:ae:6f:f6:40 +sn_ffrl_IPv4=185.66.193.104 +sn_exit=1 +sn_interface_name=eth0 +yanic_domain=tdf + + +[troisdorf5] +5.fftdf.de + +[troisdorf5:vars] +sn_number=5 +sn_hostname=troisdorf5 +sn_dhcp_range=10.188.40.0 10.188.47.255 +sn_mesh_IPv6=2a03:2260:121:5000::5 +sn_mesh_IPv6_net=2a03:2260:121:5000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:5000::2 +sn_mesh_IPv4=10.188.32.5 +sn_mesh_IPv4_brcast=10.188.63.255 +sn_mesh_IPv4_net=10.188.32.0 +sn_mesh_IPv4_xfer=10.188.32.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:05 +ul_mesh_MAC=a2:8c:ae:6f:f6:50 +sn_ffrl_IPv4=185.66.193.105 +sn_exit=1 +sn_interface_name=eth0 +yanic_domain=inn + +[troisdorf6] +6.fftdf.de + +[troisdorf6:vars] +sn_number=6 +sn_hostname=troisdorf6 +sn_dhcp_range=10.188.72.0 10.188.79.255 +sn_mesh_IPv6=2a03:2260:121:6000::6 +sn_mesh_IPv6_net=2a03:2260:121:6000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:6000::2 +sn_mesh_IPv4=10.188.64.6 +sn_mesh_IPv4_brcast=10.188.95.255 +sn_mesh_IPv4_net=10.188.64.0 +sn_mesh_IPv4_xfer=10.188.64.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:06 +ul_mesh_MAC=a2:8c:ae:6f:f6:60 +sn_ffrl_IPv4=185.66.193.106 +sn_exit=1 +sn_interface_name=eth0 +yanic_domain=flu + +[troisdorf7] +7.fftdf.de + +[troisdorf7:vars] +sn_number=7 +sn_hostname=troisdorf7 +sn_dhcp_range=10.188.104.0 10.188.111.255 +sn_mesh_IPv6=2a03:2260:121:7000::7 +sn_mesh_IPv6_net=2a03:2260:121:7000::/64 +sn_mesh_IPv6_xfer=2a03:2260:121:7000::2 +sn_mesh_IPv4=10.188.96.7 +sn_mesh_IPv4_brcast=10.188.127.255 +sn_mesh_IPv4_net=10.188.96.0 +sn_mesh_IPv4_xfer=10.188.96.2 +sn_mesh_MAC=a2:8c:ae:6f:f6:07 +ul_mesh_MAC=a2:8c:ae:6f:f6:70 +sn_ffrl_IPv4=185.66.193.107 +sn_local_exit=1 +sn_interface_name=ens18 +yanic_domain=evt diff --git a/install.sn.yml b/install.sn.yml index 4637202..7929510 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -3,8 +3,7 @@ # ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y" - name: Install Freifunk Troisdorf super node -# hosts: FreifunkSupernodesL2TP - hosts: '{{ target }}' + hosts: all sudo: False user: root gather_facts: False From 2251ec9b734e9a2742cc0d109d4ff477d4b1b1a0 Mon Sep 17 00:00:00 2001 From: stebifan Date: Fri, 25 Oct 2019 23:10:42 +0200 Subject: [PATCH 17/19] IP Adress Changes for Hetzner net --- files/interfaces-troisdorf4.j2 | 16 ++++----- files/interfaces-troisdorf5.j2 | 12 +++---- files/interfaces-troisdorf6.j2 | 12 +++---- files/yanic.conf.j2 | 59 ++++++++++++++++------------------ 4 files changed, 47 insertions(+), 52 deletions(-) diff --git a/files/interfaces-troisdorf4.j2 b/files/interfaces-troisdorf4.j2 index 1ab9164..ff9d7f1 100644 --- a/files/interfaces-troisdorf4.j2 +++ b/files/interfaces-troisdorf4.j2 @@ -15,7 +15,7 @@ iface lo inet6 loopback # The primary network interface allow-hotplug {{ sn_interface_name }} iface {{ sn_interface_name }} inet static - address 212.129.50.141 + address 46.4.156.114 netmask 255.255.255.255 gateway 163.172.210.1 pointopoint 163.172.210.1 @@ -27,7 +27,7 @@ iface {{ sn_interface_name }} inet static post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE auto 6to4 iface 6to4 inet6 6to4 - local 212.129.50.141 + local 46.4.156.114 # GRE Tunnel zum Rheinland Backbone # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen @@ -37,7 +37,7 @@ auto gre-bb-a.ak.ber iface gre-bb-a.ak.ber inet static address 100.64.6.13 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.195.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -54,7 +54,7 @@ auto gre-bb-b.ak.ber iface gre-bb-b.ak.ber inet static address 100.64.6.19 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.195.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -72,7 +72,7 @@ auto gre-bb-a.ix.dus iface gre-bb-a.ix.dus inet static address 100.64.6.17 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.193.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -90,7 +90,7 @@ auto gre-bb-b.ix.dus iface gre-bb-b.ix.dus inet static address 100.64.6.23 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.193.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -107,7 +107,7 @@ auto gre-bb-a.fra3.f iface gre-bb-a.fra3.f inet static address 100.64.6.15 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.194.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -125,7 +125,7 @@ auto gre-bb-b.fra3.f iface gre-bb-b.fra3.f inet static address 100.64.6.21 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.194.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 diff --git a/files/interfaces-troisdorf5.j2 b/files/interfaces-troisdorf5.j2 index e600361..07ec939 100644 --- a/files/interfaces-troisdorf5.j2 +++ b/files/interfaces-troisdorf5.j2 @@ -15,7 +15,7 @@ iface lo inet6 loopback # The primary network interface allow-hotplug {{ sn_interface_name }} iface {{ sn_interface_name }} inet static - address 62.210.5.90 + address 46.4.156.115 netmask 255.255.255.255 gateway 163.172.210.1 pointopoint 163.172.210.1 @@ -27,7 +27,7 @@ iface {{ sn_interface_name }} inet static post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE auto 6to4 iface 6to4 inet6 6to4 - local 62.210.5.90 + local 46.4.156.115 # GRE Tunnel zum Rheinland Backbone # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen @@ -37,7 +37,7 @@ auto gre-bb-a.ak.ber iface gre-bb-a.ak.ber inet static address 100.64.2.151 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.195.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.195.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -54,7 +54,7 @@ auto gre-bb-b.ak.ber iface gre-bb-b.ak.ber inet static address 100.64.2.153 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.195.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.195.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -72,7 +72,7 @@ auto gre-bb-a.ix.dus iface gre-bb-a.ix.dus inet static address 100.64.2.155 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.193.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.193.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -90,7 +90,7 @@ auto gre-bb-b.ix.dus iface gre-bb-b.ix.dus inet static address 100.64.2.157 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.193.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.193.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 diff --git a/files/interfaces-troisdorf6.j2 b/files/interfaces-troisdorf6.j2 index 1877aa5..113874b 100644 --- a/files/interfaces-troisdorf6.j2 +++ b/files/interfaces-troisdorf6.j2 @@ -15,7 +15,7 @@ iface lo inet6 loopback # The primary network interface allow-hotplug {{ sn_interface_name }} iface {{ sn_interface_name }} inet static - address 62.210.12.122 + address 46.4.156.116 netmask 255.255.255.255 gateway 163.172.210.1 pointopoint 163.172.210.1 @@ -28,7 +28,7 @@ iface {{ sn_interface_name }} inet static auto 6to4 iface 6to4 inet6 6to4 - local 62.210.12.122 + local 46.4.156.116 post-up ip6tables -P OUTPUT ACCEPT post-up ip6tables -A OUTPUT -o $IFACE -d fc00::/7 -j DROP @@ -40,7 +40,7 @@ auto gre-bb-a.ak.ber iface gre-bb-a.ak.ber inet static address 100.64.2.159 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.195.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.195.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -57,7 +57,7 @@ auto gre-bb-b.ak.ber iface gre-bb-b.ak.ber inet static address 100.64.2.161 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.195.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.195.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -75,7 +75,7 @@ auto gre-bb-a.ix.dus iface gre-bb-a.ix.dus inet static address 100.64.2.163 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.193.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.193.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -93,7 +93,7 @@ auto gre-bb-b.ix.dus iface gre-bb-b.ix.dus inet static address 100.64.2.165 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.193.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.193.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 diff --git a/files/yanic.conf.j2 b/files/yanic.conf.j2 index 727c261..2ca74e3 100644 --- a/files/yanic.conf.j2 +++ b/files/yanic.conf.j2 @@ -10,27 +10,18 @@ synchronize = "1m" # how often request per multicast collect_interval = "1m" -# table of a site to save stats for (not exists for global only) -#[respondd.sites.example] -## list of domains on this site to save stats for (empty for global only) -#domains = [] -## example -[respondd.sites.ff] -domains = ["{{ yanic_domain }}"] - -# interface that has an IP in your mesh network [[respondd.interfaces]] # name of interface on which this collector is running ifname = "bat0" # ip address which is used for sending -# (optional - without definition used a address of ifname) +# (optional - without definition used a address of ifname - prefered link local) #ip_address = "fd2f:5119:f2d::5" # disable sending multicast respondd request # (for receiving only respondd packages e.g. database respondd) #send_no_request = false # multicast address to destination of respondd -# (optional - without definition used batman default ff02::2:1001) -#multicast_address = "ff05::2:1001" +# (optional - without definition used default ff05::2:1001) +#multicast_address = "ff02::2:1001" # define a port to listen # if not set or set to 0 the kernel will use a random free port at its own #port = 10001 @@ -39,14 +30,14 @@ ifname = "bat0" # This is useful for testing purposes or for a little standalone installation. [webserver] enable = true -bind = "0.0.0.0:8080" -webroot = "/opt/freifunk/yanic" +bind = "0.0.0.0:80" +webroot = "/opt/freifunk/yanic/" [nodes] # Cache file # a json file to cache all data collected directly from respondd -state_path = "/opt/freifunk/yanic/state.json" +state_path = "/var/lib/yanic/state.json" # prune data in RAM, cache-file and output json files (i.e. nodes.json) # that were inactive for longer than prune_after = "7d" @@ -73,18 +64,22 @@ offline_after = "10m" # List of site_codes of nodes that should be included in the output #sites = ["ffhb"] # -# replace the site_code with the domain_code in this output -# e.g. site_code='ffhb',domain_code='city' => site_code='city', domain_code='' -#domain_as_site = true -# -# append on the site_code the domain_code with a '.' in this output -# e.g. site_code='ffhb',domain_code='city' => site_code='ffhb.city', domain_code='' -#domain_append_site = true -# # set has_location to true if you want to include only nodes that have geo-coordinates set # (setting this to false has no sensible effect, unless you'd want to hide nodes that have coordinates) #has_location = true + +#[respondd.sites.fftdf] +#domains = ["tdf-tdf"] + +#[nodes.output.meshviewer-ffrgb.filter] +#no_owner = true +#blacklist = [] +#sites = ["flu","tdf","inn"] + + + + #[nodes.output.example.filter.in_area] # nodes outside this area are not shown on the map but are still listed as a node without coordinates #latitude_min = 34.30 @@ -100,7 +95,7 @@ path = "/opt/freifunk/yanic/meshviewer.json" [nodes.output.meshviewer-ffrgb.filter] # WARNING: if it is not set, it will publish contact information of other persons -no_owner = true +no_owner = false #blacklist = ["00112233445566", "1337f0badead"] #sites = ["ffhb"] #has_location = true @@ -129,7 +124,7 @@ graph_path = "/opt/freifunk/yanic/graph.json" [nodes.output.meshviewer.filter] # WARNING: if it is not set, it will publish contact information of other persons -no_owner = true +no_owner = false # definition for nodelist.json @@ -139,7 +134,7 @@ path = "/opt/freifunk/yanic/nodelist.json" [nodes.output.nodelist.filter] # WARNING: if it is not set, it will publish contact information of other persons -no_owner = true +no_owner = false @@ -161,11 +156,11 @@ delete_interval = "1h" # firmware: store the count of nodes tagged with firmware # model: store the count of nodes tagged with hardware model [[database.connection.influxdb]] -enable = false -address = "http://localhost:8086" -database = "ffhb" -username = "" -password = "" +enable = true +address = "http://195.201.17.16:8886" +database = "freifunk" +username = "freifunk" +password = "dude1990" # Tagging of the data (optional) [database.connection.influxdb.tags] @@ -201,4 +196,4 @@ address = "stats.bremen.freifunk.net:11001" # Logging [[database.connection.logging]] enable = false -path = "/var/log/yanic.log" +path = "/var/log/yanic.log" \ No newline at end of file From a3d0d1db12c5b0d0f100d670e8358d26dcd67f5b Mon Sep 17 00:00:00 2001 From: stebifan Date: Fri, 25 Oct 2019 23:16:47 +0200 Subject: [PATCH 18/19] Update Yanic Version --- install.sn.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install.sn.yml b/install.sn.yml index 7929510..dd5acdf 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ gather_facts: False vars: # Internal verion number - snversion: 2019_v3.1.6 + snversion: 2019_v3.1.7 common_required_packages: - git - make @@ -233,7 +233,7 @@ - name: Copy Yanic config template template: src=./files/yanic.conf.j2 dest=/etc/yanic.conf owner=yanic group=yanic mode=0444 - name: Shit go stuff - shell: cd /usr/local && wget https://storage.googleapis.com/golang/go1.9.1.linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz && tar xvf go-release-linux-amd64.tar.gz && rm go-release-linux-amd64.tar.gz + shell: cd /usr/local && wget wget https://dl.google.com/go/go1.13.1.linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz && tar xvf go-release-linux-amd64.tar.gz && rm go-release-linux-amd64.tar.gz - name: Adjust path for go lineinfile: dest: /root/.bashrc From 3bbb0b742046cef2993f421eae4925d7cb2d05ea Mon Sep 17 00:00:00 2001 From: stebifan Date: Fri, 25 Oct 2019 23:21:33 +0200 Subject: [PATCH 19/19] Todo Cleanup --- Todo | 3 --- 1 file changed, 3 deletions(-) diff --git a/Todo b/Todo index e72c9c0..1ff3375 100644 --- a/Todo +++ b/Todo @@ -38,6 +38,3 @@ ip -6 route add 2a03:2260:121:6000::/64 via 2a03:2260:121:7000::2 table 42 ================================================================== -2. Freifunk Yanic Installieren - -3. chmod 644 /etc/logrotate.conf