Freifunk-Troisdorf/ansible.fftdf.supernode
5
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Merge pull request #20 from Freifunk-Troisdorf/2019

Browse Source 
2019 fixes to master
This commit is contained in:
stebifan 2019-11-01 18:45:25 +01:00 committed by GitHub
commit b59571d87b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
38 changed files with 805 additions and 1252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
README.md
View File

@ -1,34 +1,12 @@
# ansible.fftdf.supernode Ansible file to manage Freifunk Troisdorf supernodes
Ansible yml file to manage Freifunk Troisdorf supernodes example: ansible-playbook install.sn.yml -l hosts
At this time you have to start it explicit with the target server To install a individual host you have to start it explicit with the target server
example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf5" example: ansible-playbook install.sn.yml -l hosts -l troisdorf7 -v
example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf[4,5,6]"
You need this information in your hosts (/etc/ansible/hosts) file: The hosts file is the most important file.
#example, I hope self explaining
[troisdorf5]
78.46.233.212
[troisdorf5:vars]
sn_hostname=troisdorf5
sn_dhcp_range=10.188.116.1 10.188.119.254
sn_dhcp_dns=10.188.1.100, 10.188.1.23
sn_dhcp_router=10.188.255.5
sn_mesh_IPv6=fda0:747e:ab29:7405:255::5
sn_mesh_IPv4=10.188.255.5
sn_mesh_MAC=a2:8c:ae:6f:f6:05
sn_fqdn=freifunk-troisdorf.de
sn_l2tp_tb_port=53844
[troisdorf4:vars]
sn_hostname=troisdorf4
sn_dhcp_range=10.188.112.1 10.188.115.254
sn_dhcp_dns=10.188.255.4, 10.188.1.100
sn_dhcp_router=10.188.255.4
sn_mesh_IPv6=fda0:747e:ab29:7405:255::4
sn_mesh_IPv4=10.188.255.4
sn_mesh_MAC=a2:8c:ae:6f:f6:04
sn_fqdn=freifunk-troisdorf.de
sn_l2tp_tb_port=53842
You will find some example files:
files/hosts.example
files/root_pwd.yml.example
files/slack_token.yml.example

3
Todo
View File

@ -38,6 +38,3 @@ ip -6 route add 2a03:2260:121:6000::/64 via 2a03:2260:121:7000::2 table 42
================================================================== ==================================================================
2. Freifunk Yanic Installieren
3. chmod 644 /etc/logrotate.conf

1
Untitled Diagram.xml
View File

@ -1 +0,0 @@
<mxfile userAgent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0_2 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A421 Safari/604.1" version="7.5.5" editor="www.draw.io" type="github"><diagram>UzV2zq1wL0osyPDNT0nNUTV2VTV2LsrPL4GwciucU3NyVI0MMlNUjV1UjYwMgFjVyA2HrCFY1qAgsSg1rwSLBiADYTaQg2Y1AA==</diagram></mxfile>

6
files/authorized_keys
View File

@ -2,8 +2,4 @@ ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDP
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA5OYOF+VBtXXxv/wZkT5K3P7QAUJaM88zJqeGh8NJCO7EDg9jLoWLzAP7LnM9XEA4ycWdl8HX1+EUKqVXAbSNItTZZkO9LCbIiIe1w8oJd2j9hY0IpxPqbz9ePPZh0JtxAZMh3NgOoSiND0leAeOt0lTlDPh4g3G4KvR33d9PIj5ZerU47ceLyy4xEwNbZDKD04+frpq1W+lDqglR0jV/h/pcoQTAEBflbmGLeXIXRsR6zq/of4Wx/MlX18VD9SXPLGXvQ5c4lt5PvV/oeHz4gEjPv2hrI3s3fyWakadAuI9ah48CaEgpVReUGjtYDc0PskvjAH/+slqIHW1D5El+R1Z/2wn/aEGokFHUc0SiFb3NAOwxWvMtUHhXi9ZiTHt0p/0FwWZ1pxqRzODvK8uZ7LAJRGe6q9NYQkIax6SLOfWm4MFWDpDLgWz5MSbPqo+Kfo0614z1mxA3vpY53lUqEGRx4I6z/PDaOHMFd3sxhSMPGvmMvAOLTRofFppwUq1YqQkd6embsJjBN0gU9AilpL5Q2il0OoW4g0rUR8HPJczuDzmHZTXpPU2dY6MhAJ0sbNmk0XhmyoEH9/A1zPEHmirTcBMmbFUsYmR6+MnHEhxnRu5PQpXqcu2vN+JAeasgJShRl7g+rHIdutswHUAWWyfgaD0GF3f6zuOLooz1XQU= localadmin@tst-ansible ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsaIe542Vk0/sH0GEEMPhjDHBip0PI6OX/teuTLu/osvdb9Hj7432HUlEsiw8cfkCZBXtkQGlYXRVjiZkRxc8CzDpOkq75ZcqTfhmf/tCejBbgSFfdruViU11cFHIdznOqe3PeFM+8BJzHf2Gwnb5P/Q0RDYQ05Hfr9LhQVw3IXM2VInE+xR0sMj2rNr8g8lYa9X/+boElwqFiJqaRyb61XI0DYIXuxFQkg/E2bxvrtbrYJt9Pv5Mu0HYY2Q+xGqOGwPjxtqIixG9ne4EkiQkshFhfnTegfRMmhuSa0G6+Qqh5e4RPbtCGOW27tqXNUo0zDtcNaoWqUCIDkplTlUsimXT8PO+qiwMpXuVBYiwLat3N97kin8GAXoxYdrYdALopLbbkWx/7e06vqwBmF4tsPMcTRKOEIJgWIAVyxxr999Q5GNWA52m7iTNIWH1ExeTm/FQrbU4QCY6YThqhC3AVTYcUINNVZuFp19tNkNydUDOqPtwG0c+Bi8y15RBPUzQDbTgTR3zayuiOc26MYH4SGoSGNKeQjbJWr8MDsGi+NGMs2crYXirYVziPPXdY+im3fBH3UuRDkfbfvl4gXpDYxEUh/8GYdMLnttk2ifoBtlynEhxyunoKm7Z3V8mTikON70/ko6QkOmei/r/F+V9Se6FFsOTUIufwu6BC9+hBkw== localadmin@ansible
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDA2KJvzjFxFrjJvxJj/AZ3rPKGT15JUnV7LhTo0BuXITwx+DpEK6u2m3yjigf2B8ws4VbpL7ceWyP8L3wspozqbqOgyYrQ9TISipkNV9O/DzR+F8R7mhn5mV7+pEOJu1Ba6rtYTfJTcloRKklfO9UjaFLwM69H0GNsomcKMd5Kl4c7DMMwcpXfhb8b7ET5agtfAhXU0CHalnhdAVCwmsC3mj9blOLlX4lxFLonGKVcZB7nWQEmvVAG+9yp6UWZZzeBCPea8Bw4hUVAZcsbK9XLbE4D+gUoxHu2oKGRja4kUnYmlWZOyqlUGbRD6bUxmnW1aBCh8x+b91YLlGv38vT6Y/sy0tPOoVK5kHxJ2yQmnlpgRzgBZf8Kl9ouO/onvExR787C+6TGG834ROW3SaiEeta0RvWwLzugexotT02qqpJmlIXu+gpvN+O9LSfQWzcaCFJTB6MD8mox1ks/W15Uij1pCeleUmiFdVtmt3PCs/ouuG1Uhm9MSWOBNwdFlTpAngopqBHSKYpTY+LhDD9Bv+U4Tno3i4dIGLYqNVmaRij2A0jZeSKOi/OgAaQsD7CzrDhn7C8dlsBFzPjtpFNqgk2Ss5bv3dpfQhBKsaxAe0X5W57vqJD+986039H3fj9/2o2PGuWCNr1LCWSjiy8t/P++cbn0rGdJAIexgTj3Q== supernodeadmin@update1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUTvOdUbtWOmQ1HHh1rNm9LvGozlVPOu0XVcmZ2/NfSOrDbnN99Y4o2Q2mm/ZITWtEZkijnS+LdqB/SO+I2c8NWQO3+gCd9WzI/pqRso2eDIMtPfidnEGdUi4+hHmT96TGOh6P/SrR71646AJkQr5vxLDs/U/57uyTxNwgHFYb1zfekeK4J8gm9StfiGTdfFDTQsYQljrO0YxGrNG2koRXDwgUca4kGjx/HYwnjtl1nDRSAa8HvgxqAASFFrqSOhCkrlCgxoKZZwGIFccYTcAJFDhqIG32q2tRAQOtqxy5OWbTkJLBTBaR7dG4W9iYHbV6vscfNQD7Ml3aMrS+TA0x stefan@ff-stefan@tst-office

1
files/bataddif.sh.j2
View File

@ -14,5 +14,4 @@ do
fi fi
done done
#echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast
$brctl addif br-nodes $INTERFACE $brctl addif br-nodes $INTERFACE

6
files/check_mk-dhcp.sh
View File

@ -1,6 +0,0 @@
#!/bin/bash
datum=$(date "+%b %d")
hostname=$(hostname)
clients=$(cat /var/log/syslog | grep "$(date "+%b %d")" | grep DHCPACK | grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' | sort | uniq | wc -l)
echo "nc.gateways."$hostname" $clients `date +%s`" | nc -n -q 5 10.188.0.10 2003
echo "0 Uniq-Clients count=$clients - $clients Uniq Clients heute"

392
files/check_mk-speedtest-cli
View File

@ -1,392 +0,0 @@
#! /bin/bash
#
# Script to check Internet connection speed using speedtest-cli
#
# Jon Witts - 20150228
#
#########################################################################################################################################################
#
# Nagios Exit Codes
#
# 0 = OK = The plugin was able to check the service and it appeared to be functioning properly
# 1 = Warning = The plugin was able to check the service, but it appeared to be above some warning
# threshold or did not appear to be working properly
# 2 = Critical = The plugin detected that either the service was not running or it was above some critical threshold
# 3 = Unknown = Invalid command line arguments were supplied to the plugin or low-level failures internal
# to the plugin (such as unable to fork, or open a tcp socket) that prevent it from performing the specified operation.
# Higher-level errors (such as name resolution errors, socket timeouts, etc) are outside of the control of plugins
# and should generally NOT be reported as UNKNOWN states.
#
########################################################################################################################################################
plugin_name="Nagios speedtest-cli plugin"
version="1.2 2015022818.19"
#####################################################################
#
# CHANGELOG
#
# Version 1.0 - Initial Release
#
# Version 1.1 - Added requirement to use server id in test and need to define
# full path to speedtest binary - thanks to Sigurdur Bjarnason
# for changes and improvements
#
# Version 1.2 - Added ability to check speed from an internal Speedtest Mini
# server. Idea sugested by Erik Brouwer
#
#
#
#####################################################################
# function to output script usage
usage()
{
cat << EOF
******************************************************************************************
$plugin_name - Version: $version
OPTIONS:
-h Show this message
-w Download Warning Level - *Required* - integer or floating point
-c Download Critical Level - *Required* - integer or floating point
-W Upload Warning Level - *Required* - integer or floating point
-C Upload Critical Level - *Required* - integer or floating point
-l Location of speedtest server - *Required * - takes either "i" or "e". If you pass "i" for
Internal then you will need to pass the URL of the Mini Server to the "s" option. If you pass
"e" for External then you must pass the server integer to the "s" option.
-s Server integer or URL for the speedtest server to test against - *Required* - Run
"speedtest --list | less" to find your nearest server and note the number of the server
or use the URL of an internal Speedtest Mini Server
-p Output Performance Data
-v Output plugin version
-V Output debug info for testing
This script will output the Internet Connection Speed using speedtest-cli to Nagios.
You need to have installed speedtest-cli on your system first and ensured that it is
working by calling "speedtest --simple".
See here: https://github.com/sivel/speedtest-cli for info about speedtest-cli
First you MUST define the location of your speedtest install in the script or this will
not work.
The speedtest-cli can take some time to return its result. I recommend that you set the
service_check_timeout value in your main nagios.cfg to 120 to allow time for
this script to run; but test yourself and adjust accordingly.
You also need to have access to bc on your system for this script to work and that it
exists in your path.
Your warning levels must be higher than your critical levels for both upload and download.
Performance Data will output upload and download speed against matching warning and
critical levels.
Jon Witts
******************************************************************************************
EOF
}
#####################################################################
# function to output error if speedtest binary location not set
locundef()
{
cat << EOF
******************************************************************************************
$plugin_name - Version: $version
You have not defined the location of the speedtest binary in the script! You MUST do
this before running the script. See line 170 of the script!
******************************************************************************************
EOF
}
#####################################################################
# function to check if a variable is numeric
# expects variable to check as first argument
# and human description of variable as second
isnumeric()
{
re='^[0-9]+([.][0-9]+)?$'
if ! [[ $1 =~ $re ]]; then
echo $2" with a value of: "$1" is not a number!"
usage
exit 3
fi
}
#####################################################################
# functions for floating point operations - require bc!
#####################################################################
# Default scale used by float functions.
float_scale=3
#####################################################################
# Evaluate a floating point number expression.
function float_eval()
{
local stat=0
local result=0.0
if [[ $# -gt 0 ]]; then
result=$(echo "scale=$float_scale; $*" | bc -q 2>/dev/null)
stat=$?
if [[ $stat -eq 0 && -z "$result" ]]; then stat=1; fi
fi
echo $result
return $stat
}
#####################################################################
# Evaluate a floating point number conditional expression.
function float_cond()
{
local cond=0
if [[ $# -gt 0 ]]; then
cond=$(echo "$*" | bc -q 2>/dev/null)
if [[ -z "$cond" ]]; then cond=0; fi
if [[ "$cond" != 0 && "$cond" != 1 ]]; then cond=0; fi
fi
local stat=$((cond == 0))
return $stat
}
########### End of functions ########################################
# Set up the variable for the location of the speedtest binary.
# Edit the line below so that the variable is defined as the location
# to speedtest on your system. On mine it is /usr/local/bin
# Ensure to leave the last slash off!
# You MUST define this or the script will not run!
STb=/usr/bin
# Set up the variables to take the arguments
DLw=150.00
DLc=100.00
ULw=150.00
ULc=100.00
Loc=e
# Server ID, if 0 using nearest server
SEs=0
#PerfData=TRUE
PerfData=
debug=
# Retrieve the arguments using getopts
while getopts "hw:c:W:C:l:s:pvV" OPTION
do
case $OPTION in
h)
usage
exit 3
;;
w)
DLw=$OPTARG
;;
c)
DLc=$OPTARG
;;
W)
ULw=$OPTARG
;;
C)
ULc=$OPTARG
;;
l)
Loc=$OPTARG
;;
s)
SEs=$OPTARG
;;
p)
PerfData="TRUE"
;;
v)
echo "$plugin_name. Version number: $version"
exit 3
;;
V)
debug="TRUE"
;;
esac
done
# Check if the Speedtest binary variable $STb has been defined and exit with warning if not
if [[ -z $STb ]]
then
locundef
exit 3
fi
# Check for empty arguments and exit to usage if found
if [[ -z $DLw ]] || [[ -z $DLc ]] || [[ -z $ULw ]] || [[ -z $ULc ]] || [[ -z $Loc ]] || [[ -z $SEs ]]
then
usage
exit 3
fi
# Check for invalid argument passed to $Loc and exit to usage if found
if [[ "$Loc" != "e" ]] && [[ "$Loc" != "i" ]]
then
usage
exit 3
fi
# Check for non-numeric arguments
isnumeric $DLw "Download Warning Level"
isnumeric $DLc "Download Critical Level"
isnumeric $ULw "Upload Warning Level"
isnumeric $ULc "Upload Critical Level"
#isnumeric $Serv "Server Number ID"
# Check that warning levels are not less than critical levels
if float_cond "$DLw < $DLc"; then
echo "\$DLw is less than \$DLc!"
usage
exit 3
elif float_cond "$ULw < $ULc"; then
echo "\$ULw is less than \$ULc!"
usage
exit 3
fi
# Output arguments for debug
if [ "$debug" == "TRUE" ]; then
echo "Download Warning Level = "$DLw
echo "Download Critical Level = "$DLc
echo "Upload Warning Level = "$ULw
echo "Upload Critical Level = "$ULc
echo "Server Location = "$Loc
echo "Server URL or Integer = "$SEs
fi
#Set command up depending upon internal or external
if [ "$Loc" == "e" ]; then
if [ "$debug" == "TRUE" ]; then
echo "External Server defined"
fi
if [ "$SEs" == "0" ]; then
if [ "$debug" == "TRUE" ]; then
echo "no SEs specified"
fi
command=$($STb/speedtest --simple)
else
command=$($STb/speedtest --server=$SEs --simple)
fi
elif [ "$Loc" == "i" ]; then
if [ "$debug" == "TRUE" ]; then
echo "Internal Server defined"
fi
command=$($STb/speedtest --mini=$SEs --simple)
else
if [ "$debug" == "TRUE" ]; then
echo "We should never get here as we checked the contents of Location variable earlier!"
fi
usage
exit 3
fi
# Get the output of the speedtest into an array
# so we can begin to process it
i=1
typeset -a array
array=($command)
# Check if array empty or not having at least 9 indicies
element_count=${#array[@]}
expected_count="9"
# Output array indicies count for debug
if [ "$debug" == "TRUE" ]; then
echo "count = $element_count"
fi
if [ "$element_count" -ne "$expected_count" ]; then
echo "You do not have the expected number of indices in your output from SpeedTest. Is it correctly installed?"
usage
exit 3
fi
# echo contents of speedtest for debug
if [ "$debug" == "TRUE" ]; then
echo "$command"
fi
# split array into our variables for processing
ping=${array[1]}
pingUOM=${array[2]}
download=${array[4]}
downloadUOM=${array[5]}
upload=${array[7]}
uploadUOM=${array[8]}
# echo each array for debug
if [ "$debug" == "TRUE" ]; then
echo "Ping = "$ping
echo "Download = "$download
echo "Upload = "$upload
fi
#set up our nagios status and exit code variables
status=
nagcode=
# now we check to see if returned values are within defined ranges
# we will make use of bc for our math!
if float_cond "$download < $DLc"; then
if [ "$debug" == "TRUE" ]; then
echo "Download less than critical limit. \$download = $download and \$DLc = $DLc "
fi
status="CRITICAL"
nagcode=2
elif float_cond "$upload < $ULc"; then
if [ "$debug" == "TRUE" ]; then
echo "Upload less than critical limit. \$upload = $upload and \$ULc = $ULc"
fi
status="CRITICAL"
nagcode=2
elif float_cond "$download < $DLw"; then
if [ "$debug" == "TRUE" ]; then
echo "Download less than warning limit. \$download = $download and \$DLw = $DLw"
fi
status="WARNING"
nagcode=1
elif float_cond "$upload < $ULw"; then
if [ "$debug" == "TRUE" ]; then
echo "Upload less than warning limit. \$upload = $upload and \$ULw = $ULw"
fi
status="WARNING"
nagcode=1
else
if [ "$debug" == "TRUE" ]; then
echo "Everything within bounds!"
fi
status="OK"
nagcode=0
fi
#nagout="$status - Ping = $ping $pingUOM Download = $download $downloadUOM Upload = $upload $uploadUOM"
#perfout="|'download'=$download;$DLw;$DLc 'upload'=$upload;$ULw;$ULc"
nagout="$nagcode speedtest-cli download=$download;$DLw;$DLc|upload=$upload;$ULw;$ULc|ping=$ping;250;500 Ping = $ping $pingUOM Download = $download $downloadUOM Upload = $upload $uploadUOM"
# append perfout if argument was passed to script
if [ "$PerfData" == "TRUE" ]; then
if [ "$debug" == "TRUE" ]; then
echo "PerfData requested!"
fi
nagout=$nagout$perfout
fi
echo $nagout
exit $nagcode

28
files/check_mk.conf
View File

@ -1,28 +0,0 @@
service check_mk
{
type = UNLISTED
port = 6556
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/bin/check_mk_agent
# listen on IPv4 AND IPv6 when available on this host
#flags = IPv6
# If you use fully redundant monitoring and poll the client
# from more then one monitoring servers in parallel you might
# want to use the agent cache wrapper:
#server = /usr/bin/check_mk_caching_agent
# configure the IP address(es) of your Nagios server here:
only_from = 78.47.37.172
# Don't be too verbose. Don't log every check. This might be
# commented out for debugging. If this option is commented out
# the default options will be used for this service.
log_on_success =
disable = no
}

70
files/ckeck_mk-supernode
View File

@ -1,70 +0,0 @@
#!/bin/bash
#/usr/lib/check_mk_agent/local
export LANG=de_DE.UTF-8
function confline # get first line from file $1 mathing $2, stripped of # and ; comment lines, stripped spaces and tabs down to spaces, remove trailing ;
{
echo $(cat $1|grep -v '^$\|^\s*\#'|sed -e "s/[[:space:]]\+/ /g"|sed s/^\ //|sed s/\;//|grep -i "$2"|head -n 1)
}
function ati # ipv4 to longint
{
ip4=$1; ipno=0
for (( i=0 ; i<4 ; ++i )); do
((ipno+=${ip4%%.*}*$((254**$((3-${i})))))) # .0 .255 should not be counted
ip4=${ip4#*.}
done
echo $ipno
}
## static data
bat_version=$(batctl -v);
kernel=$(uname -r);
release=$(lsb_release -ds);
## Batman
echo "0 Batman-Version Version=$bat_version; $bat_version"
list=$(ls -F /sys/kernel/debug/batman_adv|grep /)
for i in $list; do
z=$(ls /sys/kernel/debug/batman_adv/$i|wc -l)
if [ $z -ge 9 ]; then
b=$(echo $i|cut -d '/' -f1)
router=$(($(batctl -m $b o|wc -l)-2 ))
clients=$(grep -cEo "\[.*W.*\]+" /sys/kernel/debug/batman_adv/$b/transtable_global)
gateways=$(( $(batctl -m $b gwl|wc -l) -1 ))
ips=$(( $(batctl -m $b dc|wc -l) - 2))
wlow=$(( $router * 20 / 100 ))
clow=$(( $router * 5 / 100 ))
wlimit=$(( $router * 5 ))
climit=$(( $router * 10 ))
echo "P Batman-$b Router=$router.0;5:250;1:500|Clients=$clients.0;$wlow.0:$wlimit.0;$clow.0:$climit.0|Gateways=$gateways.0;0:3;0:5;|IPs=$ips.0";
fi;
done
## isc-dhcpd-server leases
# needs script https://github.com/eulenfunk/scripts/blob/master/dhcpleases
if [ -r /opt/freifunk/dhcpleases ] ; then
totalleases=2040
activeleases=$(python /opt/freifunk/dhcpleases|grep "^| Total"|cut -d":" -f2|sed s/\ //)
remainingleases=$(($totalleases - $activeleases))
actwarn=$(($totalleases * 75 / 100))
actcrit=$(($totalleases * 90 / 100))
echo "P Dhcp-Leases active-leases=$activeleases.0;5:$actwarn;1:$actcrit active:$activeleases remaining:$remainingleases pool=$totalleases";
fi
#L2TP
l_tunnel=$(ip a |grep l2tp | grep br-nodes -c);
tunneldigger=$(ifconfig|grep br-nodes -c);
echo "P L2TP Clients=$l_tunnel.0;1:100;0:150|Tunneldiggerbridges=$tunneldigger.0;0.1:1;0.1:2; L2TP-Clients:$l_tunnel Tunneldiggerbridges:$tunneldigger"
## Conntrack
conntrack=$(conntrack -C);
conntrack_limit=$(sysctl -a 2>/dev/null |grep net.nf_conntrack_max|cut -d ' ' -f 3);
conntrack_remain=$(echo $conntrack_limit - $conntrack|bc)
wlow=0.1
clow=1.1
wlimit=$(echo $conntrack_limit *0.7|bc)
climit=$(echo $conntrack_limit *0.9|bc)
wrlimit=$(echo $conntrack_limit *0.3|bc)
crlimit=$(echo $conntrack_limit *0.1|bc)
echo "P Conntrack conntrack=$conntrack.0;$wlow:$wlimit;$clow:$climit|conntrack_remain=$conntrack_remain.0;$wrlimit:$conntrack_limit;$crlimit:$conntrack_limit; Conntrack:$conntrack Conntrack-Remain:$conntrack_remain Conntrack-Limit:$conntrack_limit"

54
files/collectd.conf.j2
View File

@ -1,54 +0,0 @@
# Config file for collectd(1).
#
# Some plugins need additional configuration and are disabled by default.
# Please read collectd.conf(5) for details.
#
# You should also read /usr/share/doc/collectd-core/README.Debian.plugins
# before enabling any more plugins.
## General ##
Hostname "{{ sn_hostname }}"
FQDNLookup true
BaseDir "/var/lib/collectd"
PluginDir "/usr/lib/collectd"
Interval 60
Timeout 2
ReadThreads 5
## Load Plugins ##
LoadPlugin write_graphite
LoadPlugin syslog
LoadPlugin cpu
LoadPlugin load
LoadPlugin memory
LoadPlugin processes
LoadPlugin conntrack
LoadPlugin users
LoadPlugin uptime
LoadPlugin interface
LoadPlugin filecount
<Plugin "filecount">
<Directory "/opt/freifunk/tunneldigger_interfaces">
Instance "tunneldigger-connections"
Name "l2tp*"
</Directory>
</Plugin>
<Plugin write_graphite>
<Carbon>
Host "10.188.0.10"
Port "2003"
Prefix "collectd.gateways."
StoreRates true
AlwaysAppendDS false
EscapeCharacter "_"
</Carbon>
</Plugin>
<Plugin syslog>
LogLevel info
</Plugin>
###########################################################
Include "/etc/collectd/filters.conf"
Include "/etc/collectd/thresholds.conf"

2
files/dhcpd.conf.j2
View File

@ -1,6 +1,6 @@
# Version 1.3 # Version 1.3
ddns-update-style none; ddns-update-style none;
option domain-name "fftdf"; option domain-name "ff";
default-lease-time 300; default-lease-time 300;
max-lease-time 3600; max-lease-time 3600;
log-facility local7; log-facility local7;

2
files/dhcpd6.conf.j2
View File

@ -8,7 +8,7 @@ max-lease-time 600;
option dhcp6.name-servers {{ sn_mesh_IPv6 }}; option dhcp6.name-servers {{ sn_mesh_IPv6 }};
option dhcp6.domain-search "fftdf"; option dhcp6.domain-search "ff";
subnet6 {{ sn_mesh_IPv6_net }} { subnet6 {{ sn_mesh_IPv6_net }} {
} }

260
files/dhcpleases
View File

@ -1,260 +0,0 @@
#!/usr/bin/python
# source: http://askubuntu.com/revisions/fb67e8e2-efd4-4d0e-bb2f-416855fd8369/view-source
# by http://askubuntu.com/users/499043/dfsmith
import datetime, bisect
def parse_timestamp(raw_str):
tokens = raw_str.split()
if len(tokens) == 1:
if tokens[0].lower() == 'never':
return 'never';
else:
raise Exception('Parse error in timestamp')
elif len(tokens) == 3:
return datetime.datetime.strptime(' '.join(tokens[1:]),
'%Y/%m/%d %H:%M:%S')
else:
raise Exception('Parse error in timestamp')
def timestamp_is_ge(t1, t2):
if t1 == 'never':
return True
elif t2 == 'never':
return False
else:
return t1 >= t2
def timestamp_is_lt(t1, t2):
if t1 == 'never':
return False
elif t2 == 'never':
return t1 != 'never'
else:
return t1 < t2
def timestamp_is_between(t, tstart, tend):
return timestamp_is_ge(t, tstart) and timestamp_is_lt(t, tend)
def parse_hardware(raw_str):
tokens = raw_str.split()
if len(tokens) == 2:
return tokens[1]
else:
raise Exception('Parse error in hardware')
def strip_endquotes(raw_str):
return raw_str.strip('"')
def identity(raw_str):
return raw_str
def parse_binding_state(raw_str):
tokens = raw_str.split()
if len(tokens) == 2:
return tokens[1]
else:
raise Exception('Parse error in binding state')
def parse_next_binding_state(raw_str):
tokens = raw_str.split()
if len(tokens) == 3:
return tokens[2]
else:
raise Exception('Parse error in next binding state')
def parse_rewind_binding_state(raw_str):
tokens = raw_str.split()
if len(tokens) == 3:
return tokens[2]
else:
raise Exception('Parse error in next binding state')
def parse_leases_file(leases_file):
valid_keys = {
'starts': parse_timestamp,
'ends': parse_timestamp,
'tstp': parse_timestamp,
'tsfp': parse_timestamp,
'atsfp': parse_timestamp,
'cltt': parse_timestamp,
'hardware': parse_hardware,
'binding': parse_binding_state,
'next': parse_next_binding_state,
'rewind': parse_rewind_binding_state,
'uid': strip_endquotes,
'client-hostname': strip_endquotes,
'option': identity,
'set': identity,
'on': identity,
'abandoned': None,
'bootp': None,
'reserved': None,
}
leases_db = {}
lease_rec = {}
in_lease = False
in_failover = False
for line in leases_file:
if line.lstrip().startswith('#'):
continue
tokens = line.split()
if len(tokens) == 0:
continue
key = tokens[0].lower()
if key == 'lease':
if not in_lease:
ip_address = tokens[1]
lease_rec = {'ip_address' : ip_address}
in_lease = True
else:
raise Exception('Parse error in leases file')
elif key == 'failover':
in_failover = True
elif key == '}':
if in_lease:
for k in valid_keys:
if callable(valid_keys[k]):
lease_rec[k] = lease_rec.get(k, '')
else:
lease_rec[k] = False
ip_address = lease_rec['ip_address']
if ip_address in leases_db:
leases_db[ip_address].insert(0, lease_rec)
else:
leases_db[ip_address] = [lease_rec]
lease_rec = {}
in_lease = False
elif in_failover:
in_failover = False
continue
else:
raise Exception('Parse error in leases file')
elif key in valid_keys:
if in_lease:
value = line[(line.index(key) + len(key)):]
value = value.strip().rstrip(';').rstrip()
if callable(valid_keys[key]):
lease_rec[key] = valid_keys[key](value)
else:
lease_rec[key] = True
else:
raise Exception('Parse error in leases file')
else:
if in_lease:
raise Exception('Parse error in leases file')
if in_lease:
raise Exception('Parse error in leases file')
return leases_db
def round_timedelta(tdelta):
return datetime.timedelta(tdelta.days,
tdelta.seconds + (0 if tdelta.microseconds < 500000 else 1))
def timestamp_now():
n = datetime.datetime.utcnow()
return datetime.datetime(n.year, n.month, n.day, n.hour, n.minute,
n.second + (0 if n.microsecond < 500000 else 1))
def lease_is_active(lease_rec, as_of_ts):
return timestamp_is_between(as_of_ts, lease_rec['starts'],
lease_rec['ends'])
def ipv4_to_int(ipv4_addr):
parts = ipv4_addr.split('.')
return (int(parts[0]) << 24) + (int(parts[1]) << 16) + \
(int(parts[2]) << 8) + int(parts[3])
def select_active_leases(leases_db, as_of_ts):
retarray = []
sortedarray = []
for ip_address in leases_db:
lease_rec = leases_db[ip_address][0]
if lease_is_active(lease_rec, as_of_ts):
ip_as_int = ipv4_to_int(ip_address)
insertpos = bisect.bisect(sortedarray, ip_as_int)
sortedarray.insert(insertpos, ip_as_int)
retarray.insert(insertpos, lease_rec)
return retarray
##############################################################################
myfile = open('/var/lib/dhcp/dhcpd.leases', 'r')
leases = parse_leases_file(myfile)
myfile.close()
now = timestamp_now()
report_dataset = select_active_leases(leases, now)
print('+------------------------------------------------------------------------------')
print('| DHCPD ACTIVE LEASES REPORT')
print('+-----------------+-------------------+----------------------+-----------------')
print('| IP Address | MAC Address | Expires (days,H:M:S) | Client Hostname ')
print('+-----------------+-------------------+----------------------+-----------------')
for lease in report_dataset:
print('| ' + format(lease['ip_address'], '<15') + ' | ' + \
format(lease['hardware'], '<17') + ' | ' + \
format(str((lease['ends'] - now) if lease['ends'] != 'never' else 'never'), '>20') + ' | ' + \
lease['client-hostname'])
print('+-----------------+-------------------+----------------------+-----------------')
print('| Total Active Leases: ' + str(len(report_dataset)))
print('| Report generated (UTC): ' + str(now))
print('+------------------------------------------------------------------------------')

8
files/fftdf/db.fftdf.j2 → files/ff/db.ff.j2
View File

@ -1,15 +1,15 @@
;; db.fftdf ;; db.ff
;; Forwardlookupzone für .fftdf ;; Forwardlookupzone für .ff
;; ;;
$TTL 600 $TTL 600
@ IN SOA fftdf. root.fftdf. ( @ IN SOA ff. root.ff. (
2015584544 ; Serial 2015584544 ; Serial
8H ; Refresh 8H ; Refresh
2H ; Retry 2H ; Retry
4W ; Expire 4W ; Expire
3H ) ; NX (TTL Negativ Cache) 3H ) ; NX (TTL Negativ Cache)
@ IN NS {{ sn_hostname }}.infra.fftdf. @ IN NS {{ sn_hostname }}.infra.ff.
IN A {{ sn_mesh_IPv4 }} IN A {{ sn_mesh_IPv4 }}
IN AAAA {{ sn_mesh_IPv6 }} IN AAAA {{ sn_mesh_IPv6 }}
localhost IN A 127.0.0.1 localhost IN A 127.0.0.1

6
files/ff/ff.conf Normal file
View File

@ -0,0 +1,6 @@
// Zone declarations for Freifunk
zone "ff" {
type master;
file "/etc/bind/ff/db.ff";
};

6
files/fftdf/fftdf.conf
View File

@ -1,6 +0,0 @@
// Zone declarations for Freifunk Troisdorf
zone "fftdf" {
type master;
file "/etc/bind/fftdf/db.fftdf";
};

164
files/hosts.example Normal file
View File

@ -0,0 +1,164 @@
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
#green.example.com
#blue.example.com
#192.168.100.1
#192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
#[webservers]
#alpha.example.org
#beta.example.org
#192.168.1.100
#192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
#www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
#[dbservers]
#
#db01.intranet.mydomain.net
#db02.intranet.mydomain.net
#10.25.1.56
#10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
#db-[99:101]-node.example.com
[freifunk_Lohmar]
82.165.139.113 ansible_ssh_port=2222
[freifunk]
46.4.138.180 ansible_ssh_port=2222
46.4.138.181 ansible_ssh_port=2222
46.4.138.182 ansible_ssh_port=2222
46.4.138.183 ansible_ssh_port=2222
46.4.138.188 ansible_ssh_port=22
46.4.138.189 ansible_ssh_port=22
[freifunk_sn:children]
troisdorf4
troisdorf5
troisdorf6
troisdorf7
[freifunk_sn_l2tp:children]
troisdorf4
troisdorf5
troisdorf6
troisdorf7
[freifunk_sn:vars]
ansible_ssh_port=22
ansible_ssh_user=root
sn_mtu=1312
sn_l2tp_tb_port=53842
sn_l2tp_tb_backup_port=53840
sn_fqdn=freifunk-troisdorf.de
static_dhcp_repo=https://github.com/Freifunk-Troisdorf/static-dhcp.git
root_password_file=/home/localadmin/root_pwd.yml
slack_token_file=/home/localadmin/slack_token.yml
[troisdorf4]
4.freifunk-troisdorf.de
[troisdorf4:vars]
sn_number=4
sn_hostname=troisdorf4
sn_dhcp_range=10.188.8.0 10.188.15.254
sn_mesh_IPv6=2a03:2260:121:4000::4
sn_mesh_IPv6_net=2a03:2260:121:4000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:4000::2
sn_mesh_IPv4=10.188.0.4
sn_mesh_IPv4_brcast=10.188.31.255
sn_mesh_IPv4_net=10.188.0.0
sn_mesh_IPv4_xfer=10.188.0.2
sn_mesh_MAC=a2:8c:ae:6f:f6:04
ul_mesh_MAC=a2:8c:ae:6f:f6:40
sn_ffrl_IPv4=185.66.193.104
sn_exit=1
sn_interface_name=eth0
yanic_domain=tdf
[troisdorf5]
5.fftdf.de
[troisdorf5:vars]
sn_number=5
sn_hostname=troisdorf5
sn_dhcp_range=10.188.40.0 10.188.47.255
sn_mesh_IPv6=2a03:2260:121:5000::5
sn_mesh_IPv6_net=2a03:2260:121:5000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:5000::2
sn_mesh_IPv4=10.188.32.5
sn_mesh_IPv4_brcast=10.188.63.255
sn_mesh_IPv4_net=10.188.32.0
sn_mesh_IPv4_xfer=10.188.32.2
sn_mesh_MAC=a2:8c:ae:6f:f6:05
ul_mesh_MAC=a2:8c:ae:6f:f6:50
sn_ffrl_IPv4=185.66.193.105
sn_exit=1
sn_interface_name=eth0
yanic_domain=inn
[troisdorf6]
6.fftdf.de
[troisdorf6:vars]
sn_number=6
sn_hostname=troisdorf6
sn_dhcp_range=10.188.72.0 10.188.79.255
sn_mesh_IPv6=2a03:2260:121:6000::6
sn_mesh_IPv6_net=2a03:2260:121:6000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:6000::2
sn_mesh_IPv4=10.188.64.6
sn_mesh_IPv4_brcast=10.188.95.255
sn_mesh_IPv4_net=10.188.64.0
sn_mesh_IPv4_xfer=10.188.64.2
sn_mesh_MAC=a2:8c:ae:6f:f6:06
ul_mesh_MAC=a2:8c:ae:6f:f6:60
sn_ffrl_IPv4=185.66.193.106
sn_exit=1
sn_interface_name=eth0
yanic_domain=flu
[troisdorf7]
7.fftdf.de
[troisdorf7:vars]
sn_number=7
sn_hostname=troisdorf7
sn_dhcp_range=10.188.104.0 10.188.111.255
sn_mesh_IPv6=2a03:2260:121:7000::7
sn_mesh_IPv6_net=2a03:2260:121:7000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:7000::2
sn_mesh_IPv4=10.188.96.7
sn_mesh_IPv4_brcast=10.188.127.255
sn_mesh_IPv4_net=10.188.96.0
sn_mesh_IPv4_xfer=10.188.96.2
sn_mesh_MAC=a2:8c:ae:6f:f6:07
ul_mesh_MAC=a2:8c:ae:6f:f6:70
sn_ffrl_IPv4=185.66.193.107
sn_local_exit=1
sn_interface_name=ens18
yanic_domain=evt

30
files/interfaces-troisdorf4 → files/interfaces-troisdorf4.j2
View File

@ -13,21 +13,21 @@ iface lo inet6 loopback
# The primary network interface # The primary network interface
allow-hotplug eth0 allow-hotplug {{ sn_interface_name }}
iface eth0 inet static iface {{ sn_interface_name }} inet static
address 212.129.50.141 address 46.4.156.114
netmask 255.255.255.255 netmask 255.255.255.255
gateway 163.172.210.1 gateway 163.172.210.1
pointopoint 163.172.210.1 pointopoint 163.172.210.1
post-up iptables -P OUTPUT ACCEPT post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
auto 6to4 auto 6to4
iface 6to4 inet6 6to4 iface 6to4 inet6 6to4
local 212.129.50.141 local 46.4.156.114
# GRE Tunnel zum Rheinland Backbone # GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
@ -37,7 +37,7 @@ auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static iface gre-bb-a.ak.ber inet static
address 100.64.6.13 address 100.64.6.13
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.195.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -54,7 +54,7 @@ auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static iface gre-bb-b.ak.ber inet static
address 100.64.6.19 address 100.64.6.19
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.195.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -72,7 +72,7 @@ auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static iface gre-bb-a.ix.dus inet static
address 100.64.6.17 address 100.64.6.17
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.193.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -90,7 +90,7 @@ auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static iface gre-bb-b.ix.dus inet static
address 100.64.6.23 address 100.64.6.23
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.193.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -107,7 +107,7 @@ auto gre-bb-a.fra3.f
iface gre-bb-a.fra3.f inet static iface gre-bb-a.fra3.f inet static
address 100.64.6.15 address 100.64.6.15
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.194.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -125,7 +125,7 @@ auto gre-bb-b.fra3.f
iface gre-bb-b.fra3.f inet static iface gre-bb-b.fra3.f inet static
address 100.64.6.21 address 100.64.6.21
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.194.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400

28
files/interfaces-troisdorf5 → files/interfaces-troisdorf5.j2
View File

@ -9,25 +9,25 @@ iface lo inet loopback
up ip address add 185.66.193.105/32 dev lo up ip address add 185.66.193.105/32 dev lo
iface lo inet6 loopback iface lo inet6 loopback
up ip address add 203:2260:121:5000::105/52 dev lo up ip address add 2a03:2260:121:5000::105/52 dev lo
# The primary network interface # The primary network interface
allow-hotplug eth0 allow-hotplug {{ sn_interface_name }}
iface eth0 inet static iface {{ sn_interface_name }} inet static
address 62.210.5.90 address 46.4.156.115
netmask 255.255.255.255 netmask 255.255.255.255
gateway 163.172.210.1 gateway 163.172.210.1
pointopoint 163.172.210.1 pointopoint 163.172.210.1
post-up iptables -P OUTPUT ACCEPT post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
auto 6to4 auto 6to4
iface 6to4 inet6 6to4 iface 6to4 inet6 6to4
local 62.210.5.90 local 46.4.156.115
# GRE Tunnel zum Rheinland Backbone # GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
@ -37,7 +37,7 @@ auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static iface gre-bb-a.ak.ber inet static
address 100.64.2.151 address 100.64.2.151
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.195.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.195.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -54,7 +54,7 @@ auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static iface gre-bb-b.ak.ber inet static
address 100.64.2.153 address 100.64.2.153
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.195.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.195.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -72,7 +72,7 @@ auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static iface gre-bb-a.ix.dus inet static
address 100.64.2.155 address 100.64.2.155
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.193.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.193.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -90,7 +90,7 @@ auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static iface gre-bb-b.ix.dus inet static
address 100.64.2.157 address 100.64.2.157
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.193.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.193.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400

29
files/interfaces-troisdorf6 → files/interfaces-troisdorf6.j2
View File

@ -13,25 +13,24 @@ iface lo inet6 loopback
# The primary network interface # The primary network interface
allow-hotplug eth0 allow-hotplug {{ sn_interface_name }}
#iface eth0 inet dhcp iface {{ sn_interface_name }} inet static
iface eth0 inet static address 46.4.156.116
address 62.210.12.122
netmask 255.255.255.255 netmask 255.255.255.255
gateway 163.172.210.1 gateway 163.172.210.1
pointopoint 163.172.210.1 pointopoint 163.172.210.1
post-up iptables -P OUTPUT ACCEPT post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
auto 6to4 auto 6to4
iface 6to4 inet6 6to4 iface 6to4 inet6 6to4
local 62.210.12.122 local 46.4.156.116
post-up ip6tables -P OUTPUT ACCEPT post-up ip6tables -P OUTPUT ACCEPT
post-up ip6tables -A OUTPUT -o eth0 -d fc00::/7 -j DROP post-up ip6tables -A OUTPUT -o $IFACE -d fc00::/7 -j DROP
# GRE Tunnel zum Rheinland Backbone # GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
@ -41,7 +40,7 @@ auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static iface gre-bb-a.ak.ber inet static
address 100.64.2.159 address 100.64.2.159
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.195.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.195.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -58,7 +57,7 @@ auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static iface gre-bb-b.ak.ber inet static
address 100.64.2.161 address 100.64.2.161
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.195.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.195.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -76,7 +75,7 @@ auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static iface gre-bb-a.ix.dus inet static
address 100.64.2.163 address 100.64.2.163
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.193.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.193.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -94,7 +93,7 @@ auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static iface gre-bb-b.ix.dus inet static
address 100.64.2.165 address 100.64.2.165
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.193.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.193.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400

27
files/interfaces-troisdorf7 → files/interfaces-troisdorf7.j2
View File

@ -13,21 +13,20 @@ iface lo inet6 loopback
# The primary network interface # The primary network interface
allow-hotplug eth0 allow-hotplug {{ sn_interface_name }}
iface eth0 inet static iface {{ sn_interface_name }} inet static
address 212.83.154.70 address 93.241.53.100
netmask 255.255.255.255 netmask 255.255.255.0
gateway 163.172.42.1 gateway 93.241.53.1
pointopoint 163.172.42.1
post-up iptables -P OUTPUT ACCEPT post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
auto 6to4 #auto 6to4
iface 6to4 inet6 6to4 # iface 6to4 inet6 6to4
local 212.83.154.70 # local 212.83.154.70
# GRE Tunnel zum Rheinland Backbone # GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen

19
files/keepalive.exit.sh.j2
View File

@ -1,19 +0,0 @@
#!/bin/bash
while [ true ] ; do
#Check Tunneldigger Connections
if ! [ -d /opt/freifunk/tunneldigger_interfaces ]; then
mkdir /opt/freifunk/tunneldigger_interfaces
fi
#Remove old Interfaces
rm /opt/freifunk/tunneldigger_interfaces/*
#Create Interace files
for i in `/sbin/brctl show br-nodes | grep l2tp`;
do
touch /opt/freifunk/tunneldigger_interfaces/$i
done
#Remove wrong file
rm /opt/freifunk/tunneldigger_interfaces/no
rm /opt/freifunk/tunneldigger_interfaces/br-*
rm /opt/freifunk/tunneldigger_interfaces/8*
sleep 60
done

11
files/l2tp_backbone.sh.exit.j2
View File

@ -3,16 +3,9 @@
sleep 60 sleep 60
batctl=/usr/local/sbin/batctl batctl=/usr/local/sbin/batctl
ip=/sbin/ip ip=/sbin/ip
communitymacaddress="a2:8c:ae:6f:f6" communitymacaddress="{{ communitymac }}"
localserver=$(/bin/hostname) localserver=$(/bin/hostname)
communityname=troisdorf communityname={{ communityname }}
# L2tp to Map
$ip l2tp add tunnel remote 163.172.225.200 local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id {{ sn_number }}0 peer_tunnel_id 0{{ sn_number }} encap udp udp_sport 300{{ sn_number }}0 udp_dport 3000{{ sn_number }}
$ip l2tp add session name l2tp-map tunnel_id {{ sn_number }}0 session_id 1{{ sn_number }}0 peer_session_id 2{{ sn_number }}0
$ip link set dev l2tp-map mtu 1312
$ip link set up l2tp-map
$batctl if add l2tp-map
# Rest Starten # Rest Starten
$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 $ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0

51
files/l2tp_broker-backup.cfg
View File

@ -1,51 +0,0 @@
[broker]
; IP address the broker will listen and accept tunnels on
address={{ ansible_default_ipv4.address }}
; Ports where the broker will listen on
port={{ sn_l2tp_tb_backup_port }}
; Interface with that IP address
interface=eth0
; Maximum number of cached cookies, required for establishing a
; session with the broker
max_cookies=1024
; Maximum number of tunnels that will be allowed by the broker
max_tunnels=150
; Tunnel port base
port_base=25000
; Tunnel id base
tunnel_id_base=500
; Tunnel timeout interval in seconds
tunnel_timeout=60
; Should PMTU discovery be enabled
pmtu_discovery=false
; Namespace (for running multiple brokers); note that you must also
; configure disjunct ports, and tunnel identifiers in order for
; namespacing to work
namespace=backup
[log]
; Log filename
filename=/var/log/tunneldigger-broker-backup.log
; Verbosity
verbosity=DEBUG
; Should IP addresses be logged or not
log_ip_addresses=false
[hooks]
; Arguments to the session.{up,pre-down,down} hooks are as follows:
;
; <tunnel_id> <session_id> <interface> <mtu> <endpoint_ip> <endpoint_port> <local_port>
;
; Arguments to the session.mtu-changed hook are as follows:
;
; <tunnel_id> <session_id> <interface> <old_mtu> <new_mtu>
;
; Called after the tunnel interface goes up
session.up=/srv/tunneldigger/bataddif.sh
; Called just before the tunnel interface goes down
session.pre-down=/srv/tunneldigger/batdelif.sh
; Called after the tunnel interface goes down
session.down=
; Called after the tunnel MTU gets changed because of PMTU discovery
session.mtu-changed=

16
files/l2tp_broker.cfg
View File

@ -4,7 +4,7 @@ address={{ ansible_default_ipv4.address }}
; Ports where the broker will listen on ; Ports where the broker will listen on
port={{ sn_l2tp_tb_port }} port={{ sn_l2tp_tb_port }}
; Interface with that IP address ; Interface with that IP address
interface=eth0 interface={{ sn_interface_name }}
; Maximum number of cached cookies, required for establishing a ; Maximum number of cached cookies, required for establishing a
; session with the broker ; session with the broker
max_cookies=1024 max_cookies=1024
@ -21,7 +21,19 @@ pmtu_discovery=false
; Namespace (for running multiple brokers); note that you must also ; Namespace (for running multiple brokers); note that you must also
; configure disjunct ports, and tunnel identifiers in order for ; configure disjunct ports, and tunnel identifiers in order for
; namespacing to work ; namespacing to work
namespace=troisdorf namespace={{ communityname }}
; Reject connections if there are less than N seconds since the last connection.
; Can be less than a second (e.g., 0.1).
connection_rate_limit=2
; Set PMTU to a fixed value. Use 0 for automatic PMTU discovery. A non-0 value also disables
; PMTU discovery on the client side, by having the server not respond to client-side PMTU
; discovery probes.
pmtu=0
; The batman device of this Hood (e.g. bat2)
batdev=bat0
[log] [log]
; Log filename ; Log filename

4
files/named.conf.local
View File

@ -6,5 +6,5 @@
// organization // organization
//include "/etc/bind/zones.rfc1918"; //include "/etc/bind/zones.rfc1918";
// Include Freifunk Troisdorf (fftdf) zones // Include Freifunk (ff) zones
include "/etc/bind/fftdf/fftdf.conf"; include "/etc/bind/ff/ff.conf";

1
files/root_pwd.yml.example Normal file
View File

@ -0,0 +1 @@
sn_rootpasswd: xyz

1
files/slack_token.yml.example Normal file
View File

@ -0,0 +1 @@
slack_token: "XYZ"

13
files/slacktee.conf
View File

@ -1,13 +0,0 @@
# ----------
# Configuration
# Describes the Incoming Webhook allowing you to post messages into Slack.
# After the configuration, copy this file to /etc or your home directory.
# NOTE : Please rename this file to '.slacktee', if you'd like to place this in your home directory.
# ----------
webhook_url="https://hooks.slack.com/services/{{ slack_token }}" # Incoming Webhooks integration URL. See https://my.slack.com/services/new/incoming-webhook
upload_token="" # The user's API authentication token, only used for file uploads. See https://api.slack.com/#auth
channel="technik" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'.
tmp_dir="/tmp" # Temporary file is created in this directory.
username="slacktee" # Default username to post messages.
icon="ghost" # Default emoji or a direct url to an image to post messages. You don't have to wrap emoji with ':'. See http://www.emoji-cheat-sheet.com.
attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used.

28
files/sn_startup.exit.sh.j2
View File

@ -1,6 +1,8 @@
#!/bin/sh #!/bin/sh
# Version 1.91 # Version 1.91
sleep 5
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
# Activate IP forwarding # Activate IP forwarding
@ -34,11 +36,23 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted",
/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP /sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP
/usr/local/sbin/batctl if add br-nodes /usr/local/sbin/batctl if add br-nodes
sleep 5 /bin/sleep 90
/bin/systemctl restart radvd
#Stop all Services - Started from keepalive.sh /bin/sleep 2
/bin/systemctl stop radvd /bin/systemctl retsrat tunneldigger
/bin/systemctl stop tunneldigger /bin/sleep 2
/bin/systemctl stop bird /bin/systemctl restart bird
/bin/systemctl stop bird6 /bin/sleep 2
/bin/systemctl restart bird6
/bin/sleep 2
/bin/systemctl restart respondd
/bin/sleep 2
/bin/systemctl stop isc-dhcp-server
/bin/sleep 2
/usr/bin/killall dhcpd
/bin/sleep 2
/bin/rm /var/run/dhcpd.pid
/bin/sleep 2
/bin/systemctl start isc-dhcp-server
exit 0 exit 0

57
files/sn_startup.local.exit.sh.j2 Normal file
View File

@ -0,0 +1,57 @@
#!/bin/sh
# Version 1.91
sleep 5
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
# Activate IP forwarding
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
/sbin/sysctl -w net.ipv4.ip_forward=1
# restart when kernel panic
/sbin/sysctl kernel.panic=1
# Routing table 42
/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables
# Set table for traffice with mark 4
/bin/ip rule add fwmark 0x4 table 42
/bin/ip -6 rule add fwmark 0x4 table 42
# Set mark 4 to Freifunk traffic
#/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
#/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
# All from FF IPv4 via routing table 42
#/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
#/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42
# Allow MAC address spoofing
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
# Create Tunneldigger Bridge
/sbin/brctl addbr br-nodes
/sbin/ip link set dev br-nodes up address 2E:9D:FA:A1:6B:0{{ sn_number }}
/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP
/usr/local/sbin/batctl if add br-nodes
/bin/sleep 90
/bin/systemctl restart radvd
/bin/sleep 2
/bin/systemctl retsrat tunneldigger
/bin/sleep 2
/bin/systemctl restart bird
/bin/sleep 2
/bin/systemctl restart bird6
/bin/sleep 2
/bin/systemctl restart respondd
/bin/sleep 2
/bin/systemctl stop isc-dhcp-server
/bin/sleep 2
/usr/bin/killall dhcpd
/bin/sleep 2
/bin/rm /var/run/dhcpd.pid
/bin/sleep 2
/bin/systemctl start isc-dhcp-server
exit 0

9
files/start-broker-backup.sh
View File

@ -1,9 +0,0 @@
#!/bin/bash
WDIR=/srv/tunneldigger
VIRTUALENV_DIR=/srv/tunneldigger
cd $WDIR
source $VIRTUALENV_DIR/bin/activate
bin/python broker/l2tp_broker.py l2tp_broker-backup.cfg

8
files/start-broker.sh
View File

@ -1,9 +1,11 @@
#!/bin/bash #!/bin/bash
WDIR=/srv/tunneldigger WDIR=/srv/tunneldigger/env_tunneldigger
VIRTUALENV_DIR=/srv/tunneldigger VIRTUALENV_DIR=/srv/tunneldigger/env_tunneldigger
cd $WDIR cd $WDIR
source $VIRTUALENV_DIR/bin/activate source $VIRTUALENV_DIR/bin/activate
bin/python broker/l2tp_broker.py l2tp_broker.cfg $VIRTUALENV_DIR/bin/python -m tunneldigger_broker.main ../l2tp_broker.cfg
#bin/python broker/l2tp_broker.py ../l2tp_broker.cfg

65
files/supernode
View File

@ -1,65 +0,0 @@
#!/bin/bash
help () {
echo "Supernode Settings:"
echo "status | off | on"
}
status () {
supernode_status=$(/bin/cat /etc/supernode-status/supernode.status)
supernode_mode=$(/bin/cat /etc/supernode-status/supernode.mode)
echo -e "\nSupernode Status: (Ist-Zustand)"
if [ $supernode_status == 0 ]; then
echo "Supernode ist Abgeschaltet"
elif [ $supernode_status == 1 ]; then
echo "Supernode läuft (Automatik inkl. Backup)"
elif [ $supernode_status == 2 ]; then
echo "Supernode läuft (Backup Netz Aktiv)"
elif [ $supernode_status == 3 ]; then
echo "Supernode läuft (Backup deaktiviert)"
fi
echo -e "\nSupernode Status: (Soll-Zustand)"
if [ $supernode_mode == 0 ]; then
echo "Supernode ist Abgeschaltet"
elif [ $supernode_mode == 1 ]; then
echo "Supernode läuft (Automatik inkl. Backup)"
elif [ $supernode_mode == 2 ]; then
echo "Supernode läuft (Backup Netz Aktiv)"
elif [ $supernode_mode == 3 ]; then
echo "Supernode läuft (Backup deaktiviert)"
fi
echo -e "\nService Status"
for service in bird bird6 dhcpd radvd python named
do
if [ "$(/bin/cat /etc/supernode-status/$service.status)" = "1" ]; then
echo -e "$service läuft"
else
echo -e "$service aus"
fi
done
}
off () {
echo 0 > /etc/supernode-status/supernode.mode
/usr/sbin/service tunneldigger stop
/usr/sbin/service bind9 stop
/usr/sbin/service bird stop
/usr/sbin/service bird6 stop
/usr/sbin/service isc-dhcp-server stop
/usr/sbin/service radvd stop
/usr/local/sbin/batctl gw off
echo "Supernode Aus"
}
on () {
echo 1 > /etc/supernode-status/supernode.mode
/usr/sbin/service tunneldigger restart
/usr/sbin/service bind9 restart
/usr/sbin/service bird restart
/usr/sbin/service bird6 restart
/usr/sbin/service isc-dhcp-server restart
/usr/sbin/service radvd restart
/usr/local/sbin/batctl gw server 100Mbit/100Mbit
echo "Supernode An"
}
$1

9
files/tunneldigger-backup.service
View File

@ -1,9 +0,0 @@
[Unit]
Description = Start tunneldigger L2TPv3 broker
After = network.target
[Service]
ExecStart = /srv/tunneldigger/start-broker-backup.sh
[Install]
WantedBy = multi-user.target

199
files/yanic.conf.j2 Normal file
View File

@ -0,0 +1,199 @@
# This is the config file for Yanic written in "Tom's Obvious, Minimal Language."
# syntax: https://github.com/toml-lang/toml
# (if you need somethink multiple times, checkout out the [[array of table]] section)
# Send respondd request to update information
[respondd]
enable = true
# Delay startup until a multiple of the period since zero time
synchronize = "1m"
# how often request per multicast
collect_interval = "1m"
[[respondd.interfaces]]
# name of interface on which this collector is running
ifname = "bat0"
# ip address which is used for sending
# (optional - without definition used a address of ifname - prefered link local)
#ip_address = "fd2f:5119:f2d::5"
# disable sending multicast respondd request
# (for receiving only respondd packages e.g. database respondd)
#send_no_request = false
# multicast address to destination of respondd
# (optional - without definition used default ff05::2:1001)
#multicast_address = "ff02::2:1001"
# define a port to listen
# if not set or set to 0 the kernel will use a random free port at its own
#port = 10001
# A little build-in webserver, which statically serves a directory.
# This is useful for testing purposes or for a little standalone installation.
[webserver]
enable = true
bind = "0.0.0.0:80"
webroot = "/opt/freifunk/yanic/"
[nodes]
# Cache file
# a json file to cache all data collected directly from respondd
state_path = "/var/lib/yanic/state.json"
# prune data in RAM, cache-file and output json files (i.e. nodes.json)
# that were inactive for longer than
prune_after = "7d"
# Export nodes and graph periodically
save_interval = "5s"
# Set node to offline if not seen within this period
offline_after = "10m"
## [[nodes.output.example]]
# Each output format has its own config block and needs to be enabled by adding:
#enable = true
#
# For each output format there can be set different filters
#[nodes.output.example.filter]
#
# WARNING: if it is not set, it will publish contact information of other persons
# Set to true, if you did not want the json files to contain the owner information
#no_owner = true
#
# List of nodeids of nodes that should be filtered out, so they won't appear in output
#blacklist = ["00112233445566", "1337f0badead"]
#
# List of site_codes of nodes that should be included in the output
#sites = ["ffhb"]
#
# set has_location to true if you want to include only nodes that have geo-coordinates set
# (setting this to false has no sensible effect, unless you'd want to hide nodes that have coordinates)
#has_location = true
#[respondd.sites.fftdf]
#domains = ["tdf-tdf"]
#[nodes.output.meshviewer-ffrgb.filter]
#no_owner = true
#blacklist = []
#sites = ["flu","tdf","inn"]
#[nodes.output.example.filter.in_area]
# nodes outside this area are not shown on the map but are still listed as a node without coordinates
#latitude_min = 34.30
#latitude_max = 71.85
#longitude_min = -24.96
#longitude_max = 39.72
# definition for the new more compressed meshviewer.json
[[nodes.output.meshviewer-ffrgb]]
enable = true
path = "/opt/freifunk/yanic/meshviewer.json"
[nodes.output.meshviewer-ffrgb.filter]
# WARNING: if it is not set, it will publish contact information of other persons
no_owner = false
#blacklist = ["00112233445566", "1337f0badead"]
#sites = ["ffhb"]
#has_location = true
#[nodes.output.meshviewer-ffrgb.filter.in_area]
#latitude_min = 34.30
#latitude_max = 71.85
#longitude_min = -24.96
#longitude_max = 39.72
# definition for nodes.json
[[nodes.output.meshviewer]]
enable = true
# The structure version of the output which should be generated (i.e. nodes.json)
# version 1 is accepted by the legacy meshviewer (which is the master branch)
# i.e. https://github.com/ffnord/meshviewer/tree/master
# version 2 is accepted by the new versions of meshviewer (which are in the legacy develop branch or newer)
# i.e. https://github.com/ffnord/meshviewer/tree/dev
# https://github.com/ffrgb/meshviewer/tree/develop
version = 2
# path where to store nodes.json
nodes_path = "/opt/freifunk/yanic/nodes.json"
# path where to store graph.json
graph_path = "/opt/freifunk/yanic/graph.json"
[nodes.output.meshviewer.filter]
# WARNING: if it is not set, it will publish contact information of other persons
no_owner = false
# definition for nodelist.json
[[nodes.output.nodelist]]
enable = true
path = "/opt/freifunk/yanic/nodelist.json"
[nodes.output.nodelist.filter]
# WARNING: if it is not set, it will publish contact information of other persons
no_owner = false
[database]
# this will send delete commands to the database to prune data
# which is older than:
delete_after = "7d"
# how often run the cleaning
delete_interval = "1h"
## [[database.connection.example]]
# Each database-connection has its own config block and needs to be enabled by adding:
#enable = true
# Save collected data to InfluxDB.
# There are the following measurments:
# node: store node specific data i.e. clients memory, airtime
# global: store global data, i.e. count of clients and nodes
# firmware: store the count of nodes tagged with firmware
# model: store the count of nodes tagged with hardware model
[[database.connection.influxdb]]
enable = true
address = "http://195.201.17.16:8886"
database = "freifunk"
username = "freifunk"
password = "dude1990"
# Tagging of the data (optional)
[database.connection.influxdb.tags]
# Tags used by Yanic would override the tags from this config
# nodeid, hostname, owner, model, firmware_base, firmware_release,frequency11g and frequency11a are tags which are already used
#tagname1 = "tagvalue 1"
# some useful e.g.:
#system = "productive"
#site = "ffhb"
# Graphite settings
[[database.connection.graphite]]
enable = false
address = "localhost:2003"
# Graphite is replacing every "." in the metric name with a slash "/" and uses
# that for the file system hierarchy it generates. it is recommended to at least
# move the metrics out of the root namespace (that would be the empty prefix).
# If you only intend to run one community and only freifunk on your graphite node
# then the prefix can be set to anything (including the empty string) since you
# probably wont care much about "polluting" the namespace.
prefix = "freifunk"
# respondd (yanic)
# forward collected respondd package to a address
# (e.g. to another respondd collector like a central yanic instance or hopglass)
[[database.connection.respondd]]
enable = false
# type of network to create a connection
type = "udp6"
# destination address to connect/send respondd package
address = "stats.bremen.freifunk.net:11001"
# Logging
[[database.connection.logging]]
enable = false
path = "/var/log/yanic.log"

161
hosts Normal file
View File

@ -0,0 +1,161 @@
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
#green.example.com
#blue.example.com
#192.168.100.1
#192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
#[webservers]
#alpha.example.org
#beta.example.org
#192.168.1.100
#192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
#www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
#[dbservers]
#
#db01.intranet.mydomain.net
#db02.intranet.mydomain.net
#10.25.1.56
#10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
#db-[99:101]-node.example.com
[freifunk]
#46.4.138.180 ansible_ssh_port=2222
#46.4.138.181 ansible_ssh_port=2222
#46.4.138.182 ansible_ssh_port=2222
#46.4.138.183 ansible_ssh_port=2222
#46.4.138.188 ansible_ssh_port=22
#46.4.138.189 ansible_ssh_port=22
[freifunk_sn:children]
troisdorf4
troisdorf5
troisdorf6
troisdorf7
#[freifunk_sn_l2tp:children]
#troisdorf4
#troisdorf5
#troisdorf6
#troisdorf7
[freifunk_sn:vars]
ansible_ssh_port=22
ansible_ssh_user=root
sn_mtu=1312
sn_l2tp_tb_port=53842
sn_fqdn=freifunk-troisdorf.de
static_dhcp_repo=https://github.com/Freifunk-Troisdorf/static-dhcp.git
root_password_file=/home/localadmin/root_pwd.yml
slack_token_file=/home/localadmin/slack_token.yml
communitymac=a2:8c:ae:6f:f6
communityname=troisdorf
[troisdorf4]
4.freifunk-troisdorf.de
[troisdorf4:vars]
sn_number=4
sn_hostname=troisdorf4
sn_dhcp_range=10.188.8.0 10.188.15.254
sn_mesh_IPv6=2a03:2260:121:4000::4
sn_mesh_IPv6_net=2a03:2260:121:4000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:4000::2
sn_mesh_IPv4=10.188.0.4
sn_mesh_IPv4_brcast=10.188.31.255
sn_mesh_IPv4_net=10.188.0.0
sn_mesh_IPv4_xfer=10.188.0.2
sn_mesh_MAC=a2:8c:ae:6f:f6:04
ul_mesh_MAC=a2:8c:ae:6f:f6:40
sn_ffrl_IPv4=185.66.193.104
sn_exit=1
sn_interface_name=eth0
yanic_domain=tdf
[troisdorf5]
5.fftdf.de
[troisdorf5:vars]
sn_number=5
sn_hostname=troisdorf5
sn_dhcp_range=10.188.40.0 10.188.47.255
sn_mesh_IPv6=2a03:2260:121:5000::5
sn_mesh_IPv6_net=2a03:2260:121:5000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:5000::2
sn_mesh_IPv4=10.188.32.5
sn_mesh_IPv4_brcast=10.188.63.255
sn_mesh_IPv4_net=10.188.32.0
sn_mesh_IPv4_xfer=10.188.32.2
sn_mesh_MAC=a2:8c:ae:6f:f6:05
ul_mesh_MAC=a2:8c:ae:6f:f6:50
sn_ffrl_IPv4=185.66.193.105
sn_exit=1
sn_interface_name=eth0
yanic_domain=inn
[troisdorf6]
6.fftdf.de
[troisdorf6:vars]
sn_number=6
sn_hostname=troisdorf6
sn_dhcp_range=10.188.72.0 10.188.79.255
sn_mesh_IPv6=2a03:2260:121:6000::6
sn_mesh_IPv6_net=2a03:2260:121:6000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:6000::2
sn_mesh_IPv4=10.188.64.6
sn_mesh_IPv4_brcast=10.188.95.255
sn_mesh_IPv4_net=10.188.64.0
sn_mesh_IPv4_xfer=10.188.64.2
sn_mesh_MAC=a2:8c:ae:6f:f6:06
ul_mesh_MAC=a2:8c:ae:6f:f6:60
sn_ffrl_IPv4=185.66.193.106
sn_exit=1
sn_interface_name=eth0
yanic_domain=flu
[troisdorf7]
7.fftdf.de
[troisdorf7:vars]
sn_number=7
sn_hostname=troisdorf7
sn_dhcp_range=10.188.104.0 10.188.111.255
sn_mesh_IPv6=2a03:2260:121:7000::7
sn_mesh_IPv6_net=2a03:2260:121:7000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:7000::2
sn_mesh_IPv4=10.188.96.7
sn_mesh_IPv4_brcast=10.188.127.255
sn_mesh_IPv4_net=10.188.96.0
sn_mesh_IPv4_xfer=10.188.96.2
sn_mesh_MAC=a2:8c:ae:6f:f6:07
ul_mesh_MAC=a2:8c:ae:6f:f6:70
sn_ffrl_IPv4=185.66.193.107
sn_local_exit=1
sn_interface_name=ens18
yanic_domain=evt

242
install.sn.yml
View File

@ -3,14 +3,13 @@
# ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y" # ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y"
- name: Install Freifunk Troisdorf super node - name: Install Freifunk Troisdorf super node
# hosts: FreifunkSupernodesL2TP hosts: all
hosts: '{{ target }}'
sudo: False sudo: False
user: root user: root
gather_facts: False gather_facts: False
vars: vars:
snversion: master_v3.0.16 # Internal verion number
batmanversion: v2017.4 snversion: 2019_v3.1.7
common_required_packages: common_required_packages:
- git - git
- make - make
@ -21,7 +20,6 @@
- libnl-3-dev - libnl-3-dev
- libjansson-dev - libjansson-dev
- isc-dhcp-server - isc-dhcp-server
- collectd
- libcap-dev - libcap-dev
- iproute - iproute
- libnetfilter-conntrack3 - libnetfilter-conntrack3
@ -43,7 +41,13 @@
- ntp - ntp
- libnl-genl-3-dev - libnl-genl-3-dev
- virtualenv - virtualenv
- linux-image-extra-4.4.0-127-generic - batman-adv
- batctl
- libffi-dev
- libnetfilter-conntrack-dev
- libnfnetlink-dev
- speedtest-cli
- ethtool
modules_required: modules_required:
- batman-adv - batman-adv
- nf_conntrack_netlink - nf_conntrack_netlink
@ -54,33 +58,40 @@
- l2tp_eth - l2tp_eth
tunneldigger_scripts: tunneldigger_scripts:
- start-broker.sh - start-broker.sh
- start-broker-backup.sh
- batdelif.sh - batdelif.sh
tunneldigger_service: tunneldigger_service:
- tunneldigger.service - tunneldigger.service
- tunneldigger-backup.service respondd_service:
- respondd_service
broker_cfg: broker_cfg:
- l2tp_broker-backup.cfg
- l2tp_broker.cfg - l2tp_broker.cfg
# bind_zone_fftdf:
# - named.conf.fftdf
check_gw_script:
- keepalive.sh
authorized_keys: authorized_keys:
- authorized_keys - authorized_keys
logrotate_config: logrotate_config:
- logrotate.conf - logrotate.conf
supernode_config:
- supernode.mode
- loadbalancing.mode
tasks: tasks:
- name: Remove cdrom in sources.list - name: Remove cdrom in sources.list
raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list" raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list"
- name: Make this server ansible compatible - name: Make this server ansible compatible
raw: "apt-get update && apt-get install python -y" raw: "apt-get update && apt-get install python apt-transport-https dirmngr -y"
# - name: Add backport repo to source list #target: /etc/apt/sources.list.d - name: Adding Freifuck GPG Key
# apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present raw: "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B2522557E6AB9BF5"
# apt_key:
# id: B2522557E6AB9BF5
# url: https://keyserver.ubuntu.com
# url: https://pool.sks-keyservers.net
# url: https://sks.pod01.fleetstreetops.com
# state: present
- name: Import Slack token
include_vars: "{{ slack_token_file }}"
- name: Import root password
include_vars: "{{ root_password_file }}"
- name: Add Freifuck repo to source list
apt_repository: repo='deb https://freifuck.de/debian stretch main' state=present
- name: Add backport repo to source list
apt_repository: repo='deb http://http.debian.net/debian stretch-backports main' state=present
- name: Update apt cache - name: Update apt cache
apt: update_cache=yes apt: update_cache=yes
- name: Gathering facts - name: Gathering facts
@ -93,14 +104,14 @@
- name: set hostname - name: set hostname
hostname: name='{{ sn_hostname }}' hostname: name='{{ sn_hostname }}'
register: sethostname register: sethostname
- name: disable multi CPU Kernel (SMP) - name: disable multi CPU Kernel (SMP) # Batman don not like SMP
lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present
register: grubnosmp register: grubnosmp
- name: Update grub - name: Update grub
shell: update-grub2 shell: update-grub2
when: grubnosmp.changed when: grubnosmp.changed
- name: Reboot the server - name: Reboot the server
shell: sleep 2 && shutdown -r now "Ansible updates triggered" shell: sleep 2 && shutdown -r now "Ansible updates triggered, no SMP"
async: 1 async: 1
poll: 0 poll: 0
ignore_errors: true ignore_errors: true
@ -114,125 +125,59 @@
timeout=300 timeout=300
when: hosts.changed when: hosts.changed
when: sethostname.changed when: sethostname.changed
- apt: update_cache=yes
- name: Install common required packages - name: Install common required packages
apt: state=installed pkg={{ item }} apt:
with_items: common_required_packages name: "{{ item }}"
state: present
update_cache: yes
with_items: "{{ common_required_packages }}"
register: aptupdates register: aptupdates
- name: Set clock - name: Set clock
shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start
# - name: Add modules
# lineinfile: dest=/etc/modules line={{ item }}
# with_items: modules_required
# register: modules_req
# - name: Load modules
# modprobe: name={{ item }}
# with_items: modules_required
# when: modules_req.changed
- name: Install Linux headers
shell: >
apt-get install linux-headers-$(uname -r) -y
when: aptupdates.changed
- name: Get batman-adv
git: repo=https://git.open-mesh.org/batman-adv.git
dest=/tmp/batman-adv
when: aptupdates.changed
register: getbatman
# - name: Get batman-adv no rebrotcast patch
# get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch
# when: getbatman.changed
- name: Install batman-adv
shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install
# shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install
when: getbatman.changed
- name: Get batctl
git: repo=http://git.open-mesh.org/batctl.git
dest=/tmp/batctl
when: aptupdates.changed
register: getbatctl
- name: Install batctl
shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install
when: getbatctl.changed
- name: Get Tunneldigger - name: Get Tunneldigger
# git: repo=https://github.com/wlanslovenija/tunneldigger.git git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger
git: repo=https://github.com/ffrl/tunneldigger.git
dest=/srv/tunneldigger
register: tunneldigger register: tunneldigger
when: aptupdates.changed when: aptupdates.changed
- name: Configure tunneldigger - name: Configure tunneldigger
command: "{{item}}" raw: "cd /srv/tunneldigger && virtualenv env_tunneldigger && source env_tunneldigger/bin/activate && cd broker && python setup.py install"
with_items:
- virtualenv /srv/tunneldigger/ -p python2.7
when: tunneldigger.changed
- name: Tunneldigger requirements
pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/
when: tunneldigger.changed when: tunneldigger.changed
- name: Copy l2tp broker config template - name: Copy l2tp broker config template
template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444 template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444
with_items: broker_cfg with_items: "{{ broker_cfg }}"
when: tunneldigger.changed when: tunneldigger.changed
- name: Copy tunneldigger script template - name: Copy tunneldigger script template
template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500 template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500
when: tunneldigger.changed when: tunneldigger.changed
- name: Copy tunneldigger scripts - name: Copy tunneldigger scripts
copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500 copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500
with_items: tunneldigger_scripts with_items: "{{ tunneldigger_scripts }}"
when: tunneldigger.changed when: tunneldigger.changed
- name: Copy tunneldigger service template - name: Copy tunneldigger service template
copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444 copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444
with_items: tunneldigger_service with_items: "{{ tunneldigger_service }}"
when: tunneldigger.changed when: tunneldigger.changed
##########
- name: Add modules - name: Add modules
lineinfile: dest=/etc/modules line={{ item }} lineinfile: dest=/etc/modules line={{ item }}
with_items: modules_required with_items: "{{ modules_required }}"
register: modules_req register: modules_req
- name: Load modules
modprobe: name={{ item }}
with_items: modules_required
when: modules_req.changed
#########
- name: Tunneldigger reload - name: Tunneldigger reload
command: "{{item}}" command: "{{item}}"
with_items: with_items:
- systemctl daemon-reload - systemctl daemon-reload
- systemctl enable tunneldigger.service - systemctl enable tunneldigger.service
- systemctl enable tunneldigger-backup.service
when: tunneldigger.changed when: tunneldigger.changed
- name: Copy logrotate config - name: Copy logrotate config
copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500
with_items: logrotate_config with_items: "{{logrotate_config}}"
- name: Create freifunk directory - name: Create freifunk directory
file: path=/opt/freifunk state=directory mode=0755 file: path=/opt/freifunk state=directory mode=0755
- name: Create keepalive directory
file: path=/etc/supernode-status state=directory mode=0755
- name: Create supernode config files
file: path=/etc/supernode-status/{{ item }} state=touch owner=root group=root mode=0644
with_items: supernode_config
- name: Supernode set default mode
lineinfile: dest=/etc/supernode-status/{{ item }} regexp=^0 line=0
with_items: supernode_config
- name: Check gateway / keepalive script supernode
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
with_items: check_gw_script
register: check_gw
when: sn_exit is undefined
- name: Check gateway / keepalive script super- and exitnode
template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500
register: check_gw
when: sn_exit is defined
- name: Add cron job with check gateway script
cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root"
when: check_gw.changed
- name: Supernode Config script super- and exitnode
copy: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500
when: sn_exit is defined
- name: Copy dhcpd template file - name: Copy dhcpd template file
template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
register: dhcpd register: dhcpd
- name: Copy dhcpd6 template file
template: src=./files/dhcpd6.conf.j2 dest=/etc/dhcp/dhcpd6.conf owner=root group=root mode=0444
- name: Clone static DHCP config - name: Clone static DHCP config
git: repo=https://github.com/Freifunk-Troisdorf/static-dhcp git: repo="{{ static_dhcp_repo }}" dest=/opt/freifunk/static-dhcp
dest=/opt/freifunk/static-dhcp
when: dhcpd.changed when: dhcpd.changed
- name: Add cron static DHCP - name: Add cron static DHCP
cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh" cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh"
@ -245,64 +190,75 @@
cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh"
- name: Add cron startup script - name: Add cron startup script
cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh"
- name: Copy backbone script
template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
when: sn_exit is undefined
- name: Copy backbone script - name: Copy backbone script
template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
when: sn_exit is defined
- name: Collectd template file
template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
register: collectd
- name: Restart collectd
service: name=collectd state=restarted
when: collectd.changed
- name: configure startup script supernode
template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_exit is undefined
- name: Exit node startup script super- and exitnode - name: Exit node startup script super- and exitnode
template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_exit is defined when: sn_exit is defined
- name: Exit node startup script super- and exitnode
template: src=./files/sn_startup.local.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_local_exit is defined
- name: SSH authorized_keys - name: SSH authorized_keys
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
with_items: authorized_keys with_items: "{{ authorized_keys }}"
- name: Bind9, activate fftdf zone - name: Bind9, activate ff zone
lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/fftdf/fftdf.conf";' state=present lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/ff/ff.conf";' state=present
- name: Copy option template - name: Copy option template
template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
- name: Create fftdf directory - name: Create ff directory
file: path=/etc/bind/fftdf state=directory file: path=/etc/bind/ff state=directory
- name: Copy FFTDF Zones - name: Copy FF Zones
copy: src=./files/fftdf/{{ item }} dest=/etc/bind/fftdf/{{ item }} owner=root group=bind mode=644 copy: src=./files/ff/{{ item }} dest=/etc/bind/ff/{{ item }} owner=root group=bind mode=644
with_items: with_items:
- fftdf.conf - ff.conf
- name: Copy fftdf Zone config template - name: Copy ff Zone config template
template: src=./files/fftdf/db.fftdf.j2 dest=/etc/bind/fftdf/db.fftdf owner=radvd group=root mode=0444 template: src=./files/ff/db.ff.j2 dest=/etc/bind/ff/db.ff owner=bind group=root mode=0444
- name: Copy radvd config template - name: Copy radvd config template
template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444
- name: Interface configuration with ffrl gre tunnel - name: Interface configuration with ffrl gre tunnel
copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544 template: src=./files/interfaces-{{ sn_hostname }}.j2 dest=/etc/network/interfaces owner=root group=root mode=0544
when: sn_exit is defined
- apt: update_cache=yes - apt: update_cache=yes
- name: Install bird - name: Install bird
apt: state=installed pkg=bird apt: state=present pkg=bird
when: sn_exit is defined
- name: Bird configuration - name: Bird configuration
copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444 copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444
when: sn_exit is defined
- name: Bird configuration - name: Bird configuration
copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444 copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444
when: sn_exit is defined - name: Create Yanic user
- name: Get speedtest-cli user:
get_url: url=https://raw.githubusercontent.com/MightySCollins/speedtest-cli/master/speedtest_cli.py dest=/usr/bin/speedtest-cli name: yanic
- name: Change rights speedtest-cli comment: "Yanic service user"
file: path=/usr/bin/speedtest-cli owner=root group=root mode=0755 - name: Create Yanic folder
file: path=/opt/freifunk/yanic state=directory mode=0755 owner=yanic group=yanic
- name: Copy Yanic config template
template: src=./files/yanic.conf.j2 dest=/etc/yanic.conf owner=yanic group=yanic mode=0444
- name: Shit go stuff
shell: cd /usr/local && wget wget https://dl.google.com/go/go1.13.1.linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz && tar xvf go-release-linux-amd64.tar.gz && rm go-release-linux-amd64.tar.gz
- name: Adjust path for go
lineinfile:
dest: /root/.bashrc
line: "{{ item }}"
with_items:
- export GOPATH=/opt/go
- export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
- name: Compile go
shell: go get -v -u github.com/Freifunk-Troisdorf/yanic
- name: Copy and enable yanic service
shell: cp /opt/go/src/github.com/Freifunk-Troisdorf/yanic/contrib/init/linux-systemd/yanic.service /lib/systemd/system/yanic.service && systemctl daemon-reload && systemctl enable yanic
- name: Get respondd
git: repo=https://github.com/Freifunk-Troisdorf/mesh-announce.git dest=/opt/mesh-announce
- name: Copy respondd service template
shell: cp /opt/mesh-announce/respondd.service /etc/systemd/system
- name: Enable respondd service
shell: systemctl daemon-reload && systemctl enable respondd
- name: Copy Slacktee Config - name: Copy Slacktee Config
template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544 template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544
- name: Copy Slacktee - name: Copy Slacktee
copy: src=./files/slacktee.sh dest=/usr/local/bin/slacktee.sh owner=root group=root mode=0744 copy: src=./files/slacktee.sh dest=/usr/local/bin/slacktee.sh owner=root group=root mode=0744
- name: set netfilter rules - name: set netfilter rules
lineinfile: dest=/etc/sysctl.conf line="{{ item }}" lineinfile:
dest: /etc/sysctl.conf
line: "{{ item }}"
with_items: with_items:
- net.ipv4.netfilter.ip_conntrack_generic_timeout = 240 - net.ipv4.netfilter.ip_conntrack_generic_timeout = 240
- net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000 - net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000
@ -315,18 +271,20 @@
when: modprobe1.stat.exists == False when: modprobe1.stat.exists == False
- name: check /etc/modprobe.conf - name: check /etc/modprobe.conf
lineinfile: dest=/etc/modprobe.conf line="options ip_conntrack hashsize=65536" lineinfile: dest=/etc/modprobe.conf line="options ip_conntrack hashsize=65536"
- name: Change root password
user:
name: root
password: "{{ sn_rootpasswd }}"
- name: Logrotate rights
file: path=/etc/logrotate.conf mode=0644 owner=root group=root
- name: Wirte version information
shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version
- name: Reboot the server finally - name: Reboot the server finally
shell: sleep 2 && shutdown -r now "Ansible updates triggered" shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1 async: 1
poll: 0 poll: 0
ignore_errors: true ignore_errors: true
when: tunneldigger.changed when: tunneldigger.changed
- name: Logrotate rights
file: path=/etc/logrotate.conf mode=0644 owner=root group=root
- name: Change root password
user: name=root password={{ sn_rootpasswd }}
- name: Wirte version information
shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version
- name: waiting for server to come back - name: waiting for server to come back
local_action: local_action:
wait_for wait_for