From be3d50ceb8606d7470f414b21a14a50c33613066 Mon Sep 17 00:00:00 2001 From: Roman Katrincak Date: Sun, 29 Nov 2015 22:34:32 +0100 Subject: [PATCH] Added features: - alfred messages - Tunneldigger MAC blocker (experimental) - DNS (bind9 for secondary fftdf zone on all supernodes) - DHCP change, new DNS server - Major fix for GRE_backbone.sh (same MAC address on all bat0) --- README.md | 1 + files/alfred.sh.j2 | 26 ++++---------------------- files/bataddif.sh.j2 | 22 +++++++++++++++++++++- files/dhcpd.conf.j2 | 2 +- files/gre_backbone.sh | 3 ++- files/named.conf.fftdf | 6 ++++++ files/named.conf.options.j2 | 26 ++++++++++++++++++++++++++ install.sn.yml | 24 ++++++++++++++++++++---- 8 files changed, 81 insertions(+), 29 deletions(-) create mode 100644 files/named.conf.fftdf create mode 100644 files/named.conf.options.j2 diff --git a/README.md b/README.md index c87e4be..12c50d7 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ Ansible yml file to manage Freifunk Troisdorf supernodes At this time you have to start it explicit with the target server example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf5" +example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf[4,5,6]" You need this information in your hosts (/etc/ansible/hosts) file: #example, I hope self explaining diff --git a/files/alfred.sh.j2 b/files/alfred.sh.j2 index c479855..7da0925 100644 --- a/files/alfred.sh.j2 +++ b/files/alfred.sh.j2 @@ -15,7 +15,7 @@ fi "network": { "mac": "{{ sn_mesh_MAC }}", "addresses": [ -"{{ sn_mesh_IPv6 }}" +"{{ sn_mesh_IPv6 }}", "{{ sn_mesh_IPv4 }}" ], "mesh_interfaces": [ @@ -26,29 +26,11 @@ $(for i in $meshh_if; do /bin/echo '"'$i'",';done) "vpn": true, "node_id": "$nodeid", "hostname": "Gateway:{{ sn_hostname }}", -"hardware": {' -"model": "{{ ansible_lsb.description }}" +"hardware": { +"model": "vServer" }, "owner": { -"contact": "fftro/stefand" -}, -"software": { -"fastd": { -"version": "v16", -"enabled": true -}, -"autoupdater": { -"enabled": false, -"branch": "server" -}, -"firmware": { -"release": "$release", -"base": "{{ ansible_os_family }}" -}, -"batman-adv": { -"compat": 15, -"version": "2014.3.0-47-g21f67df-dirty," -} +"contact": "stefan@freifunk-troisdorf.de" } } EOF diff --git a/files/bataddif.sh.j2 b/files/bataddif.sh.j2 index 4dde305..c88786e 100644 --- a/files/bataddif.sh.j2 +++ b/files/bataddif.sh.j2 @@ -1,7 +1,27 @@ #!/bin/bash INTERFACE="$3" +#MAC="$8" +#BLACKLISTFILE=/opt/freifunk/blockliste.txt -ip link set address {{ sn_mesh_MAC }} dev $INTERFACE +#if [ -f /opt/freifunk/blockliste.txt ] + +#if [ -f $BLACKLISTFILE ] +# then +# BLOCKLISTE=$(cat /opt/freifunk/blockliste.txt) +# else +# touch=$BLOCKLISTE +#fi + +#for i in $BLOCKLISTE; +#do +# if [[ $i == $MAC ]]; then +# exit 1 +# fi +#done + +#ip link set address {{ sn_mesh_MAC }} dev $INTERFACE +ifconfig $INTERFACE hw ether {{ sn_mesh_MAC }} ip link set dev $INTERFACE up mtu 1312 /usr/sbin/batctl if add $INTERFACE + diff --git a/files/dhcpd.conf.j2 b/files/dhcpd.conf.j2 index f644e28..95998d0 100644 --- a/files/dhcpd.conf.j2 +++ b/files/dhcpd.conf.j2 @@ -6,7 +6,7 @@ log-facility local7; subnet 10.188.0.0 netmask 255.255.0.0 { authoritative; range {{ sn_dhcp_range }}; -option domain-name-servers {{ sn_dhcp_dns }}; +option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns }}; option routers {{ sn_dhcp_router }}; interface bat0; diff --git a/files/gre_backbone.sh b/files/gre_backbone.sh index ab3635e..9a5683d 100644 --- a/files/gre_backbone.sh +++ b/files/gre_backbone.sh @@ -36,9 +36,10 @@ for i in $server; do done # configure bat0 -ip link set address $communitymacaddress$:0{localserver#$communityname} dev bat0 +ip link set address $communitymacaddress$:0${localserver#$communityname} dev bat0 ip link set up dev bat0 ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 ip -6 addr add fda0:747e:ab29:7405:255::${localserver#$communityname}/64 dev bat0 alfred -i bat0 > /dev/null 2>&1 & batadv-vis -i bat0 -s > /dev/null 2>&1 & +service bind9 restart diff --git a/files/named.conf.fftdf b/files/named.conf.fftdf new file mode 100644 index 0000000..0807a3e --- /dev/null +++ b/files/named.conf.fftdf @@ -0,0 +1,6 @@ +zone "fftdf" { + type slave; + masters { 10.188.1.100; }; + file "/var/lib/bind/db.fftdf"; +}; + diff --git a/files/named.conf.options.j2 b/files/named.conf.options.j2 new file mode 100644 index 0000000..8eeaa13 --- /dev/null +++ b/files/named.conf.options.j2 @@ -0,0 +1,26 @@ +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + // forwarders { + // 0.0.0.0; + // }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + dnssec-validation auto; + + auth-nxdomain no; # conform to RFC1035 + listen-on { {{ sn_mesh_IPv4 }}; }; + listen-on-v6 { {{ sn_mesh_IPv6 }}; }; +}; diff --git a/install.sn.yml b/install.sn.yml index 52fc943..b826742 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -35,6 +35,7 @@ - screen - bridge-utils - tcpdump + - bind9 modules_required: - batman-adv - nf_conntrack_netlink @@ -48,6 +49,8 @@ - batdelif.sh tunneldigger_service: - tunneldigger.service + bind_zone_fftdf: + - named.conf.fftdf # openvpn_files: # - mullvad_linux.conf # - mullvad.key @@ -89,9 +92,9 @@ apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present - name: Update apt cache apt: update_cache=yes -# - name: Install new kernel -# apt: name=linux-image-4.2.0-0.bpo.1-amd64 state=present -# register: kernel4 + - name: Install new kernel + apt: name=linux-image-4.2.0-0.bpo.1-amd64 state=present + register: kernel4 - name: Gathering facts setup: - name: Set IPv4 in hostfile @@ -109,6 +112,12 @@ ignore_errors: true when: hosts.changed when: hostname.changed + - name: disable multi CPU Kernel (SMP) + lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present + register: grubnosmp + - name: Update grub + shell: update-grub2 + when: grubnosmp.changed - name: waiting for server to come back local_action: wait_for @@ -214,6 +223,13 @@ - name: SSH authorized_keys copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 with_items: authorized_keys + - name: Copy secondary zone file + copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644 + with_items: bind_zone_fftdf + - name: Bind9, activate fftdf zone + lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present + - name: Copy option template + template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 - name: Reboot the server finally shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 @@ -231,4 +247,4 @@ - name: Alfed message template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544 - name: Add cron job with alfred info script - cron: name=alfred_info job="/opt/freifunk//opt/freifunk/alfred.sh > /dev/null 2>&1" user="root" + cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root"