Restructure network interfaces in order to use ifupdown2

- rewrite interface templates for batman, fastd, ffrl and meshbridge - add package ethtool to role server-basic - use more ipaddr filters and get rid of unneeded variables in dict ffrl_exit_server - change ffrl_public_ipv4_nat variable to ip/prefix format - update readme files
2017-10-03 14:37:39 +02:00 · 2017-10-03 14:37:39 +02:00 · 2f32bd6c1e
parent 821834c4b8
commit 2f32bd6c1e
27 changed files with 98 additions and 111 deletions
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@ -35,6 +35,7 @@ meshes:
      gw: server 96mbit/96mbit
      mm: 0
      dat: 0
+      hop_penalty: 60
    iface_mtu: 1350
    peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffmz.git
    peers_intragate_repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
@ -66,6 +67,7 @@ meshes:
      gw: server 96mbit/96mbit
      mm: 0
      dat: 0
+      hop_penalty: 60
    iface_mtu: 1350
    peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffwi.git
    peers_intragate_repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git
--- a/roles/network-batman/handlers/main.yml
+++ b/roles/network-batman/handlers/main.yml
@ -1,5 +1,5 @@
 ---
- name: activate sysfs variables
+- name: reload network interfaces
  systemd:
-    name: sysfsutils
-    state: restarted
+    name: networking
+    state: reloaded
--- a/roles/network-batman/tasks/main.yml
+++ b/roles/network-batman/tasks/main.yml
@ -3,17 +3,12 @@
  template:
    src: dummy.j2
    dest: "/etc/network/interfaces.d/{{ item.key }}0"
+  notify: reload network interfaces
  with_dict: "{{ meshes }}"

 - name: create batman interfaces
  template:
    src: batman.j2
    dest: "/etc/network/interfaces.d/{{ item.key }}BAT"
+  notify: reload network interfaces
  with_dict: "{{ meshes }}"
-
- name: set sysfs variables
-  template:
-    src: sysfs.j2
-    dest: "/etc/sysfs.d/99-{{ item.key }}BAT.conf"
-  with_dict: "{{ meshes }}"
-  notify: activate sysfs variables
--- a/roles/network-batman/templates/batman.j2
+++ b/roles/network-batman/templates/batman.j2
@ -4,15 +4,11 @@
 # {{ ansible_managed }}
 #
 auto {{ item.key }}BAT
-iface {{ item.key }}BAT inet manual
-	pre-up		/sbin/ip link add name $IFACE type batadv
-	pre-up		/sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE
-	pre-up		/sbin/ip link set dev {{ item.key }}0 master $IFACE
-	pre-up		/sbin/ip link set up dev $IFACE
-	post-up		/sbin/ip addr flush dev $IFACE
-	post-up		/usr/sbin/batctl -m $IFACE it {{ item.value.batman.it }}
-	post-up		/usr/sbin/batctl -m $IFACE gw {{ item.value.batman.gw }}
-	post-up		/usr/sbin/batctl -m $IFACE mm {{ item.value.batman.mm }}
-	post-up		/usr/sbin/batctl -m $IFACE dat {{ item.value.batman.dat }}
-	post-down	/sbin/ip link set dev {{ item.key }}0 nomaster
-	post-down	/sbin/ip link delete $IFACE 2>&1 || true
+iface {{ item.key }}BAT
+    hwaddress {{ mac | hwaddr('linux') }}
+    batman-ifaces {{ item.key }}0 {{ item.key }}VPN {{ item.key }}igVPN
+    batman-hop-penalty {{ item.value.batman.hop_penalty }}
+    post-up /usr/sbin/batctl -m $IFACE it {{ item.value.batman.it }}
+    post-up /usr/sbin/batctl -m $IFACE gw {{ item.value.batman.gw }}
+    post-up /usr/sbin/batctl -m $IFACE mm {{ item.value.batman.mm }}
+    post-up /usr/sbin/batctl -m $IFACE dat {{ item.value.batman.dat }}
--- a/roles/network-batman/templates/dummy.j2
+++ b/roles/network-batman/templates/dummy.j2
@ -4,9 +4,6 @@
 # {{ ansible_managed }}
 #
 auto {{ item.key }}0
-iface {{ item.key }}0 inet manual
-	pre-up		/sbin/ip link add $IFACE type dummy
-	pre-up		/sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE
-	pre-up		/sbin/ip link set up dev $IFACE
-	post-up		/sbin/ip addr flush dev $IFACE
-	post-down	/sbin/ip link delete $IFACE 2>&1 || true
+iface {{ item.key }}0
+    link-type dummy
+    hwaddress {{ mac | hwaddr('linux') }}
--- a/roles/network-batman/templates/sysfs.j2
+++ b/roles/network-batman/templates/sysfs.j2
@ -1,4 +0,0 @@
-#
-# {{ ansible_managed }}
-#
-class/net/{{ item.key }}BAT/mesh/hop_penalty = 60
--- a/roles/network-fastd/handlers/main.yml
+++ b/roles/network-fastd/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: reload network interfaces
+  systemd:
+    name: networking
+    state: reloaded
--- a/roles/network-fastd/tasks/main.yml
+++ b/roles/network-fastd/tasks/main.yml
@ -3,10 +3,12 @@
  template:
    src: fastd-mesh.j2
    dest: "/etc/network/interfaces.d/{{ item.key }}VPN"
+  notify: reload network interfaces
  with_dict: "{{ meshes }}"

 - name: create fastd intragate interfaces
  template:
    src: fastd-intragate.j2
    dest: "/etc/network/interfaces.d/{{ item.key }}igVPN"
+  notify: reload network interfaces
  with_dict: "{{ meshes }}"
--- a/roles/network-fastd/templates/fastd-intragate.j2
+++ b/roles/network-fastd/templates/fastd-intragate.j2
@ -3,8 +3,6 @@
 #
 # {{ ansible_managed }}
 #
-allow-hotplug {{ item.key }}igVPN
-iface {{ item.key }}igVPN inet manual
-	pre-up		/sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE
-	post-up		/sbin/ip link set dev $IFACE up
-	post-up		/sbin/ip link set dev $IFACE master {{ item.key }}BAT
+auto {{ item.key }}igVPN
+iface {{ item.key }}igVPN
+    hwaddress {{ mac | hwaddr('linux') }}
--- a/roles/network-fastd/templates/fastd-mesh.j2
+++ b/roles/network-fastd/templates/fastd-mesh.j2
@ -3,8 +3,6 @@
 #
 # {{ ansible_managed }}
 #
-allow-hotplug {{ item.key }}VPN
-iface {{ item.key }}VPN inet manual
-	pre-up		/sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE
-	post-up		/sbin/ip link set dev $IFACE up
-	post-up		/sbin/ip link set dev $IFACE master {{ item.key }}BAT
+auto {{ item.key }}VPN
+iface {{ item.key }}VPN
+    hwaddress {{ mac | hwaddr('linux') }}
--- a/roles/network-ffrl/README.md
+++ b/roles/network-ffrl/README.md
@ -9,43 +9,25 @@ ffrl_exit_server:
  ffrl-a-ak-ber:
    public_ipv4_address: 185.66.195.0
    tunnel_ipv4_network: # IPv4 Tunnel Transfernetz
-    tunnel_ipv4_address: # Eigene Tunnel IPv4 Adresse
-    tunnel_ipv4_netmask: 255.255.255.254
    tunnel_ipv6_network: # IPv6 Tunnel Transfernetz
-    tunnel_ipv6_netmask: 64
  ffrl-b-ak-ber:
    public_ipv4_address: 185.66.195.1
    tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
    tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
  ffrl-a-ix-dus:
    public_ipv4_address: 185.66.193.0
    tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
    tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
  ffrl-b-ix-dus:
    public_ipv4_address: 185.66.193.1
    tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
    tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
  ffrl-a-fra2-fra:
    public_ipv4_address: 185.66.194.0
    tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
    tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
  ffrl-b-fra2-fra:
    public_ipv4_address: 185.66.194.1
    tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
    tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
 ´´´
--- a/roles/network-ffrl/handlers/main.yml
+++ b/roles/network-ffrl/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: reload network interfaces
+  systemd:
+    name: networking
+    state: reloaded
--- a/roles/network-ffrl/tasks/main.yml
+++ b/roles/network-ffrl/tasks/main.yml
@ -3,4 +3,5 @@
  template:
    src: ffrl.j2
    dest: "/etc/network/interfaces.d/{{ item.key }}"
+  notify: reload network interfaces
  with_dict: "{{ ffrl_exit_server }}"
--- a/roles/network-ffrl/templates/ffrl.j2
+++ b/roles/network-ffrl/templates/ffrl.j2
@ -2,15 +2,15 @@
 # {{ ansible_managed }}
 #
 auto {{ item.key }}
-iface {{ item.key }} inet static
-        address {{ item.value.tunnel_ipv4_address }}
-        netmask {{ item.value.tunnel_ipv4_netmask }}
-        pre-up          /sbin/ip tunnel add $IFACE mode gre local {{ ansible_default_ipv4.address | ipaddr('public') }} remote {{ item.value.public_ipv4_address | ipaddr('public') }} ttl 255
-        post-up         /sbin/ip link set $IFACE mtu 1400
-        post-up         /sbin/ip addr add {{ ffrl_public_ipv4_nat }}/32 dev $IFACE
-        post-down       /sbin/ip tunnel del $IFACE
+iface {{ item.key }} inet tunnel
+    mode gre
+    local {{ ansible_default_ipv4.address | ipaddr('public') | ipaddr('address') }}
+    endpoint {{ item.value.public_ipv4_address | ipaddr('public') | ipaddr('address') }}

-iface {{ item.key }} inet6 static
-        address {{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('2') | ipaddr('address')  }}
-        netmask {{ item.value.tunnel_ipv6_netmask }}
+    ttl 64
+    mtu 1400
+    tunnel-physdev {{ ansible_default_ipv4.interface }}

+    address {{ item.value.tunnel_ipv4_network | ipaddr('net') | ipaddr('1') | ipaddr('address') }}/{{ item.value.tunnel_ipv4_network | ipaddr('net') | ipaddr('prefix') }}
+    address {{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('2') | ipaddr('address')  }}/{{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('prefix') }}
+    address {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }}
--- a/roles/network-iptables-gateway/README.md
+++ b/roles/network-iptables-gateway/README.md
@ -26,4 +26,4 @@ meshes:
 ´´´
 - Variable `internet_exit_mtu_ipv4`
 - Variable `internet_exit_mtu_ipv6`
- Host Variable `ffrl_public_ipv4_nat`
+- Host Variable `ffrl_public_ipv4_nat` # Format ip-adresse/prefix
--- a/roles/network-iptables-gateway/templates/rules.v4.j2
+++ b/roles/network-iptables-gateway/templates/rules.v4.j2
@ -34,5 +34,5 @@ COMMIT
 {% for mesh_id, mesh_value in meshes.iteritems() %}
 -A POSTROUTING -s {{ mesh_value.ipv4_network | ipaddr('private') | ipaddr('net') }} -o ffrl+ -j ffrl-nat
 {% endfor %}
-A ffrl-nat -o ffrl+ -j SNAT --to-source {{ ffrl_public_ipv4_nat }}
+-A ffrl-nat -o ffrl+ -j SNAT --to-source {{ ffrl_public_ipv4_nat | ipaddr('address') }}
 COMMIT
--- a/roles/network-meshbridge/handlers/main.yml
+++ b/roles/network-meshbridge/handlers/main.yml
@ -3,3 +3,8 @@
  systemd:
    name: sysfsutils
    state: restarted
+
+- name: reload network interfaces
+  systemd:
+    name: networking
+    state: reloaded
--- a/roles/network-meshbridge/tasks/main.yml
+++ b/roles/network-meshbridge/tasks/main.yml
@ -3,6 +3,7 @@
  template:
    src: bridge.j2
    dest: "/etc/network/interfaces.d/{{ item.key }}BR"
+  notify: reload network interfaces
  with_dict: "{{ meshes }}"

 - name: set sysfs variables
--- a/roles/network-meshbridge/templates/bridge.j2
+++ b/roles/network-meshbridge/templates/bridge.j2
@ -4,19 +4,12 @@
 # {{ ansible_managed }}
 #
 auto {{ item.key }}BR
-iface {{ item.key }}BR inet manual
-	address		{{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}
-	network		{{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('network') }}
-	netmask		{{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('netmask') }}
-	broadcast	{{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('broadcast') }}
-	pre-up		/sbin/ip link add name $IFACE type bridge
-	pre-up		/sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE
-	pre-up		/sbin/ip link set dev {{ item.key }}BAT master $IFACE
-	pre-up		/sbin/ip link set up dev $IFACE
+iface {{ item.key }}BR
+    hwaddress {{ mac | hwaddr('linux') }}
+    address {{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}/{{ item.value.ipv4_network | ipaddr('net') | ipaddr('prefix') }}
 {% for ip_type, ip_list in item.value.ipv6.iteritems() %}
 {% for ip in ip_list %}
-	up		/sbin/ip address add {{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) }} dev $IFACE
+    address {{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}/{{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr('prefix') }}
 {% endfor %}
 {% endfor %}
-	post-down	/sbin/ip link set dev {{ item.key }}BAT nomaster
-	post-down	/sbin/ip link delete $IFACE 2>&1 || true
+    bridge-ports {{ item.key }}BAT
--- a/roles/server-basic/vars/main.yml
+++ b/roles/server-basic/vars/main.yml
@ -2,6 +2,7 @@
 packages:
  - apt-transport-https
  - bridge-utils
+  - ethtool
  - ifupdown2
  - man-db
  - mlocate
--- a/roles/service-bird-ffrl/README.md
+++ b/roles/service-bird-ffrl/README.md
@ -23,47 +23,29 @@ ffrl_exit_server:
  ffrl-a-ak-ber:
    public_ipv4_address: 185.66.195.0
    tunnel_ipv4_network: # Tunnel-Netzwerk in CIDR
-    tunnel_ipv4_address: # Eigene Tunnel IPv4 Adresse
-    tunnel_ipv4_netmask: 255.255.255.254
    tunnel_ipv6_network: # IPv6 Transfernetz
-    tunnel_ipv6_netmask: 64
  ffrl-b-ak-ber:
    public_ipv4_address: 185.66.195.1
    tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
    tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
  ffrl-a-ix-dus:
    public_ipv4_address: 185.66.193.0
    tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
    tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
  ffrl-b-ix-dus:
    public_ipv4_address: 185.66.193.1
    tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
    tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
  ffrl-a-fra2-fra:
    public_ipv4_address: 185.66.194.0
    tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
    tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
  ffrl-b-fra2-fra:
    public_ipv4_address: 185.66.194.1
    tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
    tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
 ´´´
- Host Variable `ffrl_public_ipv4_nat` # IPv4 NAT Adresse für das Gateway
+- Host Variable `ffrl_public_ipv4_nat` # Format ip-adresse/prefix
 - Host Variable `magic`

 ## Benötigte roles
--- a/roles/service-bird-ffrl/templates/ffrl_ipv4.conf.j2
+++ b/roles/service-bird-ffrl/templates/ffrl_ipv4.conf.j2
@ -4,7 +4,7 @@

 # Variables
 define ffrl_as = {{ as_public_ffrl }};
-define ffrl_nat_address = {{ ffrl_public_ipv4_nat }};
+define ffrl_nat_address = {{ ffrl_public_ipv4_nat | ipaddr('address') }};

 # Routing Table
 table ffrl;
@ -12,7 +12,7 @@ table ffrl;
 # Functions
 function is_ffrl_nat() {
    return net ~ [
-        {{ ffrl_public_ipv4_nat }}
+        {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }}
    ];
 }

@ -38,7 +38,7 @@ filter ebgp_ffrl_export_filter {
 # Protocols
 protocol static ffrl_uplink_hostroute {
    table ffrl;
-    route {{ ffrl_public_ipv4_nat }}/32 reject;
+    route {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }} reject;
 }

 protocol direct ffrl_tunnels {
--- a/roles/service-bird-ffrl/templates/ffrl_ipv4_peers.conf.j2
+++ b/roles/service-bird-ffrl/templates/ffrl_ipv4_peers.conf.j2
@ -4,8 +4,8 @@

 {% for peer_id, peer_value in ffrl_exit_server.iteritems() %}
 protocol bgp '{{ peer_id }}' from ffrl_uplink {
-    source address {{ peer_value.tunnel_ipv4_address | ipaddr('address') }};
-    neighbor {{ peer_value.tunnel_ipv4_network | ipaddr('address') }} as ffrl_as;
+    source address {{ peer_value.tunnel_ipv4_network | ipaddr('net') | ipaddr('1') | ipaddr('address') }};
+    neighbor {{ peer_value.tunnel_ipv4_network | ipaddr('net') | ipaddr('address') }} as ffrl_as;
 };
 {% if not loop.last %}

--- a/roles/service-fastd-intragate/templates/fastd-intragate.conf.j2
+++ b/roles/service-fastd-intragate/templates/fastd-intragate.conf.j2
@ -1,3 +1,5 @@
+{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
+{% set mac = '0212' + ip4hex -%}
 #
 # {{ ansible_managed }}
 #
@ -20,4 +22,16 @@ peer group "servers" {
    include peers from "peers/services";
 }

+on up "
+    ip link set $INTERFACE down
+    ip link set address {{ mac }} dev $INTERFACE
+    ip link set $INTERFACE up
+
+    batctl -m {{ item.key }}BAT if add $INTERFACE
+";
+
+on down "
+    batctl -m {{ item.key }}BAT if del $INTERFACE
+";
+
 status socket "/var/run/fastd-{{ item.key }}ig.status";
--- a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
+++ b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
@ -1,3 +1,5 @@
+{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
+{% set mac = '0211' + ip4hex -%}
 #
 # {{ ansible_managed }}
 #
@ -27,4 +29,16 @@ peer group "servers" {
    include peers from "peers/servers";
 }

+on up "
+    ip link set $INTERFACE down
+    ip link set address {{ mac }} dev $INTERFACE
+    ip link set $INTERFACE up
+
+    batctl -m {{ item.key }}BAT if add $INTERFACE
+";
+
+on down "
+    batctl -m {{ item.key }}BAT if del $INTERFACE
+";
+
 status socket "/var/run/fastd-{{ item.key }}.status";
--- a/roles/service-rclocal/README.md
+++ b/roles/service-rclocal/README.md
@ -22,5 +22,5 @@ meshes:
    iface_mtu: # integer
 ´´´
 - Host Variable `magic`
- Host Variable `ffrl_public_ipv4_nat`
+- Host Variable `ffrl_public_ipv4_nat` # Format ip-adresse/prefix
 - Host Dictionary `ffrl_exit_server`
--- a/roles/service-rclocal/templates/rc.local.j2
+++ b/roles/service-rclocal/templates/rc.local.j2
@ -64,8 +64,8 @@ ip -6 rule add to {{ public }} lookup internet priority 41
 {% endfor %}
 ip -6 rule add from all oif {{ key }}BR lookup internet priority 41
 {% endfor %}
-ip -4 rule add from {{ ffrl_public_ipv4_nat }}/32 lookup internet priority 41
-ip -4 rule add to {{ ffrl_public_ipv4_nat }}/32 lookup internet priority 41
+ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }} lookup internet priority 41
+ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }} lookup internet priority 41

 # Priority 61 - at this point this is the end of policy routing for freifunk related routes
 {% for key, value in meshes.iteritems() %}