Restructure network interfaces in order to use ifupdown2

- rewrite interface templates for batman, fastd, ffrl and meshbridge
- add package ethtool to role server-basic
- use more ipaddr filters and get rid of unneeded variables in dict
ffrl_exit_server
- change ffrl_public_ipv4_nat variable to ip/prefix format
- update readme files
This commit is contained in:
Tobias Hachmer 2017-10-03 14:37:39 +02:00
parent 821834c4b8
commit 2f32bd6c1e
27 changed files with 98 additions and 111 deletions

View file

@ -35,6 +35,7 @@ meshes:
gw: server 96mbit/96mbit gw: server 96mbit/96mbit
mm: 0 mm: 0
dat: 0 dat: 0
hop_penalty: 60
iface_mtu: 1350 iface_mtu: 1350
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffmz.git peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffmz.git
peers_intragate_repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git peers_intragate_repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
@ -66,6 +67,7 @@ meshes:
gw: server 96mbit/96mbit gw: server 96mbit/96mbit
mm: 0 mm: 0
dat: 0 dat: 0
hop_penalty: 60
iface_mtu: 1350 iface_mtu: 1350
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffwi.git peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffwi.git
peers_intragate_repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git peers_intragate_repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git

View file

@ -1,5 +1,5 @@
--- ---
- name: activate sysfs variables - name: reload network interfaces
systemd: systemd:
name: sysfsutils name: networking
state: restarted state: reloaded

View file

@ -3,17 +3,12 @@
template: template:
src: dummy.j2 src: dummy.j2
dest: "/etc/network/interfaces.d/{{ item.key }}0" dest: "/etc/network/interfaces.d/{{ item.key }}0"
notify: reload network interfaces
with_dict: "{{ meshes }}" with_dict: "{{ meshes }}"
- name: create batman interfaces - name: create batman interfaces
template: template:
src: batman.j2 src: batman.j2
dest: "/etc/network/interfaces.d/{{ item.key }}BAT" dest: "/etc/network/interfaces.d/{{ item.key }}BAT"
notify: reload network interfaces
with_dict: "{{ meshes }}" with_dict: "{{ meshes }}"
- name: set sysfs variables
template:
src: sysfs.j2
dest: "/etc/sysfs.d/99-{{ item.key }}BAT.conf"
with_dict: "{{ meshes }}"
notify: activate sysfs variables

View file

@ -4,15 +4,11 @@
# {{ ansible_managed }} # {{ ansible_managed }}
# #
auto {{ item.key }}BAT auto {{ item.key }}BAT
iface {{ item.key }}BAT inet manual iface {{ item.key }}BAT
pre-up /sbin/ip link add name $IFACE type batadv hwaddress {{ mac | hwaddr('linux') }}
pre-up /sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE batman-ifaces {{ item.key }}0 {{ item.key }}VPN {{ item.key }}igVPN
pre-up /sbin/ip link set dev {{ item.key }}0 master $IFACE batman-hop-penalty {{ item.value.batman.hop_penalty }}
pre-up /sbin/ip link set up dev $IFACE
post-up /sbin/ip addr flush dev $IFACE
post-up /usr/sbin/batctl -m $IFACE it {{ item.value.batman.it }} post-up /usr/sbin/batctl -m $IFACE it {{ item.value.batman.it }}
post-up /usr/sbin/batctl -m $IFACE gw {{ item.value.batman.gw }} post-up /usr/sbin/batctl -m $IFACE gw {{ item.value.batman.gw }}
post-up /usr/sbin/batctl -m $IFACE mm {{ item.value.batman.mm }} post-up /usr/sbin/batctl -m $IFACE mm {{ item.value.batman.mm }}
post-up /usr/sbin/batctl -m $IFACE dat {{ item.value.batman.dat }} post-up /usr/sbin/batctl -m $IFACE dat {{ item.value.batman.dat }}
post-down /sbin/ip link set dev {{ item.key }}0 nomaster
post-down /sbin/ip link delete $IFACE 2>&1 || true

View file

@ -4,9 +4,6 @@
# {{ ansible_managed }} # {{ ansible_managed }}
# #
auto {{ item.key }}0 auto {{ item.key }}0
iface {{ item.key }}0 inet manual iface {{ item.key }}0
pre-up /sbin/ip link add $IFACE type dummy link-type dummy
pre-up /sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE hwaddress {{ mac | hwaddr('linux') }}
pre-up /sbin/ip link set up dev $IFACE
post-up /sbin/ip addr flush dev $IFACE
post-down /sbin/ip link delete $IFACE 2>&1 || true

View file

@ -1,4 +0,0 @@
#
# {{ ansible_managed }}
#
class/net/{{ item.key }}BAT/mesh/hop_penalty = 60

View file

@ -0,0 +1,5 @@
---
- name: reload network interfaces
systemd:
name: networking
state: reloaded

View file

@ -3,10 +3,12 @@
template: template:
src: fastd-mesh.j2 src: fastd-mesh.j2
dest: "/etc/network/interfaces.d/{{ item.key }}VPN" dest: "/etc/network/interfaces.d/{{ item.key }}VPN"
notify: reload network interfaces
with_dict: "{{ meshes }}" with_dict: "{{ meshes }}"
- name: create fastd intragate interfaces - name: create fastd intragate interfaces
template: template:
src: fastd-intragate.j2 src: fastd-intragate.j2
dest: "/etc/network/interfaces.d/{{ item.key }}igVPN" dest: "/etc/network/interfaces.d/{{ item.key }}igVPN"
notify: reload network interfaces
with_dict: "{{ meshes }}" with_dict: "{{ meshes }}"

View file

@ -3,8 +3,6 @@
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #
allow-hotplug {{ item.key }}igVPN auto {{ item.key }}igVPN
iface {{ item.key }}igVPN inet manual iface {{ item.key }}igVPN
pre-up /sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE hwaddress {{ mac | hwaddr('linux') }}
post-up /sbin/ip link set dev $IFACE up
post-up /sbin/ip link set dev $IFACE master {{ item.key }}BAT

View file

@ -3,8 +3,6 @@
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #
allow-hotplug {{ item.key }}VPN auto {{ item.key }}VPN
iface {{ item.key }}VPN inet manual iface {{ item.key }}VPN
pre-up /sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE hwaddress {{ mac | hwaddr('linux') }}
post-up /sbin/ip link set dev $IFACE up
post-up /sbin/ip link set dev $IFACE master {{ item.key }}BAT

View file

@ -9,43 +9,25 @@ ffrl_exit_server:
ffrl-a-ak-ber: ffrl-a-ak-ber:
public_ipv4_address: 185.66.195.0 public_ipv4_address: 185.66.195.0
tunnel_ipv4_network: # IPv4 Tunnel Transfernetz tunnel_ipv4_network: # IPv4 Tunnel Transfernetz
tunnel_ipv4_address: # Eigene Tunnel IPv4 Adresse
tunnel_ipv4_netmask: 255.255.255.254
tunnel_ipv6_network: # IPv6 Tunnel Transfernetz tunnel_ipv6_network: # IPv6 Tunnel Transfernetz
tunnel_ipv6_netmask: 64
ffrl-b-ak-ber: ffrl-b-ak-ber:
public_ipv4_address: 185.66.195.1 public_ipv4_address: 185.66.195.1
tunnel_ipv4_network: tunnel_ipv4_network:
tunnel_ipv4_address:
tunnel_ipv4_netmask: 255.255.255.254
tunnel_ipv6_network: tunnel_ipv6_network:
tunnel_ipv6_netmask: 64
ffrl-a-ix-dus: ffrl-a-ix-dus:
public_ipv4_address: 185.66.193.0 public_ipv4_address: 185.66.193.0
tunnel_ipv4_network: tunnel_ipv4_network:
tunnel_ipv4_address:
tunnel_ipv4_netmask: 255.255.255.254
tunnel_ipv6_network: tunnel_ipv6_network:
tunnel_ipv6_netmask: 64
ffrl-b-ix-dus: ffrl-b-ix-dus:
public_ipv4_address: 185.66.193.1 public_ipv4_address: 185.66.193.1
tunnel_ipv4_network: tunnel_ipv4_network:
tunnel_ipv4_address:
tunnel_ipv4_netmask: 255.255.255.254
tunnel_ipv6_network: tunnel_ipv6_network:
tunnel_ipv6_netmask: 64
ffrl-a-fra2-fra: ffrl-a-fra2-fra:
public_ipv4_address: 185.66.194.0 public_ipv4_address: 185.66.194.0
tunnel_ipv4_network: tunnel_ipv4_network:
tunnel_ipv4_address:
tunnel_ipv4_netmask: 255.255.255.254
tunnel_ipv6_network: tunnel_ipv6_network:
tunnel_ipv6_netmask: 64
ffrl-b-fra2-fra: ffrl-b-fra2-fra:
public_ipv4_address: 185.66.194.1 public_ipv4_address: 185.66.194.1
tunnel_ipv4_network: tunnel_ipv4_network:
tunnel_ipv4_address:
tunnel_ipv4_netmask: 255.255.255.254
tunnel_ipv6_network: tunnel_ipv6_network:
tunnel_ipv6_netmask: 64
´´´ ´´´

View file

@ -0,0 +1,5 @@
---
- name: reload network interfaces
systemd:
name: networking
state: reloaded

View file

@ -3,4 +3,5 @@
template: template:
src: ffrl.j2 src: ffrl.j2
dest: "/etc/network/interfaces.d/{{ item.key }}" dest: "/etc/network/interfaces.d/{{ item.key }}"
notify: reload network interfaces
with_dict: "{{ ffrl_exit_server }}" with_dict: "{{ ffrl_exit_server }}"

View file

@ -2,15 +2,15 @@
# {{ ansible_managed }} # {{ ansible_managed }}
# #
auto {{ item.key }} auto {{ item.key }}
iface {{ item.key }} inet static iface {{ item.key }} inet tunnel
address {{ item.value.tunnel_ipv4_address }} mode gre
netmask {{ item.value.tunnel_ipv4_netmask }} local {{ ansible_default_ipv4.address | ipaddr('public') | ipaddr('address') }}
pre-up /sbin/ip tunnel add $IFACE mode gre local {{ ansible_default_ipv4.address | ipaddr('public') }} remote {{ item.value.public_ipv4_address | ipaddr('public') }} ttl 255 endpoint {{ item.value.public_ipv4_address | ipaddr('public') | ipaddr('address') }}
post-up /sbin/ip link set $IFACE mtu 1400
post-up /sbin/ip addr add {{ ffrl_public_ipv4_nat }}/32 dev $IFACE
post-down /sbin/ip tunnel del $IFACE
iface {{ item.key }} inet6 static ttl 64
address {{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('2') | ipaddr('address') }} mtu 1400
netmask {{ item.value.tunnel_ipv6_netmask }} tunnel-physdev {{ ansible_default_ipv4.interface }}
address {{ item.value.tunnel_ipv4_network | ipaddr('net') | ipaddr('1') | ipaddr('address') }}/{{ item.value.tunnel_ipv4_network | ipaddr('net') | ipaddr('prefix') }}
address {{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('2') | ipaddr('address') }}/{{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('prefix') }}
address {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }}

View file

@ -26,4 +26,4 @@ meshes:
´´´ ´´´
- Variable `internet_exit_mtu_ipv4` - Variable `internet_exit_mtu_ipv4`
- Variable `internet_exit_mtu_ipv6` - Variable `internet_exit_mtu_ipv6`
- Host Variable `ffrl_public_ipv4_nat` - Host Variable `ffrl_public_ipv4_nat` # Format ip-adresse/prefix

View file

@ -34,5 +34,5 @@ COMMIT
{% for mesh_id, mesh_value in meshes.iteritems() %} {% for mesh_id, mesh_value in meshes.iteritems() %}
-A POSTROUTING -s {{ mesh_value.ipv4_network | ipaddr('private') | ipaddr('net') }} -o ffrl+ -j ffrl-nat -A POSTROUTING -s {{ mesh_value.ipv4_network | ipaddr('private') | ipaddr('net') }} -o ffrl+ -j ffrl-nat
{% endfor %} {% endfor %}
-A ffrl-nat -o ffrl+ -j SNAT --to-source {{ ffrl_public_ipv4_nat }} -A ffrl-nat -o ffrl+ -j SNAT --to-source {{ ffrl_public_ipv4_nat | ipaddr('address') }}
COMMIT COMMIT

View file

@ -3,3 +3,8 @@
systemd: systemd:
name: sysfsutils name: sysfsutils
state: restarted state: restarted
- name: reload network interfaces
systemd:
name: networking
state: reloaded

View file

@ -3,6 +3,7 @@
template: template:
src: bridge.j2 src: bridge.j2
dest: "/etc/network/interfaces.d/{{ item.key }}BR" dest: "/etc/network/interfaces.d/{{ item.key }}BR"
notify: reload network interfaces
with_dict: "{{ meshes }}" with_dict: "{{ meshes }}"
- name: set sysfs variables - name: set sysfs variables

View file

@ -4,19 +4,12 @@
# {{ ansible_managed }} # {{ ansible_managed }}
# #
auto {{ item.key }}BR auto {{ item.key }}BR
iface {{ item.key }}BR inet manual iface {{ item.key }}BR
address {{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }} hwaddress {{ mac | hwaddr('linux') }}
network {{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('network') }} address {{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}/{{ item.value.ipv4_network | ipaddr('net') | ipaddr('prefix') }}
netmask {{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('netmask') }}
broadcast {{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('broadcast') }}
pre-up /sbin/ip link add name $IFACE type bridge
pre-up /sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE
pre-up /sbin/ip link set dev {{ item.key }}BAT master $IFACE
pre-up /sbin/ip link set up dev $IFACE
{% for ip_type, ip_list in item.value.ipv6.iteritems() %} {% for ip_type, ip_list in item.value.ipv6.iteritems() %}
{% for ip in ip_list %} {% for ip in ip_list %}
up /sbin/ip address add {{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) }} dev $IFACE address {{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}/{{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr('prefix') }}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
post-down /sbin/ip link set dev {{ item.key }}BAT nomaster bridge-ports {{ item.key }}BAT
post-down /sbin/ip link delete $IFACE 2>&1 || true

View file

@ -2,6 +2,7 @@
packages: packages:
- apt-transport-https - apt-transport-https
- bridge-utils - bridge-utils
- ethtool
- ifupdown2 - ifupdown2
- man-db - man-db
- mlocate - mlocate

View file

@ -23,47 +23,29 @@ ffrl_exit_server:
ffrl-a-ak-ber: ffrl-a-ak-ber:
public_ipv4_address: 185.66.195.0 public_ipv4_address: 185.66.195.0
tunnel_ipv4_network: # Tunnel-Netzwerk in CIDR tunnel_ipv4_network: # Tunnel-Netzwerk in CIDR
tunnel_ipv4_address: # Eigene Tunnel IPv4 Adresse
tunnel_ipv4_netmask: 255.255.255.254
tunnel_ipv6_network: # IPv6 Transfernetz tunnel_ipv6_network: # IPv6 Transfernetz
tunnel_ipv6_netmask: 64
ffrl-b-ak-ber: ffrl-b-ak-ber:
public_ipv4_address: 185.66.195.1 public_ipv4_address: 185.66.195.1
tunnel_ipv4_network: tunnel_ipv4_network:
tunnel_ipv4_address:
tunnel_ipv4_netmask: 255.255.255.254
tunnel_ipv6_network: tunnel_ipv6_network:
tunnel_ipv6_netmask: 64
ffrl-a-ix-dus: ffrl-a-ix-dus:
public_ipv4_address: 185.66.193.0 public_ipv4_address: 185.66.193.0
tunnel_ipv4_network: tunnel_ipv4_network:
tunnel_ipv4_address:
tunnel_ipv4_netmask: 255.255.255.254
tunnel_ipv6_network: tunnel_ipv6_network:
tunnel_ipv6_netmask: 64
ffrl-b-ix-dus: ffrl-b-ix-dus:
public_ipv4_address: 185.66.193.1 public_ipv4_address: 185.66.193.1
tunnel_ipv4_network: tunnel_ipv4_network:
tunnel_ipv4_address:
tunnel_ipv4_netmask: 255.255.255.254
tunnel_ipv6_network: tunnel_ipv6_network:
tunnel_ipv6_netmask: 64
ffrl-a-fra2-fra: ffrl-a-fra2-fra:
public_ipv4_address: 185.66.194.0 public_ipv4_address: 185.66.194.0
tunnel_ipv4_network: tunnel_ipv4_network:
tunnel_ipv4_address:
tunnel_ipv4_netmask: 255.255.255.254
tunnel_ipv6_network: tunnel_ipv6_network:
tunnel_ipv6_netmask: 64
ffrl-b-fra2-fra: ffrl-b-fra2-fra:
public_ipv4_address: 185.66.194.1 public_ipv4_address: 185.66.194.1
tunnel_ipv4_network: tunnel_ipv4_network:
tunnel_ipv4_address:
tunnel_ipv4_netmask: 255.255.255.254
tunnel_ipv6_network: tunnel_ipv6_network:
tunnel_ipv6_netmask: 64
´´´ ´´´
- Host Variable `ffrl_public_ipv4_nat` # IPv4 NAT Adresse für das Gateway - Host Variable `ffrl_public_ipv4_nat` # Format ip-adresse/prefix
- Host Variable `magic` - Host Variable `magic`
## Benötigte roles ## Benötigte roles

View file

@ -4,7 +4,7 @@
# Variables # Variables
define ffrl_as = {{ as_public_ffrl }}; define ffrl_as = {{ as_public_ffrl }};
define ffrl_nat_address = {{ ffrl_public_ipv4_nat }}; define ffrl_nat_address = {{ ffrl_public_ipv4_nat | ipaddr('address') }};
# Routing Table # Routing Table
table ffrl; table ffrl;
@ -12,7 +12,7 @@ table ffrl;
# Functions # Functions
function is_ffrl_nat() { function is_ffrl_nat() {
return net ~ [ return net ~ [
{{ ffrl_public_ipv4_nat }} {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }}
]; ];
} }
@ -38,7 +38,7 @@ filter ebgp_ffrl_export_filter {
# Protocols # Protocols
protocol static ffrl_uplink_hostroute { protocol static ffrl_uplink_hostroute {
table ffrl; table ffrl;
route {{ ffrl_public_ipv4_nat }}/32 reject; route {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }} reject;
} }
protocol direct ffrl_tunnels { protocol direct ffrl_tunnels {

View file

@ -4,8 +4,8 @@
{% for peer_id, peer_value in ffrl_exit_server.iteritems() %} {% for peer_id, peer_value in ffrl_exit_server.iteritems() %}
protocol bgp '{{ peer_id }}' from ffrl_uplink { protocol bgp '{{ peer_id }}' from ffrl_uplink {
source address {{ peer_value.tunnel_ipv4_address | ipaddr('address') }}; source address {{ peer_value.tunnel_ipv4_network | ipaddr('net') | ipaddr('1') | ipaddr('address') }};
neighbor {{ peer_value.tunnel_ipv4_network | ipaddr('address') }} as ffrl_as; neighbor {{ peer_value.tunnel_ipv4_network | ipaddr('net') | ipaddr('address') }} as ffrl_as;
}; };
{% if not loop.last %} {% if not loop.last %}

View file

@ -1,3 +1,5 @@
{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set mac = '0212' + ip4hex -%}
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #
@ -20,4 +22,16 @@ peer group "servers" {
include peers from "peers/services"; include peers from "peers/services";
} }
on up "
ip link set $INTERFACE down
ip link set address {{ mac }} dev $INTERFACE
ip link set $INTERFACE up
batctl -m {{ item.key }}BAT if add $INTERFACE
";
on down "
batctl -m {{ item.key }}BAT if del $INTERFACE
";
status socket "/var/run/fastd-{{ item.key }}ig.status"; status socket "/var/run/fastd-{{ item.key }}ig.status";

View file

@ -1,3 +1,5 @@
{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set mac = '0211' + ip4hex -%}
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #
@ -27,4 +29,16 @@ peer group "servers" {
include peers from "peers/servers"; include peers from "peers/servers";
} }
on up "
ip link set $INTERFACE down
ip link set address {{ mac }} dev $INTERFACE
ip link set $INTERFACE up
batctl -m {{ item.key }}BAT if add $INTERFACE
";
on down "
batctl -m {{ item.key }}BAT if del $INTERFACE
";
status socket "/var/run/fastd-{{ item.key }}.status"; status socket "/var/run/fastd-{{ item.key }}.status";

View file

@ -22,5 +22,5 @@ meshes:
iface_mtu: # integer iface_mtu: # integer
´´´ ´´´
- Host Variable `magic` - Host Variable `magic`
- Host Variable `ffrl_public_ipv4_nat` - Host Variable `ffrl_public_ipv4_nat` # Format ip-adresse/prefix
- Host Dictionary `ffrl_exit_server` - Host Dictionary `ffrl_exit_server`

View file

@ -64,8 +64,8 @@ ip -6 rule add to {{ public }} lookup internet priority 41
{% endfor %} {% endfor %}
ip -6 rule add from all oif {{ key }}BR lookup internet priority 41 ip -6 rule add from all oif {{ key }}BR lookup internet priority 41
{% endfor %} {% endfor %}
ip -4 rule add from {{ ffrl_public_ipv4_nat }}/32 lookup internet priority 41 ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }} lookup internet priority 41
ip -4 rule add to {{ ffrl_public_ipv4_nat }}/32 lookup internet priority 41 ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }} lookup internet priority 41
# Priority 61 - at this point this is the end of policy routing for freifunk related routes # Priority 61 - at this point this is the end of policy routing for freifunk related routes
{% for key, value in meshes.iteritems() %} {% for key, value in meshes.iteritems() %}