Restructure network interfaces in order to use ifupdown2

- rewrite interface templates for batman, fastd, ffrl and meshbridge
- add package ethtool to role server-basic
- use more ipaddr filters and get rid of unneeded variables in dict
ffrl_exit_server
- change ffrl_public_ipv4_nat variable to ip/prefix format
- update readme files

inventory/group_vars/all

@@ -35,6 +35,7 @@ meshes:
       gw: server 96mbit/96mbit
       mm: 0
       dat: 0
+      hop_penalty: 60
     iface_mtu: 1350
     peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffmz.git
     peers_intragate_repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
@@ -66,6 +67,7 @@ meshes:
       gw: server 96mbit/96mbit
       mm: 0
       dat: 0
+      hop_penalty: 60
     iface_mtu: 1350
     peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffwi.git
     peers_intragate_repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git

roles/network-batman/handlers/main.yml

@@ -1,5 +1,5 @@
 ---
-- name: activate sysfs variables
+- name: reload network interfaces
   systemd:
-    name: sysfsutils
-    state: restarted
+    name: networking
+    state: reloaded

roles/network-batman/tasks/main.yml

@@ -3,17 +3,12 @@
   template:
     src: dummy.j2
     dest: "/etc/network/interfaces.d/{{ item.key }}0"
+  notify: reload network interfaces
   with_dict: "{{ meshes }}"
 
 - name: create batman interfaces
   template:
     src: batman.j2
     dest: "/etc/network/interfaces.d/{{ item.key }}BAT"
+  notify: reload network interfaces
   with_dict: "{{ meshes }}"
-
-- name: set sysfs variables
-  template:
-    src: sysfs.j2
-    dest: "/etc/sysfs.d/99-{{ item.key }}BAT.conf"
-  with_dict: "{{ meshes }}"
-  notify: activate sysfs variables

roles/network-batman/templates/batman.j2

@@ -4,15 +4,11 @@
 # {{ ansible_managed }}
 #
 auto {{ item.key }}BAT
-iface {{ item.key }}BAT inet manual
-	pre-up		/sbin/ip link add name $IFACE type batadv
-	pre-up		/sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE
-	pre-up		/sbin/ip link set dev {{ item.key }}0 master $IFACE
-	pre-up		/sbin/ip link set up dev $IFACE
-	post-up		/sbin/ip addr flush dev $IFACE
+iface {{ item.key }}BAT
+    hwaddress {{ mac | hwaddr('linux') }}
+    batman-ifaces {{ item.key }}0 {{ item.key }}VPN {{ item.key }}igVPN
+    batman-hop-penalty {{ item.value.batman.hop_penalty }}
     post-up /usr/sbin/batctl -m $IFACE it {{ item.value.batman.it }}
     post-up /usr/sbin/batctl -m $IFACE gw {{ item.value.batman.gw }}
     post-up /usr/sbin/batctl -m $IFACE mm {{ item.value.batman.mm }}
     post-up /usr/sbin/batctl -m $IFACE dat {{ item.value.batman.dat }}
-	post-down	/sbin/ip link set dev {{ item.key }}0 nomaster
-	post-down	/sbin/ip link delete $IFACE 2>&1 || true

roles/network-batman/templates/dummy.j2

@@ -4,9 +4,6 @@
 # {{ ansible_managed }}
 #
 auto {{ item.key }}0
-iface {{ item.key }}0 inet manual
-	pre-up		/sbin/ip link add $IFACE type dummy
-	pre-up		/sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE
-	pre-up		/sbin/ip link set up dev $IFACE
-	post-up		/sbin/ip addr flush dev $IFACE
-	post-down	/sbin/ip link delete $IFACE 2>&1 || true
+iface {{ item.key }}0
+    link-type dummy
+    hwaddress {{ mac | hwaddr('linux') }}

roles/network-batman/templates/sysfs.j2

@@ -1,4 +0,0 @@
-#
-# {{ ansible_managed }}
-#
-class/net/{{ item.key }}BAT/mesh/hop_penalty = 60

roles/network-fastd/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: reload network interfaces
+  systemd:
+    name: networking
+    state: reloaded

roles/network-fastd/tasks/main.yml

@@ -3,10 +3,12 @@
   template:
     src: fastd-mesh.j2
     dest: "/etc/network/interfaces.d/{{ item.key }}VPN"
+  notify: reload network interfaces
   with_dict: "{{ meshes }}"
 
 - name: create fastd intragate interfaces
   template:
     src: fastd-intragate.j2
     dest: "/etc/network/interfaces.d/{{ item.key }}igVPN"
+  notify: reload network interfaces
   with_dict: "{{ meshes }}"

roles/network-fastd/templates/fastd-intragate.j2

@@ -3,8 +3,6 @@
 #
 # {{ ansible_managed }}
 #
-allow-hotplug {{ item.key }}igVPN
-iface {{ item.key }}igVPN inet manual
-	pre-up		/sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE
-	post-up		/sbin/ip link set dev $IFACE up
-	post-up		/sbin/ip link set dev $IFACE master {{ item.key }}BAT
+auto {{ item.key }}igVPN
+iface {{ item.key }}igVPN
+    hwaddress {{ mac | hwaddr('linux') }}

roles/network-fastd/templates/fastd-mesh.j2

@@ -3,8 +3,6 @@
 #
 # {{ ansible_managed }}
 #
-allow-hotplug {{ item.key }}VPN
-iface {{ item.key }}VPN inet manual
-	pre-up		/sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE
-	post-up		/sbin/ip link set dev $IFACE up
-	post-up		/sbin/ip link set dev $IFACE master {{ item.key }}BAT
+auto {{ item.key }}VPN
+iface {{ item.key }}VPN
+    hwaddress {{ mac | hwaddr('linux') }}

roles/network-ffrl/README.md

@@ -9,43 +9,25 @@ ffrl_exit_server:
   ffrl-a-ak-ber:
     public_ipv4_address: 185.66.195.0
     tunnel_ipv4_network: # IPv4 Tunnel Transfernetz
-    tunnel_ipv4_address: # Eigene Tunnel IPv4 Adresse
-    tunnel_ipv4_netmask: 255.255.255.254
     tunnel_ipv6_network: # IPv6 Tunnel Transfernetz
-    tunnel_ipv6_netmask: 64
   ffrl-b-ak-ber:
     public_ipv4_address: 185.66.195.1
     tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
     tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
   ffrl-a-ix-dus:
     public_ipv4_address: 185.66.193.0
     tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
     tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
   ffrl-b-ix-dus:
     public_ipv4_address: 185.66.193.1
     tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
     tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
   ffrl-a-fra2-fra:
     public_ipv4_address: 185.66.194.0
     tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
     tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
   ffrl-b-fra2-fra:
     public_ipv4_address: 185.66.194.1
     tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
     tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
 ´´´

roles/network-ffrl/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: reload network interfaces
+  systemd:
+    name: networking
+    state: reloaded

roles/network-ffrl/tasks/main.yml

@@ -3,4 +3,5 @@
   template:
     src: ffrl.j2
     dest: "/etc/network/interfaces.d/{{ item.key }}"
+  notify: reload network interfaces
   with_dict: "{{ ffrl_exit_server }}"

roles/network-ffrl/templates/ffrl.j2

@@ -2,15 +2,15 @@
 # {{ ansible_managed }}
 #
 auto {{ item.key }}
-iface {{ item.key }} inet static
-        address {{ item.value.tunnel_ipv4_address }}
-        netmask {{ item.value.tunnel_ipv4_netmask }}
-        pre-up          /sbin/ip tunnel add $IFACE mode gre local {{ ansible_default_ipv4.address | ipaddr('public') }} remote {{ item.value.public_ipv4_address | ipaddr('public') }} ttl 255
-        post-up         /sbin/ip link set $IFACE mtu 1400
-        post-up         /sbin/ip addr add {{ ffrl_public_ipv4_nat }}/32 dev $IFACE
-        post-down       /sbin/ip tunnel del $IFACE
+iface {{ item.key }} inet tunnel
+    mode gre
+    local {{ ansible_default_ipv4.address | ipaddr('public') | ipaddr('address') }}
+    endpoint {{ item.value.public_ipv4_address | ipaddr('public') | ipaddr('address') }}
 
-iface {{ item.key }} inet6 static
-        address {{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('2') | ipaddr('address')  }}
-        netmask {{ item.value.tunnel_ipv6_netmask }}
+    ttl 64
+    mtu 1400
+    tunnel-physdev {{ ansible_default_ipv4.interface }}
 
+    address {{ item.value.tunnel_ipv4_network | ipaddr('net') | ipaddr('1') | ipaddr('address') }}/{{ item.value.tunnel_ipv4_network | ipaddr('net') | ipaddr('prefix') }}
+    address {{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('2') | ipaddr('address')  }}/{{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('prefix') }}
+    address {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }}

roles/network-iptables-gateway/README.md

@@ -26,4 +26,4 @@ meshes:
 ´´´
 - Variable `internet_exit_mtu_ipv4`
 - Variable `internet_exit_mtu_ipv6`
-- Host Variable `ffrl_public_ipv4_nat`
+- Host Variable `ffrl_public_ipv4_nat` # Format ip-adresse/prefix

roles/network-iptables-gateway/templates/rules.v4.j2

@@ -34,5 +34,5 @@ COMMIT
 {% for mesh_id, mesh_value in meshes.iteritems() %}
 -A POSTROUTING -s {{ mesh_value.ipv4_network | ipaddr('private') | ipaddr('net') }} -o ffrl+ -j ffrl-nat
 {% endfor %}
--A ffrl-nat -o ffrl+ -j SNAT --to-source {{ ffrl_public_ipv4_nat }}
+-A ffrl-nat -o ffrl+ -j SNAT --to-source {{ ffrl_public_ipv4_nat | ipaddr('address') }}
 COMMIT

roles/network-meshbridge/handlers/main.yml

@@ -3,3 +3,8 @@
   systemd:
     name: sysfsutils
     state: restarted
+
+- name: reload network interfaces
+  systemd:
+    name: networking
+    state: reloaded

roles/network-meshbridge/tasks/main.yml

@@ -3,6 +3,7 @@
   template:
     src: bridge.j2
     dest: "/etc/network/interfaces.d/{{ item.key }}BR"
+  notify: reload network interfaces
   with_dict: "{{ meshes }}"
 
 - name: set sysfs variables

roles/network-meshbridge/templates/bridge.j2

@@ -4,19 +4,12 @@
 # {{ ansible_managed }}
 #
 auto {{ item.key }}BR
-iface {{ item.key }}BR inet manual
-	address		{{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}
-	network		{{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('network') }}
-	netmask		{{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('netmask') }}
-	broadcast	{{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('broadcast') }}
-	pre-up		/sbin/ip link add name $IFACE type bridge
-	pre-up		/sbin/ip link set address {{ mac | hwaddr('linux') }} dev $IFACE
-	pre-up		/sbin/ip link set dev {{ item.key }}BAT master $IFACE
-	pre-up		/sbin/ip link set up dev $IFACE
+iface {{ item.key }}BR
+    hwaddress {{ mac | hwaddr('linux') }}
+    address {{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}/{{ item.value.ipv4_network | ipaddr('net') | ipaddr('prefix') }}
 {% for ip_type, ip_list in item.value.ipv6.iteritems() %}
 {% for ip in ip_list %}
-	up		/sbin/ip address add {{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) }} dev $IFACE
+    address {{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}/{{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr('prefix') }}
 {% endfor %}
 {% endfor %}
-	post-down	/sbin/ip link set dev {{ item.key }}BAT nomaster
-	post-down	/sbin/ip link delete $IFACE 2>&1 || true
+    bridge-ports {{ item.key }}BAT

roles/server-basic/vars/main.yml

@@ -2,6 +2,7 @@
 packages:
   - apt-transport-https
   - bridge-utils
+  - ethtool
   - ifupdown2
   - man-db
   - mlocate

roles/service-bird-ffrl/README.md

@@ -23,47 +23,29 @@ ffrl_exit_server:
   ffrl-a-ak-ber:
     public_ipv4_address: 185.66.195.0
     tunnel_ipv4_network: # Tunnel-Netzwerk in CIDR
-    tunnel_ipv4_address: # Eigene Tunnel IPv4 Adresse
-    tunnel_ipv4_netmask: 255.255.255.254
     tunnel_ipv6_network: # IPv6 Transfernetz
-    tunnel_ipv6_netmask: 64
   ffrl-b-ak-ber:
     public_ipv4_address: 185.66.195.1
     tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
     tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
   ffrl-a-ix-dus:
     public_ipv4_address: 185.66.193.0
     tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
     tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
   ffrl-b-ix-dus:
     public_ipv4_address: 185.66.193.1
     tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
     tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
   ffrl-a-fra2-fra:
     public_ipv4_address: 185.66.194.0
     tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
     tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
   ffrl-b-fra2-fra:
     public_ipv4_address: 185.66.194.1
     tunnel_ipv4_network:
-    tunnel_ipv4_address:
-    tunnel_ipv4_netmask: 255.255.255.254
     tunnel_ipv6_network:
-    tunnel_ipv6_netmask: 64
 ´´´
-- Host Variable `ffrl_public_ipv4_nat` # IPv4 NAT Adresse für das Gateway
+- Host Variable `ffrl_public_ipv4_nat` # Format ip-adresse/prefix
 - Host Variable `magic`
 
 ## Benötigte roles

roles/service-bird-ffrl/templates/ffrl_ipv4.conf.j2

@@ -4,7 +4,7 @@
 
 # Variables
 define ffrl_as = {{ as_public_ffrl }};
-define ffrl_nat_address = {{ ffrl_public_ipv4_nat }};
+define ffrl_nat_address = {{ ffrl_public_ipv4_nat | ipaddr('address') }};
 
 # Routing Table
 table ffrl;
@@ -12,7 +12,7 @@ table ffrl;
 # Functions
 function is_ffrl_nat() {
     return net ~ [
-        {{ ffrl_public_ipv4_nat }}
+        {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }}
     ];
 }
 
@@ -38,7 +38,7 @@ filter ebgp_ffrl_export_filter {
 # Protocols
 protocol static ffrl_uplink_hostroute {
     table ffrl;
-    route {{ ffrl_public_ipv4_nat }}/32 reject;
+    route {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }} reject;
 }
 
 protocol direct ffrl_tunnels {

roles/service-bird-ffrl/templates/ffrl_ipv4_peers.conf.j2

@@ -4,8 +4,8 @@
 
 {% for peer_id, peer_value in ffrl_exit_server.iteritems() %}
 protocol bgp '{{ peer_id }}' from ffrl_uplink {
-    source address {{ peer_value.tunnel_ipv4_address | ipaddr('address') }};
-    neighbor {{ peer_value.tunnel_ipv4_network | ipaddr('address') }} as ffrl_as;
+    source address {{ peer_value.tunnel_ipv4_network | ipaddr('net') | ipaddr('1') | ipaddr('address') }};
+    neighbor {{ peer_value.tunnel_ipv4_network | ipaddr('net') | ipaddr('address') }} as ffrl_as;
 };
 {% if not loop.last %}
 

roles/service-fastd-intragate/templates/fastd-intragate.conf.j2

@@ -1,3 +1,5 @@
+{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
+{% set mac = '0212' + ip4hex -%}
 #
 # {{ ansible_managed }}
 #
@@ -20,4 +22,16 @@ peer group "servers" {
     include peers from "peers/services";
 }
 
+on up "
+    ip link set $INTERFACE down
+    ip link set address {{ mac }} dev $INTERFACE
+    ip link set $INTERFACE up
+
+    batctl -m {{ item.key }}BAT if add $INTERFACE
+";
+
+on down "
+    batctl -m {{ item.key }}BAT if del $INTERFACE
+";
+
 status socket "/var/run/fastd-{{ item.key }}ig.status";

roles/service-fastd-mesh/templates/fastd-mesh.conf.j2

@@ -1,3 +1,5 @@
+{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
+{% set mac = '0211' + ip4hex -%}
 #
 # {{ ansible_managed }}
 #
@@ -27,4 +29,16 @@ peer group "servers" {
     include peers from "peers/servers";
 }
 
+on up "
+    ip link set $INTERFACE down
+    ip link set address {{ mac }} dev $INTERFACE
+    ip link set $INTERFACE up
+
+    batctl -m {{ item.key }}BAT if add $INTERFACE
+";
+
+on down "
+    batctl -m {{ item.key }}BAT if del $INTERFACE
+";
+
 status socket "/var/run/fastd-{{ item.key }}.status";

roles/service-rclocal/README.md

@@ -22,5 +22,5 @@ meshes:
     iface_mtu: # integer
 ´´´
 - Host Variable `magic`
-- Host Variable `ffrl_public_ipv4_nat`
+- Host Variable `ffrl_public_ipv4_nat` # Format ip-adresse/prefix
 - Host Dictionary `ffrl_exit_server`

roles/service-rclocal/templates/rc.local.j2

@@ -64,8 +64,8 @@ ip -6 rule add to {{ public }} lookup internet priority 41
 {% endfor %}
 ip -6 rule add from all oif {{ key }}BR lookup internet priority 41
 {% endfor %}
-ip -4 rule add from {{ ffrl_public_ipv4_nat }}/32 lookup internet priority 41
-ip -4 rule add to {{ ffrl_public_ipv4_nat }}/32 lookup internet priority 41
+ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }} lookup internet priority 41
+ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }} lookup internet priority 41
 
 # Priority 61 - at this point this is the end of policy routing for freifunk related routes
 {% for key, value in meshes.iteritems() %}