From 387f3bbf6b88d3d93b77cfdb28e973b2b0daac50 Mon Sep 17 00:00:00 2001
From: Tobias Hachmer <tobias@hachmer.de>
Date: Mon, 6 Nov 2017 17:41:17 +0100
Subject: [PATCH] Update fastd peer limit configuration

 * add list of legacy gateways (temporarily)
 * change backend-scripts branch to ansible
 * Role server-basic: ensure ffmwu config directory is present
 * Role service-fastd: add fastd-status script
 * role service-fastd-mesh: add templating for fastd peer limit
configuration
---
 inventory/group_vars/all                      |  5 ++++
 roles/git-repos/vars/main.yml                 |  2 +-
 roles/server-basic/tasks/main.yml             |  8 ++++++
 roles/service-fastd-mesh/tasks/main.yml       |  8 ++++++
 .../templates/fastd_peer_limit_config.yaml.j2 | 26 +++++++++++++++++++
 roles/service-fastd/files/fastd-status        | 17 ++++++++++++
 roles/service-fastd/tasks/main.yml            |  8 ++++++
 7 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2
 create mode 100644 roles/service-fastd/files/fastd-status

diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index 14e0724..a1ccb15 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -161,3 +161,8 @@ bgp_mwu_servers:
   suesskartoffel:
     ipv4: 10.37.1.4
     ipv6: fd37:b4dc:4b1e::a25:104
+
+legacy_gateways:
+  - ingwer
+  - lotuswurzel
+  - spinat
diff --git a/roles/git-repos/vars/main.yml b/roles/git-repos/vars/main.yml
index 432e906..57b5cad 100644
--- a/roles/git-repos/vars/main.yml
+++ b/roles/git-repos/vars/main.yml
@@ -2,7 +2,7 @@
 common_repos:
   backend-scripts:
     repo_url: https://github.com/freifunk-mwu/backend-scripts.git
-    version: drop-photon
+    version: ansible
   icvpn-meta:
     repo_url: https://github.com/freifunk/icvpn-meta.git
     version: master
diff --git a/roles/server-basic/tasks/main.yml b/roles/server-basic/tasks/main.yml
index 3c186b9..1de5f78 100644
--- a/roles/server-basic/tasks/main.yml
+++ b/roles/server-basic/tasks/main.yml
@@ -13,3 +13,11 @@
 - name: set timezone to Europe/Berlin
   timezone:
     name: Europe/Berlin
+
+- name: create ffmwu custom config dir
+  file:
+    path: /home/admin/.config
+    state: directory
+    owner: admin
+    group: admin
+    mode: 0750
diff --git a/roles/service-fastd-mesh/tasks/main.yml b/roles/service-fastd-mesh/tasks/main.yml
index 237652c..2c2376d 100644
--- a/roles/service-fastd-mesh/tasks/main.yml
+++ b/roles/service-fastd-mesh/tasks/main.yml
@@ -112,6 +112,14 @@
     mode: 0644
   notify: reload systemd
 
+- name: write configuration for fastd-peer-limit-update script
+  template:
+    src: fastd_peer_limit_config.yaml.j2
+    dest: /home/admin/.config/fastd_peer_limit_config.yaml
+    owner: admin
+    group: admin
+    mode: 0644
+
 - name: write systemd unit fastd-peer-limit-update.service
   template:
     src: fastd-peer-limit-update.service.j2
diff --git a/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2 b/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2
new file mode 100644
index 0000000..c5a5c17
--- /dev/null
+++ b/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2
@@ -0,0 +1,26 @@
+#
+# {{ ansible_managed }}
+#
+ansible_gate: True
+additional: 8
+fastd_instances:
+{% for mesh in meshes %}
+{% for instance in mesh.fastd.nodes.instances %}
+  - {{ mesh.id }}VPN-{{ instance.mtu }}
+{% endfor %}
+{% endfor %}
+cronlog: '/home/admin/.cronlog/limit.%s.log'
+fastd_config: '/etc/fastd/%s/peer_limit.conf'
+fastd_status: '/usr/local/bin/fastd-status'
+gateways:
+{% for gateway in groups['ffmwu-gateways'] %}
+  - {{ gateway.rstrip('.freifunk-mwu.de') }}
+{% endfor %}
+{% for gateway in legacy_gateways %}
+  - {{ gateway }}
+{% endfor %}
+restart_max: 43200
+stat: 'fastd_status.json'
+stat_ext: 'http://%s.freifunk-mwu.de/%s'
+stat_local: '/var/www/html/%s'
+timeout: 900
diff --git a/roles/service-fastd/files/fastd-status b/roles/service-fastd/files/fastd-status
new file mode 100644
index 0000000..286b026
--- /dev/null
+++ b/roles/service-fastd/files/fastd-status
@@ -0,0 +1,17 @@
+#!/usr/bin/perl -w
+
+use strict;
+
+use IO::Socket::UNIX qw( SOCK_STREAM );
+
+$ARGV[0] or die("Usage: fastd-status <socket>\n");
+
+my $socket = IO::Socket::UNIX->new(
+   Type => SOCK_STREAM,
+   Peer => $ARGV[0],
+)
+   or die("Can't connect to server: $!\n");
+
+foreach my $line (<$socket>) {
+        print $line;
+}
diff --git a/roles/service-fastd/tasks/main.yml b/roles/service-fastd/tasks/main.yml
index 7d731fb..dcd65ad 100644
--- a/roles/service-fastd/tasks/main.yml
+++ b/roles/service-fastd/tasks/main.yml
@@ -20,3 +20,11 @@
     group: root
     mode: 0644
   notify: reload systemd
+
+- name: copy fastd status script
+  copy:
+    src: fastd-status
+    dest: /usr/local/bin/fastd-status
+    owner: root
+    group: root
+    mode: 0755