Update fastd peer limit configuration

* add list of legacy gateways (temporarily)
 * change backend-scripts branch to ansible
 * Role server-basic: ensure ffmwu config directory is present
 * Role service-fastd: add fastd-status script
 * role service-fastd-mesh: add templating for fastd peer limit
configuration

inventory/group_vars/all

@@ -161,3 +161,8 @@ bgp_mwu_servers:
   suesskartoffel:
     ipv4: 10.37.1.4
     ipv6: fd37:b4dc:4b1e::a25:104
+
+legacy_gateways:
+  - ingwer
+  - lotuswurzel
+  - spinat

roles/git-repos/vars/main.yml

@@ -2,7 +2,7 @@
 common_repos:
   backend-scripts:
     repo_url: https://github.com/freifunk-mwu/backend-scripts.git
-    version: drop-photon
+    version: ansible
   icvpn-meta:
     repo_url: https://github.com/freifunk/icvpn-meta.git
     version: master

roles/server-basic/tasks/main.yml

@@ -13,3 +13,11 @@
 - name: set timezone to Europe/Berlin
   timezone:
     name: Europe/Berlin
+
+- name: create ffmwu custom config dir
+  file:
+    path: /home/admin/.config
+    state: directory
+    owner: admin
+    group: admin
+    mode: 0750

roles/service-fastd-mesh/tasks/main.yml

@@ -112,6 +112,14 @@
     mode: 0644
   notify: reload systemd
 
+- name: write configuration for fastd-peer-limit-update script
+  template:
+    src: fastd_peer_limit_config.yaml.j2
+    dest: /home/admin/.config/fastd_peer_limit_config.yaml
+    owner: admin
+    group: admin
+    mode: 0644
+
 - name: write systemd unit fastd-peer-limit-update.service
   template:
     src: fastd-peer-limit-update.service.j2

roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2

@@ -0,0 +1,26 @@
+#
+# {{ ansible_managed }}
+#
+ansible_gate: True
+additional: 8
+fastd_instances:
+{% for mesh in meshes %}
+{% for instance in mesh.fastd.nodes.instances %}
+  - {{ mesh.id }}VPN-{{ instance.mtu }}
+{% endfor %}
+{% endfor %}
+cronlog: '/home/admin/.cronlog/limit.%s.log'
+fastd_config: '/etc/fastd/%s/peer_limit.conf'
+fastd_status: '/usr/local/bin/fastd-status'
+gateways:
+{% for gateway in groups['ffmwu-gateways'] %}
+  - {{ gateway.rstrip('.freifunk-mwu.de') }}
+{% endfor %}
+{% for gateway in legacy_gateways %}
+  - {{ gateway }}
+{% endfor %}
+restart_max: 43200
+stat: 'fastd_status.json'
+stat_ext: 'http://%s.freifunk-mwu.de/%s'
+stat_local: '/var/www/html/%s'
+timeout: 900

roles/service-fastd/files/fastd-status

@@ -0,0 +1,17 @@
+#!/usr/bin/perl -w
+
+use strict;
+
+use IO::Socket::UNIX qw( SOCK_STREAM );
+
+$ARGV[0] or die("Usage: fastd-status <socket>\n");
+
+my $socket = IO::Socket::UNIX->new(
+   Type => SOCK_STREAM,
+   Peer => $ARGV[0],
+)
+   or die("Can't connect to server: $!\n");
+
+foreach my $line (<$socket>) {
+        print $line;
+}

roles/service-fastd/tasks/main.yml

@@ -20,3 +20,11 @@
     group: root
     mode: 0644
   notify: reload systemd
+
+- name: copy fastd status script
+  copy:
+    src: fastd-status
+    dest: /usr/local/bin/fastd-status
+    owner: root
+    group: root
+    mode: 0755