Update fastd peer limit configuration

* add list of legacy gateways (temporarily) * change backend-scripts branch to ansible * Role server-basic: ensure ffmwu config directory is present * Role service-fastd: add fastd-status script * role service-fastd-mesh: add templating for fastd peer limit configuration
2017-11-06 17:41:17 +01:00 · 2017-11-06 17:41:17 +01:00 · 387f3bbf6b
commit 387f3bbf6b
parent 67c915e877
7 changed files with 73 additions and 1 deletions
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@ -161,3 +161,8 @@ bgp_mwu_servers:
  suesskartoffel:
    ipv4: 10.37.1.4
    ipv6: fd37:b4dc:4b1e::a25:104
+
+legacy_gateways:
+  - ingwer
+  - lotuswurzel
+  - spinat
--- a/roles/git-repos/vars/main.yml
+++ b/roles/git-repos/vars/main.yml
@ -2,7 +2,7 @@
 common_repos:
  backend-scripts:
    repo_url: https://github.com/freifunk-mwu/backend-scripts.git
-    version: drop-photon
+    version: ansible
  icvpn-meta:
    repo_url: https://github.com/freifunk/icvpn-meta.git
    version: master
--- a/roles/server-basic/tasks/main.yml
+++ b/roles/server-basic/tasks/main.yml
@ -13,3 +13,11 @@
 - name: set timezone to Europe/Berlin
  timezone:
    name: Europe/Berlin
+
+- name: create ffmwu custom config dir
+  file:
+    path: /home/admin/.config
+    state: directory
+    owner: admin
+    group: admin
+    mode: 0750
--- a/roles/service-fastd-mesh/tasks/main.yml
+++ b/roles/service-fastd-mesh/tasks/main.yml
@ -112,6 +112,14 @@
    mode: 0644
  notify: reload systemd

+- name: write configuration for fastd-peer-limit-update script
+  template:
+    src: fastd_peer_limit_config.yaml.j2
+    dest: /home/admin/.config/fastd_peer_limit_config.yaml
+    owner: admin
+    group: admin
+    mode: 0644
+
 - name: write systemd unit fastd-peer-limit-update.service
  template:
    src: fastd-peer-limit-update.service.j2
--- a/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2
+++ b/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2
@ -0,0 +1,26 @@
+#
+# {{ ansible_managed }}
+#
+ansible_gate: True
+additional: 8
+fastd_instances:
+{% for mesh in meshes %}
+{% for instance in mesh.fastd.nodes.instances %}
+  - {{ mesh.id }}VPN-{{ instance.mtu }}
+{% endfor %}
+{% endfor %}
+cronlog: '/home/admin/.cronlog/limit.%s.log'
+fastd_config: '/etc/fastd/%s/peer_limit.conf'
+fastd_status: '/usr/local/bin/fastd-status'
+gateways:
+{% for gateway in groups['ffmwu-gateways'] %}
+  - {{ gateway.rstrip('.freifunk-mwu.de') }}
+{% endfor %}
+{% for gateway in legacy_gateways %}
+  - {{ gateway }}
+{% endfor %}
+restart_max: 43200
+stat: 'fastd_status.json'
+stat_ext: 'http://%s.freifunk-mwu.de/%s'
+stat_local: '/var/www/html/%s'
+timeout: 900
--- a/roles/service-fastd/files/fastd-status
+++ b/roles/service-fastd/files/fastd-status
@ -0,0 +1,17 @@
+#!/usr/bin/perl -w
+
+use strict;
+
+use IO::Socket::UNIX qw( SOCK_STREAM );
+
+$ARGV[0] or die("Usage: fastd-status <socket>\n");
+
+my $socket = IO::Socket::UNIX->new(
+   Type => SOCK_STREAM,
+   Peer => $ARGV[0],
+)
+   or die("Can't connect to server: $!\n");
+
+foreach my $line (<$socket>) {
+        print $line;
+}
--- a/roles/service-fastd/tasks/main.yml
+++ b/roles/service-fastd/tasks/main.yml
@ -20,3 +20,11 @@
    group: root
    mode: 0644
  notify: reload systemd
+
+- name: copy fastd status script
+  copy:
+    src: fastd-status
+    dest: /usr/local/bin/fastd-status
+    owner: root
+    group: root
+    mode: 0755