diff --git a/Readme.md b/Readme.md index fd26284..e086604 100644 --- a/Readme.md +++ b/Readme.md @@ -3,7 +3,7 @@ Wir, die Freifunk MWU Community, nutzen Ansible um unsere Freifunk Server aufzusetzen und zu konfigurieren. In diesem Repository verwalten wir unsere Ansible Roles und Playbooks. -Ein Server muss minimal vorbereitet sein, bevor dieser per Ansible z.B. zu einem Freifunk-Gateway gemacht werden +Ein Server muss minimal vorbereitet sein, bevor dieser per Ansible z.B. zu einem Freifunk-Gateway gemacht werden kann. Die folgenden Voraussetzungen müssen erfüllt sein: - Ein dedizierter (v)server muss existieren und unter einer IPv4- und einer IPv6-Adresse öffentlich erreichbar sein. @@ -154,7 +154,7 @@ export PASSWORD_STORE_DIR=... ## Aufsetzen eines neuen Gateways -- FQDN im Inventory zur Gruppe ffmwu-gateways hinzufügen +- FQDN im Inventory zur Gruppe gateways hinzufügen - Host-Variablen setzen - inventory/host_vars/$FQDN diff --git a/inventory/ffmwu-servers b/inventory/buildservers similarity index 61% rename from inventory/ffmwu-servers rename to inventory/buildservers index b7b5ead..72da838 100644 --- a/inventory/ffmwu-servers +++ b/inventory/buildservers @@ -1,2 +1,2 @@ -[ffmwu-servers] +[buildservers] milchreis.freifunk-mwu.de diff --git a/inventory/ffmwu-dns b/inventory/dns similarity index 80% rename from inventory/ffmwu-dns rename to inventory/dns index b43d7c2..d8f5dfa 100644 --- a/inventory/ffmwu-dns +++ b/inventory/dns @@ -1,3 +1,3 @@ -[ffmwu-dns] +[dns] kichererbse.freifunk-mwu.de linse.freifunk-mwu.de diff --git a/inventory/ffmwu-gateways b/inventory/gateways similarity index 88% rename from inventory/ffmwu-gateways rename to inventory/gateways index 87694d6..f81fe44 100644 --- a/inventory/ffmwu-gateways +++ b/inventory/gateways @@ -1,4 +1,4 @@ -[ffmwu-gateways] +[gateways] ingwer.freifunk-mwu.de lotuswurzel.freifunk-mwu.de uffschnitt.freifunk-mwu.de diff --git a/inventory/group_vars/all b/inventory/group_vars/all index 6fe430f..c50f41f 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -34,9 +34,9 @@ public_prefixes: bgp_ipv4_transfer_net_legacy: 10.37.0.0/18 bgp_ipv6_transfer_net_legacy: fd37:b4dc:4b1e::/64 bgp_groups: - - ffmwu-gateways - - ffmwu-mesh-services - - ffmwu-monitoring + - gateways + - services + - monitoring wireguard_networks: - ipv4: 10.87.253.0/31 @@ -181,13 +181,13 @@ wireguard_networks: port: 50027 fastd_groups: - - ffmwu-gateways - - ffmwu-monitoring + - gateways + - monitoring prometheus_groups: - - ffmwu-gateways - - ffmwu-mesh-services - - ffmwu-monitoring + - gateways + - services + - monitoring node_exporter_opts: "--collector.systemd" diff --git a/inventory/group_vars/ffmwu-gateways b/inventory/group_vars/gateways similarity index 100% rename from inventory/group_vars/ffmwu-gateways rename to inventory/group_vars/gateways diff --git a/inventory/group_vars/ffmwu-monitoring b/inventory/group_vars/monitoring similarity index 100% rename from inventory/group_vars/ffmwu-monitoring rename to inventory/group_vars/monitoring diff --git a/inventory/group_vars/ffmwu-mesh-services b/inventory/group_vars/services similarity index 100% rename from inventory/group_vars/ffmwu-mesh-services rename to inventory/group_vars/services diff --git a/inventory/host_vars/kichererbse.freifunk-mwu.de b/inventory/host_vars/kichererbse.freifunk-mwu.de index a52e128..a57630a 100644 --- a/inventory/host_vars/kichererbse.freifunk-mwu.de +++ b/inventory/host_vars/kichererbse.freifunk-mwu.de @@ -1,5 +1,5 @@ --- -server_type: "mesh-service" +server_type: "service" magic: 67 diff --git a/inventory/host_vars/linse.freifunk-mwu.de b/inventory/host_vars/linse.freifunk-mwu.de index f51ebd5..5d890f4 100644 --- a/inventory/host_vars/linse.freifunk-mwu.de +++ b/inventory/host_vars/linse.freifunk-mwu.de @@ -1,5 +1,5 @@ --- -server_type: "mesh-service" +server_type: "service" magic: 71 diff --git a/inventory/ffmwu-monitoring b/inventory/monitoring similarity index 62% rename from inventory/ffmwu-monitoring rename to inventory/monitoring index f785b7a..58b1ed1 100644 --- a/inventory/ffmwu-monitoring +++ b/inventory/monitoring @@ -1,2 +1,2 @@ -[ffmwu-monitoring] +[monitoring] suesskartoffel.freifunk-mwu.de diff --git a/inventory/ffmwu-build-servers b/inventory/servers similarity index 54% rename from inventory/ffmwu-build-servers rename to inventory/servers index 515e960..34d3f9a 100644 --- a/inventory/ffmwu-build-servers +++ b/inventory/servers @@ -1,2 +1,2 @@ -[ffmwu-build-servers] +[servers] milchreis.freifunk-mwu.de diff --git a/inventory/ffmwu-mesh-services b/inventory/services similarity index 69% rename from inventory/ffmwu-mesh-services rename to inventory/services index 733f875..fde8e79 100644 --- a/inventory/ffmwu-mesh-services +++ b/inventory/services @@ -1,3 +1,3 @@ -[ffmwu-mesh-services] +[services] kichererbse.freifunk-mwu.de linse.freifunk-mwu.de diff --git a/inventory/test-vms b/inventory/test_vms similarity index 86% rename from inventory/test-vms rename to inventory/test_vms index 64d8c34..ced0775 100644 --- a/inventory/test-vms +++ b/inventory/test_vms @@ -1,2 +1,2 @@ -[test-vms] +[test_vms] local-test-vm.ffmwu.local ansible_host=192.168.137.7 require_dns=False diff --git a/playbooks/firmware-build-server.yml b/playbooks/buildservers.yml similarity index 89% rename from playbooks/firmware-build-server.yml rename to playbooks/buildservers.yml index ba82552..5d71575 100755 --- a/playbooks/firmware-build-server.yml +++ b/playbooks/buildservers.yml @@ -1,7 +1,7 @@ #!/usr/bin/ansible-playbook --- - name: Manage firmware buid servers - hosts: ffmwu-build-servers + hosts: buildservers roles: - prerequisites diff --git a/playbooks/gateways.yml b/playbooks/gateways.yml index 6a55030..3b450b7 100755 --- a/playbooks/gateways.yml +++ b/playbooks/gateways.yml @@ -1,7 +1,7 @@ #!/usr/bin/ansible-playbook --- - name: Manage Freifunk Gateways - hosts: ffmwu-gateways + hosts: gateways roles: - prerequisites diff --git a/playbooks/monitoring.yml b/playbooks/monitoring.yml index 89daf78..530f7fe 100755 --- a/playbooks/monitoring.yml +++ b/playbooks/monitoring.yml @@ -1,7 +1,7 @@ #!/usr/bin/ansible-playbook --- - name: Manage Monitoring Server - hosts: ffmwu-monitoring + hosts: monitoring roles: - prerequisites diff --git a/playbooks/mesh-services.yml b/playbooks/services.yml similarity index 92% rename from playbooks/mesh-services.yml rename to playbooks/services.yml index d98727e..235cfc8 100755 --- a/playbooks/mesh-services.yml +++ b/playbooks/services.yml @@ -1,7 +1,7 @@ #!/usr/bin/ansible-playbook --- - name: Manage Mesh Services Servers. - hosts: ffmwu-mesh-services + hosts: services roles: - server-apt-repos diff --git a/playbooks/site.yml b/playbooks/site.yml index 8d02061..fdce524 100755 --- a/playbooks/site.yml +++ b/playbooks/site.yml @@ -2,6 +2,6 @@ --- - import_playbook: gateways.yml - import_playbook: monitoring.yml -- import_playbook: mesh-services.yml +- import_playbook: services.yml - import_playbook: dns.yml -- import_playbook: firmware-build-server.yml +- import_playbook: buildservers.yml diff --git a/roles/network-routing/tasks/main.yml b/roles/network-routing/tasks/main.yml index 75ea7d7..95e0b8b 100644 --- a/roles/network-routing/tasks/main.yml +++ b/roles/network-routing/tasks/main.yml @@ -61,7 +61,7 @@ loop: "{{ sysctl_settings_routing_basic }}" - name: set sysctl settings for ip forwarding - when: server_type == "gateway" or server_type == "mesh-service" or server_type == "monitoring" + when: server_type == "gateway" or server_type == "service" or server_type == "monitoring" sysctl: name: "{{ item.name }}" value: "{{ item.value }}" diff --git a/roles/server-basic/templates/apt-50unattended-upgrades.j2 b/roles/server-basic/templates/apt-50unattended-upgrades.j2 index e4f550b..f2ab006 100644 --- a/roles/server-basic/templates/apt-50unattended-upgrades.j2 +++ b/roles/server-basic/templates/apt-50unattended-upgrades.j2 @@ -40,13 +40,13 @@ Unattended-Upgrade::Origins-Pattern { "origin=Debian,codename=sid,archive=unstable"; "origin=Freifunk MWU,codename=${distro_codename},label=Freifunk MWU"; "origin=nginx,codename=${distro_codename},label=nginx,archive=stable"; -{% if 'ffmwu-monitoring' in group_names %} +{% if 'monitoring' in group_names %} "origin=yarn,codename=stable,archive=stable,label=yarn-stable"; "origin=Node Source,codename=${distro_codename},label=Node Source"; "origin=InfluxDB,codename=${distro_codename},label=InfluxDB"; "origin=grafana stable,codename=stable,archive=stable,label=grafana stable"; {% endif %} -{% if 'ffmwu-dns' in group_names %} +{% if 'dns' in group_names %} "origin=PowerDNS,label=PowerDNS"; {% endif %} }; diff --git a/roles/service-bird-lg/templates/lg.cfg.j2 b/roles/service-bird-lg/templates/lg.cfg.j2 index 4df906d..c5ac28a 100644 --- a/roles/service-bird-lg/templates/lg.cfg.j2 +++ b/roles/service-bird-lg/templates/lg.cfg.j2 @@ -8,20 +8,20 @@ BIND_IP = "127.0.0.1" BIND_PORT = 5001 PROXY = { -{% for host in groups["ffmwu-gateways"] %} +{% for host in groups["gateways"] %} "{{ host.rsplit('.freifunk-mwu.de')[0] }}" : 5000, {% endfor %} } # Used for bgpmap ROUTER_IP = { -{% for host in groups["ffmwu-gateways"] %} +{% for host in groups["gateways"] %} "{{ host.rsplit('.freifunk-mwu.de')[0] }}" : [ "{{ loopback_net_ipv4 | ipsubnet(32, hostvars[host]['magic']) | ipaddr('address') }}", "{{ loopback_net_ipv6 | ipaddr(hostvars[host]['magic']) | ipaddr('address') }}" ], {% endfor %} } AS_NUMBER = { -{% for host in groups["ffmwu-gateways"] %} +{% for host in groups["gateways"] %} "{{ host.rsplit('.freifunk-mwu.de')[0] }}" : "{{ as_private }}", {% endfor %} } diff --git a/roles/service-bird-lg/templates/lgproxy.cfg.j2 b/roles/service-bird-lg/templates/lgproxy.cfg.j2 index 0e18f52..558bb5c 100644 --- a/roles/service-bird-lg/templates/lgproxy.cfg.j2 +++ b/roles/service-bird-lg/templates/lgproxy.cfg.j2 @@ -6,7 +6,7 @@ LOG_LEVEL="WARNING" BIND_IP = "{{ loopback_net_ipv4 | ipsubnet(32, magic) | ipaddr('address') }}" BIND_PORT = 5000 -ACCESS_LIST = [ {% for host in groups["ffmwu-monitoring"] %}"{{ loopback_net_ipv4 | ipsubnet(32, hostvars[host]['magic']) | ipaddr('address') }}"{% if not loop.last %}, {% endif %}{% endfor %} ] +ACCESS_LIST = [ {% for host in groups["monitoring"] %}"{{ loopback_net_ipv4 | ipsubnet(32, hostvars[host]['magic']) | ipaddr('address') }}"{% if not loop.last %}, {% endif %}{% endfor %} ] # ??? IPV4_SOURCE = "10.207.0.37" diff --git a/roles/service-bird/templates/bird.conf.j2 b/roles/service-bird/templates/bird.conf.j2 index 6eb914a..98bbd3e 100644 --- a/roles/service-bird/templates/bird.conf.j2 +++ b/roles/service-bird/templates/bird.conf.j2 @@ -116,7 +116,7 @@ protocol kernel kernel_mwu { if is_mwu_loopback() then accept; reject; }; - merge paths yes limit {{ groups['ffmwu-gateways'] | length }}; + merge paths yes limit {{ groups['gateways'] | length }}; kernel table ipt_mwu; }; diff --git a/roles/service-bird/templates/bird6.conf.j2 b/roles/service-bird/templates/bird6.conf.j2 index e464c8a..c078c3e 100644 --- a/roles/service-bird/templates/bird6.conf.j2 +++ b/roles/service-bird/templates/bird6.conf.j2 @@ -98,13 +98,13 @@ protocol kernel kernel_mwu { {% else %} if is_mwu_anycast() then accept; {% endif %} -{% if server_type == "mesh-service" %} +{% if server_type == "service" %} if is_ula() then accept; {% endif %} if is_mwu_loopback() then accept; reject; }; - merge paths yes limit {{ groups['ffmwu-gateways'] | length }}; + merge paths yes limit {{ groups['gateways'] | length }}; kernel table ipt_mwu; }; diff --git a/roles/service-fastd-mesh/templates/fastd-limiter.yaml.j2 b/roles/service-fastd-mesh/templates/fastd-limiter.yaml.j2 index e21da6b..bb92680 100644 --- a/roles/service-fastd-mesh/templates/fastd-limiter.yaml.j2 +++ b/roles/service-fastd-mesh/templates/fastd-limiter.yaml.j2 @@ -10,7 +10,7 @@ fastd_keys: '{{ git_path }}/peers-ffmwu' key_ttl: 900 gateways: -{% for gateway in groups['ffmwu-gateways'] %} +{% for gateway in groups['gateways'] %} - {{ gateway.rsplit('.freifunk-mwu.de')[0] }} {% endfor %} diff --git a/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2 b/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2 index b1d2a46..0a52209 100644 --- a/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2 +++ b/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2 @@ -13,7 +13,7 @@ server { allow 127.0.0.0/8; allow ::1/128; -{% for group in ['ffmwu-monitoring', 'ffmwu-gateways'] %} +{% for group in ['monitoring', 'gateways'] %} {% for host in groups[group] %} allow {{ lookup('dig', host, 'qtype=A') }}; allow {{ lookup('dig', host, 'qtype=AAAA') }}; diff --git a/roles/service-prometheus/templates/node_exporter_vhost.conf.j2 b/roles/service-prometheus/templates/node_exporter_vhost.conf.j2 index 4cb277f..b70facc 100644 --- a/roles/service-prometheus/templates/node_exporter_vhost.conf.j2 +++ b/roles/service-prometheus/templates/node_exporter_vhost.conf.j2 @@ -13,7 +13,7 @@ server { allow 127.0.0.0/8; allow ::1/128; -{% for host in groups['ffmwu-monitoring'] %} +{% for host in groups['monitoring'] %} allow {{ lookup('dig', host, 'qtype=A') }}; allow {{ lookup('dig', host, 'qtype=AAAA') }}; deny all; diff --git a/roles/service-prometheus/templates/prometheus.yml.j2 b/roles/service-prometheus/templates/prometheus.yml.j2 index 6622a7a..326ed85 100644 --- a/roles/service-prometheus/templates/prometheus.yml.j2 +++ b/roles/service-prometheus/templates/prometheus.yml.j2 @@ -47,7 +47,7 @@ scrape_configs: scheme: "https" static_configs: - targets: -{% for host in groups['ffmwu-gateways'] %} +{% for host in groups['gateways'] %} - '{{ host }}:9281' {% endfor %} relabel_configs: