Revert "Role service-fastd-mesh: update fastd peer limit method"

This reverts commit 7bb4c241e2.
This commit is contained in:
Julian Labus 2019-03-18 16:11:34 +01:00
parent 483f49bba4
commit 3e297ed09f
No known key found for this signature in database
GPG key ID: 8AF209F2C6B3572A
6 changed files with 69 additions and 32 deletions

View file

@ -6,6 +6,24 @@
mode: 0755 mode: 0755
loop: "{{ meshes | subelements('fastd.nodes.instances') }}" loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
- name: create fastd peer mesh directories
file:
path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers"
state: directory
mode: 0755
owner: admin
group: admin
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
- name: clone fastd peer mesh repos
git:
repo: "{{ item.1.peers.repo }}"
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers"
version: "{{ item.1.peers.version }}"
update: no
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
become: false
- name: template fastd mesh config - name: template fastd mesh config
template: template:
src: fastd-mesh.conf.j2 src: fastd-mesh.conf.j2
@ -21,21 +39,25 @@
notify: restart fastd mesh instances notify: restart fastd mesh instances
loop: "{{ meshes | subelements('fastd.nodes.instances') }}" loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
- name: create peer_limit.txt if not exist - name: copy peer_limit.conf if not exist
copy: copy:
content: "" src: peer_limit.conf
dest: "/etc/fastd/peer_limit.txt" dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf"
owner: admin owner: admin
group: admin group: admin
mode: 0640 mode: 0640
force: no force: no
notify: restart fastd mesh instances
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
- name: set file attributes for peer_limit.txt - name: set file attributes for peer_limit.conf
file: file:
path: "/etc/fastd/peer_limit.txt" path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf"
mode: 0640 mode: 0640
owner: admin owner: admin
group: admin group: admin
notify: restart fastd mesh instances
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
- name: write systemd unit fastd-sync-meshkeys.service - name: write systemd unit fastd-sync-meshkeys.service
template: template:
@ -55,10 +77,18 @@
mode: 0644 mode: 0644
notify: reload systemd notify: reload systemd
- name: create fastd_status.json file
file:
path: /var/www/html/fastd_status.json
state: touch
owner: admin
group: admin
mode: 0644
- name: write configuration for fastd-peer-limit-update script - name: write configuration for fastd-peer-limit-update script
template: template:
src: fastd_peer_limit.yaml.j2 src: fastd_peer_limit_config.yaml.j2
dest: /home/admin/.ffmwu-config/fastd_peer_limit.yaml dest: /home/admin/.ffmwu-config/fastd_peer_limit_config.yaml
owner: admin owner: admin
group: admin group: admin
mode: 0644 mode: 0644

View file

@ -19,8 +19,11 @@ bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.
include "secret.conf"; include "secret.conf";
mtu {{ item.1.mtu }}; mtu {{ item.1.mtu }};
peer group "vpn_nodes" {
include "peer_limit.conf";
include peers from "peers";
}
on up "/bin/systemctl reload networking"; on up "/bin/systemctl reload networking";
on verify "/home/admin/clones/backend-scripts/verify_fastd_peers_gw.py $PEER_KEY";
status socket "/var/run/fastd-{{ item.0.id }}vpn-{{ item.1.mtu }}.status"; status socket "/var/run/fastd-{{ item.0.id }}vpn-{{ item.1.mtu }}.status";

View file

@ -6,7 +6,7 @@ Description=Update fastd mesh peers repos timer
[Timer] [Timer]
OnBootSec=5m OnBootSec=5m
OnUnitActiveSec=5m OnUnitActiveSec=15m
[Install] [Install]
WantedBy=timers.target WantedBy=timers.target

View file

@ -13,12 +13,10 @@ server {
allow 127.0.0.0/8; allow 127.0.0.0/8;
allow ::1/128; allow ::1/128;
{% for group in prometheus_groups %} {% for host in groups['ffmwu-monitoring'] %}
{% for host in groups[group] %}
allow {{ lookup('dig', host, 'qtype=A') }}; allow {{ lookup('dig', host, 'qtype=A') }};
allow {{ lookup('dig', host, 'qtype=AAAA') }}; allow {{ lookup('dig', host, 'qtype=AAAA') }};
{% endfor %}
{% endfor %}
deny all; deny all;
{% endfor %}
} }
} }

View file

@ -1,18 +0,0 @@
#
# {{ ansible_managed }}
#
additional: 16
metrics_url: 'https://%s.freifunk-mwu.de:9281/metrics'
limit_file: '/etc/fastd/peer_limit'
fastd_instances:
{% for mesh in meshes %}
{% for instance in mesh.fastd.nodes.instances %}
- {{ mesh.id }}vpn-{{ instance.mtu }}
{% endfor %}
{% endfor %}
gateways:
{% for gateway in groups['ffmwu-gateways'] %}
- {{ gateway.rsplit('.freifunk-mwu.de')[0] }}
{% endfor %}
fetch_timeout: 10

View file

@ -0,0 +1,24 @@
#
# {{ ansible_managed }}
#
ansible_gate: True
additional: 8
fastd_instances:
{% for mesh in meshes %}
{% for instance in mesh.fastd.nodes.instances %}
- {{ mesh.id }}vpn-{{ instance.mtu }}
{% endfor %}
{% endfor %}
cronlog: '/home/admin/.cronlog/limit.%s.log'
fastd_config: '/etc/fastd/%s/peer_limit.conf'
fastd_status: '/usr/local/bin/fastd-status'
gateways:
{% for gateway in groups['ffmwu-gateways'] %}
- {{ gateway.rsplit('.freifunk-mwu.de')[0] }}
{% endfor %}
restart_max: 43200
stat: 'fastd_status.json'
stat_ext: 'http://%s.freifunk-mwu.de/%s'
stat_local: '/var/www/html/%s'
remote_fetch_timeout: 10
remote_data_timeout: 900