From 3ee405bdf2fe4cb2d28ffc2ee38830d44394ecc0 Mon Sep 17 00:00:00 2001 From: Tobias Hachmer Date: Tue, 3 Oct 2017 20:25:17 +0200 Subject: [PATCH] Restructure service-fastd roles - migrate role git-fastd-peers - add role service-fastd - add repo clone for ffbin peers (currently hardcoded) - add role dependency to role service-fastd-mesh + service-fastd-intragate - add systemd handlers --- playbooks/gateways.yml | 4 +- roles/git-fastd-peers/README.md | 21 --------- roles/git-fastd-peers/tasks/main.yml | 43 ------------------ roles/service-fastd-intragate/README.md | 11 ++++- .../service-fastd-intragate/handlers/main.yml | 6 +++ roles/service-fastd-intragate/meta/main.yml | 3 ++ roles/service-fastd-intragate/tasks/main.yml | 29 ++++++++++-- roles/service-fastd-mesh/README.md | 12 ++++- roles/service-fastd-mesh/handlers/main.yml | 6 +++ roles/service-fastd-mesh/meta/main.yml | 3 ++ roles/service-fastd-mesh/tasks/main.yml | 45 +++++++++++++++++-- roles/service-fastd/README.md | 5 +++ roles/service-fastd/handlers/main.yml | 4 ++ roles/service-fastd/tasks/main.yml | 9 ++++ 14 files changed, 123 insertions(+), 78 deletions(-) delete mode 100644 roles/git-fastd-peers/README.md delete mode 100644 roles/git-fastd-peers/tasks/main.yml create mode 100644 roles/service-fastd-intragate/handlers/main.yml create mode 100644 roles/service-fastd-intragate/meta/main.yml create mode 100644 roles/service-fastd-mesh/handlers/main.yml create mode 100644 roles/service-fastd-mesh/meta/main.yml create mode 100644 roles/service-fastd/README.md create mode 100644 roles/service-fastd/handlers/main.yml create mode 100644 roles/service-fastd/tasks/main.yml diff --git a/playbooks/gateways.yml b/playbooks/gateways.yml index d60c0c1..7f9a8f9 100755 --- a/playbooks/gateways.yml +++ b/playbooks/gateways.yml @@ -15,10 +15,10 @@ - network-meshbridge - service-dhcpd - service-radvd + - network-fastd + - service-fastd - service-fastd-mesh - service-fastd-intragate - - git-fastd-peers - - network-fastd - network-iptables-gateway - network-ffrl - service-tinc diff --git a/roles/git-fastd-peers/README.md b/roles/git-fastd-peers/README.md deleted file mode 100644 index 0f1ed05..0000000 --- a/roles/git-fastd-peers/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# Ansible role git-fastd-peers -Diese Ansible role hängt von der role service-fastd-mesh bzw. service-fastd-intragate ab und sollte danach ausgeführt werden. - -- installiert die erforderlichen git Pakete -- erstellt die erforderlichen peers Ordner -- klont die fastd peer repos - -## Abhängigkeiten: -- service-fastd-* - -## Benötigte Variablen -- Dictionary `meshes` -``` -meshes: - xx: -... - peers_mesh_repo: # String - https Link zum Github Repository - peers_intragate_repo: # String - https Link zum Github Repository - -´´´ - diff --git a/roles/git-fastd-peers/tasks/main.yml b/roles/git-fastd-peers/tasks/main.yml deleted file mode 100644 index 98eff5d..0000000 --- a/roles/git-fastd-peers/tasks/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: install git packages - apt: - name: "{{ item }}" - state: present - with_items: - - git - -- name: create fastd peer mesh directories - file: - path: "/etc/fastd/{{ item.key }}VPN/peers" - state: directory - mode: 0755 - owner: admin - group: admin - with_dict: "{{ meshes }}" - -- name: create fastd peer intragate directories - file: - path: "/etc/fastd/{{ item.key }}igVPN/peers" - state: directory - mode: 0755 - owner: admin - group: admin - with_dict: "{{ meshes }}" - -- name: clone fastd peer mesh repos - git: - repo: "{{ item.value.peers_mesh_repo }}" - dest: "/etc/fastd/{{ item.key }}VPN/peers" - version: master - update: no - with_dict: "{{ meshes }}" - become: false - -- name: clone fastd peer intragate repos - git: - repo: "{{ item.value.peers_intragate_repo }}" - dest: "/etc/fastd/{{ item.key }}igVPN/peers" - version: master - update: no - with_dict: "{{ meshes }}" - become: false diff --git a/roles/service-fastd-intragate/README.md b/roles/service-fastd-intragate/README.md index 0e10d0e..640e05f 100644 --- a/roles/service-fastd-intragate/README.md +++ b/roles/service-fastd-intragate/README.md @@ -1,13 +1,14 @@ # Ansible role service-fastd-intragate -Diese Ansible role installiert und konfiguriert die fastd-Instanz für die Intra-Server Kommunikation. +Diese Ansible role konfiguriert die fastd-Instanz für die Intra-Server Kommunikation. -- installiert fastd - konfiguriert xxigVPN-Instanzen - stellt sicher, dass die Instanz-Verzeichnisse existieren - schreibt fastd.conf - schreibt secret.conf - der private fastd Schlüssel wird aus dem Admin passwordstore gelesen (YAML key secret) +- erstellt die erforderlichen peers Ordner +- klont die fastd peer repos ## Benötigte Variablen @@ -17,6 +18,8 @@ meshes: xx: ... site_number: # integer + peers_mesh_repo: # String - https Link zum Github Repository + peers_intragate_repo: # String - https Link zum Github Repository ´´´ - Dictionary `fastd_secrets` (Host-Variable) ´´´ @@ -36,3 +39,7 @@ Das Dictionary `fastd_secrets` folgt dem Aufbau: fastd_secrets: $Instanz-Name: "{{ lookup('passwordstore', '$Pfad-im-passwordstore subkey=secret') }}" ``` + +## Abhängigkeiten + +- role `service-fastd` diff --git a/roles/service-fastd-intragate/handlers/main.yml b/roles/service-fastd-intragate/handlers/main.yml new file mode 100644 index 0000000..4f95a98 --- /dev/null +++ b/roles/service-fastd-intragate/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart fastd intragate instances + systemd: + name: "fastd@{{ item.key }}igVPN" + state: restarted + with_dict: "{{ meshes }}" diff --git a/roles/service-fastd-intragate/meta/main.yml b/roles/service-fastd-intragate/meta/main.yml new file mode 100644 index 0000000..d0f177f --- /dev/null +++ b/roles/service-fastd-intragate/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: service-fastd } diff --git a/roles/service-fastd-intragate/tasks/main.yml b/roles/service-fastd-intragate/tasks/main.yml index 4228108..b311fa3 100644 --- a/roles/service-fastd-intragate/tasks/main.yml +++ b/roles/service-fastd-intragate/tasks/main.yml @@ -1,8 +1,9 @@ --- -- name: install fastd packages - apt: - name: fastd - state: present +- name: configure systemd unit fastd@ + systemd: + name: "fastd@{{ item.key }}igVPN" + enabled: yes + with_dict: "{{ meshes }}" - name: create fastd intragate directories file: @@ -11,14 +12,34 @@ mode: 0755 with_dict: "{{ meshes }}" +- name: create fastd peer intragate directories + file: + path: "/etc/fastd/{{ item.key }}igVPN/peers" + state: directory + mode: 0755 + owner: admin + group: admin + with_dict: "{{ meshes }}" + +- name: clone fastd peer intragate repos + git: + repo: "{{ item.value.peers_intragate_repo }}" + dest: "/etc/fastd/{{ item.key }}igVPN/peers" + version: master + update: no + with_dict: "{{ meshes }}" + become: false + - name: template fastd mesh config template: src: fastd-intragate.conf.j2 dest: "/etc/fastd/{{ item.key }}igVPN/fastd.conf" + notify: restart fastd intragate instances with_dict: "{{ meshes }}" - name: write fastd intragate secret template: src: fastd-secret.conf.j2 dest: "/etc/fastd/{{ item.key }}igVPN/secret.conf" + notify: restart fastd intragate instances with_dict: "{{ meshes }}" diff --git a/roles/service-fastd-mesh/README.md b/roles/service-fastd-mesh/README.md index a3e414a..5a116cc 100644 --- a/roles/service-fastd-mesh/README.md +++ b/roles/service-fastd-mesh/README.md @@ -1,13 +1,15 @@ # Ansible role service-fastd-mesh -Diese Ansible role installiert und konfiguriert die fastd-Instanz für die Knoten Kommunikation. +Diese Ansible role konfiguriert die fastd-Instanz für die Knoten Kommunikation. -- installiert fastd - konfiguriert xxVPN-Instanzen - stellt sicher, dass die Instanz-Verzeichnisse existieren - schreibt fastd.conf - schreibt secret.conf - der private fastd Schlüssel wird aus dem Admin passwordstore gelesen (YAML key secret) +- erstellt die erforderlichen peers Ordner +- klont die fastd peer repos +- klont bingener fastd peer repo (im Moment hardcoded) ## Benötigte Variablen @@ -17,6 +19,8 @@ meshes: xx: ... site_number: # integer + peers_mesh_repo: # String - https Link zum Github Repository + peers_intragate_repo: # String - https Link zum Github Repository ´´´ - Dictionary `fastd_secrets` (Host-Variable) ´´´ @@ -36,3 +40,7 @@ Das Dictionary `fastd_secrets` folgt dem Aufbau: fastd_secrets: $Instanz-Name: "{{ lookup('passwordstore', '$Pfad-im-passwordstore subkey=secret') }}" ``` + +## Abhängigkeiten + +- role `service-fastd` diff --git a/roles/service-fastd-mesh/handlers/main.yml b/roles/service-fastd-mesh/handlers/main.yml new file mode 100644 index 0000000..567648e --- /dev/null +++ b/roles/service-fastd-mesh/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart fastd mesh instances + systemd: + name: "fastd@{{ item.key }}VPN" + state: restarted + with_dict: "{{ meshes }}" diff --git a/roles/service-fastd-mesh/meta/main.yml b/roles/service-fastd-mesh/meta/main.yml new file mode 100644 index 0000000..d0f177f --- /dev/null +++ b/roles/service-fastd-mesh/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: service-fastd } diff --git a/roles/service-fastd-mesh/tasks/main.yml b/roles/service-fastd-mesh/tasks/main.yml index cf0036a..0e2c3c9 100644 --- a/roles/service-fastd-mesh/tasks/main.yml +++ b/roles/service-fastd-mesh/tasks/main.yml @@ -1,8 +1,9 @@ --- -- name: install fastd packages - apt: - name: fastd - state: present +- name: configure systemd unit fastd@ + systemd: + name: "fastd@{{ item.key }}VPN" + enabled: yes + with_dict: "{{ meshes }}" - name: create fastd directories file: @@ -11,14 +12,50 @@ mode: 0755 with_dict: "{{ meshes }}" +- name: create fastd peer mesh directories + file: + path: "/etc/fastd/{{ item.key }}VPN/peers" + state: directory + mode: 0755 + owner: admin + group: admin + with_dict: "{{ meshes }}" + +- name: create fastd peer mesh directories for ffbin + file: + path: "/etc/fastd/mzVPN/peers_bingen" + state: directory + mode: 0755 + owner: admin + group: admin + +- name: clone fastd peer mesh repos + git: + repo: "{{ item.value.peers_mesh_repo }}" + dest: "/etc/fastd/{{ item.key }}VPN/peers" + version: master + update: no + with_dict: "{{ meshes }}" + become: false + +- name: clone fastd peer mesh repo for ffbin + git: + repo: https://github.com/freifunk-bingen/peers-ffbin.git + dest: /etc/fastd/mzVPN/peers_bingen + version: master + update: no + become: false + - name: template fastd mesh config template: src: fastd-mesh.conf.j2 dest: "/etc/fastd/{{ item.key }}VPN/fastd.conf" + notify: restart fastd mesh instances with_dict: "{{ meshes }}" - name: write fastd mesh secret template: src: fastd-secret.conf.j2 dest: "/etc/fastd/{{ item.key }}VPN/secret.conf" + notify: restart fastd mesh instances with_dict: "{{ meshes }}" diff --git a/roles/service-fastd/README.md b/roles/service-fastd/README.md new file mode 100644 index 0000000..345c9be --- /dev/null +++ b/roles/service-fastd/README.md @@ -0,0 +1,5 @@ +# Ansible role service-fastd + +Diese Ansible role installiert die erforderlichen Pakete für die fastd Rollen. + +- installiert fastd + git diff --git a/roles/service-fastd/handlers/main.yml b/roles/service-fastd/handlers/main.yml new file mode 100644 index 0000000..bb7fde2 --- /dev/null +++ b/roles/service-fastd/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: reload systemd + systemd: + daemon_reload: yes diff --git a/roles/service-fastd/tasks/main.yml b/roles/service-fastd/tasks/main.yml new file mode 100644 index 0000000..3d71fab --- /dev/null +++ b/roles/service-fastd/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: install fastd packages + apt: + name: "{{ item }}" + state: present + notify: reload systemd + with_items: + - fastd + - git