Restructure service-fastd roles

- migrate role git-fastd-peers
- add role service-fastd
- add repo clone for ffbin peers (currently hardcoded)
- add role dependency to role service-fastd-mesh +
service-fastd-intragate
- add systemd handlers
This commit is contained in:
Tobias Hachmer 2017-10-03 20:25:17 +02:00
parent 01af6903e6
commit 3ee405bdf2
14 changed files with 123 additions and 78 deletions

View file

@ -15,10 +15,10 @@
- network-meshbridge - network-meshbridge
- service-dhcpd - service-dhcpd
- service-radvd - service-radvd
- network-fastd
- service-fastd
- service-fastd-mesh - service-fastd-mesh
- service-fastd-intragate - service-fastd-intragate
- git-fastd-peers
- network-fastd
- network-iptables-gateway - network-iptables-gateway
- network-ffrl - network-ffrl
- service-tinc - service-tinc

View file

@ -1,21 +0,0 @@
# Ansible role git-fastd-peers
Diese Ansible role hängt von der role service-fastd-mesh bzw. service-fastd-intragate ab und sollte danach ausgeführt werden.
- installiert die erforderlichen git Pakete
- erstellt die erforderlichen peers Ordner
- klont die fastd peer repos
## Abhängigkeiten:
- service-fastd-*
## Benötigte Variablen
- Dictionary `meshes`
```
meshes:
xx:
...
peers_mesh_repo: # String - https Link zum Github Repository
peers_intragate_repo: # String - https Link zum Github Repository
´´´

View file

@ -1,43 +0,0 @@
---
- name: install git packages
apt:
name: "{{ item }}"
state: present
with_items:
- git
- name: create fastd peer mesh directories
file:
path: "/etc/fastd/{{ item.key }}VPN/peers"
state: directory
mode: 0755
owner: admin
group: admin
with_dict: "{{ meshes }}"
- name: create fastd peer intragate directories
file:
path: "/etc/fastd/{{ item.key }}igVPN/peers"
state: directory
mode: 0755
owner: admin
group: admin
with_dict: "{{ meshes }}"
- name: clone fastd peer mesh repos
git:
repo: "{{ item.value.peers_mesh_repo }}"
dest: "/etc/fastd/{{ item.key }}VPN/peers"
version: master
update: no
with_dict: "{{ meshes }}"
become: false
- name: clone fastd peer intragate repos
git:
repo: "{{ item.value.peers_intragate_repo }}"
dest: "/etc/fastd/{{ item.key }}igVPN/peers"
version: master
update: no
with_dict: "{{ meshes }}"
become: false

View file

@ -1,13 +1,14 @@
# Ansible role service-fastd-intragate # Ansible role service-fastd-intragate
Diese Ansible role installiert und konfiguriert die fastd-Instanz für die Intra-Server Kommunikation. Diese Ansible role konfiguriert die fastd-Instanz für die Intra-Server Kommunikation.
- installiert fastd
- konfiguriert xxigVPN-Instanzen - konfiguriert xxigVPN-Instanzen
- stellt sicher, dass die Instanz-Verzeichnisse existieren - stellt sicher, dass die Instanz-Verzeichnisse existieren
- schreibt fastd.conf - schreibt fastd.conf
- schreibt secret.conf - schreibt secret.conf
- der private fastd Schlüssel wird aus dem Admin passwordstore gelesen (YAML key secret) - der private fastd Schlüssel wird aus dem Admin passwordstore gelesen (YAML key secret)
- erstellt die erforderlichen peers Ordner
- klont die fastd peer repos
## Benötigte Variablen ## Benötigte Variablen
@ -17,6 +18,8 @@ meshes:
xx: xx:
... ...
site_number: # integer site_number: # integer
peers_mesh_repo: # String - https Link zum Github Repository
peers_intragate_repo: # String - https Link zum Github Repository
´´´ ´´´
- Dictionary `fastd_secrets` (Host-Variable) - Dictionary `fastd_secrets` (Host-Variable)
´´´ ´´´
@ -36,3 +39,7 @@ Das Dictionary `fastd_secrets` folgt dem Aufbau:
fastd_secrets: fastd_secrets:
$Instanz-Name: "{{ lookup('passwordstore', '$Pfad-im-passwordstore subkey=secret') }}" $Instanz-Name: "{{ lookup('passwordstore', '$Pfad-im-passwordstore subkey=secret') }}"
``` ```
## Abhängigkeiten
- role `service-fastd`

View file

@ -0,0 +1,6 @@
---
- name: restart fastd intragate instances
systemd:
name: "fastd@{{ item.key }}igVPN"
state: restarted
with_dict: "{{ meshes }}"

View file

@ -0,0 +1,3 @@
---
dependencies:
- { role: service-fastd }

View file

@ -1,8 +1,9 @@
--- ---
- name: install fastd packages - name: configure systemd unit fastd@
apt: systemd:
name: fastd name: "fastd@{{ item.key }}igVPN"
state: present enabled: yes
with_dict: "{{ meshes }}"
- name: create fastd intragate directories - name: create fastd intragate directories
file: file:
@ -11,14 +12,34 @@
mode: 0755 mode: 0755
with_dict: "{{ meshes }}" with_dict: "{{ meshes }}"
- name: create fastd peer intragate directories
file:
path: "/etc/fastd/{{ item.key }}igVPN/peers"
state: directory
mode: 0755
owner: admin
group: admin
with_dict: "{{ meshes }}"
- name: clone fastd peer intragate repos
git:
repo: "{{ item.value.peers_intragate_repo }}"
dest: "/etc/fastd/{{ item.key }}igVPN/peers"
version: master
update: no
with_dict: "{{ meshes }}"
become: false
- name: template fastd mesh config - name: template fastd mesh config
template: template:
src: fastd-intragate.conf.j2 src: fastd-intragate.conf.j2
dest: "/etc/fastd/{{ item.key }}igVPN/fastd.conf" dest: "/etc/fastd/{{ item.key }}igVPN/fastd.conf"
notify: restart fastd intragate instances
with_dict: "{{ meshes }}" with_dict: "{{ meshes }}"
- name: write fastd intragate secret - name: write fastd intragate secret
template: template:
src: fastd-secret.conf.j2 src: fastd-secret.conf.j2
dest: "/etc/fastd/{{ item.key }}igVPN/secret.conf" dest: "/etc/fastd/{{ item.key }}igVPN/secret.conf"
notify: restart fastd intragate instances
with_dict: "{{ meshes }}" with_dict: "{{ meshes }}"

View file

@ -1,13 +1,15 @@
# Ansible role service-fastd-mesh # Ansible role service-fastd-mesh
Diese Ansible role installiert und konfiguriert die fastd-Instanz für die Knoten Kommunikation. Diese Ansible role konfiguriert die fastd-Instanz für die Knoten Kommunikation.
- installiert fastd
- konfiguriert xxVPN-Instanzen - konfiguriert xxVPN-Instanzen
- stellt sicher, dass die Instanz-Verzeichnisse existieren - stellt sicher, dass die Instanz-Verzeichnisse existieren
- schreibt fastd.conf - schreibt fastd.conf
- schreibt secret.conf - schreibt secret.conf
- der private fastd Schlüssel wird aus dem Admin passwordstore gelesen (YAML key secret) - der private fastd Schlüssel wird aus dem Admin passwordstore gelesen (YAML key secret)
- erstellt die erforderlichen peers Ordner
- klont die fastd peer repos
- klont bingener fastd peer repo (im Moment hardcoded)
## Benötigte Variablen ## Benötigte Variablen
@ -17,6 +19,8 @@ meshes:
xx: xx:
... ...
site_number: # integer site_number: # integer
peers_mesh_repo: # String - https Link zum Github Repository
peers_intragate_repo: # String - https Link zum Github Repository
´´´ ´´´
- Dictionary `fastd_secrets` (Host-Variable) - Dictionary `fastd_secrets` (Host-Variable)
´´´ ´´´
@ -36,3 +40,7 @@ Das Dictionary `fastd_secrets` folgt dem Aufbau:
fastd_secrets: fastd_secrets:
$Instanz-Name: "{{ lookup('passwordstore', '$Pfad-im-passwordstore subkey=secret') }}" $Instanz-Name: "{{ lookup('passwordstore', '$Pfad-im-passwordstore subkey=secret') }}"
``` ```
## Abhängigkeiten
- role `service-fastd`

View file

@ -0,0 +1,6 @@
---
- name: restart fastd mesh instances
systemd:
name: "fastd@{{ item.key }}VPN"
state: restarted
with_dict: "{{ meshes }}"

View file

@ -0,0 +1,3 @@
---
dependencies:
- { role: service-fastd }

View file

@ -1,8 +1,9 @@
--- ---
- name: install fastd packages - name: configure systemd unit fastd@
apt: systemd:
name: fastd name: "fastd@{{ item.key }}VPN"
state: present enabled: yes
with_dict: "{{ meshes }}"
- name: create fastd directories - name: create fastd directories
file: file:
@ -11,14 +12,50 @@
mode: 0755 mode: 0755
with_dict: "{{ meshes }}" with_dict: "{{ meshes }}"
- name: create fastd peer mesh directories
file:
path: "/etc/fastd/{{ item.key }}VPN/peers"
state: directory
mode: 0755
owner: admin
group: admin
with_dict: "{{ meshes }}"
- name: create fastd peer mesh directories for ffbin
file:
path: "/etc/fastd/mzVPN/peers_bingen"
state: directory
mode: 0755
owner: admin
group: admin
- name: clone fastd peer mesh repos
git:
repo: "{{ item.value.peers_mesh_repo }}"
dest: "/etc/fastd/{{ item.key }}VPN/peers"
version: master
update: no
with_dict: "{{ meshes }}"
become: false
- name: clone fastd peer mesh repo for ffbin
git:
repo: https://github.com/freifunk-bingen/peers-ffbin.git
dest: /etc/fastd/mzVPN/peers_bingen
version: master
update: no
become: false
- name: template fastd mesh config - name: template fastd mesh config
template: template:
src: fastd-mesh.conf.j2 src: fastd-mesh.conf.j2
dest: "/etc/fastd/{{ item.key }}VPN/fastd.conf" dest: "/etc/fastd/{{ item.key }}VPN/fastd.conf"
notify: restart fastd mesh instances
with_dict: "{{ meshes }}" with_dict: "{{ meshes }}"
- name: write fastd mesh secret - name: write fastd mesh secret
template: template:
src: fastd-secret.conf.j2 src: fastd-secret.conf.j2
dest: "/etc/fastd/{{ item.key }}VPN/secret.conf" dest: "/etc/fastd/{{ item.key }}VPN/secret.conf"
notify: restart fastd mesh instances
with_dict: "{{ meshes }}" with_dict: "{{ meshes }}"

View file

@ -0,0 +1,5 @@
# Ansible role service-fastd
Diese Ansible role installiert die erforderlichen Pakete für die fastd Rollen.
- installiert fastd + git

View file

@ -0,0 +1,4 @@
---
- name: reload systemd
systemd:
daemon_reload: yes

View file

@ -0,0 +1,9 @@
---
- name: install fastd packages
apt:
name: "{{ item }}"
state: present
notify: reload systemd
with_items:
- fastd
- git