Restructure service-fastd roles

- migrate role git-fastd-peers - add role service-fastd - add repo clone for ffbin peers (currently hardcoded) - add role dependency to role service-fastd-mesh + service-fastd-intragate - add systemd handlers
2017-10-03 20:25:17 +02:00 · 2017-10-03 20:25:17 +02:00 · 3ee405bdf2
commit 3ee405bdf2
parent 01af6903e6
14 changed files with 123 additions and 78 deletions
--- a/playbooks/gateways.yml
+++ b/playbooks/gateways.yml
@ -15,10 +15,10 @@
    - network-meshbridge
    - service-dhcpd
    - service-radvd
+    - network-fastd
+    - service-fastd
    - service-fastd-mesh
    - service-fastd-intragate
-    - git-fastd-peers
-    - network-fastd
    - network-iptables-gateway
    - network-ffrl
    - service-tinc
--- a/roles/git-fastd-peers/README.md
+++ b/roles/git-fastd-peers/README.md
@ -1,21 +0,0 @@
-# Ansible role git-fastd-peers
-Diese Ansible role hängt von der role service-fastd-mesh bzw. service-fastd-intragate ab und sollte danach ausgeführt werden.
-
- installiert die erforderlichen git Pakete
- erstellt die erforderlichen peers Ordner
- klont die fastd peer repos
-
-## Abhängigkeiten:
- service-fastd-*
-
-## Benötigte Variablen
- Dictionary `meshes`
-```
-meshes:
-  xx:
-...
-    peers_mesh_repo: # String - https Link zum Github Repository
-    peers_intragate_repo: # String - https Link zum Github Repository
-
-´´´
-
--- a/roles/git-fastd-peers/tasks/main.yml
+++ b/roles/git-fastd-peers/tasks/main.yml
@ -1,43 +0,0 @@
---
- name: install git packages
-  apt:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - git
-
- name: create fastd peer mesh directories
-  file:
-    path: "/etc/fastd/{{ item.key }}VPN/peers"
-    state: directory
-    mode: 0755
-    owner: admin
-    group: admin
-  with_dict: "{{ meshes }}"
-
- name: create fastd peer intragate directories
-  file:
-    path: "/etc/fastd/{{ item.key }}igVPN/peers"
-    state: directory
-    mode: 0755
-    owner: admin
-    group: admin
-  with_dict: "{{ meshes }}"
-
- name: clone fastd peer mesh repos
-  git:
-    repo: "{{ item.value.peers_mesh_repo }}"
-    dest: "/etc/fastd/{{ item.key }}VPN/peers"
-    version: master
-    update: no
-  with_dict: "{{ meshes }}"
-  become: false
-
- name: clone fastd peer intragate repos
-  git:
-    repo: "{{ item.value.peers_intragate_repo }}"
-    dest: "/etc/fastd/{{ item.key }}igVPN/peers"
-    version: master
-    update: no
-  with_dict: "{{ meshes }}"
-  become: false
--- a/roles/service-fastd-intragate/README.md
+++ b/roles/service-fastd-intragate/README.md
@ -1,13 +1,14 @@
 # Ansible role service-fastd-intragate

-Diese Ansible role installiert und konfiguriert die fastd-Instanz für die Intra-Server Kommunikation.
+Diese Ansible role konfiguriert die fastd-Instanz für die Intra-Server Kommunikation.

- installiert fastd
 - konfiguriert xxigVPN-Instanzen
 - stellt sicher, dass die Instanz-Verzeichnisse existieren
 - schreibt fastd.conf
 - schreibt secret.conf
  - der private fastd Schlüssel wird aus dem Admin passwordstore gelesen (YAML key secret)
+- erstellt die erforderlichen peers Ordner
+- klont die fastd peer repos

 ## Benötigte Variablen

@ -17,6 +18,8 @@ meshes:
  xx:
 ...
    site_number: # integer
+    peers_mesh_repo: # String - https Link zum Github Repository
+    peers_intragate_repo: # String - https Link zum Github Repository
 ´´´
 - Dictionary `fastd_secrets` (Host-Variable)
 ´´´
@ -36,3 +39,7 @@ Das Dictionary `fastd_secrets` folgt dem Aufbau:
 fastd_secrets:
  $Instanz-Name: "{{ lookup('passwordstore', '$Pfad-im-passwordstore subkey=secret') }}"
 ```
+
+## Abhängigkeiten
+
+- role `service-fastd`
--- a/roles/service-fastd-intragate/handlers/main.yml
+++ b/roles/service-fastd-intragate/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: restart fastd intragate instances
+  systemd:
+    name: "fastd@{{ item.key }}igVPN"
+    state: restarted
+  with_dict: "{{ meshes }}"
--- a/roles/service-fastd-intragate/meta/main.yml
+++ b/roles/service-fastd-intragate/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: service-fastd }
--- a/roles/service-fastd-intragate/tasks/main.yml
+++ b/roles/service-fastd-intragate/tasks/main.yml
@ -1,8 +1,9 @@
 ---
- name: install fastd packages
-  apt:
-    name: fastd
-    state: present
+- name: configure systemd unit fastd@
+  systemd:
+    name: "fastd@{{ item.key }}igVPN"
+    enabled: yes
+  with_dict: "{{ meshes }}"

 - name: create fastd intragate directories
  file:
@ -11,14 +12,34 @@
    mode: 0755
  with_dict: "{{ meshes }}"

+- name: create fastd peer intragate directories
+  file:
+    path: "/etc/fastd/{{ item.key }}igVPN/peers"
+    state: directory
+    mode: 0755
+    owner: admin
+    group: admin
+  with_dict: "{{ meshes }}"
+
+- name: clone fastd peer intragate repos
+  git:
+    repo: "{{ item.value.peers_intragate_repo }}"
+    dest: "/etc/fastd/{{ item.key }}igVPN/peers"
+    version: master
+    update: no
+  with_dict: "{{ meshes }}"
+  become: false
+
 - name: template fastd mesh config
  template:
    src: fastd-intragate.conf.j2
    dest: "/etc/fastd/{{ item.key }}igVPN/fastd.conf"
+  notify: restart fastd intragate instances
  with_dict: "{{ meshes }}"

 - name: write fastd intragate secret
  template:
    src: fastd-secret.conf.j2
    dest: "/etc/fastd/{{ item.key }}igVPN/secret.conf"
+  notify: restart fastd intragate instances
  with_dict: "{{ meshes }}"
--- a/roles/service-fastd-mesh/README.md
+++ b/roles/service-fastd-mesh/README.md
@ -1,13 +1,15 @@
 # Ansible role service-fastd-mesh

-Diese Ansible role installiert und konfiguriert die fastd-Instanz für die Knoten Kommunikation.
+Diese Ansible role konfiguriert die fastd-Instanz für die Knoten Kommunikation.

- installiert fastd
 - konfiguriert xxVPN-Instanzen
 - stellt sicher, dass die Instanz-Verzeichnisse existieren
 - schreibt fastd.conf
 - schreibt secret.conf
  - der private fastd Schlüssel wird aus dem Admin passwordstore gelesen (YAML key secret)
+- erstellt die erforderlichen peers Ordner
+- klont die fastd peer repos
+- klont bingener fastd peer repo (im Moment hardcoded)

 ## Benötigte Variablen

@ -17,6 +19,8 @@ meshes:
  xx:
 ...
    site_number: # integer
+    peers_mesh_repo: # String - https Link zum Github Repository
+    peers_intragate_repo: # String - https Link zum Github Repository
 ´´´
 - Dictionary `fastd_secrets` (Host-Variable)
 ´´´
@ -36,3 +40,7 @@ Das Dictionary `fastd_secrets` folgt dem Aufbau:
 fastd_secrets:
  $Instanz-Name: "{{ lookup('passwordstore', '$Pfad-im-passwordstore subkey=secret') }}"
 ```
+
+## Abhängigkeiten
+
+- role `service-fastd`
--- a/roles/service-fastd-mesh/handlers/main.yml
+++ b/roles/service-fastd-mesh/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: restart fastd mesh instances
+  systemd:
+    name: "fastd@{{ item.key }}VPN"
+    state: restarted
+  with_dict: "{{ meshes }}"
--- a/roles/service-fastd-mesh/meta/main.yml
+++ b/roles/service-fastd-mesh/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: service-fastd }
--- a/roles/service-fastd-mesh/tasks/main.yml
+++ b/roles/service-fastd-mesh/tasks/main.yml
@ -1,8 +1,9 @@
 ---
- name: install fastd packages
-  apt:
-    name: fastd
-    state: present
+- name: configure systemd unit fastd@
+  systemd:
+    name: "fastd@{{ item.key }}VPN"
+    enabled: yes
+  with_dict: "{{ meshes }}"

 - name: create fastd directories
  file:
@ -11,14 +12,50 @@
    mode: 0755
  with_dict: "{{ meshes }}"

+- name: create fastd peer mesh directories
+  file:
+    path: "/etc/fastd/{{ item.key }}VPN/peers"
+    state: directory
+    mode: 0755
+    owner: admin
+    group: admin
+  with_dict: "{{ meshes }}"
+
+- name: create fastd peer mesh directories for ffbin
+  file:
+    path: "/etc/fastd/mzVPN/peers_bingen"
+    state: directory
+    mode: 0755
+    owner: admin
+    group: admin
+
+- name: clone fastd peer mesh repos
+  git:
+    repo: "{{ item.value.peers_mesh_repo }}"
+    dest: "/etc/fastd/{{ item.key }}VPN/peers"
+    version: master
+    update: no
+  with_dict: "{{ meshes }}"
+  become: false
+
+- name: clone fastd peer mesh repo for ffbin
+  git:
+    repo: https://github.com/freifunk-bingen/peers-ffbin.git
+    dest: /etc/fastd/mzVPN/peers_bingen
+    version: master
+    update: no
+  become: false
+
 - name: template fastd mesh config
  template:
    src: fastd-mesh.conf.j2
    dest: "/etc/fastd/{{ item.key }}VPN/fastd.conf"
+  notify: restart fastd mesh instances
  with_dict: "{{ meshes }}"

 - name: write fastd mesh secret
  template:
    src: fastd-secret.conf.j2
    dest: "/etc/fastd/{{ item.key }}VPN/secret.conf"
+  notify: restart fastd mesh instances
  with_dict: "{{ meshes }}"
--- a/roles/service-fastd/README.md
+++ b/roles/service-fastd/README.md
@ -0,0 +1,5 @@
+# Ansible role service-fastd
+
+Diese Ansible role installiert die erforderlichen Pakete für die fastd Rollen.
+
+- installiert fastd + git
--- a/roles/service-fastd/handlers/main.yml
+++ b/roles/service-fastd/handlers/main.yml
@ -0,0 +1,4 @@
+---
+- name: reload systemd
+  systemd:
+    daemon_reload: yes
--- a/roles/service-fastd/tasks/main.yml
+++ b/roles/service-fastd/tasks/main.yml
@ -0,0 +1,9 @@
+---
+- name: install fastd packages
+  apt:
+    name: "{{ item }}"
+    state: present
+  notify: reload systemd
+  with_items:
+    - fastd
+    - git