Migrate nested dictionary meshes into a list of dictionaries

- migrate dictionary `ipv6` into two simple lists
 - migrate dictionary `forward_zones` into a list
This commit is contained in:
Tobias Hachmer 2017-10-06 22:58:00 +02:00
parent 2bbd39009c
commit 63ca114c95
44 changed files with 263 additions and 272 deletions

View file

@ -20,19 +20,18 @@ Die Server werden mit ihren FQDNs im Ansible Inventory hinterlegt, bedenkt das f
## Variablen für jedes Mesh
Viele Rollen brauchen spezifische Informationen, wie IP-Adresse, Masken, Interface-Namen, etc.
Wir verwalten diese Mesh-Informationen in einem Dictionary unter `inventory/group_vars/all`:
Wir verwalten diese Mesh-Informationen in einer Liste von Dictionaries unter `inventory/group_vars/all`:
```
meshes:
mz:
- id: mz
site_number: 37
site_code: ffmz
site_name: Mainz
ipv4_network: 10.37.0.0/18
ipv6:
ula:
ipv6_ula:
- fd37:b4dc:4b1e::/48
public:
ipv6_public:
- 2a03:2260:11a::/48
dnssl:
- ffmz.org
@ -53,22 +52,21 @@ meshes:
dns:
master: fd37:b4dc:4b1e::a25:103
forward_zones:
ffmz.org:
user.ffmz.org:
bb.ffmz.org:
nodes.ffmz.org:
ffbin:
- name: ffmz.org
- name: user.ffmz.org
- name: bb.ffmz.org
- name: nodes.ffmz.org
- name: ffbin
master: fd37:b4dc:4b1e::a25:10c
wi:
- id: wi
site_number: 56
site_code: ffwi
site_name: Wiesbaden
ipv4_network: 10.56.0.0/18
ipv6:
ula:
ipv6_ula:
- fd56:b4dc:4b1e::/48
public:
ipv6_public:
- 2a03:2260:11b::/48
dnssl:
- ffwi.org
@ -88,10 +86,10 @@ meshes:
dns:
master: fd56:b4dc:4b1e::a38:103
forward_zones:
ffwi.org:
user.ffwi.org:
bb.ffwi.org:
nodes.ffwi.org:
- name: ffwi.org
- name: user.ffwi.org
- name: bb.ffwi.org
- name: nodes.ffwi.org
```
## Sensible Informationen

View file

@ -17,15 +17,14 @@ bgp_ipv4_transfer_net: 10.37.0.0/18
bgp_ipv6_transfer_net: fd37:b4dc:4b1e::/64
meshes:
mz:
- id: mz
site_number: 37
site_code: ffmz
site_name: Mainz
ipv4_network: 10.37.0.0/18
ipv6:
ula:
ipv6_ula:
- fd37:b4dc:4b1e::/48
public:
ipv6_public:
- 2a03:2260:11a::/48
dnssl:
- ffmz.org
@ -46,22 +45,21 @@ meshes:
dns:
master: fd37:b4dc:4b1e::a25:103
forward_zones:
ffmz.org:
user.ffmz.org:
bb.ffmz.org:
nodes.ffmz.org:
ffbin:
- name: ffmz.org
- name: user.ffmz.org
- name: bb.ffmz.org
- name: nodes.ffmz.org
- name: ffbin
master: fd37:b4dc:4b1e::a25:10c
wi:
- id: wi
site_number: 56
site_code: ffwi
site_name: Wiesbaden
ipv4_network: 10.56.0.0/18
ipv6:
ula:
ipv6_ula:
- fd56:b4dc:4b1e::/48
public:
ipv6_public:
- 2a03:2260:11b::/48
dnssl:
- ffwi.org
@ -82,10 +80,10 @@ meshes:
dns:
master: fd56:b4dc:4b1e::a38:103
forward_zones:
ffwi.org:
user.ffwi.org:
bb.ffwi.org:
nodes.ffwi.org:
- name: ffwi.org
- name: user.ffwi.org
- name: bb.ffwi.org
- name: nodes.ffwi.org
icvpn:
prefix: mwu

View file

@ -12,7 +12,7 @@ Diese Ansible role konfiguriert batman-adv Netzwerk Interfaces.
- Dictionary `meshes`
´´´
meshes:
xx:
- id: xx
...
ipv4_network:
...

View file

@ -2,13 +2,13 @@
- name: create dummy interfaces
template:
src: dummy.j2
dest: "/etc/network/interfaces.d/{{ item.key }}0"
dest: "/etc/network/interfaces.d/{{ item.id }}0"
notify: reload network interfaces
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: create batman interfaces
template:
src: batman.j2
dest: "/etc/network/interfaces.d/{{ item.key }}BAT"
dest: "/etc/network/interfaces.d/{{ item.id }}BAT"
notify: reload network interfaces
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"

View file

@ -1,14 +1,14 @@
{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set mac = '0201' + ip4hex -%}
#
# {{ ansible_managed }}
#
auto {{ item.key }}BAT
iface {{ item.key }}BAT
auto {{ item.id }}BAT
iface {{ item.id }}BAT
hwaddress {{ mac | hwaddr('linux') }}
batman-ifaces {{ item.key }}0 {{ item.key }}VPN {{ item.key }}igVPN
batman-hop-penalty {{ item.value.batman.hop_penalty }}
post-up /usr/sbin/batctl -m $IFACE it {{ item.value.batman.it }}
post-up /usr/sbin/batctl -m $IFACE gw {{ item.value.batman.gw }}
post-up /usr/sbin/batctl -m $IFACE mm {{ item.value.batman.mm }}
post-up /usr/sbin/batctl -m $IFACE dat {{ item.value.batman.dat }}
batman-ifaces {{ item.id }}0 {{ item.id }}VPN {{ item.id }}igVPN
batman-hop-penalty {{ item.batman.hop_penalty }}
post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }}
post-up /usr/sbin/batctl -m $IFACE gw {{ item.batman.gw }}
post-up /usr/sbin/batctl -m $IFACE mm {{ item.batman.mm }}
post-up /usr/sbin/batctl -m $IFACE dat {{ item.batman.dat }}

View file

@ -1,9 +1,9 @@
{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set mac = '0200' + ip4hex -%}
#
# {{ ansible_managed }}
#
auto {{ item.key }}0
iface {{ item.key }}0
auto {{ item.id }}0
iface {{ item.id }}0
link-type dummy
hwaddress {{ mac | hwaddr('linux') }}

View file

@ -10,7 +10,7 @@ Diese Ansible role konfiguriert Netzwerk Interfaces für fastd.
- Dictionary `meshes`
´´´
meshes:
xx:
- id: xx
...
ipv4_network:
...

View file

@ -2,13 +2,13 @@
- name: create fastd mesh interfaces
template:
src: fastd-mesh.j2
dest: "/etc/network/interfaces.d/{{ item.key }}VPN"
dest: "/etc/network/interfaces.d/{{ item.id }}VPN"
notify: reload network interfaces
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: create fastd intragate interfaces
template:
src: fastd-intragate.j2
dest: "/etc/network/interfaces.d/{{ item.key }}igVPN"
dest: "/etc/network/interfaces.d/{{ item.id }}igVPN"
notify: reload network interfaces
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"

View file

@ -1,8 +1,8 @@
{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set mac = '0212' + ip4hex -%}
#
# {{ ansible_managed }}
#
auto {{ item.key }}igVPN
iface {{ item.key }}igVPN
auto {{ item.id }}igVPN
iface {{ item.id }}igVPN
hwaddress {{ mac | hwaddr('linux') }}

View file

@ -1,8 +1,8 @@
{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set mac = '0211' + ip4hex -%}
#
# {{ ansible_managed }}
#
auto {{ item.key }}VPN
iface {{ item.key }}VPN
auto {{ item.id }}VPN
iface {{ item.id }}VPN
hwaddress {{ mac | hwaddr('linux') }}

View file

@ -18,7 +18,7 @@ sysctl_settings_netfilter:
- Dictionary `meshes`
´´´
meshes:
xx:
- id: xx
...
ipv4_network:
...

View file

@ -8,8 +8,8 @@
-A INPUT -d {{ ansible_default_ipv4.address | ipaddr('public') }}/32 -p gre -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
{% for mesh_id, mesh_value in meshes.iteritems() %}
-A FORWARD -i {{ mesh_id }}BR -o {{ mesh_id }}BR -j ACCEPT
{% for mesh in meshes %}
-A FORWARD -i {{ mesh.id }}BR -o {{ mesh.id }}BR -j ACCEPT
{% endfor %}
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
@ -31,8 +31,8 @@ COMMIT
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:ffrl-nat - [0:0]
{% for mesh_id, mesh_value in meshes.iteritems() %}
-A POSTROUTING -s {{ mesh_value.ipv4_network | ipaddr('private') | ipaddr('net') }} -o ffrl+ -j ffrl-nat
{% for mesh in meshes %}
-A POSTROUTING -s {{ mesh.ipv4_network | ipaddr('private') | ipaddr('net') }} -o ffrl+ -j ffrl-nat
{% endfor %}
-A ffrl-nat -o ffrl+ -j SNAT --to-source {{ ffrl_public_ipv4_nat | ipaddr('address') }}
COMMIT

View file

@ -7,8 +7,8 @@
:OUTPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
{% for mesh_id, mesh_value in meshes.iteritems() %}
-A FORWARD -i {{ mesh_id }}BR -o {{ mesh_id }}BR -j ACCEPT
{% for mesh in meshes %}
-A FORWARD -i {{ mesh.id }}BR -o {{ mesh.id }}BR -j ACCEPT
{% endfor %}
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

View file

@ -11,14 +11,13 @@ Diese Ansible role konfiguriert die Linux Bridges für die Freifunk Meshes.
- Dictionary `meshes`
´´´
meshes:
xx:
-id: xx
...
ipv4_network:
...
ipv6:
ula:
ipv6_ula:
- fdxx.../48 # ipv6 ula prefix
public:
ipv6_public:
- 2xxx.../48 # ipv6 public prefix
´´´

View file

@ -2,13 +2,13 @@
- name: create mesh bridges
template:
src: bridge.j2
dest: "/etc/network/interfaces.d/{{ item.key }}BR"
dest: "/etc/network/interfaces.d/{{ item.id }}BR"
notify: reload network interfaces
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: set sysfs variables
template:
src: sysfs.j2
dest: "/etc/sysfs.d/99-{{ item.key }}BR.conf"
with_dict: "{{ meshes }}"
dest: "/etc/sysfs.d/99-{{ item.id }}BR.conf"
with_items: "{{ meshes }}"
notify: activate sysfs variables

View file

@ -1,15 +1,16 @@
{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set mac = '0210' + ip4hex -%}
#
# {{ ansible_managed }}
#
auto {{ item.key }}BR
iface {{ item.key }}BR
auto {{ item.id }}BR
iface {{ item.id }}BR
hwaddress {{ mac | hwaddr('linux') }}
address {{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }}
{% for ip_type, ip_list in item.value.ipv6.iteritems() %}
{% for ip in ip_list %}
address {{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }}
{% for prefix in item.ipv6_ula %}
address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
{% endfor %}
{% for prefix in item.ipv6_public %}
address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
{% endfor %}
bridge-ports {{ item.key }}BAT
bridge-ports {{ item.id }}BAT

View file

@ -1,4 +1,4 @@
#
# {{ ansible_managed }}
#
class/net/{{ item.key }}BR/bridge/hash_max = 16384
class/net/{{ item.id }}BR/bridge/hash_max = 16384

View file

@ -15,18 +15,17 @@ Die Gateways agieren lediglich als Slave-DNS Server.
- Dictionary `meshes`
´´´
meshes:
xx:
- id: xx
...
site_code: # string
ipv4_network:
ipv6:
ula:
ipv6_ula:
- # ULA-Prefix
- ...
dns:
master: # IP-Adresse des DNS Masters
forward_zones:
$zone: # DNS-Domain
- name: $zone # DNS-Domain
master: # optional: IP-Adresse des DNS Masters, wenn die vom übergeordneten abweicht.
´´´

View file

@ -44,12 +44,12 @@
- name: write named.conf for meshes
template:
src: named.conf.mesh.j2
dest: /etc/bind/named.conf.{{ item.value.site_code }}
dest: /etc/bind/named.conf.{{ item.site_code }}
owner: root
group: bind
mode: 0644
notify: restart bind9
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: write initial icvpn bind config
shell: /usr/bin/python3 /home/admin/clones/icvpn-scripts/mkdns -f bind -x mwu -x bingen -s /home/admin/clones/icvpn-meta > /etc/bind/named.conf.icvpn

View file

@ -5,7 +5,7 @@
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.logging";
{% for mesh_id, mesh_value in meshes.iteritems() %}
include "/etc/bind/named.conf.{{ mesh_value.site_code }}";
{% for mesh in meshes %}
include "/etc/bind/named.conf.{{ mesh.site_code }}";
{% endfor %}
include "/etc/bind/named.conf.icvpn";

View file

@ -3,35 +3,35 @@
//
// ACLs
masters "ns-master-{{ item.value.site_code }}" {
{{ item.value.dns.master }};
masters "ns-master-{{ item.site_code }}" {
{{ item.dns.master }};
};
{% for zone_id, zone_value in item.value.dns.forward_zones.iteritems() %}
{% if zone_value.master is defined %}
masters "ns-master-{{ zone_id }}" {
{{ zone_value.master }};
{% for zone in item.dns.forward_zones %}
{% if zone.master is defined %}
masters "ns-master-{{ zone.name }}" {
{{ zone.master }};
};
{% endif %}
{% endfor %}
acl "intern-{{ item.value.site_code }}" {
{{ item.value.ipv4_network | ipaddr('net') | ipaddr('network/prefix') }};
{% for prefix in item.value.ipv6.ula %}
acl "intern-{{ item.site_code }}" {
{{ item.ipv4_network | ipaddr('net') | ipaddr('network/prefix') }};
{% for prefix in item.ipv6_ula %}
{{ prefix | ipaddr('net') | ipaddr('network/prefix') }};
{% endfor %}
};
// DNS forward zones for {{ item.value.site_code }}
{% for zone_id, zone_value in item.value.dns.forward_zones.iteritems() %}
zone "{{ zone_id }}." {
// DNS forward zones for {{ item.site_code }}
{% for zone in item.dns.forward_zones %}
zone "{{ zone.name }}." {
type slave;
file "{{ zone_id }}.db";
{% if zone_value.master is defined %}
masters { ns-master-{{ zone_id }}; };
file "{{ zone.name }}.db";
{% if zone.master is defined %}
masters { ns-master-{{ zone.name }}; };
{% else %}
masters { ns-master-{{ item.value.site_code }}; };
masters { ns-master-{{ item.site_code }}; };
{% endif %}
};
{% if not loop.last %}
@ -39,18 +39,18 @@ zone "{{ zone_id }}." {
{% endif %}
{% endfor %}
// DNS reverse zones for {{ item.value.site_code }}
zone "{{ item.value.ipv4_network | ipaddr('net') | ipaddr('revdns') }}" {
// DNS reverse zones for {{ item.site_code }}
zone "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}" {
type slave;
file "{{ item.value.ipv4_network | ipaddr('net') | ipaddr('revdns') }}";
masters { ns-master-{{ item.value.site_code }}; };
file "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}";
masters { ns-master-{{ item.site_code }}; };
};
{% for prefix in item.value.ipv6.ula %}
{% for prefix in item.ipv6_ula %}
zone "{{ prefix | ipaddr('net') | ipaddr('revdns') }}" {
type slave;
file "{{ prefix | ipaddr('net') | ipaddr('revdns') }}";
masters { ns-master-{{ item.value.site_code }}; };
masters { ns-master-{{ item.site_code }}; };
};
{% if not loop.last %}

View file

@ -11,25 +11,25 @@ options {
allow-recursion {
127.0.0.1;
::1;
{% for mesh_id, mesh_value in meshes.iteritems() %}
intern-{{ mesh_value.site_code }};
{% for mesh in meshes %}
intern-{{ mesh.site_code }};
{% endfor %}
};
allow-transfer { any; };
listen-on {
127.0.0.1;
{% for mesh_id, mesh_value in meshes.iteritems() %}
{{ mesh_value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
{% for mesh in meshes %}
{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
{% endfor %}
{{ icvpn_ipv4_transfer_net | ipaddr('net') | ipsubnet(24, 37) | ipaddr(magic) | ipaddr('address') }};
};
listen-on-v6 {
::1;
{% for mesh_id, mesh_value in meshes.iteritems() %}
{% for ip in mesh_value.ipv6.ula %}
{{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) }};
{% for mesh in meshes %}
{% for ip in mesh.ipv6_ula %}
{{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }};
{% endfor %}
{% endfor %}
{{ icvpn_ipv6_transfer_net | ipaddr('net') | ipsubnet(112, 37) | ipaddr(magic) | ipaddr('address') }};

View file

@ -11,10 +11,9 @@ Diese Ansible role ergänzt die benötigte bird + bird6 Konfiguration für den I
- Dictionary `meshes`
```
meshes:
xx:
- id: xx
...
ipv6:
public:
ipv6_public:
- # Public IPv6-Netzwerk
```
- Host Dictionary `ffrl_exit_server`

View file

@ -11,8 +11,8 @@ table ffrl;
# Functions
function is_ffrl_public_nets() {
return net ~ [
{% for mesh_id, mesh_value in meshes.iteritems() %}
{% for prefix in mesh_value.ipv6.public %}
{% for mesh in meshes %}
{% for prefix in mesh.ipv6_public %}
{{ prefix }}{48,56}{{ "," if not loop.last else "" }}{% endfor %}{{ "," if not loop.last else "" }}
{% endfor %}
];
@ -40,8 +40,8 @@ filter ebgp_ffrl_export_filter {
# Protocols
protocol static ffrl_public_routes {
table ffrl;
{% for mesh_id, mesh_value in meshes.iteritems() %}
{% for prefix in mesh_value.ipv6.public %}
{% for mesh in meshes %}
{% for prefix in mesh.ipv6_public %}
route {{ prefix }} reject;
route {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipaddr('network/prefix') }} reject;
{% endfor %}

View file

@ -26,11 +26,10 @@ Im iBGP peeren wir mangels separatem Transfernetz (im Moment) im Mainzer Mesh Ne
- Dictionary `meshes`
´´´
meshes:
xx:
- id: xx
...
ipv4_network:
ipv6:
ula:
ipv6_ula:
- # IPv6-ULA Network
´´´
- Host Variable `magic`

View file

@ -38,8 +38,8 @@ function is_chaosvpn() {
function is_mwu_self_nets() {
return net ~ [
{% for item, value in meshes.iteritems() %}
{{ value.ipv4_network | ipaddr('net') }}+{{ "," if not loop.last else "" }}
{% for mesh in meshes %}
{{ mesh.ipv4_network | ipaddr('net') }}+{{ "," if not loop.last else "" }}
{% endfor %}
];
}
@ -50,8 +50,8 @@ protocol device {
};
protocol direct mwu_subnets {
{% for item, value in meshes.iteritems() %}
interface "{{ item }}BR";
{% for mesh in meshes %}
interface "{{ mesh.id }}BR";
{% endfor %}
import where is_mwu_self_nets();
};

View file

@ -26,8 +26,8 @@ function is_ula() {
function is_mwu_self_nets() {
return net ~ [
{% for item, value in meshes.iteritems() %}
{% for ula in value.ipv6.ula %}
{% for mesh in meshes %}
{% for ula in mesh.ipv6_ula %}
{{ ula | ipaddr('net') }}+{{ "," if not loop.last else "" }}{% endfor %}{{ "," if not loop.last else "" }}
{% endfor %}
];
@ -39,8 +39,8 @@ protocol device {
};
protocol direct mwu_subnets {
{% for item, value in meshes.iteritems() %}
interface "{{ item }}BR";
{% for mesh in meshes %}
interface "{{ mesh.id }}BR";
{% endfor %}
import where is_mwu_self_nets();
};

View file

@ -12,7 +12,7 @@ Wir nutzen diesen nur zur Verteilung von IPv4-Adressen.
- Dictionary `meshes`
´´´
meshes:
xx:
- id: xx
...
site_name: # string
site_code: # string

View file

@ -12,7 +12,7 @@
- name: concatenate meshbridge interfaces
set_fact:
dhcp_interfaces: "{% for mesh_id, mesh_value in meshes.iteritems() %}{{ mesh_id }}BR{% if not loop.last %} {% endif %}{% endfor %}"
dhcp_interfaces: "{% for mesh in meshes %}{{ mesh.id }}BR{% if not loop.last %} {% endif %}{% endfor %}"
- name: set ipv4 interfaces isc dhcp should listen on
lineinfile:

View file

@ -12,7 +12,7 @@ default-lease-time 300;
min-lease-time 300;
max-lease-time 300;
{% for mesh in meshes.values() %}
{% for mesh in meshes %}
# DHCP subnet for site {{ mesh.site_name }} ({{ mesh.site_code }})
subnet {{ mesh.ipv4_network | ipaddr('network') }} netmask {{ mesh.ipv4_network | ipaddr('netmask') }} {
range {{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('network') }} {{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('broadcast') }};

View file

@ -15,7 +15,7 @@ Diese Ansible role konfiguriert die fastd-Instanz für die Intra-Server Kommunik
- Dictionary `meshes`
´´´
meshes:
xx:
- id: xx
...
site_number: # integer
peers_mesh_repo: # String - https Link zum Github Repository

View file

@ -1,6 +1,6 @@
---
- name: restart fastd intragate instances
systemd:
name: "fastd@{{ item.key }}igVPN"
name: "fastd@{{ item.id }}igVPN"
state: restarted
with_dict: "{{ meshes }}"

View file

@ -1,45 +1,45 @@
---
- name: configure systemd unit fastd@
systemd:
name: "fastd@{{ item.key }}igVPN"
name: "fastd@{{ item.id }}igVPN"
enabled: yes
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: create fastd intragate directories
file:
path: "/etc/fastd/{{ item.key }}igVPN"
path: "/etc/fastd/{{ item.id }}igVPN"
state: directory
mode: 0755
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: create fastd peer intragate directories
file:
path: "/etc/fastd/{{ item.key }}igVPN/peers"
path: "/etc/fastd/{{ item.id }}igVPN/peers"
state: directory
mode: 0755
owner: admin
group: admin
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: clone fastd peer intragate repos
git:
repo: "{{ item.value.peers_intragate_repo }}"
dest: "/etc/fastd/{{ item.key }}igVPN/peers"
repo: "{{ item.peers_intragate_repo }}"
dest: "/etc/fastd/{{ item.id }}igVPN/peers"
version: master
update: no
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
become: false
- name: template fastd mesh config
template:
src: fastd-intragate.conf.j2
dest: "/etc/fastd/{{ item.key }}igVPN/fastd.conf"
dest: "/etc/fastd/{{ item.id }}igVPN/fastd.conf"
notify: restart fastd intragate instances
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: write fastd intragate secret
template:
src: fastd-secret.conf.j2
dest: "/etc/fastd/{{ item.key }}igVPN/secret.conf"
dest: "/etc/fastd/{{ item.id }}igVPN/secret.conf"
notify: restart fastd intragate instances
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"

View file

@ -1,4 +1,4 @@
{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set mac = '0212' + ip4hex -%}
#
# {{ ansible_managed }}
@ -9,10 +9,10 @@ hide mac addresses yes;
method "aes128-ctr+umac";
interface "{{ item.key }}igVPN";
interface "{{ item.id }}igVPN";
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:101{{ item.value.site_number }};
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:101{{ item.value.site_number }};
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:101{{ item.site_number }};
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:101{{ item.site_number }};
include "secret.conf";
mtu 1406;
@ -27,11 +27,11 @@ on up "
ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
ip link set $INTERFACE up
batctl -m {{ item.key }}BAT if add $INTERFACE
batctl -m {{ item.id }}BAT if add $INTERFACE
";
on down "
batctl -m {{ item.key }}BAT if del $INTERFACE
batctl -m {{ item.id }}BAT if del $INTERFACE
";
status socket "/var/run/fastd-{{ item.key }}igVPN.status";
status socket "/var/run/fastd-{{ item.id }}igVPN.status";

View file

@ -1,4 +1,4 @@
{% set local_interface = item.key + 'igVPN' -%}
{% set local_interface = item.id + 'igVPN' -%}
#
# {{ ansible_managed }}
#

View file

@ -16,7 +16,7 @@ Diese Ansible role konfiguriert die fastd-Instanz für die Knoten Kommunikation.
- Dictionary `meshes`
´´´
meshes:
xx:
- id: xx
...
site_number: # integer
peers_mesh_repo: # String - https Link zum Github Repository

View file

@ -1,6 +1,6 @@
---
- name: restart fastd mesh instances
systemd:
name: "fastd@{{ item.key }}VPN"
name: "fastd@{{ item.id }}VPN"
state: restarted
with_dict: "{{ meshes }}"

View file

@ -1,25 +1,25 @@
---
- name: configure systemd unit fastd@
systemd:
name: "fastd@{{ item.key }}VPN"
name: "fastd@{{ item.id }}VPN"
enabled: yes
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: create fastd directories
file:
path: "/etc/fastd/{{ item.key }}VPN"
path: "/etc/fastd/{{ item.id }}VPN"
state: directory
mode: 0755
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: create fastd peer mesh directories
file:
path: "/etc/fastd/{{ item.key }}VPN/peers"
path: "/etc/fastd/{{ item.id }}VPN/peers"
state: directory
mode: 0755
owner: admin
group: admin
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: create fastd peer mesh directories for ffbin
file:
@ -31,11 +31,11 @@
- name: clone fastd peer mesh repos
git:
repo: "{{ item.value.peers_mesh_repo }}"
dest: "/etc/fastd/{{ item.key }}VPN/peers"
repo: "{{ item.peers_mesh_repo }}"
dest: "/etc/fastd/{{ item.id }}VPN/peers"
version: master
update: no
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
become: false
- name: clone fastd peer mesh repo for ffbin
@ -49,36 +49,36 @@
- name: template fastd mesh config
template:
src: fastd-mesh.conf.j2
dest: "/etc/fastd/{{ item.key }}VPN/fastd.conf"
dest: "/etc/fastd/{{ item.id }}VPN/fastd.conf"
notify: restart fastd mesh instances
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: write fastd mesh secret
template:
src: fastd-secret.conf.j2
dest: "/etc/fastd/{{ item.key }}VPN/secret.conf"
dest: "/etc/fastd/{{ item.id }}VPN/secret.conf"
notify: restart fastd mesh instances
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: copy peer_limit.conf if not exist
copy:
src: peer_limit.conf
dest: "/etc/fastd/{{ item.key }}VPN/peer_limit.conf"
dest: "/etc/fastd/{{ item.id }}VPN/peer_limit.conf"
owner: admin
group: admin
mode: 0640
force: no
notify: restart fastd mesh instances
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: set file attributes for peer_limit.conf
file:
path: "/etc/fastd/{{ item.key }}VPN/peer_limit.conf"
path: "/etc/fastd/{{ item.id }}VPN/peer_limit.conf"
mode: 0640
owner: admin
group: admin
notify: restart fastd mesh instances
with_dict: "{{ meshes }}"
with_items: "{{ meshes }}"
- name: write systemd unit fastd-sync-meshkeys.service
template:

View file

@ -1,4 +1,4 @@
{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set mac = '0211' + ip4hex -%}
#
# {{ ansible_managed }}
@ -9,10 +9,10 @@ hide mac addresses yes;
method "salsa2012+umac";
interface "{{ item.key }}VPN";
interface "{{ item.id }}VPN";
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:100{{ item.value.site_number }};
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:100{{ item.value.site_number }};
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:100{{ item.site_number }};
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:100{{ item.site_number }};
include "secret.conf";
mtu 1406;
@ -20,7 +20,7 @@ mtu 1406;
peer group "vpn_nodes" {
include "peer_limit.conf";
include peers from "peers";
{% if item.key == "mz" %}
{% if item.id == "mz" %}
include peers from "peers_bingen";
{% endif %}
}
@ -34,11 +34,11 @@ on up "
ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
ip link set $INTERFACE up
batctl -m {{ item.key }}BAT if add $INTERFACE
batctl -m {{ item.id }}BAT if add $INTERFACE
";
on down "
batctl -m {{ item.key }}BAT if del $INTERFACE
batctl -m {{ item.id }}BAT if del $INTERFACE
";
status socket "/var/run/fastd-{{ item.key }}VPN.status";
status socket "/var/run/fastd-{{ item.id }}VPN.status";

View file

@ -1,4 +1,4 @@
{% set local_interface = item.key + 'VPN' -%}
{% set local_interface = item.id + 'VPN' -%}
#
# {{ ansible_managed }}
#

View file

@ -11,12 +11,11 @@ Diese Ansible role installiert und konfiguriert den radvd daemon.
- Dictionary `meshes`
´´´
meshes:
xx:
- id: xx
...
ipv6:
ula:
ipv6_ula:
- # ULA-Prefix - String
public:
ipv6_public:
- # Public-Prefix - String
iface_mtu: # Integer
´´´

View file

@ -2,37 +2,37 @@
#
# {{ ansible_managed }}
#
{% for mesh_id, mesh_value in meshes.iteritems() %}
interface {{ mesh_id }}BR
{% for mesh in meshes %}
interface {{ mesh.id }}BR
{
AdvSendAdvert on;
IgnoreIfMissing on;
MaxRtrAdvInterval {{ mesh_value.radvd.maxrtradvinterval }};
AdvLinkMTU {{ mesh_value.iface_mtu }};
MaxRtrAdvInterval {{ mesh.radvd.maxrtradvinterval }};
AdvLinkMTU {{ mesh.iface_mtu }};
{% for ip_type, ip_list in mesh_value.ipv6.iteritems() %}
{% for prefix in ip_list %}
{% if ip_type == "ula" %}
RDNSS {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}
RDNSS {% for prefix in mesh.ipv6_ula %}{{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}
{% endfor %}
{
FlushRDNSS off;
};
{% for prefix in mesh.ipv6_ula %}
prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }}
{
AdvValidLifetime {{ mesh.radvd.advvalidlifetime }};
AdvPreferredLifetime {{ mesh.radvd.advpreferredlifetime }};
};
{% if not loop.last %}
{% endif %}
{% endfor %}
{% endfor %}
{% for ip_type, ip_list in mesh_value.ipv6.iteritems() %}
{% for prefix in ip_list %}
{% if ip_type == "public" %}
{% for prefix in mesh.ipv6_public %}
prefix {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }}
{% else %}
prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }}
{% endif %}
{
AdvValidLifetime {{ mesh_value.radvd.advvalidlifetime }};
AdvPreferredLifetime {{ mesh_value.radvd.advpreferredlifetime }};
AdvValidLifetime {{ mesh.radvd.advvalidlifetime }};
AdvPreferredLifetime {{ mesh.radvd.advpreferredlifetime }};
};
{% endfor %}
{% if not loop.last %}
{% endif %}

View file

@ -10,14 +10,13 @@ All dieses sollte in Zukunft durch systemd units abgelöst werden.
- Dictionary `meshes`
´´´
meshes:
xx:
- id: xx
...
site_name: # string
ipv4_network:
ipv6:
ula:
ipv6_ula:
- # string
public:
ipv6_public:
- # string
iface_mtu: # integer
´´´

View file

@ -18,59 +18,59 @@
#
# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
{% for mesh_id, mesh_value in meshes.iteritems() %}
ip -4 rule add from {{ mesh_value.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule add to {{ mesh_value.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule add from all oif {{ mesh_id }}BR lookup mwu priority 7
{% for ula in mesh_value.ipv6.ula %}
{% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7
{% for ula in mesh.ipv6_ula %}
ip -6 rule add from {{ ula }} lookup mwu priority 7
ip -6 rule add to {{ ula }} lookup mwu priority 7
{% endfor %}
{% for public in mesh_value.ipv6.public %}
{% for public in mesh.ipv6_public %}
ip -6 rule add from {{ public }} lookup mwu priority 7
ip -6 rule add to {{ public }} lookup mwu priority 7
{% endfor %}
ip -6 rule add from all oif {{ mesh_id }}BR lookup mwu priority 7
ip -6 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7
{% endfor %}
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
{% for mesh_id, mesh_value in meshes.iteritems() %}
ip -4 rule add from {{ mesh_value.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule add to {{ mesh_value.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule add from all oif {{ mesh_id }}BR lookup icvpn priority 23
{% for ula in mesh_value.ipv6.ula %}
{% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23
{% for ula in mesh.ipv6_ula %}
ip -6 rule add from {{ ula }} lookup icvpn priority 23
ip -6 rule add to {{ ula }} lookup icvpn priority 23
{% endfor %}
{% for public in mesh_value.ipv6.public %}
{% for public in mesh.ipv6_public %}
ip -6 rule add from {{ public }} lookup icvpn priority 23
ip -6 rule add to {{ public }} lookup icvpn priority 23
{% endfor %}
ip -6 rule add from all oif {{ mesh_id }}BR lookup icvpn priority 23
ip -6 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23
{% endfor %}
ip -4 rule add from all oif icVPN lookup icvpn priority 23
ip -6 rule add from all oif icVPN lookup icvpn priority 23
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
{% for mesh_id, mesh_value in meshes.iteritems() %}
ip -4 rule add from {{ mesh_value.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41
{% for ula in mesh_value.ipv6.ula %}
{% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41
{% for ula in mesh.ipv6_ula %}
ip -6 rule add from {{ ula }} lookup internet priority 41
ip -6 rule add to {{ ula }} lookup internet priority 41
{% endfor %}
{% for public in mesh_value.ipv6.public %}
{% for public in mesh.ipv6_public %}
ip -6 rule add from {{ public }} lookup internet priority 41
ip -6 rule add to {{ public }} lookup internet priority 41
{% endfor %}
ip -6 rule add from all oif {{ mesh_id }}BR lookup internet priority 41
ip -6 rule add from all oif {{ mesh.id }}BR lookup internet priority 41
{% endfor %}
ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
# Priority 61 - at this point this is the end of policy routing for freifunk related routes
{% for mesh_id, mesh_value in meshes.iteritems() %}
ip -4 rule add from all iif {{ mesh_id }}BR type unreachable priority 61
ip -6 rule add from all iif {{ mesh_id }}BR type unreachable priority 61
{% for mesh in meshes %}
ip -4 rule add from all iif {{ mesh.id }}BR type unreachable priority 61
ip -6 rule add from all iif {{ mesh.id }}BR type unreachable priority 61
{% endfor %}
ip -4 rule add from all iif icVPN type unreachable priority 61
ip -4 rule add from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
@ -80,8 +80,8 @@ ip -6 rule add from all iif {{ server_id }} type unreachable priority 61
{% endfor %}
ip -6 rule add from all iif icVPN type unreachable priority 61
ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
{% for mesh_id, mesh_value in meshes.iteritems() %}
{% for public in mesh_value.ipv6.public %}
{% for mesh in meshes %}
{% for public in mesh.ipv6_public %}
ip -6 rule add from {{ public }} type unreachable priority 61
ip -6 rule add to {{ public }} type unreachable priority 61
{% endfor %}
@ -98,15 +98,15 @@ ip -6 rule add from all lookup icvpn priority 107
# IP routes
#
{% for mesh_id, mesh_value in meshes.iteritems() %}
# static {{ mesh_value.site_name }} routes for rt_table mwu
/sbin/ip -4 route add {{ mesh_value.ipv4_network }} proto static dev {{ mesh_id }}BR table mwu
{% for ula in mesh_value.ipv6.ula %}
/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh_id }}BR table mwu
{% for mesh in meshes %}
# static {{ mesh.site_name }} routes for rt_table mwu
/sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}BR table mwu
{% for ula in mesh.ipv6_ula %}
/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu
{% endfor %}
{% for public in mesh_value.ipv6.public %}
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh_id }}BR table mwu
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh_id }}BR table mwu
{% for public in mesh.ipv6_public %}
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu
{% endfor %}
{% if not loop.last %}