From 721b278d3bfeff1bf7d586e90efe063dd23e8869 Mon Sep 17 00:00:00 2001 From: Julian Labus Date: Sat, 2 Mar 2019 18:10:48 +0100 Subject: [PATCH] Roles: improve multidomain support --- Readme.md | 12 ++-- ansible.cfg | 4 +- inventory/group_vars/all | 53 +++++++++------ inventory/host_vars/ingwer.freifunk-mwu.de | 17 ++++- .../host_vars/lotuswurzel.freifunk-mwu.de | 17 ++++- inventory/host_vars/milchreis.freifunk-mwu.de | 2 +- inventory/host_vars/spinat.freifunk-mwu.de | 17 ++++- .../host_vars/suesskartoffel.freifunk-mwu.de | 2 +- .../host_vars/uffschnitt.freifunk-mwu.de | 17 ++++- .../host_vars/wasserfloh.freifunk-mwu.de | 17 ++++- roles/network-anycast/README.md | 4 +- roles/network-anycast/templates/anycast.j2 | 4 +- roles/network-batman/README.md | 2 +- roles/network-batman/tasks/main.yml | 2 +- roles/network-batman/templates/batman.j2 | 4 +- roles/network-batman/templates/dummy.j2 | 4 +- roles/network-fastd/README.md | 2 +- roles/network-fastd/tasks/main.yml | 2 +- roles/network-loopback/README.md | 4 +- roles/network-loopback/templates/loopback.j2 | 4 +- roles/network-meshbridge/templates/bridge.j2 | 9 ++- roles/network-routing/README.md | 2 +- roles/network-routing/tasks/main.yml | 2 +- .../templates/ffmwu-add-ip-rules.sh.j2 | 68 +++++++++---------- .../templates/ffmwu-add-static-routes.sh.j2 | 10 ++- .../templates/ffmwu-del-ip-rules.sh.j2 | 68 +++++++++---------- .../templates/ffmwu-del-static-routes.sh.j2 | 10 ++- roles/prerequisites/README.md | 2 +- roles/prerequisites/tasks/main.yml | 2 +- roles/service-bind-slave/tasks/main.yml | 2 +- .../templates/named.conf.j2 | 2 +- .../templates/named.conf.mesh.j2 | 18 +++-- .../templates/named.conf.options.j2 | 10 +-- .../templates/ffrl_ipv6.conf.j2 | 13 ++-- roles/service-bird-lg/tasks/main.yml | 4 +- roles/service-bird-lg/templates/lg.cfg.j2 | 2 +- roles/service-bird/README.md | 14 ++-- roles/service-bird/tasks/main.yml | 2 +- roles/service-bird/templates/bird.conf.j2 | 20 +++--- roles/service-bird/templates/bird6.conf.j2 | 20 +++--- .../templates/mwu_ipv4_peers.conf.j2 | 2 +- .../templates/mwu_ipv6_peers.conf.j2 | 2 +- roles/service-bird/templates/radv.conf.j2 | 14 ++-- roles/service-dhcpd/README.md | 4 +- .../service-dhcpd/templates/kea_dhcp4.conf.j2 | 5 +- roles/service-fastd-backbone/tasks/main.yml | 4 +- .../templates/fastd-backbone.conf.j2 | 18 ++++- .../templates/fastd-mesh.conf.j2 | 4 +- .../templates/firmware_vhost.conf.j2 | 6 +- .../templates/config.js.j2 | 10 +-- .../templates/meshviewer_vhost.conf.j2 | 2 + roles/service-nginx/README.md | 2 +- roles/service-nginx/templates/index.html.j2 | 4 +- .../templates/prometheus.yml.j2 | 2 +- roles/service-respondd/tasks/main.yml | 2 +- .../templates/respondd.service.j2 | 2 +- roles/service-yanic/templates/yanic.conf.j2 | 14 +++- 57 files changed, 344 insertions(+), 223 deletions(-) diff --git a/Readme.md b/Readme.md index 7f06b5f..4796880 100644 --- a/Readme.md +++ b/Readme.md @@ -78,7 +78,7 @@ Weitere Gruppen-Variablen: |Name|Type|Value|Format|Comment| |----|----|-----|------|-------| -|as_private_mwu|Variable|65037|integer|Privates AS von Freifunk MWU| +|as_private|Variable|65037|integer|Privates AS von Freifunk MWU| |as_public_ffrl|Variable|201701|integer|Public AS von Freifunk Rheinland| |internet_exit_tcp_mss_ipv4|Variable|1240|integer|IPv4 TCP MSS| |internet_exit_tcp_mss_ipv6|Variable|1220|integer|IPv6 TCP MSS| @@ -97,9 +97,9 @@ Weitere Gruppen-Variablen: |icvpn.prefix|Key|mwu|string|Prefix für MWU Gateways, z.B. `mwu7` für Spinat| |icvpn.interface|Key|icvpn|string|Name für ICVPN Interface + tinc Instanz| |icvpn.icvpn_repo|Key|https://github.com/freifunk/icvpn|string|URL zum freifunk/icvpn Repository| -|bgp_mwu_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net| -|bgp_mwu_servers.spinat|Dictionary|||| -|bgp_mwu_servers.spinat.ipv4|Variable|10.37.0.7|string - IPv4-Adresse|| +|bgp_legacy_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net| +|bgp_legacy_servers.spinat|Dictionary|||| +|bgp_legacy_servers.spinat.ipv4|Variable|10.37.0.7|string - IPv4-Adresse|| |bgp_mwu_server.spinat.ipv6|Variable|fd37:b4dc:4b1e::a25:7|string - IPv6-Adresse|| @@ -109,7 +109,7 @@ Alle Server- bzw. Gateway-spezifischen Parameter werden als Host-Variablen abgeb |Name|Type|Value|Format|Comment| |----|----|-----|------|-------| |magic|Variable|7|integer|Muss eindeutig unter allen Servern sein| -|ipv4_dhcp_range|Variable|6|integer|Wenn man das Mesh-Netz (/18) in /22er-Subnetze unterteilt und durchnummeriert, ist der Wert hier die Nummer des zu verwendenden /22er Subnetzes zwecks DHCP-Adress-Vergabe| +|ipv4_dhcp|Variable|6|integer|Wenn man das Mesh-Netz (/18) in /22er-Subnetze unterteilt und durchnummeriert, ist der Wert hier die Nummer des zu verwendenden /22er Subnetzes zwecks DHCP-Adress-Vergabe| |ffrl_public_ipv4_nat|Variable|185.66.195.32/32|IP/Prefix|Öffentliche IPv4-NAT-Adresse| |ffrl_exit_server|Dictionary|||Enthält pro FFRL Tunnel ein Dictionary| |ffrl_exit_server.ffrl-a-ak-ber|Dictionary|||Name = Interface| @@ -158,7 +158,7 @@ magic: # Die Nummer des /22er IPv4-Subnetzes, das per DHCP verteilt werden soll. # z.B. 5 für 10.X.16.0/22 (fünftes /22 Subnetz aus 10.X.0.0/18) -ipv4_dhcp_range: +ipv4_dhcp: # FFRL (muss vorher bereits zugewiesen worden sein) # Öffentliche IPv4 NAT Adresse, Format: IP/Prefix diff --git a/ansible.cfg b/ansible.cfg index d94d519..e84d45a 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -11,5 +11,5 @@ bin_ansible_callbacks = True [privilege_escalation] become = True -#[ssh_connection] -#pipelining = True +[ssh_connection] +pipelining = True diff --git a/inventory/group_vars/all b/inventory/group_vars/all index 0fe1ef5..cfc6239 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -2,7 +2,10 @@ ansible_version_minimum: "2.6" debug_fastd: False -as_private_mwu: 65037 +site_code: ffmwu +site_name: "Mainz, Wiesbaden und Umgebung" + +as_private: 65037 as_public_ffrl: 201701 internet_exit_tcp_mss_ipv4: 1240 @@ -11,16 +14,22 @@ internet_exit_tcp_mss_ipv6: 1220 icvpn_ipv4_transfer_net: 10.207.0.0/16 icvpn_ipv6_transfer_net: fec0::a:cf:0:0/96 -ffmwu_loopback_net_ipv4: 10.37.255.0/24 -ffmwu_loopback_net_ipv6: fd37:b4dc:4b1e:ffff::/64 -ffmwu_anycast_ipv4: 10.37.255.255/32 -ffmwu_anycast_ipv6: fd37:b4dc:4b1e:ffff:ffff:ffff:ffff:ffff/128 +loopback_net_ipv4: 10.37.255.0/24 +loopback_net_ipv6: fd37:b4dc:4b1e:ffff::/64 +anycast_ipv4: 10.37.255.255/32 +anycast_ipv6: fd37:b4dc:4b1e:ffff:ffff:ffff:ffff:ffff/128 -ffmwu_internal_prefixes: +internal_prefixes: - ipv4: 10.37.0.0/16 ipv6: fd37:b4dc:4b1e::/48 - ipv4: 10.56.0.0/16 ipv6: fd56:b4dc:4b1e::/48 + - ipv4: 10.86.0.0/15 + ipv6: fd86:b4dc:4b1e::/48 + +public_prefixes: + - ipv6: 2a03:2260:11a::/48 + - ipv6: 2a03:2260:11b::/48 bgp_loopback_net: 10.37.0.0/18 bgp_ipv4_transfer_net: 10.37.0.0/18 @@ -29,6 +38,10 @@ bgp_groups: - ffmwu-gateways - ffmwu-monitoring +fastd_groups: + - ffmwu-gateways + - ffmwu-monitoring + prometheus_groups: - ffmwu-gateways - ffmwu-monitoring @@ -48,17 +61,18 @@ gopath: "/opt/go" meshes: - id: mz - site_number: 37 - site_code: ffmz - site_name: Mainz - sites_virtual: + legacy: true + domain_number: 37 + domain_code: ffmz + domain_name: Mainz + aliases: ffbin: Bingen ffrhg: Rheingau ipv4_network: 10.37.0.0/18 ipv6_ula: - - fd37:b4dc:4b1e::/48 + - fd37:b4dc:4b1e::/64 ipv6_public: - - 2a03:2260:11a::/48 + - 2a03:2260:11a::/64 dnssl: - ffmz.org - user.ffmz.org @@ -102,16 +116,17 @@ meshes: http_domain_external: freifunk-mainz.de - id: wi - site_number: 56 - site_code: ffwi - site_name: Wiesbaden - sites_virtual: + legacy: true + domain_number: 56 + domain_code: ffwi + domain_name: Wiesbaden + aliases: ffta: Taunus ipv4_network: 10.56.0.0/18 ipv6_ula: - - fd56:b4dc:4b1e::/48 + - fd56:b4dc:4b1e::/64 ipv6_public: - - 2a03:2260:11b::/48 + - 2a03:2260:11b::/64 dnssl: - ffwi.org - user.ffwi.org @@ -159,7 +174,7 @@ icvpn: interface: icvpn icvpn_repo: https://github.com/freifunk/icvpn -bgp_mwu_servers: +bgp_legacy_servers: zuckerwatte: ipv4: 10.37.1.2 ipv6: fd37:b4dc:4b1e::a25:102 diff --git a/inventory/host_vars/ingwer.freifunk-mwu.de b/inventory/host_vars/ingwer.freifunk-mwu.de index 979b72c..f6049eb 100644 --- a/inventory/host_vars/ingwer.freifunk-mwu.de +++ b/inventory/host_vars/ingwer.freifunk-mwu.de @@ -1,8 +1,21 @@ --- -ffmwu_server_type: "gateway" +server_type: "gateway" magic: 161 -ipv4_dhcp_range: 7 + +public_gw_prefixes: + - ipv6: 2a03:2260:11a:a100::/56 + - ipv6: 2a03:2260:11b:a100::/56 + +mesh_gw_prefixes: + mz: + ipv4_dhcp: 10.37.24.0/22 + ipv6_public: + - 2a03:2260:11a:a100::/64 + wi: + ipv4_dhcp: 10.56.24.0/22 + ipv6_public: + - 2a03:2260:11b:a100::/64 ffrl_public_ipv4_nat: 185.66.195.38/32 diff --git a/inventory/host_vars/lotuswurzel.freifunk-mwu.de b/inventory/host_vars/lotuswurzel.freifunk-mwu.de index ec7f27c..2105b34 100644 --- a/inventory/host_vars/lotuswurzel.freifunk-mwu.de +++ b/inventory/host_vars/lotuswurzel.freifunk-mwu.de @@ -1,8 +1,21 @@ --- -ffmwu_server_type: "gateway" +server_type: "gateway" magic: 23 -ipv4_dhcp_range: 4 + +public_gw_prefixes: + - ipv6: 2a03:2260:11a:1700::/56 + - ipv6: 2a03:2260:11b:1700::/56 + +mesh_gw_prefixes: + mz: + ipv4_dhcp: 10.37.16.0/22 + ipv6_public: + - 2a03:2260:11a:1700::/64 + wi: + ipv4_dhcp: 10.56.16.0/22 + ipv6_public: + - 2a03:2260:11b:1700::/64 ffrl_public_ipv4_nat: 185.66.195.36/32 diff --git a/inventory/host_vars/milchreis.freifunk-mwu.de b/inventory/host_vars/milchreis.freifunk-mwu.de index 68174b8..471dee7 100644 --- a/inventory/host_vars/milchreis.freifunk-mwu.de +++ b/inventory/host_vars/milchreis.freifunk-mwu.de @@ -1,2 +1,2 @@ --- -ffmwu_server_type: "firmware-build" +server_type: "firmware-build" diff --git a/inventory/host_vars/spinat.freifunk-mwu.de b/inventory/host_vars/spinat.freifunk-mwu.de index 19ba7aa..3d6f31d 100644 --- a/inventory/host_vars/spinat.freifunk-mwu.de +++ b/inventory/host_vars/spinat.freifunk-mwu.de @@ -1,8 +1,21 @@ --- -ffmwu_server_type: "gateway" +server_type: "gateway" magic: 7 -ipv4_dhcp_range: 5 + +public_gw_prefixes: + - ipv6: 2a03:2260:11a:0700::/56 + - ipv6: 2a03:2260:11b:0700::/56 + +mesh_gw_prefixes: + mz: + ipv4_dhcp: 10.37.20.0/22 + ipv6_public: + - 2a03:2260:11a:0700::/64 + wi: + ipv4_dhcp: 10.56.20.0/22 + ipv6_public: + - 2a03:2260:11b:0700::/64 ffrl_public_ipv4_nat: 185.66.195.32/32 diff --git a/inventory/host_vars/suesskartoffel.freifunk-mwu.de b/inventory/host_vars/suesskartoffel.freifunk-mwu.de index 04069a2..fec4d4b 100644 --- a/inventory/host_vars/suesskartoffel.freifunk-mwu.de +++ b/inventory/host_vars/suesskartoffel.freifunk-mwu.de @@ -1,4 +1,4 @@ --- -ffmwu_server_type: "monitoring" +server_type: "monitoring" magic: 32 diff --git a/inventory/host_vars/uffschnitt.freifunk-mwu.de b/inventory/host_vars/uffschnitt.freifunk-mwu.de index 0446d1a..9cc30a1 100644 --- a/inventory/host_vars/uffschnitt.freifunk-mwu.de +++ b/inventory/host_vars/uffschnitt.freifunk-mwu.de @@ -1,8 +1,21 @@ --- -ffmwu_server_type: "gateway" +server_type: "gateway" magic: 101 -ipv4_dhcp_range: 8 + +public_gw_prefixes: + - ipv6: 2a03:2260:11a:6500::/56 + - ipv6: 2a03:2260:11b:6500::/56 + +mesh_gw_prefixes: + mz: + ipv4_dhcp: 10.37.32.0/22 + ipv6_public: + - 2a03:2260:11a:6500::/64 + wi: + ipv4_dhcp: 10.56.32.0/22 + ipv6_public: + - 2a03:2260:11b:6500::/64 ffrl_public_ipv4_nat: 185.66.195.37/32 diff --git a/inventory/host_vars/wasserfloh.freifunk-mwu.de b/inventory/host_vars/wasserfloh.freifunk-mwu.de index be82f2a..649c548 100644 --- a/inventory/host_vars/wasserfloh.freifunk-mwu.de +++ b/inventory/host_vars/wasserfloh.freifunk-mwu.de @@ -1,8 +1,21 @@ --- -ffmwu_server_type: "gateway" +server_type: "gateway" magic: 231 -ipv4_dhcp_range: 9 + +public_gw_prefixes: + - ipv6: 2a03:2260:11a:e700::/56 + - ipv6: 2a03:2260:11b:e700::/56 + +mesh_gw_prefixes: + mz: + ipv4_dhcp: 10.37.36.0/22 + ipv6_public: + - 2a03:2260:11a:e700::/64 + wi: + ipv4_dhcp: 10.56.36.0/22 + ipv6_public: + - 2a03:2260:11b:e700::/64 ffrl_public_ipv4_nat: 185.66.195.33/32 diff --git a/roles/network-anycast/README.md b/roles/network-anycast/README.md index ef730a2..0b926c5 100644 --- a/roles/network-anycast/README.md +++ b/roles/network-anycast/README.md @@ -7,5 +7,5 @@ Diese Ansible role konfiguriert das FFMWU Anycast Interface. ## Benötigte Variablen -- ffmwu_anycast_ipv4 # Anycast IPv4 Adresse -- ffmwu_anycast_ipv6 # Anycast IPv6 Adresse +- anycast_ipv4 # Anycast IPv4 Adresse +- anycast_ipv6 # Anycast IPv6 Adresse diff --git a/roles/network-anycast/templates/anycast.j2 b/roles/network-anycast/templates/anycast.j2 index 91b9653..84d796e 100644 --- a/roles/network-anycast/templates/anycast.j2 +++ b/roles/network-anycast/templates/anycast.j2 @@ -4,5 +4,5 @@ auto anycast iface anycast link-type dummy - address {{ ffmwu_anycast_ipv4 | ipaddr('network/prefix') }} - address {{ ffmwu_anycast_ipv6 | ipaddr('network/prefix') }} + address {{ anycast_ipv4 | ipaddr('network/prefix') }} + address {{ anycast_ipv6 | ipaddr('network/prefix') }} diff --git a/roles/network-batman/README.md b/roles/network-batman/README.md index aed65d4..8a3992e 100644 --- a/roles/network-batman/README.md +++ b/roles/network-batman/README.md @@ -40,7 +40,7 @@ meshes: - Host Variable `magic` -- Host Variable `ffmwu_server_type` +- Host Variable `server_type` ## MAC-Adressen diff --git a/roles/network-batman/tasks/main.yml b/roles/network-batman/tasks/main.yml index f50750a..08d72d6 100644 --- a/roles/network-batman/tasks/main.yml +++ b/roles/network-batman/tasks/main.yml @@ -2,7 +2,7 @@ - name: create dummy interfaces template: src: dummy.j2 - dest: "/etc/network/interfaces.d/{{ item.id }}0" + dest: "/etc/network/interfaces.d/{{ item.id }}" notify: reload network interfaces loop: "{{ meshes }}" diff --git a/roles/network-batman/templates/batman.j2 b/roles/network-batman/templates/batman.j2 index f0084b5..bf44ea6 100644 --- a/roles/network-batman/templates/batman.j2 +++ b/roles/network-batman/templates/batman.j2 @@ -7,9 +7,9 @@ auto {{ item.id }}bat iface {{ item.id }}bat hwaddress {{ mac | hwaddr('linux') }} - batman-ifaces {{ item.id }}0 {% if ffmwu_server_type == 'gateway' %}{% for instance in item.fastd.nodes.instances %}{{ item.id }}vpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% endif %}{% for instance in item.fastd.backbone.instances %}{{ item.id }}igvpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} + batman-ifaces {{ item.id }} {% if server_type == 'gateway' %}{% for instance in item.fastd.nodes.instances %}{{ item.id }}vpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% endif %}{% for instance in item.fastd.backbone.instances %}{{ item.id }}igvpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} batman-hop-penalty {{ item.batman.hop_penalty }} post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }} post-up /usr/sbin/batctl -m $IFACE mm {{ item.batman.mm }} post-up /usr/sbin/batctl -m $IFACE dat {{ item.batman.dat }} - post-up /usr/sbin/batctl -m $IFACE gw {% if ffmwu_server_type == 'gateway' %}{{ item.batman.gw }}{% else %}off{% endif %} + post-up /usr/sbin/batctl -m $IFACE gw {% if server_type == 'gateway' %}{{ item.batman.gw }}{% else %}off{% endif %} diff --git a/roles/network-batman/templates/dummy.j2 b/roles/network-batman/templates/dummy.j2 index a18a325..cf781be 100644 --- a/roles/network-batman/templates/dummy.j2 +++ b/roles/network-batman/templates/dummy.j2 @@ -3,7 +3,7 @@ # # {{ ansible_managed }} # -auto {{ item.id }}0 -iface {{ item.id }}0 +auto {{ item.id }} +iface {{ item.id }} link-type dummy hwaddress {{ mac | hwaddr('linux') }} diff --git a/roles/network-fastd/README.md b/roles/network-fastd/README.md index a2a5f63..e163825 100644 --- a/roles/network-fastd/README.md +++ b/roles/network-fastd/README.md @@ -34,7 +34,7 @@ meshes: - Host Variable `magic` -- Host Variable `ffmwu_server_type` +- Host Variable `server_type` ## MAC-Adressen diff --git a/roles/network-fastd/tasks/main.yml b/roles/network-fastd/tasks/main.yml index a611757..f6d34b1 100644 --- a/roles/network-fastd/tasks/main.yml +++ b/roles/network-fastd/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: create fastd mesh interfaces - when: ffmwu_server_type == "gateway" + when: server_type == "gateway" template: src: fastd-mesh.j2 dest: "/etc/network/interfaces.d/{{ item.0.id }}vpn-{{ item.1.mtu }}" diff --git a/roles/network-loopback/README.md b/roles/network-loopback/README.md index fa5bc9f..c33595d 100644 --- a/roles/network-loopback/README.md +++ b/roles/network-loopback/README.md @@ -7,5 +7,5 @@ Diese Ansible role konfiguriert das FFMWU Loopback Interface. ## Benötigte Variablen -- ffmwu_loopback_net_ipv4 # IPv4-Subnetz aus dem die Loopback IPs berechnet werden -- ffmwu_loopback_net_ipv6 # IPv6-Subnetz aus dem die Loopback IPs berechnet werden +- loopback_net_ipv4 # IPv4-Subnetz aus dem die Loopback IPs berechnet werden +- loopback_net_ipv6 # IPv6-Subnetz aus dem die Loopback IPs berechnet werden diff --git a/roles/network-loopback/templates/loopback.j2 b/roles/network-loopback/templates/loopback.j2 index dd6ccd1..aca7802 100644 --- a/roles/network-loopback/templates/loopback.j2 +++ b/roles/network-loopback/templates/loopback.j2 @@ -4,5 +4,5 @@ auto loopback iface loopback link-type dummy - address {{ ffmwu_loopback_net_ipv4 | ipsubnet(32, magic) | ipaddr('network/prefix') }} - address {{ ffmwu_loopback_net_ipv6 | ipaddr(magic) | ipaddr('address') }}/128 + address {{ loopback_net_ipv4 | ipsubnet(32, magic) | ipaddr('network/prefix') }} + address {{ loopback_net_ipv6 | ipaddr(magic) | ipaddr('address') }}/128 diff --git a/roles/network-meshbridge/templates/bridge.j2 b/roles/network-meshbridge/templates/bridge.j2 index 65a464b..2fd6f30 100644 --- a/roles/network-meshbridge/templates/bridge.j2 +++ b/roles/network-meshbridge/templates/bridge.j2 @@ -1,6 +1,7 @@ # # {{ ansible_managed }} # + auto {{ item.id }}br iface {{ item.id }}br address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }} @@ -9,8 +10,10 @@ iface {{ item.id }}br {% endfor %} {% for prefix in item.ipv6_public %} address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }} -{% if ffmwu_server_type == "gateway" %} - address {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr(1) | ipaddr('ip/prefix') }} -{% endif %} {% endfor %} +{% if mesh_gw_prefixes is defined %} +{% for prefix in mesh_gw_prefixes[item.id].ipv6_public %} + address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(1) | ipaddr('ip/prefix') }} +{% endfor %} +{% endif %} bridge-ports {{ item.id }}bat diff --git a/roles/network-routing/README.md b/roles/network-routing/README.md index 06b763c..e206672 100644 --- a/roles/network-routing/README.md +++ b/roles/network-routing/README.md @@ -36,4 +36,4 @@ sysctl_settings_routing_(basic|gateway): - Host Variable `magic` -- Host Variable `ffmwu_server_type` +- Host Variable `server_type` diff --git a/roles/network-routing/tasks/main.yml b/roles/network-routing/tasks/main.yml index 194d71f..002c918 100644 --- a/roles/network-routing/tasks/main.yml +++ b/roles/network-routing/tasks/main.yml @@ -61,7 +61,7 @@ loop: "{{ sysctl_settings_routing_basic }}" - name: set gateway sysctl settings for routing - when: ffmwu_server_type == "gateway" + when: server_type == "gateway" sysctl: name: "{{ item.name }}" value: "{{ item.value }}" diff --git a/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2 b/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2 index 252b97c..38ba4b4 100644 --- a/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2 +++ b/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2 @@ -5,52 +5,52 @@ # Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces {% for mesh in meshes %} -ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7 -ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7 ip -4 rule add from all oif {{ mesh.id }}br lookup mwu priority 7 -{% for ula in mesh.ipv6_ula %} -ip -6 rule add from {{ ula }} lookup mwu priority 7 -ip -6 rule add to {{ ula }} lookup mwu priority 7 -{% endfor %} -{% for public in mesh.ipv6_public %} -ip -6 rule add from {{ public }} lookup mwu priority 7 -ip -6 rule add to {{ public }} lookup mwu priority 7 -{% endfor %} ip -6 rule add from all oif {{ mesh.id }}br lookup mwu priority 7 {% endfor %} +{% for prefix in internal_prefixes %} +ip -4 rule add from {{ prefix.ipv4 }} lookup mwu priority 7 +ip -4 rule add to {{ prefix.ipv4 }} lookup mwu priority 7 +ip -6 rule add from {{ prefix.ipv6 }} lookup mwu priority 7 +ip -6 rule add to {{ prefix.ipv6 }} lookup mwu priority 7 +{% endfor %} +{% for prefix in public_prefixes %} +ip -6 rule add from {{ prefix.ipv6 }} lookup mwu priority 7 +ip -6 rule add to {{ prefix.ipv6 }} lookup mwu priority 7 +{% endfor %} -{% if ffmwu_server_type == 'gateway' %} +{% if server_type == 'gateway' %} # Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges {% for mesh in meshes %} -ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23 -ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23 ip -4 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23 -{% for ula in mesh.ipv6_ula %} -ip -6 rule add from {{ ula }} lookup icvpn priority 23 -ip -6 rule add to {{ ula }} lookup icvpn priority 23 -{% endfor %} -{% for public in mesh.ipv6_public %} -ip -6 rule add from {{ public }} lookup icvpn priority 23 -ip -6 rule add to {{ public }} lookup icvpn priority 23 -{% endfor %} ip -6 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23 {% endfor %} +{% for prefix in internal_prefixes %} +ip -4 rule add from {{ prefix.ipv4 }} lookup icvpn priority 23 +ip -4 rule add to {{ prefix.ipv4 }} lookup icvpn priority 23 +ip -6 rule add from {{ prefix.ipv6 }} lookup icvpn priority 23 +ip -6 rule add to {{ prefix.ipv6 }} lookup icvpn priority 23 +{% endfor %} +{% for prefix in public_prefixes %} +ip -6 rule add from {{ prefix.ipv6 }} lookup icvpn priority 23 +ip -6 rule add to {{ prefix.ipv6 }} lookup icvpn priority 23 +{% endfor %} ip -4 rule add from all oif icvpn lookup icvpn priority 23 ip -6 rule add from all oif icvpn lookup icvpn priority 23 # Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges {% for mesh in meshes %} -ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41 -{% for ula in mesh.ipv6_ula %} -ip -6 rule add from {{ ula }} lookup internet priority 41 -ip -6 rule add to {{ ula }} lookup internet priority 41 -{% endfor %} -{% for public in mesh.ipv6_public %} -ip -6 rule add from {{ public }} lookup internet priority 41 -ip -6 rule add to {{ public }} lookup internet priority 41 -{% endfor %} ip -6 rule add from all oif {{ mesh.id }}br lookup internet priority 41 {% endfor %} +{% for prefix in internal_prefixes %} +ip -4 rule add from {{ prefix.ipv4 }} lookup internet priority 41 +ip -6 rule add from {{ prefix.ipv6 }} lookup internet priority 41 +ip -6 rule add to {{ prefix.ipv6 }} lookup internet priority 41 +{% endfor %} +{% for prefix in public_prefixes %} +ip -6 rule add from {{ prefix.ipv6 }} lookup internet priority 41 +ip -6 rule add to {{ prefix.ipv6 }} lookup internet priority 41 +{% endfor %} ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 @@ -67,11 +67,9 @@ ip -6 rule add from all iif {{ server_id }} type unreachable priority 61 {% endfor %} ip -6 rule add from all iif icvpn type unreachable priority 61 ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61 -{% for mesh in meshes %} -{% for public in mesh.ipv6_public %} -ip -6 rule add from {{ public }} type unreachable priority 61 -ip -6 rule add to {{ public }} type unreachable priority 61 -{% endfor %} +{% for prefix in public_prefixes %} +ip -6 rule add from {{ prefix.ipv6 }} type unreachable priority 61 +ip -6 rule add to {{ prefix.ipv6 }} type unreachable priority 61 {% endfor %} # Priority 107 - lookup policies for the gateway host self originating traffic diff --git a/roles/network-routing/templates/ffmwu-add-static-routes.sh.j2 b/roles/network-routing/templates/ffmwu-add-static-routes.sh.j2 index a31dcb9..532edee 100644 --- a/roles/network-routing/templates/ffmwu-add-static-routes.sh.j2 +++ b/roles/network-routing/templates/ffmwu-add-static-routes.sh.j2 @@ -4,21 +4,25 @@ # {% for mesh in meshes %} -# static {{ mesh.site_name }} routes for rt_table mwu +# static {{ mesh.domain_name }} routes for rt_table mwu /sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu {% for ula in mesh.ipv6_ula %} /sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu {% endfor %} {% for public in mesh.ipv6_public %} /sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu -/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu {% endfor %} +{% if mesh_gw_prefixes is defined %} +{% for public in mesh_gw_prefixes[mesh.id].ipv6_public %} +/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu +{% endfor %} +{% endif %} {% if not loop.last %} {% endif %} {% endfor %} -{% if ffmwu_server_type == 'gateway' %} +{% if server_type == 'gateway' %} # static blackhole routes for rt_table internet /sbin/ip -4 route add blackhole 0.0.0.0/8 table internet /sbin/ip -4 route add blackhole 10.0.0.0/8 table internet diff --git a/roles/network-routing/templates/ffmwu-del-ip-rules.sh.j2 b/roles/network-routing/templates/ffmwu-del-ip-rules.sh.j2 index fad09a0..d8913ce 100644 --- a/roles/network-routing/templates/ffmwu-del-ip-rules.sh.j2 +++ b/roles/network-routing/templates/ffmwu-del-ip-rules.sh.j2 @@ -5,52 +5,52 @@ # Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces {% for mesh in meshes %} -ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7 -ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7 ip -4 rule del from all oif {{ mesh.id }}br lookup mwu priority 7 -{% for ula in mesh.ipv6_ula %} -ip -6 rule del from {{ ula }} lookup mwu priority 7 -ip -6 rule del to {{ ula }} lookup mwu priority 7 -{% endfor %} -{% for public in mesh.ipv6_public %} -ip -6 rule del from {{ public }} lookup mwu priority 7 -ip -6 rule del to {{ public }} lookup mwu priority 7 -{% endfor %} ip -6 rule del from all oif {{ mesh.id }}br lookup mwu priority 7 {% endfor %} +{% for prefix in internal_prefixes %} +ip -4 rule del from {{ prefix.ipv4 }} lookup mwu priority 7 +ip -4 rule del to {{ prefix.ipv4 }} lookup mwu priority 7 +ip -6 rule del from {{ prefix.ipv6 }} lookup mwu priority 7 +ip -6 rule del to {{ prefix.ipv6 }} lookup mwu priority 7 +{% endfor %} +{% for prefix in public_prefixes %} +ip -6 rule del from {{ prefix.ipv6 }} lookup mwu priority 7 +ip -6 rule del to {{ prefix.ipv6 }} lookup mwu priority 7 +{% endfor %} -{% if ffmwu_server_type == 'gateway' %} +{% if server_type == 'gateway' %} # Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges {% for mesh in meshes %} -ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23 -ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23 ip -4 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23 -{% for ula in mesh.ipv6_ula %} -ip -6 rule del from {{ ula }} lookup icvpn priority 23 -ip -6 rule del to {{ ula }} lookup icvpn priority 23 -{% endfor %} -{% for public in mesh.ipv6_public %} -ip -6 rule del from {{ public }} lookup icvpn priority 23 -ip -6 rule del to {{ public }} lookup icvpn priority 23 -{% endfor %} ip -6 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23 {% endfor %} +{% for prefix in internal_prefixes %} +ip -4 rule del from {{ prefix.ipv4 }} lookup icvpn priority 23 +ip -4 rule del to {{ prefix.ipv4 }} lookup icvpn priority 23 +ip -6 rule del from {{ prefix.ipv6 }} lookup icvpn priority 23 +ip -6 rule del to {{ prefix.ipv6 }} lookup icvpn priority 23 +{% endfor %} +{% for prefix in public_prefixes %} +ip -6 rule del from {{ prefix.ipv6 }} lookup icvpn priority 23 +ip -6 rule del to {{ prefix.ipv6 }} lookup icvpn priority 23 +{% endfor %} ip -4 rule del from all oif icvpn lookup icvpn priority 23 ip -6 rule del from all oif icvpn lookup icvpn priority 23 # Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges {% for mesh in meshes %} -ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41 -{% for ula in mesh.ipv6_ula %} -ip -6 rule del from {{ ula }} lookup internet priority 41 -ip -6 rule del to {{ ula }} lookup internet priority 41 -{% endfor %} -{% for public in mesh.ipv6_public %} -ip -6 rule del from {{ public }} lookup internet priority 41 -ip -6 rule del to {{ public }} lookup internet priority 41 -{% endfor %} ip -6 rule del from all oif {{ mesh.id }}br lookup internet priority 41 {% endfor %} +{% for prefix in internal_prefixes %} +ip -4 rule del from {{ prefix.ipv4 }} lookup internet priority 41 +ip -6 rule del from {{ prefix.ipv6 }} lookup internet priority 41 +ip -6 rule del to {{ prefix.ipv6 }} lookup internet priority 41 +{% endfor %} +{% for prefix in public_prefixes %} +ip -6 rule del from {{ prefix.ipv6 }} lookup internet priority 41 +ip -6 rule del to {{ prefix.ipv6 }} lookup internet priority 41 +{% endfor %} ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 @@ -67,11 +67,9 @@ ip -6 rule del from all iif {{ server_id }} type unreachable priority 61 {% endfor %} ip -6 rule del from all iif icvpn type unreachable priority 61 ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61 -{% for mesh in meshes %} -{% for public in mesh.ipv6_public %} -ip -6 rule del from {{ public }} type unreachable priority 61 -ip -6 rule del to {{ public }} type unreachable priority 61 -{% endfor %} +{% for prefix in public_prefixes %} +ip -6 rule del from {{ prefix.ipv6 }} type unreachable priority 61 +ip -6 rule del to {{ prefix.ipv6 }} type unreachable priority 61 {% endfor %} # Priority 107 - lookup policies for the gateway host self originating traffic diff --git a/roles/network-routing/templates/ffmwu-del-static-routes.sh.j2 b/roles/network-routing/templates/ffmwu-del-static-routes.sh.j2 index 6669cef..16a7a5e 100644 --- a/roles/network-routing/templates/ffmwu-del-static-routes.sh.j2 +++ b/roles/network-routing/templates/ffmwu-del-static-routes.sh.j2 @@ -4,21 +4,25 @@ # {% for mesh in meshes %} -# static {{ mesh.site_name }} routes for rt_table mwu +# static {{ mesh.domain_name }} routes for rt_table mwu /sbin/ip -4 route del {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu {% for ula in mesh.ipv6_ula %} /sbin/ip -6 route del {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu {% endfor %} {% for public in mesh.ipv6_public %} /sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu -/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu {% endfor %} +{% if mesh_gw_prefixes is defined %} +{% for public in mesh_gw_prefixes[mesh.id].ipv6_public %} +/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu +{% endfor %} +{% endif%} {% if not loop.last %} {% endif %} {% endfor %} -{% if ffmwu_server_type == 'gateway' %} +{% if server_type == 'gateway' %} # static blackhole routes for rt_table internet /sbin/ip -4 route del blackhole 0.0.0.0/8 table internet /sbin/ip -4 route del blackhole 10.0.0.0/8 table internet diff --git a/roles/prerequisites/README.md b/roles/prerequisites/README.md index 8726864..da70d08 100644 --- a/roles/prerequisites/README.md +++ b/roles/prerequisites/README.md @@ -16,4 +16,4 @@ Die folgenden Variablen werden über einen DNS Lookup gesetzt: - Variable `dns_host_ipv6_address` (Rollen-Variable) - Variable `dns_gate_num_cname` (Rollen-Variable) - Variable `dns_gate_icvpn_cname` (Rollen-Variable) -- Variable `ffmwu_server_type` +- Variable `server_type` diff --git a/roles/prerequisites/tasks/main.yml b/roles/prerequisites/tasks/main.yml index 90d95e4..2c69295 100755 --- a/roles/prerequisites/tasks/main.yml +++ b/roles/prerequisites/tasks/main.yml @@ -14,7 +14,7 @@ - "ansible_distribution_major_version == '9'" - name: Check gateway specific DNS entries - when: ffmwu_server_type == "gateway" + when: server_type == "gateway" assert: that: - "dns_gate_num_cname == inventory_hostname" diff --git a/roles/service-bind-slave/tasks/main.yml b/roles/service-bind-slave/tasks/main.yml index 81a3248..ed411f5 100644 --- a/roles/service-bind-slave/tasks/main.yml +++ b/roles/service-bind-slave/tasks/main.yml @@ -38,7 +38,7 @@ - name: write named.conf for meshes template: src: named.conf.mesh.j2 - dest: /etc/bind/named.conf.{{ item.site_code }} + dest: /etc/bind/named.conf.{{ item.domain_code }} owner: root group: bind mode: 0644 diff --git a/roles/service-bind-slave/templates/named.conf.j2 b/roles/service-bind-slave/templates/named.conf.j2 index e7d3814..895ff5c 100644 --- a/roles/service-bind-slave/templates/named.conf.j2 +++ b/roles/service-bind-slave/templates/named.conf.j2 @@ -6,6 +6,6 @@ include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.default-zones"; include "/etc/bind/named.conf.logging"; {% for mesh in meshes %} -include "/etc/bind/named.conf.{{ mesh.site_code }}"; +include "/etc/bind/named.conf.{{ mesh.domain_code }}"; {% endfor %} include "/etc/bind/named.conf.icvpn"; diff --git a/roles/service-bind-slave/templates/named.conf.mesh.j2 b/roles/service-bind-slave/templates/named.conf.mesh.j2 index 3a9a77a..2dd7283 100644 --- a/roles/service-bind-slave/templates/named.conf.mesh.j2 +++ b/roles/service-bind-slave/templates/named.conf.mesh.j2 @@ -3,10 +3,11 @@ // // ACLs -masters "ns-master-{{ item.site_code }}" { +masters "ns-master-{{ item.domain_code }}" { {{ item.dns.master }}; }; +{% if item.dns.forward_zones is defined %} {% for zone in item.dns.forward_zones %} {% if zone.master is defined %} masters "ns-master-{{ zone.name }}" { @@ -15,15 +16,17 @@ masters "ns-master-{{ zone.name }}" { {% endif %} {% endfor %} +{% endif %} -acl "intern-{{ item.site_code }}" { +acl "intern-{{ item.domain_code }}" { {{ item.ipv4_network | ipaddr('net') | ipaddr('network/prefix') }}; {% for prefix in item.ipv6_ula %} {{ prefix | ipaddr('net') | ipaddr('network/prefix') }}; {% endfor %} }; -// DNS forward zones for {{ item.site_code }} +{% if item.dns.forward_zones is defined %} +// DNS forward zones for {{ item.domain_code }} {% for zone in item.dns.forward_zones %} zone "{{ zone.name }}." { type slave; @@ -31,26 +34,27 @@ zone "{{ zone.name }}." { {% if zone.master is defined %} masters { ns-master-{{ zone.name }}; }; {% else %} - masters { ns-master-{{ item.site_code }}; }; + masters { ns-master-{{ item.domain_code }}; }; {% endif %} }; {% if not loop.last %} {% endif %} {% endfor %} +{% endif %} -// DNS reverse zones for {{ item.site_code }} +// DNS reverse zones for {{ item.domain_code }} zone "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}" { type slave; file "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}"; - masters { ns-master-{{ item.site_code }}; }; + masters { ns-master-{{ item.domain_code }}; }; }; {% for prefix in item.ipv6_ula %} zone "{{ prefix | ipaddr('net') | ipaddr('revdns') }}" { type slave; file "{{ prefix | ipaddr('net') | ipaddr('revdns') }}"; - masters { ns-master-{{ item.site_code }}; }; + masters { ns-master-{{ item.domain_code }}; }; }; {% if not loop.last %} diff --git a/roles/service-bind-slave/templates/named.conf.options.j2 b/roles/service-bind-slave/templates/named.conf.options.j2 index f2c7215..57a70b1 100644 --- a/roles/service-bind-slave/templates/named.conf.options.j2 +++ b/roles/service-bind-slave/templates/named.conf.options.j2 @@ -12,15 +12,15 @@ options { 127.0.0.1; ::1; {% for mesh in meshes %} - intern-{{ mesh.site_code }}; + intern-{{ mesh.domain_code }}; {% endfor %} }; allow-transfer { any; }; listen-on { 127.0.0.1; - {{ ffmwu_anycast_ipv4 | ipaddr('address') }}; - {{ ffmwu_loopback_net_ipv4 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; + {{ anycast_ipv4 | ipaddr('address') }}; + {{ loopback_net_ipv4 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; {% for mesh in meshes %} {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; {% endfor %} @@ -29,8 +29,8 @@ options { listen-on-v6 { ::1; - {{ ffmwu_anycast_ipv6 | ipaddr('address') }}; - {{ ffmwu_loopback_net_ipv6 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; + {{ anycast_ipv6 | ipaddr('address') }}; + {{ loopback_net_ipv6 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; {% for mesh in meshes %} {% for ip in mesh.ipv6_ula %} {{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}; diff --git a/roles/service-bird-ffrl/templates/ffrl_ipv6.conf.j2 b/roles/service-bird-ffrl/templates/ffrl_ipv6.conf.j2 index e5263a6..08fe334 100644 --- a/roles/service-bird-ffrl/templates/ffrl_ipv6.conf.j2 +++ b/roles/service-bird-ffrl/templates/ffrl_ipv6.conf.j2 @@ -11,9 +11,8 @@ table ffrl; # Functions function is_ffrl_public_nets() { return net ~ [ -{% for mesh in meshes %} -{% for prefix in mesh.ipv6_public %} - {{ prefix }}{48,56}{{ "," if not loop.last else "" }}{% endfor %}{{ "," if not loop.last else "" }} +{% for prefix in public_gw_prefixes %} + {{ prefix.ipv6 }}{48,56}{{ "," if not loop.last else "" }} {% endfor %} ]; } @@ -40,11 +39,11 @@ filter ebgp_ffrl_export_filter { # Protocols protocol static ffrl_public_routes { table ffrl; -{% for mesh in meshes %} -{% for prefix in mesh.ipv6_public %} - route {{ prefix }} reject; - route {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipaddr('network/prefix') }} reject; +{% for prefix in public_prefixes %} + route {{ prefix.ipv6 }} reject; {% endfor %} +{% for prefix in public_gw_prefixes %} + route {{ prefix.ipv6 }} reject; {% endfor %} } diff --git a/roles/service-bird-lg/tasks/main.yml b/roles/service-bird-lg/tasks/main.yml index 875c12c..d47d7ab 100644 --- a/roles/service-bird-lg/tasks/main.yml +++ b/roles/service-bird-lg/tasks/main.yml @@ -35,9 +35,9 @@ group: "{{ lg_user }}" - name: configure lg-proxy - when: ffmwu_server_type == "gateway" + when: server_type == "gateway" include_tasks: lg-proxy.yml - name: configure lg-webservice - when: ffmwu_server_type == "monitoring" + when: server_type == "monitoring" include_tasks: lg-webservice.yml diff --git a/roles/service-bird-lg/templates/lg.cfg.j2 b/roles/service-bird-lg/templates/lg.cfg.j2 index 7348073..20eb42d 100644 --- a/roles/service-bird-lg/templates/lg.cfg.j2 +++ b/roles/service-bird-lg/templates/lg.cfg.j2 @@ -22,7 +22,7 @@ ROUTER_IP = { AS_NUMBER = { {% for host in groups["ffmwu-gateways"] %} - "{{ host.rsplit('.freifunk-mwu.de')[0] }}" : "{{ as_private_mwu }}", + "{{ host.rsplit('.freifunk-mwu.de')[0] }}" : "{{ as_private }}", {% endfor %} } diff --git a/roles/service-bird/README.md b/roles/service-bird/README.md index 0b29b23..9e0acdf 100644 --- a/roles/service-bird/README.md +++ b/roles/service-bird/README.md @@ -13,16 +13,16 @@ Im iBGP peeren wir mangels separatem Transfernetz (im Moment) im Mainzer Mesh Ne ## Benötigte Variablen - Variable `bgp_loopback_net` # IPv4-Range des Mainzer Meshes, hieraus werden die Loopback Adressen gewählt. -- Variable `ffmwu_loopback_net_ipv4` # IPv4-Subnetz für Loopback-Adressen -- Variable `ffmwu_loopback_net_ipv6` # IPv6-Subnetz für Loopback-Adressen -- Variable `ffmwu_anycast_ipv4` # Anycast IPv4-Adresse -- Variable `ffmwu_anycast_ipv6` # Anycast IPv6-Adresse +- Variable `loopback_net_ipv4` # IPv4-Subnetz für Loopback-Adressen +- Variable `loopback_net_ipv6` # IPv6-Subnetz für Loopback-Adressen +- Variable `anycast_ipv4` # Anycast IPv4-Adresse +- Variable `anycast_ipv6` # Anycast IPv6-Adresse - Variable `bgp_ipv4_transfer_net` # IPv4-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird. - Variable `bgp_ipv6_transfer_net` # IPv6-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird. -- Variable `bgp_as_private_mwu` # Private ASN von Freifunk MWU +- Variable `bgp_as_private` # Private ASN von Freifunk MWU - Liste `bgp_groups` # List von Hostgruppen zu denen eine Verbindung aufgebaut werden soll -- Liste `ffmwu_internal_prefixes` -- Dictionary `bgp_mwu_servers` +- Liste `internal_prefixes` +- Dictionary `bgp_legacy_servers` ``` spinat: # kurzer Hostname des Peers diff --git a/roles/service-bird/tasks/main.yml b/roles/service-bird/tasks/main.yml index d8fb053..dad9963 100644 --- a/roles/service-bird/tasks/main.yml +++ b/roles/service-bird/tasks/main.yml @@ -52,7 +52,7 @@ notify: reload systemd unit bird6 - name: write radv.conf - when: ffmwu_server_type == "gateway" + when: server_type == "gateway" template: src: radv.conf.j2 dest: /etc/bird/radv.conf diff --git a/roles/service-bird/templates/bird.conf.j2 b/roles/service-bird/templates/bird.conf.j2 index 53969e7..f559ec2 100644 --- a/roles/service-bird/templates/bird.conf.j2 +++ b/roles/service-bird/templates/bird.conf.j2 @@ -4,7 +4,7 @@ # Variables define mwu_address = {{ bgp_ipv4_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; -define mwu_as = {{ as_private_mwu }}; +define mwu_as = {{ as_private }}; define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; # General @@ -38,7 +38,7 @@ function is_chaosvpn() { function is_mwu_self_nets_loose() { return net ~ [ -{% for prefix in ffmwu_internal_prefixes %} +{% for prefix in internal_prefixes %} {{ prefix.ipv4 | ipaddr('net') }}+{{ "," if not loop.last else "" }} {% endfor %} ]; @@ -46,7 +46,7 @@ function is_mwu_self_nets_loose() { function is_mwu_self_nets_strict() { return net ~ [ -{% for prefix in ffmwu_internal_prefixes %} +{% for prefix in internal_prefixes %} {{ prefix.ipv4 | ipaddr('net') }}{{ "," if not loop.last else "" }} {% endfor %} ]; @@ -54,13 +54,13 @@ function is_mwu_self_nets_strict() { function is_mwu_loopback() { return net ~ [ - {{ ffmwu_loopback_net_ipv4 }}+ + {{ loopback_net_ipv4 }}+ ]; } function is_mwu_anycast() { return net ~ [ - {{ ffmwu_anycast_ipv4 }} + {{ anycast_ipv4 }} ]; } @@ -81,7 +81,7 @@ protocol direct mwu_loopback { import where is_mwu_loopback(); }; -{% if ffmwu_server_type == "gateway" %} +{% if server_type == "gateway" %} protocol direct mwu_anycast { interface "anycast"; import where is_mwu_anycast(); @@ -89,7 +89,7 @@ protocol direct mwu_anycast { {% endif %} protocol static { -{% for prefix in ffmwu_internal_prefixes %} +{% for prefix in internal_prefixes %} route {{ prefix.ipv4 }} reject; {% endfor %} }; @@ -98,7 +98,7 @@ protocol kernel kernel_mwu { scan time 30; import none; export filter { -{% if ffmwu_server_type == "gateway" %} +{% if server_type == "gateway" %} if is_mwu_anycast() then reject; {% else %} if is_mwu_anycast() then accept; @@ -114,7 +114,7 @@ template bgp ibgp_mwu { local mwu_address as mwu_as; import keep filtered on; import filter { -{% if ffmwu_server_type == "gateway" %} +{% if server_type == "gateway" %} if is_mwu_anycast() then reject; {% endif %} if is_mwu_self_nets_loose() then accept; @@ -134,7 +134,7 @@ template bgp ibgp_mwu { # Include IPv4 MWU peers include "mwu_ipv4_peers.con?"; -{% if ffmwu_server_type == "gateway" %} +{% if server_type == "gateway" %} # Include IPv4 ICVPN configuration include "icvpn_ipv4.con?"; diff --git a/roles/service-bird/templates/bird6.conf.j2 b/roles/service-bird/templates/bird6.conf.j2 index b89530a..73e7691 100644 --- a/roles/service-bird/templates/bird6.conf.j2 +++ b/roles/service-bird/templates/bird6.conf.j2 @@ -5,7 +5,7 @@ # Variables define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; define mwu_address = {{ bgp_ipv6_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; -define mwu_as = {{ as_private_mwu }}; +define mwu_as = {{ as_private }}; # General timeformat protocol iso long; @@ -26,7 +26,7 @@ function is_ula() { function is_mwu_self_nets_loose() { return net ~ [ -{% for prefix in ffmwu_internal_prefixes %} +{% for prefix in internal_prefixes %} {{ prefix.ipv6 | ipaddr('net') }}+{{ "," if not loop.last else "" }} {% endfor %} ]; @@ -34,7 +34,7 @@ function is_mwu_self_nets_loose() { function is_mwu_self_nets_strict() { return net ~ [ -{% for prefix in ffmwu_internal_prefixes %} +{% for prefix in internal_prefixes %} {{ prefix.ipv6 | ipaddr('net') }}{{ "," if not loop.last else "" }} {% endfor %} ]; @@ -42,13 +42,13 @@ function is_mwu_self_nets_strict() { function is_mwu_loopback() { return net ~ [ - {{ ffmwu_loopback_net_ipv6 }}+ + {{ loopback_net_ipv6 }}+ ]; }; function is_mwu_anycast() { return net ~ [ - {{ ffmwu_anycast_ipv6 }}+ + {{ anycast_ipv6 }}+ ]; }; @@ -69,7 +69,7 @@ protocol direct mwu_loopback { import where is_mwu_loopback(); }; -{% if ffmwu_server_type == "gateway" %} +{% if server_type == "gateway" %} protocol direct mwu_anycast { interface "anycast"; import where is_mwu_anycast(); @@ -77,7 +77,7 @@ protocol direct mwu_anycast { {% endif %} protocol static { -{% for prefix in ffmwu_internal_prefixes %} +{% for prefix in internal_prefixes %} route {{ prefix.ipv6 }} reject; {% endfor %} }; @@ -86,7 +86,7 @@ protocol kernel kernel_mwu { scan time 30; import none; export filter { -{% if ffmwu_server_type == "gateway" %} +{% if server_type == "gateway" %} if is_mwu_anycast() then reject; {% else %} if is_mwu_anycast() then accept; @@ -102,7 +102,7 @@ template bgp ibgp_mwu { local mwu_address as mwu_as; import keep filtered on; import filter { -{% if ffmwu_server_type == "gateway" %} +{% if server_type == "gateway" %} if is_mwu_anycast() then reject; {% endif %} if is_mwu_self_nets_loose() then accept; @@ -120,7 +120,7 @@ template bgp ibgp_mwu { # Include IPv6 MWU peers include "mwu_ipv6_peers.con?"; -{% if ffmwu_server_type == "gateway" %} +{% if server_type == "gateway" %} # Include IPv6 ICVPN configuration include "icvpn_ipv6.con?"; diff --git a/roles/service-bird/templates/mwu_ipv4_peers.conf.j2 b/roles/service-bird/templates/mwu_ipv4_peers.conf.j2 index 751cfac..59c5af8 100644 --- a/roles/service-bird/templates/mwu_ipv4_peers.conf.j2 +++ b/roles/service-bird/templates/mwu_ipv4_peers.conf.j2 @@ -12,7 +12,7 @@ protocol bgp mwu_{{ host.rsplit('.freifunk-mwu.de')[0] }} from ibgp_mwu { {% endif %} {% endfor %} {% endfor %} -{% for item, value in bgp_mwu_servers.items() %} +{% for item, value in bgp_legacy_servers.items() %} {% if item != inventory_hostname_short %} protocol bgp mwu_{{ item }} from ibgp_mwu { neighbor {{ value.ipv4 }} as mwu_as; diff --git a/roles/service-bird/templates/mwu_ipv6_peers.conf.j2 b/roles/service-bird/templates/mwu_ipv6_peers.conf.j2 index 5dc864d..4420e1a 100644 --- a/roles/service-bird/templates/mwu_ipv6_peers.conf.j2 +++ b/roles/service-bird/templates/mwu_ipv6_peers.conf.j2 @@ -12,7 +12,7 @@ protocol bgp mwu_{{ host.rsplit('.freifunk-mwu.de')[0] }} from ibgp_mwu { {% endif %} {% endfor %} {% endfor %} -{% for item, value in bgp_mwu_servers.items() %} +{% for item, value in bgp_legacy_servers.items() %} {% if item != inventory_hostname_short %} protocol bgp mwu_{{ item }} from ibgp_mwu { neighbor {{ value.ipv6 }} as mwu_as; diff --git a/roles/service-bird/templates/radv.conf.j2 b/roles/service-bird/templates/radv.conf.j2 index 1cfa1d0..42d6c1b 100644 --- a/roles/service-bird/templates/radv.conf.j2 +++ b/roles/service-bird/templates/radv.conf.j2 @@ -11,27 +11,31 @@ protocol radv radv_{{ mesh.id }} { {% endfor %} {% for prefix in mesh.ipv6_public %} - prefix {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} { - valid lifetime {{ mesh.radvd.advvalidlifetime }}; - preferred lifetime {{ mesh.radvd.advpreferredlifetime }}; - }; - prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} { skip yes; }; {% endfor %} +{% for prefix in mesh_gw_prefixes[mesh.id].ipv6_public %} + prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} { + valid lifetime {{ mesh.radvd.advvalidlifetime }}; + preferred lifetime {{ mesh.radvd.advpreferredlifetime }}; + }; +{% endfor %} + rdnss { {% for prefix in mesh.ipv6_ula %} ns {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}; {% endfor %} }; +{% if mesh.dnssl is defined %} dnssl { {% for dnssl in mesh.dnssl %} domain "{{ dnssl }}"; {% endfor %} }; +{% endif %} link mtu {{ mesh.iface_mtu }}; }; diff --git a/roles/service-dhcpd/README.md b/roles/service-dhcpd/README.md index 66bc317..72e0ed6 100644 --- a/roles/service-dhcpd/README.md +++ b/roles/service-dhcpd/README.md @@ -24,8 +24,8 @@ meshes: ``` - Host Variable `magic` -- Host Variable `ipv4_dhcp_range` +- Host Variable `ipv4_dhcp` ## DHCP Range -In der Host-Variable `ipv4_dhcp_range` wird als Integer die Nummer des /22 Blocks aus `ipv4_network` definiert, welcher als DHCP Range verwendet werden soll. Dem Gateway Lotuswurzel ist die DHCP-Range 10.X.16.0-10.X.19.255 zugewiesen. Diese ist der 4. /22er Block, also wird in der Host-Variable für die Lotuswurzel `4` geschrieben. +In der Host-Variable `ipv4_dhcp` wird als Integer die Nummer des /22 Blocks aus `ipv4_network` definiert, welcher als DHCP Range verwendet werden soll. Dem Gateway Lotuswurzel ist die DHCP-Range 10.X.16.0-10.X.19.255 zugewiesen. Diese ist der 4. /22er Block, also wird in der Host-Variable für die Lotuswurzel `4` geschrieben. diff --git a/roles/service-dhcpd/templates/kea_dhcp4.conf.j2 b/roles/service-dhcpd/templates/kea_dhcp4.conf.j2 index 4cb5d5d..238c21f 100644 --- a/roles/service-dhcpd/templates/kea_dhcp4.conf.j2 +++ b/roles/service-dhcpd/templates/kea_dhcp4.conf.j2 @@ -38,7 +38,7 @@ {% for mesh in meshes %} { "subnet": "{{ mesh.ipv4_network | ipaddr('network/prefix') }}", - "pools": [ { "pool": "{{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('range_usable') }}" } ], + "pools": [ { "pool": "{{ mesh_gw_prefixes[mesh.id].ipv4_dhcp | ipaddr('net') | ipaddr('range_usable') }}" } ], "option-data": [ { "name": "routers", @@ -51,11 +51,12 @@ { "name": "domain-name-servers", "data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}" - }, + }{% if mesh.dnssl is defined %}, { "name": "domain-search", "data": "{% for dnssl in mesh.dnssl %}{{ dnssl }}{% if not loop.last %}, {% endif %}{% endfor %}" } +{% endif %} ] {% if not loop.last %} }, diff --git a/roles/service-fastd-backbone/tasks/main.yml b/roles/service-fastd-backbone/tasks/main.yml index a88c5ea..9e4f36f 100644 --- a/roles/service-fastd-backbone/tasks/main.yml +++ b/roles/service-fastd-backbone/tasks/main.yml @@ -13,7 +13,7 @@ mode: 0755 owner: admin group: admin - loop: "{{ meshes | subelements('fastd.backbone.instances') }}" + loop: "{{ meshes | selectattr('legacy', 'defined') | list | subelements('fastd.backbone.instances') }}" - name: clone fastd peer backbone repos git: @@ -23,7 +23,7 @@ update: yes tags: sync-peers notify: reload fastd backbone instances - loop: "{{ meshes | subelements('fastd.backbone.instances') }}" + loop: "{{ meshes | selectattr('legacy', 'defined') | list | subelements('fastd.backbone.instances') }}" become: false - name: template fastd backbone config diff --git a/roles/service-fastd-backbone/templates/fastd-backbone.conf.j2 b/roles/service-fastd-backbone/templates/fastd-backbone.conf.j2 index d99f8ca..c2388e5 100644 --- a/roles/service-fastd-backbone/templates/fastd-backbone.conf.j2 +++ b/roles/service-fastd-backbone/templates/fastd-backbone.conf.j2 @@ -13,15 +13,29 @@ method "aes128-ctr+umac"; interface "{{ item.0.id }}igvpn-{{ item.1.mtu }}"; -bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ item.0.site_number }}; -bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ item.0.site_number }}; +bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ '%02d' % item.0.domain_number }}; +bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ '%02d' % item.0.domain_number }}; include "secret.conf"; mtu {{ item.1.mtu }}; peer group "servers" { +{% if item.0.legacy is defined %} include peers from "peers/gates"; include peers from "peers/services"; +{% else %} +{% for group in fastd_groups %} +{% for host in groups[group] %} +{% set peer = host.rsplit('.')[0] %} +{% if host != inventory_hostname %} + peer "{{ peer }}" { + key "{{ lookup('passwordstore', item.1.pass + '/' + peer + ' subkey=public') }}"; + remote ipv6 "{{ host }}" port 11{{ item.1.id }}{{ '%02d' % item.0.domain_number }}; + } +{% endif %} +{% endfor %} +{% endfor %} +{% endif %} } on up "/bin/systemctl reload networking"; diff --git a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 index e36e424..48c8939 100644 --- a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 +++ b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 @@ -13,8 +13,8 @@ method "salsa2012+umac"; interface "{{ item.0.id }}vpn-{{ item.1.mtu }}"; -bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ item.0.site_number }}; -bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ item.0.site_number }}; +bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ '%02d' % item.0.domain_number }}; +bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ '%02d' % item.0.domain_number }}; include "secret.conf"; mtu {{ item.1.mtu }}; diff --git a/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2 b/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2 index cc9a29e..a7e87e4 100644 --- a/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2 +++ b/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2 @@ -38,6 +38,7 @@ server { } {% for mesh in meshes %} +{% if mesh.legacy is defined %} server { listen 80; listen [::]:80; @@ -52,7 +53,7 @@ server { include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; - root /var/www/html/firmware/{{ mesh.site_name.lower() }}; + root /var/www/html/firmware/{{ mesh.domain_name.lower() }}; location / { autoindex on; autoindex_exact_size off; @@ -78,7 +79,7 @@ server { include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; - root /var/www/html/firmware/{{ mesh.site_name.lower() }}; + root /var/www/html/firmware/{{ mesh.domain_name.lower() }}; location / { autoindex on; autoindex_exact_size off; @@ -86,5 +87,6 @@ server { } {% if not loop.last %} +{% endif %} {% endif %} {% endfor %} diff --git a/roles/service-nginx-meshviewer/templates/config.js.j2 b/roles/service-nginx-meshviewer/templates/config.js.j2 index 7a5f3c2..09e765e 100644 --- a/roles/service-nginx-meshviewer/templates/config.js.j2 +++ b/roles/service-nginx-meshviewer/templates/config.js.j2 @@ -88,13 +88,13 @@ module.exports = function () { 'domainNames': [ {% for mesh in meshes %} { - 'domain': '{{ mesh.site_code }}', - 'name': '{{ mesh.site_name }}' + 'domain': '{{ mesh.domain_code }}', + 'name': '{{ mesh.domain_name }}' }, -{% if mesh.sites_virtual is defined %} -{% for site, name in mesh.sites_virtual.items() %} +{% if mesh.aliases is defined %} +{% for domain, name in mesh.aliases.items() %} { - 'domain': '{{ site }}', + 'domain': '{{ domain }}', 'name': '{{ name }}' }, {% endfor %} diff --git a/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2 b/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2 index 0f144e3..595890a 100644 --- a/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2 +++ b/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2 @@ -55,6 +55,7 @@ server { } {% for mesh in meshes %} +{% if mesh.http_domain_internal is defined %} server { listen 80; listen [::]:80; @@ -82,5 +83,6 @@ server { } {% if not loop.last %} +{% endif %} {% endif %} {% endfor %} diff --git a/roles/service-nginx/README.md b/roles/service-nginx/README.md index 47487a1..995b420 100644 --- a/roles/service-nginx/README.md +++ b/roles/service-nginx/README.md @@ -11,5 +11,5 @@ Diese Ansible role installiert und konfiguriert den Web Server nginx. ## Benötigte Variablen - Variable `acme_server` -- Variable `ffmwu_server_type` +- Variable `server_type` - Variable `inventory_hostname_short` diff --git a/roles/service-nginx/templates/index.html.j2 b/roles/service-nginx/templates/index.html.j2 index b1f1ce8..8d51fae 100644 --- a/roles/service-nginx/templates/index.html.j2 +++ b/roles/service-nginx/templates/index.html.j2 @@ -19,10 +19,10 @@

Freifunk MWU Server {{ inventory_hostname_short }}

-{% if ffmwu_server_type == "firmware-build" or ffmwu_server_type == "gateway" %} +{% if server_type == "firmware-build" or server_type == "gateway" %}
Firmware
{% endif %} -{% if ffmwu_server_type == "firmware-build" %} +{% if server_type == "firmware-build" %}
Firmware Archiv
{% endif %} diff --git a/roles/service-prometheus/templates/prometheus.yml.j2 b/roles/service-prometheus/templates/prometheus.yml.j2 index 7ba20f3..74f5516 100644 --- a/roles/service-prometheus/templates/prometheus.yml.j2 +++ b/roles/service-prometheus/templates/prometheus.yml.j2 @@ -71,7 +71,7 @@ scrape_configs: {% endif %} {% endfor %} {% endfor %} -{% for host, _ in bgp_mwu_servers.items() %} +{% for host, _ in bgp_legacy_servers.items() %} {% if host not in ['extrasahne'] %} - "{{ host }}.ffwi.org" - "{{ host }}.ffmz.org" diff --git a/roles/service-respondd/tasks/main.yml b/roles/service-respondd/tasks/main.yml index 88d4117..cf7a9ef 100644 --- a/roles/service-respondd/tasks/main.yml +++ b/roles/service-respondd/tasks/main.yml @@ -13,7 +13,7 @@ become: false - name: set respondd vpn flag to false - when: ffmwu_server_type != "gateway" + when: server_type != "gateway" copy: content: "False" dest: /home/admin/clones/mesh-announce/nodeinfo.d/vpn diff --git a/roles/service-respondd/templates/respondd.service.j2 b/roles/service-respondd/templates/respondd.service.j2 index 34dfef0..77f54da 100644 --- a/roles/service-respondd/templates/respondd.service.j2 +++ b/roles/service-respondd/templates/respondd.service.j2 @@ -4,7 +4,7 @@ After={% for interface in item.fastd.nodes.instances %}fastd@{{ item.id }}vpn-{{ [Service] -ExecStart=/home/admin/clones/mesh-announce/respondd.py -i {{ item.id }}br {% for interface in item.fastd.nodes.instances %}-i {{ item.id }}vpn-{{ interface.mtu }}{% if not loop.last %} {% endif %}{% endfor %} -b {{ item.id }}bat -s {{ item.site_code }} -d {{ item.site_code }} --data-provider-directory /home/admin/clones/mesh-announce/ +ExecStart=/home/admin/clones/mesh-announce/respondd.py -i {{ item.id }}br {% for interface in item.fastd.nodes.instances %}-i {{ item.id }}vpn-{{ interface.mtu }}{% if not loop.last %} {% endif %}{% endfor %} -b {{ item.id }}bat -s {{ site_code }} -d {{ item.domain_code }} --data-provider-directory /home/admin/clones/mesh-announce/ Restart=always Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin diff --git a/roles/service-yanic/templates/yanic.conf.j2 b/roles/service-yanic/templates/yanic.conf.j2 index ee73253..5d575bf 100644 --- a/roles/service-yanic/templates/yanic.conf.j2 +++ b/roles/service-yanic/templates/yanic.conf.j2 @@ -7,12 +7,20 @@ enable = true synchronize = "1m" collect_interval = "1m" +[respondd.sites.{{ site_code }}] +domains = [ {% for mesh in meshes %} -[respondd.sites.{{ mesh.site_code }}] -{% if mesh.sites_virtual is defined %} -domains = ["{{ mesh.site_code }}",{% for domain, name in mesh.sites_virtual.items() %}"{{ domain }}"{% if not loop.last %},{% endif %}{% endfor %}] +{% if mesh.aliases is defined %} +{% for domain, name in mesh.aliases.items() %} + "{{ domain }}", +{% endfor %} +{% endif %} + "{{ mesh.domain_code }}"{% if not loop.last %}, +{% else %} + {% endif %} {% endfor %} +] {% for mesh in meshes %} [[respondd.interfaces]]