freifunk/ansible-ffibk
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Role service-fastd-mesh: update fastd peer limit method

Browse source
This commit is contained in:
Julian Labus 2019-03-08 14:04:51 +01:00
parent 902a0eded7
commit 7bb4c241e2
No known key found for this signature in database
GPG key ID: 8AF209F2C6B3572A
6 changed files with 32 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
roles/service-fastd-mesh/tasks/main.yml
View file

@ -6,24 +6,6 @@
mode: 0755 mode: 0755
loop: "{{ meshes | subelements('fastd.nodes.instances') }}" loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
- name: create fastd peer mesh directories
file:
path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers"
state: directory
mode: 0755
owner: admin
group: admin
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
- name: clone fastd peer mesh repos
git:
repo: "{{ item.1.peers.repo }}"
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers"
version: "{{ item.1.peers.version }}"
update: no
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
become: false
- name: template fastd mesh config - name: template fastd mesh config
template: template:
src: fastd-mesh.conf.j2 src: fastd-mesh.conf.j2
@ -39,25 +21,21 @@
notify: restart fastd mesh instances notify: restart fastd mesh instances
loop: "{{ meshes | subelements('fastd.nodes.instances') }}" loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
- name: copy peer_limit.conf if not exist - name: create peer_limit.txt if not exist
copy: copy:
src: peer_limit.conf content: ""
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf" dest: "/etc/fastd/peer_limit.txt"
owner: admin owner: admin
group: admin group: admin
mode: 0640 mode: 0640
force: no force: no
notify: restart fastd mesh instances
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
- name: set file attributes for peer_limit.conf - name: set file attributes for peer_limit.txt
file: file:
path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf" path: "/etc/fastd/peer_limit.txt"
mode: 0640 mode: 0640
owner: admin owner: admin
group: admin group: admin
notify: restart fastd mesh instances
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
- name: write systemd unit fastd-sync-meshkeys.service - name: write systemd unit fastd-sync-meshkeys.service
template: template:
@ -77,18 +55,10 @@
mode: 0644 mode: 0644
notify: reload systemd notify: reload systemd
- name: create fastd_status.json file
file:
path: /var/www/html/fastd_status.json
state: touch
owner: admin
group: admin
mode: 0644
- name: write configuration for fastd-peer-limit-update script - name: write configuration for fastd-peer-limit-update script
template: template:
src: fastd_peer_limit_config.yaml.j2 src: fastd_peer_limit.yaml.j2
dest: /home/admin/.ffmwu-config/fastd_peer_limit_config.yaml dest: /home/admin/.ffmwu-config/fastd_peer_limit.yaml
owner: admin owner: admin
group: admin group: admin
mode: 0644 mode: 0644

7
roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
View file

@ -19,11 +19,8 @@ bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.
include "secret.conf"; include "secret.conf";
mtu {{ item.1.mtu }}; mtu {{ item.1.mtu }};
peer group "vpn_nodes" {
include "peer_limit.conf";
include peers from "peers";
}
on up "/bin/systemctl reload networking"; on up "/bin/systemctl reload networking";
on verify "/home/admin/clones/backend-scripts/verify_fastd_peers_gw.py $PEER_KEY";
status socket "/var/run/fastd-{{ item.0.id }}vpn-{{ item.1.mtu }}.status"; status socket "/var/run/fastd-{{ item.0.id }}vpn-{{ item.1.mtu }}.status";

2
roles/service-fastd-mesh/templates/fastd-sync-meshkeys.timer.j2
View file

@ -6,7 +6,7 @@ Description=Update fastd mesh peers repos timer
[Timer] [Timer]
OnBootSec=5m OnBootSec=5m
OnUnitActiveSec=15m OnUnitActiveSec=5m
[Install] [Install]
WantedBy=timers.target WantedBy=timers.target

6
roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2
View file

@ -13,10 +13,12 @@ server {
allow 127.0.0.0/8; allow 127.0.0.0/8;
allow ::1/128; allow ::1/128;
{% for host in groups['ffmwu-monitoring'] %} {% for group in prometheus_groups %}
{% for host in groups[group] %}
allow {{ lookup('dig', host, 'qtype=A') }}; allow {{ lookup('dig', host, 'qtype=A') }};
allow {{ lookup('dig', host, 'qtype=AAAA') }}; allow {{ lookup('dig', host, 'qtype=AAAA') }};
deny all;
{% endfor %} {% endfor %}
{% endfor %}
deny all;
} }
} }

18
roles/service-fastd-mesh/templates/fastd_peer_limit.yaml.j2 Normal file
View file

@ -0,0 +1,18 @@
#
# {{ ansible_managed }}
#
additional: 16
metrics_url: 'https://%s.freifunk-mwu.de:9281/metrics'
limit_file: '/etc/fastd/peer_limit'
fastd_instances:
{% for mesh in meshes %}
{% for instance in mesh.fastd.nodes.instances %}
- {{ mesh.id }}vpn-{{ instance.mtu }}
{% endfor %}
{% endfor %}
gateways:
{% for gateway in groups['ffmwu-gateways'] %}
- {{ gateway.rsplit('.freifunk-mwu.de')[0] }}
{% endfor %}
fetch_timeout: 10

24
roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2
View file

@ -1,24 +0,0 @@
#
# {{ ansible_managed }}
#
ansible_gate: True
additional: 8
fastd_instances:
{% for mesh in meshes %}
{% for instance in mesh.fastd.nodes.instances %}
- {{ mesh.id }}vpn-{{ instance.mtu }}
{% endfor %}
{% endfor %}
cronlog: '/home/admin/.cronlog/limit.%s.log'
fastd_config: '/etc/fastd/%s/peer_limit.conf'
fastd_status: '/usr/local/bin/fastd-status'
gateways:
{% for gateway in groups['ffmwu-gateways'] %}
- {{ gateway.rsplit('.freifunk-mwu.de')[0] }}
{% endfor %}
restart_max: 43200
stat: 'fastd_status.json'
stat_ext: 'http://%s.freifunk-mwu.de/%s'
stat_local: '/var/www/html/%s'
remote_fetch_timeout: 10
remote_data_timeout: 900