freifunk/ansible-ffibk
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
458 commits 1 branch 0 tags 947 KiB
Commit graph

349 commits

Author SHA1 Message Date
Tobias Hachmer 6cc9776c66
Use link-local IPv6 address for BGP Peering 2019-03-25 20:22:55 +01:00
Julian Labus 59045bc400
Roles network-*: enable forwarding 
With newer versions of ifupdown2 it is necessary to enable IPv4/6
forwarding explicitly on required interfaces.
 2019-03-25 10:13:01 +01:00
Julian Labus 6239a876bb
Role network-fastd: set mtu 2019-03-24 23:14:06 +01:00
Julian Labus dc1f469265
Role wireguard: set mtu and link-local address 2019-03-24 22:22:19 +01:00
Tobias Hachmer 13b470b5c9
Role server-basic: prevent the kernel to create a bond insterface on module load 2019-03-24 20:20:57 +01:00
Julian Labus fc6a062559
Role wireguard: explicitly set ipv6-addrgen to off 
newer versions of ifupdown2 try to set the addrgen mode for interfaces
using inet6 but it seems that wireguard interfaces do not support this.
This causes a "ip link set dev <iface> down" command during every
execution of ifreload as the default mode eui6 does not mach the mode
set on the interface which is none.
 2019-03-24 18:57:22 +01:00
Julian Labus 7b2f330c3a
Role network-loopback: set internal nameserver when available 2019-03-23 15:05:36 +01:00
Julian Labus 52d55e3997
Role server-basic: use openresolv to set nameserver 2019-03-23 14:59:12 +01:00
Tobias Hachmer 7efeb81b66
Role firmware-build-server: use import_tasks instead of include (deprecated) 2019-03-22 22:18:37 +01:00
Tobias Hachmer 3320ee053f
Delete old Roles 2019-03-22 22:09:23 +01:00
Tobias Hachmer aa38067f20
Role wireguard: split var 'my_wireguard_networks' into multiple lines for better reading 2019-03-22 21:52:47 +01:00
Tobias Hachmer b995bbffdf
Role network-routing: rename 'sysctl_settings_routing_gateway' to 'sysctl_settings_routing_forwarding'; enable ip forwarding also for monitoring hosts 2019-03-22 21:52:08 +01:00
Tobias Hachmer d194d6e936
Role pdns-admin: make dns prefix configurable; add lets encrypt snippet to nginx template 2019-03-22 20:33:32 +01:00
Tobias Hachmer d7d456d158
Role wireguard: flush handler after configuration 2019-03-22 19:45:26 +01:00
Julian Labus 36a1335d9b
Role service-domain-director: update config 2019-03-22 13:41:16 +01:00
Julian Labus 165e22ab5e
Role service-nginx-firmware: add proxy to downloads.openwrt.org 2019-03-21 15:49:01 +01:00
Tobias Hachmer 869dd5b62a
Migrate internal DNS master to PowerDNS 
* Add playbook dns to manage internal dns master servers
 * Add role to manage PowerDNS Admin Web Frontend for PowerDNS
 * Move dns zone related data from mesh list to a simpler dict with a simple zone list
 * Update role service-bind-slave
 * Update Readme.md
 * Add requirements.yml
 * Update .gitignore
 2019-03-20 19:43:11 +01:00
Tobias Hachmer fe4415afcf
Role nodejs: make major version configurable 2019-03-20 19:25:12 +01:00
Julian Labus 6c3e8336c9
Role service-nginx: use $host instead of $server_name for redirects 2019-03-20 10:23:12 +01:00
Julian Labus 28717aec73
Role service-bird: add source IP to routes in table mwu 2019-03-20 10:21:38 +01:00
Julian Labus a8784c80eb
Revert "Role service-bird-lg: update lgproxy.cfg for new p2p vpn links" 
This reverts commit 2ca3fdd43e.
 2019-03-20 10:19:48 +01:00
Julian Labus 2ca3fdd43e
Role service-bird-lg: update lgproxy.cfg for new p2p vpn links 2019-03-19 17:03:02 +01:00
Tobias Hachmer e4e8c0998f
Introduce p2p vpn link between all ffmwu servers via WireGuard for routing purpose. 
* add jinja2 extension 'jinja2.ext.do' to ansible.cfg
 * add host kichererbse.freifunk-mwu.de
 * add new server_type 'mesh-service' and new host group 'ffmwu-mesh-services'
 * use new loopback and anycast networks
 * add role wireguard
 * add role wireguard as dependency for roles network-routing + service-bird
 * add playbook 'mesh-services'
 2019-03-19 15:23:12 +01:00
Julian Labus 3e297ed09f
Revert "Role service-fastd-mesh: update fastd peer limit method" 
This reverts commit 7bb4c241e2.
 2019-03-18 16:11:34 +01:00
Julian Labus f9700c4dd8
Role service-ntpd: only run ntpdate on primary interface during if-up 2019-03-18 10:05:11 +01:00
Julian Labus f43931649a
Role service-prometheus: FastdNoTraffic - check if clients are connected 2019-03-16 23:54:25 +01:00
Julian Labus db509e43db
Role service-respondd: add version number 
without a version number it is hard to filter out servers in meshviewer
 2019-03-15 18:27:33 +01:00
Julian Labus af832f3703
Role service-prometheus: fix broken rule FastdNoTraffic 2019-03-14 23:20:59 +01:00
Julian Labus acaf0e63e6
Role server-basic: update unattended-upgrades pattern 2019-03-14 15:37:25 +01:00
Julian Labus d87a6f877c
Roles: use environment instead of passing variable in shell command 2019-03-14 15:35:47 +01:00
Julian Labus 7d1289f811
Role service-fastd-mesh: restart fastd-exporter after changes 2019-03-11 10:34:25 +01:00
Julian Labus 7bb4c241e2
Role service-fastd-mesh: update fastd peer limit method 2019-03-08 14:04:51 +01:00
Julian Labus c6be99258b
Roles: add service-domain-director 2019-03-06 17:16:34 +01:00
Julian Labus 721b278d3b
Roles: improve multidomain support 2019-03-02 18:12:56 +01:00
Julian Labus 4127e56524
Role service-prometheus: remove dep service-cpthook 2019-02-15 19:29:58 +01:00
Julian Labus 7a91bbaa2f
Role service-prometheus: simplify and move all files to role directory 2019-02-15 15:45:38 +01:00
Julian Labus 603f6af64d
Role service-prometheus: send alerts via IRC 2019-02-15 11:41:55 +01:00
Julian Labus e29fd1c5d5
Roles: add service-cpthook 2019-02-15 11:39:48 +01:00
Julian Labus 3dbcb8f2c5
Roles: add service-nginx-openlayers 2019-02-13 11:57:16 +01:00
Julian Labus 026844de30
Role service-nginx-meshviewer: add linkList 2019-02-06 11:51:39 +01:00
Julian Labus 6d016c034c
Role service-fastd-mesh: remove peers-ffbin 
remove the individual peers repo for ffbin after successful migration to 
the multidomain firmware
 2019-02-05 15:18:48 +01:00
Julian Labus 8767b0970b
Role service-nginx-meshviewer: update MapLayers 2019-02-01 10:37:12 +01:00
Julian Labus d9863f3fa3
Role prometheus: bump versions 
prometheus: 2.7.0
alertmanager: 1.6.0
 2019-01-29 12:35:19 +01:00
Julian Labus 928e0bb826
fixup! Inventory: remove 1312 MTU fastd instances 2019-01-23 16:03:16 +01:00
Julian Labus ccd3fbafc4
Role service-dhcpd: add control socket 2019-01-23 15:21:10 +01:00
Julian Labus bc3af84cf8
Role network-routing: use same ip rules for table mwu on all hosts 2019-01-16 18:41:04 +01:00
Julian Labus 2880d72c00
Role service-grafana: update gpg key id 2019-01-14 22:43:45 +01:00
Julian Labus 28ba57aa49
Role service-yanic: use golang dep util 2019-01-14 22:24:20 +01:00
Julian Labus 8670f113ff
Role golang: install dep util 2019-01-14 22:17:14 +01:00
Julian Labus 1354a483bd
Role service-grafana: update apt repo 2019-01-09 14:39:50 +01:00
Tobias Hachmer 1be513fae9
Make variable http_domain_external in list element of meshes optional. 2018-12-30 23:39:41 +01:00
Julian Labus 7dac321cd1
Role service-respondd: start after fastd 
fixes #18
 2018-12-26 14:20:11 +01:00
Julian Labus 8ef5701add
Role service-nginx-meshviewer: update config.js 2018-12-21 11:59:10 +01:00
Julian Labus d8177dec7c
Role service-prometheus: bump versions 2018-12-21 11:59:02 +01:00
Julian Labus b06887fc7c
Role service-fastd-mesh: remove obsolete peer group servers 2018-12-12 21:24:37 +01:00
Julian Labus 7b9d3352e8
Role service-nginx: add internal addresses to known_hosts 2018-12-03 15:03:49 +01:00
Tobias Hachmer 38399e5b7a
Role service-bird: export anycast address on gateway, import anycast+loopback on other servers 2018-11-30 18:18:25 +01:00
Julian Labus 2100842bcb
Role service-prometheus: update versions 2018-11-28 14:08:15 +01:00
Julian Labus 5efd7d889e
Role service-nginx-meshviewer: enable HTTP/2 2018-11-28 10:59:53 +01:00
Julian Labus ee5be5f477
Role service-prometheus: move auth in vhosts to location 2018-11-27 10:55:37 +01:00
Julian Labus ce2167d3b3
Role service-nginx-firmware: enable CORS 2018-11-27 10:34:11 +01:00
Julian Labus 79cc765554
Role service-respondd: propagate domain_code 2018-11-12 21:06:59 +01:00
Julian Labus f134f61740
Role service-bird: only configure radvd on gateways 2018-11-12 16:23:13 +01:00
Julian Labus 80259461cc
Role network-meshbridge: only configure public IPv6 subnet not gateways 2018-11-12 16:22:46 +01:00
Julian Labus 6d725812fd
Role service-yanic: enable statistics for domains 2018-11-12 16:19:41 +01:00
Tobias Hachmer 935e66dbd8
Role network-meshbridge + service-bird: announce specific gate prefix instead of the 'global' one 
* configure a local ip address on meshbridge from the 'gate-specific' public IPv6 prefix
* disable announcement for the 'global' public IPv6 prefix
 2018-11-09 21:13:07 +01:00
Tobias Hachmer 479f8c3486
Move Router Advertisements from daemon radvd to bird6 2018-11-09 13:25:26 +01:00
Tobias Hachmer cc4b984344
Increase minimum Ansible version to '2.6'. 
* add ansible version check to role prerequisites
* add requirements.txt
* update Readme.md
* track minimum ansible version in variable 'ansible_version_minimum'
 2018-11-09 10:43:54 +01:00
Julian Labus 28f235d65c
Role service-fastd-backbone: don't hide IP + MAC 2018-11-08 16:43:12 +01:00
Tobias Hachmer c400c57b0c
Role service-nginx: increase server_names_hash_bucket_size 2018-11-08 06:38:01 +01:00
Julian Labus 7dcd90cff6
Role service-bird-lg: remove obsolete patching 2018-11-07 15:31:19 +01:00
Tobias Hachmer 8f8184f4cf
Introduce boolean var 'debug_fastd' and tag debug 
If debug_fastd to 'True' log level is set to debug on all fastd instances.

Run the playbook with tag 'debug' to invoke only tasks changing debug settings.
 2018-11-07 15:20:18 +01:00
Tobias Hachmer 2b0e5d7c4a
Role service-bind-slave: listen on loopback + anycast ip addresses 2018-11-07 10:28:35 +01:00
Tobias Hachmer fa37598c3b
Roles service-bird + service-bird-icvpn: 
Restructure bird configuration to exchange loopback addresses and announce the whole freifunk subnets instead the configured ones.
 2018-11-07 10:28:13 +01:00
Tobias Hachmer 678312c7fc
Add roles network-loopback + network-anycast 2018-11-07 10:28:02 +01:00
Julian Labus 55ca196248
Revert "Role service-bind-slave: listen on loopback + anycast ip addresses" 
This reverts commit 61382ce676.
 2018-11-05 15:43:12 +01:00
Julian Labus dbc7895854
Revert "Roles service-bird + service-bird-icvpn:" 
This reverts commit a8693377a4.
 2018-11-05 15:43:10 +01:00
Julian Labus 19da17b6e1
Revert "Add roles network-loopback + network-anycast" 
This reverts commit d66f880539.
 2018-11-05 15:42:47 +01:00
Julian Labus a540033cf2
Inventory + Roles: remove legacy_gateways 2018-11-04 01:51:26 +01:00
Tobias Hachmer e31bd5fdb9
Role users: update sudoers config for user admin 2018-11-02 10:01:39 +01:00
Tobias Hachmer 61382ce676
Role service-bind-slave: listen on loopback + anycast ip addresses 2018-11-01 19:33:46 +01:00
Tobias Hachmer a8693377a4
Roles service-bird + service-bird-icvpn: 
Restructure bird configuration to exchange loopback addresses and announce the whole freifunk subnets instead the configured ones.
 2018-11-01 08:19:08 +01:00
Tobias Hachmer d66f880539
Add roles network-loopback + network-anycast 2018-11-01 08:19:07 +01:00
Julian Labus 767e1fe5e1
Role service-nginx-firmware: replace -a (-rlptgoD) in rsync command with -rlpt 
Preserving owner and group causes problems if UIDs and GIDs differ 
between hosts.
 2018-10-22 13:32:28 +02:00
Julian Labus 12ac1e07e3
role service-nginx-meshviewer: update config.js for latest release 2018-10-15 09:41:53 +02:00
Julian Labus d69d5bde3f
role golang: update to 1.10 
yanic no longer builds with 1.8
 2018-10-15 09:40:09 +02:00
Julian Labus 98c29c3f93
role service-bird: remove unnecessary includes for non-gateway hosts 2018-10-04 19:30:37 +02:00
Julian Labus ed244ad827
role service-bird-ffrl: replace hyphen with underscores in protocol names 2018-10-04 19:09:59 +02:00
Julian Labus 8bed1b7c5b
role service-prometheus: update targets and alerts 2018-10-04 18:50:09 +02:00
Julian Labus 6cb1eaa514
role service-prometheus: configure alertmanager 2018-09-26 22:34:24 +02:00
Julian Labus 1d72eb8439
role service-bird-lg: add patch to fix parsing 2018-09-25 16:43:35 +02:00
Julian Labus 30a5897c36
roles: don't become root when writing in /home/admin 2018-09-25 16:41:43 +02:00
Julian Labus 8c8039b8b6
role service-prometheus: add missing node_exporter_default_opts to systemd unit 2018-09-25 13:22:46 +02:00
Julian Labus 8c4ec4170e
role service-fastd-mesh: add fastd-exporter 2018-09-25 10:38:41 +02:00
Julian Labus 46242b965d
role service-prometheus: add blackbox_exporter 2018-09-25 10:36:23 +02:00
Julian Labus 13ff110411
role service-prometheus: add vhost 2018-09-25 10:33:52 +02:00
Julian Labus e8d9e6af90
serivce-prometheus: bind to localhost by default 2018-09-25 10:28:24 +02:00
Julian Labus 059a8af9a1
role service-prometheus: update prometheus to 2.4.2 2018-09-24 16:22:49 +02:00
Julian Labus 55771b4ded
roles: move external addresses to front in vhosts so they get used for redirects 2018-09-24 15:14:09 +02:00
Julian Labus e79761e8d8
role service-grafana: check prometheus_components instead of setting facts 2018-09-24 15:12:15 +02:00