ansible-ffibk/roles/service-bird/README.md
kokel ff1dac07ba
Restructure ansible (#8)
* Add filename prefix to playbooks

* Inventory: clean up & rename role ffmwu-prereq to test-prerequisites

Remove all hosts which aren't set up by ansible, yet. Prepare to start
from scratch. Only add hosts to the inventory which will be set up
completly by ansible.

* Role test-prerequisites: improve tasks; update OS to current debian
stable

* Add a bunch of new roles

- Update Readme
- Update ansible.cfg
- Add playbook to set up gateways
- Add group variables

* Roles: add role documentation

* Some restructuring (#3)

* Modify prerequisites role and integrate prerequisites role into all playbooks (#4)

* Add relaxed yamllint config and fix errors

* Add role service-rclocal

* Add role service-bird

* Move localtestvm to separate role (untested) (#6)

* Add role git-repos

* Add role service-bird-icvpn; add python3-yaml package to server-basic
role

* Add role service-bird-ffrl

* Set 'become' default to True (#7)

* Retouch tasks due to 'become' defaults to True

* Add role service-bird-ffrl to playbook gateways

* Role service-bird-ffrl: correct ipaddr filters

* Update readme of roles service-fastd-mesh + service-fastd-intragate

* Update Readme.md

- update passwordstore lookup for fastd secrets
- add explanation about sensible informations

* Role server-basic: add package bridge-utils

* Add role service-tinc

* Add role system-sysctl-gateway

* Add version to git modules in roles:

- git-fastd-peers
- git-repos
- service-tinc

* Add readme for role prerequisites

* Add role network-iptables-gateway

 - move netfilter specific sysctl settings

* Role kmod-batman: load kernel modules

* Role service-bird-icvpn: use a task and not a handler to set file attrs

* Add role service-bind-slave

* Restructure network interfaces in order to use ifupdown2

- rewrite interface templates for batman, fastd, ffrl and meshbridge
- add package ethtool to role server-basic
- use more ipaddr filters and get rid of unneeded variables in dict
ffrl_exit_server
- change ffrl_public_ipv4_nat variable to ip/prefix format
- update readme files

* Role service-dhcpd: fix disabled notify

* Role service-fastd-mesh + service-fastd-intragate: fix mac address format

* Restructure service-fastd roles

- migrate role git-fastd-peers
- add role service-fastd
- add repo clone for ffbin peers (currently hardcoded)
- add role dependency to role service-fastd-mesh +
service-fastd-intragate
- add systemd handlers

* Role service-tinc: use a task instead of a handler for systemd stuff

* Role service-radvd: update handlers

* Update loop keys

* Role service-radvd: optimize ipaddr filters

* Role service-radvd: make more parameters configurable

* Update Readme.md

* Role service-fastd-mesh: add systemd unit + timer to update mesh peers

* Role service-bird + service-bird-icvpn: add systemd unit + timer to update roa+peers+tinc hosts

* Role git-repos: change branch of backend-scripts repo to drop-photon

* Role service-bind-slave: fix file permissions

* Role service-bind-slave: add systemd unit + timer to update icvpn bind config

* Role service-bird-icvpn: rename systemd unit+timer icvpn-update to icvpn-tinc-bgp-update

* Roles service-fastd-mesh + service-fastd-intragate: rename fastd socket

* Role service-rclocal: fix wrong interface

* Role network-iptables-gateway: rename var internet_exit_mtu_ipv[4|6] to internet_exit_tcp_mss_ipv[4|6]

* FFRL Internet Exit: move IPv4 NAT address to a single dummy interface

* Roles service-bird[|-ffrl|-icvpn]: rework handlers

* Update some ipaddr filters

* Fix wrong IP subnet calculation in roles service-radvd + service-rclocal

* Role service-fastd-mesh: move peer limit to a separate file which isn't managed by ansible

* Role service-fastd: ensure fastd service is masked

* Role service-fastd-mesh: add systemd timer for fastd peer limit update script

* Update Readme.md

* Migrate nested dictionary `meshes` into a list of dictionaries

 - migrate dictionary `ipv6` into two simple lists
 - migrate dictionary `forward_zones` into a list

* Restructure fastd configuration to define multiple instances easily

 - introduce mesh subdictionary `fastd`
 - change fastd instance naming
 - change fastd network interface naming (identical with fastd instance
names)
 - change mac address prefixes

* Roles service-fastd-[mesh|intragate]: update role dependencies

* Role network-batman: update batman-ifaces due to fastd instance change

 - update README.md

* Role network-fastd: update README.md

* Readme.md: add control machine requirements

* Role service-fastd-mesh: fix typo in handler

* Role service-fastd: use own systemd unit fastd@.service

- original uses %I which does not escaping, so dashes will be replaced
by slashes
- use %i instead of %I

* Add role network-routing

- move static routes from role service-rclocal to scripts run by systemd
unit
- mv routing specific sysctl settings

* Use package module where possible instead of apt

* Remove unnecessary handlers

* Move all handlers to one single role

* Update Readme.md

* Move IP rules from role `service-rclocal` to role `network-routing`

- add scripts to configure and delete IP rules via a systemd unit
- delete role `service-rclocal`
- update README.md
- add new handler

* Role network-routing: fix typos in ffmwu-del-ip-rules.sh template

* Add role service-respondd

* Roles service-fastd-[intragate|mesh]: update mac prefixes due to fastd instances change

* Fix some whitespaces

* Ensure systemd units are started

* Add role service-nginx

* Add role service-nginx-firmware

* Add missing variables for role service-nginx-firmware

* Add roles service-nginx(-firmware) to playbook gateways

* Role service-nginx: add autoindex options to default vhost

* Flush handlers after configuring network interfaces

* Role service-respondd: also listen on fastd-interfaces

* Update fastd peer limit configuration

 * add list of legacy gateways (temporarily)
 * change backend-scripts branch to ansible
 * Role server-basic: ensure ffmwu config directory is present
 * Role service-fastd: add fastd-status script
 * role service-fastd-mesh: add templating for fastd peer limit
configuration

* Update Readme.md

* Lowercase all network interface names

* Inventory: add new gateway uffschnitt.freifunk-mwu.de

* Role server-repos: change ffmwu repo to stretch

* Role service-respondd: install python3 module dependency

* Role server-repos: remove universe-factory repo since fastd package is available in debian upstream

* Pretty format ansible.cfg

* Inventory host_vars: use single file instead of subfolder

* Role prerequisites: add cname asserts

* Role network-meshbridge: workaround to set mac address on boot and get ipv6 address configured correctly

* Playbook gateways: reorder roles

* Rename role server-repos to server-apt-repos

- Role server-apt-repos: add readme

* Role server-basic: add locale setting

* Roles service-fastd-mesh + service-fastd-intragate

- remove on-up|on-down stanzas from fastd.conf
- update readme

* Move dummy module from role kmod-batman to server-basic

* Roles service-fastd-[mesh|intragate]: reload networking on fastd instance start

* Rework passwordstore lookup handling in roles service-fastd-mesh und service-fastd-intragate

* Role service-tinc: rework passwordstore lookup

* Role network-iptables-gateway: fix freifunk bridge rules

* Role service-fastd-mesh: ensure fastd_status.json file is present; reorder nginx roles

* Role network-routing: add missing service dependency for ffmwu-static-routes service unit

* Role service-tinc: add task to enable post-merge script

* Add prometheus role (#9)
2017-12-05 05:59:06 +01:00

35 lines
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Ansible role service-bird
Diese Ansible role installiert und konfiguriert den bird daemon.
- installiert bird
- aktiviert systemd units bird + bird6
- schreibt bird.conf + bird6.conf
- konfiguriert bird für iBGP mit allen anderen FFMWU-Servern
Im iBGP peeren wir mangels separatem Transfernetz (im Moment) im Mainzer Mesh Netz.
## Benötigte Variablen
- Variable `bgp_loopback_net` # IPv4-Range des Mainzer Meshes, hieraus werden die Loopback Adressen gewählt.
- Variable `bgp_ipv4_transfer_net` # IPv4-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird.
- Variable `bgp_ipv6_transfer_net` # IPv6-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird.
- Variable `bgp_as_private_mwu` # Private ASN von Freifunk MWU
- Dictionary `bgp_mwu_servers`
```
spinat: # kurzer Hostname des Peers
ipv4: 10.37.0.7 # IPv4-Adresse des Peers
ipv6: fd37:b4dc:4b1e::a25:7 # IPv6-Adresse des Peers
...
```
- Dictionary `meshes`
´´´
meshes:
- id: xx
...
ipv4_network:
ipv6_ula:
- # IPv6-ULA Network
´´´
- Host Variable `magic`