Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- linux:ansible:ffmuc-rpb4-ol [27.09.2022 15:03. ] – [Templates] django
+++ linux:ansible:ffmuc-rpb4-ol [18.11.2024 18:58. ] (aktuell) – Externe Bearbeitung 127.0.0.1
@@ Zeile 11: / Zeile 11: @@
 ====== Inhalt ======
-<WRAP center round alert 30%>
-**ACHTUNG:** Artikel in Überarbeitung!!! **ACHTUNG:**
-</WRAP>
 <WRAP center round tip 90%>
@@ Zeile 896: / Zeile 891: @@
 === Rolle "wireguard" ===
 == Tasks ==
-<file java ~/ansible/roles/wireguard/tasks/main.yml>--- # Installation und Konfiguration von WIREGUARD
+<file c++ ~/ansible/roles/wireguard/tasks/main.yml>--- # Installation und Konfiguration von WIREGUARD
 - include: install.yml                  # Installation des wireguard-Paketes
 - include: genkeys.yml                  # Schlüsselmaterial erzeugen
 - include: genlinklocal.yml             # lokale link-local IPv6 Adresse generieren
 - include: configuration.yml            # Konfigurationsdatei kopieren und anpassen
 - include: brokerinform.yml             # Public-Key unseres Nodes an den Broker übermitteln
 - include: wireguardstart.yml           # Aktivierung des wireguard client-daemon
+- include: radv-filter.yml              # RADV-Filter setzen
 - include: checkup.yml                  # Wireguard überprüfen
-</file>
+... # YML Ende</file>
-<file java ~/ansible/roles/wireguard/tasks/install.yml>---
-  - name: "*wireguard* : Installation von wireguard"
-    # https://docs.ansible.com/ansible/latest/modules/apt_module.html
-    apt:
-      #update_cache: yes
-      pkg:
-       - wireguard
-      state: present
-</file>
-<file java ~/ansible/roles/wireguard/tasks/genkeys.yml>---
+<file c++ ~/ansible/roles/wireguard/tasks/install.yml>---
-  - name: "*wireguard* : Schlüsselmaterial erstellen"
-    # https://docs.ansible.com/ansible/latest/modules/shell_module.html
-    shell: /usr/bin/wg genkey | tee client_private.key | wg pubkey | tee client_public.key
-    args:
-      chdir: /etc/wireguard/
-      creates: client_private.key
-  - name: "*wireguard* : Zugriffsrechte des Private Keys anpassen"
+- name: "Installation von wireguard und iptables"
-    # https://docs.ansible.com/ansible/latest/modules/file_module.html
+  ansible.builtin.apt:
-    file:
+    pkg:
-      path: /etc/wireguard/client_private.key
+      - wireguard
-      mode: '0600'
+      - iptables
+    state: present
-  - name: "*wireguard* : Zugriffsrechte des Public Keys anpassen"
+...</file>
-    # https://docs.ansible.com/ansible/latest/modules/file_module.html
-    file:
-      path: /etc/wireguard/client_public.key
-      mode: '0600'
-</file>
-<file java ~/ansible/roles/wireguard/tasks/genlinklocal.yml>---
-  - name: "*wireguard* : lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen"
-    # https://docs.ansible.com/ansible/latest/modules/shell_module.html
-    shell: cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/'
-    register: wg_node_linklocal
-</file>
-<file java ~/ansible/roles/wireguard/tasks/configuration.yml>---
+<file c++ ~/ansible/roles/wireguard/tasks/genkeys.yml>---
-  - name: "*wireguard* : private-key einlesen und in Variable übergeben"
-    # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html
-    shell: cat /etc/wireguard/client_private.key
-    register: wg_client_privatekey
-  - name: "*wireguard* : public-key einlesen und in Variable übergeben"
+- name: "Schlüsselmaterial erstellen"
-    # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html
+  ansible.builtin.command:
-    shell: cat /etc/wireguard/client_public.key
+    cmd: /usr/bin/wg genkey | tee client_private.key | wg pubkey | tee client_public.key
-    register: wg_client_publickey
+  args:
+    chdir: /etc/wireguard/
+    creates: client_private.key
-  - name: "*wireguard* : Socket ermitteln"
+- name: "Zugriffsrechte des Private Keys anpassen"
-    # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/set_fact_module.html
+  ansible.builtin.file:
-    set_fact:
+    path: /etc/wireguard/client_private.key
-      ffmuc_wireguard_port: "{{ item.value }}"
+    mode: '0600'
-    loop: "{{ lookup('dict', wireguard_ports) }}"
-    when: "ffmuc_segment in item.key"
-  - name: "*wireguard* : link-local des Gateways ermitteln"
+- name: "Zugriffsrechte des Public Keys anpassen"
-    # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/set_fact_module.html
+  ansible.builtin.file:
-    set_fact:
+    path: /etc/wireguard/client_public.key
-      ffmuc_wireguard_linklocal: "{{ item.value }}"
+    mode: '0600'
-    loop: "{{ lookup('dict', gw_linklocal) }}"
-    when: "ffmuc_gateway in item.key"
-  - name: "*wireguard* : publickey des Gateways ermitteln"
+...</file>
-    # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/set_fact_module.html
-    set_fact:
-      ffmuc_wireguard_gwpubkey: "{{ item.value }}"
-    loop: "{{ lookup('dict', gw_publickey) }}"
-    when: "ffmuc_gateway in item.key"
-  - name: "*wireguard* : Konfigurationsdatei des wireguard-Tunnels erzeugen"
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
-    template:
-      src: templates/uplink.j2
-      dest: /etc/wireguard/wg-uplink.conf
-</file>
-<file java ~/ansible/roles/wireguard/tasks/brokerinform.yml>---
+<file c++ ~/ansible/roles/wireguard/tasks/genlinklocal.yml>---
-  - name: "*wireguard* : systemd unit file für broker -Information anlegen"
-     # https://docs.ansible.com/ansible/latest/modules/template_module.html
-    template:
-      src: templates/broker.j2
-      dest: /etc/systemd/system/broker.service
-  - name: "*wireguard* : Service broker starten beim Booten starten"
+- name: "lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen"
-    # https://docs.ansible.com/ansible/latest/modules/systemd_module.html
+  ansible.builtin.shell: |
-    systemd:
+    cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/'
-      name: broker
+  register: wg_node_linklocal
-      daemon_reload: yes
+  changed_when: false
-      state: started
-      enabled: yes
-</file>
-<file java ~/ansible/roles/wireguard/tasks/wireguardstart.yml>---
+...</file>
-  - name: "*wireguard* : Service wireguard via systemd startem"
-    # https://docs.ansible.com/ansible/latest/modules/systemd_module.html
-    systemd:
-      name: wg-quick@wg-uplink
-      daemon_reload: yes
-      state: started
-      enabled: yes
-</file>
-<file java ~/ansible/roles/wireguard/tasks/checkup.yml>---
+<file c++ ~/ansible/roles/wireguard/tasks/configuration.yml>---
-  - name: "*wireguard* : lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen"
-    # https://docs.ansible.com/ansible/latest/modules/shell_module.html
-    shell: cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/'
-    register: wg_node_linklocal
-  - name: "*wireguard* : checkupscript zum Testen der wireguard-Verbindung anlegen"
+- name: "private-key einlesen und in Variable übergeben"
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
+  ansible.builtin.command:
-    template:
+    cmd: cat /etc/wireguard/client_private.key
-      src: templates/checkup.j2
+  register: wg_client_privatekey
-      dest: /usr/local/bin/checkup
+  changed_when: false
-  - name: "*wireguard* : Ausführungsrechte des Bash-Scripts anpassen"
+- name: "public-key einlesen und in Variable übergeben"
-    # https://docs.ansible.com/ansible/latest/modules/file_module.html
+  ansible.builtin.command:
-    file:
+    cmd: cat /etc/wireguard/client_public.key
-      path: /usr/local/bin/checkup
+  register: wg_client_publickey
-      mode: '0740'
+  changed_when: false
-  - name: "*wireguard* : crontab für minütlichen checkup der wireguard-Verbindung anlegen"
+- name: "Socket ermitteln"
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
+  ansible.builtin.set_fact:
-    template:
+    ffmuc_wireguard_port: "{{ item.value }}"
-      src: templates/crontab.j2
+  loop: "{{ lookup('dict', wireguard_ports) }}"
-      dest: /etc/crontab
+  when: "ffmuc_segment in item.key"
- </file>
+- name: "link-local des Gateways ermitteln"
+  ansible.builtin.set_fact:
+    ffmuc_wireguard_linklocal: "{{ item.value }}"
+  loop: "{{ lookup('dict', gw_linklocal) }}"
+  when: "ffmuc_gateway in item.key"
+- name: "publickey des Gateways ermitteln"
+  ansible.builtin.set_fact:
+    ffmuc_wireguard_gwpubkey: "{{ item.value }}"
+  loop: "{{ lookup('dict', gw_publickey) }}"
+  when: "ffmuc_gateway in item.key"
+- name: "Konfigurationsdatei des wireguard-Tunnels erzeugen"
+  ansible.builtin.template:
+    src: templates/uplink.j2
+    dest: /etc/wireguard/wg-uplink.conf
+    owner: root
+    group: root
+    mode: '0644'
+...</file>
+<file c++ ~/ansible/roles/wireguard/tasks/brokerinform.yml>---
+- name: "systemd unit file für broker -Information anlegen"
+  ansible.builtin.template:
+    src: templates/broker.j2
+    dest: /etc/systemd/system/broker.service
+    owner: root
+    group: root
+    mode: '0644'
+- name: "Service broker starten beim Booten starten"
+  ansible.builtin.systemd:
+    name: broker
+    daemon_reload: true
+    state: started
+    enabled: true
+...</file>
+<file c++ ~/ansible/roles/wireguard/tasks/wireguardstart.yml>---
+- name: "Service wireguard via systemd starten"
+  ansible.builtin.systemd:
+    name: wg-quick@wg-uplink
+    daemon_reload: true
+    state: started
+    enabled: true
+...</file>
+<file c++ ~/ansible/roles/wireguard/tasks/radv-filter.yml>---
+- name: "Startsrcipt für der RADV-Filter anlegen"
+  template:
+    src: templates/radv-filter.j2
+    dest: /usr/local/bin/radv-filter
+    owner: root
+    group: root
+    mode: '0644'
+...</file>
+<file c++ ~/ansible/roles/wireguard/tasks/checkup.yml>---
+- name: "Lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen"
+  ansible.builtin.shell: |
+    cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/'
+  register: wg_node_linklocal
+  changed_when: false
+- name: "checkupscript zum Testen der wireguard-Verbindung anlegen"
+  ansible.builtin.template:
+    src: templates/checkup.j2
+    dest: /usr/local/bin/checkup
+    owner: root
+    group: root
+    mode: '0750'
+- name: "Ausführungsrechte des Bash-Scripts anpassen"
+  ansible.builtin.file:
+    path: /usr/local/bin/checkup
+    mode: '0740'
+- name: "crontab für minütlichen checkup der wireguard-Verbindung anlegen"
+  ansible.builtin.template:
+    src: templates/crontab.j2
+    dest: /etc/crontab
+    owner: root
+    group: root
+    mode: '0644'
+...</file>
 == Templates ==
-<file java ~/ansible/roles/wireguard/templates/broker.j2># Django : 2020-12-07
+<file c++ ~/ansible/roles/wireguard/templates/broker.j2># Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually!
 [Unit]
 # see man systemd.unit
 Description=Inform tunnel about our wireguard-public key
-Documentation=https://wiki.mailserver.guru/doku.php/centos:ansible:ffmuc-rpb4-ol
+Documentation=https://dokuwiki.nausch.org/doku.php/centos:ansible:ffmuc-rpb4-ol
 Before=wg-quick.target
@@ Zeile 1050: / Zeile 1082: @@
 [Install]
 WantedBy=default.target
 </file>
-<file java ~/ansible/roles/wireguard/templates/checkup.j2>#!/bin/bash
+<file c++ ~/ansible/roles/wireguard/templates/checkup.j2>#!/bin/bash
+# Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually!
 # Check connectivity to supernode
@@ Zeile 1073: / Zeile 1107: @@
         #logger -t checkuplink "wiregurad-tunnel is up an running : HTTP-statuscode: ${HTTP_STATUS_CODE}"
 fi
 </file>
-<file java ~/ansible/roles/wireguard/templates/crontab.j2># /etc/crontab: system-wide crontab
+<file c++ ~/ansible/roles/wireguard/templates/crontab.j2># Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually!
+# /etc/crontab: system-wide crontab
 # Unlike any other crontab you don't have to run the `crontab'
 # command to install the new version when you edit this file
@@ Zeile 1083: / Zeile 1119: @@
 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+MAILTO=""
 # Example of job definition:
@@ Zeile 1092: / Zeile 1130: @@
 # |  |  |  |  |
 # *  *  *  *  * user-name command to be executed
-*	* * *	root    cd / && run-parts --report /etc/cron.hourly
+*    * * *   root    cd / && run-parts --report /etc/cron.hourly
-6	* * *	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
+6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
-6	* * 7	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
+6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
-6	1 * *	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
+6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
 #
 # check wireguard-connection
-* * * * *	root	/usr/local/bin/checkup 2>&1 /dev/null
+-* * * * *      root    /usr/local/bin/checkup 2>&1 /dev/null
+# set firewall-role for RA-Filter
+-* * * * *       root    /usr/local/bin/radv-filter 2>&1 /dev/null
 </file>
-<file java ~/ansible/roles/wireguard/templates/uplink.j2>[Interface]
+<file c++ ~/ansible/roles/wireguard/templates/uplink.j2>[Interface]
 PrivateKey = {{ wg_client_privatekey.stdout }}
 Address = {{ wg_node_linklocal.stdout }}
@@ Zeile 1115: / Zeile 1156: @@
 === Rolle "vxlan" ===
-<file java ~/ansible/roles/vxlan/tasks/main.yml>--- # Installation und Konfiguration von VXLAN
+== Tasks ==
+<file c++ ~/ansible/roles/vxlan/tasks/main.yml>--- # Installation und Konfiguration von VXLAN
 - include: configure.yml                # VXLAN Konfigurieren
 - include: vxlanstart.yml               # Aktivierung des wireguard client-daemon
-</file>
+... # YML Ende</file>
-== Tasks ==
+<file c++ ~/ansible/roles/vxlan/tasks/configure.yml>---
-<file java ~/ansible/roles/vxlan/tasks/configure.yml>  - name: "*VXLAN* : Paketfilter anpassen - Eingehenden VXLAN Verkehr auf dem Mesh-Interface erlauben"
-    # https://docs.ansible.com/ansible/latest/modules/commans_module.html
-    command: ip6tables -I INPUT 1 -i wg-uplink -m udp -p udp --dport 8472 -j ACCEPT
-  - name: "*VXLAN* : VXLAN-ID des gewählten Segments ermitteln"
+- name: "Paketfilter anpassen - Eingehenden VXLAN Verkehr auf dem Mesh-Interface erlauben"
-    # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/set_fact_module.html
+  ansible.builtin.command: |
-    set_fact:
+    ip6tables -I INPUT 1 -i wg-uplink -m udp -p udp --dport 8472 -j ACCEPT
-      ffmuc_vxlan_id: "{{ item.value }}"
+  changed_when: false
-    loop: "{{ lookup('dict', gw_vxlan_ids) }}"
-    when: "ffmuc_segment in item.key"
-  - name: "*VXLAN* : link-local des Gateways ermitteln"
+- name: "VXLAN-ID des gewählten Segments ermitteln"
-    # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/set_fact_module.html
+  ansible.builtin.set_fact:
-    set_fact:
+    ffmuc_vxlan_id: "{{ item.value }}"
-      ffmuc_wireguard_linklocal: "{{ item.value }}"
+  loop: "{{ lookup('dict', gw_vxlan_ids) }}"
-    loop: "{{ lookup('dict', gw_linklocal) }}"
+  when: "ffmuc_segment in item.key"
-    when: "ffmuc_gateway in item.key"
-  - name: "*VXLAN* : lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen"
+- name: "link-local des Gateways ermitteln"
-    # https://docs.ansible.com/ansible/latest/modules/shell_module.html
+  ansible.builtin.set_fact:
-    shell: cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/'
+    ffmuc_wireguard_linklocal: "{{ item.value }}"
-    register: wg_node_linklocal
+  loop: "{{ lookup('dict', gw_linklocal) }}"
+  when: "ffmuc_gateway in item.key"
-  - name: "*VXLAN* : Startupdatei für VXLAN kopieren"
+- name: "lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen"
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
+  ansible.builtin.shell: |
-    template:
+    cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/'
-      src: templates/vxlan-init.j2
+  register: wg_node_linklocal
-      dest: /usr/local/bin/vxlan
+  changed_when: false
-  - name: "*VXLAN* : Ausführungsrechte des Bash-Scripts anpassen"
+- name: "Startupdatei für VXLAN kopieren"
-    # https://docs.ansible.com/ansible/latest/modules/file_module.html
+  template:
-    file:
+    src: templates/vxlan-init.j2
-      path: /usr/local/bin/vxlan
+    dest: /usr/local/bin/vxlan
-      mode: '0740'
+    owner: root
-</file>
+    group: root
+    mode: '0750'
-<file java ~/ansible/roles/vxlan/tasks/vxlanstart.yml>---
+...</file>
-  - name: "*VXLAN* : systemd-unitfile anlegen"
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
-    template:
+<file c++ ~/ansible/roles/vxlan/tasks/vxlanstart.yml>---
-      src: templates/systemd-service-file.j2
-      dest: /etc/systemd/system/vxlan.service
+- name: "systemd-unitfile anlegen"
+  ansible.builtin.template:
+    src: templates/systemd-service-file.j2
+    dest: /etc/systemd/system/vxlan.service
+    owner: root
+    group: root
+    mode: '0644'
+- name: "Neues Unitfile dem systemd bekannt geben"
+  ansible.builtin.systemd:
+    daemon_reload: true
+- name: "Service vxlan via systemd starten"
+  ansible.builtin.systemd:
+    name: vxlan.service
+    daemon_reload: true
+    state: started
+    enabled: true
+...</file>
-  - name: "*VXLAN* : Neues Unitfile dem systemd bekannt geben"
-    # https://docs.ansible.com/ansible/latest/modules/systemd_module.html
-    systemd:
-      daemon_reexec: yes
-  - name: "*VXLAN* : Service vxlan via systemd starten"
-    # https://docs.ansible.com/ansible/latest/modules/systemd_module.html
-    systemd:
-      name: vxlan.service
-      daemon_reload: yes
-      state: started
-      enabled: yes
-</file>
 == Templates ==
-<file java ~/ansible/roles/vxlan/templates/systemd-service-file.j2>[Unit]
+<file c++ ~/ansible/roles/vxlan/templates/systemd-service-file.j2># Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually!
+[Unit]
 # see man systemd.unit
 Description=Bringing up VXLAN Interface
-Documentation=https://wiki.mailserver.guru/doku.php/centos:ansible:ffmuc-rpb4-ol
+Documentation=https://dokuwiki.nausch.org/doku.php/centos:ansible:ffmuc-rpb4-ol
 After=wg-quick@wg-uplink.service
@@ Zeile 1193: / Zeile 1239: @@
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target</file>
-</file>
-<file bash ~/ansible/roles/vxlan/templates/vxlan-init.j2>#!/bin/bash
+<file c++ ~/ansible/roles/vxlan/templates/vxlan-init.j2>#!/bin/bash
+# Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually!
 # Bring up VXLAN
@@ Zeile 1208: / Zeile 1255: @@
 /usr/sbin/batctl hardif mesh-vpn throughput_override 10000
 </file>
 === Rolle "ext-respondd" ===
 == Tasks ==
-<file java ~/ansible/roles/ext-respondd/tasks/main.yml>--- # Installation und Konfiguration des ext-respondd (Statistiken für https://map.ffmuc.net)
+<file c++ ~/ansible/roles/ext-respondd/tasks/main.yml>--- # Installation und Konfiguration des ext-respondd (Statistiken für https://map.ffmuc.net)
 - include: gitinstall.yml               # Installation der Pakete git und python3-netifaces
 - include: gitclone.yml                 # Repo ext-respondd klonen
@@ Zeile 1222: / Zeile 1268: @@
 </file>
-<file java ~/ansible/roles/ext-respondd/tasks/aliasgenerate.yml>---
-  - name: "Erstellen der resondd Konfigurationsdatei alias.json"
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
-    template:
-      src: templates/ext-respondd_alias.json.j2
-      dest: /opt/ext-respondd/alias.json
-</file>
-<file java ~/ansible/roles/ext-respondd/tasks/configgenerate.yml>---
+<file c++ ~/ansible/roles/ext-respondd/tasks/gitinstall.yml>---
-  - name: "Erstellen der resondd Konfigurationsdatei config.json"
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
-    template:
-      src: templates/ext-respondd_config.json.j2
-      dest: /opt/ext-respondd/config.json
-</file>
-<file java ~/ansible/roles/ext-respondd/tasks/copyconfig.yml>---
+- name: "Installation der Pakete git und python3-netifaces"
-  - name: "Systemd Startdatei für respondd kopieren"
+  ansible.builtin.apt:
-    # https://docs.ansible.com/ansible/latest/modules/shell_module.html
+    update_cache: true
-    shell:
+    pkg:
-      cmd: cp /opt/ext-respondd/ext-respondd.service.example /etc/systemd/system/ext-respondd.service
+      - git
-</file>
+      - python3-netifaces
+    state: present
-<file java ~/ansible/roles/ext-respondd/tasks/gitclone.yml>---
+...</file>
-  - name: "Repo ext-respondd klonen"
-    # https://docs.ansible.com/ansible/latest/modules/git_module.html
-    git:
-      repo: https://github.com/freifunkMUC/ext-respondd
-      dest: /opt/ext-respondd/
-</file>
-<file java ~/ansible/roles/ext-respondd/tasks/gitinstall.yml>---
-  - name: "Installation der Pakete git und python3-netifaces"
-    # https://docs.ansible.com/ansible/latest/modules/apt_module.html
-    apt:
-      update_cache: yes
-      pkg:
-        - git
-        - python3-netifaces
-      state: present
-</file>
-<file java ~/ansible/roles/ext-respondd/tasks/servicestartup.yml>---
-  - name: "Service ext-respondd beim Booten starten"
+<file c++ ~/ansible/roles/ext-respondd/tasks/gitclone.yml>---
-    # https://docs.ansible.com/ansible/latest/modules/systemd_module.html
-    systemd:
+- name: "ggf. bestehende Altlast bereinigen"
-      name: ext-respondd
+  ansible.builtin.file:
-      daemon_reload: yes
+    path: /opt/ext-respondd
-      state: started
+    state: absent
-      enabled: yes
-</file>
+- name: "Repo ext-respondd klonen"
+  ansible.builtin.git:
+    repo: https://github.com/freifunkMUC/ext-respondd
+    dest: /opt/ext-respondd/
+    version: master
+    clone: true
+    update: true
+...</file>
+<file c++ ~/ansible/roles/ext-respondd/tasks/copyconfig.yml>---
+- name: "Systemd Startdatei für respondd kopieren"
+  ansible.builtin.copy:
+    src: /opt/ext-respondd/ext-respondd.service.example
+    dest: /etc/systemd/system/ext-respondd.service
+    remote_src: true
+     # cmd: cp /opt/ext-respondd/ext-respondd.service.example /etc/systemd/system/ext-respondd.service
+...</file>
+<file c++ ~/ansible/roles/ext-respondd/tasks/aliasgenerate.yml>---
+- name: "Erstellen der resondd Konfigurationsdatei alias.json"
+  ansible.builtin.template:
+    src: templates/ext-respondd_alias.json.j2
+    dest: /opt/ext-respondd/alias.json
+    owner: root
+    group: root
+    mode: '0644'
+...</file>
+<file c++ ~/ansible/roles/ext-respondd/tasks/configgenerate.yml>---
+- name: "Erstellen der resondd Konfigurationsdatei config.json"
+  ansible.builtin.template:
+    src: templates/ext-respondd_config.json.j2
+    dest: /opt/ext-respondd/config.json
+    owner: root
+    group: root
+    mode: '0644'
+...</file>
+<file c++ ~/ansible/roles/ext-respondd/tasks/bugfixing.yml>---
+- name: "Typo in der /opt/ext-respondd/lib/nodeinfo.py korrigieren"
+  ansible.builtin.replace:
+    path: /opt/ext-respondd/lib/nodeinfo.py
+    # zu ersetzende/korrigierende Zeile
+    regexp: 'Processor'
+    # wird ersetzt durch
+    replace: 'processor'
+...</file>
+<file c++ ~/ansible/roles/ext-respondd/tasks/servicestartup.yml>---
+- name: "Service ext-respondd beim Booten starten"
+  systemd:
+    name: ext-respondd
+    daemon_reload: true
+    state: started
+    enabled: true
+...</file>
 == Templates ==
-<file java ~/ansible/roles/ext-respondd/templates/ext-respondd_alias.json.j2>{
+<file c++ ~/ansible/roles/ext-respondd/templates/ext-respondd_alias.json.j2>{
   "nodeinfo": {
     "hostname": "{{ raspberry_hostname }}",
@@ Zeile 1294: / Zeile 1381: @@
   },
   "firstseen": "2019-08-14T12:34:56"
-}
+}</file>
-</file>
 <file java ~/ansible/roles/ext-respondd/templates/ext-respondd_config.json.j2>{
@@ Zeile 1304: / Zeile 1390: @@
   "rate_limit": 30,
   "rate_limit_burst": 10
-}
+}</file>
-</file>
 === Rolle "hostapd" ===
 == Tasks ==
-<file java ~/ansible/roles/hostapd/tasks/main.yml>--- # Installation und Konfiguration des hostap Treibers für den WiFi-Support
+<file c++ ~/ansible/roles/hostapd/tasks/main.yml>--- # Installation und Konfiguration des hostap Treibers für den WiFi-Support
 - include: install.yml                  # Paket hostapd für WLAN installieren
 - include: configure.yml                # hostapd konfigurieren
 - include: genconfig.yml                # hostapd Konfigurationsdatei anlegen
 - include: wlanbridging.yml             # wlan0 in Bridge packen
-- include: servicestartup.yml           # Service hostapd beim Booten und jetzt starten und das Laden der Unit Datei vom Service hostapd ermöglichen
+- include: servicestartup.yml           # Service hostapd beim Booten und jetzt starten
-</file>
+                                        # und so das Laden der Unit Datei vom Service
+                                        # hostapd ermöglichen
+... # YML Ende</file>
-<file java ~/ansible/roles/hostapd/tasks/configure.yml>---
-  - name: "hostapd konfigurieren"
-    # https://docs.ansible.com/ansible/latest/modules/shell_module.html
-    shell: echo 'DAEMON_OPTS="-d"' >> /etc/default/hostapd
-    when: ( raspberry_wifi == "ja" )
-</file>
-<file java ~/ansible/roles/hostapd/tasks/genconfig.yml>---
+<file c++ ~/ansible/roles/hostapd/tasks/install.yml>---
-  - name: "hostapd Konfigurationsdatei anlegen"
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
-    template:
-      src: templates/hostapd.j2
-      dest: /etc/hostapd/hostapd.conf
-    when: ( raspberry_wifi == "ja" )
-</file>
-<file java ~/ansible/roles/hostapd/tasks/install.yml>---
+- name: "Paket hostapd für WLAN installieren"
-  - name: "Paket hostapd für WLAN installieren"
+  ansible.builtin.apt:
-    # https://docs.ansible.com/ansible/latest/modules/apt_module.html
+    update_cache: true
-    apt:
+    pkg:
-      update_cache: yes
+      - hostapd
-      pkg:
+    state: present
-        - hostapd
-      state: present
+...</file>
-    when: ( raspberry_wifi == "ja" )
-</file>
+<file c++ ~/ansible/roles/hostapd/tasks/configure.yml>---
+- name: "hostapd konfigurieren"
+  ansible.builtin.command: |
+    echo 'DAEMON_OPTS="-d"' >> /etc/default/hostapd
+  changed_when: false
+...</file>
+<file c++ ~/ansible/roles/hostapd/tasks/genconfig.yml>---
+- name: "hostapd Konfigurationsdatei anlegen"
+  ansible.builtin.template:
+    src: templates/hostapd.j2
+    dest: /etc/hostapd/hostapd.conf
+    owner: root
+    group: root
+    mode: '0644'
+...</file>
+<file c++ ~/ansible/roles/hostapd/tasks/wlanbridging.yml>---
+- name: "wlan0 in Bridge packen"
+  template:
+    src: templates/rclocal_wifi.j2
+    dest: /etc/rc.local
+    owner: root
+    group: root
+    mode: '0750'
+...</file>
+<file c++ ~/ansible/roles/hostapd/tasks/servicestartup.yml>---
+- name: "Service hostapd beim Booten und jetzt starten und das Laden der Unit Datei vom Service hostapd ermöglichen"
+  ansible.builtin.systemd:
+    name: hostapd
+    enabled: true
+    masked: false
+    state: started
+...</file>
-<file java ~/ansible/roles/hostapd/tasks/servicestartup.yml>---
-  - name: "Service hostapd beim Booten und jetzt starten und das Laden der Unit Datei vom Service hostapd ermöglichen"
-    # https://docs.ansible.com/ansible/latest/modules/systemd_module.html
-    systemd:
-      name: hostapd
-      enabled: yes
-      masked: no
-      state: started
-    when: ( raspberry_wifi == "ja" )
-</file>
-<file java ~/ansible/roles/hostapd/tasks/wlanbridging.yml>---
-  - name: "wlan0 in Bridge packen"
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
-    template:
-      src: templates/rclocal_wifi.j2
-      dest: /etc/rc.local
-    when: ( raspberry_wifi == "ja" )
-</file>
 == Templates ==
-<file java ~/ansible/roles/hostapd/templates/hostapd.j2>ssid=muenchen.freifunk.net/{{ ffmuc_segment }}
+<file c++ ~/ansible/roles/hostapd/templates/hostapd.j2>ssid=muenchen.freifunk.net/{{ ffmuc_segment }}
 country_code=US
@@ Zeile 1396: / Zeile 1497: @@
 vht_oper_chwidth=1
 channel=36
-vht_oper_centr_freq_seg0_idx=42
+vht_oper_centr_freq_seg0_idx=42</file>
-</file>
 <file java ~/ansible/roles/hostapd/templates/rclocal_wifi.j2>#!/bin/sh -e
+# Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually!
 #
 # rc.local
@@ Zeile 1418: / Zeile 1520: @@
 fi
 sleep 10; /sbin/brctl addif br-{{ ffmuc_segment }} wlan0
-exit 0
+exit 0</file>
-</file>
 === Rolle "client-mesh" ===
 == Tasks ==
-<file java ~/ansible/roles/client-mesh/tasks/main.yml>--- # Grundkonfiguration von Client und/oder Meshing (V)LANs
+<file c++ ~/ansible/roles/client-mesh/tasks/main.yml>--- # Grundkonfiguration von Client und/oder Meshing (V)LANs
 - include: clientohnemesh.yml           # Konfiguration des Client-VLAN ohne Mesh-Netz
 - include: getvxlanid.yml               # vxlan_id für ausgewähltes Segment ermitteln
@@ Zeile 1431: / Zeile 1532: @@
 - include: batmanohnewifi.yml           # Konfiguration des bevorzugte Meshingpoint in BATMAN_V ohne Wifi-Nutzung
 - include: batmanmitwifi.yml            # Konfiguration des bevorzugte Meshingpoint in BATMAN_V mit Wifi-Nutzung
-</file>
+... # YML Ende</file>
-<file java ~/ansible/roles/client-mesh/tasks/batmanmitwifi.yml>---
-  - name: "Konfiguration des bevorzugte Meshingpoint in BATMAN_V mit Wifi-Nutzung"
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
-    template:
-      src: templates/rclocal_both.j2
-      dest: /etc/rc.local
-    when: ( raspberry_meshvlan|length > 0 ) and ( raspberry_wifi == "ja" )
-</file>
-<file java  ~/ansible/roles/client-mesh/tasks/batmanohnewifi.yml>---
+<file c++ ~/ansible/roles/client-mesh/tasks/clientohnemesh.yml>---
-  - name: "Konfiguration des bevorzugte Meshingpoint in BATMAN_V ohne Wifi-Nutzung"
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
-    template:
-      src: templates/rclocal_vxlan.j2
-      dest: /etc/rc.local
-    when: ( raspberry_meshvlan|length > 0 ) and ( raspberry_wifi != "ja" )
-</file>
-<file java ~/ansible/roles/client-mesh/tasks/clientohnemesh.yml>django@Djangos-ThinkPad-X230:~$ cat ~/ansible/roles/client-mesh/tasks/clientohnemesh.yml
+- name: "Konfiguration des Client-VLAN ohne Mesh-Netz"
----
+  ansible.builtin.template:
-  - name: "Konfiguration des Client-VLAN ohne Mesh-Netz"
+    src: templates/interfaces_client_ohne_mesh.j2
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
+    dest: /etc/network/interfaces
-    template:
+    owner: root
-      src: templates/interfaces_client_ohne_mesh.j2
+    group: root
-      dest: /etc/network/interfaces
+    mode: '0640'
-    when: ( raspberry_clientvlan|length > 0 ) and ( raspberry_meshvlan|length == 0 )
+  when: ( raspberry_clientvlan|length > 0 ) and ( raspberry_meshvlan|length == 0 )
-</file>
-<file java  ~/ansible/roles/client-mesh/tasks/getvxlanid.yml>---
+...</file>
-  - name: "vxlan_id für ausgewähltes Segment ermitteln"
-    # https://docs.ansible.com/ansible/latest/modules/set_fact_module.html
-    set_fact:
-      ffmuc_vxlan_id: "{{ item.value }}"
-    loop: "{{ lookup('dict', vxlan_ids) }}"
-    when: "ffmuc_segment in item.key"
-</file>
-<file java ~/ansible/roles/client-mesh/tasks/meshohneclient.yml>---
+<file c++ ~/ansible/roles/client-mesh/tasks/getvxlanid.yml>---
-  - name: "Konfiguration des Mesh-VLAN ohne Client-VLAN"
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
-    template:
-      src: templates/interfaces_mesh_ohne_client.j2
-      dest: /etc/network/interfaces
-    when: ( raspberry_clientvlan|length == 0 ) and ( raspberry_meshvlan|length > 0 )
-</file>
-<file java  ~/ansible/roles/client-mesh/tasks/meshundclient.yml>---
+- name: "vxlan_id für ausgewähltes Segment ermitteln"
-  - name: "Konfiguration von Mesh- und Client-VLAN"
+  ansible.builtin.set_fact:
-    # https://docs.ansible.com/ansible/latest/modules/template_module.html
+    ffmuc_vxlan_id: "{{ item.value }}"
-    template:
+  loop: "{{ lookup('dict', vxlan_ids) }}"
-      src: templates/interfaces_mesh_mit_client.j2
+  when: "ffmuc_segment in item.key"
-      dest: /etc/network/interfaces
-    when: ( raspberry_clientvlan|length > 0 ) and ( raspberry_meshvlan|length > 0 )
+...</file>
-</file>
+<file c++ ~/ansible/roles/client-mesh/tasks/meshohneclient.yml>---
+- name: "Konfiguration des Mesh-VLAN ohne Client-VLAN"
+  ansible.builtin.template:
+    src: templates/interfaces_mesh_ohne_client.j2
+    dest: /etc/network/interfaces
+    owner: root
+    group: root
+    mode: '0640'
+  when: ( raspberry_clientvlan|length == 0 ) and ( raspberry_meshvlan|length > 0 )
+...</file>
+<file c++ ~/ansible/roles/client-mesh/tasks/meshundclient.yml>---
+- name: "Konfiguration von Mesh- und Client-VLAN"
+  ansible.builtin.template:
+    src: templates/interfaces_mesh_mit_client.j2
+    dest: /etc/network/interfaces
+    owner: root
+    group: root
+    mode: '0640'
+  when: ( raspberry_clientvlan|length > 0 ) and ( raspberry_meshvlan|length > 0 )
+...</file>
+<file c++  ~/ansible/roles/client-mesh/tasks/batmanohnewifi.yml>---
+- name: "Konfiguration des bevorzugte Meshingpoint in BATMAN_V ohne Wifi-Nutzung"
+  ansible.builtin.template:
+    src: templates/rclocal_vxlan.j2
+    dest: /etc/rc.local
+    owner: root
+    group: root
+    mode: '0750'
+  when: ( raspberry_meshvlan|length > 0 ) and ( raspberry_wifi != "true" )
+...</file>
+<file c++ ~/ansible/roles/client-mesh/tasks/batmanmitwifi.yml>---
+- name: "Konfiguration des bevorzugte Meshingpoint in BATMAN_V mit Wifi-Nutzung"
+  ansible.builtin.template:
+    src: templates/rclocal_both.j2
+    dest: /etc/rc.local
+    owner: root
+    group: root
+    mode: '0750'
+  when: ( raspberry_meshvlan|length > 0 ) and ( raspberry_wifi == "true" )
+...</file>
 == Templates ==
-<file java ~/ansible/roles/client-mesh/templates/interfaces_client_ohne_mesh.j2># interfaces(5) file used by ifup(8) and ifdown(8)
+<file c++ ~/ansible/roles/client-mesh/templates/interfaces_client_ohne_mesh.j2># Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually!
+# interfaces(5) file used by ifup(8) and ifdown(8)
 # Please note that this file is written to be used with dhcpcd
@@ Zeile 1514: / Zeile 1639: @@
         pre-up /usr/sbin/batctl meshif bat-{{ ffmuc_segment }} gw_mode client
         pre-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev bat-{{ ffmuc_segment }}
-        post-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev br-{{ ffmuc_segment }}
+        post-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev br-{{ ffmuc_segment }}</file>
-</file>
-<file java ~/ansible/roles/client-mesh/templates/interfaces_mesh_mit_client.j2># interfaces(5) file used by ifup(8) and ifdown(8)
+<file c++ ~/ansible/roles/client-mesh/templates/interfaces_mesh_mit_client.j2># Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually!
+# interfaces(5) file used by ifup(8) and ifdown(8)
 # Please note that this file is written to be used with dhcpcd
@@ Zeile 1554: / Zeile 1680: @@
 </file>
-<file java ~/ansible/roles/client-mesh/templates/interfaces_mesh_ohne_client.j2># interfaces(5) file used by ifup(8) and ifdown(8)
+<file java ~/ansible/roles/client-mesh/templates/interfaces_mesh_ohne_client.j2># Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually!
+# interfaces(5) file used by ifup(8) and ifdown(8)
 # Please note that this file is written to be used with dhcpcd
@@ Zeile 1585: / Zeile 1713: @@
         pre-up /usr/sbin/batctl meshif bat-{{ ffmuc_segment }} gw_mode client
         pre-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev bat-{{ ffmuc_segment }}
-        post-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev br-{{ ffmuc_segment }}
+        post-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev br-{{ ffmuc_segment }}</file>
-</file>
 <file bash ~/ansible/roles/client-mesh/templates/rclocal_both.j2>#!/bin/sh -e
+# Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually!
 #
 # rc.local
@@ Zeile 1608: / Zeile 1737: @@
 sleep 10; /sbin/brctl addif br-{{ ffmuc_segment }} wlan0
 /usr/sbin/batctl hardif mesh-vpn throughput_override 10000
-exit 0
+exit 0</file>
-</file>
 <file bash ~/ansible/roles/client-mesh/templates/rclocal_vxlan.j2>#!/bin/sh -e
+# Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually!
 #
 # rc.local
@@ Zeile 1630: / Zeile 1760: @@
 fi
 /usr/sbin/batctl hardif mesh-vpn throughput_override 10000
-exit 0
+exit 0</file>
-</file>
+/*
 === Rolle "oled" ===
 == Tasks ==
@@ Zeile 2059: / Zeile 2188: @@
 # see man systemd.unit
 Description=Starting OLED-Trafic output
-Documentation=https://wiki.mailserver.guru/doku.php/centos:ansible:ffmuc-rpb4-ol
+Documentation=https://dokuwiki.nausch.org/doku.php/centos:ansible:ffmuc-rpb4-ol
 After=network.target
@@ Zeile 2072: / Zeile 2201: @@
 </file>
+*/
 === Rolle "final" ===
 == Tasks ==
 <file java ~/ansible/roles/final/tasks/main.yml>--- # Reboot nach Abschluss der Konfiguration unseres Offloaders
-- include: reboot.yml                   # /etc/hosts anpassen
+- include: reboot.yml                   # abschließender Reboot nach Fertigstellung
-... #YAML Ende Syntax
+... # YML Ende</file>
-</file>
 <file java ~/ansible/roles/final/tasks/reboot.yml>---
-  - name: "Reboot nach Abschluss der Konfiguration unseres Offloaders"
-    # https://docs.ansible.com/ansible/latest/modules/reboot_module.html
+- name: "Reboot nach Abschluss der Konfiguration unseres Offloaders"
-    reboot:
+  ansible.builtin.reboot:
-</file>
+...</file>
 ==== Download des auf Debian Buster basierenden Raspbian ====
@@ Zeile 2208: / Zeile 2339: @@
 Hier werden die zur Konfiguration benötigten Parameter nicht beim Aufruf des Playbooks abgefragt, sondern in zugehörigen **[[#inventory-definition|Inventory-Datei]]** hinterlegt. Das ist im ersten Schritt für den ungeübten Ansible-Nutzer zwar augenscheinlich aufwändiger, hat aber den Vorteil, dass man die zur Konfiguration benötigten Parameter immer sofort "zur Hand" hat.
-In den Zeilen **''55 bis 64''** sind diese Parameter entsprechend zu hinterlegen.
+In der Host-spezifischen Konfigurationsdatei  sind diese Parameter entsprechend zu hinterlegen. Folgendes Beispiel zeigt dies für den Host mit dem Namen **rpb4-ol-b** aus dem Inventory.
-   $ vim ~/ansible/inventories/production/hosts.yml +54
+   $ vim ~/ansible/inventories/production/host_vars/rpb4-ol-b/individual_host_specification
+<code># IP-Adresse unseres Raspberry in unserem eigenen lokalen Netzwerk
+# stationäre schwarzes Plastikgehäuse Raspberry 4B mit PoE-HAT und Display
+# MAC: dc:a6:32:22:f0:f2
+ansible_ssh_host: 192.168.0.22
+ansible_port: 22
+ansible_user: pi
+ansible_ssh_private_key_file: ~/.ssh/id_ed25519_freifunk
+#
+batman_adv_version: "2022.1"
+ffmuc_segment: "muc_ost"
+ffmuc_gateway: "gw06"
+raspberry_hostname: "ff_pliening_rpb4_ol_v6"
+node_contact_address: "hier entlang => https://bit.ly/2VxGoXp"
+raspberry_latitude: "48.198757565"
+raspberry_longitude: "11.798020899"
+raspberry_wifi: "true"
+raspberry_clientvlan: "4"
+raspberry_meshvlan: "2"
+raspberry_oled: "false"</code>
-<code> 54     batman_adv_version:   "2020.4"
+Diese passen wir natürlich noch auf unsere lokale Umgebung hin an.
-     ffmuc_segment:        "muc_ost"
-     ffmuc_gateway:        "gw04"
-     raspberry_hostname:   "raspbian-ansible-offloader"
-     node_contact_address: "https://bit.ly/2VxGoXp"
-     raspberry_latitude:   "48.239094621"
-     raspberry_longitude:  "11.558936834"
-     raspberry_wifi:       "ja"
-     raspberry_clientvlan: "123"
-     raspberry_meshvlan:   "456"
-     raspberry_oled:       "ja"</code>
 === Playbook Lauf ===
@@ Zeile 2544: / Zeile 2685: @@
   * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]**
   * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**