| Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung |
| linux:ansible:ffmuc-rpb4-ol [27.09.2022 15:03. ] – [Templates] django | linux:ansible:ffmuc-rpb4-ol [27.09.2022 15:47. ] (aktuell) – [Inhalt] django |
|---|
| |
| ====== Inhalt ====== | ====== Inhalt ====== |
| |
| <WRAP center round alert 30%> | |
| **ACHTUNG:** Artikel in Überarbeitung!!! **ACHTUNG:** | |
| </WRAP> | |
| |
| |
| <WRAP center round tip 90%> | <WRAP center round tip 90%> |
| === Rolle "wireguard" === | === Rolle "wireguard" === |
| == Tasks == | == Tasks == |
| <file java ~/ansible/roles/wireguard/tasks/main.yml>--- # Installation und Konfiguration von WIREGUARD | <file c++ ~/ansible/roles/wireguard/tasks/main.yml>--- # Installation und Konfiguration von WIREGUARD |
| - include: install.yml # Installation des wireguard-Paketes | - include: install.yml # Installation des wireguard-Paketes |
| - include: genkeys.yml # Schlüsselmaterial erzeugen | - include: genkeys.yml # Schlüsselmaterial erzeugen |
| - include: genlinklocal.yml # lokale link-local IPv6 Adresse generieren | - include: genlinklocal.yml # lokale link-local IPv6 Adresse generieren |
| - include: configuration.yml # Konfigurationsdatei kopieren und anpassen | - include: configuration.yml # Konfigurationsdatei kopieren und anpassen |
| - include: brokerinform.yml # Public-Key unseres Nodes an den Broker übermitteln | - include: brokerinform.yml # Public-Key unseres Nodes an den Broker übermitteln |
| - include: wireguardstart.yml # Aktivierung des wireguard client-daemon | - include: wireguardstart.yml # Aktivierung des wireguard client-daemon |
| | - include: radv-filter.yml # RADV-Filter setzen |
| - include: checkup.yml # Wireguard überprüfen | - include: checkup.yml # Wireguard überprüfen |
| </file> | ... # YML Ende</file> |
| |
| <file java ~/ansible/roles/wireguard/tasks/install.yml>--- | |
| - name: "*wireguard* : Installation von wireguard" | |
| # https://docs.ansible.com/ansible/latest/modules/apt_module.html | |
| apt: | |
| #update_cache: yes | |
| pkg: | |
| - wireguard | |
| state: present | |
| </file> | |
| |
| <file java ~/ansible/roles/wireguard/tasks/genkeys.yml>--- | <file c++ ~/ansible/roles/wireguard/tasks/install.yml>--- |
| - name: "*wireguard* : Schlüsselmaterial erstellen" | |
| # https://docs.ansible.com/ansible/latest/modules/shell_module.html | |
| shell: /usr/bin/wg genkey | tee client_private.key | wg pubkey | tee client_public.key | |
| args: | |
| chdir: /etc/wireguard/ | |
| creates: client_private.key | |
| |
| - name: "*wireguard* : Zugriffsrechte des Private Keys anpassen" | - name: "Installation von wireguard und iptables" |
| # https://docs.ansible.com/ansible/latest/modules/file_module.html | ansible.builtin.apt: |
| file: | pkg: |
| path: /etc/wireguard/client_private.key | - wireguard |
| mode: '0600' | - iptables |
| | state: present |
| |
| - name: "*wireguard* : Zugriffsrechte des Public Keys anpassen" | ...</file> |
| # https://docs.ansible.com/ansible/latest/modules/file_module.html | |
| file: | |
| path: /etc/wireguard/client_public.key | |
| mode: '0600' | |
| </file> | |
| |
| <file java ~/ansible/roles/wireguard/tasks/genlinklocal.yml>--- | |
| - name: "*wireguard* : lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen" | |
| # https://docs.ansible.com/ansible/latest/modules/shell_module.html | |
| shell: cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/' | |
| register: wg_node_linklocal | |
| </file> | |
| |
| <file java ~/ansible/roles/wireguard/tasks/configuration.yml>--- | <file c++ ~/ansible/roles/wireguard/tasks/genkeys.yml>--- |
| - name: "*wireguard* : private-key einlesen und in Variable übergeben" | |
| # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html | |
| shell: cat /etc/wireguard/client_private.key | |
| register: wg_client_privatekey | |
| |
| - name: "*wireguard* : public-key einlesen und in Variable übergeben" | - name: "Schlüsselmaterial erstellen" |
| # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html | ansible.builtin.command: |
| shell: cat /etc/wireguard/client_public.key | cmd: /usr/bin/wg genkey | tee client_private.key | wg pubkey | tee client_public.key |
| register: wg_client_publickey | args: |
| | chdir: /etc/wireguard/ |
| | creates: client_private.key |
| |
| - name: "*wireguard* : Socket ermitteln" | - name: "Zugriffsrechte des Private Keys anpassen" |
| # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/set_fact_module.html | ansible.builtin.file: |
| set_fact: | path: /etc/wireguard/client_private.key |
| ffmuc_wireguard_port: "{{ item.value }}" | mode: '0600' |
| loop: "{{ lookup('dict', wireguard_ports) }}" | |
| when: "ffmuc_segment in item.key" | |
| |
| - name: "*wireguard* : link-local des Gateways ermitteln" | - name: "Zugriffsrechte des Public Keys anpassen" |
| # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/set_fact_module.html | ansible.builtin.file: |
| set_fact: | path: /etc/wireguard/client_public.key |
| ffmuc_wireguard_linklocal: "{{ item.value }}" | mode: '0600' |
| loop: "{{ lookup('dict', gw_linklocal) }}" | |
| when: "ffmuc_gateway in item.key" | |
| |
| - name: "*wireguard* : publickey des Gateways ermitteln" | ...</file> |
| # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/set_fact_module.html | |
| set_fact: | |
| ffmuc_wireguard_gwpubkey: "{{ item.value }}" | |
| loop: "{{ lookup('dict', gw_publickey) }}" | |
| when: "ffmuc_gateway in item.key" | |
| |
| - name: "*wireguard* : Konfigurationsdatei des wireguard-Tunnels erzeugen" | |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | |
| template: | |
| src: templates/uplink.j2 | |
| dest: /etc/wireguard/wg-uplink.conf | |
| </file> | |
| |
| <file java ~/ansible/roles/wireguard/tasks/brokerinform.yml>--- | <file c++ ~/ansible/roles/wireguard/tasks/genlinklocal.yml>--- |
| - name: "*wireguard* : systemd unit file für broker -Information anlegen" | |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | |
| template: | |
| src: templates/broker.j2 | |
| dest: /etc/systemd/system/broker.service | |
| |
| - name: "*wireguard* : Service broker starten beim Booten starten" | - name: "lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen" |
| # https://docs.ansible.com/ansible/latest/modules/systemd_module.html | ansible.builtin.shell: | |
| systemd: | cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/' |
| name: broker | register: wg_node_linklocal |
| daemon_reload: yes | changed_when: false |
| state: started | |
| enabled: yes | |
| </file> | |
| |
| <file java ~/ansible/roles/wireguard/tasks/wireguardstart.yml>--- | ...</file> |
| - name: "*wireguard* : Service wireguard via systemd startem" | |
| # https://docs.ansible.com/ansible/latest/modules/systemd_module.html | |
| systemd: | |
| name: wg-quick@wg-uplink | |
| daemon_reload: yes | |
| state: started | |
| enabled: yes | |
| </file> | |
| |
| <file java ~/ansible/roles/wireguard/tasks/checkup.yml>--- | <file c++ ~/ansible/roles/wireguard/tasks/configuration.yml>--- |
| - name: "*wireguard* : lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen" | |
| # https://docs.ansible.com/ansible/latest/modules/shell_module.html | |
| shell: cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/' | |
| register: wg_node_linklocal | |
| |
| - name: "*wireguard* : checkupscript zum Testen der wireguard-Verbindung anlegen" | - name: "private-key einlesen und in Variable übergeben" |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | ansible.builtin.command: |
| template: | cmd: cat /etc/wireguard/client_private.key |
| src: templates/checkup.j2 | register: wg_client_privatekey |
| dest: /usr/local/bin/checkup | changed_when: false |
| |
| - name: "*wireguard* : Ausführungsrechte des Bash-Scripts anpassen" | - name: "public-key einlesen und in Variable übergeben" |
| # https://docs.ansible.com/ansible/latest/modules/file_module.html | ansible.builtin.command: |
| file: | cmd: cat /etc/wireguard/client_public.key |
| path: /usr/local/bin/checkup | register: wg_client_publickey |
| mode: '0740' | changed_when: false |
| |
| - name: "*wireguard* : crontab für minütlichen checkup der wireguard-Verbindung anlegen" | - name: "Socket ermitteln" |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | ansible.builtin.set_fact: |
| template: | ffmuc_wireguard_port: "{{ item.value }}" |
| src: templates/crontab.j2 | loop: "{{ lookup('dict', wireguard_ports) }}" |
| dest: /etc/crontab | when: "ffmuc_segment in item.key" |
| </file> | |
| | - name: "link-local des Gateways ermitteln" |
| | ansible.builtin.set_fact: |
| | ffmuc_wireguard_linklocal: "{{ item.value }}" |
| | loop: "{{ lookup('dict', gw_linklocal) }}" |
| | when: "ffmuc_gateway in item.key" |
| | |
| | - name: "publickey des Gateways ermitteln" |
| | ansible.builtin.set_fact: |
| | ffmuc_wireguard_gwpubkey: "{{ item.value }}" |
| | loop: "{{ lookup('dict', gw_publickey) }}" |
| | when: "ffmuc_gateway in item.key" |
| | |
| | - name: "Konfigurationsdatei des wireguard-Tunnels erzeugen" |
| | ansible.builtin.template: |
| | src: templates/uplink.j2 |
| | dest: /etc/wireguard/wg-uplink.conf |
| | owner: root |
| | group: root |
| | mode: '0644' |
| | |
| | ...</file> |
| | |
| | |
| | <file c++ ~/ansible/roles/wireguard/tasks/brokerinform.yml>--- |
| | |
| | - name: "systemd unit file für broker -Information anlegen" |
| | ansible.builtin.template: |
| | src: templates/broker.j2 |
| | dest: /etc/systemd/system/broker.service |
| | owner: root |
| | group: root |
| | mode: '0644' |
| | |
| | - name: "Service broker starten beim Booten starten" |
| | ansible.builtin.systemd: |
| | name: broker |
| | daemon_reload: true |
| | state: started |
| | enabled: true |
| | |
| | ...</file> |
| | |
| | |
| | <file c++ ~/ansible/roles/wireguard/tasks/wireguardstart.yml>--- |
| | |
| | - name: "Service wireguard via systemd starten" |
| | ansible.builtin.systemd: |
| | name: wg-quick@wg-uplink |
| | daemon_reload: true |
| | state: started |
| | enabled: true |
| | |
| | ...</file> |
| | |
| | |
| | <file c++ ~/ansible/roles/wireguard/tasks/radv-filter.yml>--- |
| | |
| | - name: "Startsrcipt für der RADV-Filter anlegen" |
| | template: |
| | src: templates/radv-filter.j2 |
| | dest: /usr/local/bin/radv-filter |
| | owner: root |
| | group: root |
| | mode: '0644' |
| | |
| | ...</file> |
| | |
| | |
| | <file c++ ~/ansible/roles/wireguard/tasks/checkup.yml>--- |
| | |
| | - name: "Lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen" |
| | ansible.builtin.shell: | |
| | cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/' |
| | register: wg_node_linklocal |
| | changed_when: false |
| | |
| | - name: "checkupscript zum Testen der wireguard-Verbindung anlegen" |
| | ansible.builtin.template: |
| | src: templates/checkup.j2 |
| | dest: /usr/local/bin/checkup |
| | owner: root |
| | group: root |
| | mode: '0750' |
| | |
| | - name: "Ausführungsrechte des Bash-Scripts anpassen" |
| | ansible.builtin.file: |
| | path: /usr/local/bin/checkup |
| | mode: '0740' |
| | |
| | - name: "crontab für minütlichen checkup der wireguard-Verbindung anlegen" |
| | ansible.builtin.template: |
| | src: templates/crontab.j2 |
| | dest: /etc/crontab |
| | owner: root |
| | group: root |
| | mode: '0644' |
| | |
| | ...</file> |
| |
| == Templates == | == Templates == |
| <file java ~/ansible/roles/wireguard/templates/broker.j2># Django : 2020-12-07 | <file c++ ~/ansible/roles/wireguard/templates/broker.j2># Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually! |
| [Unit] | [Unit] |
| # see man systemd.unit | # see man systemd.unit |
| [Install] | [Install] |
| WantedBy=default.target | WantedBy=default.target |
| | |
| </file> | </file> |
| |
| <file java ~/ansible/roles/wireguard/templates/checkup.j2>#!/bin/bash | <file c++ ~/ansible/roles/wireguard/templates/checkup.j2>#!/bin/bash |
| | # Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually! |
| |
| # Check connectivity to supernode | # Check connectivity to supernode |
| #logger -t checkuplink "wiregurad-tunnel is up an running : HTTP-statuscode: ${HTTP_STATUS_CODE}" | #logger -t checkuplink "wiregurad-tunnel is up an running : HTTP-statuscode: ${HTTP_STATUS_CODE}" |
| fi | fi |
| | |
| </file> | </file> |
| |
| <file java ~/ansible/roles/wireguard/templates/crontab.j2># /etc/crontab: system-wide crontab | <file c++ ~/ansible/roles/wireguard/templates/crontab.j2># Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually! |
| | # /etc/crontab: system-wide crontab |
| # Unlike any other crontab you don't have to run the `crontab' | # Unlike any other crontab you don't have to run the `crontab' |
| # command to install the new version when you edit this file | # command to install the new version when you edit this file |
| SHELL=/bin/sh | SHELL=/bin/sh |
| PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin |
| | |
| | MAILTO="" |
| |
| # Example of job definition: | # Example of job definition: |
| # | | | | | | # | | | | | |
| # * * * * * user-name command to be executed | # * * * * * user-name command to be executed |
| 17 * * * * root cd / && run-parts --report /etc/cron.hourly | 17 * * * * root cd / && run-parts --report /etc/cron.hourly |
| 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) | 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) |
| 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) | 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) |
| 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) | 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) |
| # | # |
| |
| # check wireguard-connection | # check wireguard-connection |
| * * * * * root /usr/local/bin/checkup 2>&1 /dev/null | -* * * * * root /usr/local/bin/checkup 2>&1 /dev/null |
| | |
| | # set firewall-role for RA-Filter |
| | -* * * * * root /usr/local/bin/radv-filter 2>&1 /dev/null |
| </file> | </file> |
| |
| <file java ~/ansible/roles/wireguard/templates/uplink.j2>[Interface] | <file c++ ~/ansible/roles/wireguard/templates/uplink.j2>[Interface] |
| PrivateKey = {{ wg_client_privatekey.stdout }} | PrivateKey = {{ wg_client_privatekey.stdout }} |
| Address = {{ wg_node_linklocal.stdout }} | Address = {{ wg_node_linklocal.stdout }} |
| |
| === Rolle "vxlan" === | === Rolle "vxlan" === |
| <file java ~/ansible/roles/vxlan/tasks/main.yml>--- # Installation und Konfiguration von VXLAN | == Tasks == |
| | <file c++ ~/ansible/roles/vxlan/tasks/main.yml>--- # Installation und Konfiguration von VXLAN |
| - include: configure.yml # VXLAN Konfigurieren | - include: configure.yml # VXLAN Konfigurieren |
| - include: vxlanstart.yml # Aktivierung des wireguard client-daemon | - include: vxlanstart.yml # Aktivierung des wireguard client-daemon |
| </file> | ... # YML Ende</file> |
| |
| == Tasks == | <file c++ ~/ansible/roles/vxlan/tasks/configure.yml>--- |
| <file java ~/ansible/roles/vxlan/tasks/configure.yml> - name: "*VXLAN* : Paketfilter anpassen - Eingehenden VXLAN Verkehr auf dem Mesh-Interface erlauben" | |
| # https://docs.ansible.com/ansible/latest/modules/commans_module.html | |
| command: ip6tables -I INPUT 1 -i wg-uplink -m udp -p udp --dport 8472 -j ACCEPT | |
| |
| - name: "*VXLAN* : VXLAN-ID des gewählten Segments ermitteln" | - name: "Paketfilter anpassen - Eingehenden VXLAN Verkehr auf dem Mesh-Interface erlauben" |
| # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/set_fact_module.html | ansible.builtin.command: | |
| set_fact: | ip6tables -I INPUT 1 -i wg-uplink -m udp -p udp --dport 8472 -j ACCEPT |
| ffmuc_vxlan_id: "{{ item.value }}" | changed_when: false |
| loop: "{{ lookup('dict', gw_vxlan_ids) }}" | |
| when: "ffmuc_segment in item.key" | |
| |
| - name: "*VXLAN* : link-local des Gateways ermitteln" | - name: "VXLAN-ID des gewählten Segments ermitteln" |
| # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/set_fact_module.html | ansible.builtin.set_fact: |
| set_fact: | ffmuc_vxlan_id: "{{ item.value }}" |
| ffmuc_wireguard_linklocal: "{{ item.value }}" | loop: "{{ lookup('dict', gw_vxlan_ids) }}" |
| loop: "{{ lookup('dict', gw_linklocal) }}" | when: "ffmuc_segment in item.key" |
| when: "ffmuc_gateway in item.key" | |
| |
| - name: "*VXLAN* : lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen" | - name: "link-local des Gateways ermitteln" |
| # https://docs.ansible.com/ansible/latest/modules/shell_module.html | ansible.builtin.set_fact: |
| shell: cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/' | ffmuc_wireguard_linklocal: "{{ item.value }}" |
| register: wg_node_linklocal | loop: "{{ lookup('dict', gw_linklocal) }}" |
| | when: "ffmuc_gateway in item.key" |
| |
| - name: "*VXLAN* : Startupdatei für VXLAN kopieren" | - name: "lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen" |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | ansible.builtin.shell: | |
| template: | cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/' |
| src: templates/vxlan-init.j2 | register: wg_node_linklocal |
| dest: /usr/local/bin/vxlan | changed_when: false |
| |
| - name: "*VXLAN* : Ausführungsrechte des Bash-Scripts anpassen" | - name: "Startupdatei für VXLAN kopieren" |
| # https://docs.ansible.com/ansible/latest/modules/file_module.html | template: |
| file: | src: templates/vxlan-init.j2 |
| path: /usr/local/bin/vxlan | dest: /usr/local/bin/vxlan |
| mode: '0740' | owner: root |
| </file> | group: root |
| | mode: '0750' |
| |
| <file java ~/ansible/roles/vxlan/tasks/vxlanstart.yml>--- | ...</file> |
| - name: "*VXLAN* : systemd-unitfile anlegen" | |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | |
| template: | <file c++ ~/ansible/roles/vxlan/tasks/vxlanstart.yml>--- |
| src: templates/systemd-service-file.j2 | |
| dest: /etc/systemd/system/vxlan.service | - name: "systemd-unitfile anlegen" |
| | ansible.builtin.template: |
| | src: templates/systemd-service-file.j2 |
| | dest: /etc/systemd/system/vxlan.service |
| | owner: root |
| | group: root |
| | mode: '0644' |
| | |
| | - name: "Neues Unitfile dem systemd bekannt geben" |
| | ansible.builtin.systemd: |
| | daemon_reload: true |
| | |
| | - name: "Service vxlan via systemd starten" |
| | ansible.builtin.systemd: |
| | name: vxlan.service |
| | daemon_reload: true |
| | state: started |
| | enabled: true |
| | |
| | ...</file> |
| |
| - name: "*VXLAN* : Neues Unitfile dem systemd bekannt geben" | |
| # https://docs.ansible.com/ansible/latest/modules/systemd_module.html | |
| systemd: | |
| daemon_reexec: yes | |
| |
| - name: "*VXLAN* : Service vxlan via systemd starten" | |
| # https://docs.ansible.com/ansible/latest/modules/systemd_module.html | |
| systemd: | |
| name: vxlan.service | |
| daemon_reload: yes | |
| state: started | |
| enabled: yes | |
| </file> | |
| |
| == Templates == | == Templates == |
| <file java ~/ansible/roles/vxlan/templates/systemd-service-file.j2>[Unit] | <file c++ ~/ansible/roles/vxlan/templates/systemd-service-file.j2># Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually! |
| | [Unit] |
| # see man systemd.unit | # see man systemd.unit |
| Description=Bringing up VXLAN Interface | Description=Bringing up VXLAN Interface |
| |
| [Install] | [Install] |
| WantedBy=multi-user.target | WantedBy=multi-user.target</file> |
| </file> | |
| |
| <file bash ~/ansible/roles/vxlan/templates/vxlan-init.j2>#!/bin/bash | <file c++ ~/ansible/roles/vxlan/templates/vxlan-init.j2>#!/bin/bash |
| | # Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually! |
| |
| # Bring up VXLAN | # Bring up VXLAN |
| /usr/sbin/batctl hardif mesh-vpn throughput_override 10000 | /usr/sbin/batctl hardif mesh-vpn throughput_override 10000 |
| </file> | </file> |
| |
| |
| |
| === Rolle "ext-respondd" === | === Rolle "ext-respondd" === |
| == Tasks == | == Tasks == |
| <file java ~/ansible/roles/ext-respondd/tasks/main.yml>--- # Installation und Konfiguration des ext-respondd (Statistiken für https://map.ffmuc.net) | <file c++ ~/ansible/roles/ext-respondd/tasks/main.yml>--- # Installation und Konfiguration des ext-respondd (Statistiken für https://map.ffmuc.net) |
| - include: gitinstall.yml # Installation der Pakete git und python3-netifaces | - include: gitinstall.yml # Installation der Pakete git und python3-netifaces |
| - include: gitclone.yml # Repo ext-respondd klonen | - include: gitclone.yml # Repo ext-respondd klonen |
| </file> | </file> |
| |
| <file java ~/ansible/roles/ext-respondd/tasks/aliasgenerate.yml>--- | |
| - name: "Erstellen der resondd Konfigurationsdatei alias.json" | |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | |
| template: | |
| src: templates/ext-respondd_alias.json.j2 | |
| dest: /opt/ext-respondd/alias.json | |
| </file> | |
| |
| <file java ~/ansible/roles/ext-respondd/tasks/configgenerate.yml>--- | <file c++ ~/ansible/roles/ext-respondd/tasks/gitinstall.yml>--- |
| - name: "Erstellen der resondd Konfigurationsdatei config.json" | |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | |
| template: | |
| src: templates/ext-respondd_config.json.j2 | |
| dest: /opt/ext-respondd/config.json | |
| </file> | |
| |
| <file java ~/ansible/roles/ext-respondd/tasks/copyconfig.yml>--- | - name: "Installation der Pakete git und python3-netifaces" |
| - name: "Systemd Startdatei für respondd kopieren" | ansible.builtin.apt: |
| # https://docs.ansible.com/ansible/latest/modules/shell_module.html | update_cache: true |
| shell: | pkg: |
| cmd: cp /opt/ext-respondd/ext-respondd.service.example /etc/systemd/system/ext-respondd.service | - git |
| </file> | - python3-netifaces |
| | state: present |
| |
| <file java ~/ansible/roles/ext-respondd/tasks/gitclone.yml>--- | ...</file> |
| - name: "Repo ext-respondd klonen" | |
| # https://docs.ansible.com/ansible/latest/modules/git_module.html | |
| git: | |
| repo: https://github.com/freifunkMUC/ext-respondd | |
| dest: /opt/ext-respondd/ | |
| </file> | |
| |
| <file java ~/ansible/roles/ext-respondd/tasks/gitinstall.yml>--- | |
| - name: "Installation der Pakete git und python3-netifaces" | |
| # https://docs.ansible.com/ansible/latest/modules/apt_module.html | |
| apt: | |
| update_cache: yes | |
| pkg: | |
| - git | |
| - python3-netifaces | |
| state: present | |
| </file> | |
| |
| <file java ~/ansible/roles/ext-respondd/tasks/servicestartup.yml>--- | |
| - name: "Service ext-respondd beim Booten starten" | <file c++ ~/ansible/roles/ext-respondd/tasks/gitclone.yml>--- |
| # https://docs.ansible.com/ansible/latest/modules/systemd_module.html | |
| systemd: | - name: "ggf. bestehende Altlast bereinigen" |
| name: ext-respondd | ansible.builtin.file: |
| daemon_reload: yes | path: /opt/ext-respondd |
| state: started | state: absent |
| enabled: yes | |
| </file> | - name: "Repo ext-respondd klonen" |
| | ansible.builtin.git: |
| | repo: https://github.com/freifunkMUC/ext-respondd |
| | dest: /opt/ext-respondd/ |
| | version: master |
| | clone: true |
| | update: true |
| | |
| | ...</file> |
| | |
| | |
| | <file c++ ~/ansible/roles/ext-respondd/tasks/copyconfig.yml>--- |
| | |
| | - name: "Systemd Startdatei für respondd kopieren" |
| | ansible.builtin.copy: |
| | src: /opt/ext-respondd/ext-respondd.service.example |
| | dest: /etc/systemd/system/ext-respondd.service |
| | remote_src: true |
| | # cmd: cp /opt/ext-respondd/ext-respondd.service.example /etc/systemd/system/ext-respondd.service |
| | |
| | ...</file> |
| | |
| | |
| | <file c++ ~/ansible/roles/ext-respondd/tasks/aliasgenerate.yml>--- |
| | |
| | - name: "Erstellen der resondd Konfigurationsdatei alias.json" |
| | ansible.builtin.template: |
| | src: templates/ext-respondd_alias.json.j2 |
| | dest: /opt/ext-respondd/alias.json |
| | owner: root |
| | group: root |
| | mode: '0644' |
| | |
| | ...</file> |
| | |
| | <file c++ ~/ansible/roles/ext-respondd/tasks/configgenerate.yml>--- |
| | |
| | - name: "Erstellen der resondd Konfigurationsdatei config.json" |
| | ansible.builtin.template: |
| | src: templates/ext-respondd_config.json.j2 |
| | dest: /opt/ext-respondd/config.json |
| | owner: root |
| | group: root |
| | mode: '0644' |
| | |
| | ...</file> |
| | |
| | <file c++ ~/ansible/roles/ext-respondd/tasks/bugfixing.yml>--- |
| | |
| | - name: "Typo in der /opt/ext-respondd/lib/nodeinfo.py korrigieren" |
| | ansible.builtin.replace: |
| | path: /opt/ext-respondd/lib/nodeinfo.py |
| | # zu ersetzende/korrigierende Zeile |
| | regexp: 'Processor' |
| | # wird ersetzt durch |
| | replace: 'processor' |
| | |
| | ...</file> |
| | |
| | <file c++ ~/ansible/roles/ext-respondd/tasks/servicestartup.yml>--- |
| | |
| | - name: "Service ext-respondd beim Booten starten" |
| | systemd: |
| | name: ext-respondd |
| | daemon_reload: true |
| | state: started |
| | enabled: true |
| | |
| | ...</file> |
| |
| == Templates == | == Templates == |
| <file java ~/ansible/roles/ext-respondd/templates/ext-respondd_alias.json.j2>{ | <file c++ ~/ansible/roles/ext-respondd/templates/ext-respondd_alias.json.j2>{ |
| "nodeinfo": { | "nodeinfo": { |
| "hostname": "{{ raspberry_hostname }}", | "hostname": "{{ raspberry_hostname }}", |
| }, | }, |
| "firstseen": "2019-08-14T12:34:56" | "firstseen": "2019-08-14T12:34:56" |
| } | }</file> |
| </file> | |
| |
| <file java ~/ansible/roles/ext-respondd/templates/ext-respondd_config.json.j2>{ | <file java ~/ansible/roles/ext-respondd/templates/ext-respondd_config.json.j2>{ |
| "rate_limit": 30, | "rate_limit": 30, |
| "rate_limit_burst": 10 | "rate_limit_burst": 10 |
| } | }</file> |
| </file> | |
| |
| |
| === Rolle "hostapd" === | === Rolle "hostapd" === |
| == Tasks == | == Tasks == |
| <file java ~/ansible/roles/hostapd/tasks/main.yml>--- # Installation und Konfiguration des hostap Treibers für den WiFi-Support | <file c++ ~/ansible/roles/hostapd/tasks/main.yml>--- # Installation und Konfiguration des hostap Treibers für den WiFi-Support |
| - include: install.yml # Paket hostapd für WLAN installieren | - include: install.yml # Paket hostapd für WLAN installieren |
| - include: configure.yml # hostapd konfigurieren | - include: configure.yml # hostapd konfigurieren |
| - include: genconfig.yml # hostapd Konfigurationsdatei anlegen | - include: genconfig.yml # hostapd Konfigurationsdatei anlegen |
| - include: wlanbridging.yml # wlan0 in Bridge packen | - include: wlanbridging.yml # wlan0 in Bridge packen |
| - include: servicestartup.yml # Service hostapd beim Booten und jetzt starten und das Laden der Unit Datei vom Service hostapd ermöglichen | - include: servicestartup.yml # Service hostapd beim Booten und jetzt starten |
| </file> | # und so das Laden der Unit Datei vom Service |
| | # hostapd ermöglichen |
| | ... # YML Ende</file> |
| |
| <file java ~/ansible/roles/hostapd/tasks/configure.yml>--- | |
| - name: "hostapd konfigurieren" | |
| # https://docs.ansible.com/ansible/latest/modules/shell_module.html | |
| shell: echo 'DAEMON_OPTS="-d"' >> /etc/default/hostapd | |
| when: ( raspberry_wifi == "ja" ) | |
| </file> | |
| |
| <file java ~/ansible/roles/hostapd/tasks/genconfig.yml>--- | <file c++ ~/ansible/roles/hostapd/tasks/install.yml>--- |
| - name: "hostapd Konfigurationsdatei anlegen" | |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | |
| template: | |
| src: templates/hostapd.j2 | |
| dest: /etc/hostapd/hostapd.conf | |
| when: ( raspberry_wifi == "ja" ) | |
| </file> | |
| |
| <file java ~/ansible/roles/hostapd/tasks/install.yml>--- | - name: "Paket hostapd für WLAN installieren" |
| - name: "Paket hostapd für WLAN installieren" | ansible.builtin.apt: |
| # https://docs.ansible.com/ansible/latest/modules/apt_module.html | update_cache: true |
| apt: | pkg: |
| update_cache: yes | - hostapd |
| pkg: | state: present |
| - hostapd | |
| state: present | ...</file> |
| when: ( raspberry_wifi == "ja" ) | |
| </file> | |
| | <file c++ ~/ansible/roles/hostapd/tasks/configure.yml>--- |
| | |
| | - name: "hostapd konfigurieren" |
| | ansible.builtin.command: | |
| | echo 'DAEMON_OPTS="-d"' >> /etc/default/hostapd |
| | changed_when: false |
| | |
| | ...</file> |
| | |
| | <file c++ ~/ansible/roles/hostapd/tasks/genconfig.yml>--- |
| | |
| | - name: "hostapd Konfigurationsdatei anlegen" |
| | ansible.builtin.template: |
| | src: templates/hostapd.j2 |
| | dest: /etc/hostapd/hostapd.conf |
| | owner: root |
| | group: root |
| | mode: '0644' |
| | |
| | ...</file> |
| | |
| | |
| | <file c++ ~/ansible/roles/hostapd/tasks/wlanbridging.yml>--- |
| | |
| | - name: "wlan0 in Bridge packen" |
| | template: |
| | src: templates/rclocal_wifi.j2 |
| | dest: /etc/rc.local |
| | owner: root |
| | group: root |
| | mode: '0750' |
| | |
| | ...</file> |
| | |
| | |
| | <file c++ ~/ansible/roles/hostapd/tasks/servicestartup.yml>--- |
| | |
| | - name: "Service hostapd beim Booten und jetzt starten und das Laden der Unit Datei vom Service hostapd ermöglichen" |
| | ansible.builtin.systemd: |
| | name: hostapd |
| | enabled: true |
| | masked: false |
| | state: started |
| | |
| | ...</file> |
| |
| <file java ~/ansible/roles/hostapd/tasks/servicestartup.yml>--- | |
| - name: "Service hostapd beim Booten und jetzt starten und das Laden der Unit Datei vom Service hostapd ermöglichen" | |
| # https://docs.ansible.com/ansible/latest/modules/systemd_module.html | |
| systemd: | |
| name: hostapd | |
| enabled: yes | |
| masked: no | |
| state: started | |
| when: ( raspberry_wifi == "ja" ) | |
| </file> | |
| |
| <file java ~/ansible/roles/hostapd/tasks/wlanbridging.yml>--- | |
| - name: "wlan0 in Bridge packen" | |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | |
| template: | |
| src: templates/rclocal_wifi.j2 | |
| dest: /etc/rc.local | |
| when: ( raspberry_wifi == "ja" ) | |
| </file> | |
| |
| == Templates == | == Templates == |
| <file java ~/ansible/roles/hostapd/templates/hostapd.j2>ssid=muenchen.freifunk.net/{{ ffmuc_segment }} | <file c++ ~/ansible/roles/hostapd/templates/hostapd.j2>ssid=muenchen.freifunk.net/{{ ffmuc_segment }} |
| |
| country_code=US | country_code=US |
| vht_oper_chwidth=1 | vht_oper_chwidth=1 |
| channel=36 | channel=36 |
| vht_oper_centr_freq_seg0_idx=42 | vht_oper_centr_freq_seg0_idx=42</file> |
| </file> | |
| |
| <file java ~/ansible/roles/hostapd/templates/rclocal_wifi.j2>#!/bin/sh -e | <file java ~/ansible/roles/hostapd/templates/rclocal_wifi.j2>#!/bin/sh -e |
| | # Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually! |
| # | # |
| # rc.local | # rc.local |
| fi | fi |
| sleep 10; /sbin/brctl addif br-{{ ffmuc_segment }} wlan0 | sleep 10; /sbin/brctl addif br-{{ ffmuc_segment }} wlan0 |
| exit 0 | exit 0</file> |
| </file> | |
| |
| |
| === Rolle "client-mesh" === | === Rolle "client-mesh" === |
| == Tasks == | == Tasks == |
| <file java ~/ansible/roles/client-mesh/tasks/main.yml>--- # Grundkonfiguration von Client und/oder Meshing (V)LANs | <file c++ ~/ansible/roles/client-mesh/tasks/main.yml>--- # Grundkonfiguration von Client und/oder Meshing (V)LANs |
| - include: clientohnemesh.yml # Konfiguration des Client-VLAN ohne Mesh-Netz | - include: clientohnemesh.yml # Konfiguration des Client-VLAN ohne Mesh-Netz |
| - include: getvxlanid.yml # vxlan_id für ausgewähltes Segment ermitteln | - include: getvxlanid.yml # vxlan_id für ausgewähltes Segment ermitteln |
| - include: batmanohnewifi.yml # Konfiguration des bevorzugte Meshingpoint in BATMAN_V ohne Wifi-Nutzung | - include: batmanohnewifi.yml # Konfiguration des bevorzugte Meshingpoint in BATMAN_V ohne Wifi-Nutzung |
| - include: batmanmitwifi.yml # Konfiguration des bevorzugte Meshingpoint in BATMAN_V mit Wifi-Nutzung | - include: batmanmitwifi.yml # Konfiguration des bevorzugte Meshingpoint in BATMAN_V mit Wifi-Nutzung |
| </file> | ... # YML Ende</file> |
| |
| <file java ~/ansible/roles/client-mesh/tasks/batmanmitwifi.yml>--- | |
| - name: "Konfiguration des bevorzugte Meshingpoint in BATMAN_V mit Wifi-Nutzung" | |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | |
| template: | |
| src: templates/rclocal_both.j2 | |
| dest: /etc/rc.local | |
| when: ( raspberry_meshvlan|length > 0 ) and ( raspberry_wifi == "ja" ) | |
| </file> | |
| |
| <file java ~/ansible/roles/client-mesh/tasks/batmanohnewifi.yml>--- | <file c++ ~/ansible/roles/client-mesh/tasks/clientohnemesh.yml>--- |
| - name: "Konfiguration des bevorzugte Meshingpoint in BATMAN_V ohne Wifi-Nutzung" | |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | |
| template: | |
| src: templates/rclocal_vxlan.j2 | |
| dest: /etc/rc.local | |
| when: ( raspberry_meshvlan|length > 0 ) and ( raspberry_wifi != "ja" ) | |
| </file> | |
| |
| <file java ~/ansible/roles/client-mesh/tasks/clientohnemesh.yml>django@Djangos-ThinkPad-X230:~$ cat ~/ansible/roles/client-mesh/tasks/clientohnemesh.yml | - name: "Konfiguration des Client-VLAN ohne Mesh-Netz" |
| --- | ansible.builtin.template: |
| - name: "Konfiguration des Client-VLAN ohne Mesh-Netz" | src: templates/interfaces_client_ohne_mesh.j2 |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | dest: /etc/network/interfaces |
| template: | owner: root |
| src: templates/interfaces_client_ohne_mesh.j2 | group: root |
| dest: /etc/network/interfaces | mode: '0640' |
| when: ( raspberry_clientvlan|length > 0 ) and ( raspberry_meshvlan|length == 0 ) | when: ( raspberry_clientvlan|length > 0 ) and ( raspberry_meshvlan|length == 0 ) |
| </file> | |
| |
| <file java ~/ansible/roles/client-mesh/tasks/getvxlanid.yml>--- | ...</file> |
| - name: "vxlan_id für ausgewähltes Segment ermitteln" | |
| # https://docs.ansible.com/ansible/latest/modules/set_fact_module.html | |
| set_fact: | |
| ffmuc_vxlan_id: "{{ item.value }}" | |
| loop: "{{ lookup('dict', vxlan_ids) }}" | |
| when: "ffmuc_segment in item.key" | |
| </file> | |
| |
| <file java ~/ansible/roles/client-mesh/tasks/meshohneclient.yml>--- | <file c++ ~/ansible/roles/client-mesh/tasks/getvxlanid.yml>--- |
| - name: "Konfiguration des Mesh-VLAN ohne Client-VLAN" | |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | |
| template: | |
| src: templates/interfaces_mesh_ohne_client.j2 | |
| dest: /etc/network/interfaces | |
| when: ( raspberry_clientvlan|length == 0 ) and ( raspberry_meshvlan|length > 0 ) | |
| </file> | |
| |
| <file java ~/ansible/roles/client-mesh/tasks/meshundclient.yml>--- | - name: "vxlan_id für ausgewähltes Segment ermitteln" |
| - name: "Konfiguration von Mesh- und Client-VLAN" | ansible.builtin.set_fact: |
| # https://docs.ansible.com/ansible/latest/modules/template_module.html | ffmuc_vxlan_id: "{{ item.value }}" |
| template: | loop: "{{ lookup('dict', vxlan_ids) }}" |
| src: templates/interfaces_mesh_mit_client.j2 | when: "ffmuc_segment in item.key" |
| dest: /etc/network/interfaces | |
| when: ( raspberry_clientvlan|length > 0 ) and ( raspberry_meshvlan|length > 0 ) | ...</file> |
| </file> | |
| | <file c++ ~/ansible/roles/client-mesh/tasks/meshohneclient.yml>--- |
| | |
| | - name: "Konfiguration des Mesh-VLAN ohne Client-VLAN" |
| | ansible.builtin.template: |
| | src: templates/interfaces_mesh_ohne_client.j2 |
| | dest: /etc/network/interfaces |
| | owner: root |
| | group: root |
| | mode: '0640' |
| | when: ( raspberry_clientvlan|length == 0 ) and ( raspberry_meshvlan|length > 0 ) |
| | |
| | ...</file> |
| | |
| | |
| | <file c++ ~/ansible/roles/client-mesh/tasks/meshundclient.yml>--- |
| | |
| | - name: "Konfiguration von Mesh- und Client-VLAN" |
| | ansible.builtin.template: |
| | src: templates/interfaces_mesh_mit_client.j2 |
| | dest: /etc/network/interfaces |
| | owner: root |
| | group: root |
| | mode: '0640' |
| | when: ( raspberry_clientvlan|length > 0 ) and ( raspberry_meshvlan|length > 0 ) |
| | |
| | ...</file> |
| | |
| | <file c++ ~/ansible/roles/client-mesh/tasks/batmanohnewifi.yml>--- |
| | |
| | - name: "Konfiguration des bevorzugte Meshingpoint in BATMAN_V ohne Wifi-Nutzung" |
| | ansible.builtin.template: |
| | src: templates/rclocal_vxlan.j2 |
| | dest: /etc/rc.local |
| | owner: root |
| | group: root |
| | mode: '0750' |
| | when: ( raspberry_meshvlan|length > 0 ) and ( raspberry_wifi != "true" ) |
| | |
| | ...</file> |
| | |
| | |
| | <file c++ ~/ansible/roles/client-mesh/tasks/batmanmitwifi.yml>--- |
| | |
| | - name: "Konfiguration des bevorzugte Meshingpoint in BATMAN_V mit Wifi-Nutzung" |
| | ansible.builtin.template: |
| | src: templates/rclocal_both.j2 |
| | dest: /etc/rc.local |
| | owner: root |
| | group: root |
| | mode: '0750' |
| | when: ( raspberry_meshvlan|length > 0 ) and ( raspberry_wifi == "true" ) |
| | |
| | ...</file> |
| |
| == Templates == | == Templates == |
| <file java ~/ansible/roles/client-mesh/templates/interfaces_client_ohne_mesh.j2># interfaces(5) file used by ifup(8) and ifdown(8) | <file c++ ~/ansible/roles/client-mesh/templates/interfaces_client_ohne_mesh.j2># Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually! |
| | # interfaces(5) file used by ifup(8) and ifdown(8) |
| |
| # Please note that this file is written to be used with dhcpcd | # Please note that this file is written to be used with dhcpcd |
| pre-up /usr/sbin/batctl meshif bat-{{ ffmuc_segment }} gw_mode client | pre-up /usr/sbin/batctl meshif bat-{{ ffmuc_segment }} gw_mode client |
| pre-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev bat-{{ ffmuc_segment }} | pre-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev bat-{{ ffmuc_segment }} |
| post-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev br-{{ ffmuc_segment }} | post-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev br-{{ ffmuc_segment }}</file> |
| </file> | |
| |
| <file java ~/ansible/roles/client-mesh/templates/interfaces_mesh_mit_client.j2># interfaces(5) file used by ifup(8) and ifdown(8) | |
| | <file c++ ~/ansible/roles/client-mesh/templates/interfaces_mesh_mit_client.j2># Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually! |
| | # interfaces(5) file used by ifup(8) and ifdown(8) |
| |
| # Please note that this file is written to be used with dhcpcd | # Please note that this file is written to be used with dhcpcd |
| </file> | </file> |
| |
| <file java ~/ansible/roles/client-mesh/templates/interfaces_mesh_ohne_client.j2># interfaces(5) file used by ifup(8) and ifdown(8) | |
| | <file java ~/ansible/roles/client-mesh/templates/interfaces_mesh_ohne_client.j2># Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually! |
| | # interfaces(5) file used by ifup(8) and ifdown(8) |
| |
| # Please note that this file is written to be used with dhcpcd | # Please note that this file is written to be used with dhcpcd |
| pre-up /usr/sbin/batctl meshif bat-{{ ffmuc_segment }} gw_mode client | pre-up /usr/sbin/batctl meshif bat-{{ ffmuc_segment }} gw_mode client |
| pre-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev bat-{{ ffmuc_segment }} | pre-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev bat-{{ ffmuc_segment }} |
| post-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev br-{{ ffmuc_segment }} | post-up /sbin/ip link set address $(ip -br l | grep eth0 | egrep -o '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})' | head -1) dev br-{{ ffmuc_segment }}</file> |
| </file> | |
| |
| <file bash ~/ansible/roles/client-mesh/templates/rclocal_both.j2>#!/bin/sh -e | <file bash ~/ansible/roles/client-mesh/templates/rclocal_both.j2>#!/bin/sh -e |
| | # Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually! |
| # | # |
| # rc.local | # rc.local |
| sleep 10; /sbin/brctl addif br-{{ ffmuc_segment }} wlan0 | sleep 10; /sbin/brctl addif br-{{ ffmuc_segment }} wlan0 |
| /usr/sbin/batctl hardif mesh-vpn throughput_override 10000 | /usr/sbin/batctl hardif mesh-vpn throughput_override 10000 |
| exit 0 | exit 0</file> |
| </file> | |
| |
| <file bash ~/ansible/roles/client-mesh/templates/rclocal_vxlan.j2>#!/bin/sh -e | <file bash ~/ansible/roles/client-mesh/templates/rclocal_vxlan.j2>#!/bin/sh -e |
| | # Generated by Ansible on {{ ansible_date_time.date }}, do not edit manually! |
| # | # |
| # rc.local | # rc.local |
| fi | fi |
| /usr/sbin/batctl hardif mesh-vpn throughput_override 10000 | /usr/sbin/batctl hardif mesh-vpn throughput_override 10000 |
| exit 0 | exit 0</file> |
| </file> | |
| |
| | /* |
| === Rolle "oled" === | === Rolle "oled" === |
| == Tasks == | == Tasks == |
| </file> | </file> |
| |
| | */ |
| |
| === Rolle "final" === | === Rolle "final" === |
| == Tasks == | == Tasks == |
| <file java ~/ansible/roles/final/tasks/main.yml>--- # Reboot nach Abschluss der Konfiguration unseres Offloaders | <file java ~/ansible/roles/final/tasks/main.yml>--- # Reboot nach Abschluss der Konfiguration unseres Offloaders |
| - include: reboot.yml # /etc/hosts anpassen | - include: reboot.yml # abschließender Reboot nach Fertigstellung |
| ... #YAML Ende Syntax | ... # YML Ende</file> |
| </file> | |
| |
| <file java ~/ansible/roles/final/tasks/reboot.yml>--- | <file java ~/ansible/roles/final/tasks/reboot.yml>--- |
| - name: "Reboot nach Abschluss der Konfiguration unseres Offloaders" | |
| # https://docs.ansible.com/ansible/latest/modules/reboot_module.html | - name: "Reboot nach Abschluss der Konfiguration unseres Offloaders" |
| reboot: | ansible.builtin.reboot: |
| </file> | |
| | ...</file> |
| |
| ==== Download des auf Debian Buster basierenden Raspbian ==== | ==== Download des auf Debian Buster basierenden Raspbian ==== |
| Hier werden die zur Konfiguration benötigten Parameter nicht beim Aufruf des Playbooks abgefragt, sondern in zugehörigen **[[#inventory-definition|Inventory-Datei]]** hinterlegt. Das ist im ersten Schritt für den ungeübten Ansible-Nutzer zwar augenscheinlich aufwändiger, hat aber den Vorteil, dass man die zur Konfiguration benötigten Parameter immer sofort "zur Hand" hat. | Hier werden die zur Konfiguration benötigten Parameter nicht beim Aufruf des Playbooks abgefragt, sondern in zugehörigen **[[#inventory-definition|Inventory-Datei]]** hinterlegt. Das ist im ersten Schritt für den ungeübten Ansible-Nutzer zwar augenscheinlich aufwändiger, hat aber den Vorteil, dass man die zur Konfiguration benötigten Parameter immer sofort "zur Hand" hat. |
| |
| In den Zeilen **''55 bis 64''** sind diese Parameter entsprechend zu hinterlegen. | In der Host-spezifischen Konfigurationsdatei sind diese Parameter entsprechend zu hinterlegen. Folgendes Beispiel zeigt dies für den Host mit dem Namen **rpb4-ol-b** aus dem Inventory. |
| $ vim ~/ansible/inventories/production/hosts.yml +54 | $ vim ~/ansible/inventories/production/host_vars/rpb4-ol-b/individual_host_specification |
| | |
| | <code># IP-Adresse unseres Raspberry in unserem eigenen lokalen Netzwerk |
| | # stationäre schwarzes Plastikgehäuse Raspberry 4B mit PoE-HAT und Display |
| | # MAC: dc:a6:32:22:f0:f2 |
| | ansible_ssh_host: 192.168.0.22 |
| | ansible_port: 22 |
| | ansible_user: pi |
| | ansible_ssh_private_key_file: ~/.ssh/id_ed25519_freifunk |
| | # |
| | batman_adv_version: "2022.1" |
| | ffmuc_segment: "muc_ost" |
| | ffmuc_gateway: "gw06" |
| | raspberry_hostname: "ff_pliening_rpb4_ol_v6" |
| | node_contact_address: "hier entlang => https://bit.ly/2VxGoXp" |
| | raspberry_latitude: "48.198757565" |
| | raspberry_longitude: "11.798020899" |
| | raspberry_wifi: "true" |
| | raspberry_clientvlan: "4" |
| | raspberry_meshvlan: "2" |
| | raspberry_oled: "false"</code> |
| |
| <code> 54 batman_adv_version: "2020.4" | Diese passen wir natürlich noch auf unsere lokale Umgebung hin an. |
| 55 ffmuc_segment: "muc_ost" | |
| 56 ffmuc_gateway: "gw04" | |
| 57 raspberry_hostname: "raspbian-ansible-offloader" | |
| 58 node_contact_address: "https://bit.ly/2VxGoXp" | |
| 59 raspberry_latitude: "48.239094621" | |
| 60 raspberry_longitude: "11.558936834" | |
| 61 raspberry_wifi: "ja" | |
| 62 raspberry_clientvlan: "123" | |
| 63 raspberry_meshvlan: "456" | |
| 64 raspberry_oled: "ja"</code> | |
| |
| === Playbook Lauf === | === Playbook Lauf === |
django