Commit a591e51d authored by Nico's avatar Nico
Browse files

add first steps for a localgw implementation

parent c8251127
---
- hosts: localgw
roles:
- localgw
---
# name of the bridge where clients can be connected
client_bridge_name: br-client
# name of the mesh interface which is member of the client bridge
# (i.e. the interface over which traffic from the mesh enters the
# client bridge)
mesh_client_interface_name: bat0
# Directory where ext-respondd will be installed
ext_respondd_install_dir: /opt/ext-respondd
---
- name: restart ext-respondd
service: name=ext-respondd state=restarted
---
- name: Install tools
apt:
name:
- batctl
- bridge-utils
state: present
- name: Ensure interfaces.d exsists
file:
path: /etc/network/interfaces.d
state: directory
- name: Deploy BATMAN interface config
template:
src: interfaces-batman.j2
dest: /etc/network/interfaces.d/ffs-batman
---
- name: Installing Dependencies
apt:
name: fastd
state: present
- name: Ensure fastd mesh_vpn folder exists
file:
state: directory
recurse: yes
path: /etc/fastd/mesh_vpn
- name: Deploy fastd mesh_vpn config
template:
src: fastd.conf.j2
dest: /etc/fastd/mesh_vpn/fastd.conf
- name: Enable fastd mesh_vpn service
service:
name: fastd@mesh_vpn
enabled: yes
state: started
---
- name: Setup routing
include: routing.yml
- name: Setup batman
include: batman.yml
- name: Setup fastd
include: fastd.yml
when:
fastd["enable"] is defined and fastd["enable"]
- name: Setup respondd
include: respondd.yml
---
- name: Install dependencies for ext-respondd
apt:
name:
- git
- python3-netifaces
- ethtool
- lsb-release
- name: Checkout ext-respondd
git:
repo: 'https://github.com/freifunkMUC/ext-respondd.git'
dest: "{{ ext_respondd_install_dir }}"
update: yes
notify:
- restart ext-respondd
- name: Deploy ext-respondd config.json
copy:
content: "{{ config_json|to_nice_json }}"
dest: "{{ ext_respondd_install_dir }}/config.json"
vars:
config_json:
batman: "{{ mesh_client_interface_name }}"
bridge: "{{ client_bridge_name }}"
mesh-vpn:
- mesh-vpn
mesh-wlan: []
fastd_socket: "/var/run/fastd.mesh_vpn.socket"
rate_limit: 30
rate_limit_burst: 10
notify:
- restart ext-respondd
- name: Deploy ext-respondd alias.json
copy:
content: "{{ alias_json|to_nice_json }}"
dest: "{{ ext_respondd_install_dir }}/alias.json"
vars:
alias_json:
nodeinfo:
owner:
contact: "{{ nodeinfo.owner_contact }}"
location:
zip: "{{ nodeinfo.location.zip }}"
notify:
- restart ext-respondd
- name: Deploy ext-respondd systemd service
template:
src: ext-respondd.service
dest: /etc/systemd/system/ext-respondd.service
- name: Enable ext-respondd systemd service
service:
enabled: yes
name: ext-respondd
state: started
---
- name: Setup routing table for mesh traffic
copy:
dest: /etc/iproute2/rt_tables.d/ffs-mesh-default.conf
content: "711001 ffs-mesh-default"
{
"nodeinfo": {
"hostname": "{{ nodeinfo.nodename }}",
"owner": {
"contact": "{{ nodeinfo.owner_contact }}",
},
"location": {
"zip": "{{ nodeinfo.location.zip }}",
"longitude": 5.00932562351
},
"pages": [
"http://start.ffggrz/",
"http://start.ffggrz.de/"
]
},
"firstseen": "2015-04-12T15:41:01"
}
{
"batman": "{{ mesh_client_interface_name }}",
"bridge": "{{ client_bridge_name }}",
"mesh-vpn": [],
"mesh-wlan": [],
"fastd_socket": "/var/run/fastd.mesh_vpn.socket",
"rate_limit": 30,
"rate_limit_burst": 10
}
[Unit]
Description=ext-respondd (respondd status for servers)
After=syslog.target network-online.target
[Service]
Type=simple
User=root
Group=root
WorkingDirectory={{ ext_respondd_install_dir }}
ExecStart={{ ext_respondd_install_dir }}/ext-respondd.py
[Install]
WantedBy=multi-user.target
secret "{{ fastd["secret"] }}";
log to syslog level info;
method "salsa2012+umac";
log to syslog level verbose;
mode tap;
interface "mesh-vpn";
mtu 1340;
group "gluon-mesh-vpn";
status socket "/var/run/fastd.mesh_vpn_onboarding.socket";
packet mark 1;
peer group "mesh_vpn" {
peer limit 1;
include peers from "/etc/fastd/mesh_vpn_onboarding/peers";
}
secret "{{ fastd["secret"] }}";
log to syslog level info;
method "salsa2012+umac";
log to syslog level verbose;
mode tap;
interface "mesh-vpn";
mtu 1340;
#group "gluon-mesh-vpn";
status socket "/var/run/fastd.mesh_vpn.socket";
packet mark 1;
peer group "mesh_vpn" {
peer limit 1;
peer "gw01" {
remote "gw01s{{ fastd["segment"] }}.gw.freifunk-stuttgart.de":{{ fastd["port"] }};
key "d7b89d42b629bd5d419139b4c395e7b47ed7417112d3fcd232ba38137daa58e6";
}
peer "gw02" {
remote "gw02s{{ fastd["segment"] }}.gw.freifunk-stuttgart.de":{{ fastd["port"] }};
key "31eaff2ce1c19d0c9af693c4500defc4e1b4979ad75133d779532f0572955875";
}
peer "gw03" {
remote "gw03s{{ fastd["segment"] }}.gw.freifunk-stuttgart.de":{{ fastd["port"] }};
key "1e944f5f2dca02e1c1d2e006186417e76759c26f75da5e7850f6c1e5cddcb1c2";
}
peer "gw04" {
remote "gw04s{{ fastd["segment"] }}.gw.freifunk-stuttgart.de":{{ fastd["port"] }};
key "5689b2fd14bd313de1e95406c17e783b78b9d6f8aa86f896df4f2d843ab642bf";
}
peer "gw05" {
remote "gw05s{{ fastd["segment"] }}.gw.freifunk-stuttgart.de":{{ fastd["port"] }};
key "26cd067057e4fcf58fb68da66c75a360de56aa4c36094f1846f706824682a789";
}
peer "gw06" {
remote "gw06s{{ fastd["segment"] }}.gw.freifunk-stuttgart.de":{{ fastd["port"] }};
key "fdc1737906d7431763962f4daf6eb4d973c845aca7a96e40643d08a82159dff2";
}
peer "gw07" {
remote "gw07s{{ fastd["segment"] }}.gw.freifunk-stuttgart.de":{{ fastd["port"] }};
key "23f6d70be861effe9b1a7bc812fd8c9e2e575bf0ea63ca4ffdc0a3998afb59a1";
}
peer "gw08" {
remote "gw08s{{ fastd["segment"] }}.gw.freifunk-stuttgart.de":{{ fastd["port"] }};
key "1af6a5d41d866823e5712e8d9af42080397ad52bdd8664a11ca94225629398a3";
}
peer "gw09" {
remote "gw09s{{ fastd["segment"] }}.gw.freifunk-stuttgart.de":{{ fastd["port"] }};
key "bf7c1a62dbf61b8fda25be7e5e600c0ae745e6b6e90a419aeafaf85b6497e8f2";
}
peer "gw10" {
remote "gw10s{{ fastd["segment"] }}.gw.freifunk-stuttgart.de":{{ fastd["port"] }};
key "4b89e1a8882b4d7cf50eabc0360ff28138d78ca0b63fd63ec9e4c8260121da00";
}
}
auto {{ client_bridge_name }}
iface {{ client_bridge_name }} inet manual
#mtu 1500
bridge_ports {{ mesh_client_interface_name }}
bridge_fd 0
bridge_maxwait 0
# always route mesh-vpn traffic over wan
# post-up /sbin/ip rule add fwmark 1 table wan || true
# post-down /sbin/ip rule del fwmark 1 table wan || true
auto {{ mesh_client_interface_name }}
iface {{ mesh_client_interface_name }} inet manual
#mtu 1500
pre-up /sbin/modprobe batman-adv || true
up /usr/sbin/batctl -m $IFACE if create || true
# gateways set this for some reason? default in gluon is 5000
# post-up /usr/sbin/batctl -m $IFACE it 10000 || true
# post-up /usr/sbin/batctl -m $IFACE gw server 64mbit/64mbit || true
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment