Skip to content
This repository has been archived by the owner on Jan 25, 2025. It is now read-only.

GRE FFRL #15

Draft
wants to merge 8 commits into
base: master
Choose a base branch
from
Draft

GRE FFRL #15

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
cb58717
Create main.yml
Kwa5ir Feb 23, 2021
2c1462a
Create tasks
Kwa5ir Feb 23, 2021
97a5b44
Delete tasks
Kwa5ir Feb 23, 2021
789ec2c
Create main.yml
Kwa5ir Feb 23, 2021
6b59cac
Create ffrl.j2
Kwa5ir Feb 23, 2021
62ab8c8
Add files via upload
Kwa5ir Feb 23, 2021
f956d98
Add files via upload
Kwa5ir Feb 23, 2021
f7465b1
Exit Node Config
Kwa5ir Feb 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions exit_node.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hier müssen wir noch eine strategische Entscheidung treffen:

  • Playbook für jedes Feature und dann die Hosts eintragen?
  • Oder Playbook für jeden Host(-typ)?

Beim Web haben wir ein Playbook für den Host(-typ) angelegt, was ich bevorzugen würde, da wir sowieso nur von Web und Gateways sprechen.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oder Playbook für jeden Host(-typ)?
Dafür!

- hosts: gw01.babel.md.freifunk.net:
become: yes

roles:
- role: network-ffrl
34 changes: 34 additions & 0 deletions roles/network-ffrl/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# Ansible role network-ffrl

Diese Ansible role konfiguriert die GRE-Tunnel Interfaces, die für den Internet-Exit über Freifunk Rheinland benötigt werden.

## Benötigte Variablen
- Dictionary `ffrl_exit_server` (Host Variable)

```
ffrl_exit_server:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Das muss noch als tatsächliche Config für uns angelegt werden, oder?

ffrl-a-ak-ber:
public_ipv4_address: 185.66.195.0
tunnel_ipv4_network: # IPv4 Tunnel Transfernetz
tunnel_ipv6_network: # IPv6 Tunnel Transfernetz
ffrl-b-ak-ber:
public_ipv4_address: 185.66.195.1
tunnel_ipv4_network:
tunnel_ipv6_network:
ffrl-a-ix-dus:
public_ipv4_address: 185.66.193.0
tunnel_ipv4_network:
tunnel_ipv6_network:
ffrl-b-ix-dus:
public_ipv4_address: 185.66.193.1
tunnel_ipv4_network:
tunnel_ipv6_network:
ffrl-a-fra2-fra:
public_ipv4_address: 185.66.194.0
tunnel_ipv4_network:
tunnel_ipv6_network:
ffrl-b-fra2-fra:
public_ipv4_address: 185.66.194.1
tunnel_ipv4_network:
tunnel_ipv6_network:
```
5 changes: 5 additions & 0 deletions roles/network-ffrl/handlers/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
- name: reload network interfaces
systemd:
name: networking
state: reloaded
16 changes: 16 additions & 0 deletions roles/network-ffrl/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
- name: create ffrl interfaces
template:
src: ffrl.j2
dest: "/etc/network/interfaces.d/{{ item.key }}"
notify: reload network interfaces
loop: "{{ ffrl_exit_server | dict2items }}"

- name: create ffrl-nat dummy interface
template:
src: ffrl_nat.j2
dest: "/etc/network/interfaces.d/ffrl-nat"
notify: reload network interfaces

- name: flush handlers
meta: flush_handlers
17 changes: 17 additions & 0 deletions roles/network-ffrl/templates/ffrl.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#
# {{ ansible_managed }}
#
auto {{ item.key }}
iface {{ item.key }} inet tunnel
mode gre
local {{ ansible_default_ipv4.address | ipaddr('public') | ipaddr('address') }}
endpoint {{ item.value.public_ipv4_address | ipaddr('public') | ipaddr('address') }}

ttl 64
mtu 1400
tunnel-physdev {{ ansible_default_ipv4.interface }}
ip-forward on
ip6-forward on

address {{ item.value.tunnel_ipv4_network | ipaddr('net') | ipaddr('1') | ipaddr('ip/prefix') }}
address {{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('2') | ipaddr('ip/prefix') }}
7 changes: 7 additions & 0 deletions roles/network-ffrl/templates/ffrl_nat.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#
# {{ ansible_managed }}
#
auto ffrl-nat
iface ffrl-nat
link-type dummy
address {{ ffrl_public_ipv4_nat | ipaddr('host') }}