diff --git a/roles/fastd/defaults/main.yml b/roles/fastd/defaults/main.yml index 460bf72..371dbef 100644 --- a/roles/fastd/defaults/main.yml +++ b/roles/fastd/defaults/main.yml @@ -2,8 +2,7 @@ batman_interface: bat-{{ site_code }} fastd_anonymous: true fastd_bind: any -fastd_instance: "{{ site_code }}" -fastd_interface: vpn-{{ site_code }} +fastd_instances: 3 fastd_mtu: 1312 fastd_peers_limit: -1 fastd_port: 10000 diff --git a/roles/fastd/handlers/main.yml b/roles/fastd/handlers/main.yml index 0e447ca..1f9b9ef 100644 --- a/roles/fastd/handlers/main.yml +++ b/roles/fastd/handlers/main.yml @@ -1,7 +1,8 @@ --- - name: Restart fastd - service: name=fastd@{{ site_code }} state=restarted + service: name=fastd@{{ site_code }}{{ item }} state=restarted + with_sequence: start=0 count={{ fastd_instances }} - name: Reload systemd command: systemctl daemon-reload diff --git a/roles/fastd/tasks/main.yml b/roles/fastd/tasks/main.yml index 44f764e..c8c705e 100644 --- a/roles/fastd/tasks/main.yml +++ b/roles/fastd/tasks/main.yml @@ -16,18 +16,32 @@ service: name=fastd enabled=no - name: Create directories - file: path=/etc/fastd/{{ fastd_instance }}/peers state=directory + file: path=/etc/fastd/{{ site_code }} state=directory + +- name: Create directories + file: path=/etc/fastd/{{ site_code }}{{ item }}/peers state=directory + with_sequence: start=0 count={{ fastd_instances }} - name: Configure fastd - template: src=fastd.conf.j2 dest=/etc/fastd/{{ fastd_instance }}/fastd.conf + template: src=fastd.conf.j2 dest=/etc/fastd/{{ site_code }}{{ item }}/fastd.conf + with_sequence: start=0 count={{ fastd_instances }} notify: Restart fastd - name: Generate fastd secret - fastd_key: path=/etc/fastd/{{ fastd_instance }}/secret.conf + fastd_key: path=/etc/fastd/{{ site_code }}/secret.conf notify: Restart fastd -- name: Make sure at least a dummy blacklist.sh is available - copy: src=blacklist.sh dest=/etc/fastd/{{ fastd_instance }}/blacklist.sh mode=0755 force=no +- name: Create symlinks (secret) + file: src=/etc/fastd/{{ site_code }}/secret.conf dest=/etc/fastd/{{ site_code }}{{ item }}/secret.conf state=link + with_sequence: start=0 count={{ fastd_instances }} -- name: Enable fastd {{ fastd_instance }} - service: name=fastd@{{ fastd_instance }} enabled=yes +- name: Make sure at least a dummy blacklist.sh is available + copy: src=blacklist.sh dest=/etc/fastd/{{ site_code }}/blacklist.sh mode=0755 force=no + +- name: Create symlinks (blacklist) + file: src=/etc/fastd/{{ site_code }}/blacklist.sh dest=/etc/fastd/{{ site_code }}{{ item }}/blacklist.sh state=link + with_sequence: start=0 count={{ fastd_instances }} + +- name: Enable fastd {{ site_code }} + service: name=fastd@{{ site_code }}{{ item }} enabled=yes + with_sequence: start=0 count={{ fastd_instances }} diff --git a/roles/fastd/templates/fastd.conf.j2 b/roles/fastd/templates/fastd.conf.j2 index 815416a..dd573f5 100644 --- a/roles/fastd/templates/fastd.conf.j2 +++ b/roles/fastd/templates/fastd.conf.j2 @@ -2,9 +2,9 @@ log to syslog level warn; hide ip addresses yes; -status socket "/run/fastd-{{ fastd_instance }}.sock"; +status socket "/run/fastd-{{ site_code }}{{ item }}.sock"; -interface "{{ fastd_interface }}"; +interface "vpn-{{ site_code }}{{ item }}"; method "null"; method "salsa2012+umac"; @@ -12,7 +12,7 @@ method "xsalsa20-poly1305"; secure handshakes yes; -bind {{ fastd_bind }}:{{ fastd_port }}; +bind {{ fastd_bind }}:{{ fastd_port + item|int }}; include "secret.conf"; @@ -24,7 +24,7 @@ peer limit {{ fastd_peers_limit }}; on up " ifconfig $INTERFACE down - ip link set address f2:00:90:00:{{ gateway_id }}:10 dev $INTERFACE + ip link set address f2:00:90:00:{{ gateway_id }}:{{ 10 + item|int }} dev $INTERFACE ifconfig $INTERFACE up batctl -m {{ batman_interface }} if add $INTERFACE diff --git a/roles/mesh-interfaces/templates/mesh.conf.j2 b/roles/mesh-interfaces/templates/mesh.conf.j2 index d8c08ca..2393a54 100644 --- a/roles/mesh-interfaces/templates/mesh.conf.j2 +++ b/roles/mesh-interfaces/templates/mesh.conf.j2 @@ -19,7 +19,7 @@ iface bat-{{ site_code }} mtu 1500 # batman-hop-penalty 5 - batman-ifaces dmy-{{ site_code }} vpn-{{ site_code }} + batman-ifaces dmy-{{ site_code }} batman-ifaces-ignore-regex .*_.* # up /usr/sbin/batctl -m bat-{{ site_code }} gw_mode server 100000 100000 diff --git a/roles/respondd/defaults/main.yml b/roles/respondd/defaults/main.yml index a6483f3..951c4e2 100644 --- a/roles/respondd/defaults/main.yml +++ b/roles/respondd/defaults/main.yml @@ -1,6 +1,7 @@ --- +batman_interface: bat-{{ site_code }} +main_bridge: br-{{ site_code }} + respondd_announce_git_root: https://github.com/ffnord/mesh-announce/ respondd_announce_git_version: 1d2182232c1de0956092f9509368cae045f23751 -batman_interface: bat-{{ site_code }} -main_bridge: br-{{ site_code }} diff --git a/roles/respondd/templates/respondd.service.j2 b/roles/respondd/templates/respondd.service.j2 index 2519c23..87151a3 100644 --- a/roles/respondd/templates/respondd.service.j2 +++ b/roles/respondd/templates/respondd.service.j2 @@ -5,7 +5,7 @@ Description=respondd After=network-online.target [Service] -ExecStart=/opt/{{ site_code }}/respondd-announce/respondd.py -b {{ batman_interface }} -i {{ main_bridge }} -i vpn-{{ site_code }} -d /opt/{{ site_code }}/respondd-announce/ +ExecStart=/opt/{{ site_code }}/respondd-announce/respondd.py -b {{ batman_interface }} -i {{ main_bridge }} -d /opt/{{ site_code }}/respondd-announce/ Restart=always Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin WorkingDirectory=/opt/{{ site_code }}/respondd-announce