Support multiple fastd interfaces

This commit is contained in:
Markus 2018-01-21 20:46:21 +01:00
parent 36391a40d0
commit f1b9e3f72c
7 changed files with 33 additions and 18 deletions

View File

@ -2,8 +2,7 @@ batman_interface: bat-{{ site_code }}
fastd_anonymous: true fastd_anonymous: true
fastd_bind: any fastd_bind: any
fastd_instance: "{{ site_code }}" fastd_instances: 3
fastd_interface: vpn-{{ site_code }}
fastd_mtu: 1312 fastd_mtu: 1312
fastd_peers_limit: -1 fastd_peers_limit: -1
fastd_port: 10000 fastd_port: 10000

View File

@ -1,7 +1,8 @@
--- ---
- name: Restart fastd - name: Restart fastd
service: name=fastd@{{ site_code }} state=restarted service: name=fastd@{{ site_code }}{{ item }} state=restarted
with_sequence: start=0 count={{ fastd_instances }}
- name: Reload systemd - name: Reload systemd
command: systemctl daemon-reload command: systemctl daemon-reload

View File

@ -16,18 +16,32 @@
service: name=fastd enabled=no service: name=fastd enabled=no
- name: Create directories - name: Create directories
file: path=/etc/fastd/{{ fastd_instance }}/peers state=directory file: path=/etc/fastd/{{ site_code }} state=directory
- name: Create directories
file: path=/etc/fastd/{{ site_code }}{{ item }}/peers state=directory
with_sequence: start=0 count={{ fastd_instances }}
- name: Configure fastd - name: Configure fastd
template: src=fastd.conf.j2 dest=/etc/fastd/{{ fastd_instance }}/fastd.conf template: src=fastd.conf.j2 dest=/etc/fastd/{{ site_code }}{{ item }}/fastd.conf
with_sequence: start=0 count={{ fastd_instances }}
notify: Restart fastd notify: Restart fastd
- name: Generate fastd secret - name: Generate fastd secret
fastd_key: path=/etc/fastd/{{ fastd_instance }}/secret.conf fastd_key: path=/etc/fastd/{{ site_code }}/secret.conf
notify: Restart fastd notify: Restart fastd
- name: Make sure at least a dummy blacklist.sh is available - name: Create symlinks (secret)
copy: src=blacklist.sh dest=/etc/fastd/{{ fastd_instance }}/blacklist.sh mode=0755 force=no file: src=/etc/fastd/{{ site_code }}/secret.conf dest=/etc/fastd/{{ site_code }}{{ item }}/secret.conf state=link
with_sequence: start=0 count={{ fastd_instances }}
- name: Enable fastd {{ fastd_instance }} - name: Make sure at least a dummy blacklist.sh is available
service: name=fastd@{{ fastd_instance }} enabled=yes copy: src=blacklist.sh dest=/etc/fastd/{{ site_code }}/blacklist.sh mode=0755 force=no
- name: Create symlinks (blacklist)
file: src=/etc/fastd/{{ site_code }}/blacklist.sh dest=/etc/fastd/{{ site_code }}{{ item }}/blacklist.sh state=link
with_sequence: start=0 count={{ fastd_instances }}
- name: Enable fastd {{ site_code }}
service: name=fastd@{{ site_code }}{{ item }} enabled=yes
with_sequence: start=0 count={{ fastd_instances }}

View File

@ -2,9 +2,9 @@
log to syslog level warn; log to syslog level warn;
hide ip addresses yes; hide ip addresses yes;
status socket "/run/fastd-{{ fastd_instance }}.sock"; status socket "/run/fastd-{{ site_code }}{{ item }}.sock";
interface "{{ fastd_interface }}"; interface "vpn-{{ site_code }}{{ item }}";
method "null"; method "null";
method "salsa2012+umac"; method "salsa2012+umac";
@ -12,7 +12,7 @@ method "xsalsa20-poly1305";
secure handshakes yes; secure handshakes yes;
bind {{ fastd_bind }}:{{ fastd_port }}; bind {{ fastd_bind }}:{{ fastd_port + item|int }};
include "secret.conf"; include "secret.conf";
@ -24,7 +24,7 @@ peer limit {{ fastd_peers_limit }};
on up " on up "
ifconfig $INTERFACE down ifconfig $INTERFACE down
ip link set address f2:00:90:00:{{ gateway_id }}:10 dev $INTERFACE ip link set address f2:00:90:00:{{ gateway_id }}:{{ 10 + item|int }} dev $INTERFACE
ifconfig $INTERFACE up ifconfig $INTERFACE up
batctl -m {{ batman_interface }} if add $INTERFACE batctl -m {{ batman_interface }} if add $INTERFACE

View File

@ -19,7 +19,7 @@ iface bat-{{ site_code }}
mtu 1500 mtu 1500
# #
batman-hop-penalty 5 batman-hop-penalty 5
batman-ifaces dmy-{{ site_code }} vpn-{{ site_code }} batman-ifaces dmy-{{ site_code }}
batman-ifaces-ignore-regex .*_.* batman-ifaces-ignore-regex .*_.*
# #
up /usr/sbin/batctl -m bat-{{ site_code }} gw_mode server 100000 100000 up /usr/sbin/batctl -m bat-{{ site_code }} gw_mode server 100000 100000

View File

@ -1,6 +1,7 @@
--- ---
batman_interface: bat-{{ site_code }}
main_bridge: br-{{ site_code }}
respondd_announce_git_root: https://github.com/ffnord/mesh-announce/ respondd_announce_git_root: https://github.com/ffnord/mesh-announce/
respondd_announce_git_version: 1d2182232c1de0956092f9509368cae045f23751 respondd_announce_git_version: 1d2182232c1de0956092f9509368cae045f23751
batman_interface: bat-{{ site_code }}
main_bridge: br-{{ site_code }}

View File

@ -5,7 +5,7 @@ Description=respondd
After=network-online.target After=network-online.target
[Service] [Service]
ExecStart=/opt/{{ site_code }}/respondd-announce/respondd.py -b {{ batman_interface }} -i {{ main_bridge }} -i vpn-{{ site_code }} -d /opt/{{ site_code }}/respondd-announce/ ExecStart=/opt/{{ site_code }}/respondd-announce/respondd.py -b {{ batman_interface }} -i {{ main_bridge }} -d /opt/{{ site_code }}/respondd-announce/
Restart=always Restart=always
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
WorkingDirectory=/opt/{{ site_code }}/respondd-announce WorkingDirectory=/opt/{{ site_code }}/respondd-announce