init.sls 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156
  1. #
  2. # Fastd for gateways
  3. #
  4. {% set sites_all = pillar.get ('sites') %}
  5. {% set node_config = salt['pillar.get']('node', {}) %}
  6. {% set sites_node = node_config.get('sites', {}) %}
  7. {% set device_no = node_config.get('id', -1) %}
  8. # Install fastd
  9. fastd:
  10. pkg.installed:
  11. - name: fastd
  12. service.dead:
  13. - enable: False
  14. /etc/systemd/system/fastd@.service:
  15. file.managed:
  16. - source: salt://fastd/fastd@.service
  17. /etc/fastd:
  18. file.directory:
  19. - user: root
  20. - group: root
  21. - mode: 711
  22. require:
  23. - pkg: fastd
  24. #
  25. # Is this instance to be used by external clients?
  26. {% if 'fastd_peers' in node_config.get ('roles', []) %}
  27. # publish blacklist
  28. /etc/fastd/peers-blacklist:
  29. file.managed:
  30. - source: salt://fastd/peers-blacklist
  31. - user: root
  32. - group: root
  33. - mode: 644
  34. - require:
  35. - file: /etc/fastd
  36. /etc/fastd/verify-peer.sh:
  37. file.managed:
  38. - source: salt://fastd/verify-peer.sh
  39. - user: root
  40. - group: root
  41. - mode: 744
  42. - require:
  43. - file: /etc/fastd
  44. {% endif %}
  45. #
  46. # Set up fastd configuration for every network (nodes4, nodes6, intergw-vpn)
  47. # for every site associated for the current minion ID.
  48. #
  49. {% for site in sites_all %}
  50. {% set networks_absent = [] %}
  51. {% set networks_present = [] %}
  52. {% set site_no = sites_all.get(site, {}).get('site_no') %}
  53. {% if site in sites_node %}
  54. {% do networks_present.extend(['intergw']) %}
  55. {% if 'fastd_peers' in node_config.get('roles', []) %}
  56. {% do networks_present.extend(['nodes4', 'nodes6']) %}
  57. {% else %}
  58. {% do networks_absent.extend(['nodes4', 'nodes6']) %}
  59. {% endif %}
  60. {% else %}
  61. {% do networks_absent.extend(['intergw', 'nodes4', 'nodes6']) %}
  62. {% endif %}
  63. {% for network in networks_present %}
  64. {% set network_type = 'nodes' if network.startswith ('nodes') else network %}
  65. {% set instance_name = site ~ '_' ~ network %}
  66. {% set mac_address = salt['ffho_net.gen_batman_iface_mac'](site_no, device_no, network) %}
  67. {% set iface_penalty = salt['ffho_net.get_batman_iface_penalty'](network_type) %}
  68. /etc/fastd/{{ instance_name }}:
  69. file.directory:
  70. - makedirs: true
  71. - mode: 755
  72. - require:
  73. - file: /etc/fastd
  74. /etc/fastd/{{ instance_name }}/fastd.conf:
  75. file.managed:
  76. - source: salt://fastd/fastd.conf
  77. - template: jinja
  78. network: {{ network }}
  79. network_type: {{ network_type }}
  80. secret: {{ node_config.get('fastd', {}).get(network_type ~ '_privkey') }}
  81. site: {{ site }}
  82. site_no: {{ site_no }}
  83. mac_address: {{ mac_address }}
  84. iface_penalty: {{ iface_penalty }}
  85. {% if 'batman_ext' in node_config.get('roles', []) %}
  86. bat_iface: bat-{{ site }}-ext
  87. {% else %}
  88. bat_iface: bat-{{ site }}
  89. {% endif %}
  90. peer_limit: {{ node_config.get('fastd', {}).get('peer_limit', False) }}
  91. - require:
  92. - file: /etc/fastd/{{ instance_name }}
  93. /etc/fastd/{{ instance_name }}/secret.conf:
  94. file.absent
  95. # Create systemd start link
  96. fastd@{{ instance_name }}:
  97. service.running:
  98. - enable: True
  99. - require:
  100. - file: /etc/systemd/system/fastd@.service
  101. - file: /etc/fastd/{{ instance_name }}/fastd.conf
  102. - service: fastd
  103. - watch:
  104. - file: /etc/fastd/{{ instance_name }}/fastd.conf
  105. {% endfor %}{# for network in networks #}
  106. #
  107. # Cleanup configurations for previosly configured instances.
  108. # Stop fastd instance before purging the configuration.
  109. {% for network in networks_absent %}
  110. {% set instance_name = site ~ '_' ~ network %}
  111. Cleanup /etc/fastd/{{ instance_name }}:
  112. file.absent:
  113. - name: /etc/fastd/{{ instance_name }}
  114. # stop fastd service
  115. Stop fastd@{{ instance_name }}:
  116. service.dead:
  117. - name: fastd@{{ instance_name }}
  118. - enable: False
  119. - prereq:
  120. - file: Cleanup /etc/fastd/{{ instance_name }}
  121. {% endfor %}
  122. {% endfor %}{# for site in sites_all #}
  123. ff_fastd_con_pkgs:
  124. pkg.installed:
  125. - pkgs:
  126. - socat
  127. - jq
  128. /usr/local/bin/ff_fastd_conn:
  129. file.managed:
  130. - source: salt://fastd/ff_fastd_conn
  131. - mode: 755
  132. - user: root
  133. - group: root