init.sls 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
  1. #
  2. # Fastd for gateways
  3. #
  4. {% set sites_all = pillar.get ('sites') %}
  5. {% set node_config = salt['pillar.get']('nodes:' ~ grains.id, {}) %}
  6. {% set sites_node = node_config.get('sites', {}) %}
  7. {% set device_no = node_config.get('id', -1) %}
  8. include:
  9. - apt
  10. - network.interfaces
  11. {% if 'fastd_peers' in node_config.get('roles', []) %}
  12. - fastd.peers
  13. {% endif %}
  14. # Install fastd
  15. fastd:
  16. pkg.installed:
  17. - name: fastd
  18. {% if grains.oscodename in ['jessie'] %}
  19. - fromrepo: {{ grains.oscodename }}-backports
  20. {% endif %}
  21. - require:
  22. - sls: network.interfaces
  23. service.dead:
  24. - enable: False
  25. /etc/systemd/system/fastd@.service:
  26. file.managed:
  27. - source: salt://fastd/fastd@.service
  28. /etc/fastd:
  29. file.directory:
  30. - user: root
  31. - group: root
  32. - mode: 711
  33. require:
  34. - pkg: fastd
  35. #
  36. # Set up fastd configuration for every network (nodes4, nodes6, intergw-vpn)
  37. # for every site associated for the current minion ID.
  38. #
  39. {% for site in sites_node %}
  40. {% set site_no = sites_all.get(site, {}).get('site_no') %}
  41. {% set networks = ['intergw'] %}
  42. {% if 'fastd_peers' in node_config.get('roles', []) %}
  43. {% do networks.extend (['nodes4', 'nodes6']) %}
  44. {% endif %}
  45. {% for network in networks %}
  46. {% set network_type = 'nodes' if network.startswith ('nodes') else network %}
  47. {% set instance_name = site ~ '_' ~ network %}
  48. {% set mac_address = salt['ffho_net.gen_batman_iface_mac'](site_no, device_no, network) %}
  49. /etc/fastd/{{ instance_name }}:
  50. file.directory:
  51. - makedirs: true
  52. - mode: 755
  53. - require:
  54. - file: /etc/fastd
  55. /etc/fastd/{{ instance_name }}/fastd.conf:
  56. file.managed:
  57. - source: salt://fastd/fastd.conf
  58. - template: jinja
  59. network: {{ network }}
  60. network_type: {{ network_type }}
  61. secret: {{ node_config.get('fastd', {}).get(network_type ~ '_privkey') }}
  62. site: {{ site }}
  63. site_no: {{ site_no }}
  64. mac_address: {{ mac_address }}
  65. {% if 'batman_ext' in node_config.get('roles', []) %}
  66. bat_iface: bat-{{ site }}-ext
  67. {% else %}
  68. bat_iface: bat-{{ site }}
  69. {% endif %}
  70. peer_limit: {{ node_config.get('fastd', {}).get('peer_limit', False) }}
  71. - require:
  72. - file: /etc/fastd/{{ instance_name }}
  73. /etc/fastd/{{ instance_name }}/secret.conf:
  74. file.absent
  75. # Create systemd start link
  76. fastd@{{ instance_name }}:
  77. service.running:
  78. - enable: True
  79. - require:
  80. - file: /etc/systemd/system/fastd@.service
  81. - file: /etc/fastd/{{ instance_name }}/fastd.conf
  82. - service: fastd
  83. - watch:
  84. - file: /etc/fastd/{{ instance_name }}/fastd.conf
  85. {% if network_type == 'nodes' %}
  86. - git: peers-git
  87. {% endif %}
  88. {% endfor %}{# for network in networks #}
  89. #
  90. # Remove old Inter-GW peers folder
  91. /etc/fastd/{{ site }}_intergw/gateways:
  92. file.absent
  93. {% endfor %}{# for site in sites_node #}
  94. #
  95. # Cleanup configurations for previosly configured instances.
  96. # Stop fastd instance before purging the configuration.
  97. {% for site in sites_all if site not in sites_node %}
  98. {% for network in ['intergw', 'nodes4', 'nodes6'] %}
  99. {% set instance_name = site ~ '_' ~ network %}
  100. Cleanup /etc/fastd/{{ instance_name }}:
  101. file.absent:
  102. - name: /etc/fastd/{{ instance_name }}
  103. # stop fastd service
  104. Stop fastd@{{ instance_name }}:
  105. service.dead:
  106. - name: fastd@{{ instance_name }}
  107. - enable: False
  108. - prereq:
  109. - file: Cleanup /etc/fastd/{{ instance_name }}
  110. {% endfor %}
  111. {% endfor %}
  112. /usr/local/bin/ff_log_vpnpeer:
  113. file.managed:
  114. - source: salt://fastd/ff_log_vpnpeer
  115. - template: jinja
  116. - mode: 755
  117. ff_fastd_con_pkgs:
  118. pkg.installed:
  119. - pkgs:
  120. - socat
  121. - jq
  122. /usr/local/bin/ff_fastd_conn:
  123. file.managed:
  124. - source: salt://fastd/ff_fastd_con
  125. - mode: 755
  126. - user: root
  127. - group: root