Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
FreifunkHochstift
/
ffho-salt-public
2
0
Fork 2
Tiedostot Ongelmat 0 Pull-pyynnöt 0

Salt-Orchestrated OpenSource based Software-Defined-Freifunk-Infrastructre-Network configuration

Puu: 5006ff1cdf
Branchit Tagit
ffho-salt-pu...
ZIP TAR.GZ
Maximilian Wilhelm 5006ff1cdf dhcp-client: Don't update /etc/resolv.conf 1 viikko sitten
Documentation 80c977116f Doc: Add monitoring rule configuration examples 1 vuosi sitten
_modules 1ad46124d0 SDN: Fix fwmark for vrf_oobm_ext 2 viikkoa sitten
anycast-healthchecker 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
apt 69f9d4be0f apt: Salt sources.list and GPG key for Bookworm 11 kuukautta sitten
apu2 0ae03f896f apu2: Document how to force firmware update. 5 vuotta sitten
bash 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
batman 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
bird 9f86fe6eb8 bird: Don't generate potential down BGP peers in template 8 kuukautta sitten
build 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
burp 51a28612c0 burp: client: Only log to burp's own log file 6 kuukautta sitten
certs 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
dhcp-client 5006ff1cdf dhcp-client: Don't update /etc/resolv.conf 1 viikko sitten
dhcp-server 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
dns-server 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
docker 4cf47cbc5f Add docker state. 6 vuotta sitten
elasticsearch 5b3cbfb6c3 Added elasticsearch config 4 vuotta sitten
fastd 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
ffinfo 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
firewall a77faefab6 firewall: Add files to load on boot-up 4 vuotta sitten
firmware 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
gogs 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
grafana 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
graylog 172990e9c3 graylog: Use mongodb with authentication 1 vuosi sitten
icinga2 04a731046d icinga2: Disable some check_ssl_cert params on Bookworm only 5 kuukautta sitten
icingaweb2 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
influxdb 1ea0d959e7 influxdb: Switch to new repo key 1 vuosi sitten
install-server a021074e44 install-server: Add preseed for Debian Bookworm 9 kuukautta sitten
kernel 5ee6a1bd4e kernel: Install backports Kernel for Buster for B.A.T.M.A.N. iface penalty support 3 vuotta sitten
kvm 9c7c0bd8b1 KVM: Remove need for ifupdown* to configure VM interfaces 1 vuosi sitten
locales 54cdaf4438 locales: Add new config file for Debian Bookworm 11 kuukautta sitten
mongodb 29b4318138 mongodb: Enable authorization by default 1 vuosi sitten
mosh d243476e23 First bunch of ffho salt configuration files to be public. 8 vuotta sitten
motd 6605a8fd50 add motd state 7 vuotta sitten
needrestart d77bad69c3 Install needrestart on all nodes. 4 vuotta sitten
network 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
nftables 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
nginx 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
ntp d243476e23 First bunch of ffho salt configuration files to be public. 8 vuotta sitten
openvpn 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
postfix 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
pppoe 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
prometheus-exporters 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
prometheus-server 0728957ae0 prometheus-server: Scrape database exporters 6 kuukautta sitten
respondd 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
rsyslog 6282d40266 rsyslog: Use rsyslog-rotate instead of invoke-rc.d 1 viikko sitten
salt-minion 10f714bd5f salt-minion: python3-tornado isn't required anymore 3 vuotta sitten
screen d243476e23 First bunch of ffho salt configuration files to be public. 8 vuotta sitten
slapd ebaf2828e5 Add slapd state to configure LDAP servers. 4 vuotta sitten
snmpd 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
ssh 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
sudo 28aaa76adf sudo: Add sudoers file for Debian Bookworm 11 kuukautta sitten
sury 74dbf64e12 Add sury php repository 1 vuosi sitten
sysctl 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
systemd 1c6d5423bd systemd: Work around new systemd persistent MAC "feature" 3 vuotta sitten
timezone f07fb87dcd Set system timezone to Europe/Berlin. 5 vuotta sitten
unattended-upgrades 678580eb76 unattended-upgrades: Upgrade libc6 and fastd, too 6 kuukautta sitten
users 07d06cc8dc Add users statee to manage users and passwords 2 vuotta sitten
vim 40755b33a6 vim: Do not use the Debian default vimrc. Ever. 4 vuotta sitten
wireguard 674c24ed2b wireguard: Send keepalives every 25s 2 viikkoa sitten
yanic 60a5299b0b Use 'node' pillar instead of 'nodes:' ~ grains.id 8 kuukautta sitten
.gitignore 5d8869e75a Ignore VIM's *.swp files 1 vuosi sitten
README.md 26bc096db5 Update README 1 vuosi sitten
top.sls 4f3cb48596 Fix order in top.sls 2 viikkoa sitten
utils.sls 47b4966ae8 Add simple utils state to list utils worth installing 3 vuotta sitten

README.md

Freifunk Hochstift infrastructure - SaltStack configuration

This repository contains the Salt environment (states + modules) used to configure the infrastructure of the Freifunk Hochstift community network.

It uses the NetBox Abstraction and Caching Layer (NACL) as its interface to communicate with NetBox, which holds all node specific configuration. This includes the node name, role(s), interfaces, IP addresses, tags, config contexts, etc.

Principles

This whole code base follows the principles of Holistic (network) automation, which means that as much configuration bits are derived from properties of nodes or its relationship(s) to other nodes. This includes but is not limited to, OSPF adjacencies, internal BGP sessions, B.A.T.M.A.N. adv. configuration, Nftables rules, etc.

Most of these bits live inside the Python modules which are included in this repository (see the _modules/ directory), which contains modules for authentication, netfilter, and networking related configuration. The ffho_net modules currently is the heart of our SDN logic, with more recent pieces (e.g. iBGP mesh calculation) living inside NACL. Eventually most logic should move over to NACL or another daemon which takes over the SDN role, so that Salt is only used to apply configuration based on a generic device configuration.

Further Reading

Our CTO, @BarbarossaTM, has started a blog series about our infrastructure, its architecture and evolution and also blogs about NetBox related things, which may or may not be related to this code base - it mostly is though :-)