init.sls 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199
  1. #
  2. # Fastd for gateways
  3. #
  4. {% set sites_all = pillar.get ('sites') %}
  5. {% set sites_node = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':sites', {}) %}
  6. {% set device_no = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':id', -1) %}
  7. include:
  8. - network.interfaces
  9. {% if 'fastd_peers' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
  10. - fastd.peers
  11. {% endif %}
  12. fastd-repo:
  13. pkgrepo.managed:
  14. - human_name: Neoraiders fastd repository
  15. - name: deb http://repo.universe-factory.net/debian/ sid main
  16. - dist: sid
  17. - file: /etc/apt/sources.list.d/fastd.list
  18. - keyserver: keyserver.ubuntu.com
  19. - keyid: CB201D9C
  20. # Install fastd (after fastd-repo and the network are configured)
  21. fastd:
  22. pkg.installed:
  23. - name: fastd
  24. - require:
  25. - pkgrepo: fastd-repo
  26. - sls: network.interfaces
  27. service.dead:
  28. - enable: False
  29. /etc/systemd/system/fastd@.service:
  30. file.managed:
  31. - source: salt://fastd/fastd@.service
  32. /etc/fastd:
  33. file.directory:
  34. - user: root
  35. - group: root
  36. - mode: 711
  37. require:
  38. - pkg: fastd
  39. #
  40. # Set up fastd configuration for every network (nodes4, nodes6, intergw-vpn)
  41. # for every site associated for the current minion ID.
  42. #
  43. {% for site in sites_node %}
  44. {% set site_no = salt['pillar.get']('sites:' ~ site ~ ':site_no') %}
  45. {% set networks = ['intergw'] %}
  46. {% if 'fastd_peers' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
  47. {% do networks.extend (['nodes4', 'nodes6']) %}
  48. {% endif %}
  49. {% for network in networks %}
  50. {% set network_type = 'nodes' if network.startswith ('nodes') else network %}
  51. {% set instance_name = site ~ '_' ~ network %}
  52. {% set mac_address = salt['ffho_net.gen_batman_iface_mac'](site_no, device_no, network) %}
  53. /etc/fastd/{{ instance_name }}:
  54. file.directory:
  55. - makedirs: true
  56. - mode: 755
  57. - require:
  58. - file: /etc/fastd
  59. /etc/fastd/{{ instance_name }}/fastd.conf:
  60. file.managed:
  61. - source: salt://fastd/fastd.conf
  62. - template: jinja
  63. network: {{ network }}
  64. network_type: {{ network_type }}
  65. site: {{ site }}
  66. site_no: {{ site_no }}
  67. mac_address: {{ mac_address }}
  68. {% if 'batman_ext' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
  69. bat_iface: bat-{{ site }}-ext
  70. {% else %}
  71. bat_iface: bat-{{ site }}
  72. {% endif %}
  73. peer_limit: {{ salt['pillar.get']('nodes:' ~ grains['id'] ~ ':fastd:peer_limit', False) }}
  74. - require:
  75. - file: /etc/fastd/{{ instance_name }}
  76. - watch_in:
  77. /etc/fastd/{{ instance_name }}/secret.conf:
  78. file.managed:
  79. - source: salt://fastd/secret.conf.tmpl
  80. - template: jinja
  81. secret: {{ salt['pillar.get']('nodes:' ~ grains['id'] ~ ':fastd:' ~ network_type + '_privkey') }}
  82. - mode: 600
  83. - user: root
  84. - group: root
  85. - require:
  86. - file: /etc/fastd/{{ instance_name }}
  87. # Create systemd start link
  88. fastd@{{ instance_name }}:
  89. service.running:
  90. - enable: True
  91. - reload: True
  92. - require:
  93. - file: /etc/systemd/system/fastd@.service
  94. - file: /etc/fastd/{{ instance_name }}/fastd.conf
  95. - file: /etc/fastd/{{ instance_name }}/secret.conf
  96. - service: fastd
  97. - watch:
  98. - file: /etc/fastd/{{ instance_name }}/fastd.conf
  99. - file: /etc/fastd/{{ instance_name }}/secret.conf
  100. {% if network in ['nodes4', 'nodes6'] %}
  101. - git: peers-git
  102. {% else %}
  103. - file: /etc/fastd/{{ instance_name }}/gateways/*
  104. {% endif %}
  105. {% endfor %} # // foreach network in $site
  106. #
  107. # Generate Inter-GW peers from pillar
  108. /etc/fastd/{{ site }}_intergw/gateways:
  109. file.directory:
  110. - makedirs: true
  111. - mode: 755
  112. - require:
  113. - file: /etc/fastd/{{ site }}_intergw
  114. #
  115. # Set up Inter-Gw-VPN link to all nodes of this site
  116. {% set has_ipv6 = False %}
  117. {% set node_config = salt['pillar.get']('nodes:' ~ grains['id']) %}
  118. {% if salt['ffho_net.get_node_iface_ips'](node_config, 'vrf_external')['v6']|length %}
  119. {% set has_ipv6 = True %}
  120. {% endif %}
  121. {% for node, node_config in salt['pillar.get']('nodes').items ()|sort %}
  122. /etc/fastd/{{ site }}_intergw/gateways/{{ node }}:
  123. {% if site in node_config.get ('sites', {}) and 'fastd' in node_config %}
  124. file.managed:
  125. - source: salt://fastd/inter-gw.peer.tmpl
  126. - template: jinja
  127. site: {{ site }}
  128. site_no: {{ site_no }}
  129. has_ipv6: {{ has_ipv6 }}
  130. node: {{ node }}
  131. pubkey: {{ salt['pillar.get']('nodes:' ~ node ~ ':fastd:intergw_pubkey') }}
  132. - require:
  133. - file: /etc/fastd/{{ site }}_intergw/gateways
  134. {% else %}
  135. file.absent
  136. {% endif %}
  137. {% endfor %} # // foreach node
  138. {% endfor %} # // foreach site
  139. #
  140. # Cleanup configurations for previosly configured instances.
  141. # Stop fastd instance before purging the configuration.
  142. {% for site in sites_all if site not in sites_node %}
  143. {% for network in ['intergw', 'nodes4', 'nodes6'] %}
  144. {% set instance_name = site ~ '_' ~ network %}
  145. Cleanup /etc/fastd/{{ instance_name }}:
  146. file.absent:
  147. - name: /etc/fastd/{{ instance_name }}
  148. # Create systemd start link
  149. Stop fastd@{{ instance_name }}:
  150. service.running:
  151. - enable: False
  152. - reload: False
  153. - prereq:
  154. - file: Cleanup /etc/fastd/{{ instance_name }}
  155. {% endfor %}
  156. {% endfor %}
  157. /usr/local/bin/ff_log_vpnpeer:
  158. file.managed:
  159. - source: salt://fastd/ff_log_vpnpeer
  160. - template: jinja
  161. - mode: 755
  162. ff_fastd_con_pkgs:
  163. pkg.installed:
  164. - pkgs:
  165. - socat
  166. - jq
  167. /usr/local/bin/ff_fastd_conn:
  168. file.managed:
  169. - source: salt://fastd/ff_fastd_con
  170. - mode: 755
  171. - user: root
  172. - group: root