init.sls 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160
  1. #
  2. # Fastd for gateways
  3. #
  4. include:
  5. - network
  6. {% set sites_all = pillar.get ('sites') %}
  7. {% set node_config = salt['pillar.get']('nodes:' ~ grains.id, {}) %}
  8. {% set sites_node = node_config.get('sites', {}) %}
  9. {% set device_no = node_config.get('id', -1) %}
  10. # Install fastd
  11. fastd:
  12. pkg.installed:
  13. - name: fastd
  14. {% if grains.oscodename in ['jessie'] %}
  15. - fromrepo: {{ grains.oscodename }}-backports
  16. {% endif %}
  17. service.dead:
  18. - enable: False
  19. /etc/systemd/system/fastd@.service:
  20. file.managed:
  21. - source: salt://fastd/fastd@.service
  22. /etc/fastd:
  23. file.directory:
  24. - user: root
  25. - group: root
  26. - mode: 711
  27. require:
  28. - pkg: fastd
  29. #
  30. # Is this instance to be used by external clients?
  31. {% if 'fastd_peers' in node_config.get ('roles', []) %}
  32. # publish blacklist
  33. /etc/fastd/peers-blacklist:
  34. file.managed:
  35. - source: salt://fastd/peers-blacklist
  36. - user: root
  37. - group: root
  38. - mode: 644
  39. - require:
  40. - file: /etc/fastd
  41. /etc/fastd/verify-peer.sh:
  42. file.managed:
  43. - source: salt://fastd/verify-peer.sh
  44. - user: root
  45. - group: root
  46. - mode: 744
  47. - require:
  48. - file: /etc/fastd
  49. {% endif %}
  50. #
  51. # Set up fastd configuration for every network (nodes4, nodes6, intergw-vpn)
  52. # for every site associated for the current minion ID.
  53. #
  54. {% for site in sites_all %}
  55. {% set networks_absent = [] %}
  56. {% set networks_present = [] %}
  57. {% set site_no = sites_all.get(site, {}).get('site_no') %}
  58. {% if site in sites_node %}
  59. {% do networks_present.extend(['intergw']) %}
  60. {% if 'fastd_peers' in node_config.get('roles', []) %}
  61. {% do networks_present.extend(['nodes4', 'nodes6']) %}
  62. {% else %}
  63. {% do networks_absent.extend(['nodes4', 'nodes6']) %}
  64. {% endif %}
  65. {% else %}
  66. {% do networks_absent.extend(['intergw', 'nodes4', 'nodes6']) %}
  67. {% endif %}
  68. {% for network in networks_present %}
  69. {% set network_type = 'nodes' if network.startswith ('nodes') else network %}
  70. {% set instance_name = site ~ '_' ~ network %}
  71. {% set mac_address = salt['ffho_net.gen_batman_iface_mac'](site_no, device_no, network) %}
  72. /etc/fastd/{{ instance_name }}:
  73. file.directory:
  74. - makedirs: true
  75. - mode: 755
  76. - require:
  77. - file: /etc/fastd
  78. /etc/fastd/{{ instance_name }}/fastd.conf:
  79. file.managed:
  80. - source: salt://fastd/fastd.conf
  81. - template: jinja
  82. network: {{ network }}
  83. network_type: {{ network_type }}
  84. secret: {{ node_config.get('fastd', {}).get(network_type ~ '_privkey') }}
  85. site: {{ site }}
  86. site_no: {{ site_no }}
  87. mac_address: {{ mac_address }}
  88. {% if 'batman_ext' in node_config.get('roles', []) %}
  89. bat_iface: bat-{{ site }}-ext
  90. {% else %}
  91. bat_iface: bat-{{ site }}
  92. {% endif %}
  93. peer_limit: {{ node_config.get('fastd', {}).get('peer_limit', False) }}
  94. - require:
  95. - file: /etc/fastd/{{ instance_name }}
  96. /etc/fastd/{{ instance_name }}/secret.conf:
  97. file.absent
  98. # Create systemd start link
  99. fastd@{{ instance_name }}:
  100. service.running:
  101. - enable: True
  102. - require:
  103. - file: /etc/systemd/system/fastd@.service
  104. - file: /etc/fastd/{{ instance_name }}/fastd.conf
  105. - service: fastd
  106. - watch:
  107. - file: /etc/fastd/{{ instance_name }}/fastd.conf
  108. {% endfor %}{# for network in networks #}
  109. #
  110. # Cleanup configurations for previosly configured instances.
  111. # Stop fastd instance before purging the configuration.
  112. {% for network in networks_absent %}
  113. {% set instance_name = site ~ '_' ~ network %}
  114. Cleanup /etc/fastd/{{ instance_name }}:
  115. file.absent:
  116. - name: /etc/fastd/{{ instance_name }}
  117. # stop fastd service
  118. Stop fastd@{{ instance_name }}:
  119. service.dead:
  120. - name: fastd@{{ instance_name }}
  121. - enable: False
  122. - prereq:
  123. - file: Cleanup /etc/fastd/{{ instance_name }}
  124. {% endfor %}
  125. {% endfor %}{# for site in sites_all #}
  126. ff_fastd_con_pkgs:
  127. pkg.installed:
  128. - pkgs:
  129. - socat
  130. - jq
  131. /usr/local/bin/ff_fastd_conn:
  132. file.managed:
  133. - source: salt://fastd/ff_fastd_con
  134. - mode: 755
  135. - user: root
  136. - group: root