init.sls 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190
  1. #
  2. # Fastd for gateways
  3. #
  4. {% set sites_all = pillar.get ('sites') %}
  5. {% set sites_node = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':sites', {}) %}
  6. {% set device_no = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':id', -1) %}
  7. include:
  8. - apt
  9. - network.interfaces
  10. {% if 'fastd_peers' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
  11. - fastd.peers
  12. {% endif %}
  13. # Install fastd
  14. fastd:
  15. pkg.installed:
  16. - name: fastd
  17. - require:
  18. - sls: network.interfaces
  19. service.dead:
  20. - enable: False
  21. /etc/systemd/system/fastd@.service:
  22. file.managed:
  23. - source: salt://fastd/fastd@.service
  24. /etc/fastd:
  25. file.directory:
  26. - user: root
  27. - group: root
  28. - mode: 711
  29. require:
  30. - pkg: fastd
  31. #
  32. # Set up fastd configuration for every network (nodes4, nodes6, intergw-vpn)
  33. # for every site associated for the current minion ID.
  34. #
  35. {% for site in sites_node %}
  36. {% set site_no = salt['pillar.get']('sites:' ~ site ~ ':site_no') %}
  37. {% set networks = ['intergw'] %}
  38. {% if 'fastd_peers' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
  39. {% do networks.extend (['nodes4', 'nodes6']) %}
  40. {% endif %}
  41. {% for network in networks %}
  42. {% set network_type = 'nodes' if network.startswith ('nodes') else network %}
  43. {% set instance_name = site ~ '_' ~ network %}
  44. {% set mac_address = salt['ffho_net.gen_batman_iface_mac'](site_no, device_no, network) %}
  45. /etc/fastd/{{ instance_name }}:
  46. file.directory:
  47. - makedirs: true
  48. - mode: 755
  49. - require:
  50. - file: /etc/fastd
  51. /etc/fastd/{{ instance_name }}/fastd.conf:
  52. file.managed:
  53. - source: salt://fastd/fastd.conf
  54. - template: jinja
  55. network: {{ network }}
  56. network_type: {{ network_type }}
  57. site: {{ site }}
  58. site_no: {{ site_no }}
  59. mac_address: {{ mac_address }}
  60. {% if 'batman_ext' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
  61. bat_iface: bat-{{ site }}-ext
  62. {% else %}
  63. bat_iface: bat-{{ site }}
  64. {% endif %}
  65. peer_limit: {{ salt['pillar.get']('nodes:' ~ grains['id'] ~ ':fastd:peer_limit', False) }}
  66. - require:
  67. - file: /etc/fastd/{{ instance_name }}
  68. - watch_in:
  69. /etc/fastd/{{ instance_name }}/secret.conf:
  70. file.managed:
  71. - source: salt://fastd/secret.conf.tmpl
  72. - template: jinja
  73. secret: {{ salt['pillar.get']('nodes:' ~ grains['id'] ~ ':fastd:' ~ network_type + '_privkey') }}
  74. - mode: 600
  75. - user: root
  76. - group: root
  77. - require:
  78. - file: /etc/fastd/{{ instance_name }}
  79. # Create systemd start link
  80. fastd@{{ instance_name }}:
  81. service.running:
  82. - enable: True
  83. - reload: True
  84. - require:
  85. - file: /etc/systemd/system/fastd@.service
  86. - file: /etc/fastd/{{ instance_name }}/fastd.conf
  87. - file: /etc/fastd/{{ instance_name }}/secret.conf
  88. - service: fastd
  89. - watch:
  90. - file: /etc/fastd/{{ instance_name }}/fastd.conf
  91. - file: /etc/fastd/{{ instance_name }}/secret.conf
  92. {% if network in ['nodes4', 'nodes6'] %}
  93. - git: peers-git
  94. {% else %}
  95. - file: /etc/fastd/{{ instance_name }}/gateways/*
  96. {% endif %}
  97. {% endfor %} # // foreach network in $site
  98. #
  99. # Generate Inter-GW peers from pillar
  100. /etc/fastd/{{ site }}_intergw/gateways:
  101. file.directory:
  102. - makedirs: true
  103. - mode: 755
  104. - require:
  105. - file: /etc/fastd/{{ site }}_intergw
  106. #
  107. # Set up Inter-Gw-VPN link to all nodes of this site
  108. {% set has_ipv6 = False %}
  109. {% set node_config = salt['pillar.get']('nodes:' ~ grains['id']) %}
  110. {% if salt['ffho_net.get_node_iface_ips'](node_config, 'vrf_external')['v6']|length %}
  111. {% set has_ipv6 = True %}
  112. {% endif %}
  113. {% for node, node_config in salt['pillar.get']('nodes').items ()|sort %}
  114. /etc/fastd/{{ site }}_intergw/gateways/{{ node }}:
  115. {% if site in node_config.get ('sites', {}) and 'fastd' in node_config %}
  116. file.managed:
  117. - source: salt://fastd/inter-gw.peer.tmpl
  118. - template: jinja
  119. site: {{ site }}
  120. site_no: {{ site_no }}
  121. has_ipv6: {{ has_ipv6 }}
  122. node: {{ node }}
  123. pubkey: {{ salt['pillar.get']('nodes:' ~ node ~ ':fastd:intergw_pubkey') }}
  124. - require:
  125. - file: /etc/fastd/{{ site }}_intergw/gateways
  126. {% else %}
  127. file.absent
  128. {% endif %}
  129. {% endfor %} # // foreach node
  130. {% endfor %} # // foreach site
  131. #
  132. # Cleanup configurations for previosly configured instances.
  133. # Stop fastd instance before purging the configuration.
  134. {% for site in sites_all if site not in sites_node %}
  135. {% for network in ['intergw', 'nodes4', 'nodes6'] %}
  136. {% set instance_name = site ~ '_' ~ network %}
  137. Cleanup /etc/fastd/{{ instance_name }}:
  138. file.absent:
  139. - name: /etc/fastd/{{ instance_name }}
  140. # stop fastd service
  141. Stop fastd@{{ instance_name }}:
  142. service.dead:
  143. - name: fastd@{{ instance_name }}
  144. - enable: False
  145. - prereq:
  146. - file: Cleanup /etc/fastd/{{ instance_name }}
  147. {% endfor %}
  148. {% endfor %}
  149. /usr/local/bin/ff_log_vpnpeer:
  150. file.managed:
  151. - source: salt://fastd/ff_log_vpnpeer
  152. - template: jinja
  153. - mode: 755
  154. ff_fastd_con_pkgs:
  155. pkg.installed:
  156. - pkgs:
  157. - socat
  158. - jq
  159. /usr/local/bin/ff_fastd_conn:
  160. file.managed:
  161. - source: salt://fastd/ff_fastd_con
  162. - mode: 755
  163. - user: root
  164. - group: root