rklein
/
ffho-salt-public
forked from FreifunkHochstift/ffho-salt-public


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190
							#
# Fastd for gateways
#

{% set sites_all = pillar.get ('sites') %}
{% set sites_node = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':sites', {}) %}
{% set device_no = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':id', -1) %}

include:
  - apt
  - network.interfaces
{% if 'fastd_peers' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
  - fastd.peers
{% endif %}


# Install fastd
fastd:
  pkg.installed:
    - name: fastd
    - require:
      - sls: network.interfaces
  service.dead:
    - enable: False

/etc/systemd/system/fastd@.service:
  file.managed:
    - source: salt://fastd/fastd@.service

/etc/fastd:
  file.directory:
    - user: root
    - group: root
    - mode: 711
  require:
    - pkg: fastd

#
# Set up fastd configuration for every network (nodes4, nodes6, intergw-vpn)
# for every site associated for the current minion ID.
#
{% for site in sites_node %}
  {% set site_no = salt['pillar.get']('sites:' ~ site ~ ':site_no') %}

  {% set networks = ['intergw'] %}
  {% if 'fastd_peers' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
    {% do networks.extend (['nodes4', 'nodes6']) %}
  {% endif %}

  {% for network in networks %}
    {% set network_type = 'nodes' if network.startswith ('nodes') else network %}
    {% set instance_name = site ~ '_' ~ network %}
    {% set mac_address = salt['ffho_net.gen_batman_iface_mac'](site_no, device_no, network) %}

/etc/fastd/{{ instance_name }}:
  file.directory:
     - makedirs: true
     - mode: 755
     - require:
       - file: /etc/fastd

/etc/fastd/{{ instance_name }}/fastd.conf:
  file.managed:
    - source: salt://fastd/fastd.conf
    - template: jinja
      network: {{ network }}
      network_type: {{ network_type }}
      site: {{ site }}
      site_no: {{ site_no }}
      mac_address: {{ mac_address }}
    {% if 'batman_ext' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
      bat_iface: bat-{{ site }}-ext
    {% else %}
      bat_iface: bat-{{ site }}
    {% endif %}
      peer_limit: {{ salt['pillar.get']('nodes:' ~ grains['id'] ~ ':fastd:peer_limit', False) }}
    - require:
      - file: /etc/fastd/{{ instance_name }}
    - watch_in:
  
/etc/fastd/{{ instance_name }}/secret.conf:
  file.managed:
    - source: salt://fastd/secret.conf.tmpl
    - template: jinja
      secret: {{ salt['pillar.get']('nodes:' ~ grains['id'] ~ ':fastd:' ~ network_type + '_privkey') }}
    - mode: 600
    - user: root
    - group: root
    - require:
      - file: /etc/fastd/{{ instance_name }}


# Create systemd start link
fastd@{{ instance_name }}:
  service.running:
    - enable: True
    - reload: True
    - require:
      - file: /etc/systemd/system/fastd@.service
      - file: /etc/fastd/{{ instance_name }}/fastd.conf
      - file: /etc/fastd/{{ instance_name }}/secret.conf
      - service: fastd
    - watch:
      - file: /etc/fastd/{{ instance_name }}/fastd.conf
      - file: /etc/fastd/{{ instance_name }}/secret.conf
    {% if network in ['nodes4', 'nodes6'] %}
      - git: peers-git
    {% else %}
      - file: /etc/fastd/{{ instance_name }}/gateways/*
    {% endif %}
  {% endfor %} # // foreach network in $site


#
# Generate Inter-GW peers from pillar
/etc/fastd/{{ site }}_intergw/gateways:
  file.directory:
    - makedirs: true
    - mode: 755
    - require:
      - file: /etc/fastd/{{ site }}_intergw

#
# Set up Inter-Gw-VPN link to all nodes of this site
  {% set has_ipv6 = False %}
  {% set node_config = salt['pillar.get']('nodes:' ~ grains['id']) %}
  {% if  salt['ffho_net.get_node_iface_ips'](node_config, 'vrf_external')['v6']|length %}
    {% set has_ipv6 = True %}
  {% endif %}
  {% for node, node_config in salt['pillar.get']('nodes').items ()|sort  %}
/etc/fastd/{{ site }}_intergw/gateways/{{ node }}:
    {% if site in node_config.get ('sites', {}) and 'fastd' in node_config %}
  file.managed:
    - source: salt://fastd/inter-gw.peer.tmpl
    - template: jinja
      site: {{ site }}
      site_no: {{ site_no }}
      has_ipv6: {{ has_ipv6 }}
      node: {{ node }}
      pubkey: {{ salt['pillar.get']('nodes:' ~ node ~ ':fastd:intergw_pubkey') }}
    - require:
      - file: /etc/fastd/{{ site }}_intergw/gateways
    {% else %}
  file.absent
    {% endif %}
  {% endfor %} # // foreach node
{% endfor %} # // foreach site


#
# Cleanup configurations for previosly configured instances.
# Stop fastd instance before purging the configuration.
{% for site in sites_all if site not in sites_node %}
  {% for network in ['intergw', 'nodes4', 'nodes6'] %}
    {% set instance_name = site ~ '_' ~ network %}
Cleanup /etc/fastd/{{ instance_name }}:
  file.absent:
    - name: /etc/fastd/{{ instance_name }}

# Create systemd start link
Stop fastd@{{ instance_name }}:
  service.running:
    - enable: False
    - reload: False
    - prereq:
      - file: Cleanup /etc/fastd/{{ instance_name }}
  {% endfor %}
{% endfor %}


/usr/local/bin/ff_log_vpnpeer:
  file.managed:
    - source: salt://fastd/ff_log_vpnpeer
    - template: jinja
    - mode: 755


ff_fastd_con_pkgs:
  pkg.installed:
    - pkgs:
      - socat
      - jq

/usr/local/bin/ff_fastd_conn:
  file.managed:
    - source: salt://fastd/ff_fastd_con
    - mode: 755
    - user: root
    - group: root