From 13df7542d379e8edae3b161d8efdfba7af0a88ce Mon Sep 17 00:00:00 2001 From: Tobias Schramm Date: Tue, 2 May 2017 22:22:35 +0200 Subject: [PATCH 01/10] Add second backbone/intergw fastd instance --- README.md | 5 +++++ manifests/init.pp | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/README.md b/README.md index bdf30cd..73928c3 100644 --- a/README.md +++ b/README.md @@ -118,6 +118,11 @@ ffnord::mesh { , '10.35.15.1' , '10.35.20.1' ], + + fastd_igw_secret => "/root/fastd_igw_secret.key", + fastd_port => 11281, + fastd_peers_git => 'git://somehost/peersigw.git', + igw_mtu => '1280', } ffnord::named::zone { diff --git a/manifests/init.pp b/manifests/init.pp index 89c44e6..3148783 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -18,6 +18,13 @@ $dhcp_ranges = [], # dhcp pool $dns_servers = [], # other dns servers in your network $mesh_hop_penalty = 60, # hop_penalty for gateway hops + + $fastd_igw_peers_git, # fastd inter gateway peers + $fastd_igw_secret, # fastd inter gateway secret + $fastd_igw_port, # fastd inter gateway port + + $igw_mtu, # fastd inter gateway verification override + $igw_hop_penalty = 60, # hop_penalty for inter gateway traffic ) { # TODO We should handle parameters in a param class pattern. @@ -76,6 +83,18 @@ fastd_peers_git => $fastd_peers_git, fastd_verify => $fastd_verify; } -> + ffnord::fastd { "fastd_igw_${mesh_code}": + mesh_code => igw-$mesh_code, + mesh_interface => igw-$mesh_code, + mesh_mac => $mesh_mac, + mesh_hop_penalty=> $igw_hop_penalty, + vpn_mac => $vpn_mac, + mesh_mtu => $igw_mtu, + fastd_secret => $fastd_igw_secret, + fastd_port => $fastd_igw_port, + fastd_peers_git => $fastd_igw_peers_git, + fastd_verify => $fastd_igw_verify; + } -> ffnord::radvd { "br-${mesh_code}": mesh_ipv6_address => $mesh_ipv6_address, mesh_ipv6_prefix => $mesh_ipv6_prefix, From b94be01ac68a29877f1ab99e43812b58b92f1c15 Mon Sep 17 00:00:00 2001 From: Tobias Schramm Date: Tue, 2 May 2017 22:37:16 +0200 Subject: [PATCH 02/10] Fix string expansion --- manifests/init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 3148783..a7c8370 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -84,8 +84,8 @@ fastd_verify => $fastd_verify; } -> ffnord::fastd { "fastd_igw_${mesh_code}": - mesh_code => igw-$mesh_code, - mesh_interface => igw-$mesh_code, + mesh_code => "igw-${mesh_code}", + mesh_interface => "igw-${mesh_code}", mesh_mac => $mesh_mac, mesh_hop_penalty=> $igw_hop_penalty, vpn_mac => $vpn_mac, From 0731f35086b1f6daff5cab421f76f98061706ba4 Mon Sep 17 00:00:00 2001 From: Tobias Schramm Date: Tue, 2 May 2017 22:42:39 +0200 Subject: [PATCH 03/10] Add backbone mesh verification override --- manifests/init.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/init.pp b/manifests/init.pp index a7c8370..59d250c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -22,6 +22,7 @@ $fastd_igw_peers_git, # fastd inter gateway peers $fastd_igw_secret, # fastd inter gateway secret $fastd_igw_port, # fastd inter gateway port + $fastd_igw_verify = '', # fastd backbone verification override $igw_mtu, # fastd inter gateway verification override $igw_hop_penalty = 60, # hop_penalty for inter gateway traffic From bec6468ab92d42c79f6b2b3972f3767131acbcf0 Mon Sep 17 00:00:00 2001 From: Tobias Schramm Date: Tue, 2 May 2017 23:05:12 +0200 Subject: [PATCH 04/10] Add separate variable for batman interface code --- manifests/fastd.pp | 1 + manifests/init.pp | 2 ++ 2 files changed, 3 insertions(+) diff --git a/manifests/fastd.pp b/manifests/fastd.pp index 9910a0e..cdf957a 100644 --- a/manifests/fastd.pp +++ b/manifests/fastd.pp @@ -1,4 +1,5 @@ define ffnord::fastd( $mesh_code, + $batman_code, $mesh_interface, # may not be more than 10 characters $mesh_mac, $mesh_hop_penalty = 60, # hop penalty for batman advanced diff --git a/manifests/init.pp b/manifests/init.pp index 59d250c..f853083 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -74,6 +74,7 @@ } -> ffnord::fastd { "fastd_${mesh_code}": mesh_code => $mesh_code, + batman_code => $mesh_code, mesh_interface => $mesh_code, mesh_mac => $mesh_mac, mesh_hop_penalty=> $mesh_hop_penalty, @@ -86,6 +87,7 @@ } -> ffnord::fastd { "fastd_igw_${mesh_code}": mesh_code => "igw-${mesh_code}", + batman_code => $mesh_code, mesh_interface => "igw-${mesh_code}", mesh_mac => $mesh_mac, mesh_hop_penalty=> $igw_hop_penalty, From a612a50a87c97dfe24c5bfae53484cd0903f5309 Mon Sep 17 00:00:00 2001 From: Tobias Schramm Date: Wed, 3 May 2017 00:55:00 +0200 Subject: [PATCH 05/10] Use batman interface code for fastd --- templates/etc/fastd/fastd.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/etc/fastd/fastd.conf.erb b/templates/etc/fastd/fastd.conf.erb index 8e2e1f0..cfb7e10 100644 --- a/templates/etc/fastd/fastd.conf.erb +++ b/templates/etc/fastd/fastd.conf.erb @@ -18,7 +18,7 @@ on verify "<%= @fastd_verify %>"; on up " modprobe batman-adv ip link set address <%= @vpn_mac %> dev $INTERFACE - /usr/sbin/batctl -m bat-<%= @mesh_code %> if add $INTERFACE + /usr/sbin/batctl -m bat-<%= @batman_code %> if add $INTERFACE ip link set address <%= @mesh_mac %> dev bat-<%= @mesh_code %> ifup bat-<%= @mesh_code %> ip link set up dev $INTERFACE From 0ee9691a0ee11b6b46eaaa2160d8c853224bb1a0 Mon Sep 17 00:00:00 2001 From: Tobias Schramm Date: Wed, 3 May 2017 15:36:36 +0200 Subject: [PATCH 06/10] Update documentation Include igw mesh options --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 73928c3..e8b25ed 100644 --- a/README.md +++ b/README.md @@ -119,10 +119,10 @@ ffnord::mesh { , '10.35.20.1' ], - fastd_igw_secret => "/root/fastd_igw_secret.key", - fastd_port => 11281, - fastd_peers_git => 'git://somehost/peersigw.git', - igw_mtu => '1280', + fastd_igw_secret => "/root/fastd_igw_secret.key", + fastd_igw_port => 11281, + fastd_igw_peers_git => 'git://somehost/peersigw.git', + igw_mtu => '1280', } ffnord::named::zone { From 164d0387dfa5c908eeb38742b649744fff4385ef Mon Sep 17 00:00:00 2001 From: Ruben Barkow Date: Tue, 2 May 2017 22:53:45 +0200 Subject: [PATCH 07/10] mesh_mac missing "@" --- templates/etc/network/mesh-bridge.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/etc/network/mesh-bridge.erb b/templates/etc/network/mesh-bridge.erb index a050d53..31cbf05 100644 --- a/templates/etc/network/mesh-bridge.erb +++ b/templates/etc/network/mesh-bridge.erb @@ -2,7 +2,7 @@ auto br-<%= @mesh_code %> iface br-<%= @mesh_code %> inet6 static bridge-ports none - bridge_hw <%= mesh_mac %> + bridge_hw <%= @mesh_mac %> pre-up /sbin/ip -6 rule add pref 31000 iif $IFACE table 42 pre-up /sbin/ip -6 rule add pref 31001 iif $IFACE unreachable post-down /sbin/ip -6 rule del pref 31000 iif $IFACE table 42 From b021a5189d0fae52da98523be8790f78e79b397a Mon Sep 17 00:00:00 2001 From: Ruben Barkow Date: Tue, 2 May 2017 22:59:50 +0200 Subject: [PATCH 08/10] batman-adv.pp: version select - fixed error: global class ffnord used --- manifests/batman-adv.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/batman-adv.pp b/manifests/batman-adv.pp index e243082..bf05687 100644 --- a/manifests/batman-adv.pp +++ b/manifests/batman-adv.pp @@ -2,7 +2,7 @@ $mesh_code, $mesh_hop_penalty, $batman_it = 5000, - $batman_version = $::class::params::batman_version + $batman_version = $ffnord::params::batman_version ) { include ffnord::resources::batman-adv include ffnord::firewall From 9fe29bea3f154f286f5c72be66eda8811d06eb99 Mon Sep 17 00:00:00 2001 From: Tobias Schramm Date: Thu, 4 May 2017 20:38:40 +0200 Subject: [PATCH 09/10] Make inter gateway vpn optional --- README.md | 1 + manifests/init.pp | 38 +++++++++++++++++++++----------------- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index e8b25ed..f565124 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,7 @@ ffnord::mesh { , '10.35.20.1' ], + fastd_igw_enable => true, fastd_igw_secret => "/root/fastd_igw_secret.key", fastd_igw_port => 11281, fastd_igw_peers_git => 'git://somehost/peersigw.git', diff --git a/manifests/init.pp b/manifests/init.pp index f853083..574c322 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,10 +19,11 @@ $dns_servers = [], # other dns servers in your network $mesh_hop_penalty = 60, # hop_penalty for gateway hops - $fastd_igw_peers_git, # fastd inter gateway peers - $fastd_igw_secret, # fastd inter gateway secret - $fastd_igw_port, # fastd inter gateway port - $fastd_igw_verify = '', # fastd backbone verification override + $fastd_igw_enable = false, # enable fastd inter gateway instance + $fastd_igw_peers_git, # fastd inter gateway peers + $fastd_igw_secret, # fastd inter gateway secret + $fastd_igw_port, # fastd inter gateway port + $fastd_igw_verify = '', # fastd backbone verification override $igw_mtu, # fastd inter gateway verification override $igw_hop_penalty = 60, # hop_penalty for inter gateway traffic @@ -85,19 +86,6 @@ fastd_peers_git => $fastd_peers_git, fastd_verify => $fastd_verify; } -> - ffnord::fastd { "fastd_igw_${mesh_code}": - mesh_code => "igw-${mesh_code}", - batman_code => $mesh_code, - mesh_interface => "igw-${mesh_code}", - mesh_mac => $mesh_mac, - mesh_hop_penalty=> $igw_hop_penalty, - vpn_mac => $vpn_mac, - mesh_mtu => $igw_mtu, - fastd_secret => $fastd_igw_secret, - fastd_port => $fastd_igw_port, - fastd_peers_git => $fastd_igw_peers_git, - fastd_verify => $fastd_igw_verify; - } -> ffnord::radvd { "br-${mesh_code}": mesh_ipv6_address => $mesh_ipv6_address, mesh_ipv6_prefix => $mesh_ipv6_prefix, @@ -116,6 +104,22 @@ ip_prefixlen => $mesh_ipv6_prefixlen; } + if $fastd_igw_enable { + Class['ffnord::ntp'] -> ffnord::fastd { "fastd_igw_${mesh_code}": + mesh_code => "igw-${mesh_code}", + batman_code => $mesh_code, + mesh_interface => "igw-${mesh_code}", + mesh_mac => $mesh_mac, + mesh_hop_penalty=> $igw_hop_penalty, + vpn_mac => $vpn_mac, + mesh_mtu => $igw_mtu, + fastd_secret => $fastd_igw_secret, + fastd_port => $fastd_igw_port, + fastd_peers_git => $fastd_igw_peers_git, + fastd_verify => $fastd_igw_verify; + } + } + if $ffnord::params::include_bird6 { ffnord::bird6::mesh { "bird6-${mesh_code}": mesh_code => $mesh_code, From 8d3d7c127df16fbdf70d93fdf0fe7e0a5479d6b8 Mon Sep 17 00:00:00 2001 From: Tobias Schramm Date: Fri, 5 May 2017 04:59:25 +0200 Subject: [PATCH 10/10] Make inter gateway mesh parameters optional --- manifests/init.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 574c322..8ae3fd6 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -20,12 +20,12 @@ $mesh_hop_penalty = 60, # hop_penalty for gateway hops $fastd_igw_enable = false, # enable fastd inter gateway instance - $fastd_igw_peers_git, # fastd inter gateway peers - $fastd_igw_secret, # fastd inter gateway secret - $fastd_igw_port, # fastd inter gateway port + $fastd_igw_peers_git = '', # fastd inter gateway peers + $fastd_igw_secret = '', # fastd inter gateway secret + $fastd_igw_port = 11281, # fastd inter gateway port $fastd_igw_verify = '', # fastd backbone verification override - $igw_mtu, # fastd inter gateway verification override + $igw_mtu = 1448, # fastd inter gateway mtu $igw_hop_penalty = 60, # hop_penalty for inter gateway traffic ) {