Skip to content

Commit

Permalink
Allgemein: Ubuntu 18.04 hat standardmäßig kein ifupdown sondern benut…
Browse files Browse the repository at this point in the history 
…zt Netplan. ifupdown muss nachinstalliert werden. Das betrifft backbone_gre_ffrl, backbone_gre_intern, gateways_batman, gateways_gre_upstream, gateways_gretap, mapserver_interfaces

- bird: Debian 8-Unterstützung entfernt, ansible-lint Warnungen behoben
- common: Debian 8-Unterstützung entfernt, ansible-lint Warnungen behoben
- gateways_l2tp_slovenija: unbenutzte Handler entfernt, Debian 8-Unterstützung entfernt, ansible-lint Warnungen behoben
- nrpe: In Ubuntu 16.04 gibt es das Paket dhcp-pools nicht, daher nicht versuchen es zu installieren
- py_respondd: Abhängigkeiten für Ubuntu 16.04 und 18.04 repariert, ansible-lint Warnungen behoben, service erst nach network.target starten
- gateways_dhcp: Nicht benötigten isc-dhcp-server6.service (gibt's nur in Ubuntu) deaktivieren
  • Loading branch information
@citronalco
citronalco committed Dec 1, 2019
1 parent e70271a commit ea2e1d0
Show file tree
Hide file tree
Showing 16 changed files with 106 additions and 118 deletions.
4 changes: 4 additions & 0 deletions backbone_gre_ffrl/tasks/main.yml
View file
Expand Up @@ -2,6 +2,10 @@
# Tasks for network interfaces

# adding ffrl natv4 address to loopback adapter
- name: Install ifupdown
apt:
pkg: 'ifupdown'

- name: Create interfaces - add ffrl to loopback
lineinfile:
dest='/etc/network/interfaces'
Expand Down
4 changes: 4 additions & 0 deletions backbone_gre_intern/tasks/main.yml
View file
@@ -1,4 +1,8 @@
---
- name: Install ifupdown
apt:
pkg: 'ifupdown'

- name: Tunnels between backbones
template: src="gre_interbackbone.j2" dest="/etc/network/interfaces.d/42_gre_interbackbone.cfg"
notify: restart networking
Expand Down
33 changes: 8 additions & 25 deletions bird/tasks/main.yml
View file
@@ -1,38 +1,21 @@
---
# Role for configure bird and bird6 for our gateway servers.
- name: Add repo key for bird (Debian 8 only)
apt_key:
url: https://bird.network.cz/debian/apt.gpg
when: ansible_distribution == "Debian" and ansible_distribution_major_version == "8"

- name: add bird repo (Debian 8 only)
apt_repository:
repo: "deb [trusted=yes] http://bird.network.cz/debian/ {{ ansible_distribution_release }} main"
state: present
when: ansible_distribution == "Debian" and ansible_distribution_major_version == "8"

- name: install bird and other required packets (Debian 8 only)
apt:
pkg: ['bird', 'bird6', 'ipcalc']
update_cache: yes
cache_valid_time: 1800
state: present
when: ansible_distribution == "Debian" and ansible_distribution_major_version == "8"

- name: install bird and other required packets
apt:
pkg: ['bird', 'ipcalc']
update_cache: yes
name: ['bird', 'ipcalc']
cache_valid_time: 1800
state: present
when: not (ansible_distribution == "Debian" and ansible_distribution_major_version == "8")

- name: calculate more specific routes for DHCP pools
shell: ipcalc {{ domaenenliste[item].dhcp_start }} - {{ domaenenliste[item].dhcp_ende}} | grep -v "deaggregate" | sed -e 's/\(^.*$\)/route \1 via "bat{{item}}";/g'
shell: |
set -o pipefail
ipcalc {{ domaenenliste[item].dhcp_start }} - {{ domaenenliste[item].dhcp_ende }} | \
grep -v "deaggregate" | sed -e 's/\(^.*$\)/route \1 via "bat{{ item }}";/g'
args:
executable: bash
check_mode: no
changed_when: false
register: more_specific_routes
with_items: "{{domaenenliste | default([])}}"
with_items: "{{ domaenenliste | default([]) }}"
when: domaenenliste is defined

- name: configure bird.conf
Expand Down
8 changes: 5 additions & 3 deletions common/handlers/main.yml
View file
@@ -1,10 +1,12 @@
- name: reload sshd
shell: systemctl reload ssh
systemd:
name: ssh
state: reloaded

- name: reload resolv config
shell: resolvconf -u
command: resolvconf -u

- name: restart journald
service:
systemd:
name: systemd-journald
state: restarted
37 changes: 11 additions & 26 deletions common/tasks/main.yml
View file
Expand Up @@ -27,9 +27,9 @@

- name: install common packages
apt:
pkg: ['vim', 'wget', 'vnstat', 'tmux', 'pastebinit', 'htop', 'jnettop', 'iotop', 'tcpdump', 'screen', 'strace', 'socat', 'dnsutils', 'host', 'apt-transport-https', 'tshark', 'dwdiff', 'molly-guard', 'git', 'iperf3', 'mtr-tiny', 'dhcpdump', 'dhcping', 'irqbalance', 'build-essential', 'ethtool']
name: ['vim', 'wget', 'vnstat', 'tmux', 'pastebinit', 'htop', 'jnettop', 'iotop', 'tcpdump', 'screen', 'strace', 'socat', 'dnsutils', 'host',
'apt-transport-https', 'tshark', 'dwdiff', 'molly-guard', 'git', 'iperf3', 'mtr-tiny', 'dhcpdump', 'dhcping', 'irqbalance', 'build-essential', 'ethtool']
update_cache: yes
state: present

- name: uninstall unneeded packages
apt:
Expand All @@ -50,7 +50,8 @@
line: "PasswordAuthentication no"
notify: reload sshd

- locale_gen: name=de_DE.UTF-8 state=present
- name: Unterstützung für deutsche Sprache aktivieren
locale_gen: name=de_DE.UTF-8 state=present

- name: "Get all files in /etc/logrotate.d/"
raw: find /etc/logrotate.d/ -type f
Expand All @@ -60,17 +61,17 @@

- name: "Update logrotate cycle in /etc/logrotate.d/"
replace:
dest: "{{item}}"
dest: "{{ item }}"
regexp: 'daily|weekly|monthly'
replace: '{{logrotate.cycle}}'
with_items: "{{logrotate_files.stdout_lines}}"
replace: '{{ logrotate.cycle }}'
with_items: "{{ logrotate_files.stdout_lines }}"

- name: "Update logrotate count in /etc/logrotate.d/"
replace:
dest: "{{item}}"
dest: "{{ item }}"
regexp: 'rotate[ \t]+[0-9]+'
replace: 'rotate {{logrotate.count}}'
with_items: "{{logrotate_files.stdout_lines}}"
replace: 'rotate {{ logrotate.count }}'
with_items: "{{ logrotate_files.stdout_lines }}"

- name: Logrotate Rotationszyklus und Anzahl anpassen
template:
Expand Down Expand Up @@ -100,28 +101,12 @@
dest: /etc/systemd/journald.conf
regexp: "^[#]?MaxRetentionSec"
line: "MaxRetentionSec={{ logrotate.count }}week"
when: journald_conf.stat.exists == True
when: journald_conf.stat.exists
notify: restart journald

- name: Setze Timeout für das stopen von Interfaces
lineinfile:
dest: /lib/systemd/system/networking.service.d/network-pre.conf
line: "[Service]"
state: present
when: ansible_distribution == "Debian" and ansible_distribution_major_version == "8"

- name: Setze Timeout für das stopen von Interfaces
lineinfile:
dest: /lib/systemd/system/networking.service.d/network-pre.conf
regexp: "^TimeoutStopSec="
line: "TimeoutStopSec=60"
state: present
when: ansible_distribution == "Debian" and ansible_distribution_major_version == "8"

- name: vnstat Bandbreiten limit auf 1000 Mbit erhöhen.
lineinfile:
dest: /etc/vnstat.conf
regexp: "^MaxBandwidth"
line: "MaxBandwidth 1000"
state: present

5 changes: 4 additions & 1 deletion gateways_batman/tasks/main.yml
View file
@@ -1,8 +1,11 @@
- name: Installiere ifupdown
apt:
pkg: 'ifupdown'

# install package bridge-utils
- name: bridge-utils-Paket installieren
apt:
pkg: ['bridge-utils']
state: present

# creating batman interface
- name: Create interfaces - batman file
Expand Down
5 changes: 5 additions & 0 deletions gateways_dhcp/tasks/main.yml
View file
Expand Up @@ -55,3 +55,8 @@
dest: /etc/systemd/system/isc-dhcp-server.service.d/ansible-managed.conf
notify:
- reread systemd configs

- name: disable ISC DHCP IPv6 server
service: name=isc-dhcp-server6 enabled=no
when: ansible_distribution == 'Ubuntu' and (ansible_distribution_version == '16.04' or ansible_distribution_version == '18.04')

4 changes: 4 additions & 0 deletions gateways_gre_upstream/tasks/main.yml
View file
@@ -1,4 +1,8 @@
---
- name: Installiere ifupdown
apt:
pkg: 'ifupdown'

- name: let read interfaces from interfaces
lineinfile: dest="/etc/network/interfaces" line="source /etc/network/interfaces.d/*"
notify:
Expand Down
4 changes: 4 additions & 0 deletions gateways_gretap/tasks/main.yml
View file
@@ -1,6 +1,10 @@
---
# Tasks for getap network interfaces

- name: Install ifupdown
apt:
pkg: 'ifupdown'

# create file for gre interfaces
- name: Create interfaces - inter_gre file
template: src="gretap.j2" dest="/etc/network/interfaces.d/30_gretap.cfg"
Expand Down
10 changes: 2 additions & 8 deletions gateways_l2tp_slovenija/handlers/main.yml
View file
@@ -1,12 +1,6 @@
- name: load kernel modules
shell: /etc/init.d/kmod start || true

- name: restart networking
shell: systemctl restart networking; if systemctl -q is-active isc-dhcp-server; then systemctl restart isc-dhcp-server; fi; if systemctl -q is-active kea-dhcp4.service; then systemctl restart kea-dhcp4.service; fi; if systemctl -q is-active tunneldigger; then systemctl restart tunneldigger; fi

- name: restart tunneldigger per domain
service: name="tunneldigger@{{item.key}}.service" state=restarted
with_dict: "{{domaenenliste}}"

- name: restart tunneldigger
service: name=tunneldigger.service state=restarted
systemd: name="tunneldigger@{{ item.key }}.service" state=restarted
with_dict: "{{ domaenenliste }}"
57 changes: 26 additions & 31 deletions gateways_l2tp_slovenija/tasks/main.yml
View file
@@ -1,45 +1,39 @@
- name: Install dependencies for this role
apt:
pkg: ['bridge-utils', 'ebtables', 'python-pip', 'python-virtualenv', 'libnfnetlink-dev', 'libnetfilter-conntrack-dev', 'libffi-dev']
state: present
pkg: ['git', 'libnetfilter-conntrack-dev', 'libnfnetlink-dev', 'python-dev', 'python-virtualenv', 'gcc',
'libnl-3-dev', 'libffi-dev', 'libevent-dev', 'libnetfilter-conntrack3', 'bridge-utils', 'ebtables', 'iproute2']
when: domaenenliste is defined

- name: Install Debian 8 dependencies for this role
apt:
pkg: ['iproute', 'libnetfilter-conntrack3', 'libnetfilter-conntrack-dev', 'python-dev', 'libevent-dev', 'libnl-3-dev', 'gcc']
state: present
when: ansible_distribution == 'Debian' and ansible_distribution_version == '8' and domaenenliste is defined

- name: Install Ubuntu / Debian 10 dependencies for this role
apt:
pkg: ['iproute2', 'libnetfilter-conntrack3', 'python-dev', 'libevent-dev', 'libnl-3-dev']
state: present
when: (ansible_distribution == 'Ubuntu' and ansible_distribution_version == '18.04') or (ansible_distribution == 'Debian' and ansible_distribution_version == '10') and domaenenliste is defined

- name: Get all enabled tunneldigger (domain specific) instances
shell: '/bin/ls /etc/systemd/system/multi-user.target.wants/tunneldigger@* | grep -oE "[0-9]+"'
shell: |
set -o pipefail
/bin/ls /etc/systemd/system/multi-user.target.wants/tunneldigger@* | grep -oE "[0-9]+"
args:
executable: bash
changed_when: False
failed_when: False
check_mode: no
register: _td_domain_instances
when: domaenenliste is defined

- name: Stop and disable obsolete td instances
service: name="tunneldigger@{{item}}.service" enabled=no state=stopped
with_items: "{{_td_domain_instances.stdout_lines}}"
service: name="tunneldigger@{{ item }}.service" enabled=no state=stopped
with_items: "{{ _td_domain_instances.stdout_lines }}"
when: domaenenliste is defined and item not in domaenenliste

- name: Clone tunneldigger
- name: Clone tunneldigger
git:
repo: https://github.com/wlanslovenija/tunneldigger
dest: /srv/tunneldigger
force: yes
update: yes
# version: 18f365f329795400f4d7a101a6d45bc859100144
when: domaenenliste is defined
tags:
- skip_ansible_lint

- name: generate virtualenv.
shell: "virtualenv env_tunneldigger"
command:
"virtualenv env_tunneldigger"
args:
chdir: /srv/tunneldigger/
creates: "/srv/tunneldigger/env_tunneldigger/bin/python"
Expand All @@ -52,14 +46,14 @@
when: domaenenliste is defined

- name: Deploy addif.sh for each domain
template: src=addif.sh.j2 dest="/srv/tunneldigger/broker/scripts/addif_domain{{item.key}}.sh" mode=0755
with_dict: "{{domaenenliste}}"
template: src=addif.sh.j2 dest="/srv/tunneldigger/broker/scripts/addif_domain{{ item.key }}.sh" mode=0755
with_dict: "{{ domaenenliste }}"
when: domaenenliste is defined

- name: Deploy delif.sh for each domain
template: src=delif.sh.j2 dest="/srv/tunneldigger/broker/scripts/delif_domain{{item.key}}.sh" mode=0755
with_dict: "{{domaenenliste}}"
when:
template: src=delif.sh.j2 dest="/srv/tunneldigger/broker/scripts/delif_domain{{ item.key }}.sh" mode=0755
with_dict: "{{ domaenenliste }}"
when:
- domaenenliste is defined

- name: Create sperrliste.txt if not exists
Expand All @@ -74,29 +68,30 @@
when: domaenenliste is defined

- name: Deploy l2tp_broker.cfg for each domain
template: src="l2tp_broker.cfg.j2" dest="/srv/tunneldigger/broker/l2tp_broker_domain{{item.key}}.cfg"
template: src="l2tp_broker.cfg.j2" dest="/srv/tunneldigger/broker/l2tp_broker_domain{{ item.key }}.cfg"
notify: restart tunneldigger per domain
with_dict: "{{domaenenliste}}"
with_dict: "{{ domaenenliste }}"
when:
- domaenenliste is defined

- name: Deploy tunneldigger@.service template file
copy: src=tunneldigger@.service dest=/etc/systemd/system/tunneldigger@.service
register: _domain_td_systemd
notify:
- restart tunneldigger per domain
- restart tunneldigger per domain
when:
- domaenenliste is defined

- name: reload systemd
shell: systemctl daemon-reload
systemd:
daemon_reload: yes
when:
- domaenenliste is defined
- _domain_td_systemd.changed

- name: enable all tunneldigger instances
service: name="tunneldigger@{{item.key}}.service" enabled=yes
with_dict: "{{domaenenliste}}"
systemd: name="tunneldigger@{{ item.key }}.service" enabled=yes
with_dict: "{{ domaenenliste }}"
when:
- domaenenliste is defined

Expand Down
3 changes: 3 additions & 0 deletions mapserver_interfaces/tasks/main.yml
View file
@@ -1,3 +1,6 @@
- name: Install ifupdown
apt:
pkg: 'ifupdown'

# creating batman interfaces
- name: Create interfaces - batman file
Expand Down
1 change: 1 addition & 0 deletions nrpe/tasks/main.yml
View file
Expand Up @@ -60,6 +60,7 @@
package:
name: dhcpd-pools
state: present
when: not (ansible_distribution == 'Ubuntu' and ansible_distribution_version == '16.04')

- name: Install check_batip
copy: "src=check_batip dest='/usr/lib/nagios/plugins/check_batip' owner=root group=root mode=a+x"
Expand Down
7 changes: 4 additions & 3 deletions py_respondd/handlers/main.yml
View file
@@ -1,8 +1,9 @@
- name: systemctl reload
shell: systemctl daemon-reload
systemd:
daemon_reload: yes

- name: restart respondd
service:
name: py-respondd.service
systemd:
name: py-respondd.service
state: restarted
enabled: yes

0 comments on commit ea2e1d0

Please sign in to comment.