ffbsee · mart-ffbsee · Apr 15, 2023 · Apr 15, 2023 · Jun 1, 2023 · Jun 1, 2023
diff --git a/files/vxlanbackbone/vxlanbackbone.service b/files/vxlanbackbone/vxlanbackbone.service
@@ -0,0 +1,14 @@
+[Unit]
+# see man systemd.unit
+Description=Starting VXLAN Interfaces
+After=wg-quick@wg-backbone.service
+
+[Service]
+# see man systemd.service, systemd.exec
+Type=oneshot
+ExecStart=/opt/freifunk/vxlan.sh
+StandardOutput=syslog
+StandardError=syslog
+
+[Install]
+WantedBy=multi-user.target
diff --git a/files/vxlanbackbone/vxlanfunctions.sh b/files/vxlanbackbone/vxlanfunctions.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+# Funtions to be used in vxlan startup and check scripts
+
+# Function to check if vxlan interface is already running
+is_vx_running() {
+    if [ ! -f "/sys/class/net/$1/operstate" ];then
+       echo "$1 not up yet"
+       return 1
+    else
+       cat /sys/class/net/$1/operstate | grep -q -v UNKNOWN > /dev/null || return $?
+    fi
+}
+
+# Function to check if vxlan interface is already added to batman-adv interface
+is_vx_added_to_bat() {
+    if ! /usr/local/sbin/batctl if | grep -q "$1: active";then
+       return 1
+    else
+       return 0
+    fi
+}
+
+# Function to check if vxlan interface link is up
+is_vx_link_up() {
+    if ip a show dev $1 | grep -q "state DOWN";then
+       return 1
+    else
+       return 0
+    fi
+}
+
+#Function that returns true if any of the other functions return false
+any_vx_problem() {
+   local vxlanstatus=0
+   if ! is_vx_running "$1"; then
+      vxlanstatus=1
+   fi
+   if ! is_vx_added_to_bat "$1"; then
+      vxlanstatus=1
+   fi
+   if ! is_vx_link_up "$1"; then
+      vxlanstatus=1
+   fi
+   if (($vxlanstatus == 1)); then
+      return 0
+   else
+      return 1
+   fi
+}
diff --git a/freifunk.ffbsee.yml b/freifunk.ffbsee.yml
@@ -97,6 +97,7 @@
     - freifunk-update-script
     - fastd-install
     - fastd-config
+    - vxlanbackbone
 
 - name: Configure network routing for gw
   hosts: freifunk

diff --git a/host_vars/gw01.ffbsee.net.yml b/host_vars/gw01.ffbsee.net.yml
@@ -41,6 +41,12 @@ wan_interface: '{{ wan_base_interface }}{% if wan_vlan_id != "" %}.{{ wan_vlan_i
 wan_ipv4_ip: '144.76.175.21'
 wan_ipv6_network: '2a01:4f8:200:5308::/64'
 
+# variables for wireguard and vxlan backbone
+wireguardipaddress: 'fd42:dead:beef:4::1'
+vxlanmac: '3e:67:8b:1e:8b:ef'
+vxlanendpoints: '\"fd42:dead:beef:4::3\" \"fd42:dead:beef:4::4\" \"fd42:dead:beef:4::5\" \"fd42:dead:beef:4::6\"'
+vxlanbackbonename: 'vxbackbone'
+
 # IPv6 address for nodes autoupdater
 mesh_ipv6_extra_addr: ''
 

diff --git a/host_vars/gw03.ffbsee.net.yml b/host_vars/gw03.ffbsee.net.yml
@@ -20,6 +20,12 @@ wan_vlan_id: ''
 wan_interface: '{{ wan_base_interface }}{% if wan_vlan_id != "" %}.{{ wan_vlan_id }}{% endif %}'
 wan_ipv4_ip: '89.163.145.35'
 
+# variables for wireguard and vxlan backbone
+wireguardipaddress: 'fd42:dead:beef:4::3'
+vxlanmac: 'c2:76:8c:47:62:8b'
+vxlanendpoints: '\"fd42:dead:beef:4::1\" \"fd42:dead:beef:4::4\" \"fd42:dead:beef:4::5\" \"fd42:dead:beef:4::6\"'
+vxlanbackbonename: 'vxbackbone'
+
 fastd_secret_key: ''
 vpn_on_port_443: 'false'
 

diff --git a/host_vars/gw04.ffbsee.net.yml b/host_vars/gw04.ffbsee.net.yml
@@ -20,6 +20,13 @@ wan_vlan_id: ''
 wan_interface: '{{ wan_base_interface }}{% if wan_vlan_id != "" %}.{{ wan_vlan_id }}{% endif %}'
 wan_ipv4_ip: '217.24.203.174'
 
+# variables for wireguard and vxlan backbone
+wireguardipaddress: 'fd42:dead:beef:4::3'
+vxlanmac: 'a6:e8:39:c0:5d:e4'
+vxlanendpoints: '\"fd42:dead:beef:4::1\" \"fd42:dead:beef:4::3\" \"fd42:dead:beef:4::5\" \"fd42:dead:beef:4::6\"'
+vxlanbackbonename: 'vxbackbone'
+
+
 fastd_secret_key: ''
 vpn_on_port_443: 'false'
 

diff --git a/host_vars/map.ffbsee.net.yml b/host_vars/map.ffbsee.net.yml
@@ -4,6 +4,10 @@ gwnumber: '06'
 
 ipv4_mesh_address: '10.15.224.6'
 bat0_mac_address: '86:00:00:2c:de:52'
+wireguardipaddress: 'fd42:dead:beef:4::6'
+vxlanmac: '66:61:17:75:32:af'
+vxlanendpoints: '\"fd42:dead:beef:4::1\" \"fd42:dead:beef:4::3\" \"fd42:dead:beef:4::4\" \"fd42:dead:beef:4::5\"'
+vxlanbackbonename: 'vxbackbone'
 
 ipv6_suffix: ':6'
 ipv6_radv_suffix: ':1'

diff --git a/roles/vxlanbackbone/tasks/main.yml b/roles/vxlanbackbone/tasks/main.yml
@@ -0,0 +1,44 @@
+---
+
+- name: Install vxlan backbone-service 
+  apt:
+    name: 'vxlan-backbone'
+    state: 'latest'
+    update_cache: yes
+    cache_valid_time: 86400
+
+- name: Copy vxlan-backbone systemd service file
+  file:
+    src: 'files/vxlanbackbone/vxlanbackbone.service'
+    dest: '/etc/systemd/system/vxlanbackbone.service'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+
+- name: Copy vxlan-backbone template file
+  file:
+    src: 'templates/vxlan/vxlanbackbone.sh.j2'
+    dest: '/opt/freifunk/vxlanbackbone.sh'
+    owner: 'root'
+    group: 'root'
+    mode: '0744'
+
+- name: Copy vxlan-functions file
+  file:
+    src: 'files/vxlanbackbone/vxlanfunctions.sh'
+    dest: '/opt/freifunk/vxlanfunctions.sh'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+
+- name: start vxlanbackbone
+  systemd:
+    state: started
+    name: vxlanbackbone
+    daemon_reload: yes
+
+- name: enable service vxlanbackbone
+  systemd:
+    name: vxlanbackbone
+    enabled: yes
+    masked: no
diff --git a/templates/freifunk-files/update.sh b/templates/freifunk-files/update.sh
@@ -1,4 +1,5 @@
-#!/bin/sh
+#!/bin/bash
+source /opt/freifunk/vxlanfunctions.sh
 # # This file is generated by ansible
 #
 # This script is called every 5 minutes via crond
@@ -75,15 +76,6 @@ is_running() {
     pidof "$1" > /dev/null || return $?
 }
 
-is_vx_running() {
-    if [ ! -f "/sys/class/net/$1/operstate" ];then
-       echo "$1 not up yet"
-       return 1
-    else
-       cat /sys/class/net/$1/operstate | grep -q -v UNKNOWN > /dev/null || return $?
-    fi
-}
-
 if [ $run_mesh = true ]; then
 
     #make sure batman-adv is loaded
@@ -104,56 +96,14 @@ if [ $run_mesh = true ]; then
                 echo "(I) Start wireguard."
                 systemctl start wg-quick@wg-backbone
     fi
+
+    # Check for vxbackbone and start if needed
 
-    # Check for vx-backbone and start the connections if needed
-    {% if vxlantogw01 == "1" %}
-    if ! is_vx_running "vx-backbone1"; then
-        echo "Setting up vx-backbone1 to Gateway01"
-        /sbin/ip link add vx-backbone1 type vxlan remote fd42:dead:beef:4::1 id 25 dstport 4225
-	/sbin/ip link set dev vx-backbone1 address b5:ee:00:00:01:{{gwnumber}}
-        /sbin/ip link set up dev vx-backbone1
-        /sbin/ip addr flush dev vx-backbone1
-        /sbin/ip link set mtu 1280 dev vx-backbone1
-        /usr/local/sbin/batctl if add vx-backbone1
-	/usr/local/sbin/batctl hardif vx-backbone1 throughput_override 10000mbit
+    if any_vx_problem "vxbackbone"; then
+        echo "vxlan backbone problem detected. Fixing it."
+        systemctl restart vxlanbackbone
     fi
-    {% endif %}
-    {% if vxlantogw03 == "1" %}
-    if ! is_vx_running "vx-backbone3"; then
-        echo "Setting up vx-backbone3"
-        /sbin/ip link add vx-backbone3 type vxlan remote fd42:dead:beef:4::3 id 27 dstport 4225
-        /sbin/ip link set dev vx-backbone3 address b5:ee:00:00:03:{{gwnumber}}
-        /sbin/ip link set up dev vx-backbone3
-        /sbin/ip addr flush dev vx-backbone3
-        /sbin/ip link set mtu 1280 dev vx-backbone3
-        /usr/local/sbin/batctl if add vx-backbone3
-        /usr/local/sbin/batctl hardif vx-backbone3 throughput_override 10000mbit
-    fi
-    {% endif %}
-    {% if vxlantogw04 == "1" %}
-    if ! is_vx_running "vx-backbone4"; then
-        echo "Setting up vx-backbone4 to Gateway04"
-        /sbin/ip link add vx-backbone4 type vxlan remote fd42:dead:beef:4::4 id 27 dstport 4225
-	/sbin/ip link set dev vx-backbone4 address b5:ee:00:00:04:{{gwnumber}}
-        /sbin/ip link set up dev vx-backbone4
-        /sbin/ip addr flush dev vx-backbone4
-        /sbin/ip link set mtu 1280 dev vx-backbone4
-        /usr/local/sbin/batctl if add vx-backbone4
-	/usr/local/sbin/batctl hardif vx-backbone4 throughput_override 10000mbit
-    fi
-    {% endif %}
-    {% if vxlantometa == "1" %}
-    if ! is_vx_running "vxbackbonemeta"; then
-        echo "Setting up vxbackbonemeta to meta Server"
-        /sbin/ip link add vxbackbonemeta type vxlan remote fd42:dead:beef:4::5 id 29 dstport 4225
-	/sbin/ip link set dev vx-backbonemeta address b5:ee:00:00:05:{{gwnumber}}
-        /sbin/ip link set up dev vxbackbonemeta
-        /sbin/ip addr flush dev vxbackbonemeta
-        /sbin/ip link set mtu 1280 dev vxbackbonemeta
-        /usr/local/sbin/batctl if add vxbackbonemeta
-	/usr/local/sbin/batctl hardif vx-backbonemeta throughput_override 10000mbit
-    fi
-    {% endif %}
+
     # Fastd nodes setup
     if ! is_running "fastd"; then
         echo "(I) Start fastd."

diff --git a/templates/vxlan/vxlanbackbone.sh.j2 b/templates/vxlan/vxlanbackbone.sh.j2
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# Setting variables with our gateway name, mac and which hosts to connect to
+WgIp={{ wireguardipaddress }}
+VxlanMac={{ vxlanmac }}
+vxlanEndpoints=({{ vxlanendpoints }})
+vxlanifname={{ vxlanbackbonename }}
+
+# Sourcing the functions to be used below and in other scripts
+source /opt/freifunk/vxlanfunctions.sh
+
+# Starting the vxlan-backbone interface if not up already
+if ! is_vx_running "$vxlanifname"; then
+   /sbin/ip -6 link add $vxlanifname type vxlan id 25 dstport 4225 dev wg-backbone
+   /sbin/ip -6 link set dev $vxlanifname address $VxlanMac
+   /sbin/ip -6 link set up dev $vxlanifname
+
+   # interface will be added to bat0 so it musn't have any IPs:
+   /sbin/ip -6 addr flush dev $vxlanifname
+
+   # rather small MTU needed because of need to exchange packages with legacy fastd-nodes:
+   /sbin/ip -6 link set mtu 1240 dev $vxlanifname
+
+   # Add this vxlan if to batman-adv interface:
+   /usr/local/sbin/batctl meshif bat0 if add $vxlanifname
+
+   # Setting throughput_override with very high value because it is the backbone:
+   /usr/local/sbin/batctl hardif $vxlanifname throughput_override 10000mbit
+
+   for str in ${vxlanEndpoints[@]}; do
+
+      if [[ "$WgIp" == $str  ]]
+      then
+         echo "Not adding own address"
+      else
+
+         # The following adds the remote IP(s) as in (other vxlanbackbone peers
+         /sbin/bridge fdb append to 00:00:00:00:00:00 dst $str dev $vxlanifname
+      fi
+   done
+   #Finally set link up
+   /sbin/ip -6 link set up $vxlanifname
+else
+   if ! is_vx_link_up "$vxlanifname"; then
+   echo "link is down, setting it to up"
+   ip link set up dev $vxlanifname
+   else
+      echo "$vxlanifname link already up"
+   fi
+   if ! is_vx_added_to_bat "$vxlanifname"; then
+   echo "not added to bat0 yet, adding it"
+   /usr/local/sbin/batctl if add $vxlanifname
+   else
+      echo "$vxlanifname already added to bat0"
+   fi
+fi