5 years ago · bd2fe7ae99
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,6 +1,7 @@
 
				 [defaults]
			
 
				 inventory=inventory/hosts
			
 
				 #vault_password_file=.vault-password
			
 
				+log_path=/tmp/ansible_ffdo-ng.log
			
 
				 
			
 
				 [privilege_escalation]
			
 
				 become=True
			
--- a/roles/backports-kernel/tasks/main.yml
+++ b/roles/backports-kernel/tasks/main.yml
@@ -3,7 +3,7 @@
 
				     repo: "{{ item }}"
			
 
				     state: present
			
 
				   with_items:
			
 
				-    - "deb http://ftp.de.debian.org/debian {{ ansible_distribution_release }}-backports main"
			
 
				+    - "deb http://archive.debian.org/debian {{ ansible_distribution_release }}-backports main"
			
 
				   when: ansible_distribution == "Debian"
			
 
				   register: apt
			
 
				 
			
--- a/roles/bird_dtm/tasks/main.yml
+++ b/roles/bird_dtm/tasks/main.yml
@@ -58,7 +58,6 @@
 
				   notify:
			
 
				     - configure bird
			
 
				 
			
 
				-
			
 
				 - name: configure batman.conf
			
 
				   template: 
			
 
				     src: batman.conf.j2
			
--- a/roles/bird_dtm/templates/bird.conf.j2
+++ b/roles/bird_dtm/templates/bird.conf.j2
@@ -1,6 +1,6 @@
 
				 # Managed by Ansible... do not update manually as changes will be overwritten
			
 
				 
			
 
				-router id {{ secondary_vnic_ip4 }};
			
 
				+router id {{ ipaddr('loopback_ipv4') }};
			
 
				 log syslog all;
			
 
				 
			
 
				 protocol kernel { 
			
--- a/roles/bird_dtm/templates/bird6.conf.j2
+++ b/roles/bird_dtm/templates/bird6.conf.j2
@@ -1,4 +1,4 @@
 
				-router id {{ secondary_vnic_ip4 }};
			
 
				+router id {{ loopback_ipv4 }};
			
 
				 log syslog all;
			
 
				 
			
 
				 protocol kernel {
			
--- a/roles/bird_dtm/templates/ospf.conf.j2
+++ b/roles/bird_dtm/templates/ospf.conf.j2
@@ -1,34 +1,45 @@
 
				-define FFDO_subnet_new =
			
 
				+define FFDO_subnet_new = 
			
 
				 [
			
 
				-        10.0.0.0/8+
			
 
				+        10.0.0.0/12{12,24} 
			
 
				 ];
			
 
				 
			
 
				-define FFDO_subnet_old =
			
 
				+define FFDO_subnet_old = 
			
 
				 [
			
 
				-        10.233.0.0/18+
			
 
				+        10.233.0.0/18+ 
			
 
				 ];
			
 
				 
			
 
				 define AS31371_nets =
			
 
				 [
			
 
				-        91.204.4.0/22{24,32},
			
 
				+        91.204.4.0/22+,
			
 
				         195.160.168.0/23+,
			
 
				         193.43.221.0/24+
			
 
				 ];
			
 
				 
			
 
				-protocol ospf ospf5 {
			
 
				+define AS35675_nets =
			
 
				+[
			
 
				+        193.43.220.0/23+
			
 
				+];
			
 
				+
			
 
				+
			
 
				+protocol ospf ospf6 {
			
 
				 
			
 
				-#        import where net ~ AS31371_nets || net ~ FFDO_subnet_old;
			
 
				-        import where net ~ FFDO_subnet_old;
			
 
				+        import where net ~ FFDO_subnet_old ||
			
 
				+                     net ~ AS31371_nets ||
			
 
				+                     net ~ AS35675_nets;
			
 
				         export filter {
			
 
				-                if net ~ FFDO_subnet_new then {
			
 
				-                        ospf_metric1 = 10;
			
 
				+                if net ~ FFDO_subnet_new ||
			
 
				+                   net ~ AS35675_nets
			
 
				+                then    {
			
 
				+                        if ifname != "lo"
			
 
				+                        then ospf_metric1 = 10;
			
 
				                         accept;
			
 
				-                }
			
 
				-                reject;
			
 
				+                        }
			
 
				+                else reject;
			
 
				         };
			
 
				 
			
 
				         area 0.0.0.0 {
			
 
				-                interface "{{secondary_vnic}}" {
			
 
				+                interface {{ loopback_ipv4 }} { stub yes; cost 1; };
			
 
				+                interface "eth1" {
			
 
				                         cost 10;
			
 
				                         type broadcast;
			
 
				                         hello 10;
			
--- a/roles/bird_dtm/templates/ospf6.conf.j2
+++ b/roles/bird_dtm/templates/ospf6.conf.j2
@@ -18,14 +18,33 @@ define FFDO6_subnet_old =
 
				 	2a03:2260:300a:1000::/64+
			
 
				 ];
			
 
				 
			
 
				+define MY_lo_as35675 = {{ loopback_ipv6 }};
			
 
				+
			
 
				+# wird kleiner werden, sobald es einen Netzplan fuer IPv6 gibt:
			
 
				+define MY_FFDO6_as35675 = 2001:678:980::/48;
			
 
				+
			
 
				+define FFDO6_as35675_all =
			
 
				+[
			
 
				+        2001:678:980::/48+
			
 
				+];
			
 
				+
			
 
				+protocol static loopback {
			
 
				+        # funktioniert nicht :-(
			
 
				+        #route MY_lo_as35675 via "lo" { ospf_metric1 = 1; };
			
 
				+        route {{ loopback_ipv6 }} via "lo" { ospf_metric1 = 1; };
			
 
				+}
			
 
				+
			
 
				+
			
 
				 protocol ospf ospfffdo6 {
			
 
				 
			
 
				-#	import where net ~ FFDO6_subnet_old;
			
 
				 	import all;
			
 
				-	export where net ~ FFDO6_subnet_new;
			
 
				+	export where net ~ FFDO6_subnet_new ||
			
 
				+                     net ~ MY_FFDO6_as35675;
			
 
				 
			
 
				 	area 0.0.0.0 {
			
 
				-		interface "{{secondary_vnic}}" {
			
 
				+                # funktioniert nicht:-(
			
 
				+                #interface "lo" { stub yes; cost 1; };
			
 
				+		interface "eth1" {
			
 
				 			cost 10;
			
 
				 			type broadcast;
			
 
				 			hello 10; 
			
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -25,8 +25,7 @@
 
				     repo: "{{ item }}"
			
 
				     state: present
			
 
				   with_items:
			
 
				-    - "deb http://ftp.de.debian.org/debian/ {{ ansible_distribution_release }} main"
			
 
				-    - "deb http://ftp.de.debian.org/debian/ {{ ansible_distribution_release }}-updates main"
			
 
				+    - "deb http://cdn-fastly.deb.debian.org/debian/ {{ ansible_distribution_release }} main"
			
 
				     - "deb http://security.debian.org/ {{ ansible_distribution_release }}/updates main"
			
 
				   when: ansible_distribution == "Debian"
			
 
				 
			
@@ -69,6 +68,7 @@
 
				     - build-essential
			
 
				     - ethtool
			
 
				     - mc
			
 
				+    - net-tools
			
 
				 
			
 
				 - name: uninstall unneeded packages
			
 
				   apt:
			
--- a/roles/gateways_2nd_vnic/templates/2nd_vnic_interface.cfg.j2
+++ b/roles/gateways_2nd_vnic/templates/2nd_vnic_interface.cfg.j2
@@ -7,8 +7,17 @@ iface {{ secondary_vnic }} inet static
 
				     netmask {{ secondary_vnic_netmask4 }}
			
 
				     pre-up ip rule add from 10.0.0.0/8 table ffnet
			
 
				     pre-up ip rule add to 10.0.0.0/8 table ffnet
			
 
				+    pre-up ip rule add from {{ dudl_ipv4 }} table ffnet
			
 
				+    pre-up ip rule add to {{ dudl_ipv4 }} table ffnet
			
 
				+    pre-up ip rule add from {{ dudl_ipv6 }} table ffnet
			
 
				+    pre-up ip rule add to {{ dudl_ipv6 }} table ffnet
			
 
				+
			
 
				     post-up ip route add default via 192.168.100.5 dev eth1 table ffnet
			
 
				     pre-down ip route del default via 192.168.100.5 dev eth1 table ffnet
			
 
				     post-down ip rule del from 10.0.0.0/8 table ffnet
			
 
				     post-down ip rule del to 10.0.0.0/8 table ffnet
			
 
				+#   post-down ip rule del from {{ dudl_ipv4 }} table ffnet
			
 
				+#   post-down ip rule del to {{ dudl_ipv4 }} table ffnet
			
 
				+#   post-down ip rule del from {{ dudl_ipv6 }} table ffnet
			
 
				+#   post-down ip rule del to {{ dudl_ipv6 }} table ffnet
			
 
				 
			
--- a/roles/gateways_gre_upstream/templates/lo.j2
+++ b/roles/gateways_gre_upstream/templates/lo.j2
@@ -1,5 +1,7 @@
 
				 auto lo
			
 
				 iface lo inet loopback
			
 
				+         up ip address add {{ loopback_ipv6 }} dev lo
			
 
				+         up ip address add {{ loopback_ipv4 }} dev lo
			
 
				 #{% if ffrl_tun is defined and ffrl_nat_ip is defined %}
			
 
				 #        up ip address add {{ ffrl_nat_ip }} dev lo
			
 
				 #        up ip rule add from {{ ffrl_nat_ip }} table ffnet
			
--- a/roles/unattended_upgrades/tasks/main.yml
+++ b/roles/unattended_upgrades/tasks/main.yml
@@ -3,7 +3,7 @@
 
				 - name: Install unattended-upgrades package
			
 
				   apt:
			
 
				     pkg: "unattended-upgrades"
			
 
				-    state: installed
			
 
				+    state: present
			
 
				     update_cache: yes
			
 
				     cache_valid_time: 1800