Refactor mesh and batman interfaces

roles/common-net/templates/interfaces.j2

@@ -8,8 +8,8 @@ auto lo
 iface lo inet loopback
 
 # The primary network interface
-allow-hotplug eth0
-iface eth0 inet static
+allow-hotplug {{ primary_interface }}
+iface {{ primary_interface }} inet static
 	address {{ primary_v4_address }}
 	netmask {{ primary_v4_netmask }}
 {% if primary_v4_network is defined %}
@@ -19,13 +19,13 @@ iface eth0 inet static
 	broadcast {{ primary_v4_broadcast }}
 {% endif %}
 	gateway {{ primary_v4_gateway }}
-{% if pointopoint is defined and pointopoint %}
+{% if primary_pointopoint %}
 	pointopoint {{ primary_v4_gateway }}
 {% endif %}
 
-iface eth0 inet6 static
+iface {{ primary_interface }} inet6 static
 	address {{ primary_v6_address }}
 	gateway {{ primary_v6_gateway }}
-{% if pointopoint is defined and pointopoint %}
-    pre-up ip -6 route add {{ primary_v6_gateway }} dev eth0
+{% if primary_pointopoint %}
+    pre-up ip -6 route add {{ primary_v6_gateway }} dev {{ primary_interface }}
 {% endif %}

roles/mesh-routing/files/sysctl.conf

@@ -6,8 +6,8 @@
 # Reset all configuration parameters to RFC1812
 net.ipv4.ip_forward = 1
 
-# Disable routing to eth0
-net.ipv4.conf.eth0.forwarding = 0
+# Disable routing to {{ primary_interface }}
+net.ipv4.conf.{{ primary_interface }}.forwarding = 0
 
 # Use larger ARP cache
 net.ipv4.neigh.default.gc_thresh1 = 2048
@@ -23,9 +23,9 @@ net.ipv4.route.max_size = 8388608
 # Configure router behaviour
 net.ipv6.conf.all.forwarding = 1
 
-# Disable routing to eth0
-net.ipv6.conf.eth0.forwarding = 0
-net.ipv6.conf.eth0.accept_ra = 0
+# Disable routing to {{ primary_interface }}
+net.ipv6.conf.{{ primary_interface }}.forwarding = 0
+net.ipv6.conf.{{ primary_interface }}.accept_ra = 0
 
 # Accept Duplicate Address Detection; default = 1
 net.ipv6.conf.default.accept_dad = 0

roles/mesh-routing/tasks/bird.yml

@@ -30,4 +30,3 @@
   with_items:
     - bird
     - bird6
-

roles/mesh-routing/tasks/main.yml

@@ -2,4 +2,3 @@
 
 - include: sysctl.yml
 - include: bird.yml
-- include: igp.yml

roles/mesh-routing/templates/bird.conf.j2

@@ -1,6 +1,6 @@
 log syslog all;
 
-router id {{routerid}};
+router id {{ primary_v4_address }};
 
 # table ffrl; # BGP Peerings
 # table ibgp;

roles/mesh-routing/templates/bird6.conf.j2

@@ -1,5 +1,5 @@
 log syslog all;
-router id {{routerid}};
+router id {{ primary_v4_address }};
 
 protocol static uplink_hostroute {
     import all;

roles/gateway-peering/templates/peering_interfaces.j2

@@ -6,7 +6,7 @@ iface peer-{{peer.name}} inet tunnel
     mode gre
     address {{peer.source_ip4}}
     dstaddr {{peer.peer_ip4}}
-    local {{ansible_default_ipv4.address}}
+    local {{primary_v4_address}}
     endpoint {{peer.gre_endpoint}}
     ttl 64
     mtu 1400

roles/mesh-interfaces/tasks/batman.yml

@@ -11,5 +11,10 @@
 
 - name: Install batman-adv mesh interface definition
   template:
-    dest: "/etc/network/interfaces.d/10_batman.cfg"
+    dest: "/etc/network/interfaces.d/40_batman.cfg"
     src: "batman.cfg.j2"
+
+- name: Install gretap tunnel definitions
+  template:
+    dest: "/etc/network/interfaces.d/45_batman-tunnel.cfg"
+    src: "batman-tunnel.cfg.j2"

roles/mesh-batman/templates/batman-tunnel.cfg.j2

@@ -0,0 +1,13 @@
+{% for host in groups['all'] %}
+{% if hostvars[host] is defined %}
+{% if hostvars[host]['inventory_hostname'] != inventory_hostname %}
+auto batman-{{hostvars[host]['inventory_hostname_short']}}
+iface batman-{{hostvars[host]['inventory_hostname_short']}} inet manual
+    pre-up ip link add $IFACE type gretap local {{primary_v4_address}} remote {{hostvars[host]['ansible_ssh_host']}} dev {{ primary_interface }}
+    pre-up ip link set up dev $IFACE
+    up batctl if add $IFACE
+    post-down ip link set down dev $IFACE
+    post-down ip link del dev $IFACE
+{% endif %}
+{% endif %}
+{% endfor %}

roles/mesh-interfaces/templates/batman.cfg.j2

@@ -4,7 +4,7 @@
 auto meshdummy0
 iface meshdummy0 inet manual
     pre-up ip link add $IFACE type dummy
-    pre-up ip link set address {{mesh_mac}} dev $IFACE
+    pre-up ip link set address {{batman_mesh_mac}} dev $IFACE
     pre-up ip link set up dev $IFACE
     post-down ip link set down dev $IFACE
     post-down ip link del dev $IFACE
@@ -13,24 +13,18 @@ iface meshdummy0 inet manual
 # batman-adv Mesh Interface, wird von meshdummy0 per Hotplug aktiviert
 allow-hotplug bat0
 iface bat0 inet static
-    address {{mesh_ipv4|ipaddr('address')}}
-    netmask {{mesh_ipv4|ipaddr('netmask')}}
-    hwaddress {{bat_mac}}
-    pre-up ip rule add from {{mesh_ipv4}} table 42
-    pre-up ip rule add to {{mesh_ipv4}} table 42
+    address {{batman_mesh_ipv4|ipaddr('address')}}
+    netmask {{batman_mesh_ipv4|ipaddr('netmask')}}
+    hwaddress {{batman_bat_mac}}
+    pre-up ip rule add from {{batman_mesh_ipv4}} table 42
+    pre-up ip rule add to {{batman_mesh_ipv4}} table 42
     pre-up batctl it 5000
     pre-up batctl bl 0
     pre-up batctl gw server 48mbit/48mbit
     pre-up echo 120 > /sys/class/net/$IFACE/mesh/hop_penalty
-    post-down ip rule del from {{mesh_ipv4}} table 42
-    post-down ip rule del to {{mesh_ipv4}} table 42
+    post-down ip rule del from {{batman_mesh_ipv4}} table 42
+    post-down ip rule del to {{batman_mesh_ipv4}} table 42
 
-{% if mesh_ipv6 is defined %}
 iface bat0 inet6 static
-    address {{mesh_ipv6}}
-    pre-up ip -6 rule add from {{mesh_ipv6|ipaddr('cidr')}} table 42
-    pre-up ip -6 rule add to {{mesh_ipv6|ipaddr('cidr')}} table 42
-    post-down ip -6 rule del from {{mesh_ipv6|ipaddr('cidr')}} table 42
-    post-down ip -6 rule del to {{mesh_ipv6|ipaddr('cidr')}} table 42
+    address {{batman_mesh_ipv6}}
     #pre-up ebtables -A FORWARD -p IPv6 -i $IFACE --ip6-proto ipv6-icmp --ip6-icmp-type router-advertisement -j DROP
-{% endif %}

roles/mesh-interfaces/tasks/address.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Install mesh IP address bound to loopback
+  template:
+    dest: "/etc/network/interfaces.d/10_mesh_address.cfg"
+    src: "mesh-address.cfg.j2"

roles/mesh-interfaces/tasks/main.yml

@@ -1,4 +1,5 @@
 ---
 
-- include: batman.yml
+- include: address.yml
 - include: tunnel.yml
+- include: igp.yml

roles/mesh-interfaces/tasks/tunnel.yml

@@ -1,6 +1,6 @@
 ---
 
-- name: Install gretap tunnel definitions
+- name: Install mesh tunnel definitions
   template:
     dest: "/etc/network/interfaces.d/20_mesh-tunnel.cfg"
     src: "mesh-tunnel.cfg.j2"

roles/mesh-interfaces/templates/mesh-address.cfg.j2

@@ -0,0 +1,6 @@
+iface lo inet6 static
+    address {{mesh_ipv6_address}}
+    pre-up ip -6 rule add from {{ipv6_network}} table 42
+    pre-up ip -6 rule add to {{ipv6_network}} table 42
+    post-down ip -6 rule del from {{ipv6_network}} table 42
+    post-down ip -6 rule del to {{ipv6_network}} table 42

roles/mesh-interfaces/templates/mesh-tunnel.cfg.j2

@@ -1,13 +1,11 @@
 {% for host in groups['all'] %}
-{% if hostvars[host] is defined %}
 {% if hostvars[host]['inventory_hostname'] != inventory_hostname %}
 auto mesh-{{hostvars[host]['inventory_hostname_short']}}
 iface mesh-{{hostvars[host]['inventory_hostname_short']}} inet manual
-    pre-up ip link add $IFACE type gretap local {{ansible_default_ipv4.address}} remote {{hostvars[host]['ansible_ssh_host']}} dev {{ansible_default_ipv4.alias}}
+    pre-up ip link add $IFACE type ip6gre local {{primary_v6_address|ipaddr('address')}} remote {{hostvars[host]['primary_v6_address']|ipaddr('address')}} dev {{ primary_interface }}
     pre-up ip link set up dev $IFACE
-    up batctl if add $IFACE
     post-down ip link set down dev $IFACE
     post-down ip link del dev $IFACE
-{% endif %}
+
 {% endif %}
 {% endfor %}

roles/service-dhcp/templates/dhcpd.conf.j2

@@ -16,9 +16,9 @@ class "MSFT" {
 
 option interface-mtu 1280;
 
-subnet {{mesh_ipv4|ipaddr('network')}} netmask {{mesh_ipv4|ipaddr('netmask')}} {
+subnet {{batman_mesh_ipv4|ipaddr('network')}} netmask {{batman_mesh_ipv4|ipaddr('netmask')}} {
   range {{dhcp_range_start}} {{dhcp_range_end}};
-  option routers {{mesh_ipv4|ipaddr('address')}};
-  option domain-name-servers {{mesh_ipv4|ipaddr('address')}};
-  option ntp-servers {{mesh_ipv4|ipaddr('address')}};
+  option routers {{batman_mesh_ipv4|ipaddr('address')}};
+  option domain-name-servers {{batman_mesh_ipv4|ipaddr('address')}};
+  option ntp-servers {{batman_mesh_ipv4|ipaddr('address')}};
 }

roles/service-dns/templates/unbound.conf.j2

@@ -9,12 +9,12 @@ server:
 
 local-zone: "services.ffdo.de." static
 {% for host in groups['supernodes'] %}
-local-data: "{{loop.index}}.ntp.services.ffdo.de. A {{hostvars[host].mesh_ipv4|ipaddr('address')}}"
-local-data: "{{loop.index}}.ntp.services.ffdo.de. AAAA {{hostvars[host].mesh_ipv6|ipaddr('address')}}"
+local-data: "{{loop.index}}.ntp.services.ffdo.de. A {{hostvars[host].batman_mesh_ipv4|ipaddr('address')}}"
+local-data: "{{loop.index}}.ntp.services.ffdo.de. AAAA {{hostvars[host].batman_mesh_ipv6|ipaddr('address')}}"
 {% endfor %}
 {% for host in groups['supernodes'] %}
-local-data: "ntp.services.ffdo.de. A {{hostvars[host].mesh_ipv4|ipaddr('address')}}"
-local-data: "ntp.services.ffdo.de. AAAA {{hostvars[host].mesh_ipv6|ipaddr('address')}}"
+local-data: "ntp.services.ffdo.de. A {{hostvars[host].batman_mesh_ipv4|ipaddr('address')}}"
+local-data: "ntp.services.ffdo.de. AAAA {{hostvars[host].batman_mesh_ipv6|ipaddr('address')}}"
 {% endfor %}
 local-data: "update.services.ffdo.de. AAAA {{update_server}}"
 

roles/service-ntp/templates/ntp.conf.j2

@@ -10,7 +10,7 @@ driftfile /var/lib/ntp/ntp.drift
 # listen on if
 interface ignore wildcard
 interface listen bat0
-interface listen eth0
+interface listen {{ primary_interface }}
 
 # Enable this if you want statistics to be logged.
 #statsdir /var/log/ntpstats/
@@ -54,9 +54,7 @@ restrict ::1
 
 # allow from ff-do-subnets
 restrict {{ipv4_network|ipaddr('network')}} mask {{ipv4_network|ipaddr('netmask')}} kod notrap nomodify nopeer noquery
-{% if mesh_ipv6 is defined %}
 restrict {{ipv6_network|ipaddr('network')}} mask {{ipv6_network|ipaddr('netmask')}} kod notrap nomodify nopeer noquery
-{% endif %}
 
 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.

roles/service-ra/templates/radvd.conf.j2

@@ -5,11 +5,11 @@ interface bat0
     MaxRtrAdvInterval 600;
     MinDelayBetweenRAs 10;
     AdvLinkMTU 1280;
-    prefix {{mesh_ipv6}}
+    prefix {{batman_mesh_ipv6}}
     {
     };
 
-    RDNSS {{mesh_ipv6|ipaddr('address')}}
+    RDNSS {{batman_mesh_ipv6|ipaddr('address')}}
     {
     };
 };

site.yml

@@ -6,14 +6,15 @@
     - common-repos
     - common-auth
     - common-system
+    - common-routing
     - mesh-interfaces
-    - mesh-routing
 
 - hosts: supernodes
   roles:
-    - mesh-vpn-fastd
 #     - gateway-peering
 #     - gateway-nat
+    - mesh-batman
+    - mesh-vpn-fastd
     - service-dns
     - service-ntp
     - service-ra