Updated fastd role

galaxy-roles/dereulenspiegel.fastd/.kitchen.yml

@@ -12,12 +12,15 @@ provisioner:
     #extra_vars        : "@kitchen_vars.yml"
 
 platforms:
+    - name: Ubuntu-precise
+      driver:
+        box: ubuntu/precise64
     - name: Debian-jessie
       driver:
         box: debian/jessie64
     - name: Debian-wheezy
       driver:
-        box: debian/wheezy64 #chef/debian-7.8
+        box: debian/wheezy64
     - name: Ubuntu-trusty
       driver:
         box: ubuntu/trusty64

galaxy-roles/dereulenspiegel.fastd/README.md

@@ -1,4 +1,4 @@
-fastd
+fastd [![Build Status](https://travis-ci.org/dereulenspiegel/ansible-fastd.svg?branch=master)](https://travis-ci.org/dereulenspiegel/ansible-fastd)
 =========
 
 This role installs fastd and its dependency (from source if necessary) and is able to configure one or more instances.

galaxy-roles/dereulenspiegel.fastd/defaults/main.yml

@@ -7,6 +7,9 @@ fastd_build_dir: /usr/src/fastd-build
 fastd_install_from_source: false
 fastd_user_name: fastd
 fastd_user_shell: /bin/false
+fastd_libjson_url: https://launchpad.net/~ondrej/+archive/ubuntu/php5/+build/4910513/+files/libjson-c2_0.11-3%2Bdebphp.org~precise%2B1_amd64.deb
+fastd_libjson_dev_url: https://launchpad.net/~ondrej/+archive/ubuntu/php5/+build/4910513/+files/libjson-c-dev_0.11-3%2Bdebphp.org~precise%2B1_amd64.deb
+fastd_use_rng: false
 
 repo_universe_factory_unsupported_architecture: false
 repo_universe_factory_unsupported_distro: false

galaxy-roles/dereulenspiegel.fastd/meta/.galaxy_install_info

@@ -1 +1 @@
-{install_date: 'Sun Aug  2 08:14:56 2015', version: master}
+{install_date: 'Sat Aug  8 13:13:41 2015', version: v1.0}

galaxy-roles/dereulenspiegel.fastd/tasks/debian.yml

@@ -13,9 +13,11 @@
     - build-essential
 
 - name: Install rng-tools
+  when: fastd_use_rng
   apt: name=rng-tools state=present
 
 - name: Make sure that rng-tools uses /dev/urandom
+  when: fastd_use_rng
   lineinfile:
     dest: /etc/default/rng-tools
     line: HRNGDEVICE=/dev/urandom
@@ -23,6 +25,16 @@
 - include: source.yml
   when: not repo_universe_factory_available
 
+- name: Download backported libjson-c2
+  when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int < 14
+  get_url: 
+    url="{{ fastd_libjson_url }}"
+    dest="/tmp/libjson-c2.deb"
+
+- name: Install backported libjson-c2
+  when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int < 14
+  apt: deb="/tmp/libjson-c2.deb"
+
 - name: Install fastd via Apt
   when: repo_universe_factory_available
   apt: name=fastd state=latest

galaxy-roles/dereulenspiegel.fastd/tasks/main.yml

@@ -14,23 +14,34 @@
   when: ansible_distribution == "Debian"
 
 - name: Create fastd config directories
-  file: path=/etc/fastd/{{item.name}}/dummy state=directory recurse=yes
+  file: path=/etc/fastd/{{item.name}} state=directory recurse=yes
   with_items:
     - "{{fastd_instances}}"
 
 - name: Create fastd configs
   template: src=fastd.conf.j2 dest=/etc/fastd/{{item.name}}/fastd.conf
-  with_items:
-    - "{{fastd_instances}}"
+  with_items: "{{fastd_instances}}"
   notify: Restart fastd
 
 - name: Create fastd secrets
   template: src=secret.conf.j2 dest=/etc/fastd/{{item.name}}/secret.conf
-  with_items:
-    - "{{fastd_instances_secret}}"
+  with_items: "{{fastd_instances_secret}}"
   notify: Restart fastd
 
+- name: Create fastd peer include directories
+  when: item.peer_dir is defined
+  file: dest={{item.peer_dir}} state=directory
+  with_items: "{{fastd_instances}}"
+
+- name: Create fastd peer configs
+  when: item.0.peer_dir is defined
+  template: src=peer.config.j2 dest="{{item.0.peer_dir}}/{{item.1.name}}"
+  with_subelements:
+  - "{{fastd_instances | selectattr('peers', 'defined') | list}}"
+  - peers
+
 - name: rng-tools need to run
+  when: fastd_use_rng
   service: name=rng-tools state=started enabled=yes pattern=/usr/sbin/rngd
 
 - name: fastd needs to autostart

galaxy-roles/dereulenspiegel.fastd/templates/fastd.conf.j2

@@ -4,23 +4,100 @@
 
 bind {{item.bind}};
 include "secret.conf";
-include peers from "dummy";
 interface "{{item.interface}}";
-log level {{item.loglevel}};
+log level {{item.loglevel|default('warn')}};
+{% if item.syslog_level is defined %}
+log to syslog level {{item.syslog_level}};
+{% endif %}
+{% if item.stderr_level is defined %}
+log to syslog level {{item.stderr_level}};
+{% endif %}
 mode {{item.mode}};
 method "{{item.method}}";
 peer limit {{item.peer_limit}};
-hide ip addresses yes;
+hide ip addresses {{item.hide_ip_addressess|default('yes')}};
 mtu {{item.mtu}};
-secure handshakes yes;
-log to syslog level verbose;
+secure handshakes {{item.secure_handshake|default('yes')}};
 status socket "{{item.status_socket}}";
 user "{{fastd_user_name}}";
-
+drop capabilities {{item.drop_capabilities|default('yes')}};
+forward {{item.forward|default('no')}};
+hide mac addresses {{item.hide_mac_addresses|default('yes')}};
+{% if item.includes is defined %}
+{% for include in item.includes %}
+include {{include}};
+{% endfor %}
+{% endif %}
+{% if item.peer_includes is defined %}
+{% for include in item.peers %}
+{% if include.file is defined %}
+include peer "{{include.file}}" {% if include.name is defined %}[ as "{{include.name}}" ]{% endif %};
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if item.peer_dir is defined %}
+include peers from "{{item.peer_dir}}";
+{% endif %}
+{% if item.mac is defined %}
+mac "{{item.mac.name}}" use "{{item.mac.implementation}}";
+{% endif %}
+{% if item.packet_mark is defined %}
+packet mark {{item.packet_mark}};
+{% endif %}
+{% if item.on_pre_up_script is defined %}
+on pre-up "
+  {{item.on_pre_up_script}}
+";
+{% endif %}
+{% if item.on_up_script is defined %}
 on up "
   {{item.on_up_script}}
 ";
+{% endif %}
 
+{% if item.on_verify_script is defined %}
 on verify "
   {{item.on_verify_script}}
-";
+";
+{% endif %}
+{% if item.on_down_script is defined %}
+on down "
+  {{item.on_down_script}}
+";
+{% endif %}
+{% if item.on_post_down_script is defined %}
+on post-down "
+  {{item.on_post_down_script}}
+";
+{% endif %}
+{% if item.on_connect_script is defined %}
+on connect "
+  {{item.on_connect_script}}
+";
+{% endif %}
+{% if item.on_establish_script is defined %}
+on establish "
+  {{item.on_establish_script}}
+";
+{% endif %}
+{% if item.on_disestablish_script is defined %}
+on disestablish "
+  {{item.on_disestablish_script}}
+";
+{% endif %}
+
+{% if item.peers is defined and item.peer_dir is not defined %}
+{% for peer in item.peers %}
+peer "{{peer.name}}" {
+  
+};
+{% endfor %}
+{% endif %}
+
+{% if item.peer_groups is defined %}
+{% for peer_group in item.peer_groups %}
+peer group "{{peer_group-name}}" {
+  
+};
+{% endfor %}
+{% endif %}

galaxy-roles/dereulenspiegel.fastd/templates/peer.config.j2

@@ -0,0 +1,12 @@
+{% if item.1 is defined %}
+{% set peer = item.1 %}
+{% endif %}
+key "{{peer.key}}";
+{% if peer.remotes is defined %}
+{% for remote in peer.remotes %}
+remote {{remote}};
+{% endfor %}
+{% endif %}
+{% if peer.float is defined %}
+float {{peer.float}};
+{% endif %}

galaxy-roles/dereulenspiegel.fastd/test/application/fastd_pkg_vars.yml

@@ -8,6 +8,7 @@ fastd_instances:
     peer_limit: 125
     mtu: 1280
     status_socket: /tmp/fastd00.sock
+    peer_dir: /etc/fastd/test1/dummy
     on_up_script: |
       ip link set up $INTERFACE
       batctl if add $INTERFACE
@@ -27,6 +28,12 @@ fastd_instances:
       batctl if add $INTERFACE
     on_verify_script: |
       /etc/fastd/fastd-blacklist.sh $PEER_KEY
+    peer_dir: "/etc/fastd/test2/peers"
+    peers:
+    - name: test-peer
+      key: "not a valid key"
+      remotes:
+      - 192.0.2.1:10000
 
 fastd_instances_secret:
   - name: test1

galaxy-roles/dereulenspiegel.fastd/test/application/travis-fastd.yml

@@ -0,0 +1,9 @@
+---
+- name         : Install and configure fastd
+  hosts        : localhost
+  gather_facts : yes
+  connection   : "{{ kitchen_connection | default('local') }}"
+  vars_files   :
+                 - "fastd_pkg_vars.yml"
+  roles        :
+                 - "ansible-fastd"

galaxy-roles/dereulenspiegel.fastd/test/integration/fastd/serverspec/fastd_spec.rb

@@ -15,39 +15,38 @@ describe file('/etc/fastd/test2') do
   it { should be_directory }
 end
 
-describe package('fastd') do
-  it { should be_installed }
+describe file('/etc/fastd/test2/peers') do
+  it { should be_directory}
 end
 
-# Ansible seems to have problems to enable a service. Needs investigation
-describe service('fastd') do
-  it { should be_running }
-#  it { should be_enabled }
+describe file('/etc/fastd/test2/peers/test-peer') do
+  it { should be_file }
+  it { should be_readable }
 end
 
-describe process('fastd') do
-  it { should be_running }
+describe package('fastd') do
+  it { should be_installed }
 end
 
-describe port(10000) do
-  it { should be_listening.with('udp6') }
-end
+if ENV['CI'] != 'true'
+  # Travis doesn't provide the tap module, so our service won't start
+  # Ansible seems to have problems to enable a service. Needs investigation
+  describe service('fastd') do
+    it { should be_running }
+  #  it { should be_enabled }
+  end
 
-describe port(10001) do
-  it { should be_listening.with('udp6') }
-end
+  describe process('fastd') do
+    it { should be_running }
+  end
 
-describe package('rng-tools') do
-  it { should be_installed }
-end
-
-describe file('/etc/default/rng-tools') do
-  it { should exist }
-  its(:content) { should match /HRNGDEVICE=\/dev\/urandom/ }
-end
+  describe port(10000) do
+    it { should be_listening.with('udp6') }
+  end
 
-describe process("rngd") do
-  it { should be_running }
+  describe port(10001) do
+    it { should be_listening.with('udp6') }
+  end
 end
 
 describe user('fastd') do

group_vars/all/supernodes.yml

@@ -42,6 +42,7 @@ fastd_instances:
     peer_limit: 125
     mtu: 1280
     status_socket: /tmp/fastd00.sock
+    peer_dir: /etc/fastd/do00/dummy
     on_up_script: |
       ip link set up $INTERFACE
       batctl if add $INTERFACE
@@ -56,6 +57,7 @@ fastd_instances:
     peer_limit: 125
     mtu: 1280
     status_socket: /tmp/fastd01.sock
+    peer_dir: /etc/fastd/do01/dummy
     on_up_script: |
       ip link set up $INTERFACE
       batctl if add $INTERFACE