kreativmonkey
/
ffmyk-ansible
mirror of https://git.niyawe.de/ffmyk-ansible.git
1
1
Fork 0
Code Issues Releases Wiki Activity

updated setup_fastd.yml

Browse Source 
added features:
 - fastd-services-api
 - install_nginx
 - install_monitoring
netsplit
Niklas Yann Wettengel 7 years ago
parent 710a210ae6
commit cd31d75443
15 changed files with 789 additions and 1 deletions
Show Stats Download Patch File Download Diff File

52
host_vars/fastd
Unescape Escape View File

@ -16,4 +16,54 @@ mullvad_key: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
munin_node_plugins:
- name: cpu
- name: df
- name: df_inode
- name: dhcp-pool
- name: diskstats
- name: entropy
- name: fastd_peers
plugin: fastd_
- name: fastd_traffic
plugin: fastd_
- name: forks
- name: fw_conntrack
- name: fw_forwarded_local
- name: fw_packets
- name: if_bat0
plugin: if_
- name: if_err_bat0
plugin: if_err_
- name: if_ens3
plugin: if_
- name: if_err_ens3
plugin: if_err_
- name: if_ffmyk-mesh-vpn
plugin: if_
- name: if_err_ffmyk-mesh-vpn
plugin: if_err_
- name: if_mullvad
plugin: if_
- name: if_err_mullvad
plugin: if_err_
- name: interrupts
- name: irqstats
- name: load
- name: memory
- name: netstat
- name: nginx_request
- name: nginx_status
- name: ntp_kernel_err
- name: ntp_kernel_pll_freq
- name: ntp_kernel_pll_off
- name: ntp_offset
- name: open_files
- name: open_inodes
- name: proc_pri
- name: processes
- name: swap
- name: threads
- name: uptime
- name: users
- name: vmstat

44
roles/install_dhcp/files/fastd-services-api.php
Unescape Escape View File

@ -0,0 +1,44 @@
#!/usr/bin/php -f
<?php
// add include "/etc/dhcpd.hosts.conf"; to your dhcp config
$url = 'https://www.freifunk-myk.de/services/ips';
$out = '/etc/dhcpd.hosts.conf';
if(!is_writable($out)) die('Output file perms');
if( ($data = file_get_contents($url)) === FALSE ) die('Error getting ips');
$data = unserialize($data);
$active=array();
foreach($data as $host) {
if(!preg_match('/^[a-f0-9]{12}$/', $host['mac'])) {
trigger_error('Host mit falscher MAC?!', E_USER_WARNING);
}elseif(!preg_match('/^10\.222\.\(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?\)\.\(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?\)$/', $host['staticip'])) {
trigger_error('Host mit falscher IP?!'.$host['mac'], E_USER_WARNING);
}else{
$active[] = $host;
}
}
if(count($active) < 5) die('Less than 5 hosts? Database broken?');
$oldhash = hash_file("sha256", $out);
$fp=fopen($out, 'w');
foreach($active as $host) {
fwrite($fp, "host host".$host['mac']." {"."\n");
fwrite($fp, "\thardware ethernet ".
substr($host['mac'],0,2).":".
substr($host['mac'],2,2).":".
substr($host['mac'],4,2).":".
substr($host['mac'],6,2).":".
substr($host['mac'],8,2).":".
substr($host['mac'],10,2).
';'."\n");
fwrite($fp, "\tfixed-address ".$host['staticip'].';'."\n");
fwrite($fp, "}\n\n");
}
fclose($fp);
$newhash = hash_file("sha256", $out);
if($oldhash != $newhash) {
exec('systemctl restart dhcpd4.service');
}
?>

18
roles/install_dhcp/tasks/main.yml
Unescape Escape View File

@ -9,6 +9,24 @@
path: /etc/dhcpd.hosts.conf
state: touch
- name: install php
pacman:
name: php
state: present
- name: copy fastd-services-api.php
copy:
src: fastd-services-api.php
dest: /etc/fastd-services-api.php
- name: setup cronjob for fastd-services-api
cron:
name: fastd-services-api
minute: '*/10'
user: root
cron_file: fastd-api
job: '/usr/bin/php /etc/fastd-services-api.php'
- name: dhcpd.conf
template:
src: dhcpd.conf.j2

37
roles/install_monitoring/files/check_internet.sh
Unescape Escape View File

@ -0,0 +1,37 @@
#!/bin/bash
INTERFACE=mullvad
FAILED_FILE=/tmp/mullvad.failed
fail=false
if [ ! -e /sys/class/net/$INTERFACE ]; then
echo "$INTERFACE interface does not exist"
fail=true
else
start_bytes=$(cat /sys/class/net/$INTERFACE/statistics/rx_bytes)
sleep 30
end_bytes=$(cat /sys/class/net/$INTERFACE/statistics/rx_bytes)
if [ $(($end_bytes-$start_bytes)) -lt 1000 ]; then
#echo "no traffic via $INTERFACE"
fail=true
fi
fi
if $fail; then
systemctl is-active openvpn-client@mullvad.service > /dev/null
if [ $? -ne 0 ]; then
systemctl status openvpn-client@mullvad.service
if [ -e $FAILED_FILE ]; then
echo restart openvpn-client@mullvad.service
systemctl restart openvpn-client@mullvad.service
else
touch $FAILED_FILE
fi
fi
else
if [ -e $FAILED_FILE ]; then
rm $FAILED_FILE
fi
fi

192
roles/install_monitoring/files/munin_dhcp_pool_plugin
Unescape Escape View File

@ -0,0 +1,192 @@
#!/usr/bin/perl -w
#
# Copyright (C) 2008 Rien Broekstra <rien@rename-it.nl>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2 dated June,
# 1991.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
#
# Munin plugin to measure saturation of DHCP pools.
#
# Configuration variables:
#
# conffile - path to dhcpd's configuration file (default "/etc/dhcpd.conf")
# leasefile - path to dhcpd's leases file (default "/var/lib/dhcp/dhcpd.leases")
#
# Parameters:
#
# config (required)
#
# Version 1.0, 2-12-2008
use POSIX;
use Time::Local;
use strict;
my $CONFFILE = exists $ENV{'conffile'} ? $ENV{'conffile'} : "/etc/dhcpd.conf";
my $LEASEFILE = exists $ENV{'leasefile'} ? $ENV{'leasefile'} : "/var/lib/dhcp/dhcpd.leases";
if ( defined $ARGV[0] and $ARGV[0] eq "autoconf" ) {
}
elsif ( defined $ARGV[0] and $ARGV[0] eq "config" ) {
my (%pools, $start, $label);
# Print general information
print "graph_title DHCP pool usage (in %)\n";
print "graph_args --upper-limit 100 -l 0\n";
print "graph_vlabel %\n";
print "graph_category network\n";
# Determine the available IP pools
%pools = determine_pools();
# Print a label for each pool
foreach $start (keys %pools) {
$label = ip2string($start);
$label =~ s/\./\_/g;
print "$label.label Pool ".ip2string($start)."\n";
print "$label.warning 75\n";
print "$label.critical 100\n";
}
}
else {
my (@activeleases, %pools, $start, $end, $size, $free, $label, $lease);
# Determine all leased IP addresses
@activeleases = determine_active_leases();
# Determine the available IP pools
%pools = determine_pools();
# For each pool, count how many leases from that pool are currently active
foreach $start (keys %pools) {
$size = $pools{$start};
$end = $start+$size;
$free = $size;
foreach $lease (@activeleases) {
if ($lease >= $start && $lease <= $end) {
$free--;
}
}
$label = ip2string($start);
$label =~ s/\./\_/g;
print "$label.value ".sprintf("%.1f", 100*($size-$free)/$size)."\n";
}
}
# Parse dhcpd.conf for range statements.
#
# Returns a hash with start IP -> size
sub determine_pools {
my (%pools, @conffile, $line, $start, $end, $size);
open(CONFFILE, "<${CONFFILE}") || exit -1;
@conffile = <CONFFILE>;
close (CONFFILE);
foreach $line (@conffile) {
if ($line =~ /range[\s]+([\d]+\.[\d]+\.[\d]+\.[\d]+)[\s]+([\d]+\.[\d]+\.[\d]+\.[\d]+)/) {
$start = string2ip($1);
$end = string2ip($2);
$size = $end - $start;
defined($start) || next;
defined($end) || next;
$pools{$start} = $size;
}
}
return %pools;
}
# Very simple parser for dhcpd.leases. This will break very easily if dhcpd decides to
# format the file differently. Ideally a simple recursive-descent parser should be used.
#
# Returns an array with currently leased IP's
sub determine_active_leases {
my (@leasefile, $startdate, $enddate, $lease, @activeleases, $mytz, $line, %saw);
open(LEASEFILE, "<${LEASEFILE}") || exit -1;
@leasefile = <LEASEFILE>;
close (LEASEFILE);
@activeleases = ();
# Portable way of converting a GMT date/time string to timestamp is setting TZ to UTC, and then calling mktime()
$mytz = $ENV{'TZ'};
$ENV{'TZ'} = 'UTC 0';
tzset();
foreach $line (@leasefile) {
if ($line =~ /lease ([\d]+\.[\d]+\.[\d]+\.[\d]+)/) {
$lease = string2ip($1);
defined($lease) || next;
undef $startdate;
undef $enddate;
}
elsif ($line =~ /starts \d ([\d]{4})\/([\d]{2})\/([\d]{2}) ([\d]{2}):([\d]{2}):([\d]{2})/) {
$startdate = mktime($6, $5, $4, $3, $2-1, $1-1900, 0, 0);
}
elsif ($line =~ /ends \d ([\d]{4})\/([\d]{2})\/([\d]{2}) ([\d]{2}):([\d]{2}):([\d]{2})/) {
$enddate = mktime($6, $5, $4, $3, $2-1, $1-1900, 0, 0);
if (defined($enddate) && defined($startdate) && defined($lease)) {
if ($startdate < time() && $enddate > time()) {
push (@activeleases, $lease);
}
}
}
}
# Set TZ back to its original setting
if (defined($mytz)) {
$ENV{'TZ'} = $mytz;
}
else {
delete $ENV{'TZ'};
}
tzset();
# Sort the array, strip doubles, and return
return grep(!$saw{$_}++, @activeleases);
}
#
# Helper routine to convert an IP address a.b.c.d into an integer
#
# Returns an integer representation of an IP address
sub string2ip {
my $string = shift;
defined($string) || return undef;
if ($string =~ /([\d]+)\.([\d]+)\.([\d]+)\.([\d]+)/) {
if ($1 < 0 || $1 > 255 || $2 < 0 || $2 > 255 || $3 < 0 || $3 > 255 || $4 < 0 || $4 > 255) {
return undef;
}
else {
return $1 << 24 | $2 << 16 | $3 << 8 | $4;
}
}
return undef;
}
#
# Returns a dotted quad notation of an
#
sub ip2string {
my $ip = shift;
defined ($ip) || return undef;
return sprintf ("%d.%d.%d.%d", ($ip >> 24) & 0xff, ($ip >> 16) & 0xff, ($ip >> 8) & 0xff, $ip & 0xff);
}

5
roles/install_monitoring/files/munin_fastd_conf
Unescape Escape View File

@ -0,0 +1,5 @@
[fastd_*]
user root
group root
env.socketfile /run/ffmyk.socket

124
roles/install_monitoring/files/munin_fastd_plugin
Unescape Escape View File

@ -0,0 +1,124 @@
#!/usr/bin/perl -w
# -*- perl -*-
=head1 NAME
fastd_ - Plugin to monitor fastd uptime, peers and traffic
=head1 CONFIGURATION
Set user and group to have access to the socket
Set path to socketfile if not /tmp/fastd.sock
[fastd_*]
user fastd
group fastd
env.socketfile /tmp/fastd.sock
=head1 USAGE
Link this plugin to /etc/munin/plugins/ with the type of graph (uptime, peers, traffic)
append to the linkname, ie: /etc/munin/plugins/fastd_peers
After creating the links, restart munin-node. Don't forget to configure the plugin!
=head1 AUTHORS
Dominique Goersch <mail@dgoersch.info>
=head1 LICENSE
GPLv2
=head1 MAGIC MARKERS
#%# family=manual
#%# capabilities=suggest
=cut
use strict;
use warnings;
use File::Basename;
use IO::Socket::UNIX qw( SOCK_STREAM );
use JSON;
my $mode = basename($0); #get basename
$mode =~ s/fastd_//; #and strip 'fastd_' to get the mode
if ($ARGV[0] and $ARGV[0] eq "config") { #config graph
if ($mode eq 'uptime') { #for uptime
print "graph_title fastd Uptime\n";
print "graph_info This graph shows the uptime of the fastd on this supernode\n";
print "graph_args -l 0\n";
print "graph_scale no\n";
print "graph_vlabel uptime in days\n";
print "graph_category fastd\n";
print "uptime.label uptime\n";
print "uptime.draw AREA\n";
}
elsif ($mode eq 'peers') { #for peers
print "graph_title fastd peers\n";
print "graph_info This graph shows the peers of the fastd on this supernode\n";
print "graph_args -l 0\n";
print "graph_scale no\n";
print "graph_vlabel peers count\n";
print "graph_category fastd\n";
print "peers.label peers\n";
print "peers.draw AREA\n";
}
elsif ($mode eq 'traffic') { #for traffic
print "graph_order down up\n";
print "graph_title fastd traffic\n";
print "graph_args --base 1000\n";
print "graph_vlabel bits in (-) / out (+) per second\n";
print "graph_category fastd\n";
print "graph_info This graph shows the traffic of fast.\n";
print "down.label received\n";
print "down.type DERIVE\n";
print "down.graph no\n";
print "down.cdef down,8,*\n";
print "down.min 0\n";
print "up.label bps\n";
print "up.type DERIVE\n";
print "up.negative down\n";
print "up.cdef up,8,*\n";
print "up.min 0\n";
}
exit 0;
}
if ($ARGV[0] and $ARGV[0] eq "suggest") { #tell munin about our graphs
print "uptime\n";
print "peers\n";
print "traffic\n";
}
my $statusfile = exists $ENV{'socketfile'} ? $ENV{'socketfile'} : "/tmp/fastd.sock"; #get path to socket from environment or use default
my $socket = IO::Socket::UNIX->new(Type => SOCK_STREAM,Peer => $statusfile) #open socket
or die("Can't connect to server: $!\n");
my $fastdstatus = "";
foreach my $line (<$socket>) {$fastdstatus .= $line;} #read contents from socket
my $json = decode_json($fastdstatus); #decode json
my $fastd_uptime = $json->{uptime}; #get the uptime from json
#my $fastd_peers = scalar(keys(%{$json->{peers}})); #get number of peers from json
my $fastd_peers = 0;
for my $key (keys(%{$json->{peers}})) {
$fastd_peers = $fastd_peers + ($json->{peers}{$key}{connection}? 1 : 0);
}
my $fastd_rx_bytes = $json->{statistics}->{rx}->{bytes}; #get recieved bytes from json
my $fastd_tx_bytes = $json->{statistics}->{tx}->{bytes}; #get transmittetd bytes from json
if ( $mode eq 'uptime' ) {
printf "uptime.value %.0f\n",$fastd_uptime/86400000; #return uptime in seconds
} elsif ($mode eq 'peers') {
print "peers.value $fastd_peers\n"; #return number of peers
} elsif ($mode eq 'traffic') {
print "up.value $fastd_tx_bytes\n"; #return transmitted bytes
print "down.value $fastd_rx_bytes\n"; #and recieved bytes
}

6
roles/install_monitoring/files/munin_global_conf
Unescape Escape View File

@ -0,0 +1,6 @@
[fw_*]
user root
[if_ens3]
env.speed 1000

37
roles/install_monitoring/files/vnstat
Unescape Escape View File

@ -0,0 +1,37 @@
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name localhost;
charset UTF-8;
index index.html index.htm;
root /srv/http/vnstat;
location / {
try_files $uri $uri/ =404;
autoindex on;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
allow ::1;
deny all;
}
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf|svg)$ {
expires 30d;
# Optional: Don't log access to assets
access_log off;
}
}

45
roles/install_monitoring/files/vnstat.sh
Unescape Escape View File

@ -0,0 +1,45 @@
#!/bin/sh
set -e
IFACES=$(ls /var/lib/vnstat/)
TARGET=/srv/http/vnstat/
for iface in $IFACES; do
/usr/bin/vnstati -i ${iface} -h -o ${TARGET}${iface}_hourly.png
/usr/bin/vnstati -i ${iface} -d -o ${TARGET}${iface}_daily.png
/usr/bin/vnstati -i ${iface} -m -o ${TARGET}${iface}_monthly.png
/usr/bin/vnstati -i ${iface} -t -o ${TARGET}${iface}_top10.png
/usr/bin/vnstati -i ${iface} -s -o ${TARGET}${iface}_summary.png
done
cat > ${TARGET}index.html <<EOT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<titleu1 - Network Traffic</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Language" content="en" />
</head>
<body style="white-space: nowrap">
EOT
for iface in $IFACES; do
sed s/IFACE/${iface}/g >> ${TARGET}index.html <<EOT
<div style="display:inline-block;vertical-align: top">
<img src="IFACE_summary.png" alt="traffic summary" /><br>
<img src="IFACE_monthly.png" alt="traffic per month" /><br>
<img src="IFACE_hourly.png" alt="traffic per hour" /><br>
<img src="IFACE_top10.png" alt="traffic top10" /><br>
<img src="IFACE_daily.png" alt="traffic per day" />
</div>
EOT
done
echo "</body></html>" >> ${TARGET}index.html

124
roles/install_monitoring/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,124 @@
---
- name: install vnstat
pacman:
name: vnstat
state: present
- name: start and enable vnstat service
systemd:
name: vnstat.service
enabled: yes
state: started
- name: add interfaces to vnstat
command: /usr/bin/vnstat -u -i {{ item }}
args:
creates: '/var/lib/vnstat/{{ item }}'
with_items:
- bat0
- ens3
- ffmyk-mesh-vpn
- mullvad
- name: add output folder for vnstat graphs
file:
path: /srv/http/vnstat
state: directory
- name: add bash script to generate vnstat graphs
copy:
src: vnstat.sh
dest: /usr/local/bin/vnstat.sh
mode: 0744
- name: add cronjob to generate vnstat graphs
cron:
name: vnstat
minute: '*/5'
user: root
cron_file: fastd-api
job: '/usr/local/bin/vnstat.sh'
- name: add vnstat nginx config
copy:
src: vnstat
dest: /etc/nginx/sites-available/vnstat
register: nginx_config
- name: enable vnstat nginx config
file:
src: /etc/nginx/sites-available/vnstat
dest: /etc/nginx/sites-enabled/vnstat
state: link
- name: reload nginx
when: nginx_config.changed
systemd:
name: nginx.service
state: reloaded
- name: add bash script to check internet
copy:
src: check_internet.sh
dest: /usr/local/bin/check_internet.sh
mode: 0744
- name: add cronjob to check internet
cron:
name: check_internet
user: root
cron_file: fastd-api
job: '/usr/local/bin/check_internet.sh'
- name: install munin
pacman:
name: munin-node
state: present
- name: copy munin-node config
template:
src: munin-node.conf.j2
dest: /etc/munin/munin-node.conf
- name: copy fastd plugin
copy:
src: munin_fastd_plugin
dest: /usr/lib/munin/plugins/fastd_
- name: copy dhcp-pool plugin
copy:
src: munin_dhcp_pool_plugin
dest: /usr/lib/munin/plugins/dhcp-pool
- name: copy fastd plugin config
copy:
src: munin_fastd_conf
dest: /etc/munin/plugin-conf.d/fastd
- name: copy global config
copy:
src: munin_global_conf
dest: /etc/munin/plugin-conf.d/global
- name: install netstat
pacman:
name: net-tools
state: present
- name: install perl-lwp-protocol-https
pacman:
name: perl-lwp-protocol-https
state: present
- name: enable munin plugins
file:
path: /etc/munin/plugins/{{ item.name }}
src: /usr/lib/munin/plugins/{{ item.plugin | default( item.name ) }}
state: link
with_items: "{{ munin_node_plugins }}"
- name: start and enable munin-node
systemd:
name: munin-node.service
enabled: yes
state: started

49
roles/install_monitoring/templates/munin-node.conf.j2
Unescape Escape View File

@ -0,0 +1,49 @@
log_level 4
log_file Sys::Syslog
pid_file /run/munin/munin-node.pid
background 1
setsid 1
user root
group root
# This is the timeout for the whole transaction.
# Units are in sec. Default is 15 min
#
global_timeout 290
# This is the timeout for each plugin.
# Units are in sec. Default is 1 min
#
timeout 60
# Regexps for files to ignore
ignore_file [\#~]$
ignore_file DEADJOE$
ignore_file \.bak$
ignore_file %$
ignore_file \.dpkg-(tmp|new|old|dist)$
ignore_file \.rpm(save|new)$
ignore_file \.pod$
# Set this if the client doesn't report the correct hostname when
# telnetting to localhost, port 4949
#
host_name {{ ansible_nodename }}
# A list of addresses that are allowed to connect. This must be a
# regular expression, since Net::Server does not understand CIDR-style
# network notation unless the perl module Net::CIDR is installed. You
# may repeat the allow line as many times as you'd like
allow ^127\.0\.0\.1$
allow ^2a01:4f8:151:13cd::35$
allow ^::1$
# Which address to bind to;
host *
# And which port
port 4949

29
roles/install_nginx/files/nginx.conf
Unescape Escape View File

@ -0,0 +1,29 @@
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
access_log off;
error_log /var/log/nginx/error.log;
#gzip on;
gzip off;
gzip_disable "msie6";
charset UTF-8;
# Virtual Host Config
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

26
roles/install_nginx/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,26 @@
---
- name: install nginx
pacman:
name: nginx
state: present
- name: copy nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
- name: add sites-available folder
file:
path: /etc/nginx/sites-available
state: directory
- name: add sites-enabled folder
file:
path: /etc/nginx/sites-enabled
state: directory
- name: start and enable nginx
systemd:
name: nginx.service
enabled: yes
state: started

2
setup_fastd.yml
Unescape Escape View File

@ -7,6 +7,7 @@
- configure_journald
- configure_sysctl
- configure_iptables
- install_nginx
- install_ntp
- install_haveged
- setup_batman
@ -14,4 +15,5 @@
- install_bind
- install_fastd
- install_openvpn
- install_monitoring
- install_admin_packages

Write Preview
Loading…
Cancel
Save