added $mesh_interface to ffnord::fastd to enabe multiple fastd instan…

…ces with different interface ids
ffnord · Jun 18, 2015 · c627995 · c627995
1 parent 41a0dc9
commit c627995
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 26 deletions.
diff --git a/README.md b/README.md
@@ -93,12 +93,12 @@ ffnord::mesh { 'mesh_ffgc':
       vpn_mac      => "de:ad:be:ff:de:ad",
       mesh_ipv6    => "fd35:f308:a922::ff00/64,
       mesh_ipv4    => "10.35.0.1/19",
-      mesh_mtu     => "1426",
+      mesh_mtu     => "1280",
       range_ipv4   => "10.35.0.0/16",
       mesh_peerings => "/root/mesh_peerings.yaml",
 
       fastd_secret => "/root/fastd_secret.key",
-      fastd_port   => 10035,
+      fastd_port   => 11235,
       fastd_peers_git => 'git://somehost/peers.git',
 
       dhcp_ranges => [ '10.35.0.2 10.35.0.254'
@@ -130,6 +130,18 @@ class {
     openvpn_password => "brucessecretpw",
 }
 
+ffnord::fastd { "ffgc_old":
+    mesh_name       => "mesh_ffgc",
+    mesh_code       => "ffgc",
+    mesh_interface  => "ffgc-old",
+    mesh_mac        => "de:ad:be:ee:de:ad",
+    vpn_mac         => "de:ad:be:fe:de:ad",
+    mesh_mtu        => 1460,
+    fastd_secret    => "/root/fastd_secret.conf",
+    fastd_port      => 10000,
+    fastd_peers_git => '/vagrant/fastd/gc/'
+}
+
 ffnord::icvpn::setup {
   'gotham_city0':
     icvpn_as => 65035,

diff --git a/manifests/fastd.pp b/manifests/fastd.pp
@@ -1,5 +1,6 @@
 define ffnord::fastd( $mesh_name
                      , $mesh_code
+                     , $mesh_interface # may not be more than 10 characters
                      , $mesh_mac
                      , $vpn_mac
                      , $mesh_mtu = 1426
@@ -15,65 +16,68 @@
   include ffnord::resources::fastd::auto_fetch_keys
 
   ffnord::monitor::nrpe::check_command {
-    "fastd_${mesh_code}":
-      command => "/usr/lib/nagios/plugins/check_procs -c 1:1 -w 1:1 -C fastd --ereg-argument \"${mesh_code}-mesh-vpn\\b\"";
+    "fastd_${mesh_interface}":
+      command => "/usr/lib/nagios/plugins/check_procs -c 1:1 -w 1:1 -C fastd -a \"${mesh_interface}-mvpn\"";
   }
 
   ffnord::monitor::zabbix::check_script {
-    "${mesh_code}_fastdcons":
+    "${mesh_interface}_fastdcons":
       mesh_code => $mesh_code,
       scriptname => "fastd_connections",
       sudo => true;
-    "${mesh_code}_fastdcons6":
+    "${mesh_interface}_fastdcons6":
       mesh_code => $mesh_code,
       scriptname => "fastd_connections6",
       sudo => true;
   }
 
   file {
-    "/etc/fastd/${mesh_code}-mesh-vpn/":
+    "/etc/fastd/${mesh_interface}-mvpn/":
       ensure =>directory,
              require => Package[ffnord::resources::fastd];
-    "/etc/fastd/${mesh_code}-mesh-vpn/fastd.conf":
+    "/etc/fastd/${mesh_interface}-mvpn/fastd.conf":
       ensure => file,
              notify => Service[ffnord::resources::fastd],
              content => template('ffnord/etc/fastd/fastd.conf.erb');
-    "/etc/fastd/${mesh_code}-mesh-vpn/secret.conf":
+    "/etc/fastd/${mesh_interface}-mvpn/secret.conf":
       ensure => file,
       source => $fastd_secret,
       mode => '0600',
-  } ->
-  ffnord::batman-adv { "ffnord_batman_adv_${mesh_code}":
-    mesh_code => $mesh_code;
-  } ->
-  vcsrepo { "/etc/fastd/${mesh_code}-mesh-vpn/peers":
+  }
+  if ! defined(Ffnord::Batman-Adv["ffnord_batman_adv_${mesh_code}"]) {
+      ffnord::batman-adv { "ffnord_batman_adv_${mesh_code}":
+        mesh_code => $mesh_code;
+      }
+  }
+  vcsrepo { "/etc/fastd/${mesh_interface}-mvpn/peers":
     ensure   => present,
     provider => git,
+    require  => Ffnord::Batman-adv["ffnord_batman_adv_${mesh_code}"],
     source   => $fastd_peers_git,
     notify   => Class[ffnord::resources::fastd::auto_fetch_keys];
   } ->
-  ffnord::firewall::service { "fastd-${mesh_code}":
+  ffnord::firewall::service { "fastd-${mesh_interface}":
     ports  => [$fastd_port],
     protos => ['udp'],
     chains => ['wan']
   }
 
   file {
-    "/etc/fastd/${mesh_code}-mesh-vpn/peers/.git/hooks/post-merge":
+    "/etc/fastd/${mesh_interface}-mvpn/peers/.git/hooks/post-merge":
        ensure => file,
        owner => 'root',
        group => 'root',
        mode => '0755',
        content => "#!/bin/sh\n/usr/local/bin/update-fastd-keys reload",
-       require => Vcsrepo["/etc/fastd/${mesh_code}-mesh-vpn/peers"];
+       require => Vcsrepo["/etc/fastd/${mesh_interface}-mvpn/peers"];
   }
 
   file_line {
-   "root_bashrc_fastd_query_${mesh_code}":
+   "root_bashrc_fastd_query_${mesh_interface}":
      path => '/root/.bashrc',
-     line => "alias fastd-query-${mesh_code}='FASTD_SOCKET=/var/run/fastd-status.${mesh_code}.sock fastd-query'"
+     line => "alias fastd-query-${mesh_interface}='FASTD_SOCKET=/var/run/fastd-status.${mesh_interface}.sock fastd-query'"
   }
 
-  ffnord::etckeeper::ignore { "/etc/fastd/${mesh_code}-mesh-vpn/peers/": }
+  ffnord::etckeeper::ignore { "/etc/fastd/${mesh_interface}-mvpn/peers/": }
 
 }
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -4,7 +4,7 @@
   $mesh_as,          # AS of your community
   $mesh_mac,         # mac address mesh device: 52:54:00:bd:e6:d4
   $vpn_mac,          # mac address vpn device, ideally != mesh_mac and unique
-  $mesh_mtu = 1426,  # mtu used, default only suitable for fastd via ipv4
+  $mesh_mtu = 1280,  # mtu used, default only suitable for fastd via ipv4
   $range_ipv4,       # ipv4 range allocated to community in cidr notation, e.g. 10.35.0.1/16
   $mesh_ipv4,        # ipv4 address in cidr notation, e.g. 10.35.0.1/19
   $mesh_ipv6,        # ipv6 address in cidr notation, e.g. fd35:f308:a922::ff00/64
@@ -65,6 +65,7 @@
   ffnord::fastd { "fastd_${mesh_code}":
     mesh_name => $mesh_name,
     mesh_code => $mesh_code,
+    mesh_interface => "${mesh_code}",
     mesh_mac  => $mesh_mac,
     vpn_mac   => $vpn_mac,
     mesh_mtu  => $mesh_mtu,

diff --git a/templates/etc/fastd/fastd.conf.erb b/templates/etc/fastd/fastd.conf.erb
@@ -1,16 +1,16 @@
 # managed by puppet -- editing is futile
 
-log to syslog as "fastd-<%= @mesh_code %>" level error;
-interface "<%= @mesh_code %>-mesh-vpn";
+log to syslog as "fastd-<%= @mesh_interface %>" level error;
+interface "<%= @mesh_interface %>-mvpn";
 method "salsa2012+umac";    # since fastd v15
 method "salsa2012+gmac";
 method "xsalsa20-poly1305"; # deprecated
 bind any:<%= @fastd_port %>;
 hide ip addresses yes;
 hide mac addresses yes;
 include "secret.conf";
-mtu <%= @mesh_mtu %>; # 1492 - IPv{4,6} Header - fastd Header...
-status socket "/var/run/fastd-status.<%= @mesh_code %>.sock";
+mtu <%= @mesh_mtu %>;
+status socket "/var/run/fastd-status.<%= @mesh_interface %>.sock";
 include peers from "peers";
 on up "
  modprobe batman-adv
@@ -19,5 +19,5 @@ on up "
  ip link set address <%= @mesh_mac %> dev bat-<%= @mesh_code %>
  ifup bat-<%= @mesh_code %>
  ip link set up dev $INTERFACE
- service alfred start bat-<%= @mesh_code %>
+ service alfred start bat-<%= @mesh_code %> # maybe this only at first instance?
 ";