prepare networkd

0a4b1eee · skorpy · cf3e3dcb · cf3e3dcb · 0a4b1eee · cf3e3dcb
Commit 0a4b1eee authored 10 months ago by skorpy
--- a/bird/files/gateway/radv.conf.j2
+++ b/bird/files/gateway/radv.conf.j2
-protocol radv radv_dom{{ domain_id }} {
-	{%- if not salt['domains.radv_enabled'](domain) %}
-	disabled;
-	{%- endif %}
-	interface "dom{{ domain_id }}-bat" {
-		min delay {{ salt['pillar.get']('radv:min_delay', 3) }};
-		max ra interval 60;
-		other config yes;
-		{%- for prefix,prefixval in pillar['domains'][domain]['IPv6']['subnets'].items()|sort %}
-		prefix {{ prefix }} {
-		{%- if not ('announce' in prefixval and prefixval['announce'] == False ) %}
-			valid lifetime 3600;
-			preferred lifetime 1800;
-		{%- else %}
-			skip yes;
-		{%- endif %}
-		};
-		{%- endfor %}
-		rdnss {
-			{%- for ns in pillar['domains'][domain]['IPv6']['name_servers']|sort %}
-			ns {{ ns }};
-			{%- endfor %}
-		};
-		dnssl {
-			{%- for domain in salt['pillar.get']('domains:%s:search'|format(domain))|sort %}
-			domain "{{ domain }}";
-			{%- endfor %}
-		};
-		link mtu {{ salt['pillar.get']('domains:%s:mtu'|format(domain)) - 32 }};
-	};
-}
--- a/bird/init.sls
+++ b/bird/init.sls
@@ -2,7 +2,6 @@ include:
  - ferm
  - bird.exporter
 {%- if 'gateway' in salt['pillar.get']('roles', [])  %}
-  - bird.radv
  - bird.domains
 {%- endif %}


--- a/bird/radv.sls
+++ b/bird/radv.sls
-include:
-  - bird
-
-{% for domain_key, domain_val in salt['pillar.get']('domains', {}).items() %}
-
-/etc/bird/bird6.d/50-radv-dom{{ domain_val['domain_id'] }}.conf:
-  file.managed:
-    - source: salt://bird/files/gateway/radv.conf.j2
-    - user: root
-    - grup: root
-    - mode: '0644'
-    - template: jinja
-    - context:
-        domain: {{ domain_key }}
-        domain_id: {{ domain_val['domain_id'] }}
-    - require:
-        - file: /etc/bird/bird6.d
-
-{% endfor %}
--- a/network/domains-batman-systemd.sls
+++ b/network/domains-batman-systemd.sls
@@ -33,16 +33,15 @@ include:
        vtep: {{ pillar['vtep'] }}

 /etc/systemd/system/dom@.service:
-  file.managed:
-    - source: salt://network/files/multidomain.service.j2
-    - user: root
-    - group: root
-    - mode: '0644'
-    - template: jinja
+  file.absent
+
+dom.service:
+  service.masked

 {% for domain in salt['pillar.get']('domains', {}).keys() %}
 {% set domain_id = salt['pillar.get']('domains:%s:domain_id'|format(domain)) %}
 /opt/multidomain/dom_{{ domain_id }}_up.sh:
+  file.absent
  file.managed:
    - source: salt://network/files/ifup-domain-batman.sh.j2
    - mode: '0700'
@@ -56,6 +55,7 @@ include:
        vtep: {{ pillar['vtep'] }}

 /opt/multidomain/dom_{{ domain_id }}_down.sh:
+  file.absent
  file.managed:
    - source: salt://network/files/ifdown-domain-batman.sh.j2
    - mode: '0700'
@@ -84,19 +84,6 @@ include:
        routing: {{ pillar['routing'] }}
 {% endif %}

-dom@{{ domain_id }}:
-  service.running:
-    - enable: True
-    - watch:
-      - file: /etc/systemd/system/dom@.service
-      - file: /opt/multidomain/dom_{{ domain_id }}_down.sh
-      - file: /opt/multidomain/dom_{{ domain_id }}_up.sh
-    - require:
-      - file: /etc/systemd/system/dom@.service
-      - file: /opt/multidomain/dom_{{ domain_id }}_down.sh
-      - file: /opt/multidomain/dom_{{ domain_id }}_up.sh
-      {% if 'gateway' in salt['pillar.get']('roles', []) %}
-      - service: kea-dhcp4-server
-      - service: kea-dhcp6-server
-      {% endif %}
+dom@{{ domain_id }}.service:
+  service.masked
 {% endfor %}
--- a/network/files/ifdown-domain-batman.sh.j2
+++ b/network/files/ifdown-domain-batman.sh.j2
-{%- set host_id = salt['pillar.get']('host:id:primary') -%}
-{%- set with_batman_adv = salt['pillar.get']('domains:%s:batman-adv'|format(domain), False) -%}
-{%- set with_fastd = salt['pillar.get']('domains:%s:fastd'|format(domain), False) -%}
-
-#!/bin/bash
-# kill everything
-{%- if 'gateway' in salt['pillar.get']('roles', []) and with_fastd %}
-    systemctl stop fastd@dom{{ domain_id }}_{{ salt['pillar.get']('domains:%s:mtu'|format(domain), 1312) }}
-{%- endif %}
-{%- if salt['pillar.get']('domains:%s:vxlan_vid'|format(domain), {}) %}
-    ip link del dev dom{{ domain_id }}-tp
-{%- endif %}
-    ip link del dev dom{{ domain_id }}-bat
-    ip link del dev dom{{ domain_id }}-br
--- a/network/files/ifup-domain-batman.sh.j2
+++ b/network/files/ifup-domain-batman.sh.j2
-#!/bin/bash
-{%- set host_id = salt['pillar.get']('host:id:primary') -%}
-{%- set with_batman_adv = salt['pillar.get']('domains:%s:batman-adv'|format(domain), False) -%}
-{%- set with_fastd = salt['pillar.get']('domains:%s:fastd'|format(domain), False) -%}
-{%- set gw_mode = salt['pillar.get']('domains:%s:batman-adv:gw_mode:enabled'|format(domain), False) %}
-{%- set features = salt['pillar.get']('domains:%s:batman-adv:features'|format(domain), {}) %}
-{%- set dat = features.get('dat', True) %}
-{%- set mm_mode = features.get('mm', False) %}
-{%- set mesh_announce_enable = False %}
-
-# client bridge
-	ip link add dev dom{{ domain_id }}-br type bridge
-	ip link set address {{ salt['net.clientbr_mac'](domain_id, host_id) }} dev dom{{ domain_id }}-br
-	ip link set dev dom{{ domain_id }}-br up
-	# Legacy IP Addr
-	{%- if salt['pillar.get']('domains:%s:IPv4:address'|format(domain), {}) %}
-	ip addr add {{ salt['pillar.get']('domains:%s:IPv4:address'|format(domain)) }} dev dom{{ domain_id }}-br
-	{%- endif %}
-	# ip6 addr
-	{%- if salt['pillar.get']('domains:%s:IPv6:address'|format(domain), {})%}
-	{%- for address in salt['pillar.get']('domains:%s:IPv6:address'|format(domain), {}) %}
-	ip addr add {{ address }}/64 dev dom{{ domain_id }}-br
-	{%- endfor %}
-	{%- endif %}
-	echo 0 > /proc/sys/net/ipv6/conf/dom{{ domain_id }}-br/accept_ra
-
-{% if with_batman_adv %}
-# batman mesh interface
-	ip link add dom{{ domain_id }}-bat type batadv
-	ip link set address  {{ salt['net.batadv_mac'](domain_id, host_id) }} dev dom{{ domain_id }}-bat
-	# actions
-	ip link set dev dom{{ domain_id }}-bat up
-	# Bridge to master
-	ip link set master dom{{ domain_id }}-br dev dom{{ domain_id }}-bat
-	### batman_adv parameters
-	# disable ipv6 autoconfig
-	echo 0 > /proc/sys/net/ipv6/conf/dom{{ domain_id }}-bat/accept_ra
-	# Multicast
-	{%- if mm_mode %}
-	# multicast optimizations enabled
-	batctl -m dom{{ domain_id }}-bat mm 1
-	echo 2 > /sys/class/net/dom{{ domain_id }}-bat/brport/multicast_router
-	{%- else %}
-	# multicast optimizations disabled
-	batctl -m dom{{ domain_id }}-bat mm 0
-	{%- endif %}
-	# DAT
-	{%- if dat  %}
-	batctl -m dom{{ domain_id }}-bat dat 1
-	{%- else %}
-	batctl -m dom{{ domain_id }}-bat dat 0
-	{%- endif %}
-	{%- if salt['pillar.get']('domains:%s:batman-adv:hop_penalty'|format(domain), False) %}
-	# hop penalty
-	echo {{ salt['pillar.get']('domains:%s:batman-adv:hop_penalty'|format(domain)) }} > /sys/class/net/dom{{ domain_id }}-bat/mesh/hop_penalty
-	{%- else %}
-	# hop penalty remains at default
-	{%- endif %}
-
-	# GW-Mode
-	{%- if gw_mode  %}
-	{%- set uplink = salt['pillar.get']('domains:%s:batman-adv:gw_mode:uplink', '100mbit') %}
-	{%- set downlink = salt['pillar.get']('domains:%s:batman-adv:gw_mode:uplink', '100mbit') %}
-	batctl -m dom{{ domain_id }}-bat gw server {{ uplink }}/{{ downlink }}
-	{%- else %}
-	batctl -m dom{{ domain_id }}-bat gw off
-	{%- endif %}
-
-	systemctl restart fastd@dom{{ domain_id }}_{{ salt['pillar.get']('domains:%s:mtu'|format(domain), 1312) }}
-{% endif %}
-
-{%- if salt['pillar.get']('domains:%s:vxlan_vid'|format(domain), {}) %}
-#l2-transport-vxlan
-	ip link add dom{{ domain_id }}-tp type vxlan id {{ salt['pillar.get']('domains:%s:vxlan_vid'|format(domain)) }} group ff02::15c dev {{ salt['pillar.get']('ferm:transport_interface', 'ens14') }} dstport 4789
-	ip link set address  {{ salt['net.vxlan_mac'](domain_id, host_id) }} dev dom{{ domain_id }}-tp
-	ip link set up dev dom{{ domain_id }}-tp
-	#ethtool -K dom{{ domain_id }}-tp tx off rx off
-
-	{%- if with_batman_adv %}
-	# batman-adv specific hooks
-	ip link set master dom{{ domain_id }}-bat dev dom{{ domain_id }}-tp
-	ip link set mtu {{ salt['pillar.get']('domains:%s:mtu'|format(domain), 1312) }} dev dom{{ domain_id }}-tp
-	{% endif %}
-	{%- for vtepIP in vtep.values()|sort %}
-	bridge fdb append 00:00:00:00:00:00 dev dom{{ domain_id }}-tp dst {{ vtepIP }}
-	{%- endfor %}
-{% endif %}
-
-{%- if 'gateway' in salt['pillar.get']('roles', []) and with_fastd %}
-{%- for instance in salt['pillar.get']('domains:%s:fastd:instances'|format(domain)) %}
-
-# l2 tunnel (fastd)
-	ip link set address {{ salt['fastd.mac'](domain_id, host_id) }} dev dom{{ domain_id }}-vpn-{{ instance['mtu'] }}
-	ip link set up dev dom{{ domain_id }}-vpn-{{ instance['mtu'] }}
-	{%- if with_batman_adv %}
-	# batman-adv specific hooks
-	ip link set master dom{{ domain_id }}-bat dev dom{{ domain_id }}-vpn-{{ instance['mtu'] }}
-	{%- endif %}
-{%- endfor %}
-{%- endif %}
-
-# Restarting services
-	{% if 'gateway' in salt['pillar.get']('roles', []) %}
-	birdc6 restart radv_dom{{ domain_id }}
-	systemctl reset-failed && systemctl restart isc-kea-dhcp4-server
-	systemctl reset-failed && systemctl restart isc-kea-dhcp6-server
-	{%- endif %}
-	{%- if 'yanic' in salt['pillar.get']('roles', []) %}
-	systemctl reset-failed && systemctl restart yanic
-	{%- endif %}
--- a/network/files/multidomain.service.j2
+++ b/network/files/multidomain.service.j2
-[Unit]
-Description=FFFFM Domain %I
-After=network.service
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-User=root
-Group=root
-Type=oneshot
-RemainAfterExit=true
-ExecStart=/opt/multidomain/dom_%i_up.sh
-ExecStop=/opt/multidomain/dom_%i_down.sh
-
-[Install]
-WantedBy=multi-user.target
--- a/network/files/systemd/batadv.netdev.j2
+++ b/network/files/systemd/batadv.netdev.j2
+[NetDev]
+Name={{ domain }}-bat
+Kind=batadv
+
+MACAddress={{ salt['net.batadv_mac'](domain_id, salt['pillar.get']('host:id:primary')) }}
+
+[BatmanAdvanced]
+RoutingAlgorithm=batman-iv
+OriginatorIntervalSec=5
+
+
+{% if salt['pillar.get']('domains:%s:batman-adv:gw_mode:enabled'|format(domain), False) %}
+HopPenalty=15
+GatewayMode=server
+GatewayBandwidthDown=100M
+GatewayBandwidthUp=100M
+{%- else %}
+GatewayMode=client
+{% endif %}
--- a/network/files/systemd/batadv.network.j2
+++ b/network/files/systemd/batadv.network.j2
+[Match]
+Name={{ domain }}-bat
+
+[Link]
+RequiredForOnline=false
+
+[Network]
+{%- if salt['pillar.get']('domains:%s:IPv4:address'|format(domain), {}) %}
+Address={{ salt['pillar.get']('domains:%s:IPv4:address'|format(domain)) }}
+{%- endif %}
+{%- if salt['pillar.get']('domains:%s:IPv6:address'|format(domain), {})%}
+{%- for address in salt['pillar.get']('domains:%s:IPv6:address'|format(domain), {}) %}
+Address={{ address }}/64
+{%- endfor %}
+{%- endif %}
+DHCP=no
+IPv6AcceptRA=false
+
+{% if salt['domains.radv_enabled'](domain) %}
+[Network]
+IPv6SendRA=yes
+
+[IPv6SendRA]
+Managed=false
+OtherInformation=true
+RouterLifetimeSec=1800
+RouterPreference=high
+
+{%- for prefix,prefixval in pillar['domains'][domain]['IPv6']['subnets'].items()|sort %}
+{%- if not ('announce' in prefixval and prefixval['announce'] == False ) %}
+[IPv6Prefix]
+Prefix={{ prefix }}
+{%- endif %}
+{%- endfor %}
+
+[IPv6PREF64Prefix]
+Prefix=64:ff9b::/96
+ValidLifetimeSec=1800
+
+{%- endif %}