diff options
| -rw-r--r-- | dan/ele-ap.yml | 12 | ||||
| -rw-r--r-- | dan/group_vars/ele-ap.yml | 26 | ||||
| -rw-r--r-- | inventory/group_vars/accesspoints/main.yml | 129 | ||||
| -rw-r--r-- | inventory/group_vars/ele-ap/main.yml | 133 | ||||
| -rw-r--r-- | inventory/group_vars/elevate-festival/main.yml | 21 | ||||
| -rw-r--r-- | inventory/hosts.ini | 11 | ||||
| -rw-r--r-- | roles/openwrt/image/tasks/main.yml | 5 |
7 files changed, 184 insertions, 153 deletions
diff --git a/dan/ele-ap.yml b/dan/ele-ap.yml index 45e65385..a64ed8a4 100644 --- a/dan/ele-ap.yml +++ b/dan/ele-ap.yml @@ -4,3 +4,15 @@ roles: - role: openwrt/image delegate_to: localhost + post_tasks: + - name: copy image to target + command: "scp '{{ openwrt_output_images[0] }}' '{{ inventory_hostname }}:/tmp/ansible-upgrade.img'" + + - name: run sysupgrade + command: "ssh '{{ inventory_hostname }}' sysupgrade -n '/tmp/ansible-upgrade.img'" + ignore_errors: true + failed_when: false + register: sysupgrade_result + + - debug: + var: sysupgrade_result.stdout diff --git a/dan/group_vars/ele-ap.yml b/dan/group_vars/ele-ap.yml index e2fa2029..4b4e32a0 100644 --- a/dan/group_vars/ele-ap.yml +++ b/dan/group_vars/ele-ap.yml @@ -1,14 +1,14 @@ $ANSIBLE_VAULT;1.2;AES256;dan -36363930303936313565623666326261663431626135333437363838666533363761356466313961 -3663353830303861323030333933316261313364373466320a343161366231333333316631646636 -31623261336238656332373534663839326165633932393639346536373732326533363835336237 -6132343734346364340a333266366362306162666461353063316464316163373663666536653539 -37323832386530623530326663633535663164633231356139656333393236653562643437306233 -37656666653338363334346363343834656434633835353231386462316631313531636631373635 -66313061666636386565656465363462343631383236343964626463366633383133383866393031 -37633332323865663566643464626539373733383034353532333438346162616362633838373864 -35636364643363663034666237303138636134633666313839386365633562646661623531306662 -33396530393765313631343836393635356431323064386165363333323666373234656338316139 -39333032626336663431366430643562336565353361336263393836353065666561623237343938 -33333130373839653930643433333339373463643461663139346139393766356535396562633832 -3336 +35363463326632396535613230313564373734643836393765393462316437393436633534363832 +6661393637633262333839353166386664306536376137330a323765653161306331376635623339 +65616162383933313032356566343438363239343038303162316631393461366136646337336264 +6139636331363364330a333833323638303364663433646138353038363731313338396638616630 +36386466343637356235353865303832653430336133663666623863613131666430356230653036 +36626136353462653061396231646235363130303964633937346331333836353636616231363366 +36346665313433393430393334383039383561373133623139376639313331613136303439323366 +39376134636366303836666139323864313031633333653264366562633432666264343465393966 +30303833633633363132313661373037316663376434303066313366613563343362623333363664 +38363366386237303737343636373337393861336439643066333766623032373861386330633933 +34353332393665363437633333383737316663666462373036313236636261666536373535326534 +33306536653365643831633766393461633132616132393564383564336535643135633930643235 +3839 diff --git a/inventory/group_vars/accesspoints/main.yml b/inventory/group_vars/accesspoints/main.yml new file mode 100644 index 00000000..c85f05f5 --- /dev/null +++ b/inventory/group_vars/accesspoints/main.yml @@ -0,0 +1,129 @@ +--- +accesspoint_wired_interface: eth0 +accesspoint_wireless_device_paths: + 2g4: "platform/qca956x_wmac" + 5g: "pci0000:00/0000:00:00.0" + +accesspoint_wireless_frequencies: + - 2g4 + - 5g + + +accesspoint_network_base: + - name: globals 'globals' + options: + ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48" + + - name: interface 'loopback' + options: + ifname: lo + proto: static + ipaddr: 127.0.0.1 + netmask: 255.0.0.0 + + - name: interface 'mgmt' + options: + ifname: "{{ accesspoint_wired_interface }}.{{ network_zones.mgmt.vlan }}" + accept_ra: 0 + proto: static + ipaddr: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets[inventory_hostname]) | ipaddr('address') }}" + netmask: "{{ network_zones.mgmt.prefix | ipaddr('netmask') }}" + +accesspoint_network_zones: {} + + +accesspoint_wireless_devices: + - name: wifi-device 'radio5g' + options: + type: 'mac80211' + channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}" + hwmode: '11a' + country: AT + path: "{{ accesspoint_wireless_device_paths['5g'] }}" + htmode: 'VHT80' + + - name: wifi-device 'radio2g4' + options: + type: 'mac80211' + channel: "{{ accesspoint_wifi_channels['2g4'][inventory_hostname] }}" + hwmode: '11g' + country: AT + path: "{{ accesspoint_wireless_device_paths['2g4'] }}" + htmode: 'HT20' + +accesspoint_wireless_ifaces: {} + + +openwrt_variant: openwrt +openwrt_release: 18.06.1 +openwrt_arch: ar71xx +openwrt_target: generic +openwrt_profile: ubnt-unifiac-lite +openwrt_output_image_suffixes: + - "generic-{{ openwrt_profile }}-squashfs-sysupgrade.bin" + +openwrt_packages_remove: + - ppp + - ppp-mod-pppoe + - dnsmasq + - firewall + - odhcpd + - odhcpd-ipv6only +openwrt_packages_add: + - haveged + - htop + - ip + - less + - nano + - tcpdump-mini + + +openwrt_mixin: + /etc/sysctl.conf: + content: | + # Defaults are configured in /etc/sysctl.d/* and can be customized in this file + # + # disable IP forwarding, we don't need it since we are + # only an AP that bridges VLANs to Wifi SSIDs + net.ipv4.conf.default.forwarding=0 + net.ipv4.conf.all.forwarding=0 + net.ipv4.ip_forward=0 + net.ipv6.conf.default.forwarding=0 + net.ipv6.conf.all.forwarding=0 + + /etc/dropbear/authorized_keys: + content: "{{ ssh_keys_root | join('\n') }}\n" + + /etc/htoprc: + file: "{{ global_files_dir }}/common/htoprc" + + +openwrt_uci: + system: + - name: system + options: + hostname: '{{ inventory_hostname }}' + timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' + ttylogin: '0' + log_size: '64' + urandom_seed: '0' + + - name: timeserver 'ntp' + options: + enabled: '1' + enable_server: '0' + server: + - '0.lede.pool.ntp.org' + - '1.lede.pool.ntp.org' + - '2.lede.pool.ntp.org' + - '3.lede.pool.ntp.org' + + dropbear: + - name: dropbear + options: + PasswordAuth: 'off' + RootPasswordAuth: 'off' + Port: '22000' + + network: "{{ accesspoint_network_base + accesspoint_network_zones }}" + wireless: "{{ accesspoint_wireless_devices + accesspoint_wireless_ifaces }}" diff --git a/inventory/group_vars/ele-ap/main.yml b/inventory/group_vars/ele-ap/main.yml index df5806ea..09426e2a 100644 --- a/inventory/group_vars/ele-ap/main.yml +++ b/inventory/group_vars/ele-ap/main.yml @@ -1,6 +1,6 @@ --- accesspoint_wifi_channels: - 2.4g: + 2g4: ele-ap-forum0: 3 ele-ap-forum1: 8 ele-ap-forum2: 13 @@ -17,45 +17,19 @@ accesspoint_wifi_channels: accesspoint_zones: lan: - ssid: "elevate staff" + ssid: "elevate Staff" encryption: "psk2" key: "{{ vault_ele_ap.accesspoint_zones.lan.key }}" guest: - ssid: "elevate public" + ssid: "elevate Public" encryption: "psk2" key: "{{ vault_ele_ap.accesspoint_zones.guest.key }}" infoscreens: - ssid: "elevate infoscreens" + ssid: "elevate Infoscreens" encryption: "psk2" key: "{{ vault_ele_ap.accesspoint_zones.infoscreens.key }}" - -accesspoint_wired_interface: eth0 -accesspoint_wireless_device_paths: - 2.4g: "platform/qca956x_wmac" - 5g: "pci0000:00/0000:00:00.0" - -accesspoint_network_base: - - name: globals 'globals' - options: - ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48" - - - name: interface 'loopback' - options: - ifname: lo - proto: static - ipaddr: 127.0.0.1 - netmask: 255.0.0.0 - - - name: interface 'mgmt' - options: - ifname: "{{ accesspoint_wired_interface }}.{{ network_zones.mgmt.vlan }}" - accept_ra: 0 - proto: static - ipaddr: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets[inventory_hostname]) | ipaddr('address') }}" - netmask: "{{ network_zones.mgmt.prefix | ipaddr('netmask') }}" - accesspoint_network_zones: "{{ accesspoint_network_zones_yaml | from_yaml }}" accesspoint_network_zones_yaml: | {% for zone_name in accesspoint_zones.keys() %} @@ -68,33 +42,10 @@ accesspoint_network_zones_yaml: | {% endfor %} -accesspoint_wireless_devices: - - name: wifi-device 'radio5g' - options: - type: 'mac80211' - channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}" - hwmode: '11a' - country: AT - path: "{{ accesspoint_wireless_device_paths['5g'] }}" - htmode: 'VHT80' - - - name: wifi-device 'radio2g4' - options: - type: 'mac80211' - channel: "{{ accesspoint_wifi_channels['2.4g'][inventory_hostname] }}" - hwmode: '11g' - country: AT - path: "{{ accesspoint_wireless_device_paths['2.4g'] }}" - htmode: 'HT20' - - ## TODO: set up 802.11r see: ## * https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/ ## * https://gist.github.com/lg/998d3e908d547bd9972a6bb604df377b accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}" -accesspoint_wireless_frequencies: - - 2g4 - - 5g accesspoint_wireless_ifaces_yaml: | {% for zone in accesspoint_zones.keys() %} {% for freq in accesspoint_wireless_frequencies %} @@ -110,79 +61,3 @@ accesspoint_wireless_ifaces_yaml: | key: '{{ accesspoint_zones[zone].key }}' {% endfor %} {% endfor %} - - - -openwrt_variant: openwrt -openwrt_release: 18.06.1 -openwrt_arch: ar71xx -openwrt_target: generic -openwrt_profile: ubnt-unifiac-lite -openwrt_output_image_suffixes: - - "generic-{{ openwrt_profile }}-squashfs-sysupgrade.bin" - -openwrt_packages_remove: - - ppp - - ppp-mod-pppoe - - dnsmasq - - firewall - - odhcpd - - odhcpd-ipv6only -openwrt_packages_add: - - haveged - - htop - - ip - - less - - nano - - tcpdump-mini - - -openwrt_mixin: - /etc/sysctl.conf: - content: | - # Defaults are configured in /etc/sysctl.d/* and can be customized in this file - # - # disable IP forwarding, we don't need it since we are - # only an AP that bridges VLANs to Wifi SSIDs - net.ipv4.conf.default.forwarding=0 - net.ipv4.conf.all.forwarding=0 - net.ipv4.ip_forward=0 - net.ipv6.conf.default.forwarding=0 - net.ipv6.conf.all.forwarding=0 - - /etc/dropbear/authorized_keys: - content: "{{ ssh_keys_root | join('\n') }}\n" - - /etc/htoprc: - file: "{{ global_files_dir }}/common/htoprc" - - -openwrt_uci: - system: - - name: system - options: - hostname: '{{ inventory_hostname }}' - timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' - ttylogin: '0' - log_size: '64' - urandom_seed: '0' - - - name: timeserver 'ntp' - options: - enabled: '1' - enable_server: '0' - server: - - '0.lede.pool.ntp.org' - - '1.lede.pool.ntp.org' - - '2.lede.pool.ntp.org' - - '3.lede.pool.ntp.org' - - dropbear: - - name: dropbear - options: - PasswordAuth: 'off' - RootPasswordAuth: 'off' - Port: '22000' - - network: "{{ accesspoint_network_base + accesspoint_network_zones }}" - wireless: "{{ accesspoint_wireless_devices + accesspoint_wireless_ifaces }}" diff --git a/inventory/group_vars/elevate-festival/main.yml b/inventory/group_vars/elevate-festival/main.yml index 649335f7..82d8d4d1 100644 --- a/inventory/group_vars/elevate-festival/main.yml +++ b/inventory/group_vars/elevate-festival/main.yml @@ -25,12 +25,19 @@ network_zones: vlan: 42 prefix: 192.168.42.0/24 offsets: - ele-ap-forum0: 210 - ele-ap-forum1: 211 - ele-ap-forum2: 212 - ele-ap-dom0: 220 - ele-ap-kunsthaus0: 230 - ele-ap-orpheum0: 240 + ele-sw-spreadencoder: 1 + ele-sw-spreadmixer: 2 + ele-sw-forum0: 10 + ele-sw-forum1: 11 + ele-sw-dom0: 20 + ele-sw-kunsthaus0: 30 + ele-sw-orpheum0: 40 + ele-ap-forum0: 110 + ele-ap-forum1: 111 + ele-ap-forum2: 112 + ele-ap-dom0: 120 + ele-ap-kunsthaus0: 130 + ele-ap-orpheum0: 140 ele-router: 254 mixer: @@ -39,7 +46,7 @@ network_zones: offsets: kuschelbaer: 48 atem: 208 - x32: 216 + x32core: 216 infoscreens: vlan: 73 diff --git a/inventory/hosts.ini b/inventory/hosts.ini index d8616668..45529565 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -74,10 +74,11 @@ sk2016 host_name=2016 [ele-ap] -ele-ap-forum[0:2] +ele-ap-forum[0:1] +#ele-ap-forum[0:2] ele-ap-dom0 ele-ap-kunsthaus0 -ele-ap-orpheum0 +#ele-ap-orpheum0 [elevate:vars] host_domain=elevate.at @@ -121,8 +122,11 @@ k8s-test1 scaleway-kernel -### kubernetes cluster: emc +[accesspoints:children] +ele-ap + +### kubernetes cluster: emc [k8s-emc-encoder] #dione #helene @@ -150,7 +154,6 @@ k8s-emc ### kubernetes cluster: chaos - [k8s-chaos-master] k8s-test0 diff --git a/roles/openwrt/image/tasks/main.yml b/roles/openwrt/image/tasks/main.yml index 92e36c88..47a8793e 100644 --- a/roles/openwrt/image/tasks/main.yml +++ b/roles/openwrt/image/tasks/main.yml @@ -32,6 +32,11 @@ src: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/bin/targets/{{ openwrt_arch }}/{{ openwrt_target }}/{{ openwrt_output_image_name_base }}-{{ item }}" dest: "{{ openwrt_output_dir }}" + ## TODO: make this less ugly.. + - name: set output image names + set_fact: + openwrt_output_images: "{{ '[\"' + openwrt_output_dir + '/' + openwrt_output_image_name_base + '-' + (openwrt_output_image_suffixes | join('\", \"' + openwrt_output_dir + '/' + openwrt_output_image_name_base + '-')) + '\"]' }}" + always: - name: Delete the temporary build directory file: |