Merge branch 'master' into alfred-master

Vagrantfile

@@ -8,7 +8,9 @@ VAGRANTFILE_API_VERSION = "2"
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
  # Every Vagrant virtual environment requires a box to build off of.
- config.vm.box = "boxcutter/debian78-i386"
+ #config.vm.box = "boxcutter/debian78-i386" # wheezy 32bit
+ config.vm.box = "boxcutter/debian78" # wheezy 64bit
+ #config.vm.box = "boxcutter/debian81" # jessie 64bit
 
  config.vm.provider "virtualbox" do |vb|
  # Don't boot with headless mode

bootstrap.sh

@@ -7,7 +7,8 @@ set -x
 
 MACHINE=$1
 
-# optional: if you have brances in your own repo that should be merged add the repo here (example: 'https://github.com/...')
+# optional: if you have brances in your own repo that should be merged add the repo here
+# example: FFNORD_TESTING_REPO='https://github.com/ffnord/ffnord-puppet-gateway'
 FFNORD_TESTING_REPO=''
 # and add the branches here (komma separated):
 FFNORD_TESTING_BRANCHES=('')
@@ -16,16 +17,18 @@ SCRIPTPATH="/vagrant"
 MACHINE_PATH="$SCRIPTPATH/machines/${MACHINE}/"
 mkdir -p "$MACHINE_PATH"
 
+LSBDISTCODENAME='wheezy'
+
 cat > /etc/apt/sources.list << EOF
-deb http:https://ftp.de.debian.org/debian wheezy main
-deb-src http:https://ftp.de.debian.org/debian wheezy main
+deb http:https://ftp.de.debian.org/debian $LSBDISTCODENAME main
+deb-src http:https://ftp.de.debian.org/debian $LSBDISTCODENAME main
 
-deb http:https://security.debian.org/ wheezy/updates main contrib
-deb-src http:https://security.debian.org/ wheezy/updates main contrib
+deb http:https://security.debian.org/ $LSBDISTCODENAME/updates main contrib
+deb-src http:https://security.debian.org/ $LSBDISTCODENAME/updates main contrib
 
-# wheezy-updates, previously known as 'volatile'
-deb http:https://ftp.de.debian.org/debian wheezy-updates main contrib
-deb-src http:https://ftp.de.debian.org/debian wheezy-updates main contrib
+# $LSBDISTCODENAME-updates, previously known as 'volatile'
+deb http:https://ftp.de.debian.org/debian $LSBDISTCODENAME-updates main contrib
+deb-src http:https://ftp.de.debian.org/debian $LSBDISTCODENAME-updates main contrib
 EOF
 
 #Reconfigure apt so that it does not install additional packages
@@ -37,13 +40,26 @@ export DEBIAN_FRONTEND=noninteractive
 # comment this out, if you want to keep manuals, documentation and all locales in your machines
 #source $SCRIPTPATH/minify_debian.sh
 
+# setup locales
+export LANGUAGE=en_US.UTF-8
+export LANG=en_US.UTF-8
+export LC_ALL=en_US.UTF-8
+locale-gen en_US.UTF-8
+
 apt-get update
-apt-get install --no-install-recommends -y puppet git tcpdump mtr-tiny
+apt-get install --no-install-recommends -y puppet git tcpdump mtr-tiny apt-transport-https \
+ vim-puppet tcpdump dnsutils realpath screen htop mlocate tig sudo cmake libpcap-dev
 # optional apt-get install --no-install-recommends -y vim
 
-puppet module install puppetlabs-stdlib
+if [ $LSBDISTCODENAME != "wheezy" ]; then
+ apt-get install -y systemd-sysv libssl-dev
+ # TODO: solve this in puppet
+ modprobe ip_tables
+ modprobe nf_conntrack
+fi
+puppet module install puppetlabs-stdlib --version 4.15.0
 puppet module install puppetlabs-apt --version 1.5.1
-puppet module install puppetlabs-vcsrepo
+puppet module install puppetlabs-vcsrepo --version 1.3.2
 # usually installed on a gateway, but not needed in this example case:
 #puppet module install saz-sudo
 #puppet module install torrancew-account
@@ -77,10 +93,25 @@ service iptables-persistent save
 # comment this out, if you want to keep manuals, documentation and all locales in your machines
 #source $SCRIPTPATH/minify_debian.sh
 
-service alfred start
-/etc/init.d/fastd restart
+service openvpn restart
+
+if [ $LSBDISTCODENAME != "wheezy" ]; then
+ #workaround restart puppet run after openvpn restart
+ puppet apply manifest.pp --verbose
+fi
+
+service alfred restart
+service isc-dhcp-server restart
+service fastd restart
 
 : '####### Check for services if they are running correctly ######'
 SERVICES='(isc-dhcp-server|radvd|ntp|openvpn|rpcbind|fastd|bind9|bird6|bird|alfred|batadv-vis|named|tincd)'
 service --status-all 2>&1 | egrep $SERVICES
 pgrep -lf $SERVICES
+ps aux | egrep $SERVICES
+
+# download check-services
+wget https://raw.githubusercontent.com/rubo77/ffnord-puppet-gateway/check-services/files/usr/local/bin/check-services
+chmod +x check-services 
+./check-services
+echo "if check-services fails add MESH_CODE=ffgc to othe top"

machines/gc-gw0/manifest.pp

@@ -1,9 +1,23 @@
+package {
+ ['vim-puppet', 'tcpdump', 'dnsutils', 'realpath', 'screen', 'htop', 'mlocate', 'tig', 'sudo', 'mtr-tiny', 'cmake', 'libpcap-dev']:
+ ensure => installed;
+}
+
 class {
  'ffnord::params':
- router_id => "10.35.0.1",
- icvpn_as => "65035",
- wan_devices => ['eth0','eth1'],
-
+ router_id => "10.35.0.1", # The id of this router, probably the ipv4 address
+ # of the mesh device of the providing community
+ icvpn_as => "65035", # The as of the providing community
+ wan_devices => ['eth0','eth1'], # An array of devices which should be in the wan zone
+
+ wmem_default => 87380, # Define the default socket send buffer
+ wmem_max => 12582912, # Define the maximum socket send buffer
+ rmem_default => 87380, # Define the default socket recv buffer
+ rmem_max => 12582912, # Define the maximum socket recv buffer
+
+ gw_control_ips => "217.70.197.1 89.27.152.1 138.201.16.163 8.8.8.8", # Define target to ping against for function check
+
+ max_backlog => 5000, # Define the maximum packages in buffer
 }
 
 ffnord::mesh { 'mesh_ffgc':
@@ -22,19 +36,20 @@
  fastd_peers_git => '/vagrant/fastd/gc/',
 
  dhcp_ranges => [ '10.35.0.2 10.35.4.254' ],
- dns_servers => [ '10.35.5.1', '10.35.10.1', '10.35.15.1', '10.35.20.1' ],
+ dns_servers => [ '10.35.0.1' ],
 }
 
-ffnord::fastd { "ffgc_old":
- mesh_code => "ffgc",
- mesh_interface => "ffgc-old",
- mesh_mac => "de:ad:be:ef:fd:00",
- vpn_mac => "de:ad:be:ef:fc:00",
- mesh_mtu => 1426,
- fastd_secret => "/root/fastd_secret.conf",
- fastd_port => 10035,
- fastd_peers_git => '/vagrant/fastd/gc/'
-}
+#ffnord::fastd { "ffgc_old":
+# mesh_code => "ffgc",
+# mesh_interface => "ffgc-old",
+# mesh_mac => "de:ad:be:ef:fd:00",
+# vpn_mac => "de:ad:be:ef:fc:00",
+# mesh_mtu => 1426,
+# fastd_secret => "/root/fastd_secret.conf",
+# fastd_port => 10035,
+# fastd_verify => 'true',
+# fastd_peers_git => '/vagrant/fastd/gc/'
+#}
 
 ffnord::icvpn::setup { 'gotham_city0':
  icvpn_as => 65035,
@@ -49,9 +64,7 @@
  config => '/root/vpn-service'
 }
 
-class { 'ffnord::alfred': 
- master => true
-}
+#class { 'ffnord::alfred': master => true }
 
 class { 'ffnord::rsyslog': }
 

machines/gc-gw1/manifest.pp

@@ -1,9 +1,18 @@
 class {
  'ffnord::params':
- router_id => "10.35.5.1",
- icvpn_as => "65035",
- wan_devices => ['eth0','eth1'],
-
+ router_id => "10.35.5.1", # The id of this router, probably the ipv4 address
+ # of the mesh device of the providing community
+ icvpn_as => "65035", # The as of the providing community
+ wan_devices => ['eth0','eth1'], # An array of devices which should be in the wan zone
+
+ wmem_default => 87380, # Define the default socket send buffer
+ wmem_max => 12582912, # Define the maximum socket send buffer
+ rmem_default => 87380, # Define the default socket recv buffer
+ rmem_max => 12582912, # Define the maximum socket recv buffer
+
+ gw_control_ips => "217.70.197.1 89.27.152.1 138.201.16.163 8.8.8.8", # Define target to ping against for function check
+
+ max_backlog => 5000, # Define the maximum packages in buffer
 }
 
 ffnord::mesh { 'mesh_ffgc':
@@ -22,7 +31,7 @@
  fastd_peers_git => '/vagrant/fastd/gc/',
 
  dhcp_ranges => [ '10.35.5.2 10.35.9.254' ],
- dns_servers => [ '10.35.0.1', '10.35.10.1', '10.35.15.1', '10.35.20.1' ],
+ dns_servers => [ '10.35.5.1' ],
 }
 
 ffnord::fastd { "ffgc_old":
@@ -49,7 +58,7 @@
  config => '/root/vpn-service'
 }
 
-class { 'ffnord::alfred': }
+#class { 'ffnord::alfred': }
 
 class { 'ffnord::rsyslog': }
 

machines/gc-gw2/manifest.pp

@@ -1,8 +1,18 @@
 class {
  'ffnord::params':
- router_id => "10.35.10.1",
- icvpn_as => "65035",
- wan_devices => ['eth0','eth1'],
+ router_id => "10.35.10.1", # The id of this router, probably the ipv4 address
+ # of the mesh device of the providing community
+ icvpn_as => "65035", # The as of the providing community
+ wan_devices => ['eth0','eth1'], # An array of devices which should be in the wan zone
+
+ wmem_default => 87380, # Define the default socket send buffer
+ wmem_max => 12582912, # Define the maximum socket send buffer
+ rmem_default => 87380, # Define the default socket recv buffer
+ rmem_max => 12582912, # Define the maximum socket recv buffer
+
+ gw_control_ips => "217.70.197.1 89.27.152.1 138.201.16.163 8.8.8.8", # Define target to ping against for function check
+
+ max_backlog => 5000, # Define the maximum packages in buffer
 
 }
 
@@ -22,7 +32,7 @@
  fastd_peers_git => '/vagrant/fastd/gc/',
 
  dhcp_ranges => [ '10.35.10.2 10.35.14.254' ],
- dns_servers => [ '10.35.0.1', '10.35.5.1', '10.35.15.1', '10.35.20.1' ],
+ dns_servers => [ '10.35.10.1' ],
 }
 
 ffnord::fastd { "ffgc_old":
@@ -49,7 +59,7 @@
  config => '/root/vpn-service'
 }
 
-class { 'ffnord::alfred': }
+#class { 'ffnord::alfred': }
 
 class { 'ffnord::rsyslog': }
 

machines/gc-gw3/manifest.pp

@@ -1,9 +1,18 @@
 class {
  'ffnord::params':
- router_id => "10.35.15.1",
- icvpn_as => "65035",
- wan_devices => ['eth0','eth1'],
-
+ router_id => "10.35.15.1", # The id of this router, probably the ipv4 address
+ # of the mesh device of the providing community
+ icvpn_as => "65035", # The as of the providing community
+ wan_devices => ['eth0','eth1'], # An array of devices which should be in the wan zone
+
+ wmem_default => 87380, # Define the default socket send buffer
+ wmem_max => 12582912, # Define the maximum socket send buffer
+ rmem_default => 87380, # Define the default socket recv buffer
+ rmem_max => 12582912, # Define the maximum socket recv buffer
+
+ gw_control_ips => "217.70.197.1 89.27.152.1 138.201.16.163 8.8.8.8", # Define target to ping against for function check
+
+ max_backlog => 5000, # Define the maximum packages in buffer
 }
 
 ffnord::mesh { 'mesh_ffgc':
@@ -22,7 +31,7 @@
  fastd_peers_git => '/vagrant/fastd/gc/',
 
  dhcp_ranges => [ '10.35.15.2 10.35.19.254' ],
- dns_servers => [ '10.35.0.1', '10.35.5.1', '10.35.10.1', '10.35.20.1' ],
+ dns_servers => [ '10.35.15.1' ],
 }
 
 ffnord::fastd { "ffgc_old":
@@ -44,6 +53,6 @@
  tinc_keyfile => "/root/tinc_rsa_key.priv"
 }
 
-class { 'ffnord::alfred': }
+#class { 'ffnord::alfred': }
 
 class { 'ffnord::rsyslog': }

machines/gc-gw4/manifest.pp

@@ -1,9 +1,18 @@
 class {
  'ffnord::params':
- router_id => "10.35.20.1",
- icvpn_as => "65035",
- wan_devices => ['eth0','eth1'],
-
+ router_id => "10.35.20.1", # The id of this router, probably the ipv4 address
+ # of the mesh device of the providing community
+ icvpn_as => "65035", # The as of the providing community
+ wan_devices => ['eth0','eth1'], # An array of devices which should be in the wan zone
+
+ wmem_default => 87380, # Define the default socket send buffer
+ wmem_max => 12582912, # Define the maximum socket send buffer
+ rmem_default => 87380, # Define the default socket recv buffer
+ rmem_max => 12582912, # Define the maximum socket recv buffer
+
+ gw_control_ips => "217.70.197.1 89.27.152.1 138.201.16.163 8.8.8.8", # Define target to ping against for function check
+
+ max_backlog => 5000, # Define the maximum packages in buffer
 }
 
 ffnord::mesh { 'mesh_ffgc':
@@ -22,7 +31,7 @@
  fastd_peers_git => '/vagrant/fastd/gc/',
 
  dhcp_ranges => [ '10.35.20.2 10.35.24.254' ],
- dns_servers => [ '10.35.0.1', '10.35.5.1', '10.35.10.1', '10.35.15.1' ],
+ dns_servers => [ '10.35.20.1' ],
 }
 
 ffnord::fastd { "ffgc_old":
@@ -49,7 +58,7 @@
  config => '/root/vpn-service'
 }
 
-class { 'ffnord::alfred': }
+#class { 'ffnord::alfred': }
 
 class { 'ffnord::rsyslog': }