From 630b0f012f1b6a579cffddfcf20f0574e5d21a9f Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 21 May 2018 23:36:18 +0200 Subject: [PATCH] make openwrt images for accesspoints (WIP) --- ansible/group_vars/accesspoints/main.yml | 71 ++++++++++++++++++++ ansible/group_vars/all/main.yml | 4 +- ansible/group_vars/openwrt/main.yml | 1 - ansible/host_playbooks/accesspoints.yml | 6 ++ ansible/host_vars/torwaechter/main.yml | 1 + ansible/hosts.ini | 8 +++ .../roles/localconfig/templates/ssh/10r3.conf.j2 | 12 ---- ansible/roles/openwrt-image/defaults/main.yml | 2 +- ansible/roles/openwrt-image/tasks/main.yml | 2 + ansible/roles/openwrt-image/tasks/prepare.yml | 4 +- 10 files changed, 93 insertions(+), 18 deletions(-) create mode 100644 ansible/group_vars/accesspoints/main.yml create mode 100644 ansible/host_playbooks/accesspoints.yml diff --git a/ansible/group_vars/accesspoints/main.yml b/ansible/group_vars/accesspoints/main.yml new file mode 100644 index 0000000..7992383 --- /dev/null +++ b/ansible/group_vars/accesspoints/main.yml @@ -0,0 +1,71 @@ +--- +openwrt_arch: ar71xx +openwrt_target: generic +openwrt_profile: ubnt-unifiac-lite +openwrt_output_image_suffixes: + - "generic-{{ openwrt_profile }}-squashfs-sysupgrade.bin" + +openwrt_mixin: + /etc/dropbear/authorized_keys: + content: |- + {% for key in noc_ssh_keys %} + {{ key }} + {% endfor %} + +openwrt_uci: + system: + - name: system + options: + hostname: '{{ inventory_hostname }}' + timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' + ttylogin: '0' + log_size: '64' + urandom_seed: '0' + + - name: timeserver 'ntp' + options: + enabled: '1' + enable_server: '0' + server: + - '0.lede.pool.ntp.org' + - '1.lede.pool.ntp.org' + - '2.lede.pool.ntp.org' + - '3.lede.pool.ntp.org' + + network: + - name: globals 'globals' + options: + ula_prefix: fdc9:e01f:83db::/48 + + - name: interface 'loopback' + options: + ifname: lo + proto: static + ipaddr: 127.0.0.1 + netmask: 255.0.0.0 + + - name: interface 'mgmt' + options: + type: bridge + ifname: "eth0.{{ net.mgmt.vlan }}" + accept_ra: 0 + proto: static + ipaddr: "{{ net.mgmt.prefix | ipaddr(net.mgmt.offsets.accesspoints + groups.accesspoints.index(inventory_hostname)) | ipaddr('address') }}" + netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}" + gateway: "{{ net.mgmt.gw }}" + dns: "{{ net.mgmt.dns | join(' ') }}" + dns_search: realraum.at + + - name: interface 'iot' + options: + type: bridge + ifname: "eth0.{{ net.iot.vlan }}" + accept_ra: 0 + proto: none + + - name: interface 'lan' + options: + type: bridge + ifname: "eth0.{{ net.lan.vlan }}" + accept_ra: 0 + proto: none diff --git a/ansible/group_vars/all/main.yml b/ansible/group_vars/all/main.yml index 1301aef..cd8f05d 100644 --- a/ansible/group_vars/all/main.yml +++ b/ansible/group_vars/all/main.yml @@ -1,7 +1,7 @@ --- # Build-related directories -global_cache_dir: "{{ inventory_dir }}/.cache/" -global_artifacts_dir: "{{ inventory_dir }}/files/" +global_cache_dir: "{{ inventory_dir }}/.cache" +global_artifacts_dir: "{{ inventory_dir }}/files" # Default credentials ## Root password; by default, undefined diff --git a/ansible/group_vars/openwrt/main.yml b/ansible/group_vars/openwrt/main.yml index b93d046..2337b9f 100644 --- a/ansible/group_vars/openwrt/main.yml +++ b/ansible/group_vars/openwrt/main.yml @@ -8,7 +8,6 @@ openwrt_packages_remove: openwrt_packages_add: - haveged - htop - - hwclock - ip - less - nano diff --git a/ansible/host_playbooks/accesspoints.yml b/ansible/host_playbooks/accesspoints.yml new file mode 100644 index 0000000..dd8b95a --- /dev/null +++ b/ansible/host_playbooks/accesspoints.yml @@ -0,0 +1,6 @@ +--- +- hosts: accesspoints + connection: local + roles: + - role: openwrt-image + delegate_to: localhost diff --git a/ansible/host_vars/torwaechter/main.yml b/ansible/host_vars/torwaechter/main.yml index 926b903..2a2316f 100644 --- a/ansible/host_vars/torwaechter/main.yml +++ b/ansible/host_vars/torwaechter/main.yml @@ -7,6 +7,7 @@ openwrt_output_image_suffixes: openwrt_packages_extra: - "-dropbear" + - hwclock - flashrom - git - kmod-usb-acm diff --git a/ansible/hosts.ini b/ansible/hosts.ini index 460ca5f..874f87e 100644 --- a/ansible/hosts.ini +++ b/ansible/hosts.ini @@ -19,6 +19,9 @@ gnocchi[0:1] metrics localconfig_ssh_config_user=root testvm localconfig_ssh_config_user=root +[net-zone-mgmt:children] +accesspoints + [net-zone-mgmt:vars] host_domain=mgmt.realraum.at @@ -62,10 +65,15 @@ virtualservers [desktops] wuerfel +[accesspoints] +ap[0:1] [openwrt] torwaechter +[openwrt:children] +accesspoints + [openwrt:vars] localconfig_ssh_config_user=root diff --git a/ansible/roles/localconfig/templates/ssh/10r3.conf.j2 b/ansible/roles/localconfig/templates/ssh/10r3.conf.j2 index 9389b94..73ed53c 100644 --- a/ansible/roles/localconfig/templates/ssh/10r3.conf.j2 +++ b/ansible/roles/localconfig/templates/ssh/10r3.conf.j2 @@ -24,18 +24,6 @@ Host {{ hostvars[host].ansible_host }} r3-{{ host }} r3g-{{ host }} r3e-{{ host Host gw.realraum.at r3-gw Hostname gw.realraum.at -Host ap0.mgmt.realraum.at r3g-ap0 - Hostname ap0.mgmt.realraum.at - User root - -Host ap1.mgmt.realraum.at r3g-ap1 - Hostname ap1.mgmt.realraum.at - User root - -Host ap2.mgmt.realraum.at r3g-ap2 - Hostname ap2.mgmt.realraum.at - User root - Host licht.realraum.at r3-licht r3g-licht r3e-licht Hostname licht.realraum.at User realraum diff --git a/ansible/roles/openwrt-image/defaults/main.yml b/ansible/roles/openwrt-image/defaults/main.yml index cb4427d..f00a2e8 100644 --- a/ansible/roles/openwrt-image/defaults/main.yml +++ b/ansible/roles/openwrt-image/defaults/main.yml @@ -2,7 +2,7 @@ openwrt_variant: lede openwrt_release: 17.01.4 openwrt_download_dir: "{{ global_cache_dir }}/openwrt" -openwrt_tarball_basename: "{{ openwrt_variant }}-imagebuilder-{{ openwrt_release }}-{{ openwrt_arch }}{% if openwrt_target != 'generic' %}-{{ openwrt_target }}{% endif %}.Linux-x86_64" +openwrt_tarball_basename: "{{ openwrt_variant }}-imagebuilder-{{ openwrt_release }}-{{ openwrt_arch }}-{{ openwrt_target }}.Linux-x86_64" openwrt_tarball_name: "{{ openwrt_tarball_basename }}.tar.xz" openwrt_target: generic diff --git a/ansible/roles/openwrt-image/tasks/main.yml b/ansible/roles/openwrt-image/tasks/main.yml index 5f9cc52..1781d9e 100644 --- a/ansible/roles/openwrt-image/tasks/main.yml +++ b/ansible/roles/openwrt-image/tasks/main.yml @@ -1,5 +1,6 @@ --- - include: fetch.yml + run_once: true when: openwrt_imgbuilder_tarball is not defined - block: @@ -19,6 +20,7 @@ - name: Build the OpenWrt image command: >- make -C {{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }} image + {% if openwrt_profile is defined %}PROFILE="{{ openwrt_profile }}" {% endif %} FILES="{{ openwrt_imgbuilder_files }}" PACKAGES="{{ openwrt_packages }}" {% if openwrt_extra_name is defined %} EXTRA_IMAGE_NAME="{{ openwrt_extra_name }}" {% endif %} diff --git a/ansible/roles/openwrt-image/tasks/prepare.yml b/ansible/roles/openwrt-image/tasks/prepare.yml index f403cad..b6b67c5 100644 --- a/ansible/roles/openwrt-image/tasks/prepare.yml +++ b/ansible/roles/openwrt-image/tasks/prepare.yml @@ -13,7 +13,7 @@ state: directory mode: '0755' with_items: - - "{{ openwrt_download_dir }}/dl" + - "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}" - "{{ openwrt_imgbuilder_files }}/etc/config" - "{{ openwrt_mixin | map('dirname') | map('regex_replace', '^', openwrt_imgbuilder_files) | unique | list }}" @@ -90,5 +90,5 @@ - name: Symlink the cache repository file: state: link - src: "{{ openwrt_download_dir }}/dl" + src: "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}" path: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/dl" -- 1.7.10.4