extern/innernet-playbook
1
0
Fork 1
mirror of https://git.fsfe.org/fsfe-system-hackers/innernet-playbook.git synced 2024-10-05 01:01:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

update README

Browse Source
This commit is contained in:
max.mehl 2022-03-03 17:43:17 +01:00
parent 75c2682bef
commit 1eb595bec2
No known key found for this signature in database
GPG Key ID: 2704E4AB371E2E92
1 changed files with 67 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
README.md
View File

@ -16,8 +16,15 @@ There is a need for some of our servers to connect to other IPv6-only hosts. Sin
![An overview](fsfe-innernet.png)
You can learn more about innernet by looking at its [source code](./innernet-src) or reading this informative [blog post](https://blog.tonari.no/introducing-innernet) of its creator.
# Preparation
## Requirements
* A somewhat recent version of `ansible`
* `git`
## Clone the repo
```bash
@ -25,39 +32,47 @@ git clone --recurse-submodules git@git.fsfe.org:fsfe-system-hackers/innernet-pla
cd innernet-playbook
```
## Build binaries from submodule at `./innernet-src`
# Deployment
Since [innernet](https://github.com/tonarino/innernet) is new software, it is not yet included in the Debian repositories. Thus, before running the playbook we need to build the `innernet` and `innernet-server` binaries. At the moment, we are using `1.5.1`, but you can choose any other available version by setting the environment variable accordingly. Please also note that you need [`cargo-deb`](https://github.com/kornelski/cargo-deb) installed to successfully compile the Debian packages.
In the scope of this playbook and its roles, we have three different categories of computers:
```bash
./build-debs.sh
```
1. The innernet server, being the central connector of all innernet peers
2. Automatically managed machines that are innernet peers, mostly VMs
3. Manually managed peers, for example admins and other humans
You can learn more about innernet by looking at its [source code](./innernet-src) or reading this informative [blog post](https://blog.tonari.no/introducing-innernet) of its creator.
## Configure server and all clients
## Preparing `ansible`
To ensure this playbook works on different machines, [pipenv](https://pipenv.pypa.io/en/latest/) is used to pin the version of `ansible`. So, to use the same version of Ansible that this playbook was tested with, simply run:
```bash
pipenv install --dev # for developing or
pipenv install # for simply running this playbook
pipenv shell
```
Now, you should be in a shell that is running the correct version of the `ansible` and `ansible-playbook` executable.
## Execution
### Run the playbook
Run the whole playbook to configure everything. For the innernet server and
automatically managed machines, all will be handled. For the manually managed
peers, you will be given an invitation file.
```bash
ansible-playbook deploy.yml
```
## Add a new machine
In order to add e.g. a virtual machine to the networks, run these steps:
1. In the inventory, add the `innernet_client` group to the host
2. Run the playbook with `ansible-playbook -l newserver.org deploy.yml`
This will configure both the necessary parts on the server and the new machine.
## Add a new manually managed peer
In order to add a new human or otherwise manually managed innernet peer, run
these steps:
1. In `all.yml`, add a new entry for `manual_peers`
2. Run the playbook with `ansible-playbook -l innernet_server deploy.yml`
3. Install innernet and import the invitation file on the new peer's computer
(see below). They are in `roles/client/files/` then.
### Distribute the invitation files
Some invitation files are for humans, so you need to send these files to them securely. I suggest using someting like `wormohle`.
Some invitation files are for humans, so you need to send these files to them
securely. We suggest using someting like `wormohle`.
```bash
sudo apt install magic-wormhole
@ -65,8 +80,35 @@ cd roles/client/files
wormhole send <name_of_peer>.toml
```
### Associations
# Update
Please be aware that the `admins` CIDR [is associated](https://github.com/tonarino/innernet#adding-associations-between-cidrs) with all other CIDRs (i.e. `humans > others` and `machines`).
Since [innernet](https://github.com/tonarino/innernet) is new software, it is
not yet included in the Debian repositories. Thus, before running the playbook
we need to build the `innernet` and `innernet-server` binaries.
## Development
In order to switch to a newer version of innernet, run the following steps:
1. Check out the desired tag in the `innernet-src` submodule
2. Run the build script: `./build-debs.sh`
3. Run the playbook with `ansible-playbook -t update deploy.yml`
# Associations
The different CIDRs can have [associations](https://github.com/tonarino/innernet#adding-associations-between-cidrs), e.g. so that admins can access
machines, although they are not in the same subnet.
These have to be configure by an admin!
Currently, the `admins` CIDR is associated with all other CIDRs (i.e. `humans` >
`others` and `machines`).
# Ansible tags
Some tags allow you to specify just certain operations. Here are the currently
available ones:
* `cidr`: configure CIDRs
* `update`: update the innernet binaries
* `firewall`: configure firewall settings
* `listen_port`: edit/set the listen port between server and clients
* `uninstall`: delete innernet configuration and packages from systems