From 3b90b57bfcbc154757e93e73bb0e7fe71633c99e Mon Sep 17 00:00:00 2001 From: "max.mehl" Date: Thu, 3 Mar 2022 11:12:06 +0100 Subject: [PATCH] avoid duplicated 'name' for CIDRs and manual peers --- group_vars/all.yml | 26 ++++++-------------------- roles/client/tasks/main.yml | 3 ++- roles/server/tasks/main.yml | 11 ++++++----- 3 files changed, 14 insertions(+), 26 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index c38b682..e2dad1f 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -11,7 +11,6 @@ cidrs: ## 10.200.16.1 to 10.200.31.254 ## 4,096 usable IP addresses humans: - name: humans parent: fsfe cidr: 10.200.16.0/20 @@ -19,7 +18,6 @@ cidrs: ### 10.200.16.1 to 10.200.19.254 ### 1,024 usable IP addresses admins: - name: admins parent: humans cidr: 10.200.16.0/22 @@ -27,7 +25,6 @@ cidrs: ### 10.200.20.1 to 10.200.23.254 ### 1,024 usable IP addresses others: - name: others parent: humans cidr: 10.200.20.0/22 @@ -35,37 +32,26 @@ cidrs: ## 10.200.64.1 to 10.200.127.254 ## with 16,384 usable IP addresses machines: - name: machines parent: fsfe cidr: 10.200.64.0/18 -# key of the CIDR you want to use for the client role, +# name of the CIDR you want to use for the client role, # so automatically configured peers (typically VMs) machine_cidr: machines # Peers that are configured manually, typically humans. The created invitation # file will be stored on the controller machines and has to be imported on the -# person's computer manually. 'name' must consist of alphanumeric characters and -# dashes, no dots or similar! +# person's computer manually. +# * the key (e.g. "linus") is limited to alphanumeric chars and dashes, no dots +# * "cidr" is the name of the CIDR the user shall belong to +# * "admin" defines whether peer should be an admin (true/false). Default: false manual_peers: linus: - name: linus cidr: admins admin: true - max.mehl: - name: max-mehl + max-mehl: cidr: admins admin: true albert: - name: albert cidr: admins admin: true - -# humans > admins, e.g. -# - { "cidr": "admins", "name": "linus", "admin": "true" } -# humans > others, e.g. -# - { "cidr": "others", "name": "mk", "admin": "false" } -# - { "cidr": "others", "name": "fi", "admin": "false" } -# - { "cidr": "others", "name": "fani", "admin": "false" } -# machines, e.g. -# - { "cidr": "machines", "name": "cont1-plutex", "admin": "false" } diff --git a/roles/client/tasks/main.yml b/roles/client/tasks/main.yml index 3a52458..2da0e14 100644 --- a/roles/client/tasks/main.yml +++ b/roles/client/tasks/main.yml @@ -56,6 +56,7 @@ when: "'innernet' not in ansible_facts.packages or 'update' in ansible_run_tags" - name: Get existing peers from innernet-server database + tags: [peers] shell: 'sqlite3 /var/lib/innernet-server/{{ network_name }}.db "select name from peers;"' register: existing_peers delegate_to: "{{ innernet_server }}" @@ -73,7 +74,7 @@ vars: peer_name: "{{ innernet_client }}" # Value of the CIDR we defined as the CIDR for machines - peer_cidr: "{{ cidrs[machine_cidr]['name'] }}" + peer_cidr: "{{ machine_cidr }}" # machines are never admins peer_admin: "false" when: diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml index a37a50e..c1fb221 100644 --- a/roles/server/tasks/main.yml +++ b/roles/server/tasks/main.yml @@ -68,16 +68,17 @@ tags: [cidr] shell: | innernet-server add-cidr "{{ network_name }}" \ - --name "{{ item.value.name }}" \ + --name "{{ item.key }}" \ --parent "{{ item.value.parent }}" \ --cidr "{{ item.value.cidr }}" \ --yes loop: "{{ cidrs | dict2items }}" when: - - item.value.name not in existing_cidrs.stdout_lines + - item.key not in existing_cidrs.stdout_lines # Configure manually defined peers (mostly humans) - name: Get existing peers from innernet-server database + tags: [peers] shell: 'sqlite3 /var/lib/innernet-server/{{ network_name }}.db "select name from peers;"' register: existing_peers run_once: true @@ -89,12 +90,12 @@ apply: tags: [peers] vars: - peer_name: "{{ item.value.name }}" + peer_name: "{{ item.key }}" peer_cidr: "{{ item.value.cidr }}" - peer_admin: "{{ item.value.admin }}" + peer_admin: "{{ item.value.admin | default('false') }}" loop: "{{ manual_peers | dict2items }}" when: - - item.value.name not in existing_peers.stdout_lines + - item.key not in existing_peers.stdout_lines - name: Enable firewall and allow SSH tags: [listen_port, firewall]