extern/innernet-playbook
1
0
Fork 1
mirror of https://git.fsfe.org/fsfe-system-hackers/innernet-playbook.git synced 2024-11-28 17:43:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

vastly increase idempotence; credits to max

Browse Source
This commit is contained in:
linus 2021-12-15 18:38:56 +01:00
parent 605a51018b
commit bd1807a604
3 changed files with 85 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
deploy.yml
View File

@ -5,10 +5,59 @@
--- ---
- hosts: innernet_server - hosts: innernet_server
remote_user: root remote_user: root
tasks:
- name: Query innernet-server for peers
shell: 'sqlite3 /var/lib/innernet-server/{{ network_name }}.db "select name from cidrs;"'
register: global_existing_cidrs
- name: CIDRs already registered on innernet-server
debug:
msg: "{{ item }}"
loop: "{{ global_existing_cidrs.stdout_lines }}"
- name: CIDRs defined in this playbook
debug:
msg: "{{ item.name }}"
loop: "{{ cidrs }}"
- name: These CIDRs have been added
debug:
msg: "{{ item.name }} is new!"
when: item.name not in global_existing_cidrs.stdout_lines
loop: "{{ cidrs }}"
- name: Query innernet-server for peers
shell: 'sqlite3 /var/lib/innernet-server/{{ network_name }}.db "select name from peers;"'
register: global_existing_peers
- name: Peers already registered on innernet-server
debug:
msg: "{{ item }}"
loop: "{{ global_existing_peers.stdout_lines }}"
- name: Peers defined in this playbook
debug:
msg: "{{ item.name }}"
loop: "{{ peers }}"
- name: These peers have been added
debug:
msg: "{{ item.name }} is new!"
when: item.name not in global_existing_peers.stdout_lines
loop: "{{ peers }}"
- hosts: innernet_server
remote_user: root
vars:
existing_peers: "{{ global_existing_peers.stdout_lines }}"
existing_cidrs: "{{ global_existing_cidrs.stdout_lines }}"
roles: roles:
- server - server
- hosts: innernet_client - hosts: innernet_client
remote_user: root remote_user: root
vars:
existing_peers: "{{ global_existing_peers.stdout_lines }}"
existing_cidrs: "{{ global_existing_cidrs.stdout_lines }}"
roles: roles:
- client - client

30
roles/client/tasks/main.yml
View File

@ -4,48 +4,50 @@
--- ---
- name: Install needed packages - name: Install needed packages
tags: [update]
apt: apt:
package: package:
- rsync - rsync
- wireguard - wireguard
- wireguard-tools - wireguard-tools
- name: Copy package to server - name: Copy package to host
tags: [update]
synchronize: synchronize:
src: "innernet.deb" src: "innernet.deb"
dest: "/tmp/innernet.deb" dest: "/tmp/innernet.deb"
- name: Install package - name: Install package
tags: [update]
apt: apt:
deb: "/tmp/innernet.deb" deb: "/tmp/innernet.deb"
update_cache: true
install_recommends: true install_recommends: true
- name: Copy non-admin invitation to servers - name: Copy non-admin invitation to hosts
synchronize: synchronize:
src: "{{ item.name }}.toml" src: "{{ item.name }}.toml"
dest: "/tmp/{{ item.name }}.toml" dest: "/tmp/{{ item.name }}.toml"
when: when:
- item.cidr == "machines" # is not existing
# NOTE innernet does not accept '.' in a name - item.name not in hostvars['kaim.fsfeurope.org'].global_existing_peers.stdout_lines
# only if filename contains a part of the hostname
- item.name in ansible_host|replace('.', '-') - item.name in ansible_host|replace('.', '-')
- item.name in added_peers.stdout loop: "{{ peers }}"
with_items: "{{ peers }}"
- name: Install non-admin invitation on servers - name: Install non-admin invitation on hosts
shell: | shell: |
innernet install /tmp/{{ item.name }}.toml \ innernet install /tmp/{{ item.name }}.toml \
--default-name \ --default-name \
--delete-invite --delete-invite
when: when:
- item.cidr == "machines" # is not existing
# NOTE innernet does not accept '.' in a name - item.name not in hostvars['kaim.fsfeurope.org'].global_existing_peers.stdout_lines
# only if filename contains a part of the hostname
- item.name in ansible_host|replace('.', '-') - item.name in ansible_host|replace('.', '-')
- item.name in added_peers.stdout loop: "{{ peers }}"
with_items: "{{ peers }}"
ignore_errors: true
- name: Enable innernet daemon - name: Enable innernet daemon
systemd: systemd:
name: "innernet@{{ network_name }}" name: "innernet@{{ network_name }}"
state: restarted state: started
daemon_reload: true

73
roles/server/tasks/main.yml
View File

@ -4,6 +4,7 @@
--- ---
- name: Install needed packages - name: Install needed packages
tags: [update]
apt: apt:
package: package:
- rsync - rsync
@ -11,54 +12,22 @@
- wireguard-tools - wireguard-tools
- name: Copy package to server - name: Copy package to server
tags: [never, update]
synchronize: synchronize:
src: "innernet-server.deb" src: "innernet-server.deb"
dest: "/tmp/innernet-server.deb" dest: "/tmp/innernet-server.deb"
- name: Install package - name: Install package
tags: [never, update]
apt: apt:
deb: "/tmp/innernet-server.deb" deb: "/tmp/innernet-server.deb"
update_cache: true
install_recommends: true install_recommends: true
- name: Copy relevant network var to host - name: Check if network is initialised
copy: stat:
content: "{{ network_name }}" path: "/var/lib/innernet-server/{{ network_name }}.db"
dest: /root/network.txt register: db_file
register: network_file
- name: Move old cidrs file
shell: mv cidrs.txt cidrs.txt.old
- name: Copy relevant cidrs var to host
template:
src: cidrs.j2
dest: /root/cidrs.txt
register: cidrs_file
- name: Get changed cidrs
shell: awk 'FNR==NR{old[$0];next};!($0 in old)' cidrs.txt.old cidrs.txt
register: added_cidrs
- name: Move old peers file
shell: mv peers.txt peers.txt.old
- name: Copy relevant peers var to host
template:
src: peers.j2
dest: /root/peers.txt
register: peers_file
- name: Get changed peers
shell: awk 'FNR==NR{old[$0];next};!($0 in old)' peers.txt.old peers.txt
register: added_peers
- name: "These CIDRs have been added"
debug:
msg: "{{ added_cidrs.stdout|from_yaml }}"
- name: "These peers have been added"
debug:
msg: "{{ added_peers.stdout|from_yaml }}"
- name: Create base network - name: Create base network
shell: | shell: |
@ -67,7 +36,7 @@
--network-cidr "{{ network_cidr }}" \ --network-cidr "{{ network_cidr }}" \
--external-endpoint "[{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}]:{{ network_listen_port }}" \ --external-endpoint "[{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}]:{{ network_listen_port }}" \
--listen-port {{ network_listen_port }} --listen-port {{ network_listen_port }}
when: network_file.changed when: not db_file.stat.exists
- name: Create CIDRs - name: Create CIDRs
shell: | shell: |
@ -76,10 +45,9 @@
--name "{{ item.name }}" \ --name "{{ item.name }}" \
--cidr "{{ item.cidr }}" \ --cidr "{{ item.cidr }}" \
--yes --yes
with_items: "{{ cidrs }}" loop: "{{ cidrs }}"
when: when:
- cidrs_file.changed - item.name not in existing_cidrs
- item.name in added_cidrs.stdout
- name: Create peers - name: Create peers
shell: | shell: |
@ -91,15 +59,9 @@
--invite-expires "14d" \ --invite-expires "14d" \
--auto-ip \ --auto-ip \
--yes --yes
with_items: "{{ peers }}" loop: "{{ peers }}"
ignore_errors: true
when: when:
- peers_file.changed - item.name not in existing_peers
- item.name in added_peers.stdout
- name: Delete empty files
shell: find . -maxdepth 1 -type f -empty -print -delete
ignore_errors: true
- name: Check for actual peer invitation files - name: Check for actual peer invitation files
shell: ls | grep .toml shell: ls | grep .toml
@ -117,10 +79,15 @@
dest: "{{ playbook_dir }}/roles/client/files/{{ item.name }}.toml" dest: "{{ playbook_dir }}/roles/client/files/{{ item.name }}.toml"
mode: pull mode: pull
when: toml_files.stdout.find(item.name) != -1 when: toml_files.stdout.find(item.name) != -1
with_items: "{{ peers }}" loop: "{{ peers }}"
- name: Make sure invitation files are absent on innernet-server - name: Make sure invitation files are absent on innernet-server
shell: "rm -rf /root/*.toml" file:
state: absent
path: "/root/{{ item.name }}.toml"
loop: "{{ peers }}"
when:
- item.name not in existing_peers
- name: Enable innernet-server daemon - name: Enable innernet-server daemon
systemd: systemd: