Freifunk-Leipzig
/
eae-am-deutschen-platz
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
docs, config and ansible stuff for the "Erstaufnahmeeinrichtung Am Deutschen Platz"
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
258 Commits
4 Branches
0 Tags
2.3 MiB
Jinja 63.8%
Lua 20.2%
Shell 16%
 
 
 
master
add_site_ans
prettify_jumphost_ansible
replace_gw-core01
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
Gregor Michels eadcf6f296 monitoring: extend ifInErrors alert to non-snmp devices 
also automatically clear alarm after 2 hours because linux devices have
no way to clear the nic error counters
 		1 month ago
ansible-environment add venv for ansible 11 months ago
documentation add incident 045 about a fibre cut in ANS 1 month ago
files monitoring: extend ifInErrors alert to non-snmp devices 1 month ago
firmware playbook_sysupgrade.yml: add empty firmware directory into vcs 7 months ago
group_vars accesspoints: add new type aruba-ap-303 4 months ago
password-store add pw for new hardware offloader (ffl node id 1669) (for ans) 3 months ago
roles add submodule "gekmihesg.openwrt" 7 months ago
templates gw-core01: fix broken mgmt tunnel 2 months ago
.gitignore new playbook: playbook_create_switch_configs_stock for ans 7 months ago
.gitmodules add submodule "gekmihesg.openwrt" 7 months ago
README.md README: update a few things 5 months ago
ansible-environment.txt venv: upgrade to ansible 6.1.0 10 months ago
ansible-inventory rgs wifi: improve RSSI for clients by increasing tx power 3 months ago
ansible.cfg add incident 025: ans steer clients into 5 GHz band 5 months ago
environment environment: also configure http(s) proxy and enter python venv 11 months ago
playbook_create_ssh_config.yml playbook_create_ssh_config: fix indentation of 'ProxyJump' 8 months ago
playbook_create_switch_configs_stock.yml playbook_create_switch_configs_stock: prepare for other stock firmwares 5 months ago
playbook_distribute_authorized_keys.yml playbook_distribute_authorized_keys: also set root pw on gw and aps 8 months ago
playbook_provision_accesspoints.yml accesspoints: expose airtime information 3 months ago
playbook_provision_backbone.yml playbook_provision_backbone: configure backbone for ffl-ans-gw-core01 7 months ago
playbook_provision_eae-adp-jump01.yml fix typo: playbook_provision_eap -> playbook_provision_eae 7 months ago
playbook_provision_gateway.yml playbook_provision_gateway: add base file functionality 5 months ago
playbook_provision_hypervisor.yml rename playbook_provision_hyper01 -> playbook_provision_hypervisor 9 months ago
playbook_provision_monitoring.yml monitoring: install snmp_exporter 6 months ago
playbook_provision_switches.yml new playbook 'playbook_provision_switches' 7 months ago
playbook_sysupgrade.yml playbook_sysupgrade: fix fatal error on local connections 5 months ago

README.md

Freifunk Leipzig - Erstaufnahme Einrichtungen

This repo contains the config and documentation for our installations at

  • Am Deutschen Platz
  • Arno-Nitzsche-Straße

this is a work in progress

  • this repo was created for Am Deutschen Platz and was then reused for Arno-Nitzsche-Straße
  • therefore the ansible stuff is a bit smelly
  • there is a lot of documentation missing for the Arno-Nitzsche-Straße
  • ...

Quick Links

Usage

Requirements

  • pass (password manager)
  • pandoc (offline documentation generation)
  • python3 (ansible)
  • python3-venv (ansible)
  • rsync (ansible)

Initial Setup

  1. install requirements
  2. clone repo and change directory: git clone --recurse-submodules https://git.sr.ht/~hirnpfirsich/ffl-eae-adp && cd ffl-aea-adp
  3. create python3 virtual enviroment: python3 -m venv ansible-environment
  4. enter python3 virtual environment: . ansible-environment/bin/activate
  5. install ansible and dependencies: pip3 install -r ansible-environment.txt
  6. import all gpg keys for pass: gpg --import files/gpg/*
  7. trust all imported gpg keys: gpg --edit-key <id> with trust and 5 for every key
  8. create ssh_config with all hosts: ansible-playbook playbook_create_ssh_config.yml (use -e jumphost=eae-adp-jump01 to configure ssh to use eae-adp-jump01 as the jump host)
  9. leave python3 virtual environment: deactivate

Daily Usage

Before doing enything you need to enter the environment: . environment

After using playbook_create_ssh_config.yml you can call ssh simply with the name of the machine (ie. ssh gw-core01). The ssh_config file is generated from the ansible-inventory. Should something in the inventory change or you want to use/change the jumphost simply reexecute the playbook.

Passwords managed using pass. Simply call pass after sourcing the environment.

Monitoring

Initially we've deployed the monitoring on monitoring01 (that lives on hyper01 in Am Deutschen Platz).

After deploying the second camp we've decided to move the monitoring into the cloud. The new monitoring stack runs on eae-adp-jump01. Unfortunately prometheus crashes every few hours on openbsd. So there is a cronjob restarting prometheus every 2 hours on eae-adp-jump01.

As soon as someone finds the time we will move the monitoring stack onto a normal linux machine.

  • old monitoring: monitoring01 - 10.84.1.51
    • is not getting new configs via ansible
    • rocks an old version of the grafana dashboard
    • the facility management still has a link to this instance
  • new monitoring: eae-adp-jump01 - 10.84.254.0

Both stacks offer the following services:

  • prometheus: tcp/9090
  • alertmanager: tcp/9093
  • grafana: tcp/3000

Use ssh -D 8888 eae-adp-jump01 an configure this socks proxy in your favorite browser to visit the webguis.

Descriptions

  • environment: configure environment (path to pass store, http(s) socks proxy and python venv for ansible)
  • playbook_create_ssh_config.yml: playbook to create an additional ssh_config file (.ssh/ffl_eae_adp_config) that get's included in the default ssh_config
  • playbook_distribute_authorized_keys.yml: deploy files/authorized_keys on all machines
  • playbook_provision_accesspoints.yml: configure accesspoints
  • playbook_provision_backbone.yml: configure wg tunnel and ospf link between gw-core01 and eae-adp-jump01
  • playbook_provision_eap-adp-jump01.yml: general system configuration for eae-adp-jump01 (monitoring, routing, ...)
  • playbook_provision_hyper01.yml: general system configuration for hyper01 and create vms/containers
  • playbook_provision_monitoring.yml: configure and install prometheus and grafana on monitoring01