docs, config and ansible stuff for the "Erstaufnahmeeinrichtung Am Deutschen Platz"
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Go to file
Gregor Michels ea1cf9dc43
playbook_sysupgrade: fix fatal error on local connections
3 weeks ago
ansible-environment add venv for ansible 7 months ago
documentation add incident 033 about someone unplugging the wrong plug 3 weeks ago
files add mowoe as a maintainer 4 weeks ago
firmware playbook_sysupgrade.yml: add empty firmware directory into vcs 3 months ago
password-store also add mowoe into the password manager 4 weeks ago
roles add submodule "gekmihesg.openwrt" 3 months ago
templates gateways: move some configs into base 3 weeks ago
.gitignore new playbook: playbook_create_switch_configs_stock for ans 3 months ago
.gitmodules add submodule "gekmihesg.openwrt" 3 months ago
README.md README: update a few things 4 weeks ago
ansible-environment.txt venv: upgrade to ansible 6.1.0 6 months ago
ansible-inventory accesspoints: upgrade to OpenWrt 22.03 3 weeks ago
ansible.cfg add incident 025: ans steer clients into 5 GHz band 1 month ago
environment environment: also configure http(s) proxy and enter python venv 7 months ago
playbook_create_ssh_config.yml playbook_create_ssh_config: fix indentation of 'ProxyJump' 4 months ago
playbook_create_switch_configs_stock.yml new playbook: playbook_create_switch_configs_stock for ans 3 months ago
playbook_distribute_authorized_keys.yml playbook_distribute_authorized_keys: also set root pw on gw and aps 4 months ago
playbook_provision_accesspoints.yml accesspoints: enable lldp 3 weeks ago
playbook_provision_backbone.yml playbook_provision_backbone: configure backbone for ffl-ans-gw-core01 3 months ago
playbook_provision_eae-adp-jump01.yml fix typo: playbook_provision_eap -> playbook_provision_eae 3 months ago
playbook_provision_gateway.yml playbook_provision_gateway: add base file functionality 3 weeks ago
playbook_provision_hypervisor.yml rename playbook_provision_hyper01 -> playbook_provision_hypervisor 5 months ago
playbook_provision_monitoring.yml monitoring: install snmp_exporter 2 months ago
playbook_provision_switches.yml new playbook 'playbook_provision_switches' 3 months ago
playbook_sysupgrade.yml playbook_sysupgrade: fix fatal error on local connections 3 weeks ago

README.md

Freifunk Leipzig - Erstaufnahme Einrichtungen

This repo contains the config and documentation for our installations at

  • Am Deutschen Platz
  • Arno-Nitzsche-Straße

this is a work in progress

  • this repo was created for Am Deutschen Platz and was then reused for Arno-Nitzsche-Straße
  • therefore the ansible stuff is a bit smelly
  • there is a lot of documentation missing for the Arno-Nitzsche-Straße
  • ...

Usage

Requirements

  • pass (password manager)
  • pandoc (offline documentation generation)
  • python3 (ansible)
  • python3-venv (ansible)
  • rsync (ansible)

Initial Setup

  1. install requirements
  2. clone repo and change directory: git clone --recurse-submodules https://git.sr.ht/~hirnpfirsich/ffl-eae-adp && cd ffl-aea-adp
  3. create python3 virtual enviroment: python3 -m venv ansible-environment
  4. enter python3 virtual environment: . ansible-environment/bin/activate
  5. install ansible and dependencies: pip3 install -r ansible-environment.txt
  6. import all gpg keys for pass: gpg --import files/gpg/*
  7. trust all imported gpg keys: gpg --edit-key <id> with trust and 5 for every key
  8. create ssh_config with all hosts: ansible-playbook playbook_create_ssh_config.yml (use -e jumphost=eae-adp-jump01 to configure ssh to use eae-adp-jump01 as the jump host)
  9. leave python3 virtual environment: deactivate

Daily Usage

Before doing enything you need to enter the environment: . environment

After using playbook_create_ssh_config.yml you can call ssh simply with the name of the machine (ie. ssh gw-core01). The ssh_config file is generated from the ansible-inventory. Should something in the inventory change or you want to use/change the jumphost simply reexecute the playbook.

Passwords managed using pass. Simply call pass after sourcing the environment.

Monitoring

Initially we've deployed the monitoring on monitoring01 (that lives on hyper01 in Am Deutschen Platz).

After deploying the second camp we've decided to move the monitoring into the cloud. The new monitoring stack runs on eae-adp-jump01. Unfortunately prometheus crashes every few hours on openbsd. So there is a cronjob restarting prometheus every 2 hours on eae-adp-jump01.

As soon as someone finds the time we will move the monitoring stack onto a normal linux machine.

  • old monitoring: monitoring01 - 10.84.1.51
    • is not getting new configs via ansible
    • rocks an old version of the grafana dashboard
    • the facility management still has a link to this instance
  • new monitoring: eae-adp-jump01 - 10.84.254.0

Both stacks offer the following services:

  • prometheus: tcp/9090
  • alertmanager: tcp/9093
  • grafana: tcp/3000

Use ssh -D 8888 eae-adp-jump01 an configure this socks proxy in your favorite browser to visit the webguis.

Descriptions

  • environment: configure environment (path to pass store, http(s) socks proxy and python venv for ansible)
  • playbook_create_ssh_config.yml: playbook to create an additional ssh_config file (.ssh/ffl_eae_adp_config) that get's included in the default ssh_config
  • playbook_distribute_authorized_keys.yml: deploy files/authorized_keys on all machines
  • playbook_provision_accesspoints.yml: configure accesspoints
  • playbook_provision_backbone.yml: configure wg tunnel and ospf link between gw-core01 and eae-adp-jump01
  • playbook_provision_eap-adp-jump01.yml: general system configuration for eae-adp-jump01 (monitoring, routing, ...)
  • playbook_provision_hyper01.yml: general system configuration for hyper01 and create vms/containers
  • playbook_provision_monitoring.yml: configure and install prometheus and grafana on monitoring01