Compare commits
31 Commits
ea1cf9dc43
...
a236643969
Author | SHA1 | Date |
---|---|---|
Gregor Michels | a236643969 | |
Gregor Michels | 191b7f2a77 | |
Gregor Michels | b621e8dd48 | |
Gregor Michels | 01c9fa2317 | |
Gregor Michels | 23dba0c340 | |
Gregor Michels | eaeb360e6c | |
Gregor Michels | 72df3338d3 | |
Gregor Michels | 8fa87485ff | |
Gregor Michels | 220bb149c8 | |
Gregor Michels | 7b452966d2 | |
Gregor Michels | 68ee430145 | |
Gregor Michels | 3e7178b5ec | |
Gregor Michels | 473d7aa05a | |
Gregor Michels | c7989547aa | |
Gregor Michels | 767f76e13e | |
Gregor Michels | fe220194f9 | |
Gregor Michels | 2962a08be7 | |
Gregor Michels | 77454046b8 | |
Gregor Michels | a837a2b916 | |
Gregor Michels | e3793d07a8 | |
Gregor Michels | fe8d3b5dec | |
Gregor Michels | 3ec08cb017 | |
Gregor Michels | 67db4a7521 | |
Gregor Michels | bdc70d629b | |
Gregor Michels | a23c6dc488 | |
Gregor Michels | e750db6783 | |
Gregor Michels | 2d74d25dfc | |
Gregor Michels | 718bdb4594 | |
Gregor Michels | 0edf72cb66 | |
Gregor Michels | c40e49d645 | |
Gregor Michels | 6524149a48 |
|
@ -21,23 +21,70 @@ ap-b634 ip=10.85.1.37 location=tent-3 channel_2g=1 channel_5g=116 txpo
|
|||
ap-b6cc ip=10.85.1.39 location=tent-3 channel_2g=6 channel_5g=40 txpower_2g=15 txpower_5g=20
|
||||
ap-b682 ip=10.85.1.40 location=tent-3 channel_2g=11 channel_5g=64 txpower_2g=15 txpower_5g=20
|
||||
|
||||
ap-116e ip=10.86.1.31 location=p203 disable_2g=1 channel_5g=48 txpower_2g=17 txpower_5g=20
|
||||
ap-11c4 ip=10.86.1.32 location=office-security channel_2g=1 channel_5g=36 txpower_2g=17 txpower_5g=20
|
||||
ap-1202 ip=10.86.1.33 location=p201 disable_2g=1 channel_5g=153 txpower_2g=17 txpower_5g=20
|
||||
ap-12a8 ip=10.86.1.34 location=p104 channel_2g=11 channel_5g=60 txpower_2g=17 txpower_5g=20
|
||||
ap-13ac ip=10.86.1.35 location=p106 disable_2g=1 channel_5g=116 txpower_2g=17 txpower_5g=20
|
||||
ap-144c ip=10.86.1.36 location=p108 channel_2g=1 channel_5g=140 txpower_2g=17 txpower_5g=20
|
||||
ap-12c2 ip=10.86.1.37 location=p207 disable_2g=1 channel_5g=128 txpower_2g=17 txpower_5g=20
|
||||
ap-16bc ip=10.86.1.38 location=p205 channel_2g=6 channel_5g=104 txpower_2g=17 txpower_5g=20
|
||||
ap-1374 ip=10.86.1.39 location=kitchen-og disable_2g=1 channel_5g=153 txpower_2g=17 txpower_5g=20
|
||||
|
||||
[accesspoints:vars]
|
||||
ansible_remote_tmp=/tmp
|
||||
garet_profile=aruba-ap-105_22.03
|
||||
garet_release=9974455
|
||||
|
||||
[aptype_aruba_ap_303]
|
||||
ap-11c4
|
||||
ap-116e
|
||||
ap-1202
|
||||
ap-12a8
|
||||
ap-13ac
|
||||
ap-144c
|
||||
ap-12c2
|
||||
ap-16bc
|
||||
ap-1374
|
||||
|
||||
[aptype_aruba_ap_105]
|
||||
ap-c5d1
|
||||
ap-ac7c
|
||||
ap-8f42
|
||||
ap-0b99
|
||||
ap-c495
|
||||
ap-2bbf
|
||||
ap-1a38
|
||||
ap-8f39
|
||||
ap-1293
|
||||
ap-b62f
|
||||
ap-b656
|
||||
ap-b6ee
|
||||
ap-b5df
|
||||
ap-b6cb
|
||||
ap-b641
|
||||
ap-b6d7
|
||||
ap-b644
|
||||
ap-b634
|
||||
ap-b6cc
|
||||
ap-b682
|
||||
|
||||
[switches]
|
||||
sw-access01 ip=10.84.1.11 base_mac=bc:cf:4f:e3:bb:8d
|
||||
sw-access02 ip=10.84.1.12 base_mac=bc:cf:4f:e3:ac:39
|
||||
sw-access01 ip=10.84.1.11 base_mac=bc:cf:4f:e3:bb:8d location=office-social2
|
||||
sw-access02 ip=10.84.1.12 base_mac=bc:cf:4f:e3:ac:39 location=tent-5
|
||||
sw-access04 ip=10.84.1.14 base_mac=5c:e2:8c:6a:7f:cc location=tent-2
|
||||
|
||||
[switches_stock]
|
||||
ffl-ans-sw-distribution01 ip=10.85.1.11 base_mac=5c:e2:8c:60:82:fb
|
||||
ffl-ans-sw-access01 ip=10.85.1.12 base_mac=04:bf:6d:15:c6:b3
|
||||
ffl-ans-sw-access02 ip=10.85.1.13 base_mac=04:bf:6d:15:c6:92
|
||||
ffl-ans-sw-distribution01 ip=10.85.1.11 base_mac=5c:e2:8c:60:82:fb sw_type=gs1900-10hp location=office-facility
|
||||
ffl-ans-sw-access01 ip=10.85.1.12 base_mac=04:bf:6d:15:c6:b3 sw_type=gs1900-10hp location=tent-1
|
||||
ffl-ans-sw-access02 ip=10.85.1.13 base_mac=04:bf:6d:15:c6:92 sw_type=gs1900-10hp location=tent-2
|
||||
sax-rgs-sw-access01 ip=10.86.1.11 sw_type=s2800s-8t2f-p location=p104
|
||||
sax-rgs-sw-access02 ip=10.86.1.12 sw_type=s2800s-8t2f-p location=p204
|
||||
|
||||
[gateways]
|
||||
gw-core01 ip=10.84.1.1
|
||||
ffl-ans-gw-core01 ip=10.85.1.1
|
||||
sax-rgs-gw-core01 ip=10.86.1.1 garet_profile=sophos-sg-xxx_22.03 garet_release=601bc29
|
||||
|
||||
[gateways:vars]
|
||||
ansible_remote_tmp=/tmp
|
||||
|
@ -73,6 +120,7 @@ ap-8f39
|
|||
ap-1293
|
||||
sw-access01
|
||||
sw-access02
|
||||
sw-access04
|
||||
gw-core01
|
||||
hyper01
|
||||
monitoring01
|
||||
|
@ -113,3 +161,27 @@ backoffice_wifi_encryption=psk2
|
|||
backoffice_wifi_psk="{{ lookup('passwordstore', 'wifi/GU_Arno-Nitzsche-Straße_Backoffice') }}"
|
||||
mgmt_gateway=10.85.1.1
|
||||
site=ans
|
||||
|
||||
[site_rgs]
|
||||
sax-rgs-sw-access01
|
||||
sax-rgs-sw-access02
|
||||
sax-rgs-gw-core01
|
||||
ap-11c4
|
||||
ap-116e
|
||||
ap-1202
|
||||
ap-12a8
|
||||
ap-13ac
|
||||
ap-144c
|
||||
ap-12c2
|
||||
ap-16bc
|
||||
ap-1374
|
||||
|
||||
[site_rgs:vars]
|
||||
wifi_ssid="{{ lookup('passwordstore', 'wifi/site_rgs_ssid') }}"
|
||||
wifi_encryption=none
|
||||
wifi_disabled=0
|
||||
backoffice_wifi_ssid="{{ lookup('passwordstore', 'wifi/site_rgs_backoffice_ssid') }}"
|
||||
backoffice_wifi_encryption=psk2
|
||||
backoffice_wifi_psk="{{ lookup('passwordstore', 'wifi/site_rgs_backoffice') }}"
|
||||
mgmt_gateway=10.86.1.1
|
||||
site=rgs
|
||||
|
|
|
@ -31,4 +31,7 @@ area 0.0.0.0 {
|
|||
interface wg2 {
|
||||
type p2p
|
||||
}
|
||||
interface wg3 {
|
||||
type p2p
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
# allow incoming udp packets for wg3
|
||||
pass in proto udp from any to self port 51823
|
||||
|
||||
# allow ospf on wg3
|
||||
pass on wg3 proto ospf
|
||||
|
||||
# allow prometheus on wg3
|
||||
pass on wg3 proto tcp from any to self port 9100
|
||||
|
||||
# allow outgoing snmp on wg3
|
||||
pass out on wg3 proto udp from self to any port snmp
|
|
@ -7,6 +7,9 @@ local function scrape()
|
|||
local metric_wifi_network_noise = metric("wifi_network_noise_dbm","gauge")
|
||||
local metric_wifi_network_signal = metric("wifi_network_signal_dbm","gauge")
|
||||
local metric_wifi_clients = metric("wifi_network_clients", "gauge")
|
||||
local metric_wifi_airtime_total = metric("wifi_network_airtime_total", "gauge")
|
||||
local metric_wifi_airtime_busy = metric("wifi_network_airtime_busy", "gauge")
|
||||
local metric_wifi_airtime_utilization = metric("wifi_network_airtime_utilization", "gauge")
|
||||
|
||||
local u = ubus.connect()
|
||||
local status = u:call("network.wireless", "status", {})
|
||||
|
@ -19,7 +22,7 @@ local function scrape()
|
|||
local labels = {
|
||||
channel = iw.channel(ifname),
|
||||
ssid = iw.ssid(ifname),
|
||||
bssid = iw.bssid(ifname),
|
||||
bssid = string.lower(iw.bssid(ifname)),
|
||||
mode = iw.mode(ifname),
|
||||
ifname = ifname,
|
||||
country = iw.country(ifname),
|
||||
|
@ -37,11 +40,16 @@ local function scrape()
|
|||
local wifi_clients = 0
|
||||
for _ in pairs(iw.assoclist(ifname)) do wifi_clients = wifi_clients +1 end
|
||||
|
||||
local hostapd_status = u:call("hostapd." .. ifname, "get_status", {})
|
||||
|
||||
metric_wifi_network_quality(labels, quality)
|
||||
metric_wifi_network_noise(labels, iw.noise(ifname) or 0)
|
||||
metric_wifi_network_bitrate(labels, iw.bitrate(ifname) or 0)
|
||||
metric_wifi_network_signal(labels, iw.signal(ifname) or -255)
|
||||
metric_wifi_clients(labels, wifi_clients)
|
||||
metric_wifi_airtime_total(labels, hostapd_status.airtime.time)
|
||||
metric_wifi_airtime_busy(labels, hostapd_status.airtime.time_busy)
|
||||
metric_wifi_airtime_utilization(labels, hostapd_status.airtime.utilization)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
radios:
|
||||
radio0:
|
||||
type: "mac80211"
|
||||
path: "pci0000:00/0000:00:11.0"
|
||||
band: "2g"
|
||||
htmode: "HT20"
|
||||
radio1:
|
||||
type: "mac80211"
|
||||
path: "pci0000:00/0000:00:12.0"
|
||||
band: "5g"
|
||||
htmode: "HT20"
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
radios:
|
||||
radio0:
|
||||
type: "mac80211"
|
||||
path: "platform/soc/a000000.wifi"
|
||||
band: "2g"
|
||||
htmode: "HT20"
|
||||
radio1:
|
||||
type: "mac80211"
|
||||
path: "platform/soc/a800000.wifi"
|
||||
band: "5g"
|
||||
htmode: "VHT20"
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -12,5 +12,5 @@
|
|||
|
||||
- name: generate configuration
|
||||
template:
|
||||
src: templates/gs1900-10hp-stock.cfg.j2
|
||||
src: templates/{{ sw_type }}-stock.cfg.j2
|
||||
dest: "switch-configs-stock/{{ inventory_hostname }}.cfg"
|
||||
|
|
|
@ -12,14 +12,26 @@
|
|||
notify:
|
||||
- "reload {{ item | basename }}"
|
||||
|
||||
- name: distribute custom wifi.lua
|
||||
copy:
|
||||
src: files/wifi.lua
|
||||
dest: /usr/lib/lua/prometheus-collectors/wifi.lua
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0744
|
||||
notify:
|
||||
- restart prometheus-node-exporter-lua
|
||||
|
||||
handlers:
|
||||
- name: reload network
|
||||
service:
|
||||
name: network
|
||||
state: reloaded
|
||||
when: skip_wifi is not defined
|
||||
|
||||
- name: reload wireless
|
||||
command: wifi reconf
|
||||
when: skip_wifi is not defined
|
||||
|
||||
- name: reload system
|
||||
service:
|
||||
|
@ -30,3 +42,8 @@
|
|||
service:
|
||||
name: lldpd
|
||||
state: reloaded
|
||||
|
||||
- name: restart prometheus-node-exporter-lua
|
||||
service:
|
||||
name: prometheus-node-exporter-lua
|
||||
state: restarted
|
||||
|
|
|
@ -1,15 +1,20 @@
|
|||
|
||||
{% set radio=radios['radio0'] %}
|
||||
config wifi-device 'radio0'
|
||||
option type 'mac80211'
|
||||
option path 'pci0000:00/0000:00:11.0'
|
||||
option band '2g'
|
||||
option type '{{ radio.type }}'
|
||||
option path '{{ radio.path }}'
|
||||
option band '{{ radio.band }}'
|
||||
option channel '{{ channel_2g | default(1) }}'
|
||||
option htmode 'HT20'
|
||||
option htmode '{{ radio.htmode }}'
|
||||
option country 'DE'
|
||||
{% if txpower_2g is defined %}
|
||||
option txpower '{{ txpower_2g }}'
|
||||
{% endif %}
|
||||
{% if disable_2g is defined %}
|
||||
option disabled '1'
|
||||
{% else %}
|
||||
option disabled '0'
|
||||
{% endif %}
|
||||
|
||||
config wifi-iface 'default_radio0'
|
||||
option device 'radio0'
|
||||
|
@ -33,17 +38,22 @@ config wifi-iface 'backoffice_radio0'
|
|||
option disabled '1'
|
||||
{% endif %}
|
||||
|
||||
{% set radio=radios['radio1'] %}
|
||||
config wifi-device 'radio1'
|
||||
option type 'mac80211'
|
||||
option path 'pci0000:00/0000:00:12.0'
|
||||
option band '5g'
|
||||
option type '{{ radio.type }}'
|
||||
option path '{{ radio.path }}'
|
||||
option band '{{ radio.band }}'
|
||||
option channel '{{ channel_5g | default(36) }}'
|
||||
option htmode 'HT20'
|
||||
option htmode '{{ radio.htmode }}'
|
||||
option country 'DE'
|
||||
{% if txpower_5g is defined %}
|
||||
option txpower '{{ txpower_5g }}'
|
||||
{% endif %}
|
||||
{% if disable_5g is defined %}
|
||||
option disabled '1'
|
||||
{% else %}
|
||||
option disabled '0'
|
||||
{% endif %}
|
||||
|
||||
config wifi-iface 'default_radio1'
|
||||
option device 'radio1'
|
||||
|
|
|
@ -22,30 +22,24 @@ config bridge-vlan 'mgmt_vlan'
|
|||
option vlan '1'
|
||||
option device 'switch'
|
||||
list ports 'eth1:u*'
|
||||
list ports 'eth2:u*'
|
||||
list ports 'eth3:u*'
|
||||
|
||||
config bridge-vlan 'clients_vlan'
|
||||
option vlan '2'
|
||||
option device 'switch'
|
||||
list ports 'eth1:t'
|
||||
list ports 'eth2:t'
|
||||
list ports 'eth3:t'
|
||||
list ports 'eth3:u*'
|
||||
|
||||
config bridge-vlan 'wan_vlan'
|
||||
option vlan '3'
|
||||
option device 'switch'
|
||||
list ports 'eth0:u*'
|
||||
list ports 'eth1:t'
|
||||
list ports 'eth2:t'
|
||||
list ports 'eth3:t'
|
||||
list ports 'eth2:u*'
|
||||
|
||||
config bridge-vlan 'backoffice_vlan'
|
||||
option vlan '8'
|
||||
option device 'switch'
|
||||
list ports 'eth1:t'
|
||||
list ports 'eth2:t'
|
||||
list ports 'eth3:t'
|
||||
|
||||
config interface 'mgmt'
|
||||
option device 'switch.1'
|
||||
|
|
|
@ -17,6 +17,8 @@ config dnsmasq
|
|||
option nonwildcard '1'
|
||||
option localservice '1'
|
||||
option ednspacket_max '1232'
|
||||
option dnsforwardmax 300
|
||||
option cachesize 900
|
||||
|
||||
config dhcp 'mgmt'
|
||||
option interface 'mgmt'
|
||||
|
|
|
@ -74,6 +74,9 @@ config interface 'clients'
|
|||
config interface 'wan'
|
||||
option device 'switch.3'
|
||||
option proto 'dhcp'
|
||||
option peerdns '0'
|
||||
list dns '9.9.9.9'
|
||||
list dns '1.1.1.1'
|
||||
|
||||
config interface 'wan6'
|
||||
option device 'switch.3'
|
||||
|
@ -105,7 +108,7 @@ config interface 'wg1'
|
|||
option mtu 1420
|
||||
option proto 'wireguard'
|
||||
option private_key "{{ lookup('passwordstore', 'wg/wg1/gw-core01') }}"
|
||||
list addresses '10.64.52.118/32'
|
||||
list addresses '10.64.70.162/32'
|
||||
option ip4table 'launder'
|
||||
|
||||
config wireguard_wg1 'mullvad_fr'
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
|
||||
config dnsmasq
|
||||
option domainneeded '1'
|
||||
option boguspriv '1'
|
||||
option filterwin2k '0'
|
||||
option localise_queries '1'
|
||||
option rebind_protection '0'
|
||||
option rebind_localhost '1'
|
||||
option local '/lan/'
|
||||
option domain 'lan'
|
||||
option expandhosts '1'
|
||||
option nonegcache '0'
|
||||
option authoritative '1'
|
||||
option readethers '1'
|
||||
option leasefile '/etc/dhcp.leases'
|
||||
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
|
||||
option nonwildcard '1'
|
||||
option localservice '1'
|
||||
option ednspacket_max '1232'
|
||||
|
||||
config dhcp 'mgmt'
|
||||
option interface 'mgmt'
|
||||
option start '100'
|
||||
option limit '150'
|
||||
option leasetime '12h'
|
||||
option dhcpv4 'server'
|
||||
option dhcpv6 'server'
|
||||
option ra 'server'
|
||||
option ra_slaac '1'
|
||||
list ra_flags 'managed-config'
|
||||
list ra_flags 'other-config'
|
||||
|
||||
config dhcp 'clients'
|
||||
option interface 'clients'
|
||||
# from: 10.86.4.2
|
||||
# to: 10.86.7.254
|
||||
# start: 2
|
||||
# limit: 1020
|
||||
option start '2'
|
||||
option limit '1020'
|
||||
option leasetime '12h'
|
||||
option dhcpv4 'server'
|
||||
option dhcpv6 'server'
|
||||
option ra 'server'
|
||||
option ra_slaac '1'
|
||||
list ra_flags 'managed-config'
|
||||
list ra_flags 'other-config'
|
||||
|
||||
config dhcp 'backoffice'
|
||||
option interface 'backoffice'
|
||||
option start '100'
|
||||
option limit '150'
|
||||
option leasetime '12h'
|
||||
option dhcpv4 'server'
|
||||
option dhcpv6 'server'
|
||||
option ra 'server'
|
||||
option ra_slaac '1'
|
||||
list ra_flags 'managed-config'
|
||||
list ra_flags 'other-config'
|
||||
|
||||
config dhcp 'wan'
|
||||
option interface 'wan'
|
||||
option ignore '1'
|
||||
|
||||
config odhcpd 'odhcpd'
|
||||
option maindhcp '0'
|
||||
option leasefile '/tmp/hosts/odhcpd'
|
||||
option leasetrigger '/usr/sbin/odhcpd-update'
|
||||
option loglevel '4'
|
|
@ -0,0 +1,352 @@
|
|||
config defaults
|
||||
option syn_flood 1
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
# Uncomment this line to disable ipv6 rules
|
||||
# option disable_ipv6 1
|
||||
|
||||
config zone
|
||||
option name mgmt
|
||||
list network 'mgmt'
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name clients
|
||||
list network clients
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name backoffice
|
||||
list network 'backoffice'
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name launder
|
||||
list network wg4
|
||||
list network wg5
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
option masq 1
|
||||
option mtu_fix 1
|
||||
|
||||
config forwarding
|
||||
option src clients
|
||||
option dest launder
|
||||
|
||||
config zone
|
||||
option name backbone
|
||||
list network wg3
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config rule
|
||||
option name CLIENTS_Allow-DHCP
|
||||
option src clients
|
||||
option proto udp
|
||||
option dest_port 67-68
|
||||
option target ACCEPT
|
||||
option family ipv4
|
||||
|
||||
config rule
|
||||
option name CLIENTS_Allow-DNS
|
||||
option src clients
|
||||
option proto udp
|
||||
option dest_port 53
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name From-BACKBONE-Allow-OSPF
|
||||
option src backbone
|
||||
option proto ospf
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name From-BACKBONE-Allow-Prometheus
|
||||
option src backbone
|
||||
option proto tcp
|
||||
option dest_port 9100
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name From-BACKBONE-Into-MGMT-Allow-SNMP
|
||||
option src backbone
|
||||
option dest mgmt
|
||||
option proto udp
|
||||
option dest_port 161
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name From-Any-Allow-SSH
|
||||
option src *
|
||||
option proto tcp
|
||||
option dest_port 22
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Into-MGMT-Allow-SSH
|
||||
option src *
|
||||
option dest mgmt
|
||||
option proto tcp
|
||||
option dest_port 22
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Into-MGMT-Allow-ICMP
|
||||
option src *
|
||||
option dest mgmt
|
||||
option proto icmp
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Into-MGMT-Allow-Prometheus
|
||||
option src *
|
||||
option dest mgmt
|
||||
option proto tcp
|
||||
option dest_port 9100
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name From-MGMT-Into-BACKBONE-Allow-Prometheus
|
||||
option src mgmt
|
||||
option dest backbone
|
||||
option proto tcp
|
||||
option dest_port 9100
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Into-MGMT-Allow-Prometheus-WebGUI-On-monitoring01
|
||||
option src *
|
||||
option dest mgmt
|
||||
option proto tcp
|
||||
option dest_ip 10.84.1.51
|
||||
option dest_port 9090
|
||||
option target ACCEPT
|
||||
|
||||
config zone
|
||||
option name wan
|
||||
list network 'wan'
|
||||
list network 'wan6'
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
option masq 1
|
||||
option mtu_fix 1
|
||||
|
||||
config forwarding
|
||||
option src mgmt
|
||||
option dest wan
|
||||
|
||||
config forwarding
|
||||
option src backoffice
|
||||
option dest wan
|
||||
|
||||
# We need to accept udp packets on port 68,
|
||||
# see https://dev.openwrt.org/ticket/4108
|
||||
config rule
|
||||
option name Allow-DHCP-Renew
|
||||
option src wan
|
||||
option proto udp
|
||||
option dest_port 68
|
||||
option target ACCEPT
|
||||
option family ipv4
|
||||
|
||||
config rule
|
||||
option name Allow-Ping
|
||||
option src *
|
||||
option proto icmp
|
||||
option icmp_type echo-request
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Allow-IGMP
|
||||
option src wan
|
||||
option proto igmp
|
||||
option family ipv4
|
||||
option target ACCEPT
|
||||
|
||||
# Allow DHCPv6 replies
|
||||
# see https://dev.openwrt.org/ticket/10381
|
||||
config rule
|
||||
option name Allow-DHCPv6
|
||||
option src wan
|
||||
option proto udp
|
||||
option src_ip fc00::/6
|
||||
option dest_ip fc00::/6
|
||||
option dest_port 546
|
||||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Allow-MLD
|
||||
option src wan
|
||||
option proto icmp
|
||||
option src_ip fe80::/10
|
||||
list icmp_type '130/0'
|
||||
list icmp_type '131/0'
|
||||
list icmp_type '132/0'
|
||||
list icmp_type '143/0'
|
||||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
# Allow essential incoming IPv6 ICMP traffic
|
||||
config rule
|
||||
option name Allow-ICMPv6-Input
|
||||
option src wan
|
||||
option proto icmp
|
||||
list icmp_type echo-request
|
||||
list icmp_type echo-reply
|
||||
list icmp_type destination-unreachable
|
||||
list icmp_type packet-too-big
|
||||
list icmp_type time-exceeded
|
||||
list icmp_type bad-header
|
||||
list icmp_type unknown-header-type
|
||||
list icmp_type router-solicitation
|
||||
list icmp_type neighbour-solicitation
|
||||
list icmp_type router-advertisement
|
||||
list icmp_type neighbour-advertisement
|
||||
option limit 1000/sec
|
||||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
# Allow essential forwarded IPv6 ICMP traffic
|
||||
config rule
|
||||
option name Allow-ICMPv6-Forward
|
||||
option src wan
|
||||
option dest *
|
||||
option proto icmp
|
||||
list icmp_type echo-request
|
||||
list icmp_type echo-reply
|
||||
list icmp_type destination-unreachable
|
||||
list icmp_type packet-too-big
|
||||
list icmp_type time-exceeded
|
||||
list icmp_type bad-header
|
||||
list icmp_type unknown-header-type
|
||||
option limit 1000/sec
|
||||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Allow-IPSec-ESP
|
||||
option src wan
|
||||
option dest backoffice
|
||||
option proto esp
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Allow-ISAKMP
|
||||
option src wan
|
||||
option dest backoffice
|
||||
option dest_port 500
|
||||
option proto udp
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name WAN_Allow-SSH
|
||||
option src wan
|
||||
option dest_port 22
|
||||
option proto tcp
|
||||
option target ACCEPT
|
||||
|
||||
# allow interoperability with traceroute classic
|
||||
# note that traceroute uses a fixed port range, and depends on getting
|
||||
# back ICMP Unreachables. if we're operating in DROP mode, it won't
|
||||
# work so we explicitly REJECT packets on these ports.
|
||||
config rule
|
||||
option name Support-UDP-Traceroute
|
||||
option src wan
|
||||
option dest_port 33434:33689
|
||||
option proto udp
|
||||
option family ipv4
|
||||
option target REJECT
|
||||
option enabled false
|
||||
|
||||
config rule
|
||||
option name BACKOFFICE_Allow-DHCP
|
||||
option src backoffice
|
||||
option proto udp
|
||||
option dest_port 67-68
|
||||
option target ACCEPT
|
||||
option family ipv4
|
||||
|
||||
config rule
|
||||
option name BACKOFFICE_Allow-DNS
|
||||
option src backoffice
|
||||
option proto udp
|
||||
option dest_port 53
|
||||
option target ACCEPT
|
||||
option family ipv4
|
||||
|
||||
|
||||
# include a file with users custom iptables rules
|
||||
config include
|
||||
option path /etc/firewall.user
|
||||
|
||||
|
||||
### EXAMPLE CONFIG SECTIONS
|
||||
# do not allow a specific ip to access wan
|
||||
#config rule
|
||||
# option src mgmt
|
||||
# option src_ip 192.168.45.2
|
||||
# option dest wan
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
# block a specific mac on wan
|
||||
#config rule
|
||||
# option dest wan
|
||||
# option src_mac 00:11:22:33:44:66
|
||||
# option target REJECT
|
||||
|
||||
# block incoming ICMP traffic on a zone
|
||||
#config rule
|
||||
# option src mgmt
|
||||
# option proto ICMP
|
||||
# option target DROP
|
||||
|
||||
# port redirect port coming in on wan to lan
|
||||
#config redirect
|
||||
# option src wan
|
||||
# option src_dport 80
|
||||
# option dest lan
|
||||
# option dest_ip 192.168.16.235
|
||||
# option dest_port 80
|
||||
# option proto tcp
|
||||
|
||||
# port redirect of remapped ssh port (22001) on wan
|
||||
#config redirect
|
||||
# option src wan
|
||||
# option src_dport 22001
|
||||
# option dest lan
|
||||
# option dest_port 22
|
||||
# option proto tcp
|
||||
|
||||
### FULL CONFIG SECTIONS
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 80
|
||||
# option dest wan
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
#config redirect
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 1024
|
||||
# option src_dport 80
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
|
@ -0,0 +1,141 @@
|
|||
|
||||
config interface 'loopback'
|
||||
option device 'lo'
|
||||
option proto 'static'
|
||||
option ipaddr '127.0.0.1'
|
||||
option netmask '255.0.0.0'
|
||||
|
||||
config globals 'globals'
|
||||
option packet_steering '1'
|
||||
|
||||
config device 'switch'
|
||||
option name 'switch'
|
||||
option type 'bridge'
|
||||
option vlan_filtering 1
|
||||
list ports 'eth0'
|
||||
list ports 'eth1'
|
||||
list ports 'eth2'
|
||||
list ports 'eth3'
|
||||
list ports 'eth4'
|
||||
list ports 'eth5'
|
||||
list ports 'eth6'
|
||||
list ports 'eth7'
|
||||
|
||||
config bridge-vlan 'mgmt_vlan'
|
||||
option vlan '1'
|
||||
option device 'switch'
|
||||
list ports 'eth1:u*'
|
||||
list ports 'eth2:u*'
|
||||
list ports 'eth3:u*'
|
||||
list ports 'eth4:u*'
|
||||
list ports 'eth5:u*'
|
||||
list ports 'eth6:u*'
|
||||
|
||||
config bridge-vlan 'clients_vlan'
|
||||
option vlan '2'
|
||||
option device 'switch'
|
||||
list ports 'eth1:t'
|
||||
list ports 'eth2:t'
|
||||
list ports 'eth3:t'
|
||||
list ports 'eth4:t'
|
||||
list ports 'eth5:t'
|
||||
list ports 'eth6:t'
|
||||
|
||||
config bridge-vlan 'wan_vlan'
|
||||
option vlan '3'
|
||||
option device 'switch'
|
||||
list ports 'eth0:u*'
|
||||
|
||||
config bridge-vlan 'backoffice_vlan'
|
||||
option vlan '8'
|
||||
option device 'switch'
|
||||
list ports 'eth1:t'
|
||||
list ports 'eth2:t'
|
||||
list ports 'eth3:t'
|
||||
list ports 'eth4:t'
|
||||
list ports 'eth5:t'
|
||||
list ports 'eth6:t'
|
||||
list ports 'eth7:u*'
|
||||
|
||||
config interface 'mgmt'
|
||||
option device 'switch.1'
|
||||
option proto 'static'
|
||||
option ipaddr '10.86.1.1'
|
||||
option netmask '255.255.255.0'
|
||||
|
||||
config interface 'wan'
|
||||
option device 'switch.3'
|
||||
option proto 'dhcp'
|
||||
|
||||
config interface 'wan6'
|
||||
option device 'switch.3'
|
||||
option proto 'dhcpv6'
|
||||
|
||||
config interface 'clients'
|
||||
option device 'switch.2'
|
||||
option proto 'static'
|
||||
option ipaddr '10.86.4.1'
|
||||
option netmask '255.255.252.0'
|
||||
|
||||
config interface 'backoffice'
|
||||
option device 'switch.8'
|
||||
option proto 'static'
|
||||
option ipaddr '10.86.8.1'
|
||||
option netmask '255.255.255.0'
|
||||
|
||||
config interface 'wg3'
|
||||
option proto 'wireguard'
|
||||
option private_key "{{ lookup('passwordstore', 'wg/wg3/sax-rgs-gw-core01') }}"
|
||||
option listen_port 51823
|
||||
option mtu 1350
|
||||
list addresses '10.86.254.1/31'
|
||||
option disabled '0'
|
||||
|
||||
config wireguard_wg3 'eap_adp_jump01'
|
||||
option public_key "{{ lookup('passwordstore', 'wg/wg3/eae-adp-jump01.pub') }}"
|
||||
option preshared_key "{{ lookup('passwordstore', 'wg/wg3/psk') }}"
|
||||
option endpoint_host '162.55.53.85'
|
||||
option endpoint_port '51823'
|
||||
option route_allowed_ips '0'
|
||||
option persistent_keepalive 15
|
||||
list allowed_ips '0.0.0.0/0'
|
||||
|
||||
config interface 'wg4'
|
||||
option proto 'wireguard'
|
||||
option private_key "{{ lookup('passwordstore', 'wg/wg4/sax-rgs-gw-core01') }}"
|
||||
list addresses 'fe80:2131:27:189::2/64'
|
||||
option disabled '0'
|
||||
|
||||
# routes 2a0e:8f02:f000:2e61::1/64 to the link-local of wg4
|
||||
config wireguard_wg4 'core_mowoe_com'
|
||||
option public_key "{{ lookup('passwordstore', 'wg/wg4/core.mowoe.com.pub') }}"
|
||||
option endpoint_host 'core.mowoe.com'
|
||||
option endpoint_port '51821'
|
||||
option route_allowed_ips '0'
|
||||
option persistent_keepalive 15
|
||||
list allowed_ips '::/0'
|
||||
|
||||
config interface 'wg5'
|
||||
option ip4table 'launder'
|
||||
option proto 'wireguard'
|
||||
option private_key "{{ lookup('passwordstore', 'wg/wg5/sax-rgs-gw-core01') }}"
|
||||
list addresses '10.67.171.28'
|
||||
option disabled '0'
|
||||
|
||||
config wireguard_wg5 'mullvad'
|
||||
option public_key "{{ lookup('passwordstore', 'wg/wg5/mullvad.pub') }}"
|
||||
option endpoint_host '146.70.117.162'
|
||||
option endpoint_port '51820'
|
||||
option route_allowed_ips '1'
|
||||
option persistent_keepalive 15
|
||||
list allowed_ips '0.0.0.0/0'
|
||||
|
||||
config rule
|
||||
option in 'clients'
|
||||
option lookup 'launder'
|
||||
option priority 50
|
||||
|
||||
config rule
|
||||
option in 'clients'
|
||||
option action prohibit
|
||||
option priority 51
|
|
@ -0,0 +1,16 @@
|
|||
password zebra
|
||||
!
|
||||
router ospf
|
||||
redistribute connected
|
||||
!
|
||||
log syslog
|
||||
!
|
||||
interface wg3
|
||||
ip ospf area 0
|
||||
ip ospf network point-to-point
|
||||
!
|
||||
access-list vty permit 127.0.0.0/8
|
||||
access-list vty deny any
|
||||
!
|
||||
line vty
|
||||
access-class vty
|
|
@ -0,0 +1,13 @@
|
|||
#
|
||||
# reserved values
|
||||
#
|
||||
128 prelocal
|
||||
255 local
|
||||
254 main
|
||||
253 default
|
||||
0 unspec
|
||||
20 launder
|
||||
#
|
||||
# local
|
||||
#
|
||||
#1 inr.ruhep
|
|
@ -1,53 +1,38 @@
|
|||
{
|
||||
"__inputs": [],
|
||||
"__requires": [
|
||||
{
|
||||
"type": "panel",
|
||||
"id": "bargauge",
|
||||
"name": "Bar gauge",
|
||||
"version": ""
|
||||
},
|
||||
{
|
||||
"type": "panel",
|
||||
"id": "gauge",
|
||||
"name": "Gauge",
|
||||
"version": ""
|
||||
},
|
||||
{
|
||||
"type": "grafana",
|
||||
"id": "grafana",
|
||||
"name": "Grafana",
|
||||
"version": "7.5.11"
|
||||
},
|
||||
{
|
||||
"type": "panel",
|
||||
"id": "graph",
|
||||
"name": "Graph",
|
||||
"version": ""
|
||||
}
|
||||
],
|
||||
"annotations": {
|
||||
"list": [
|
||||
{
|
||||
"builtIn": 1,
|
||||
"datasource": "-- Grafana --",
|
||||
"datasource": {
|
||||
"type": "datasource",
|
||||
"uid": "grafana"
|
||||
},
|
||||
"enable": true,
|
||||
"hide": true,
|
||||
"iconColor": "rgba(0, 211, 255, 1)",
|
||||
"name": "Annotations & Alerts",
|
||||
"target": {
|
||||
"limit": 100,
|
||||
"matchAny": false,
|
||||
"tags": [],
|
||||
"type": "dashboard"
|
||||
},
|
||||
"type": "dashboard"
|
||||
}
|
||||
]
|
||||
},
|
||||
"editable": true,
|
||||
"gnetId": null,
|
||||
"fiscalYearStartMonth": 0,
|
||||
"graphTooltip": 0,
|
||||
"id": null,
|
||||
"iteration": 1669161748754,
|
||||
"id": 4,
|
||||
"links": [],
|
||||
"liveNow": false,
|
||||
"panels": [
|
||||
{
|
||||
"datasource": null,
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"gridPos": {
|
||||
"h": 1,
|
||||
"w": 24,
|
||||
|
@ -55,6 +40,15 @@
|
|||
"y": 0
|
||||
},
|
||||
"id": 11,
|
||||
"targets": [
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "Internet",
|
||||
"type": "row"
|
||||
},
|
||||
|
@ -63,7 +57,10 @@
|
|||
"bars": false,
|
||||
"dashLength": 10,
|
||||
"dashes": false,
|
||||
"datasource": null,
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"unit": "bps"
|
||||
|
@ -96,7 +93,7 @@
|
|||
"alertThreshold": true
|
||||
},
|
||||
"percentage": false,
|
||||
"pluginVersion": "7.5.11",
|
||||
"pluginVersion": "9.0.6",
|
||||
"pointradius": 2,
|
||||
"points": false,
|
||||
"renderer": "flot",
|
||||
|
@ -112,6 +109,10 @@
|
|||
"steppedLine": false,
|
||||
"targets": [
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"exemplar": true,
|
||||
"expr": "irate(node_network_receive_bytes_total{site=\"$site\",job=\"gateways\",device=\"eth0\"}[$__rate_interval]) * 8",
|
||||
"interval": "",
|
||||
|
@ -119,6 +120,10 @@
|
|||
"refId": "rx"
|
||||
},
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"exemplar": true,
|
||||
"expr": "irate(node_network_transmit_bytes_total{site=\"$site\",job=\"gateways\",device=\"eth0\"}[$__rate_interval]) * 8",
|
||||
"hide": false,
|
||||
|
@ -128,9 +133,7 @@
|
|||
}
|
||||
],
|
||||
"thresholds": [],
|
||||
"timeFrom": null,
|
||||
"timeRegions": [],
|
||||
"timeShift": null,
|
||||
"title": "upstream bandwith",
|
||||
"tooltip": {
|
||||
"shared": true,
|
||||
|
@ -139,37 +142,31 @@
|
|||
},
|
||||
"type": "graph",
|
||||
"xaxis": {
|
||||
"buckets": null,
|
||||
"mode": "time",
|
||||
"name": null,
|
||||
"show": true,
|
||||
"values": []
|
||||
},
|
||||
"yaxes": [
|
||||
{
|
||||
"format": "bps",
|
||||
"label": null,
|
||||
"logBase": 1,
|
||||
"max": null,
|
||||
"min": null,
|
||||
"show": true
|
||||
},
|
||||
{
|
||||
"format": "short",
|
||||
"label": null,
|
||||
"logBase": 1,
|
||||
"max": null,
|
||||
"min": null,
|
||||
"show": true
|
||||
}
|
||||
],
|
||||
"yaxis": {
|
||||
"align": false,
|
||||
"alignLevel": null
|
||||
"align": false
|
||||
}
|
||||
},
|
||||
{
|
||||
"datasource": null,
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"color": {
|
||||
|
@ -199,6 +196,8 @@
|
|||
"id": 9,
|
||||
"options": {
|
||||
"displayMode": "gradient",
|
||||
"minVizHeight": 10,
|
||||
"minVizWidth": 0,
|
||||
"orientation": "vertical",
|
||||
"reduceOptions": {
|
||||
"calcs": [
|
||||
|
@ -210,9 +209,13 @@
|
|||
"showUnfilled": true,
|
||||
"text": {}
|
||||
},
|
||||
"pluginVersion": "7.5.11",
|
||||
"pluginVersion": "9.0.6",
|
||||
"targets": [
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"exemplar": true,
|
||||
"expr": "increase(node_network_receive_bytes_total{site=\"$site\",job=\"gateways\",device=~\"eth0\"}[$__range])",
|
||||
"instant": true,
|
||||
|
@ -221,6 +224,10 @@
|
|||
"refId": "A"
|
||||
},
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"exemplar": true,
|
||||
"expr": "increase(node_network_transmit_bytes_total{site=\"$site\",job=\"gateways\",device=~\"eth0\"}[$__range])",
|
||||
"hide": false,
|
||||
|
@ -236,7 +243,10 @@
|
|||
},
|
||||
{
|
||||
"collapsed": false,
|
||||
"datasource": null,
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"gridPos": {
|
||||
"h": 1,
|
||||
"w": 24,
|
||||
|
@ -245,6 +255,15 @@
|
|||
},
|
||||
"id": 5,
|
||||
"panels": [],
|
||||
"targets": [
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "Wifi",
|
||||
"type": "row"
|
||||
},
|
||||
|
@ -253,10 +272,9 @@
|
|||
"bars": false,
|
||||
"dashLength": 10,
|
||||
"dashes": false,
|
||||
"datasource": null,
|
||||
"fieldConfig": {
|
||||
"defaults": {},
|
||||
"overrides": []
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"fill": 1,
|
||||
"fillGradient": 0,
|
||||
|
@ -285,7 +303,7 @@
|
|||
"alertThreshold": true
|
||||
},
|
||||
"percentage": false,
|
||||
"pluginVersion": "7.5.11",
|
||||
"pluginVersion": "9.0.6",
|
||||
"pointradius": 2,
|
||||
"points": false,
|
||||
"renderer": "flot",
|
||||
|
@ -295,6 +313,10 @@
|
|||
"steppedLine": false,
|
||||
"targets": [
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"exemplar": true,
|
||||
"expr": "sum (wifi_network_clients{site=\"$site\"})",
|
||||
"interval": "",
|
||||
|
@ -303,9 +325,7 @@
|
|||
}
|
||||
],
|
||||
"thresholds": [],
|
||||
"timeFrom": null,
|
||||
"timeRegions": [],
|
||||
"timeShift": null,
|
||||
"title": "wifi clients over time",
|
||||
"tooltip": {
|
||||
"shared": true,
|
||||
|
@ -314,37 +334,126 @@
|
|||
},
|
||||
"type": "graph",
|
||||
"xaxis": {
|
||||
"buckets": null,
|
||||
"mode": "time",
|
||||
"name": null,
|
||||
"show": true,
|
||||
"values": []
|
||||
},
|
||||
"yaxes": [
|
||||
{
|
||||
"format": "short",
|
||||
"label": null,
|
||||
"logBase": 1,
|
||||
"max": null,
|
||||
"min": null,
|
||||
"show": true
|
||||
},
|
||||
{
|
||||
"format": "short",
|
||||
"label": null,
|
||||
"logBase": 1,
|
||||
"max": null,
|
||||
"min": null,
|
||||
"show": true
|
||||
}
|
||||
],
|
||||
"yaxis": {
|
||||
"align": false,
|
||||
"alignLevel": null
|
||||
"align": false
|
||||
}
|
||||
},
|
||||
{
|
||||
"datasource": null,
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"color": {
|
||||
"mode": "palette-classic"
|
||||
},
|
||||
"custom": {
|
||||
"axisLabel": "",
|
||||
"axisPlacement": "auto",
|
||||
"barAlignment": 0,
|
||||
"drawStyle": "line",
|
||||
"fillOpacity": 0,
|
||||
"gradientMode": "none",
|
||||
"hideFrom": {
|
||||
"legend": false,
|
||||
"tooltip": false,
|
||||
"viz": false
|
||||
},
|
||||
"lineInterpolation": "linear",
|
||||
"lineWidth": 1,
|
||||
"pointSize": 5,
|
||||
"scaleDistribution": {
|
||||
"type": "linear"
|
||||
},
|
||||
"showPoints": "auto",
|
||||
"spanNulls": false,
|
||||
"stacking": {
|
||||
"group": "A",
|
||||
"mode": "none"
|
||||
},
|
||||
"thresholdsStyle": {
|
||||
"mode": "area"
|
||||
}
|
||||
},
|
||||
"mappings": [],
|
||||
"max": 1,
|
||||
"thresholds": {
|
||||
"mode": "absolute",
|
||||
"steps": [
|
||||
{
|
||||
"color": "green",
|
||||
"value": null
|
||||
},
|
||||
{
|
||||
"color": "#EAB839",
|
||||
"value": 0.5
|
||||
},
|
||||
{
|
||||
"color": "red",
|
||||
"value": 0.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"unit": "percentunit"
|
||||
},
|
||||
"overrides": []
|
||||
},
|
||||
"gridPos": {
|
||||
"h": 8,
|
||||
"w": 24,
|
||||
"x": 0,
|
||||
"y": 13
|
||||
},
|
||||
"id": 21,
|
||||
"options": {
|
||||
"legend": {
|
||||
"calcs": [],
|
||||
"displayMode": "table",
|
||||
"placement": "bottom"
|
||||
},
|
||||
"tooltip": {
|
||||
"mode": "single",
|
||||
"sort": "none"
|
||||
}
|
||||
},
|
||||
"targets": [
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"editorMode": "code",
|
||||
"expr": "sum(increase(wifi_network_airtime_busy{site=\"$site\"}[$__rate_interval])) by (instance,device) / sum(increase(wifi_network_airtime_total{site=\"$site\"}[$__rate_interval])) by (instance,device)",
|
||||
"legendFormat": "__auto",
|
||||
"range": true,
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "wifi airtime utilization",
|
||||
"type": "timeseries"
|
||||
},
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"description": "",
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
|
@ -370,11 +479,13 @@
|
|||
"h": 8,
|
||||
"w": 12,
|
||||
"x": 0,
|
||||
"y": 13
|
||||
"y": 21
|
||||
},
|
||||
"id": 3,
|
||||
"options": {
|
||||
"displayMode": "gradient",
|
||||
"minVizHeight": 10,
|
||||
"minVizWidth": 0,
|
||||
"orientation": "horizontal",
|
||||
"reduceOptions": {
|
||||
"calcs": [
|
||||
|
@ -386,9 +497,13 @@
|
|||
"showUnfilled": true,
|
||||
"text": {}
|
||||
},
|
||||
"pluginVersion": "7.5.11",
|
||||
"pluginVersion": "9.0.6",
|
||||
"targets": [
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"exemplar": true,
|
||||
"expr": "sort(sum (wifi_network_clients{site=\"$site\"}) by (location))",
|
||||
"hide": false,
|
||||
|
@ -398,6 +513,10 @@
|
|||
"refId": "by all"
|
||||
},
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"exemplar": true,
|
||||
"expr": "sum (wifi_network_clients{site=\"$site\"})",
|
||||
"hide": false,
|
||||
|
@ -411,7 +530,10 @@
|
|||
"type": "bargauge"
|
||||
},
|
||||
{
|
||||
"datasource": null,
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"color": {
|
||||
|
@ -439,11 +561,13 @@
|
|||
"h": 8,
|
||||
"w": 12,
|
||||
"x": 12,
|
||||
"y": 13
|
||||
"y": 21
|
||||
},
|
||||
"id": 13,
|
||||
"options": {
|
||||
"displayMode": "gradient",
|
||||
"minVizHeight": 10,
|
||||
"minVizWidth": 0,
|
||||
"orientation": "horizontal",
|
||||
"reduceOptions": {
|
||||
"calcs": [
|
||||
|
@ -455,9 +579,13 @@
|
|||
"showUnfilled": true,
|
||||
"text": {}
|
||||
},
|
||||
"pluginVersion": "7.5.11",
|
||||
"pluginVersion": "9.0.6",
|
||||
"targets": [
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"exemplar": true,
|
||||
"expr": "sort(sum (wifi_network_clients{site=\"$site\"}) by (instance))",
|
||||
"instant": true,
|
||||
|
@ -479,7 +607,10 @@
|
|||
"type": "bargauge"
|
||||
},
|
||||
{
|
||||
"datasource": null,
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"color": {
|
||||
|
@ -504,10 +635,11 @@
|
|||
"h": 7,
|
||||
"w": 18,
|
||||
"x": 0,
|
||||
"y": 21
|
||||
"y": 29
|
||||
},
|
||||
"id": 17,
|
||||
"options": {
|
||||
"orientation": "auto",
|
||||
"reduceOptions": {
|
||||
"calcs": [
|
||||
"lastNotNull"
|
||||
|
@ -519,9 +651,13 @@
|
|||
"showThresholdMarkers": true,
|
||||
"text": {}
|
||||
},
|
||||
"pluginVersion": "7.5.11",
|
||||
"pluginVersion": "9.0.6",
|
||||
"targets": [
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"exemplar": true,
|
||||
"expr": "sort(wifi_network_bitrate{site=\"$site\"} != 0)",
|
||||
"instant": true,
|
||||
|
@ -557,7 +693,10 @@
|
|||
"type": "gauge"
|
||||
},
|
||||
{
|
||||
"datasource": null,
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"color": {
|
||||
|
@ -585,11 +724,13 @@
|
|||
"h": 7,
|
||||
"w": 6,
|
||||
"x": 18,
|
||||
"y": 21
|
||||
"y": 29
|
||||
},
|
||||
"id": 15,
|
||||
"options": {
|
||||
"displayMode": "gradient",
|
||||
"minVizHeight": 10,
|
||||
"minVizWidth": 0,
|
||||
"orientation": "auto",
|
||||
"reduceOptions": {
|
||||
"calcs": [
|
||||
|
@ -601,9 +742,13 @@
|
|||
"showUnfilled": true,
|
||||
"text": {}
|
||||
},
|
||||
"pluginVersion": "7.5.11",
|
||||
"pluginVersion": "9.0.6",
|
||||
"targets": [
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"exemplar": true,
|
||||
"expr": "sum(wifi_network_clients{site=\"$site\",device=\"radio0\"})",
|
||||
"interval": "",
|
||||
|
@ -611,6 +756,10 @@
|
|||
"refId": "A"
|
||||
},
|
||||
{
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"exemplar": true,
|
||||
"expr": "sum(wifi_network_clients{site=\"$site\",device=\"radio1\"})",
|
||||
"hide": false,
|
||||
|
@ -624,51 +773,49 @@
|
|||
}
|
||||
],
|
||||
"refresh": false,
|
||||
"schemaVersion": 27,
|
||||
"schemaVersion": 36,
|
||||
"style": "dark",
|
||||
"tags": [],
|
||||
"templating": {
|
||||
"list": [
|
||||
{
|
||||
"allValue": null,
|
||||
"current": {
|
||||
"selected": true,
|
||||
"text": "adp",
|
||||
"value": "adp"
|
||||
},
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
"uid": "aUZtGMdVk"
|
||||
},
|
||||
"definition": "label_values(wifi_network_clients, site)",
|
||||
"description": "which site ?",
|
||||
"error": null,
|
||||
"hide": 0,
|
||||
"includeAll": false,
|
||||
"label": "Einrichtung",
|
||||
"multi": false,
|
||||
"name": "site",
|
||||
"options": [
|
||||
{
|
||||
"selected": true,
|
||||
"text": "adp",
|
||||
"value": "adp"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "ans",
|
||||
"value": "ans"
|
||||
}
|
||||
],
|
||||
"query": "adp,ans",
|
||||
"queryValue": "",
|
||||
"options": [],
|
||||
"query": {
|
||||
"query": "label_values(wifi_network_clients, site)",
|
||||
"refId": "StandardVariableQuery"
|
||||
},
|
||||
"refresh": 1,
|
||||
"regex": "",
|
||||
"skipUrlSync": false,
|
||||
"type": "custom"
|
||||
"sort": 0,
|
||||
"type": "query"
|
||||
}
|
||||
]
|
||||
},
|
||||
"time": {
|
||||
"from": "now-24h",
|
||||
"from": "now-3h",
|
||||
"to": "now"
|
||||
},
|
||||
"timepicker": {},
|
||||
"timezone": "",
|
||||
"title": "Übersicht Gemeinschaftsunterkünfte",
|
||||
"uid": "1O2tNMOVk",
|
||||
"version": 7
|
||||
"version": 4,
|
||||
"weekStart": ""
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
inet 10.86.254.0/31
|
||||
mtu 1350
|
||||
wgport 51823
|
||||
wgkey {{ lookup('passwordstore', 'wg/wg3/eae-adp-jump01') }}
|
||||
wgpeer {{ lookup('passwordstore', 'wg/wg3/sax-rgs-gw-core01.pub') }} wgpsk {{ lookup('passwordstore', 'wg/wg3/psk') }} wgaip 0.0.0.0/0
|
|
@ -38,9 +38,16 @@ scrape_configs:
|
|||
|
||||
- job_name: 'snmp'
|
||||
static_configs:
|
||||
- targets:
|
||||
{% for host in groups['switches_stock'] %}
|
||||
- {{ hostvars[host]['ip'] }}
|
||||
- targets: ["{{ hostvars[host]['ip'] }}"]
|
||||
labels:
|
||||
instance: "{{ host }}"
|
||||
{% if hostvars[host]['site'] is defined %}
|
||||
site: "{{ hostvars[host]['site'] }}"
|
||||
{% endif %}
|
||||
{% if hostvars[host]['location'] is defined %}
|
||||
location: "{{ hostvars[host]['location'] }}"
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
metrics_path: /snmp
|
||||
params:
|
||||
|
@ -48,8 +55,6 @@ scrape_configs:
|
|||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: 127.0.0.1:9116 # The SNMP exporter's real hostname:port.
|
||||
|
||||
|
|
|
@ -0,0 +1,151 @@
|
|||
SYSTEM CONFIG FILE ::= BEGIN
|
||||
! System Description: S2800S-8T2F-P Switch
|
||||
! System Version: v27272
|
||||
! System Name:
|
||||
! System Up Time:
|
||||
!
|
||||
!
|
||||
cpu-protect cpu bandwidth 500
|
||||
cpu-protect sub-interface manage pps 500
|
||||
cpu-protect sub-interface route pps 200
|
||||
cpu-protect sub-interface protocol pps 500
|
||||
username web admin password "{{ lookup('passwordstore', 'switches/{{ inventory_hostname }}') }}"
|
||||
web-login-time 14400
|
||||
web-language en
|
||||
web http port 80
|
||||
!
|
||||
!
|
||||
!
|
||||
system name "{{ inventory_hostname }}"
|
||||
ip default-gateway 10.86.1.1
|
||||
no easycwmp acs enable
|
||||
easycwmp acs periodic_enable
|
||||
easycwmp acs periodic_interval 60
|
||||
username "admin" privilege user password "{{ lookup('passwordstore', 'switches/{{ inventory_hostname }}') }}"
|
||||
vlan 2
|
||||
description "clients"
|
||||
vlan 8
|
||||
description "backoffice"
|
||||
management-vlan enable
|
||||
voice-vlan oui-table 00:E0:BB:00:00:00 mask FF:FF:FF:00:00:00 "3COM"
|
||||
voice-vlan oui-table 00:03:6B:00:00:00 mask FF:FF:FF:00:00:00 "Cisco"
|
||||
voice-vlan oui-table 00:E0:75:00:00:00 mask FF:FF:FF:00:00:00 "Veritel"
|
||||
voice-vlan oui-table 00:D0:1E:00:00:00 mask FF:FF:FF:00:00:00 "Pingtel"
|
||||
voice-vlan oui-table 00:01:E3:00:00:00 mask FF:FF:FF:00:00:00 "Siemens"
|
||||
voice-vlan oui-table 00:60:B9:00:00:00 mask FF:FF:FF:00:00:00 "NEC/Philips"
|
||||
voice-vlan oui-table 00:0F:E2:00:00:00 mask FF:FF:FF:00:00:00 "Huawei-3COM"
|
||||
voice-vlan oui-table 00:09:6E:00:00:00 mask FF:FF:FF:00:00:00 "Avaya"
|
||||
!
|
||||
!
|
||||
surveillance-vlan vlan 4095
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
eee interface gi0/1
|
||||
eee interface gi0/2
|
||||
eee interface gi0/3
|
||||
eee interface gi0/4
|
||||
eee interface gi0/5
|
||||
eee interface gi0/6
|
||||
eee interface gi0/7
|
||||
eee interface gi0/8
|
||||
no ip igmp snooping vlan 1 fast-leave enable
|
||||
no ipv6 mld snooping vlan 1 fast-leave enable
|
||||
!
|
||||
!
|
||||
snmp community "public" ro
|
||||
snmp community "private" rw
|
||||
snmp enable
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
no ip telnet
|
||||
ip ssh
|
||||
ip ssh v1
|
||||
ip ssh v2
|
||||
ip http
|
||||
ip https
|
||||
!
|
||||
!
|
||||
dhcp-snooping vlan 1-4094
|
||||
arp-inspection vlan 1-4094
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
interface gi0/1
|
||||
switch mode trunk
|
||||
switch trunk native vlan 1
|
||||
flowcontrol on
|
||||
poe max-power 35
|
||||
poe alloc-power 35
|
||||
!
|
||||
interface gi0/2
|
||||
switch mode trunk
|
||||
switch trunk native vlan 1
|
||||
poe max-power 15.4
|
||||
poe alloc-power 35
|
||||
!
|
||||
interface gi0/3
|
||||
switch mode trunk
|
||||
switch trunk native vlan 1
|
||||
poe max-power 35
|
||||
poe alloc-power 0
|
||||
!
|
||||
interface gi0/4
|
||||
switch mode trunk
|
||||
switch trunk native vlan 1
|
||||
poe max-power 35
|
||||
poe alloc-power 0
|
||||
!
|
||||
interface gi0/5
|
||||
switch mode trunk
|
||||
switch trunk native vlan 1
|
||||
poe max-power 35
|
||||
poe alloc-power 0
|
||||
!
|
||||
interface gi0/6
|
||||
switch mode trunk
|
||||
switch trunk native vlan 1
|
||||
poe max-power 35
|
||||
poe alloc-power 0
|
||||
!
|
||||
interface gi0/7
|
||||
switch mode trunk
|
||||
switch trunk native vlan 1
|
||||
poe max-power 35
|
||||
poe alloc-power 0
|
||||
!
|
||||
interface gi0/8
|
||||
switch mode trunk
|
||||
switch trunk native vlan 1
|
||||
poe max-power 35
|
||||
poe alloc-power 0
|
||||
!
|
||||
interface gi0/9
|
||||
switch mode trunk
|
||||
switch trunk native vlan 1
|
||||
!
|
||||
interface gi0/10
|
||||
switch mode trunk
|
||||
switch trunk native vlan 1
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
interface vlan 1
|
||||
ip address {{ ip }} mask 255.255.255.0
|
||||
ip default-gateway 10.86.1.1
|
||||
ip dhcpserver gate-way 192.168.1.254
|
||||
ip dhcpserver pool 192.168.1.11-192.168.1.200
|
||||
ip dhcpserver mask 255.255.255.0
|
||||
ip dhcpserver major 8.8.8.8
|
||||
ip dhcpserver minor 0.0.0.0
|
||||
ip dhcpserver leasetime 1200
|
||||
!
|
Loading…
Reference in New Issue