Freifunk-Leipzig
/
eae-am-deutschen-platz
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
docs, config and ansible stuff for the "Erstaufnahmeeinrichtung Am Deutschen Platz"
258 Commits
4 Branches
0 Tags
2.3 MiB
Jinja 63.8%
Lua 20.2%
Shell 16%
 
 
 
Go to file
Gregor Michels eadcf6f296 monitoring: extend ifInErrors alert to non-snmp devices 
also automatically clear alarm after 2 hours because linux devices have
no way to clear the nic error counters
 		2023-04-18 21:00:04 +02:00
ansible-environment add venv for ansible 2022-07-03 01:24:40 +02:00
documentation add incident 045 about a fibre cut in ANS 2023-04-18 20:54:38 +02:00
files monitoring: extend ifInErrors alert to non-snmp devices 2023-04-18 21:00:04 +02:00
firmware playbook_sysupgrade.yml: add empty firmware directory into vcs 2022-11-02 23:53:07 +01:00
group_vars accesspoints: add new type aruba-ap-303 2023-01-17 23:50:49 +01:00
password-store add pw for new hardware offloader (ffl node id 1669) (for ans) 2023-03-08 00:32:33 +01:00
roles add submodule "gekmihesg.openwrt" 2022-11-03 00:07:31 +01:00
templates gw-core01: fix broken mgmt tunnel 2023-03-22 23:26:03 +01:00
.gitignore new playbook: playbook_create_switch_configs_stock for ans 2022-11-10 00:29:44 +01:00
.gitmodules add submodule "gekmihesg.openwrt" 2022-11-03 00:07:31 +01:00
README.md README: update a few things 2022-12-30 19:54:46 +01:00
ansible-environment.txt venv: upgrade to ansible 6.1.0 2022-07-24 17:09:57 +02:00
ansible-inventory rgs wifi: improve RSSI for clients by increasing tx power 2023-03-08 00:03:54 +01:00
ansible.cfg add incident 025: ans steer clients into 5 GHz band 2022-12-23 01:12:37 +01:00
environment environment: also configure http(s) proxy and enter python venv 2022-07-03 02:07:50 +02:00
playbook_create_ssh_config.yml playbook_create_ssh_config: fix indentation of 'ProxyJump' 2022-09-28 00:49:10 +02:00
playbook_create_switch_configs_stock.yml playbook_create_switch_configs_stock: prepare for other stock firmwares 2023-01-10 02:38:31 +01:00
playbook_distribute_authorized_keys.yml playbook_distribute_authorized_keys: also set root pw on gw and aps 2022-09-28 00:47:14 +02:00
playbook_provision_accesspoints.yml accesspoints: expose airtime information 2023-03-07 23:59:58 +01:00
playbook_provision_backbone.yml playbook_provision_backbone: configure backbone for ffl-ans-gw-core01 2022-11-10 02:06:52 +01:00
playbook_provision_eae-adp-jump01.yml fix typo: playbook_provision_eap -> playbook_provision_eae 2022-11-10 02:24:17 +01:00
playbook_provision_gateway.yml playbook_provision_gateway: add base file functionality 2023-01-10 00:37:45 +01:00
playbook_provision_hypervisor.yml rename playbook_provision_hyper01 -> playbook_provision_hypervisor 2022-09-14 03:01:41 +02:00
playbook_provision_monitoring.yml monitoring: install snmp_exporter 2022-11-21 02:56:59 +01:00
playbook_provision_switches.yml new playbook 'playbook_provision_switches' 2022-11-03 00:15:05 +01:00
playbook_sysupgrade.yml playbook_sysupgrade: fix fatal error on local connections 2023-01-10 02:37:54 +01:00

README.md

Freifunk Leipzig - Erstaufnahme Einrichtungen

This repo contains the config and documentation for our installations at

  • Am Deutschen Platz
  • Arno-Nitzsche-Straße

this is a work in progress

  • this repo was created for Am Deutschen Platz and was then reused for Arno-Nitzsche-Straße
  • therefore the ansible stuff is a bit smelly
  • there is a lot of documentation missing for the Arno-Nitzsche-Straße
  • ...

Quick Links

Usage

Requirements

  • pass (password manager)
  • pandoc (offline documentation generation)
  • python3 (ansible)
  • python3-venv (ansible)
  • rsync (ansible)

Initial Setup

  1. install requirements
  2. clone repo and change directory: git clone --recurse-submodules https://git.sr.ht/~hirnpfirsich/ffl-eae-adp && cd ffl-aea-adp
  3. create python3 virtual enviroment: python3 -m venv ansible-environment
  4. enter python3 virtual environment: . ansible-environment/bin/activate
  5. install ansible and dependencies: pip3 install -r ansible-environment.txt
  6. import all gpg keys for pass: gpg --import files/gpg/*
  7. trust all imported gpg keys: gpg --edit-key <id> with trust and 5 for every key
  8. create ssh_config with all hosts: ansible-playbook playbook_create_ssh_config.yml (use -e jumphost=eae-adp-jump01 to configure ssh to use eae-adp-jump01 as the jump host)
  9. leave python3 virtual environment: deactivate

Daily Usage

Before doing enything you need to enter the environment: . environment

After using playbook_create_ssh_config.yml you can call ssh simply with the name of the machine (ie. ssh gw-core01). The ssh_config file is generated from the ansible-inventory. Should something in the inventory change or you want to use/change the jumphost simply reexecute the playbook.

Passwords managed using pass. Simply call pass after sourcing the environment.

Monitoring

Initially we've deployed the monitoring on monitoring01 (that lives on hyper01 in Am Deutschen Platz).

After deploying the second camp we've decided to move the monitoring into the cloud. The new monitoring stack runs on eae-adp-jump01. Unfortunately prometheus crashes every few hours on openbsd. So there is a cronjob restarting prometheus every 2 hours on eae-adp-jump01.

As soon as someone finds the time we will move the monitoring stack onto a normal linux machine.

  • old monitoring: monitoring01 - 10.84.1.51
    • is not getting new configs via ansible
    • rocks an old version of the grafana dashboard
    • the facility management still has a link to this instance
  • new monitoring: eae-adp-jump01 - 10.84.254.0

Both stacks offer the following services:

  • prometheus: tcp/9090
  • alertmanager: tcp/9093
  • grafana: tcp/3000

Use ssh -D 8888 eae-adp-jump01 an configure this socks proxy in your favorite browser to visit the webguis.

Descriptions

  • environment: configure environment (path to pass store, http(s) socks proxy and python venv for ansible)
  • playbook_create_ssh_config.yml: playbook to create an additional ssh_config file (.ssh/ffl_eae_adp_config) that get's included in the default ssh_config
  • playbook_distribute_authorized_keys.yml: deploy files/authorized_keys on all machines
  • playbook_provision_accesspoints.yml: configure accesspoints
  • playbook_provision_backbone.yml: configure wg tunnel and ospf link between gw-core01 and eae-adp-jump01
  • playbook_provision_eap-adp-jump01.yml: general system configuration for eae-adp-jump01 (monitoring, routing, ...)
  • playbook_provision_hyper01.yml: general system configuration for hyper01 and create vms/containers
  • playbook_provision_monitoring.yml: configure and install prometheus and grafana on monitoring01