Freifunk-Leipzig
/
eae-am-deutschen-platz
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
eae-am-deutschen-platz/README.md

3.9 KiB
Raw Permalink Blame History

Freifunk Leipzig - Erstaufnahme Einrichtungen

This repo contains the config and documentation for our installations at

  • Am Deutschen Platz
  • Arno-Nitzsche-Straße

this is a work in progress

  • this repo was created for Am Deutschen Platz and was then reused for Arno-Nitzsche-Straße
  • therefore the ansible stuff is a bit smelly
  • there is a lot of documentation missing for the Arno-Nitzsche-Straße
  • ...

Quick Links

Usage

Requirements

  • pass (password manager)
  • pandoc (offline documentation generation)
  • python3 (ansible)
  • python3-venv (ansible)
  • rsync (ansible)

Initial Setup

  1. install requirements
  2. clone repo and change directory: git clone --recurse-submodules https://git.sr.ht/~hirnpfirsich/ffl-eae-adp && cd ffl-aea-adp
  3. create python3 virtual enviroment: python3 -m venv ansible-environment
  4. enter python3 virtual environment: . ansible-environment/bin/activate
  5. install ansible and dependencies: pip3 install -r ansible-environment.txt
  6. import all gpg keys for pass: gpg --import files/gpg/*
  7. trust all imported gpg keys: gpg --edit-key <id> with trust and 5 for every key
  8. create ssh_config with all hosts: ansible-playbook playbook_create_ssh_config.yml (use -e jumphost=eae-adp-jump01 to configure ssh to use eae-adp-jump01 as the jump host)
  9. leave python3 virtual environment: deactivate

Daily Usage

Before doing enything you need to enter the environment: . environment

After using playbook_create_ssh_config.yml you can call ssh simply with the name of the machine (ie. ssh gw-core01). The ssh_config file is generated from the ansible-inventory. Should something in the inventory change or you want to use/change the jumphost simply reexecute the playbook.

Passwords managed using pass. Simply call pass after sourcing the environment.

Monitoring

Initially we've deployed the monitoring on monitoring01 (that lives on hyper01 in Am Deutschen Platz).

After deploying the second camp we've decided to move the monitoring into the cloud. The new monitoring stack runs on eae-adp-jump01. Unfortunately prometheus crashes every few hours on openbsd. So there is a cronjob restarting prometheus every 2 hours on eae-adp-jump01.

As soon as someone finds the time we will move the monitoring stack onto a normal linux machine.

  • old monitoring: monitoring01 - 10.84.1.51
    • is not getting new configs via ansible
    • rocks an old version of the grafana dashboard
    • the facility management still has a link to this instance
  • new monitoring: eae-adp-jump01 - 10.84.254.0

Both stacks offer the following services:

  • prometheus: tcp/9090
  • alertmanager: tcp/9093
  • grafana: tcp/3000

Use ssh -D 8888 eae-adp-jump01 an configure this socks proxy in your favorite browser to visit the webguis.

Descriptions

  • environment: configure environment (path to pass store, http(s) socks proxy and python venv for ansible)
  • playbook_create_ssh_config.yml: playbook to create an additional ssh_config file (.ssh/ffl_eae_adp_config) that get's included in the default ssh_config
  • playbook_distribute_authorized_keys.yml: deploy files/authorized_keys on all machines
  • playbook_provision_accesspoints.yml: configure accesspoints
  • playbook_provision_backbone.yml: configure wg tunnel and ospf link between gw-core01 and eae-adp-jump01
  • playbook_provision_eap-adp-jump01.yml: general system configuration for eae-adp-jump01 (monitoring, routing, ...)
  • playbook_provision_hyper01.yml: general system configuration for hyper01 and create vms/containers
  • playbook_provision_monitoring.yml: configure and install prometheus and grafana on monitoring01