Merge branch 'babeld'

27c0bf0f · nanahira · 0f9425bc · 7e1fd20c · 27c0bf0f · 27c0bf0f
Commit 27c0bf0f authored Dec 22, 2020 by nanahira
15 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -115,5 +115,6 @@ dist
 *.retry
 wgfrp-setconf.conf.j2
 certs
+babeld-reload.conf.j2

 __pycache__
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -3,3 +3,4 @@ host_key_checking = False
 strategy_plugins = mitogen-0.2.9/ansible_mitogen/plugins/strategy
 strategy = mitogen_free
 inventory = ../result/inventory.yaml
+forks = 12
--- a/ansible/babeld.conf.j2
+++ b/ansible/babeld.conf.j2
+# MyCard babeld
+
+debug 1
+# router-id 00:00:00:00:00:00:00:03
+redistribute local ip 10.198.0.0/24
+{% for subnet in localSubnets %}
+redistribute ip {{subnet}}
+{% endfor %}
+redistribute local deny
+reflect-kernel-metric true
+local-port-readwrite 33123
+
+{% for connection in connections %}
+{% if connection.protocol != "null" and not (connection.protocol == "oc" and connection.ocType == "server") and connection.remoteLocalAddress != address %}
+{% if connection.inbound %}
+interface {{connection.name}} type tunnel rxcost {{connection.metric}} faraway true rtt-max 500
+{% else %}
+interface {{connection.name}} type tunnel rxcost 50000 faraway true rtt-max 500
+{% endif %}
+{% endif %}
+{% endfor %}
+
+{% for interface in lanInterfaces %}
+interface {{interface}}
+{% endfor %}
--- a/ansible/bird.conf.j2
+++ b/ansible/bird.conf.j2
@@ -4,31 +4,13 @@
 log stderr all;
 router id {{address}};

-protocol device {
-}
-#protocol direct {
-#  disabled;
-#  ipv4;
-#  ipv6;
-#}
-
-{% for interface in lanInterfaces %}
-protocol direct {
-  ipv4;
-  ipv6;
-  interface "{{interface}}";
-}
-{% endfor %}
+protocol device {}

 protocol kernel {
+  learn;
  ipv4 {
-    export where net != 0.0.0.0/0;
+    import all;
  };
-  persist;
-  #kernel table main;
-}
-protocol kernel {
-  ipv6 { export all; };
 }

 {% for plan in routePlans %}
@@ -49,61 +31,3 @@ protocol kernel {
  kernel table {{plan.destMark}};
 }
 {% endfor %}
-
-protocol ospf v2 {
-  ipv4 {
-    import all;
-    export where source ~ [ RTS_DEVICE, RTS_STATIC ];
-  };
-  area 0 {
-    networks {
-{% for subnet in routeLists.mycard %}
-      {{subnet}};
-{% endfor %}
-    };
-#		interface "eth*" {
-#			type broadcast;		# Detected by default
-#			cost 10;		# Interface metric
-#			hello 5;		# Default hello perid 10 is too long
-#		};
-{% for connection in connections %}
-{% if connection.protocol != "null" and not (connection.protocol == "oc" and connection.ocType == "server") and connection.remoteLocalAddress != address %}
-    interface "{{connection.name}}" {
-      type ptmp;
-{% if connection.outbound %}
-      cost {{connection.metric}};
-{% else %}
-      cost 50000;
-{% endif %}
-      hello 5;
-      authentication cryptographic;
-      password "{{ospfToken}}";
-    };
-{% endif %}
-{% endfor %}
-
-{% if ocservNeeded %}
-    interface "mcoc*" {
-      type ptmp;
-      cost {{ocMetric}};
-      hello 5;
-      authentication cryptographic;
-      password "{{ospfToken}}";
-    };
-{% endif %}
-
-{% for interface in lanInterfaces %}
-    interface "{{interface}}" {
-      type broadcast;
-      cost 1;
-      hello 5;
-      authentication cryptographic;
-      password "{{ospfToken}}";
-    };
-{% endfor %}
-
-    interface "dummy0" {
-      stub;			# Stub interface, just propagate it
-    };
-  };
-}
--- a/ansible/configure.yaml
+++ b/ansible/configure.yaml
 ---
 - hosts: wg
-  vars:
-    services: []
  tasks:
+    - name: load vars
+      include_vars:
+        file: '../result/{{item}}.yaml'
+      with_items:
+        - global-vars
+        - vars-{{inventory_hostname_short}}
    - name: directory
      file:
        path: '{{ansible_user_dir}}/nextgen-network/{{item}}'
@@ -104,6 +108,17 @@
        dest: '{{ansible_user_dir}}/nextgen-network/services/bird.conf'
      notify: restart_bird
      when: not noBird
+    - name: babeld conf
+      template:
+        src: babeld.conf.j2
+        dest: '{{ansible_user_dir}}/nextgen-network/services/babeld.conf'
+      notify: restart_babeld
+      when: not noBird
+    #- name: babeld reload conf
+    #  template:
+    #    src: babeld-reload.conf.j2
+    #    dest: /tmp/babeld-reload.conf
+    #  notify: reload_babeld
    - name: frps conf
      template:
        src: protocols/wgfrp/frps.ini.j2
@@ -131,6 +146,21 @@
        enabled: true
        masked: false
      when: systemBird
+    - name: systemd babeld conf
+      become: true
+      template:
+        src: babeld.conf.j2
+        dest: '/etc/babeld.conf'
+      notify: restart_babeld_systemd
+      when: systemBird
+    - name: enable systemd babeld
+      become: true
+      systemd:
+        name: babeld
+        state: started
+        enabled: true
+        masked: false
+      when: systemBird
  handlers:
    - name: reload_switch_rules
      become: true
@@ -142,6 +172,15 @@
        services:
          - bird
      when: not noBird
+    - name: restart_babeld # ocserv would be always restarted whenever key changes..
+      docker_compose:
+        project_src: '{{ansible_user_dir}}/nextgen-network/services'
+        restarted: true
+        services:
+          - babeld
+      when: not noBird
+    - name: reload_babeld
+      shell: cat /tmp/babeld-reload.conf | nc ::1 33123
    - name: restart_frps
      docker_compose:
        project_src: '{{ansible_user_dir}}/nextgen-network/services'
@@ -177,6 +216,11 @@
      systemd:
        name: bird
        state: restarted
+    - name: restart_babeld_systemd
+      become: true
+      systemd:
+        name: babeld
+        state: restarted
    - name: reload_chnroute
      become: true
      shell: |

--- a/ansible/install.yaml
+++ b/ansible/install.yaml
@@ -11,3 +11,29 @@
        - fatedier/frps:v0.34.2
        - fatedier/frpc:v0.34.2
        - git-registry.mycard.moe/nanahira/docker-bird
+        - git-registry.mycard.moe/railgun/babeld
+        - git-registry.mycard.moe/nanahira/docker-ocserv
+        - git-registry.mycard.moe/railgun/openconnect
+      when: not noBird
+    - name: unstable source
+      become: true
+      copy:
+        content: | 
+          deb http://mirrors.tuna.tsinghua.edu.cn/debian unstable main contrib non-free
+        dest: /etc/apt/sources.list.d/unstable.list
+      when: systemBird and ansible_distribution == 'Debian' and ansible_distribution_release != 'sid'
+    - name: unstable pref 90
+      become: true
+      copy:
+        content: | 
+          Package: *
+          Pin: release a=unstable
+          Pin-Priority: 90
+        dest: /etc/apt/preferences.d/limit-unstable
+      when: systemBird and ansible_distribution == 'Debian' and ansible_distribution_release != 'sid'
+    - name: install packages for systemd things
+      become: true
+      apt:
+        update_cache: true
+        name: babeld,bird2
+      when: systemBird
--- a/ansible/migrate-ocserv-predown.yaml
+++ b/ansible/migrate-ocserv-predown.yaml
+---
+- hosts: wg
+  tasks:
+    - name: ocserv predown
+      template:
+        src: scripts/ocserv-predown-old.sh.j2
+        dest: '{{ansible_user_dir}}/nextgen-network/scripts/ocserv-predown.sh'
+        mode: a+x
--- a/ansible/migrate-systemd.yaml
+++ b/ansible/migrate-systemd.yaml
@@ -17,12 +17,22 @@
          ExecStart={{ansible_user_dir}}/nextgen-network/scripts/global-postup.sh

          [Install]
-          WantedBy=mutli-user.target
+          WantedBy=multi-user.target
        dest: /etc/systemd/system/railgun-global-setup.service
      register: global_systemd_result
+    - name: global-postup systemd disable
+      become: true
+      systemd:
+        name: railgun-global-setup
+        enabled: false
+        daemon_reload: true
    - name: global-postup systemd enable
      become: true
      systemd:
        name: railgun-global-setup
        enabled: true
-        daemon_reload: '{{global_systemd_result.changed}}'
+        daemon_reload: true
+    - name: remove a rubbish
+      file:
+        path: /etc/systemd/system/mutli-user.target.wants
+        state: absent
--- a/ansible/protocols/oc/ocserv-user-env.j2
+++ b/ansible/protocols/oc/ocserv-user-env.j2
@@ -9,3 +9,8 @@ export remoteNextMark={{conn.remoteNextMark}}
 export inbound={{conn.inbound}}
 export outbound={{conn.outbound}}
 export mtu={{conn.mtu|int - 58}}
+{% if conn.inbound %}
+export metric={{conn.metric}}
+{% else %}
+export metric=50000
+{% endif %}
--- a/ansible/scripts/global-postup.sh.j2
+++ b/ansible/scripts/global-postup.sh.j2
 #!/usr/bin/env bash
-# Forced update 12.18 2
+# Forced update 12.22
 source {{ansible_user_dir}}/nextgen-network/scripts/utility.sh

 echo "running" > /tmp/mycard_global_postup_done

--- a/ansible/scripts/ocserv-postup.sh.j2
+++ b/ansible/scripts/ocserv-postup.sh.j2
@@ -3,11 +3,14 @@
 export dev="$DEVICE"
 source /etc/ocserv/env-per-user/$USERNAME

-#NEW_DEVICE="$USERNAME"
+NEW_DEVICE="$USERNAME"
 #ip link set $DEVICE down
 #ip link set $DEVICE name $NEW_DEVICE
 #ip link set $NEW_DEVICE up
 #ip link property add altname $DEVICE dev $NEW_DEVICE
+#ip link set $NEW_DEVICE alias $DEVICE
+ip link property add altname $NEW_DEVICE dev $DEVICE
+ip link set $DEVICE alias $NEW_DEVICE

 ip addr add "$localAddress/32" dev "$dev"
 ip route del "$remoteLocalAddress" dev "$dev" proto kernel scope link src "$localRubbishAddress"
@@ -16,4 +19,6 @@ ip addr del "$localRubbishAddress" dev "$dev"
 {{ansible_user_dir}}/nextgen-network/scripts/predown.sh
 {{ansible_user_dir}}/nextgen-network/scripts/postup.sh

+echo -e "interface $dev type tunnel rxcost $metric faraway true rtt-max 500 \nquit" | nc ::1 33123
+
 true
--- a/ansible/scripts/ocserv-predown-old.sh.j2
+++ b/ansible/scripts/ocserv-predown-old.sh.j2
+#!/bin/bash
+# This script is for old thing only. Will not be used in MyCard Network Gen 2.5
+
+export dev="$DEVICE"
+source /etc/ocserv/env-per-user/$USERNAME
+
+{{ansible_user_dir}}/nextgen-network/scripts/predown.sh
+
+true
--- a/package.json
+++ b/package.json
@@ -4,7 +4,8 @@
  "description": "",
  "scripts": {
    "build": "tsc",
-    "start": "node build/inventory.js"
+    "start": "node build/inventory.js",
+    "all": "npm run build && npm start"
  },
  "dependencies": {
    "@types/ip": "^1.1.0",

--- a/src/inventory.ts
+++ b/src/inventory.ts
@@ -6,17 +6,15 @@ import YAML from 'yaml';
 import _ from 'lodash';
 import child_process from 'child_process';
 import assert from 'assert';
-import ip from 'ip';
 import { promises as dns } from 'dns';
-import { off } from 'process';
-import os from "os";
+import os from 'os';

 async function generateOcpasswdLine(username: string, password: string) {
-	const tmpName = os.tmpdir() + "/" + Math.floor(Math.random() * 10000000);
-	await util.promisify(child_process.exec)(`echo "${password}\\n${password}" | ocpasswd -c ${tmpName} ${username}`);
-	const res = (await fs.promises.readFile(tmpName, "utf-8")).trim();
-	await fs.promises.unlink(tmpName);
-	return res;
+  const tmpName = os.tmpdir() + '/' + Math.floor(Math.random() * 10000000);
+  await util.promisify(child_process.exec)(`echo "${password}\\n${password}" | ocpasswd -c ${tmpName} ${username}`);
+  const res = (await fs.promises.readFile(tmpName, 'utf-8')).trim();
+  await fs.promises.unlink(tmpName);
+  return res;
 }

 class InventoryBuilder {
@@ -28,6 +26,12 @@ class InventoryBuilder {
  resolver: dns.Resolver;
  vars: any;

+  constructor() {
+    this.resolveCache = new Map();
+    this.resolver = new dns.Resolver();
+    this.resolver.setServers(process.env.DNS ? [process.env.DNS] : ['114.114.114.114', '223.5.5.5']);
+  }
+
  async resolveDomain(domain: string, ipv6: boolean) {
    if (!domain || domain.match(/(\d{1,3}\.){3}\d{1,3}/)) {
      return domain;
@@ -53,12 +57,6 @@ class InventoryBuilder {
    return resolvedIP;
  }

-  constructor() {
-    this.resolveCache = new Map();
-    this.resolver = new dns.Resolver();
-    this.resolver.setServers(process.env.DNS ? [process.env.DNS] : ['114.114.114.114', '223.5.5.5']);
-  }
-
  async load(sheetName: string) {
    const data = await fs.promises.readFile(path.join('data', `内网互联计划 - ${sheetName}.csv`));
    // @ts-ignore
@@ -98,22 +96,19 @@ class InventoryBuilder {
      host.wgPublickey = await this.wgPublickey(host.wgPrivateKey);
    }
    this.vars = await this.loadUtilities();
+    const inventoryValue = { wg: {hosts: Object.fromEntries(Object.values(this.hosts).map(host => [host.name, this.getHostConnectionInfo(host)]))} };
+    await fs.promises.writeFile('result/inventory.yaml', YAML.stringify(inventoryValue));
    // console.log(Object.values(this.hosts));
-    const rawHosts = await Promise.all(Object.values(this.hosts).map(async (h) => [h.name, await this.host_vars(h)]));
-    const hosts = Object.fromEntries(rawHosts);
-    // console.log(hosts);
-    /* const rawHostsForSwitch = rawHosts.map(rh => {
-      const hostVars = JSON.parse(JSON.stringify(rh[1]));
-      hostVars.ansible_ssh_host = hostVars.address;
-      hostVars.ansible_ssh_port = this.hosts[rh[0]].sshSystem || 22;
-      return [`switch-${rh[0]}`, hostVars];
-    });
-    const switchHosts = Object.fromEntries(rawHostsForSwitch); */
-    const result = YAML.stringify({
-      wg: { hosts, vars: this.vars },
-      //switch: { hosts: switchHosts, vars: JSON.parse(JSON.stringify(this.vars)) }
-    });
-    return fs.promises.writeFile('result/inventory.yaml', result);
+    const hosts = await Promise.all(Object.values(this.hosts).map(async (h) => ({
+      name: h.name,
+      vars: await this.host_vars(h)
+    })));
+    //const hosts = Object.fromEntries(hostsArray);
+    //await fs.promises.writeFile('result/inventory.yaml', YAML.stringify({
+    //  wg: { hosts }
+    //}));
+    await fs.promises.writeFile('result/global-vars.yaml', YAML.stringify(this.vars));
+    await Promise.all(hosts.map(host => fs.promises.writeFile(`result/vars-${host.name}.yaml`, YAML.stringify(host.vars))));
  }

  async loadUtilities() {
@@ -143,6 +138,17 @@ class InventoryBuilder {
    return vars;
  }

+  getHostConnectionInfo(host) {
+    return {
+      ansible_ssh_host: host.host,
+      ansible_ssh_user: host.user,
+      ansible_ssh_port: host.sshPort || 22,
+      ansible_python_interpreter: host.python || 'python3',
+      noBird: !!(host.noBird || host.sysBird),
+      systemBird: !!host.sysBird
+    }
+  }
+
  async host_vars(host) {
    const connections = [];
    host.dockerServices = {
@@ -152,17 +158,27 @@ class InventoryBuilder {
          restart: 'always',
          image: 'git-registry.mycard.moe/nanahira/docker-bird',
          network_mode: 'host',
-          cap_add: ['NET_ADMIN', 'NET_BROADCAST', 'NET_RAW'],
+          cap_add: ['NET_ADMIN'],
          volumes: ['./bird.conf:/etc/bird/bird.conf:ro']
+        },
+        babeld: {
+          restart: 'always',
+          image: 'git-registry.mycard.moe/railgun/babeld',
+          network_mode: 'host',
+          //cap_add: ['NET_ADMIN'],
+          privileged: true,
+          volumes: ['./babeld.conf:/etc/babeld.conf:ro']
        }
      }
    };
    host.frpsNeeded = false;
    const null_connection = '10000,null';
    const lanInterfaces = host.lanInterfaces;
+    const localSubnets = host.subnets;
+    //console.log(localSubnets);
    const masqInterfaces = host.masqInterfaces.length > 0 ? host.masqInterfaces.split(',') : [];
    const routePlans = [];
-    
+
    for (const h of this.connections) {
      if (h != host.name) {
        const to = host[h]; // 当前主机的条目
@@ -190,10 +206,10 @@ class InventoryBuilder {
    }

    return {
-      ansible_ssh_host: host.host,
-      ansible_ssh_user: host.user,
-      ansible_ssh_port: host.sshPort || 22,
-      ansible_python_interpreter: host.python || 'python3',
+      //ansible_ssh_host: host.host,
+      //ansible_ssh_user: host.user,
+      //ansible_ssh_port: host.sshPort || 22,
+      //ansible_python_interpreter: host.python || 'python3',
      id: host.id,
      address: host.address,
      isCN: host.location.startsWith('CN'),
@@ -208,11 +224,10 @@ class InventoryBuilder {
      gateways: _.values(this.gateways[host.name]),
      connections,
      lanInterfaces,
+      localSubnets,
      masqInterfaces,
      dockerServices: host.dockerServices,
      routePlans,
-      noBird: !!(host.noBird || host.sysBird),
-      systemBird: !!host.sysBird,
    };
  }

@@ -296,8 +311,9 @@ class InventoryBuilder {
            './ocserv/env-per-user:/etc/ocserv/env-per-user:ro',
            './ocserv/ocpasswd:/etc/ocserv/ocpasswd:ro',
            `./ocserv/certs/${local.ocservCert}:/etc/ssl/certs/${local.ocservCert}:ro`,
-            '$HOME/nextgen-network/scripts:$HOME/nextgen-network/scripts:ro'
-          ]
+            '$HOME/nextgen-network/scripts:$HOME/nextgen-network/scripts:ro',
+          ],
+          depends_on: ['babeld']
        };
      }
      local.ocpasswdLines.push(await generateOcpasswdLine(name, this.vars.ocservPassword));
@@ -356,7 +372,7 @@ class InventoryBuilder {
  // frps还是frpc的积分，NAT越有利分越高
  gatewayCompareScore(gateway: any): number {
    let offset = 0;
-    let score = 0
+    let score = 0;
    score |= (0xff - gateway.id) << offset; // 8 bits
    offset += 8;
    const isCNScore = gateway.isCN ? 0 : 1; // 1 bit
@@ -404,7 +420,7 @@ class InventoryBuilder {
    if (!!local.ocservCert !== !!remote.ocservCert) {
      return !!local.ocservCert;
    }
-    
+
    return this.gatewayCompare(localGateway, remoteGateway);
  }


--- a/update.sh
+++ b/update.sh
@@ -28,6 +28,9 @@ _strip_wg_conf() {
 # _strip_wg_conf ./protocols/wg/wg.conf.j2 ./protocols/wg/wg-setconf.conf.j2
 _strip_wg_conf ./protocols/wgfrp/wgfrp.conf.j2 ./protocols/wgfrp/wgfrp-setconf.conf.j2

+cat babeld.conf.j2 > babeld-reload.conf.j2
+echo 'quit' >> babeld-reload.conf.j2
+
 ansible-playbook -i ../result/inventory.yaml "$@" configure.yaml
 cd ..