Skip to content

T
tun
Commit 616c903e authored by nanahira's avatar nanahira
Browse files
Options

test ocserv

parent 2d543899
Hide whitespace changes
Inline Side-by-side
Showing with 117 additions and 2 deletions
ansible/configure.yaml
View file @ 616c903e
...@@ -24,6 +24,8 @@ ...@@ -24,6 +24,8 @@
- utility - utility
- switch-rules-up - switch-rules-up
- switch-rules-down - switch-rules-down
- ocserv-postup.sh
- ocserv-postdown.sh
notify: reload_switch_rules notify: reload_switch_rules
- name: ipset files - name: ipset files
template: template:
...@@ -73,6 +75,9 @@ ...@@ -73,6 +75,9 @@
become: true become: true
shell: 'ip -4 rule add pref 81 to {{item}} lookup main || true' shell: 'ip -4 rule add pref 81 to {{item}} lookup main || true'
with_items: '{{routeLists.mycard}}' with_items: '{{routeLists.mycard}}'
- name: ocserv pre-configure
include_tasks: 'protocols/oc/ocserv-pre.yaml'
when: ocservNeeded and not noBird and not systemBird
# 为了提高测试时候的性能,不改动wg的时候注释掉这段 # 为了提高测试时候的性能,不改动wg的时候注释掉这段
- name: 'clean up null connections first' - name: 'clean up null connections first'
include_tasks: 'protocols/{{item.protocol}}/configure.yaml' include_tasks: 'protocols/{{item.protocol}}/configure.yaml'
...@@ -149,6 +154,20 @@ ...@@ -149,6 +154,20 @@
- frpc-{{item.name}} - frpc-{{item.name}}
with_items: '{{connections}}' with_items: '{{connections}}'
when: 'item.protocol == "wgfrp" and item.frpType == "frpc"' when: 'item.protocol == "wgfrp" and item.frpType == "frpc"'
- name: restart_ocserv
docker_compose:
project_src: '{{ansible_user_dir}}/nextgen-network/services'
restarted: true
services:
- ocserv
- name: restart_openconnect
docker_compose:
project_src: '{{ansible_user_dir}}/nextgen-network/services'
restarted: true
services:
- openconnect-{{item.name}}
with_items: '{{connections}}'
when: 'item.protocol == "oc" and item.ocType == "client"'
- name: restart_bird_systemd - name: restart_bird_systemd
become: true become: true
systemd: systemd:
......
ansible/protocols/oc/configure-client.yaml 0 → 100644
View file @ 616c903e
- name: up script directory
file:
path: '{{ansible_user_dir}}/nextgen-network/services/client-scripts/{{conn.name}}/post-connect.d'
state: directory
recurse: true
- name: down script directory
file:
path: '{{ansible_user_dir}}/nextgen-network/services/client-scripts/{{conn.name}}/disconnect.d'
state: directory
recurse: true
- name: up script
template:
src: ./openconnect-post-scripts/post-connect.sh.j2
dest: '{{ansible_user_dir}}/nextgen-network/services/client-scripts/{{conn.name}}/post-connect.d/mycard-network-nextgen.sh'
mode: 0755
notify: restart_openconnect
- name: down script
template:
src: ./openconnect-post-scripts/disconnect.sh.j2
dest: '{{ansible_user_dir}}/nextgen-network/services/client-scripts/{{conn.name}}/disconnect.d/mycard-network-nextgen.sh'
mode: 0755
notify: restart_openconnect
ansible/protocols/oc/configure-server.yaml 0 → 100644
View file @ 616c903e
- name: per-user config
template:
src: ./ocserv-per-user.conf.j2
dest: '{{ansible_user_dir}}/nextgen-network/services/ocserv/config-per-user/{{conn.name}}'
notify: restart_ocserv
- name: per-user env
template:
src: ./ocserv-user-env.j2
dest: '{{ansible_user_dir}}/nextgen-network/services/ocserv/env-per-user/{{conn.name}}'
notify: restart_ocserv
ansible/protocols/oc/configure.yaml
View file @ 616c903e
...@@ -5,4 +5,5 @@ ...@@ -5,4 +5,5 @@
name: 'wg-quick@{{conn.name}}' name: 'wg-quick@{{conn.name}}'
state: stopped state: stopped
enabled: no enabled: no
- name: - name: '{{conn.name}}: tasks for {{conn.ocType}}'
include_tasks: './configure-{{conn.ocType}}.yaml'
ansible/protocols/oc/ocserv-per-user.conf.j2
View file @ 616c903e
explicit-ipv4 = {{conn.remoteLocalAddress}} explicit-ipv4 = {{conn.remoteLocalAddress}}
route = {{conn.localPeerAddress}}/32 route = {{conn.localPeerAddress}}/32
mtu = {{conn.mtu|int - 58}}
ansible/protocols/oc/ocserv-pre.yaml
View file @ 616c903e
- name: directories
file:
name: '{{ansible_user_dir}}/nextgen-network/services/ocserv/{{item}}'
recurse: true
state: directory
with_items:
- config-per-user
- env-per-user
- name: ocserv.conf
template:
src: ./ocserv.conf.j2
dest: '{{ansible_user_dir}}/nextgen-network/services/ocserv/ocserv.conf'
notify: restart_ocserv
- name: ocpasswd
copy:
content: |
{% for line in ocpasswdLines %}
{{line}}
{% endfor %}
dest: '{{ansible_user_dir}}/nextgen-network/services/ocserv/ocpasswd'
notify: restart_ocserv
- name: ocserv certs
synchronize:
src: ./certs/{{ocservCert}}/
dest: '{{ansible_user_dir}}/nextgen-network/services/ocserv/certs'
delete: yes
copy_links: yes
verify_host: no
recursive: yes
checksum: yes
archive: no
notify: restart_ocserv
ansible/protocols/oc/ocserv-user-env.j2 0 → 100644
View file @ 616c903e
# export dev=
export localPeerAddress={{conn.localPeerAddress}}
export remotePeerAddress={{conn.remotePeerAddress}}
export link6Address={{conn.link6Address}}
export remoteNextMark={{conn.remoteNextMark}}
export inbound={{conn.inbound}}
export outbound={{conn.outbound}}
export mtu={{conn.mtu|int - 58}}
ansible/protocols/oc/openconnect-postup.sh.j2 ansible/protocols/oc/openconnect-post-scripts/post-connect.sh.j2 100644 → 100755
View file @ 616c903e
#!/bin/bash #!/bin/bash
dev="$TUNDEV" localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} link6Address={{conn.link6Address}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 66}} {{ansible_user_dir}}/nextgen-network/scripts/postup.sh dev="$TUNDEV" localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} link6Address={{conn.link6Address}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 58}} {{ansible_user_dir}}/nextgen-network/scripts/postup.sh
ansible/scripts/ocserv-postup.sh.j2 0 → 100755
View file @ 616c903e
#!/bin/bash
export dev="$USERNAME"
source {{ansible_user_dir}}/nextgen-network/services/ocserv/env-per-user/$USERNAME
NEW_DEVICE="$USERNAME"
ip link set $DEVICE down
ip link set $DEVICE name $NEW_DEVICE
ip link set $NEW_DEVICE up
ip link property add altname $DEVICE dev $NEW_DEVICE
{{ansible_user_dir}}/nextgen-network/scripts/postup.sh
true
ansible/scripts/ocserv-predown.sh.j2 0 → 100755
View file @ 616c903e
#!/bin/bash
export dev="$USERNAME"
source {{ansible_user_dir}}/nextgen-network/services/ocserv/env-per-user/$USERNAME
{{ansible_user_dir}}/nextgen-network/scripts/predown.sh
true
ansible/scripts/switch-rules-down.sh.j2 100644 → 100755
View file @ 616c903e
File mode changed from 100644 to 100755
ansible/scripts/switch-rules-up.sh.j2 100644 → 100755
View file @ 616c903e
File mode changed from 100644 to 100755
ansible/scripts/utility.sh.j2 100644 → 100755
View file @ 616c903e
File mode changed from 100644 to 100755
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment