ocserv babeld

7ec7dee4 · 神楽坂玲奈 · bce955f1 · 7ec7dee4 · 7ec7dee4 · 7ec7dee4
Commit 7ec7dee4 authored Dec 21, 2020 by 神楽坂玲奈
4 changed files
--- a/ansible/babeld.conf.j2
+++ b/ansible/babeld.conf.j2
@@ -8,6 +8,7 @@ redistribute if {{interface}}
 {% endfor %}
 redistribute local deny
 reflect-kernel-metric true
+local-path-readwrite /var/run/babeld/babeld.sock
 {% for connection in connections %}
 {% if connection.protocol != "null" and not (connection.protocol == "oc" and connection.ocType == "server") and connection.remoteLocalAddress != address %}

--- a/ansible/scripts/ocserv-postup.sh.j2
+++ b/ansible/scripts/ocserv-postup.sh.j2
 #!/bin/bash
-export dev="$USERNAME"
+export dev="$DEVICE"
 source /etc/ocserv/env-per-user/$USERNAME
 NEW_DEVICE="$USERNAME"
-ip link set $DEVICE down
+#ip link set $DEVICE down
-ip link set $DEVICE name $NEW_DEVICE
+#ip link set $DEVICE name $NEW_DEVICE
-ip link set $NEW_DEVICE up
+#ip link set $NEW_DEVICE up
-ip link property add altname $DEVICE dev $NEW_DEVICE
+#ip link property add altname $DEVICE dev $NEW_DEVICE
+#ip link set $NEW_DEVICE alias $DEVICE
+ip link property add altname $NEW_DEVICE dev $DEVICE
+ip link set $DEVICE alias $NEW_DEVICE
 ip addr add "$localAddress/32" dev "$dev"
 ip route del "$remoteLocalAddress" dev "$dev" proto kernel scope link src "$localRubbishAddress"
@@ -16,4 +19,6 @@ ip addr del "$localRubbishAddress" dev "$dev"
 {{ansible_user_dir}}/nextgen-network/scripts/predown.sh
 {{ansible_user_dir}}/nextgen-network/scripts/postup.sh
+echo -e "interface $dev type tunnel rxcost 300 faraway true rtt-max 500 \nquit" | nc -U /var/run/babeld/babeld.sock
 true
--- a/ansible/scripts/ocserv-predown.sh.j2
+++ b/ansible/scripts/ocserv-predown.sh.j2
 #!/bin/bash
-export dev="$USERNAME"
+export dev="$DEVICE"
 source /etc/ocserv/env-per-user/$USERNAME
 {{ansible_user_dir}}/nextgen-network/scripts/predown.sh

--- a/src/inventory.ts
+++ b/src/inventory.ts
@@ -6,17 +6,15 @@ import YAML from 'yaml';
 import _ from 'lodash';
 import child_process from 'child_process';
 import assert from 'assert';
-import ip from 'ip';
 import { promises as dns } from 'dns';
-import { off } from 'process';
+import os from 'os';
-import os from "os";
 async function generateOcpasswdLine(username: string, password: string) {
-	const tmpName = os.tmpdir() + "/" + Math.floor(Math.random() * 10000000);
+  const tmpName = os.tmpdir() + '/' + Math.floor(Math.random() * 10000000);
-	await util.promisify(child_process.exec)(`echo "${password}\\n${password}" | ocpasswd -c ${tmpName} ${username}`);
+  await util.promisify(child_process.exec)(`echo "${password}\\n${password}" | ocpasswd -c ${tmpName} ${username}`);
-	const res = (await fs.promises.readFile(tmpName, "utf-8")).trim();
+  const res = (await fs.promises.readFile(tmpName, 'utf-8')).trim();
-	await fs.promises.unlink(tmpName);
+  await fs.promises.unlink(tmpName);
-	return res;
+  return res;
 }
 class InventoryBuilder {
@@ -28,6 +26,12 @@ class InventoryBuilder {
  resolver: dns.Resolver;
  vars: any;
+  constructor() {
+    this.resolveCache = new Map();
+    this.resolver = new dns.Resolver();
+    this.resolver.setServers(process.env.DNS ? [process.env.DNS] : ['114.114.114.114', '223.5.5.5']);
+  }
  async resolveDomain(domain: string, ipv6: boolean) {
    if (!domain || domain.match(/(\d{1,3}\.){3}\d{1,3}/)) {
      return domain;
@@ -53,12 +57,6 @@ class InventoryBuilder {
    return resolvedIP;
  }
-  constructor() {
-    this.resolveCache = new Map();
-    this.resolver = new dns.Resolver();
-    this.resolver.setServers(process.env.DNS ? [process.env.DNS] : ['114.114.114.114', '223.5.5.5']);
-  }
  async load(sheetName: string) {
    const data = await fs.promises.readFile(path.join('data', `内网互联计划 - ${sheetName}.csv`));
    // @ts-ignore
@@ -161,7 +159,7 @@ class InventoryBuilder {
          image: 'git-registry.mycard.moe/railgun/babeld',
          network_mode: 'host',
          cap_add: ['NET_ADMIN', 'NET_BROADCAST', 'NET_RAW'],
-          volumes: ['./babeld.conf:/etc/babeld.conf:ro']
+          volumes: ['./babeld.conf:/etc/babeld.conf:ro', '/var/run/babeld:/var/run/babeld']
        }
      }
    };
@@ -170,7 +168,7 @@ class InventoryBuilder {
    const lanInterfaces = host.lanInterfaces;
    const masqInterfaces = host.masqInterfaces.length > 0 ? host.masqInterfaces.split(',') : [];
    const routePlans = [];
    for (const h of this.connections) {
      if (h != host.name) {
        const to = host[h]; // 当前主机的条目
@@ -220,7 +218,7 @@ class InventoryBuilder {
      dockerServices: host.dockerServices,
      routePlans,
      noBird: !!(host.noBird || host.sysBird),
-      systemBird: !!host.sysBird,
+      systemBird: !!host.sysBird
    };
  }
@@ -304,8 +302,10 @@ class InventoryBuilder {
            './ocserv/env-per-user:/etc/ocserv/env-per-user:ro',
            './ocserv/ocpasswd:/etc/ocserv/ocpasswd:ro',
            `./ocserv/certs/${local.ocservCert}:/etc/ssl/certs/${local.ocservCert}:ro`,
-            '$HOME/nextgen-network/scripts:$HOME/nextgen-network/scripts:ro'
+            '$HOME/nextgen-network/scripts:$HOME/nextgen-network/scripts:ro',
-          ]
+            '/var/run/babeld:/var/run/babeld'
+          ],
+          depends_on: ['babeld']
        };
      }
      local.ocpasswdLines.push(await generateOcpasswdLine(name, this.vars.ocservPassword));
@@ -364,7 +364,7 @@ class InventoryBuilder {
  // frps还是frpc的积分，NAT越有利分越高
  gatewayCompareScore(gateway: any): number {
    let offset = 0;
-    let score = 0
+    let score = 0;
    score |= (0xff - gateway.id) << offset; // 8 bits
    offset += 8;
    const isCNScore = gateway.isCN ? 0 : 1; // 1 bit
@@ -412,7 +412,7 @@ class InventoryBuilder {
    if (!!local.ocservCert !== !!remote.ocservCert) {
      return !!local.ocservCert;
    }
    return this.gatewayCompare(localGateway, remoteGateway);
  }