routing playbook

aaee2431 · nanahira · e2d94bfb · aaee2431 · aaee2431 · aaee2431
Commit aaee2431 authored Aug 13, 2021 by nanahira
Hide whitespace changes
Inline Side-by-side

Showing with 116 additions and 37 deletions

ansible/routing.yaml ansible/routing.yaml +72 -0

process.sh process.sh +39 -0

routing.sh routing.sh +3 -0

update.sh update.sh +2 -37

No files found.
--- a/ansible/routing.yaml
+++ b/ansible/routing.yaml
+- hosts: wg
+  remote_user: root
+  tasks:
+    - name: load vars
+      include_vars:
+        file: '../result/{{item}}.yaml'
+      with_items:
+        - global-vars
+        - vars-{{inventory_hostname_short}}
+    - name: check iptables Type
+      become: true
+      shell: iptables --version | grep nf_tables
+      register: iptables_type_result
+      failed_when: iptables_type_result.rc > 1
+      when: iptables_type == 'auto'
+    - name: use iptables-legacy
+      set_fact:
+        iptables_type: legacy
+      when: iptables_type == 'auto' and iptables_type_result.rc == 1
+    - name: use iptables-nft
+      set_fact:
+        iptables_type: nft
+      when: iptables_type == 'auto' and iptables_type_result.rc == 0
+    - name: post scripts
+      template:
+        src: scripts/{{item}}.sh.j2
+        dest: '{{ansible_user_dir}}/nextgen-network/scripts/{{item}}.sh'
+        mode: a+x
+      with_items:
+        - postup
+        - predown
+        - global-postup
+        - utility
+        - switch-rules-up
+        - switch-rules-down
+        - ocserv-postup
+        - ocserv-predown
+    - name: monitor route plans
+      template:
+        src: route-plans.j2
+        dest: '{{ansible_user_dir}}/nextgen-network/services/route-plans'
+      notify: restart_monitor
+      when: not noBird
+    - name: gost.json
+      copy:
+        content: '{{gostConfig | to_nice_json}}'
+        dest: '{{ansible_user_dir}}/nextgen-network/services/gost.json'
+      notify: restart_gost
+      when: installGost
+    - name: chnroute
+      become: true
+      shell: |
+        ipset flush chnrouter
+        sed '/^create chnrouter hash:net family inet$/d' {{ansible_user_dir}}/nextgen-network/ipsets/chnrouter.ipset | ipset restore
+    - name: reload_switch_rules
+      become: true
+      shell: '{{ansible_user_dir}}/nextgen-network/scripts/switch-rules-down.sh ; {{ansible_user_dir}}/nextgen-network/scripts/switch-rules-up.sh'
+  handlers:
+    - name: restart_gost
+      docker_compose:
+        project_src: '{{ansible_user_dir}}/nextgen-network/services'
+        restarted: true
+        services:
+          - gost
+      when: installGost
+    - name: restart_monitor
+      docker_compose:
+        project_src: '{{ansible_user_dir}}/nextgen-network/services'
+        restarted: true
+        services:
+          - gateways-monitor
+      when: not noBird
--- a/process.sh
+++ b/process.sh
+#!/usr/bin/env bash
+set -x
+set -e
+#echo "现在会真正去部署了，请务必带 --limit 运行。"
+#echo "现在开放测试的节点：south.mycard.moe,yuzurisa.mycard.moe,hk-hkg-alql2.mycard.moe,ayane.mycard.moe,hk-hkg-alql3.mycard.moe,wg-router.mycard.moe,kuroko.mycard.moe"
+#read -p '确认无误后按回车继续'
+#cd lists
+#./run.sh
+#cd ..
+mkdir -p result
+npm run build
+npm start
+cd ansible || exit
+_strip_wg_conf() {
+    sourcePath=$1
+    targetPath=$2
+    tmpFileName=/tmp/$RANDOM.conf
+    cp -rf $sourcePath $tmpFileName
+    wg-quick strip $tmpFileName > $targetPath
+}
+# _strip_wg_conf ./protocols/wg/wg.conf.j2 ./protocols/wg/wg-setconf.conf.j2
+_strip_wg_conf ./protocols/wgfrp/wgfrp.conf.j2 ./protocols/wgfrp/wgfrp-setconf.conf.j2
+# sed -r '/^(#.*)?$/d;/^reflect-kernel-metric/d;/^local-port-readwrite/d;/^redistribute/d' babeld.conf.j2 > babeld-reload.conf.j2
+# echo 'quit' >> babeld-reload.conf.j2
+ansible-playbook -i ../result/inventory.yaml "$@" $PLAYBOOK.yaml || true
+cd ..
+rsync -4cavzP ./data/ nanahira@koishi.yuzurisa.com:~/nginx/railgun-data
+ssh -T nanahira@koishi.yuzurisa.com 'cd ~/nginx ; docker-compose restart railgun-enterprise'
--- a/routing.sh
+++ b/routing.sh
+#!/usr/bin/env bash
+export PLAYBOOK=routing
+./process.sh "$@"
--- a/update.sh
+++ b/update.sh
 #!/usr/bin/env bash
-set -e
+export PLAYBOOK=configure
+./process.sh "$@"
-#echo "现在会真正去部署了，请务必带 --limit 运行。"
-#echo "现在开放测试的节点：south.mycard.moe,yuzurisa.mycard.moe,hk-hkg-alql2.mycard.moe,ayane.mycard.moe,hk-hkg-alql3.mycard.moe,wg-router.mycard.moe,kuroko.mycard.moe"
-#read -p '确认无误后按回车继续'
-#cd lists
-#./run.sh
-#cd ..
-mkdir -p result
-npm run build
-npm start
-cd ansible || exit
-_strip_wg_conf() {
-    sourcePath=$1
-    targetPath=$2
-    tmpFileName=/tmp/$RANDOM.conf
-    cp -rf $sourcePath $tmpFileName
-    wg-quick strip $tmpFileName > $targetPath
-}
-# _strip_wg_conf ./protocols/wg/wg.conf.j2 ./protocols/wg/wg-setconf.conf.j2
-_strip_wg_conf ./protocols/wgfrp/wgfrp.conf.j2 ./protocols/wgfrp/wgfrp-setconf.conf.j2
-# sed -r '/^(#.*)?$/d;/^reflect-kernel-metric/d;/^local-port-readwrite/d;/^redistribute/d' babeld.conf.j2 > babeld-reload.conf.j2
-# echo 'quit' >> babeld-reload.conf.j2
-ansible-playbook -i ../result/inventory.yaml "$@" configure.yaml || true
-cd ..
-rsync -4cavzP ./data/ nanahira@koishi.yuzurisa.com:~/nginx/railgun-data
-ssh -T nanahira@koishi.yuzurisa.com 'cd ~/nginx ; docker-compose restart railgun-enterprise'