update

d2753c88 · nanahira · eb7ce07d · d2753c88 · d2753c88 · d2753c88
Commit d2753c88 authored Feb 15, 2020 by nanahira
14 changed files
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
 [defaults]
 host_key_checking = False
 strategy_plugins = mitogen-0.2.9/ansible_mitogen/plugins/strategy
-strategy = mitogen_linear
+strategy = mitogen_free
\ No newline at end of file
--- a/ansible/configure.yaml
+++ b/ansible/configure.yaml
@@ -13,11 +13,18 @@
        dest: '/etc/wireguard/predown.sh'
        mode: a+x
 # 为了提高测试时候的性能，不改动wg的时候注释掉这段
+    #- name: 'clean up null connections first'
+    #  include_tasks: 'protocols/{{item.protocol}}/configure.yaml'
+    #  vars:
+    #    conn: '{{item}}'
+    #  with_items: '{{ connections }}'
+    #  when: "item.protocol == 'null'"
    - name: 'loop through list from a variable'
      include_tasks: 'protocols/{{item.protocol}}/configure.yaml'
      vars:
        conn: '{{item}}'
      with_items: '{{ connections }}'
+    #  when: "item.protocol != 'null'"
    - name: 'frps'
      include_tasks: 'protocols/wgfrp/frps.yaml'
      when: 'frps_needed is defined'

--- a/ansible/mitogen-0.2.9/ansible_mitogen/plugins/strategy/mitogen_free.pyc
+++ b/ansible/mitogen-0.2.9/ansible_mitogen/plugins/strategy/mitogen_free.pyc
--- a/ansible/protocols/null/configure.yaml
+++ b/ansible/protocols/null/configure.yaml
- name: stop
+- name: '{{conn.name}}: stop frpc'
+  ignore_errors: true
  systemd:
-    name: '{{item}}@{{conn.name}}'
+    name: 'frpc@{{conn.name}}'
    state: stopped
    enabled: no
-  with_items:
+- name: '{{conn.name}}: stop wireguard'
-    - wg-quick
+  ignore_errors: true
-    - frpc
+  systemd:
- name: remove config files
+    name: 'wg-quick@{{conn.name}}'
+    state: stopped
+    enabled: no
+- name: '{{conn.name}}: remove wg config files'
+  file:
+    path: '/etc/wireguard/{{conn.name}}.conf'
+    state: absent
+- name: '{{conn.name}}: remove frpc config files'
  file:
-    path: '/etc/{{item}}/{{conn.name}}.conf'
+    path: '/etc/frpc/{{conn.name}}.conf'
    state: absent
-  with_items:
-    - wireguard
-    - frp
--- a/ansible/protocols/wg/configure.yaml
+++ b/ansible/protocols/wg/configure.yaml
 # 因为测试期间频繁改动参数，这里手动down掉
 # 调试wg的时候开这个，调试别的的时候注释掉
- name: clean frp service
+- name: '{{conn.name}}: clean frp service'
+  ignore_errors: true
  systemd:
-    name: '{{item}}@{{conn.name}}'
+    name: 'frpc@{{conn.name}}'
    state: stopped
    enabled: no
-  with_items:
+- name: '{{conn.name}}: clean frp'
-    - frpc
- name: clean frp
  file:
-    path: '/etc/{{item}}/{{conn.name}}.conf'
+    path: '/etc/frp/{{conn.name}}.conf'
    state: absent
-  with_items:
+- name: '{{conn.name}}: wg conf'
-    - frp
- name: conf
  template:
    src: wg.conf.j2
    dest: '/etc/wireguard/{{conn.name}}.conf'
- name: enable
+- name: '{{conn.name}}: enable wg'
  systemd:
    name: 'wg-quick@{{conn.name}}'
    state: started
    enabled: yes
+  #ignore_errors: true
  register: 'wg_enable_result'
- name: config for setconf
+- name: '{{conn.name}}: config for setconf'
  template:
    src: wg-setconf.conf.j2
    dest: '/tmp/{{conn.name}}-setconf.conf'
  register: 'wg_setconf_result'
  when: 'not wg_enable_result.changed'
- name: setconf
+- name: '{{conn.name}}: wg setconf'
  shell: 'wg setconf {{conn.name}} /tmp/{{conn.name}}-setconf.conf'
  when: 'not wg_enable_result.changed and wg_setconf_result.changed'
--- a/ansible/protocols/wg/wg.conf.j2
+++ b/ansible/protocols/wg/wg.conf.j2
@@ -5,9 +5,14 @@ ListenPort = {{conn.localPort}}
 {% if gwmark is defined %}
 FwMark = {{conn.localGatewayMark}}
 {% endif %}
+{% if conn.mtu is defined %}
+MTU = {{conn.mtu}}
+{% endif %}
 Table = off
 PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteMark={{conn.remoteMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} {% if conn.mtu is defined %}mtu={{conn.mtu}}{% endif %} /etc/wireguard/postup.sh
 PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteMark={{conn.remoteMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} {% if conn.mtu is defined %}mtu={{conn.mtu}}{% endif %} /etc/wireguard/predown.sh
 [Peer]
 PublicKey = {{conn.wgPublicKey}}
 AllowedIPs = 0.0.0.0/0, ::/0

--- a/ansible/protocols/wgfrp/configure.yaml
+++ b/ansible/protocols/wgfrp/configure.yaml
 # frpc
- name: frpc template
+- name: '{{conn.name}}: frpc template'
  template:
    src: 'frpc.ini.j2'
    dest: '/etc/frp/{{conn.name}}.ini'
  when: 'conn.frpType == "frpc"'
  register: frpc_config_result
- name: start frpc
+- name: '{{conn.name}}: start frpc'
  systemd:
    name: 'frpc@{{conn.name}}'
    state: started
    enabled: true
  register: frpc_launch_result
  when: 'conn.frpType == "frpc"'
- name: reload frpc
+- name: '{{conn.name}}: restart frpc'
  systemd:
    name: 'frpc@{{conn.name}}'
-    state: reloaded
+    state: restarted
  when: 'conn.frpType == "frpc" and frpc_config_result.changed and not frpc_launch_result.changed'
 # frps
- name: register frps
+- name: '{{conn.name}}: register frps'
  set_fact:
    frps_needed: 1
  when: 'conn.frpType == "frps"'
 # wg
- name: wg conf
+- name: '{{conn.name}}: wg conf'
  template:
    src: wgfrp.conf.j2
    dest: '/etc/wireguard/{{conn.name}}.conf'
- name: enable
+- name: '{{conn.name}}: start wg'
  systemd:
    name: 'wg-quick@{{conn.name}}'
    state: started
    enabled: yes
+  #ignore_errors: true
  register: wg_enable_result
- name: config for setconf
+- name: '{{conn.name}}: config for setconf'
  template:
    src: wgfrp-setconf.conf.j2
    dest: '/tmp/{{conn.name}}-setconf.conf'
  register: 'wg_setconf_result'
  when: 'not wg_enable_result.changed'
- name: setconf
+- name: '{{conn.name}}: wg setconf'
  shell: 'wg setconf {{conn.name}} /tmp/{{conn.name}}-setconf.conf'
  when: 'not wg_enable_result.changed and wg_setconf_result.changed'
--- a/ansible/protocols/wgfrp/frpc.ini.j2
+++ b/ansible/protocols/wgfrp/frpc.ini.j2
@@ -5,11 +5,11 @@ tcp_mux = true
 protocol = tcp
 token = {{frpToken}}
-[{{ansible_hostname_short}}_{{conn.name}}]
+[{{ansible_hostname}}_{{conn.name}}]
 privilege_mode = true
 type = udp
 local_ip = 127.0.0.1
-local_port = {{conn.localPort}}
+local_port = {{conn.remotePort}}
-remote_port = {{conn.localPort}}
+remote_port = {{conn.remotePort|int - 1000}}
 use_encryption = true
 use_compression = true
--- a/ansible/protocols/wgfrp/frps.ini.j2
+++ b/ansible/protocols/wgfrp/frps.ini.j2
 [common]
-bind_port = {{frps_port}}
+bind_port = {{frpsPort}}
 token = {{frpToken}}
 tcp_mux = true
--- a/ansible/protocols/wgfrp/frps.yaml
+++ b/ansible/protocols/wgfrp/frps.yaml
@@ -9,8 +9,8 @@
    state: started
    enabled: true
  register: frps_launch_result
- name: start frps
+- name: restart frps
  systemd:
    name: 'frps'
-    state: reloaded
+    state: restarted
  when: 'frps_config_result.changed and not frps_launch_result.changed'
--- a/ansible/protocols/wgfrp/wgfrp.conf.j2
+++ b/ansible/protocols/wgfrp/wgfrp.conf.j2
@@ -2,11 +2,14 @@
 Address = {{address}}
 PrivateKey = {{key}}
 {% if conn.frpType == "frpc" %}
-ListenPort = {{conn.localPort}}
+ListenPort = {{conn.remotePort}}
 {% endif %}
 {% if gwmark is defined %}
 FwMark = {{conn.localGatewayMark}}
 {% endif %}
+{% if conn.mtu is defined %}
+MTU = {{conn.mtu}}
+{% endif %}
 Table = off
 PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteMark={{conn.remoteMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} {% if conn.mtu is defined %}mtu={{conn.mtu}}{% endif %} /etc/wireguard/postup.sh
 PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteMark={{conn.remoteMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} {% if conn.mtu is defined %}mtu={{conn.mtu}}{% endif %} /etc/wireguard/predown.sh
@@ -14,6 +17,6 @@ PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{
 PublicKey = {{conn.wgPublicKey}}
 AllowedIPs = 0.0.0.0/0, ::/0
 {% if conn.frpType == "frps" %}
-Endpoint = 127.0.0.1:{{conn.remotePort}}
+Endpoint = 127.0.0.1:{{conn.localPort|int - 1000}}
 PersistentKeepalive = 1
 {% endif %}
--- a/ansible/scripts/postup.sh
+++ b/ansible/scripts/postup.sh
 #!/usr/bin/env bash
-set -e
+#set -e
 ip addr add "$localPeerAddress" peer "$remotePeerAddress" dev "$dev" scope link
@@ -20,3 +20,5 @@ iptables -t mangle -A FORWARD -o "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m
 iptables -t mangle -A PREROUTING -i "$dev" -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteMark"
 iptables -t mangle -A PREROUTING -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
 iptables -t mangle -A OUTPUT -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
+true
--- a/src/inventory.ts
+++ b/src/inventory.ts
@@ -34,6 +34,7 @@ class InventoryBuilder {
  host_vars(host) {
    const connections = [];
+    const null_connection = "10000,null";
    for (const h of this.connections) {
      if (h != host.name) {
        const to = host[h];
@@ -45,8 +46,12 @@ class InventoryBuilder {
        } else if (from || to) {
          // 对称连接
          connections.push(this.parse_connection(host, this.hosts[h], from || to, true, true));
-        }
+          connections.push(this.parse_connection(host, this.hosts[h], null_connection, false, false));
+        } else {
          // 不连接
+          connections.push(this.parse_connection(host, this.hosts[h], null_connection, true, false));
+          connections.push(this.parse_connection(host, this.hosts[h], null_connection, false, true));
+        }
      }
    }
@@ -75,6 +80,7 @@ class InventoryBuilder {
    const localGatewayMark = localGatewayName ? localGateway.mark : undefined;
    const remoteGatewayName = (cis ? params.rif : params.lif) || params.if;
    const remoteGateway = remoteGatewayName ? this.gateways[remote.name][remoteGatewayName] : _.find(this.gateways[remote.name]);
+    //console.log(remoteGateway.name);
    const remoteAddress = remoteGateway.address;
    const remoteMark = remote.mark;
    const localPort = primary ? remote.port : remote.port2;

--- a/update.sh
+++ b/update.sh
@@ -2,7 +2,7 @@
 set -e
 echo "现在会真正去部署了，请务必带 --limit 运行。"
-echo "现在开放测试的节点：south.mycard.moe,yuzurisa.mycard.moe,hk-hkg-alql2.mycard.moe,ayane.mycard.moe,hk-hkg-alql3.mycard.moe"
+echo "现在开放测试的节点：south.mycard.moe,yuzurisa.mycard.moe,hk-hkg-alql2.mycard.moe,ayane.mycard.moe,hk-hkg-alql3.mycard.moe,wg-router.mycard.moe"
 read -p '确认无误后按回车继续'
@@ -12,25 +12,25 @@ npm run inventory
 cd ansible || exit
-sed -r -e 's/Address/#Address/g' \
+sed -r -e '/^Address/d' \
-                -e 's/Fwmark/#Fwmark/g' \
+                -e '/^Fwmark/d' \
-                -e 's/Table/#Table/g' \
+                -e '/^Table/d' \
-                -e 's/DNS/#DNS/g' \
+                -e '/^DNS/d' \
-                -e 's/MTU/#MTU/g' \
+                -e '/^MTU/d' \
-                -e 's/PostUp/#PostUp/g' \
+                -e '/^PostUp/d' \
-                -e 's/PostDown/#PostDown/g' \
+                -e '/^PostDown/d' \
-                -e 's/PreUp/#PreUp/g' \
+                -e '/^PreUp/d' \
-                -e 's/PreDown/#PreDown/g' \
+                -e '/^PreDown/d' \
                ./protocols/wg/wg.conf.j2 > ./protocols/wg/wg-setconf.conf.j2
-sed -r -e 's/Address/#Address/g' \
+sed -r -e '/^Address/d' \
-                -e 's/Fwmark/#Fwmark/g' \
+                -e '/^Fwmark/d' \
-                -e 's/Table/#Table/g' \
+                -e '/^Table/d' \
-                -e 's/DNS/#DNS/g' \
+                -e '/^DNS/d' \
-                -e 's/MTU/#MTU/g' \
+                -e '/^MTU/d' \
-                -e 's/PostUp/#PostUp/g' \
+                -e '/^PostUp/d' \
-                -e 's/PostDown/#PostDown/g' \
+                -e '/^PostDown/d' \
-                -e 's/PreUp/#PreUp/g' \
+                -e '/^PreUp/d' \
-                -e 's/PreDown/#PreDown/g' \
+                -e '/^PreDown/d' \
                ./protocols/wgfrp/wgfrp.conf.j2 > ./protocols/wgfrp/wgfrp-setconf.conf.j2
 ansible-playbook -i ../result/inventory.yaml "$@" configure.yaml