Merge branch 'babeld'

f50f981d · nanahira · e60b51e4 · 17665be2 · f50f981d · f50f981d
Commit f50f981d authored Dec 23, 2020 by nanahira
13 changed files
--- a/ansible/configure.yaml
+++ b/ansible/configure.yaml
@@ -83,31 +83,31 @@
    - name: ocserv pre-configure
      include_tasks: 'protocols/oc/ocserv-pre.yaml'
      when: ocservNeeded and not noBird
+    - name: disable bug self-link
+      become: true
+      ignore_errors: true
+      systemd:
+        name: 'wg-quick@{{item}}'
+        state: stopped
+        enabled: false
+        masked: true
+      with_items:
+        - mc-{{inventory_hostname_short}}
+        - mci{{inventory_hostname_short}}
 # 为了提高测试时候的性能，不改动wg的时候注释掉这段
    - name: 'clean up null connections first'
      include_tasks: 'protocols/{{item.protocol}}/configure.yaml'
      vars:
        conn: '{{item}}'
      with_items: '{{ connections }}'
-      when: "not noUpdateLinks and (not onlyUpdateLink or item.name == onlyUpdateLink) and item.protocol == 'null'"
+      when: "not noUpdateLinks and item.protocol == 'null' and not item.noUpdate"
    - name: 'loop through list from a variable'
      include_tasks: 'protocols/{{item.protocol}}/configure.yaml'
      vars:
        conn: '{{item}}'
      with_items: '{{ connections }}'
-      when: "not noUpdateLinks and (not onlyUpdateLink or item.name == onlyUpdateLink) and item.protocol != 'null'"
+      when: "not noUpdateLinks and item.protocol != 'null' and not item.noUpdate"
 # end
-    - name: disable bug self-link
-      become: true
-      ignore_errors: true
-      systemd:
-        name: 'wg-quick@{{item}}'
-        state: stopped
-        enabled: false
-        masked: true
-      with_items:
-        - mc-{{inventory_hostname_short}}
-        - mci{{inventory_hostname_short}}
    - name: services conf
      copy:
        content: '{{dockerServices | to_yaml}}'
@@ -123,13 +123,13 @@
      template:
        src: babeld.conf.j2
        dest: '{{ansible_user_dir}}/nextgen-network/services/babeld.conf'
-      notify: restart_babeld
+      #notify: restart_babeld
      when: not noBird
-    #- name: babeld reload conf
+    - name: babeld reload conf
-    #  template:
+      template:
-    #    src: babeld-reload.conf.j2
+        src: babeld-reload.conf.j2
-    #    dest: /tmp/babeld-reload.conf
+        dest: /tmp/babeld-reload.conf
-    #  notify: reload_babeld
+      notify: reload_babeld
    - name: frps conf
      template:
        src: protocols/wgfrp/frps.ini.j2
@@ -162,7 +162,7 @@
      template:
        src: babeld.conf.j2
        dest: '/etc/babeld.conf'
-      notify: restart_babeld_systemd
+      #notify: restart_babeld_systemd
      when: systemBird
    - name: enable systemd babeld
      become: true
@@ -206,7 +206,7 @@
        services:
          - frpc-{{item.name}}
      with_items: '{{connections}}'
-      when: 'item.protocol == "wgfrp" and item.frpType == "frpc" and not noBird'
+      when: 'item.protocol == "wgfrp" and item.frpType == "frpc" and not noBird and not item.noUpdate'
    - name: restart_ocserv
      docker_compose:
        project_src: '{{ansible_user_dir}}/nextgen-network/services'
@@ -221,7 +221,7 @@
        services:
          - openconnect-{{item.name}}
      with_items: '{{connections}}'
-      when: 'item.protocol == "oc" and item.ocType == "client" and not noBird'
+      when: 'item.protocol == "oc" and item.ocType == "client" and not noBird and not item.noUpdate'
    - name: restart_bird_systemd
      become: true
      systemd:
@@ -232,6 +232,7 @@
      systemd:
        name: babeld
        state: restarted
+      when: systemBird
    - name: reload_chnroute
      become: true
      shell: |

--- a/ansible/install.yaml
+++ b/ansible/install.yaml
@@ -31,9 +31,13 @@
          Pin-Priority: 90
        dest: /etc/apt/preferences.d/limit-unstable
      when: systemBird and ansible_distribution == 'Debian' and ansible_distribution_release != 'sid'
-    - name: install packages for systemd things
+    - name: netcat-openbsd
      become: true
      apt:
        update_cache: true
+        name: netcat-openbsd
+    - name: install packages for systemd things
+      become: true
+      apt:
        name: babeld,bird2
      when: systemBird
--- a/ansible/protocols/oc/ocserv-user-env.j2
+++ b/ansible/protocols/oc/ocserv-user-env.j2
@@ -3,7 +3,8 @@ export localAddress={{address}}
 export remoteLocalAddress={{conn.remoteLocalAddress}}
 export localPeerAddress={{conn.localPeerAddress}}
 export remotePeerAddress={{conn.remotePeerAddress}}
-export link6Address={{conn.link6Address}}
+export localPeerAddress6={{conn.localPeerAddress6}}
+export remotePeerAddress6={{conn.remotePeerAddress6}}
 export localRubbishAddress=10.199.{{id}}.1
 export remoteNextMark={{conn.remoteNextMark}}
 export inbound={{conn.inbound}}

--- a/ansible/protocols/oc/openconnect-post-scripts/disconnect.sh.j2
+++ b/ansible/protocols/oc/openconnect-post-scripts/disconnect.sh.j2
 #!/bin/bash
-dev="$TUNDEV" localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} link6Address={{conn.link6Address}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 58}} {{ansible_user_dir}}/nextgen-network/scripts/predown.sh
+dev="$TUNDEV" localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} localPeerAddress6={{conn.localPeerAddress6}} remotePeerAddress6={{conn.remotePeerAddress6}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 58}} {{ansible_user_dir}}/nextgen-network/scripts/predown.sh
 true
--- a/ansible/protocols/oc/openconnect-post-scripts/post-connect.sh.j2
+++ b/ansible/protocols/oc/openconnect-post-scripts/post-connect.sh.j2
 #!/bin/bash
-dev="$TUNDEV" localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} link6Address={{conn.link6Address}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 58}} {{ansible_user_dir}}/nextgen-network/scripts/predown.sh
+# Force reload at 12.23
-dev="$TUNDEV" localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} link6Address={{conn.link6Address}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 58}} {{ansible_user_dir}}/nextgen-network/scripts/postup.sh
+dev="$TUNDEV" localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} localPeerAddress6={{conn.localPeerAddress6}} remotePeerAddress6={{conn.remotePeerAddress6}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 58}} {{ansible_user_dir}}/nextgen-network/scripts/predown.sh
+dev="$TUNDEV" localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} localPeerAddress6={{conn.localPeerAddress6}} remotePeerAddress6={{conn.remotePeerAddress6}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 58}} {{ansible_user_dir}}/nextgen-network/scripts/postup.sh
 true
--- a/ansible/protocols/wg/wg.conf.j2
+++ b/ansible/protocols/wg/wg.conf.j2
@@ -8,8 +8,8 @@ FwMark = {{conn.localGatewayMark}}
 MTU = {{conn.mtu|int - 80}}
 Table = off
-PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} link6Address={{conn.link6Address}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} {{ansible_user_dir}}/nextgen-network/scripts/postup.sh
+PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} localPeerAddress6={{conn.localPeerAddress6}} remotePeerAddress6={{conn.remotePeerAddress6}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} {{ansible_user_dir}}/nextgen-network/scripts/postup.sh
-PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} link6Address={{conn.link6Address}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} {{ansible_user_dir}}/nextgen-network/scripts/predown.sh
+PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} localPeerAddress6={{conn.localPeerAddress6}} remotePeerAddress6={{conn.remotePeerAddress6}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} {{ansible_user_dir}}/nextgen-network/scripts/predown.sh
 [Peer]
 PublicKey = {{conn.wgPublicKey}}
@@ -19,4 +19,4 @@ Endpoint = {{conn.remoteAddress}}:{{conn.remotePort}}
 PersistentKeepalive = 1
 {% endif %}
-# forced change 12.12
+# forced change 12.23
--- a/ansible/protocols/wgfrp/wgfrp.conf.j2
+++ b/ansible/protocols/wgfrp/wgfrp.conf.j2
@@ -6,8 +6,8 @@ ListenPort = {{conn.localPort}}
 {% endif %}
 MTU = {{conn.mtu|int - 80}}
 Table = off
-PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} link6Address={{conn.link6Address}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} {{ansible_user_dir}}/nextgen-network/scripts/postup.sh
+PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} localPeerAddress6={{conn.localPeerAddress6}} remotePeerAddress6={{conn.remotePeerAddress6}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} {{ansible_user_dir}}/nextgen-network/scripts/postup.sh
-PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} link6Address={{conn.link6Address}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} {{ansible_user_dir}}/nextgen-network/scripts/predown.sh
+PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} localPeerAddress6={{conn.localPeerAddress6}} remotePeerAddress6={{conn.remotePeerAddress6}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} {{ansible_user_dir}}/nextgen-network/scripts/predown.sh
 [Peer]
 PublicKey = {{conn.wgPublicKey}}
 AllowedIPs = 0.0.0.0/0, ::/0

--- a/ansible/restart-babeld.yaml
+++ b/ansible/restart-babeld.yaml
+---
+- hosts: wg
+  tasks:
+    - name: load vars
+      include_vars:
+        file: '../result/{{item}}.yaml'
+      with_items:
+        # - global-vars
+        - vars-{{inventory_hostname_short}}
+    - name: restart_babeld_systemd
+      become: true
+      systemd:
+        name: babeld
+        state: restarted
+      when: systemBird
+    - name: restart_babeld # ocserv would be always restarted whenever key changes..
+      docker_compose:
+        project_src: '{{ansible_user_dir}}/nextgen-network/services'
+        restarted: true
+        services:
+          - babeld
+      when: not noBird
+    - name: restart ocserv
+      docker_compose:
+        project_src: '{{ansible_user_dir}}/nextgen-network/services'
+        restarted: true
+        services:
+          - ocserv
+      when: ocservNeeded and not noBird
--- a/ansible/scripts/global-postup.sh.j2
+++ b/ansible/scripts/global-postup.sh.j2
 #!/usr/bin/env bash
-# Forced update 12.22
+# Forced update 12.23
 source {{ansible_user_dir}}/nextgen-network/scripts/utility.sh
 echo "running" > /tmp/mycard_global_postup_done

--- a/ansible/scripts/postup.sh.j2
+++ b/ansible/scripts/postup.sh.j2
@@ -4,7 +4,7 @@ source {{ansible_user_dir}}/nextgen-network/scripts/utility.sh
 #set -e
 ip addr add "$localPeerAddress" peer "$remotePeerAddress" dev "$dev" scope link
-ip -6 addr add "$link6Address" dev "$dev" scope link
+ip addr add "$localPeerAddress6" peer "$remotePeerAddress6" dev "$dev" scope link
 if [ "$outbound" == True ] ; then
  ip route add default dev "$dev" table "$remoteNextMark"

--- a/src/inventory.ts
+++ b/src/inventory.ts
@@ -25,6 +25,7 @@ class InventoryBuilder {
  resolveCache: Map<string, string>;
  resolver: dns.Resolver;
  vars: any;
+  linksOnly: string[];
  constructor() {
    this.resolveCache = new Map();
@@ -95,6 +96,9 @@ class InventoryBuilder {
    for (const host of Object.values(this.hosts)) {
      host.wgPublickey = await this.wgPublickey(host.wgPrivateKey);
    }
+    if (process.env.ONLY_LINKS) {
+      this.linksOnly = process.env.ONLY_LINKS.split(",");
+    }
    this.vars = await this.loadUtilities();
    const inventoryValue = { wg: {hosts: Object.fromEntries(Object.values(this.hosts).map(host => [host.name, this.getHostConnectionInfo(host)]))} };
    await fs.promises.writeFile('result/inventory.yaml', YAML.stringify(inventoryValue));
@@ -128,8 +132,7 @@ class InventoryBuilder {
    const vars = {
      routeLists: this.routeLists,
      routeListNames: Object.keys(this.routeLists),
-      noUpdateLinks: !!process.env.NO_LINK,
+      noUpdateLinks: !!process.env.NO_LINK
-      onlyUpdateLink: process.env.ONLY_LINK || null
    };
    for (let col in raw_utility) {
      vars[col] = raw_utility[col].value;
@@ -267,7 +270,11 @@ class InventoryBuilder {
    const wgPublicKey = remote.wgPublickey;
    const localPeerAddress = primary ? `10.200.${local.id}.${remote.id}` : `10.201.${local.id}.${remote.id}`;
    const remotePeerAddress = primary ? `10.200.${remote.id}.${local.id}` : `10.201.${remote.id}.${local.id}`;
-    const link6Address = `fe80::${primary ? 1 : 2}:${local.id}:${remote.id}/64`;
+    const localPeerAddress6Block = ((local.id << 8) | remote.id).toString(16);
+    const remotePeerAddress6Block = ((remote.id << 8) | local.id).toString(16);
+    const localPeerAddress6 = `fe80::${primary ? 1 : 2}:${localPeerAddress6Block}`;
+    const remotePeerAddress6 = `fe80::${primary ? 1 : 2}:${remotePeerAddress6Block}`;
    const frpType = protocol === 'wgfrp' ? (this.gatewayCompare(localGateway, remoteGateway) ? 'frps' : 'frpc') : undefined;
    const ocType = protocol === 'oc' ? (this.gatewayCompareOcserv(local, remote, localGateway, remoteGateway) ? 'server' : 'client') : undefined;
@@ -342,6 +349,8 @@ class InventoryBuilder {
      console.log(`${local.name} GW ${localGateway.isp} ${inbound ? '<' : '='}=${frpType === 'frps' ? 's' : '='}=[${protocol}]=${frpType === 'frpc' ? 's' : '='}=> ${remote.name} GW ${remoteGateway.isp}`);
    }
+    const noUpdate = this.linksOnly && !(this.linksOnly.includes(remote.name) || this.linksOnly.includes(local.name));
    return {
      name,
      metric,
@@ -358,14 +367,16 @@ class InventoryBuilder {
      wgPublicKey,
      localPeerAddress,
      remotePeerAddress,
-      link6Address,
+      localPeerAddress6,
+      remotePeerAddress6,
      remoteFrpsPort,
      //remoteOcservPort,
      frpType,
      ocType,
      inbound,
      outbound,
-      mtu
+      mtu,
+      noUpdate,
    };
  }

--- a/update-all.sh
+++ b/update-all.sh
+#!/bin/bash
+./update.sh "$@"
+cd ansible
+ansible-playbook -i ../result/inventory.yaml "$@" restart-babeld.yaml
+cd ..
--- a/update.sh
+++ b/update.sh
@@ -28,7 +28,7 @@ _strip_wg_conf() {
 # _strip_wg_conf ./protocols/wg/wg.conf.j2 ./protocols/wg/wg-setconf.conf.j2
 _strip_wg_conf ./protocols/wgfrp/wgfrp.conf.j2 ./protocols/wgfrp/wgfrp-setconf.conf.j2
-cat babeld.conf.j2 > babeld-reload.conf.j2
+sed -r '/^(#.*)?$/d;/^reflect-kernel-metric/d;/^local-port-readwrite/d;/^redistribute/d' babeld.conf.j2 > babeld-reload.conf.j2
 echo 'quit' >> babeld-reload.conf.j2
 ansible-playbook -i ../result/inventory.yaml "$@" configure.yaml