From 54baac494de94ecf37c7369d266078a8a8c2afb3 Mon Sep 17 00:00:00 2001 From: uvok cheetah Date: Sun, 9 Feb 2025 14:05:05 +0100 Subject: Move script to templates --- myansible.sh | 17 +++-- .../files/usrlocalbin/dn42-route-namespace.sh | 85 ---------------------- roles/linux-ns/templates/dn42-route-namespace.sh | 85 ++++++++++++++++++++++ 3 files changed, 95 insertions(+), 92 deletions(-) delete mode 100755 roles/linux-ns/files/usrlocalbin/dn42-route-namespace.sh create mode 100755 roles/linux-ns/templates/dn42-route-namespace.sh diff --git a/myansible.sh b/myansible.sh index 3af898d..1e4d15b 100755 --- a/myansible.sh +++ b/myansible.sh @@ -3,12 +3,15 @@ ## wrapper for ansible, ensuring password is provided if ! ssh-add -l >/dev/null; then -ssh-add ~/.ssh/ansible -ssh-add ~/.ssh/id_hetz -ssh-add ~/.ssh/id_netcup -ssh-add ~/.ssh/id_rsa -ssh-add ~/.ssh/firstroot -ssh-add ~/.ssh/gcloud +ssh-add ~/.ssh/ansible \ + ~/.ssh/id_hetz \ + ~/.ssh/id_netcup \ + ~/.ssh/id_rsa \ + ~/.ssh/firstroot \ + ~/.ssh/gcloud \ + ~/.ssh/virtuacloud \ + ~/.ssh/ifog_otter fi -ansible-playbook --ask-vault-pass -e '@passwd.yml' $@ +./venv/bin/ansible-playbook --ask-vault-pass -e '@passwd.yml' $@ +# -B / -P for background/polling diff --git a/roles/linux-ns/files/usrlocalbin/dn42-route-namespace.sh b/roles/linux-ns/files/usrlocalbin/dn42-route-namespace.sh deleted file mode 100755 index 44e0e61..0000000 --- a/roles/linux-ns/files/usrlocalbin/dn42-route-namespace.sh +++ /dev/null @@ -1,85 +0,0 @@ -#!/bin/sh -x - -set -eu - -# Set public IPv6 network prefix in the form aaaa:bbbb:cccc:dddd -# (yes, without trailing: or ::) -hoster_prefix_v6="" -# hardcoded: use 42 prefix -ns_prefix_v6="${hoster_prefix_v6}:42" - -# insert IPv4 address -hoster_addr_v4="" -# hardcoded: net -ns_net_v4="10.42.0.0/24" -# hardcoded: peer address (inside namespace) -ns_addr_peer_v4="10.42.0.2/32" - -case $- in - *x*) debug="-x" ;; - *) debug="" ;; -esac - -case "$1" in - start) - ip netns exec dn42 sh $debug "$0" start-ns - ip route add ${ns_net_v4} dev vethdn42 - ip a add ${ns_prefix_v6}::1/128 dev vethdn42 - ip route add ${ns_prefix_v6}::2/128 dev vethdn42 - # hardcoded: route for dn42 - ip route replace fd00::/8 via ${ns_prefix_v6}::2 dev vethdn42 src fcee::1 - ;; - start-ns) - sysctl -w net.ipv6.conf.all.forwarding=1 - - ip -4 route flush dev eth0 - ip -6 route flush dev eth0 - ip -4 a flush dev eth0 - ip -6 a flush dev eth0 - - ip a add ${ns_addr_peer_v4} dev eth0 - ip route add ${hoster_addr_v4} dev eth0 - ip route add default via ${hoster_addr_v4} dev eth0 - - ip a add ${ns_prefix_v6}::2/128 dev eth0 - ip route add ${ns_prefix_v6}::1 dev eth0 - ip route add default via ${ns_prefix_v6}::1 dev eth0 - - # hardcoded: dummy-interface with additional addresses - ifup dn42_int - - # hardcoded: Additional rules for (policy) routing. - # tables are filled by bird. - ip -6 rule add prio 31000 table 210 - ip -6 rule add prio 32000 table 250 - - # hardcoded: iptables - iptables-nft-restore < /etc/iptables/netns/dn42/iptables.save - ip6tables-nft-restore < /etc/iptables/netns/dn42/ip6tables.save - ;; - stop) - ip -6 route flush dev vethdn42 - ip -4 route flush dev vethdn42 - - ip -6 a flush dev vethdn42 - ip -4 a flush dev vethdn42 - - ip netns exec dn42 sh $debug "$0" stop-ns - ;; - stop-ns) - ifdown dn42_int - - ip -6 route flush dev eth0 - ip -6 a flush dev eth0 - - ip -4 route flush dev eth0 - ip -4 a flush dev eth0 - - ip -6 rule del prio 31000 - ip -6 rule del prio 32000 - - ;; - *) - echo "Ignore invalid parameter $1" >&2 - ;; -esac diff --git a/roles/linux-ns/templates/dn42-route-namespace.sh b/roles/linux-ns/templates/dn42-route-namespace.sh new file mode 100755 index 0000000..6822834 --- /dev/null +++ b/roles/linux-ns/templates/dn42-route-namespace.sh @@ -0,0 +1,85 @@ +#!/bin/sh -x + +set -eu + +# Set public IPv6 network prefix in the form aaaa:bbbb:cccc:dddd +# (yes, without trailing: or ::) +hoster_prefix_v6="{{ hoster_ipv6_prefix }}" +# hardcoded: use 42 prefix +ns_prefix_v6="${hoster_prefix_v6}:42" + +# insert IPv4 address +hoster_addr_v4="{{ hoster_ipv4_address }}" +# hardcoded: net +ns_net_v4="10.42.0.0/24" +# hardcoded: peer address (inside namespace) +ns_addr_peer_v4="10.42.0.2/32" + +case $- in + *x*) debug="-x" ;; + *) debug="" ;; +esac + +case "$1" in + start) + ip netns exec dn42 sh $debug "$0" start-ns + ip route add ${ns_net_v4} dev vethdn42 + ip a add ${ns_prefix_v6}::1/128 dev vethdn42 + ip route add ${ns_prefix_v6}::2/128 dev vethdn42 + # hardcoded: route for dn42 + ip route replace fd00::/8 via ${ns_prefix_v6}::2 dev vethdn42 src fcee::1 + ;; + start-ns) + sysctl -w net.ipv6.conf.all.forwarding=1 + + ip -4 route flush dev eth0 + ip -6 route flush dev eth0 + ip -4 a flush dev eth0 + ip -6 a flush dev eth0 + + ip a add ${ns_addr_peer_v4} dev eth0 + ip route add ${hoster_addr_v4} dev eth0 + ip route add default via ${hoster_addr_v4} dev eth0 + + ip a add ${ns_prefix_v6}::2/128 dev eth0 + ip route add ${ns_prefix_v6}::1 dev eth0 + ip route add default via ${ns_prefix_v6}::1 dev eth0 + + # hardcoded: dummy-interface with additional addresses + ifup dn42_int + + # hardcoded: Additional rules for (policy) routing. + # tables are filled by bird. + ip -6 rule add prio 31000 table 210 + ip -6 rule add prio 32000 table 250 + + # hardcoded: iptables + iptables-nft-restore < /etc/iptables/netns/dn42/iptables.save + ip6tables-nft-restore < /etc/iptables/netns/dn42/ip6tables.save + ;; + stop) + ip -6 route flush dev vethdn42 + ip -4 route flush dev vethdn42 + + ip -6 a flush dev vethdn42 + ip -4 a flush dev vethdn42 + + ip netns exec dn42 sh $debug "$0" stop-ns + ;; + stop-ns) + ifdown dn42_int + + ip -6 route flush dev eth0 + ip -6 a flush dev eth0 + + ip -4 route flush dev eth0 + ip -4 a flush dev eth0 + + ip -6 rule del prio 31000 + ip -6 rule del prio 32000 + + ;; + *) + echo "Ignore invalid parameter $1" >&2 + ;; +esac -- cgit v1.2.3