Create multiple supernodes (#35)

Author: mraerino

README.md

@@ -10,3 +10,8 @@
   - each supernode gets one IP from this prefix
 - Assign a management IP from the site management net
   - Statically set on the VM config
+
+## Running Ansible
+
+- Set `NETBOX_TOKEN` to your token
+- Run `ansible-playbook site.yml --diff --check`

ansible.cfg

@@ -6,6 +6,7 @@ pipelining = true
 timeout = 15
 roles_path = roles
 remote_user = admin
+host_key_checking = False
 
 [ssh_connection]
 scp_if_ssh = true

group_vars/all.yaml

@@ -26,7 +26,18 @@ gateway_ipv6_address: >-
       first
   }}
 
+client_ipv4_start_address_int: "{{ gateway_ipv4_address | ansible.utils.ipaddr('network') | ansible.utils.ipaddr('int') }}"
+dhcp_range_start_address_int: "{{ (config_context|first).dhcp_range.start_address|ansible.utils.ipaddr('int') }}"
+dhcp_range_end_address_int: "{{ (config_context|first).dhcp_range.end_address|ansible.utils.ipaddr('int') }}"
+dhcp_pool_offset: "{{ (dhcp_range_start_address_int|int) - (client_ipv4_start_address_int|int) - 1 }}"
+dhcp_pool_size: "{{ (dhcp_range_end_address_int|int) - (dhcp_range_start_address_int|int) }}"
+
+# Private Anycast Address in the domain used for reaching DHCP & DNS
+# todo: replace with data from netbox
+anycast_service_address: "{{ gateway_ipv4_address | ansible.utils.ipaddr('network/prefix') | ansible.utils.ipaddr('-2') }}"
+
 wan_interface: "{{ interfaces | selectattr('name', 'equalto', 'eth0') | first }}"
+# Outside IP used for connecting to the supernode from the Internet
 service_ipv4_address: >-
   {{ wan_interface.ip_addresses |
       map(attribute='address') |
@@ -39,3 +50,5 @@ loopback_interface: "{{ interfaces | selectattr('name', 'equalto', 'lo') | first
 service_ipv6_address: "{{ gateway_ipv6_address }}"
 
 domain_ipv6_subnet: "{{ gateway_ipv6_address | ansible.utils.ipaddr('network/prefix') }}"
+
+batbone_interface: "{{ interfaces | selectattr('name', 'equalto', 'eth1') | first }}"

roles/batman/tasks/main.yaml

@@ -15,26 +15,15 @@
     line: batman-adv
     create: true
 
-- name: Create Batman Interface
+- name: Configure Networking
   ansible.builtin.template:
-    src: batman.netdev.j2
-    dest: /etc/systemd/network/batman.netdev
-  notify: reload network
-
-- name: Configure Batman Interface
-  ansible.builtin.template:
-    src: batman.network.j2
-    dest: /etc/systemd/network/batman.network
-  notify: reload network
-
-- name: Create Batman Bridge
-  ansible.builtin.template:
-    src: batman-bridge.netdev.j2
-    dest: /etc/systemd/network/batman-bridge.netdev
-  notify: reload network
-
-- name: Configure Batman Bridge
-  ansible.builtin.template:
-    src: batman-bridge.network.j2
-    dest: /etc/systemd/network/batman-bridge.network
+    src: "{{ item }}.j2"
+    dest: "/etc/systemd/network/{{ item }}"
+  loop:
+    - batman.netdev
+    - batman.network
+    - batman-bridge.netdev
+    - batman-bridge.network
+    - batbone.link
+    - batbone.network
   notify: reload network

roles/batman/templates/batbone.link.j2

@@ -0,0 +1,5 @@
+[Match]
+MACAddress={{ (batbone_interface.mac_addresses | first).mac_address }}
+
+[Link]
+Name=eth1

roles/batman/templates/batbone.network.j2

@@ -0,0 +1,8 @@
+[Match]
+MACAddress={{ (batbone_interface.mac_addresses | first).mac_address }}
+
+[Link]
+RequiredForOnline=no
+
+[Network]
+Bridge=br1

roles/gateway/templates/client-bridge.network.j2

@@ -12,11 +12,11 @@ DHCPServer=yes
 IPv6SendRA=yes
 
 [DHCPServer]
-PoolOffset=10
-PoolSize=64000
+PoolOffset={{ dhcp_pool_offset }}
+PoolSize={{ dhcp_pool_size }}
 EmitDNS=yes
-ServerAddress=10.12.255.254/16
-DNS={{ service_ipv4_address | ansible.utils.ipaddr('address') }}
+ServerAddress={{ anycast_service_address }}
+DNS={{ anycast_service_address | ansible.utils.ipaddr('address') }}
 
 {% for addr in client_bridge_interface.ip_addresses | map(attribute='address') | ansible.utils.ipv6 %}
 [IPv6Prefix]

roles/gateway/templates/dnsmasq.conf.j2

@@ -1,6 +1,6 @@
 interface=br0
 except-interface=lo
-listen-address={{ gateway_ipv4_address | ansible.utils.ipaddr('address') }}
+listen-address={{ anycast_service_address | ansible.utils.ipaddr('address') }}
 listen-address={{ gateway_ipv6_address | ansible.utils.ipaddr('address') }}
 bind-interfaces
 

terraform/.terraform.lock.hcl

@@ -0,0 +1,8 @@
+resource "netbox_available_vlan" "batbone" {
+  name        = "batbone ${var.domain_name}"
+  status      = "active"
+  description = "Batbone VLAN for ${var.domain_name}"
+
+  group_id = var.batbone_vlan_group_id
+  site_id  = data.netbox_site.local.id
+}