zentralwerk/network
zentralwerk
/
network
12
4
Fork 2
Code Issues 4 Pull Requests 1 Releases Wiki Activity

cpe ap configuration

This commit is contained in:
Astro 2016-11-28 17:17:59 +01:00
parent 2dd16b60f5
commit 72cf0ed464
6 changed files with 313 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
salt-pillar/cpe/aps.sls Normal file
View File

@ -0,0 +1,164 @@
#!yaml|gpg
cpe:
ap1:
password: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf+KxWwNiC4VCjdkTUVRcfqzsGRXHUrfBqyoqpPahT7yu8v
JiYAc8/zPO0oniP+tM+zCqnIq/kwUe+muh4RTPjcx7Yv4nVA4Y4bcGgbnGqACMjq
AEZ8qiv+0yBSxqeVgwlfc/eOtyXlYELCwKM9zUnrmS+0J66zd4zKKbfT029izL0e
r2Mxwe6ax9eRrruOImP1WY4rrGaA6/Ci/qY7mV1r9q2RROtkN4dnMs5j0ob9bu2j
JV6d3bC7LnZyIzz3Jv8dWGTISPj2UYCnqpR8wIyW46/+mCdZMYd3SFM1lifqJCoB
hlET/0qjRw7K+ozh6zP1GOgDXHS1YjfLDLXGuLLuMNJIAV6FIphe+t/Y+v6yHvqZ
8L+stbE0RFrqFBMBLxuqw6RTU+AIVwkH9sZ5AoAPF3g6uZCVq8+KU3d2K7K5WCST
4p+9mAt3NWq5
=QPF0
-----END PGP MESSAGE-----
model: TL-WR841N
location: abhanden
access-ports: pub
radios:
'platform/qca953x_wmac':
channel: 1
htmode: HT40+
ssids:
'Zentralwerk':
net: pub
'C3D2 legacy':
net: priv1
psk: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf/SO/v+xhO1yOG83uCcAN2r5ixNf8+Ksp1dPwBKQHUViwJ
/KZHBAUzjTtGFIcpEy3exZcAorJ8SeGaB0hv1zw1HZuHN7Els8KKDu4G5u31Sp8w
EFtuwujlkFAt3t57jp02O0qvXBCIA14eNlakc9fcPypibTrIEGp2SCzw/kty4r3g
EGUwn1sMPjeQxon5Y4JY4OmZBXsnZkKMwTYjAbL+RS300xV1Nh/WWSTRfueAmT5f
xfyHj4NlOoBNBILgm1qlrOdgqJSvHM6rw47BoiDuxeVtgmyPqSbHmN8d7xExbuxB
tdcnI6HfSv47ZhLARH08BiI7nLaKNygwgy6yKr0zctJAAetIX8BADb4W4QgyM7VD
pYqAfy5Igg342W+ZSMyybiZccncchv4opsyDFTjuby9mqL8OwaMWkeNcNPALaT9v
rA==
=TEEI
-----END PGP MESSAGE-----
ap2:
firstboot: true
password: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf8CYe3pO4cTAkpckOBnLp61msnczVRfWtinHKAmysUFpYX
m25JhqLKIk+/UmHtOyyaPyo6GqHu62Ckm+TVIKh5yAGlfI5Dsm6PjWzJ1HPaGgnA
1wMRrbWfZdUkvEP9uvHLtErjoTHqAW/9bF57GE2SY/e392Dz1Y4e6MhMFx61SZ5c
h+kch3edTO4vL7AijlmMMngRKYbZsZOMFoXdmzLoZWYG+MNv0aig5s04nuYURAxr
AmgjnCfl9m4/kblLs8b1Z2WI74hCnFMIGRtl7ZoovKDojMAf1HdTbsdujN+zc03S
tNSCqg4eo9LzNdQnpF6CP0cciEEnlSXKPH/GjGCSydJGARJhGfGxXRmLlFooEpSW
lO1x0xXGsnrm08EUPdT127uJjCF9nPplCgRRKyTR3IDrDFDpqJyjIMK8+/vQFGma
zYUuYozyRA==
=Tlu+
-----END PGP MESSAGE-----
model: TL-Archer-C7
location: Netzbiotop Main
access-ports: priv1
radios:
radio0:
channel: 1
ssids:
'Zentralwerk':
net: pub
'C3D2 legacy':
net: priv1
psk: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf/SO/v+xhO1yOG83uCcAN2r5ixNf8+Ksp1dPwBKQHUViwJ
/KZHBAUzjTtGFIcpEy3exZcAorJ8SeGaB0hv1zw1HZuHN7Els8KKDu4G5u31Sp8w
EFtuwujlkFAt3t57jp02O0qvXBCIA14eNlakc9fcPypibTrIEGp2SCzw/kty4r3g
EGUwn1sMPjeQxon5Y4JY4OmZBXsnZkKMwTYjAbL+RS300xV1Nh/WWSTRfueAmT5f
xfyHj4NlOoBNBILgm1qlrOdgqJSvHM6rw47BoiDuxeVtgmyPqSbHmN8d7xExbuxB
tdcnI6HfSv47ZhLARH08BiI7nLaKNygwgy6yKr0zctJAAetIX8BADb4W4QgyM7VD
pYqAfy5Igg342W+ZSMyybiZccncchv4opsyDFTjuby9mqL8OwaMWkeNcNPALaT9v
rA==
=TEEI
-----END PGP MESSAGE-----
radio1:
channel: 130
ssids:
'Zentralwerk':
net: pub
'C3D2':
net: priv1
psk: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf/SO/v+xhO1yOG83uCcAN2r5ixNf8+Ksp1dPwBKQHUViwJ
/KZHBAUzjTtGFIcpEy3exZcAorJ8SeGaB0hv1zw1HZuHN7Els8KKDu4G5u31Sp8w
EFtuwujlkFAt3t57jp02O0qvXBCIA14eNlakc9fcPypibTrIEGp2SCzw/kty4r3g
EGUwn1sMPjeQxon5Y4JY4OmZBXsnZkKMwTYjAbL+RS300xV1Nh/WWSTRfueAmT5f
xfyHj4NlOoBNBILgm1qlrOdgqJSvHM6rw47BoiDuxeVtgmyPqSbHmN8d7xExbuxB
tdcnI6HfSv47ZhLARH08BiI7nLaKNygwgy6yKr0zctJAAetIX8BADb4W4QgyM7VD
pYqAfy5Igg342W+ZSMyybiZccncchv4opsyDFTjuby9mqL8OwaMWkeNcNPALaT9v
rA==
=TEEI
-----END PGP MESSAGE-----
ap3:
firstboot: true
password: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQgAj+qP7T9D0MGNdstPfT3l0QRBCffcYVc/vGv6xk+s7IqW
L/7GQhhz3sk63QpyONFt6KZc3KhqAzqG7gL8LmK1+PP48Rh/CRfKx8rh5QxV5RFr
YgsI2OIcn7DKSBGuwZaZR0KC9mPwr381E8+uPAAuC4CleaYkt6VjVtEJFf89DDUW
jgtySygaVnG8SxGDc69tq51Zkoq/AlYWgVI+/8UAsja5fUoQa1Aw1YxteJfQ8lAb
TZWYfDdoNGs3mvvy8wK8NuQBvVnQdgowJYQSdYXfo1HqQd0o5oYsDr633MnfxZ4p
4ANDPuiSe944WQzdmaeASaE9FWk8vfz5VA8BuMlyxtJGAZPJnXM+l6JY0Nna+kWW
iYqejp6HmibQCjSxxeyRDIxfEA99LjQZ4t0bqmnamgW0Dbn2hW7sHNmSHD3zX7Hi
uyIJKqCOnA==
=kpf2
-----END PGP MESSAGE-----
model: TL-WR1043ND
location: weg
access-ports: priv1
radios:
radio0:
channel: 1
ssids:
'Zentralwerk':
net: pub
'C3D2 legacy':
net: priv1
psk: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf/SO/v+xhO1yOG83uCcAN2r5ixNf8+Ksp1dPwBKQHUViwJ
/KZHBAUzjTtGFIcpEy3exZcAorJ8SeGaB0hv1zw1HZuHN7Els8KKDu4G5u31Sp8w
EFtuwujlkFAt3t57jp02O0qvXBCIA14eNlakc9fcPypibTrIEGp2SCzw/kty4r3g
EGUwn1sMPjeQxon5Y4JY4OmZBXsnZkKMwTYjAbL+RS300xV1Nh/WWSTRfueAmT5f
xfyHj4NlOoBNBILgm1qlrOdgqJSvHM6rw47BoiDuxeVtgmyPqSbHmN8d7xExbuxB
tdcnI6HfSv47ZhLARH08BiI7nLaKNygwgy6yKr0zctJAAetIX8BADb4W4QgyM7VD
pYqAfy5Igg342W+ZSMyybiZccncchv4opsyDFTjuby9mqL8OwaMWkeNcNPALaT9v
rA==
=TEEI
-----END PGP MESSAGE-----
radio1:
channel: 130
ssids:
'Zentralwerk':
net: pub
'C3D2':
net: priv1
psk: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf/SO/v+xhO1yOG83uCcAN2r5ixNf8+Ksp1dPwBKQHUViwJ
/KZHBAUzjTtGFIcpEy3exZcAorJ8SeGaB0hv1zw1HZuHN7Els8KKDu4G5u31Sp8w
EFtuwujlkFAt3t57jp02O0qvXBCIA14eNlakc9fcPypibTrIEGp2SCzw/kty4r3g
EGUwn1sMPjeQxon5Y4JY4OmZBXsnZkKMwTYjAbL+RS300xV1Nh/WWSTRfueAmT5f
xfyHj4NlOoBNBILgm1qlrOdgqJSvHM6rw47BoiDuxeVtgmyPqSbHmN8d7xExbuxB
tdcnI6HfSv47ZhLARH08BiI7nLaKNygwgy6yKr0zctJAAetIX8BADb4W4QgyM7VD
pYqAfy5Igg342W+ZSMyybiZccncchv4opsyDFTjuby9mqL8OwaMWkeNcNPALaT9v
rA==
=TEEI
-----END PGP MESSAGE-----

32
salt-pillar/hosts/init.sls
View File

@ -5,6 +5,38 @@ hosts-inet:
switch-b2: 10.0.0.11
switch-c1: 10.0.0.12
switch-d1: 10.0.0.13
ap1: 10.0.0.41
ap2: 10.0.0.42
ap3: 10.0.0.43
ap4: 10.0.0.44
ap5: 10.0.0.45
ap6: 10.0.0.46
ap7: 10.0.0.47
ap8: 10.0.0.48
ap9: 10.0.0.49
ap10: 10.0.0.50
ap11: 10.0.0.51
ap12: 10.0.0.52
ap13: 10.0.0.53
ap14: 10.0.0.54
ap15: 10.0.0.55
ap16: 10.0.0.56
ap17: 10.0.0.57
ap18: 10.0.0.58
ap19: 10.0.0.59
ap20: 10.0.0.60
ap21: 10.0.0.61
ap22: 10.0.0.62
ap23: 10.0.0.63
ap24: 10.0.0.64
ap25: 10.0.0.65
ap26: 10.0.0.66
ap27: 10.0.0.67
ap28: 10.0.0.68
ap29: 10.0.0.69
ap30: 10.0.0.70
ap31: 10.0.0.71
ap32: 10.0.0.72
core:
server1: 172.20.72.1
serv-gw: 172.20.72.2

1
salt-pillar/top.sls
View File

@ -17,3 +17,4 @@ base:
'server1':
- lxc-containers.server1
- switches
- cpe.aps

104
salt/cpe/ap.sh Normal file
View File

@ -0,0 +1,104 @@
#!/usr/bin/env bash -e
{%- if conf.get('firstboot') %}
ssh-keygen -R 192.168.1.1
ssh root@192.168.1.1 \
"ash -e" <<__SSH__
{%- else %}
ssh root@{{ pillar['hosts-inet']['mgmt'][hostname] }} \
"ash -e" <<__SSH__
{%- endif %}
# Set root password
echo -e "{{ conf['password'] }}\n{{ conf['password'] }}" | passwd
# TODO: add ssh pubkey
# System configuration
uci batch <<__UCI__
set system.@system[0].hostname={{ hostname }}
set dhcp.@dnsmasq[0].enabled=0
delete network.globals.ula_prefix
delete network.lan
delete network.wan
delete network.wan6
delete wireless.default_radio0
delete wireless.default_radio1
set network.@switch[0].reset=1
set network.@switch[0].enable=1
set network.@switch[0].enable_vlan=0
set network.mgmt=interface
set network.mgmt.ifname=eth1.1
set network.mgmt.proto=static
set network.mgmt.ipaddr={{ pillar['hosts-inet']['mgmt'][hostname] }}
set network.mgmt.netmask=255.255.255.0
{%- set bridges = {} %}
{%- if conf.get('access-ports') %}
{%- do bridges.__setitem__(conf['access-ports'], True) %}
{%- endif %}
{%- for path, radio in conf['radios'].items() %}
{%- for ssid, ssidconf in radio['ssids'].items() %}
{%- do bridges.__setitem__(ssidconf['net'], True) %}
{%- endfor %}
{%- endfor %}
{%- for net in bridges.keys() %}
set network.{{ net }}=interface
set network.{{ net }}.type=bridge
set network.{{ net }}.proto=static
{%- set ports = ['eth1.' ~ pillar['vlans'][net]] %}
{%- if conf.get('access-ports') == net %}
{%- do ports.append('eth0') %}
{%- endif %}
set network.{{ net }}.ifname='{{ ' '.join(ports) }}'
{%- endfor %}
{%- set radionum = 0 %}
{%- for path, radio in conf['radios'].items() %}
set wireless.radio{{ radionum }}=wifi-device
set wireless.radio{{ radionum }}.type=mac80211
set wireless.radio{{ radionum }}.channel={{ radio['channel'] }}
set wireless.radio{{ radionum }}.path={{ path }}
set wireless.radio{{ radionum }}.hwmode={{ radio.get('hwmode') or '11n' }}
set wireless.radio{{ radionum }}.htmode={{ radio.get('htmode') or 'HT20' }}
set wireless.radio{{ radionum }}.noscan=1
delete wireless.radio{{ radionum }}.disabled
{%- set ifnum = 0 %}
{%- for ssid, ssidconf in radio['ssids'].items() %}
set wireless.wifi{{ ifnum }}=wifi-iface
set wireless.wifi{{ ifnum }}.device=radio{{ radionum }}
set wireless.wifi{{ ifnum }}.ssid='{{ ssid }}'
set wireless.wifi{{ ifnum }}.mode=ap
set wireless.wifi{{ ifnum }}.network={{ ssidconf['net'] }}
{%- if ssidconf.get('psk') %}
set wireless.wifi{{ ifnum }}.encryption=psk2
set wireless.wifi{{ ifnum }}.key='{{ ssidconf['psk'] }}'
{%- else %}
set wireless.wifi{{ ifnum }}.encryption=none
{%- endif %}
{%- set ifnum = ifnum + 1 %}
{%- endfor %}
{%- set radionum = radionum + 1 %}
{%- endfor %}
commit
__UCI__
# TODO: install pkgs (collectd...)
{%- if conf.get('firstboot') %}
reboot
{%- endif %}
__SSH__
echo "All done \\o/"

11
salt/cpe/init.sls Normal file
View File

@ -0,0 +1,11 @@
{%- for hostname, conf in pillar['cpe'].items() %}
/root/{{ hostname }}.sh:
file.managed:
- source: salt://cpe/ap.sh
- template: 'jinja'
- context:
hostname: {{ hostname }}
conf: {{ conf }}
- mode: 755
{%- endfor %}

1
salt/top.sls
View File

@ -5,6 +5,7 @@ base:
- lxc-containers
- ospf
- switches
- cpe
'*-gw':
- no-ssh
- forwarding