From 72cf0ed464525f5df0e774037f1ea97e8c568099 Mon Sep 17 00:00:00 2001 From: Astro Date: Mon, 28 Nov 2016 17:17:59 +0100 Subject: [PATCH] cpe ap configuration --- salt-pillar/cpe/aps.sls | 164 +++++++++++++++++++++++++++++++++++++ salt-pillar/hosts/init.sls | 32 ++++++++ salt-pillar/top.sls | 1 + salt/cpe/ap.sh | 104 +++++++++++++++++++++++ salt/cpe/init.sls | 11 +++ salt/top.sls | 1 + 6 files changed, 313 insertions(+) create mode 100644 salt-pillar/cpe/aps.sls create mode 100644 salt/cpe/ap.sh create mode 100644 salt/cpe/init.sls diff --git a/salt-pillar/cpe/aps.sls b/salt-pillar/cpe/aps.sls new file mode 100644 index 000000000..88b025b --- /dev/null +++ b/salt-pillar/cpe/aps.sls @@ -0,0 +1,164 @@ +#!yaml|gpg +cpe: + ap1: + password: | + -----BEGIN PGP MESSAGE----- + + hQEMA2PKcvDMvlKLAQf+KxWwNiC4VCjdkTUVRcfqzsGRXHUrfBqyoqpPahT7yu8v + JiYAc8/zPO0oniP+tM+zCqnIq/kwUe+muh4RTPjcx7Yv4nVA4Y4bcGgbnGqACMjq + AEZ8qiv+0yBSxqeVgwlfc/eOtyXlYELCwKM9zUnrmS+0J66zd4zKKbfT029izL0e + r2Mxwe6ax9eRrruOImP1WY4rrGaA6/Ci/qY7mV1r9q2RROtkN4dnMs5j0ob9bu2j + JV6d3bC7LnZyIzz3Jv8dWGTISPj2UYCnqpR8wIyW46/+mCdZMYd3SFM1lifqJCoB + hlET/0qjRw7K+ozh6zP1GOgDXHS1YjfLDLXGuLLuMNJIAV6FIphe+t/Y+v6yHvqZ + 8L+stbE0RFrqFBMBLxuqw6RTU+AIVwkH9sZ5AoAPF3g6uZCVq8+KU3d2K7K5WCST + 4p+9mAt3NWq5 + =QPF0 + -----END PGP MESSAGE----- + model: TL-WR841N + location: abhanden + access-ports: pub + radios: + 'platform/qca953x_wmac': + channel: 1 + htmode: HT40+ + ssids: + 'Zentralwerk': + net: pub + 'C3D2 legacy': + net: priv1 + psk: | + -----BEGIN PGP MESSAGE----- + + hQEMA2PKcvDMvlKLAQf/SO/v+xhO1yOG83uCcAN2r5ixNf8+Ksp1dPwBKQHUViwJ + /KZHBAUzjTtGFIcpEy3exZcAorJ8SeGaB0hv1zw1HZuHN7Els8KKDu4G5u31Sp8w + EFtuwujlkFAt3t57jp02O0qvXBCIA14eNlakc9fcPypibTrIEGp2SCzw/kty4r3g + EGUwn1sMPjeQxon5Y4JY4OmZBXsnZkKMwTYjAbL+RS300xV1Nh/WWSTRfueAmT5f + xfyHj4NlOoBNBILgm1qlrOdgqJSvHM6rw47BoiDuxeVtgmyPqSbHmN8d7xExbuxB + tdcnI6HfSv47ZhLARH08BiI7nLaKNygwgy6yKr0zctJAAetIX8BADb4W4QgyM7VD + pYqAfy5Igg342W+ZSMyybiZccncchv4opsyDFTjuby9mqL8OwaMWkeNcNPALaT9v + rA== + =TEEI + -----END PGP MESSAGE----- + + + ap2: + firstboot: true + password: | + -----BEGIN PGP MESSAGE----- + + hQEMA2PKcvDMvlKLAQf8CYe3pO4cTAkpckOBnLp61msnczVRfWtinHKAmysUFpYX + m25JhqLKIk+/UmHtOyyaPyo6GqHu62Ckm+TVIKh5yAGlfI5Dsm6PjWzJ1HPaGgnA + 1wMRrbWfZdUkvEP9uvHLtErjoTHqAW/9bF57GE2SY/e392Dz1Y4e6MhMFx61SZ5c + h+kch3edTO4vL7AijlmMMngRKYbZsZOMFoXdmzLoZWYG+MNv0aig5s04nuYURAxr + AmgjnCfl9m4/kblLs8b1Z2WI74hCnFMIGRtl7ZoovKDojMAf1HdTbsdujN+zc03S + tNSCqg4eo9LzNdQnpF6CP0cciEEnlSXKPH/GjGCSydJGARJhGfGxXRmLlFooEpSW + lO1x0xXGsnrm08EUPdT127uJjCF9nPplCgRRKyTR3IDrDFDpqJyjIMK8+/vQFGma + zYUuYozyRA== + =Tlu+ + -----END PGP MESSAGE----- + + model: TL-Archer-C7 + location: Netzbiotop Main + access-ports: priv1 + radios: + radio0: + channel: 1 + ssids: + 'Zentralwerk': + net: pub + 'C3D2 legacy': + net: priv1 + psk: | + -----BEGIN PGP MESSAGE----- + + hQEMA2PKcvDMvlKLAQf/SO/v+xhO1yOG83uCcAN2r5ixNf8+Ksp1dPwBKQHUViwJ + /KZHBAUzjTtGFIcpEy3exZcAorJ8SeGaB0hv1zw1HZuHN7Els8KKDu4G5u31Sp8w + EFtuwujlkFAt3t57jp02O0qvXBCIA14eNlakc9fcPypibTrIEGp2SCzw/kty4r3g + EGUwn1sMPjeQxon5Y4JY4OmZBXsnZkKMwTYjAbL+RS300xV1Nh/WWSTRfueAmT5f + xfyHj4NlOoBNBILgm1qlrOdgqJSvHM6rw47BoiDuxeVtgmyPqSbHmN8d7xExbuxB + tdcnI6HfSv47ZhLARH08BiI7nLaKNygwgy6yKr0zctJAAetIX8BADb4W4QgyM7VD + pYqAfy5Igg342W+ZSMyybiZccncchv4opsyDFTjuby9mqL8OwaMWkeNcNPALaT9v + rA== + =TEEI + -----END PGP MESSAGE----- + radio1: + channel: 130 + ssids: + 'Zentralwerk': + net: pub + 'C3D2': + net: priv1 + psk: | + -----BEGIN PGP MESSAGE----- + + hQEMA2PKcvDMvlKLAQf/SO/v+xhO1yOG83uCcAN2r5ixNf8+Ksp1dPwBKQHUViwJ + /KZHBAUzjTtGFIcpEy3exZcAorJ8SeGaB0hv1zw1HZuHN7Els8KKDu4G5u31Sp8w + EFtuwujlkFAt3t57jp02O0qvXBCIA14eNlakc9fcPypibTrIEGp2SCzw/kty4r3g + EGUwn1sMPjeQxon5Y4JY4OmZBXsnZkKMwTYjAbL+RS300xV1Nh/WWSTRfueAmT5f + xfyHj4NlOoBNBILgm1qlrOdgqJSvHM6rw47BoiDuxeVtgmyPqSbHmN8d7xExbuxB + tdcnI6HfSv47ZhLARH08BiI7nLaKNygwgy6yKr0zctJAAetIX8BADb4W4QgyM7VD + pYqAfy5Igg342W+ZSMyybiZccncchv4opsyDFTjuby9mqL8OwaMWkeNcNPALaT9v + rA== + =TEEI + -----END PGP MESSAGE----- + + ap3: + firstboot: true + password: | + -----BEGIN PGP MESSAGE----- + + hQEMA2PKcvDMvlKLAQgAj+qP7T9D0MGNdstPfT3l0QRBCffcYVc/vGv6xk+s7IqW + L/7GQhhz3sk63QpyONFt6KZc3KhqAzqG7gL8LmK1+PP48Rh/CRfKx8rh5QxV5RFr + YgsI2OIcn7DKSBGuwZaZR0KC9mPwr381E8+uPAAuC4CleaYkt6VjVtEJFf89DDUW + jgtySygaVnG8SxGDc69tq51Zkoq/AlYWgVI+/8UAsja5fUoQa1Aw1YxteJfQ8lAb + TZWYfDdoNGs3mvvy8wK8NuQBvVnQdgowJYQSdYXfo1HqQd0o5oYsDr633MnfxZ4p + 4ANDPuiSe944WQzdmaeASaE9FWk8vfz5VA8BuMlyxtJGAZPJnXM+l6JY0Nna+kWW + iYqejp6HmibQCjSxxeyRDIxfEA99LjQZ4t0bqmnamgW0Dbn2hW7sHNmSHD3zX7Hi + uyIJKqCOnA== + =kpf2 + -----END PGP MESSAGE----- + + model: TL-WR1043ND + location: weg + access-ports: priv1 + radios: + radio0: + channel: 1 + ssids: + 'Zentralwerk': + net: pub + 'C3D2 legacy': + net: priv1 + psk: | + -----BEGIN PGP MESSAGE----- + + hQEMA2PKcvDMvlKLAQf/SO/v+xhO1yOG83uCcAN2r5ixNf8+Ksp1dPwBKQHUViwJ + /KZHBAUzjTtGFIcpEy3exZcAorJ8SeGaB0hv1zw1HZuHN7Els8KKDu4G5u31Sp8w + EFtuwujlkFAt3t57jp02O0qvXBCIA14eNlakc9fcPypibTrIEGp2SCzw/kty4r3g + EGUwn1sMPjeQxon5Y4JY4OmZBXsnZkKMwTYjAbL+RS300xV1Nh/WWSTRfueAmT5f + xfyHj4NlOoBNBILgm1qlrOdgqJSvHM6rw47BoiDuxeVtgmyPqSbHmN8d7xExbuxB + tdcnI6HfSv47ZhLARH08BiI7nLaKNygwgy6yKr0zctJAAetIX8BADb4W4QgyM7VD + pYqAfy5Igg342W+ZSMyybiZccncchv4opsyDFTjuby9mqL8OwaMWkeNcNPALaT9v + rA== + =TEEI + -----END PGP MESSAGE----- + radio1: + channel: 130 + ssids: + 'Zentralwerk': + net: pub + 'C3D2': + net: priv1 + psk: | + -----BEGIN PGP MESSAGE----- + + hQEMA2PKcvDMvlKLAQf/SO/v+xhO1yOG83uCcAN2r5ixNf8+Ksp1dPwBKQHUViwJ + /KZHBAUzjTtGFIcpEy3exZcAorJ8SeGaB0hv1zw1HZuHN7Els8KKDu4G5u31Sp8w + EFtuwujlkFAt3t57jp02O0qvXBCIA14eNlakc9fcPypibTrIEGp2SCzw/kty4r3g + EGUwn1sMPjeQxon5Y4JY4OmZBXsnZkKMwTYjAbL+RS300xV1Nh/WWSTRfueAmT5f + xfyHj4NlOoBNBILgm1qlrOdgqJSvHM6rw47BoiDuxeVtgmyPqSbHmN8d7xExbuxB + tdcnI6HfSv47ZhLARH08BiI7nLaKNygwgy6yKr0zctJAAetIX8BADb4W4QgyM7VD + pYqAfy5Igg342W+ZSMyybiZccncchv4opsyDFTjuby9mqL8OwaMWkeNcNPALaT9v + rA== + =TEEI + -----END PGP MESSAGE----- diff --git a/salt-pillar/hosts/init.sls b/salt-pillar/hosts/init.sls index bfe7cba..9fb72c7 100644 --- a/salt-pillar/hosts/init.sls +++ b/salt-pillar/hosts/init.sls @@ -5,6 +5,38 @@ hosts-inet: switch-b2: 10.0.0.11 switch-c1: 10.0.0.12 switch-d1: 10.0.0.13 + ap1: 10.0.0.41 + ap2: 10.0.0.42 + ap3: 10.0.0.43 + ap4: 10.0.0.44 + ap5: 10.0.0.45 + ap6: 10.0.0.46 + ap7: 10.0.0.47 + ap8: 10.0.0.48 + ap9: 10.0.0.49 + ap10: 10.0.0.50 + ap11: 10.0.0.51 + ap12: 10.0.0.52 + ap13: 10.0.0.53 + ap14: 10.0.0.54 + ap15: 10.0.0.55 + ap16: 10.0.0.56 + ap17: 10.0.0.57 + ap18: 10.0.0.58 + ap19: 10.0.0.59 + ap20: 10.0.0.60 + ap21: 10.0.0.61 + ap22: 10.0.0.62 + ap23: 10.0.0.63 + ap24: 10.0.0.64 + ap25: 10.0.0.65 + ap26: 10.0.0.66 + ap27: 10.0.0.67 + ap28: 10.0.0.68 + ap29: 10.0.0.69 + ap30: 10.0.0.70 + ap31: 10.0.0.71 + ap32: 10.0.0.72 core: server1: 172.20.72.1 serv-gw: 172.20.72.2 diff --git a/salt-pillar/top.sls b/salt-pillar/top.sls index e7f54e3..5c12148 100644 --- a/salt-pillar/top.sls +++ b/salt-pillar/top.sls @@ -17,3 +17,4 @@ base: 'server1': - lxc-containers.server1 - switches + - cpe.aps diff --git a/salt/cpe/ap.sh b/salt/cpe/ap.sh new file mode 100644 index 000000000..8711703 --- /dev/null +++ b/salt/cpe/ap.sh @@ -0,0 +1,104 @@ +#!/usr/bin/env bash -e + +{%- if conf.get('firstboot') %} +ssh-keygen -R 192.168.1.1 + +ssh root@192.168.1.1 \ + "ash -e" <<__SSH__ +{%- else %} +ssh root@{{ pillar['hosts-inet']['mgmt'][hostname] }} \ + "ash -e" <<__SSH__ +{%- endif %} + +# Set root password +echo -e "{{ conf['password'] }}\n{{ conf['password'] }}" | passwd + +# TODO: add ssh pubkey + +# System configuration +uci batch <<__UCI__ +set system.@system[0].hostname={{ hostname }} +set dhcp.@dnsmasq[0].enabled=0 + +delete network.globals.ula_prefix +delete network.lan +delete network.wan +delete network.wan6 +delete wireless.default_radio0 +delete wireless.default_radio1 + +set network.@switch[0].reset=1 +set network.@switch[0].enable=1 +set network.@switch[0].enable_vlan=0 + +set network.mgmt=interface +set network.mgmt.ifname=eth1.1 +set network.mgmt.proto=static +set network.mgmt.ipaddr={{ pillar['hosts-inet']['mgmt'][hostname] }} +set network.mgmt.netmask=255.255.255.0 + +{%- set bridges = {} %} +{%- if conf.get('access-ports') %} +{%- do bridges.__setitem__(conf['access-ports'], True) %} +{%- endif %} +{%- for path, radio in conf['radios'].items() %} +{%- for ssid, ssidconf in radio['ssids'].items() %} +{%- do bridges.__setitem__(ssidconf['net'], True) %} +{%- endfor %} +{%- endfor %} + +{%- for net in bridges.keys() %} + +set network.{{ net }}=interface +set network.{{ net }}.type=bridge +set network.{{ net }}.proto=static +{%- set ports = ['eth1.' ~ pillar['vlans'][net]] %} +{%- if conf.get('access-ports') == net %} +{%- do ports.append('eth0') %} +{%- endif %} +set network.{{ net }}.ifname='{{ ' '.join(ports) }}' +{%- endfor %} + +{%- set radionum = 0 %} +{%- for path, radio in conf['radios'].items() %} +set wireless.radio{{ radionum }}=wifi-device +set wireless.radio{{ radionum }}.type=mac80211 +set wireless.radio{{ radionum }}.channel={{ radio['channel'] }} +set wireless.radio{{ radionum }}.path={{ path }} +set wireless.radio{{ radionum }}.hwmode={{ radio.get('hwmode') or '11n' }} +set wireless.radio{{ radionum }}.htmode={{ radio.get('htmode') or 'HT20' }} +set wireless.radio{{ radionum }}.noscan=1 +delete wireless.radio{{ radionum }}.disabled + +{%- set ifnum = 0 %} +{%- for ssid, ssidconf in radio['ssids'].items() %} +set wireless.wifi{{ ifnum }}=wifi-iface +set wireless.wifi{{ ifnum }}.device=radio{{ radionum }} +set wireless.wifi{{ ifnum }}.ssid='{{ ssid }}' +set wireless.wifi{{ ifnum }}.mode=ap +set wireless.wifi{{ ifnum }}.network={{ ssidconf['net'] }} +{%- if ssidconf.get('psk') %} +set wireless.wifi{{ ifnum }}.encryption=psk2 +set wireless.wifi{{ ifnum }}.key='{{ ssidconf['psk'] }}' +{%- else %} +set wireless.wifi{{ ifnum }}.encryption=none +{%- endif %} + +{%- set ifnum = ifnum + 1 %} +{%- endfor %} + +{%- set radionum = radionum + 1 %} +{%- endfor %} + +commit +__UCI__ + +# TODO: install pkgs (collectd...) + +{%- if conf.get('firstboot') %} +reboot +{%- endif %} + +__SSH__ + +echo "All done \\o/" diff --git a/salt/cpe/init.sls b/salt/cpe/init.sls new file mode 100644 index 000000000..57d03e2 --- /dev/null +++ b/salt/cpe/init.sls @@ -0,0 +1,11 @@ +{%- for hostname, conf in pillar['cpe'].items() %} +/root/{{ hostname }}.sh: + file.managed: + - source: salt://cpe/ap.sh + - template: 'jinja' + - context: + hostname: {{ hostname }} + conf: {{ conf }} + - mode: 755 + +{%- endfor %} diff --git a/salt/top.sls b/salt/top.sls index 1ae86ab..b256aa0 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -5,6 +5,7 @@ base: - lxc-containers - ospf - switches + - cpe '*-gw': - no-ssh - forwarding