fixes, upstream2, upstream.shaping

2016-11-16 02:22:59 +01:00 · 2016-11-16 02:22:59 +01:00 · fb65984b0b
parent 2f603182ff
commit fb65984b0b
8 changed files with 38 additions and 1 deletions
--- a/salt-pillar/hosts/init.sls
+++ b/salt-pillar/hosts/init.sls
@ -12,6 +12,7 @@ hosts-inet:
    priv1-gw: 172.20.72.4
    priv2-gw: 172.20.72.5
    upstream1: 172.20.72.6
+    upstream2: 172.20.72.8
    anon1: 172.20.72.7
  pub:
    pub-gw: 172.20.76.1
--- a/salt-pillar/switches/init.sls
+++ b/salt-pillar/switches/init.sls
@ -136,7 +136,7 @@ switches:
      =/BZc
      -----END PGP MESSAGE-----

-switch-b2:
+  switch-b2:
    model: '3com-4200G'
    location: Haus B Souterrain
    ports:
--- a/salt-pillar/upstream/anon1.sls
+++ b/salt-pillar/upstream/anon1.sls
@ -1,2 +1,5 @@
 upstream:
  interface: ipredator
+  up-bandwidth: 2000
+  flow-keys: nfct-src,nfct-dst
+  flows: 2048
--- a/salt-pillar/upstream/upstream1.sls
+++ b/salt-pillar/upstream/upstream1.sls
@ -1,2 +1,5 @@
 upstream:
  interface: up1
+  up-bandwidth: 6000
+  flow-keys: nfct-src,nfct-dst
+  flows: 2048
--- a/salt/lxc-containers-1/containers.yaml
+++ b/salt/lxc-containers-1/containers.yaml
@ -33,6 +33,13 @@ upstream1:
    up1:
      type: phys

+upstream2:
+  interfaces:
+    core:
+      type: veth
+    up1:
+      type: phys
+
 anon1:
  interfaces:
    core:
--- a/salt/top.sls
+++ b/salt/top.sls
@ -15,6 +15,7 @@ base:
    - forwarding
    - ospf
    - upstream.dhcp
+    - upstream.shaping
    - unbound
  'anon*':
    - no-ssh
@ -22,3 +23,4 @@ base:
    - ospf
    - vpn.openvpn
    - upstream.masquerade
+    - upstream.shaping
--- a/salt/upstream/shaping
+++ b/salt/upstream/shaping
@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ "$IFACE" = "{{ pillar['upstream']['interface'] }}" ]; then
+   tc qdisc del dev $IF_WAN root    2> /dev/null >  /dev/null
+   tc qdisc add dev $IF_WAN root       handle  1   hfsc default 1
+   tc class add dev $IF_WAN parent 1:  classid 1:1  hfsc sc rate ${UP_RATE}kbit ul rate {{ pillar['upstream']['up-bandwidth'] }}kbit
+   tc qdisc add dev $IF_WAN parent 1:1 handle 11: fq_codel
+   tc filter add dev $IF_WAN parent 11: handle 11 protocol all flow hash keys {{ pillar['upstream']['flow-keys'] }} divisor {{ pillar['upstream']['flows'] }}
+fi
--- a/salt/upstream/shaping.sls
+++ b/salt/upstream/shaping.sls
@ -0,0 +1,12 @@
+{%- set upstream = pillar['upstream'] %}
+
+iptables:
+  pkg.installed: []
+
+/etc/network/if-up.d/shaping:
+  file.managed:
+    - source: salt://upstream/shaping
+    - template: 'jinja'
+    - mode: 755
+    - require:
+        - pkg: tc