From fb65984b0bfa56dfcbad0ad1ef25cdd5f3f0828b Mon Sep 17 00:00:00 2001 From: Astro Date: Wed, 16 Nov 2016 02:22:59 +0100 Subject: [PATCH] fixes, upstream2, upstream.shaping --- salt-pillar/hosts/init.sls | 1 + salt-pillar/switches/init.sls | 2 +- salt-pillar/upstream/anon1.sls | 3 +++ salt-pillar/upstream/upstream1.sls | 3 +++ salt/lxc-containers-1/containers.yaml | 7 +++++++ salt/top.sls | 2 ++ salt/upstream/shaping | 9 +++++++++ salt/upstream/shaping.sls | 12 ++++++++++++ 8 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 salt/upstream/shaping create mode 100644 salt/upstream/shaping.sls diff --git a/salt-pillar/hosts/init.sls b/salt-pillar/hosts/init.sls index d3eceed..008506a 100644 --- a/salt-pillar/hosts/init.sls +++ b/salt-pillar/hosts/init.sls @@ -12,6 +12,7 @@ hosts-inet: priv1-gw: 172.20.72.4 priv2-gw: 172.20.72.5 upstream1: 172.20.72.6 + upstream2: 172.20.72.8 anon1: 172.20.72.7 pub: pub-gw: 172.20.76.1 diff --git a/salt-pillar/switches/init.sls b/salt-pillar/switches/init.sls index b07d089..2455ba1 100644 --- a/salt-pillar/switches/init.sls +++ b/salt-pillar/switches/init.sls @@ -136,7 +136,7 @@ switches: =/BZc -----END PGP MESSAGE----- -switch-b2: + switch-b2: model: '3com-4200G' location: Haus B Souterrain ports: diff --git a/salt-pillar/upstream/anon1.sls b/salt-pillar/upstream/anon1.sls index 840ca2c..10fc281 100644 --- a/salt-pillar/upstream/anon1.sls +++ b/salt-pillar/upstream/anon1.sls @@ -1,2 +1,5 @@ upstream: interface: ipredator + up-bandwidth: 2000 + flow-keys: nfct-src,nfct-dst + flows: 2048 diff --git a/salt-pillar/upstream/upstream1.sls b/salt-pillar/upstream/upstream1.sls index 7b370d6..a4e8985 100644 --- a/salt-pillar/upstream/upstream1.sls +++ b/salt-pillar/upstream/upstream1.sls @@ -1,2 +1,5 @@ upstream: interface: up1 + up-bandwidth: 6000 + flow-keys: nfct-src,nfct-dst + flows: 2048 diff --git a/salt/lxc-containers-1/containers.yaml b/salt/lxc-containers-1/containers.yaml index d255e93..4a5c5bc 100644 --- a/salt/lxc-containers-1/containers.yaml +++ b/salt/lxc-containers-1/containers.yaml @@ -33,6 +33,13 @@ upstream1: up1: type: phys +upstream2: + interfaces: + core: + type: veth + up1: + type: phys + anon1: interfaces: core: diff --git a/salt/top.sls b/salt/top.sls index 9969880..c03402b 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -15,6 +15,7 @@ base: - forwarding - ospf - upstream.dhcp + - upstream.shaping - unbound 'anon*': - no-ssh @@ -22,3 +23,4 @@ base: - ospf - vpn.openvpn - upstream.masquerade + - upstream.shaping diff --git a/salt/upstream/shaping b/salt/upstream/shaping new file mode 100644 index 000000000..cd7824e --- /dev/null +++ b/salt/upstream/shaping @@ -0,0 +1,9 @@ +#!/bin/sh + +if [ "$IFACE" = "{{ pillar['upstream']['interface'] }}" ]; then + tc qdisc del dev $IF_WAN root 2> /dev/null > /dev/null + tc qdisc add dev $IF_WAN root handle 1 hfsc default 1 + tc class add dev $IF_WAN parent 1: classid 1:1 hfsc sc rate ${UP_RATE}kbit ul rate {{ pillar['upstream']['up-bandwidth'] }}kbit + tc qdisc add dev $IF_WAN parent 1:1 handle 11: fq_codel + tc filter add dev $IF_WAN parent 11: handle 11 protocol all flow hash keys {{ pillar['upstream']['flow-keys'] }} divisor {{ pillar['upstream']['flows'] }} +fi diff --git a/salt/upstream/shaping.sls b/salt/upstream/shaping.sls new file mode 100644 index 000000000..c733e34 --- /dev/null +++ b/salt/upstream/shaping.sls @@ -0,0 +1,12 @@ +{%- set upstream = pillar['upstream'] %} + +iptables: + pkg.installed: [] + +/etc/network/if-up.d/shaping: + file.managed: + - source: salt://upstream/shaping + - template: 'jinja' + - mode: 755 + - require: + - pkg: tc