From 3f76c8bf8b8e7044c05bc5a25e3ff0d917b97dcb Mon Sep 17 00:00:00 2001 From: Jake Howard <git@theorangeone.net> Date: Tue, 3 Sep 2024 20:18:26 +0100 Subject: [PATCH 1/5] Add role to install clatd --- .../competitorsvcs.studentrobotics.org.yml | 4 +++ playbook.yml | 1 + roles/clatd/README.md | 5 ++++ roles/clatd/defaults/main.yml | 1 + roles/clatd/handlers/main.yml | 4 +++ roles/clatd/tasks/main.yml | 30 +++++++++++++++++++ roles/clatd/templates/clatd.conf | 0 roles/clatd/vars/main.yml | 1 + 8 files changed, 46 insertions(+) create mode 100644 roles/clatd/README.md create mode 100644 roles/clatd/defaults/main.yml create mode 100644 roles/clatd/handlers/main.yml create mode 100644 roles/clatd/tasks/main.yml create mode 100644 roles/clatd/templates/clatd.conf create mode 100644 roles/clatd/vars/main.yml diff --git a/host_vars/competitorsvcs.studentrobotics.org.yml b/host_vars/competitorsvcs.studentrobotics.org.yml index e586f5a..ca2cc0d 100644 --- a/host_vars/competitorsvcs.studentrobotics.org.yml +++ b/host_vars/competitorsvcs.studentrobotics.org.yml @@ -11,3 +11,7 @@ add_hsts_header: true certbot_certs: - domains: - "{{ canonical_hostname }}" + +# Mythic have additionally routed this IP to the VM +clatd_conf: | + clat-v6-addr=2a00:1098:80:bc::2 diff --git a/playbook.yml b/playbook.yml index 5f68400..eb3977d 100644 --- a/playbook.yml +++ b/playbook.yml @@ -20,6 +20,7 @@ roles: - competitor-services-nginx - code-submitter + - clatd - discord-bot - name: Kit services diff --git a/roles/clatd/README.md b/roles/clatd/README.md new file mode 100644 index 0000000..6816b3c --- /dev/null +++ b/roles/clatd/README.md @@ -0,0 +1,5 @@ +# [`clatd`](https://github.com/toreanderson/clatd) + +A CLAT / SIIT-DC Edge Relay implementation for Linux. + +Used to provide IPv4 outbound connectivity to an IPv6-only VM. diff --git a/roles/clatd/defaults/main.yml b/roles/clatd/defaults/main.yml new file mode 100644 index 0000000..66f3064 --- /dev/null +++ b/roles/clatd/defaults/main.yml @@ -0,0 +1 @@ +clatd_conf: "" diff --git a/roles/clatd/handlers/main.yml b/roles/clatd/handlers/main.yml new file mode 100644 index 0000000..27fdca0 --- /dev/null +++ b/roles/clatd/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Restart clatd + service: + name: clatd + state: restarted diff --git a/roles/clatd/tasks/main.yml b/roles/clatd/tasks/main.yml new file mode 100644 index 0000000..0c03353 --- /dev/null +++ b/roles/clatd/tasks/main.yml @@ -0,0 +1,30 @@ +- name: Download + git: + repo: https://github.com/toreanderson/clatd + dest: "{{ install_dir }}" + force: true + version: 3ea303b5210bf701df30323933c86f9ffe4d3dd4 + notify: Restart clatd + register: clatd_repo + +- name: Install + community.general.make: + chdir: "{{ install_dir }}" + targets: + - installdeps # Install system dependencies + - install # Install clatd + when: clatd_repo.changed # noqa: no-handler - Use a handler to ensure execution order + notify: Restart clatd + +- name: Install configuration + copy: + content: "{{ clatd_conf }}" + dest: /etc/clatd.conf + mode: "0644" + notify: Restart clatd + +- name: Enable service + service: + name: clatd + state: started + enabled: true diff --git a/roles/clatd/templates/clatd.conf b/roles/clatd/templates/clatd.conf new file mode 100644 index 0000000..e69de29 diff --git a/roles/clatd/vars/main.yml b/roles/clatd/vars/main.yml new file mode 100644 index 0000000..ad5abb6 --- /dev/null +++ b/roles/clatd/vars/main.yml @@ -0,0 +1 @@ +install_dir: /opt/clatd From 117d39bf0813161846e30a29bca0a5dea15bcc10 Mon Sep 17 00:00:00 2001 From: Jake Howard <git@theorangeone.net> Date: Thu, 5 Sep 2024 19:46:20 +0100 Subject: [PATCH 2/5] Improve documentation on `clat-v6-addr` --- roles/clatd/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/clatd/README.md b/roles/clatd/README.md index 6816b3c..9aa9484 100644 --- a/roles/clatd/README.md +++ b/roles/clatd/README.md @@ -3,3 +3,5 @@ A CLAT / SIIT-DC Edge Relay implementation for Linux. Used to provide IPv4 outbound connectivity to an IPv6-only VM. + +It's likely `clat-v6-addr` will need to be configured to assign the correct IP to the created `clat` interface. This may require an additional IPv6 address be routed to the VM. This is configured with the `clatd_conf` variable. From 45d3e3e1c0b9bccc8c1b5a74054a405118ee45e3 Mon Sep 17 00:00:00 2001 From: Jake Howard <git@theorangeone.net> Date: Thu, 5 Sep 2024 19:46:41 +0100 Subject: [PATCH 3/5] Remove empty file This was left over from development --- roles/clatd/templates/clatd.conf | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 roles/clatd/templates/clatd.conf diff --git a/roles/clatd/templates/clatd.conf b/roles/clatd/templates/clatd.conf deleted file mode 100644 index e69de29..0000000 From a544b9de7cde3dfaa88e45db32f85a1ee9baa9a0 Mon Sep 17 00:00:00 2001 From: Jake Howard <git@theorangeone.net> Date: Thu, 5 Sep 2024 20:34:55 +0100 Subject: [PATCH 4/5] Use version file to make clatd install idempotent --- roles/clatd/tasks/main.yml | 23 +++++++++++++++++++++-- roles/clatd/vars/main.yml | 1 + 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/roles/clatd/tasks/main.yml b/roles/clatd/tasks/main.yml index 0c03353..7b3d624 100644 --- a/roles/clatd/tasks/main.yml +++ b/roles/clatd/tasks/main.yml @@ -4,8 +4,19 @@ dest: "{{ install_dir }}" force: true version: 3ea303b5210bf701df30323933c86f9ffe4d3dd4 - notify: Restart clatd register: clatd_repo + notify: Restart clatd + +- name: Get installed version (if installed) + slurp: + src: "{{ installed_version_file }}" + ignore_errors: true # Ignore if the file is missing, since it's about to be created + register: installed_version_slurp + +- name: Resolve installed version + set_fact: + installed_version: "{{ installed_version_slurp.content | b64decode }}" + when: not installed_version_slurp.failed - name: Install community.general.make: @@ -13,8 +24,16 @@ targets: - installdeps # Install system dependencies - install # Install clatd - when: clatd_repo.changed # noqa: no-handler - Use a handler to ensure execution order + when: installed_version is not defined or clatd_repo.after not in installed_version # noqa: no-handler - Use a handler to ensure execution order notify: Restart clatd + register: install_clatd + +- name: Update installed version + copy: + content: "{{ clatd_repo.after }}" + dest: "{{ installed_version_file }}" + mode: "0644" + when: install_clatd.changed # noqa: no-handler - Use a handler to ensure execution order - name: Install configuration copy: diff --git a/roles/clatd/vars/main.yml b/roles/clatd/vars/main.yml index ad5abb6..9993952 100644 --- a/roles/clatd/vars/main.yml +++ b/roles/clatd/vars/main.yml @@ -1 +1,2 @@ install_dir: /opt/clatd +installed_version_file: /opt/clatd.version From 869a2d0f4d555274ee4b2b8570ae5750a35d1afc Mon Sep 17 00:00:00 2001 From: Jake Howard <git@theorangeone.net> Date: Thu, 5 Sep 2024 21:27:17 +0100 Subject: [PATCH 5/5] Only require specific clatd address to be defined YAGNAE --- host_vars/competitorsvcs.studentrobotics.org.yml | 3 +-- roles/clatd/README.md | 2 +- roles/clatd/defaults/main.yml | 1 - roles/clatd/tasks/main.yml | 4 ++-- roles/clatd/templates/clatd.conf | 3 +++ 5 files changed, 7 insertions(+), 6 deletions(-) delete mode 100644 roles/clatd/defaults/main.yml create mode 100644 roles/clatd/templates/clatd.conf diff --git a/host_vars/competitorsvcs.studentrobotics.org.yml b/host_vars/competitorsvcs.studentrobotics.org.yml index ca2cc0d..adc169e 100644 --- a/host_vars/competitorsvcs.studentrobotics.org.yml +++ b/host_vars/competitorsvcs.studentrobotics.org.yml @@ -13,5 +13,4 @@ certbot_certs: - "{{ canonical_hostname }}" # Mythic have additionally routed this IP to the VM -clatd_conf: | - clat-v6-addr=2a00:1098:80:bc::2 +clat_v6_addr: 2a00:1098:80:bc::2 diff --git a/roles/clatd/README.md b/roles/clatd/README.md index 9aa9484..00e7f8c 100644 --- a/roles/clatd/README.md +++ b/roles/clatd/README.md @@ -4,4 +4,4 @@ A CLAT / SIIT-DC Edge Relay implementation for Linux. Used to provide IPv4 outbound connectivity to an IPv6-only VM. -It's likely `clat-v6-addr` will need to be configured to assign the correct IP to the created `clat` interface. This may require an additional IPv6 address be routed to the VM. This is configured with the `clatd_conf` variable. +It's likely `clat-v6-addr` will need to be configured to assign the correct IP to the created `clat` interface. This may require an additional IPv6 address be routed to the VM. diff --git a/roles/clatd/defaults/main.yml b/roles/clatd/defaults/main.yml deleted file mode 100644 index 66f3064..0000000 --- a/roles/clatd/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -clatd_conf: "" diff --git a/roles/clatd/tasks/main.yml b/roles/clatd/tasks/main.yml index 7b3d624..cbec919 100644 --- a/roles/clatd/tasks/main.yml +++ b/roles/clatd/tasks/main.yml @@ -36,8 +36,8 @@ when: install_clatd.changed # noqa: no-handler - Use a handler to ensure execution order - name: Install configuration - copy: - content: "{{ clatd_conf }}" + template: + src: clatd.conf dest: /etc/clatd.conf mode: "0644" notify: Restart clatd diff --git a/roles/clatd/templates/clatd.conf b/roles/clatd/templates/clatd.conf new file mode 100644 index 0000000..b36510d --- /dev/null +++ b/roles/clatd/templates/clatd.conf @@ -0,0 +1,3 @@ +{% if clat_v6_addr is defined %} +clat-v6-addr={{ clat_v6_addr }} +{% endif %}