Blame - xos/synchronizer/steps/sync_vegtenant_new.yaml - vEG

blob: 2941caec92655f7cdae815e944ba7c6b23f17cb2 [file] [log] [blame]

Andrea Campanella	edfdbca	2017-02-01 17:33:47 -0800	[diff] [blame]	1	---
				2	- hosts: {{ instance_name }}
				3	gather_facts: False
				4	connection: ssh
Andrea Campanella	08c14ca	2017-03-31 16:13:09 +0200	[diff] [blame^]	5	become_user: {{ username }}
				6
Andrea Campanella	edfdbca	2017-02-01 17:33:47 -0800	[diff] [blame]	7	vars:
				8	container_name: {{ container_name }}
				9	cdn_enable: {{ cdn_enable }}
				10	dnsdemux_ip: {{ dnsdemux_ip }}
				11	firewall_enable: {{ firewall_enable }}
				12	url_filter_enable: {{ url_filter_enable }}
				13	c_tags:
				14	{% for c_tag in c_tags %}
				15	- {{ c_tag }}
				16	{% endfor %}
				17	s_tags:
				18	{% for s_tag in s_tags %}
				19	- {{ s_tag }}
				20	{% endfor %}
				21	firewall_rules:
				22	{% for firewall_rule in firewall_rules.split("\n") %}
				23	- {{ firewall_rule }}
				24	{% endfor %}
				25	cdn_prefixes:
				26	{% for prefix in cdn_prefixes %}
				27	- {{ prefix }}
				28	{% endfor %}
				29	bbs_addrs:
				30	{% for bbs_addr in bbs_addrs %}
				31	- {{ bbs_addr }}
				32	{% endfor %}
				33	dns_servers:
				34	{% for dns_server in dns_servers %}
				35	- {{ dns_server }}
				36	{% endfor %}
				37	nat_ip: {{ nat_ip }}
				38	nat_mac: {{ nat_mac }}
				39	lan_ip: {{ lan_ip }}
				40	lan_mac: {{ lan_mac }}
				41	wan_ip: {{ wan_ip }}
				42	wan_mac: {{ wan_mac }}
				43	wan_container_mac: {{ wan_container_mac }}
				44	wan_next_hop: 10.0.1.253 # FIX ME
				45	private_ip: {{ private_ip }}
				46	private_mac: {{ private_mac }}
				47	hpc_client_ip: {{ hpc_client_ip }}
				48	hpc_client_mac: {{ hpc_client_mac }}
				49	keystone_tenant_id: {{ keystone_tenant_id }}
				50	keystone_user_id: {{ keystone_user_id }}
				51	rabbit_user: {{ rabbit_user }}
				52	rabbit_password: {{ rabbit_password }}
				53	rabbit_host: {{ rabbit_host }}
				54	safe_browsing:
				55	{% for mac in safe_browsing_macs %}
				56	- {{ mac }}
				57	{% endfor %}
				58	uplink_speed: {{ uplink_speed }}
				59	downlink_speed: {{ downlink_speed }}
				60	status: {{ status }}
				61	enable_uverse: {{ enable_uverse }}
				62	url_filter_kind: {{ url_filter_kind }}
				63
				64	tasks:
				65	- name: Verify if veg_stats_notifier ([] is to avoid capturing the shell process) cron job is already running
Andrea Campanella	08c14ca	2017-03-31 16:13:09 +0200	[diff] [blame^]	66	shell: pgrep -f [v]veg_stats_notifier \| wc -l
Andrea Campanella	edfdbca	2017-02-01 17:33:47 -0800	[diff] [blame]	67	register: cron_job_pids_count
				68
				69	# - name: DEBUG
				70	# debug: var=cron_job_pids_count.stdout
				71
				72	- name: make sure ~/bin exists
				73	file: path=~/bin state=directory owner=root group=root
				74	when: cron_job_pids_count.stdout == "0"
				75
				76	- name: Copy cron job to destination
				77	copy: src=/opt/xos/synchronizers/veg/veg_stats_notifier.py
				78	dest=~/bin/veg_stats_notifier.py
				79	when: cron_job_pids_count.stdout == "0"
				80
				81	- name: install python-kombu
				82	apt: name=python-kombu state=present
				83	when: cron_job_pids_count.stdout == "0"
				84
				85	- name: Initiate veg_stats_notifier cron job
				86	command: python ~/bin/veg_stats_notifier.py --keystone_tenant_id={{ keystone_tenant_id }} --keystone_user_id={{ keystone_user_id }} --rabbit_user={{ rabbit_user }} --rabbit_password={{ rabbit_password }} --rabbit_host={{ rabbit_host }} --vegservice_rabbit_exchange='vegservice'
				87	async: 9999999999999999
				88	poll: 0
				89	when: cron_job_pids_count.stdout == "0"
				90
				91	- name: vEG basic dnsmasq config
				92	copy: src=/opt/xos/synchronizers/veg/files/veg.dnsmasq dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/veg.conf owner=root group=root
				93	notify:
				94	- restart dnsmasq
				95
				96	- name: dnsmasq config
				97	template: src=/opt/xos/synchronizers/veg/templates/dnsmasq_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/servers.conf owner=root group=root
				98	notify:
				99	- restart dnsmasq
				100
				101	- name: create directory for "safe" config
				102	file: path=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe state=directory
				103
				104	- name: dnsmasq "safe" config
				105	template: src=/opt/xos/synchronizers/veg/templates/dnsmasq_safe_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/servers.conf owner=root group=root
				106	notify:
				107	- restart dnsmasq
				108
				109	- name: copy base ufw files
				110	synchronize: src=/opt/xos/synchronizers/veg/files/etc/ufw/ dest=/var/container_volumes/{{ container_name }}/etc/ufw/
				111	notify:
				112	- reload ufw
				113
				114	- name: redirection rules for safe DNS
				115	template: src=/opt/xos/synchronizers/veg/templates/before.rules.j2 dest=/var/container_volumes/{{ container_name }}/etc/ufw/before.rules owner=root group=root
				116	notify:
				117	- reload ufw
				118
				119	- name: base ufw setup uses /etc/rc.local
				120	copy: src=/opt/xos/synchronizers/veg/files/etc/rc.local dest=/var/container_volumes/{{ container_name }}/etc/ owner=root group=root
				121	notify:
				122	- copy in /etc/rc.local
				123
				124	handlers:
				125	# Dnsmasq is automatically restarted in the container
				126	- name: restart dnsmasq
				127	shell: docker exec {{ container_name }} /usr/bin/killall dnsmasq
				128
				129	- name: reload ufw
				130	shell: docker exec {{ container_name }} bash -c "/sbin/iptables -t nat -F PREROUTING; /usr/sbin/ufw reload"
				131
				132	# Use docker cp instead of single-file volume
				133	# The reason is that changes to external file volume don't show up inside the container
				134	# Probably Ansible deletes and then recreates the external file, and container has old version
				135	- name: copy in /etc/rc.local
				136	shell: docker cp /var/container_volumes/{{ container_name }}/etc/rc.local {{ container_name }}:/etc/