Gitiles
Code Review Sign In
gerrit.opencord.org / vEG / 5ec4a4641792cf69541653291e13782e8aed0d43 / . / xos / synchronizer / steps / sync_vegtenant_vtn.yaml
blob: 5a619ee42c2587b9cac298e035b5e2158bdb0fd7 [file] [log] [blame]
Andrea Campanellaedfdbca2017-02-01 17:33:47 -0800[diff] [blame]1---
2- hosts: {{ instance_name }}
3 #gather_facts: False
4 connection: ssh
Andrea Campanella08c14ca2017-03-31 16:13:09 +0200[diff] [blame]5 become_user: ubuntu
6
Andrea Campanellaedfdbca2017-02-01 17:33:47 -0800[diff] [blame]7 vars:
8 container_name: {{ container_name }}
9 cdn_enable: {{ cdn_enable }}
10 dnsdemux_ip: {{ dnsdemux_ip }}
11 firewall_enable: {{ firewall_enable }}
12 url_filter_enable: {{ url_filter_enable }}
13 docker_remote_image_name: {{ docker_remote_image_name }}
14 docker_local_image_name: {{ docker_local_image_name }}
15 docker_opts: {{ docker_opts }}
16 c_tags:
17 {% for c_tag in c_tags %}
18 - {{ c_tag }}
19 {% endfor %}
20 s_tags:
21 {% for s_tag in s_tags %}
22 - {{ s_tag }}
23 {% endfor %}
24 firewall_rules:
25 {% for firewall_rule in firewall_rules.split("\n") %}
26 - {{ firewall_rule }}
27 {% endfor %}
28 cdn_prefixes:
29 {% for prefix in cdn_prefixes %}
30 - {{ prefix }}
31 {% endfor %}
Andrea Campanellaedfdbca2017-02-01 17:33:47 -0800[diff] [blame]32 dns_servers:
33 {% for dns_server in dns_servers %}
34 - {{ dns_server }}
35 {% endfor %}
36 nat_ip: {{ nat_ip }}
37 nat_mac: {{ nat_mac }}
38 lan_ip: {{ lan_ip }}
39 lan_mac: {{ lan_mac }}
40 wan_ip: {{ wan_ip }}
41 wan_mac: {{ wan_mac }}
42 wan_container_ip: {{ wan_container_ip }}
43 wan_container_netbits: {{ wan_container_netbits }}
44 wan_container_mac: {{ wan_container_mac }}
45 wan_container_gateway_ip: {{ wan_container_gateway_ip }}
46 wan_vm_ip: {{ wan_vm_ip }}
47 wan_vm_mac: {{ wan_vm_mac }}
48 wan_next_hop: 10.0.1.253 # FIX ME
49 private_ip: {{ private_ip }}
50 private_mac: {{ private_mac }}
51 hpc_client_ip: {{ hpc_client_ip }}
52 hpc_client_mac: {{ hpc_client_mac }}
53 keystone_tenant_id: {{ keystone_tenant_id }}
54 keystone_user_id: {{ keystone_user_id }}
55 rabbit_user: {{ rabbit_user }}
56 rabbit_password: {{ rabbit_password }}
57 rabbit_host: {{ rabbit_host }}
58 safe_browsing:
59 {% for mac in safe_browsing_macs %}
60 - {{ mac }}
61 {% endfor %}
62 uplink_speed: {{ uplink_speed }}
63 downlink_speed: {{ downlink_speed }}
64 status: {{ status }}
65 enable_uverse: {{ enable_uverse }}
66 url_filter_kind: {{ url_filter_kind }}
67
68
69 tasks:
70 - name: Add hostname to /etc/hosts
71 lineinfile: dest=/etc/hosts
72 regexp='^127\.0\.0\.1'
73 line="127.0.0.1 localhost {{ '{{' }} ansible_hostname {{ '}}' }}"
74 owner=root group=root mode=0644
75
76 - name: Verify that bridge-utils is installed
77 shell: stat /sbin/brctl
78
79 - name: Verify that docker is installed
80 shell: stat /usr/bin/docker
81
82 - name: Check to see if network is setup
83 stat: path=/root/network_is_setup
84 register: network_is_setup
85
86 - name: set up the network
87 shell: "{{ '{{' }} item {{ '}}' }}"
88 with_items:
89 - ip link del link eth0 eth0.500 || true
90 - ip link add link eth0 eth0.500 type vlan id 500
91 - ip link set eth0.500 up
92 - ifconfig br-wan down || true
93 - brctl delbr br-wan || true
94 - brctl addbr br-wan
95 - brctl addif br-wan eth0.500
96 - ifconfig br-wan hw ether {{ wan_vm_mac }}
97 - ip addr add {{ wan_vm_ip }}/{{ wan_container_netbits }} dev br-wan
98 - ip link set br-wan up
99 - ip route del default || true
100 - ip route add default via {{ wan_container_gateway_ip }}
101 - ip link set dev br-wan promisc on
102 when: network_is_setup.stat.exists == False
103
104 - name: Remember that the network is setup, so we never do the above again
105 shell: touch /root/network_is_setup
106
107{% if full_setup %}
108 - name: Check to see if environment is setup
109 stat: path=/root/environment_is_setup
110 register: environment_is_setup
111
112# Everything here is now baked into the vEG image
113# Leave this spot in place for future temporary setup stuff
114
115 - name: Remember that the environment is setup, so we never do the above again
116 shell: touch /root/environment_is_setup
117
118 - name: Verify if veg_stats_notifier ([] is to avoid capturing the shell process) cron job is already running
Andrea Campanella08c14ca2017-03-31 16:13:09 +0200[diff] [blame]119 shell: pgrep -f [v]veg_stats_notifier | wc -l
Andrea Campanellaedfdbca2017-02-01 17:33:47 -0800[diff] [blame]120 register: cron_job_pids_count
121
122# - name: DEBUG
123# debug: var=cron_job_pids_count.stdout
124
125# - name: make sure ~/bin exists
126# file: path=~/bin state=directory owner=root group=root
127# when: cron_job_pids_count.stdout == "0"
128
129# - name: Copy cron job to destination
130# copy: src=/opt/xos/synchronizers/veg/veg_stats_notifier.py
131# dest=/usr/local/sbin/veg_stats_notifier.py
132# when: cron_job_pids_count.stdout == "0"
133
134# - name: install python-kombu
135# apt: name=python-kombu state=present
136# when: cron_job_pids_count.stdout == "0"
137
138# - name: Initiate veg_stats_notifier cron job
139# command: sudo python /usr/local/sbin/veg_stats_notifier.py --keystone_tenant_id={{ keystone_tenant_id }} --keystone_user_id={{ keystone_user_id }} --rabbit_user={{ rabbit_user }} --rabbit_password={{ rabbit_password }} --rabbit_host={{ rabbit_host }} --vegservice_rabbit_exchange='vegservice'
140# async: 9999999999999999
141# poll: 0
142# when: cron_job_pids_count.stdout == "0"
143{% endif %}
144
145 - name: Set docker options
146 template: src=/opt/xos/synchronizers/veg/templates/docker.j2 dest=/etc/default/docker
147 notify:
148 - restart docker
149
150 - name: vEG upstart
151 template: src=/opt/xos/synchronizers/veg/templates/veg.conf.j2 dest=/etc/init/{{ container_name }}.conf
152
153 - name: vEG startup script
154 template: src=/opt/xos/synchronizers/veg/templates/start-veg-vtn.sh.j2 dest=/usr/local/sbin/start-{{ container_name }}.sh mode=0755
155 notify:
156# - restart veg
157 - stop veg
158 - remove container
159 - start veg
160
161 - name: create /var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/
162 file: path=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe state=directory owner=root group=root
163
164 - name: vEG basic dnsmasq config
165 copy: src=/opt/xos/synchronizers/veg/files/veg.dnsmasq dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/veg.conf owner=root group=root
166 notify:
167 - restart dnsmasq
168
169 - name: dnsmasq config
170 template: src=/opt/xos/synchronizers/veg/templates/dnsmasq_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/servers.conf owner=root group=root
171 notify:
172 - restart dnsmasq
173
174 - name: dnsmasq "safe" config
175 template: src=/opt/xos/synchronizers/veg/templates/dnsmasq_safe_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/servers.conf owner=root group=root
176 notify:
177 - restart dnsmasq
178
179 - name: create /var/container_volumes/{{ container_name }}/mount/
180 file: path=/var/container_volumes/{{ container_name }}/mount state=directory owner=root group=root
181
182 - name: redirection rules for safe DNS
183 template: src=/opt/xos/synchronizers/veg/templates/before.rules.j2 dest=/var/container_volumes/{{ container_name }}/mount/before.rules owner=root group=root mode=0644
184 notify:
185 - reload ufw
186
187 - name: base ufw setup uses /etc/rc.local
188 template: src=/opt/xos/synchronizers/veg/templates/rc.local.j2 dest=/var/container_volumes/{{ container_name }}/mount/rc.local owner=root group=root mode=0755
189 notify:
190 - rerun /etc/rc.local
191
192 - name: create directory for local programs
193 file: path=/var/container_volumes/{{ container_name }}/usr/local/sbin state=directory
194
195 - name: bandwidth limit script
196 template: src=/opt/xos/synchronizers/veg/templates/bwlimit.sh.j2 dest=/var/container_volumes/{{ container_name }}/usr/local/sbin/bwlimit.sh owner=root group=root mode=0755
197 notify:
198 - reset bwlimits
199
200 - name: create directory for simple webserver
201 file: path=/var/container_volumes/{{ container_name }}/etc/service/message state=directory
202
203 - name: copy simple webserver
204 copy: src=/opt/xos/synchronizers/veg/files/etc/service/ dest=/var/container_volumes/{{ container_name }}/etc/service/ owner=root group=root
205 when: status != "enabled"
206
207 - name: make webserver script executable
208 file: path=/var/container_volumes/{{ container_name }}/etc/service/message/run mode=0755
209 when: status != "enabled"
210
211 - name: generate the message page
212 template: src=/opt/xos/synchronizers/veg/templates/message.html.j2 dest=/var/container_volumes/{{ container_name }}/etc/service/message/message.html owner=root group=root mode=0644
213 when: status != "enabled"
214 #notify: restart veg
215
216 - name: remove simple webserver
217 file: path=/var/container_volumes/{{ container_name }}/etc/service/message/run state=absent
218 when: status == "enabled"
219 #notify: restart veg
220
221 - name: Make sure vEG service is running
222 service: name={{ container_name }} state=started
223
224 handlers:
225 # Dnsmasq is automatically restarted in the container
226 - name: restart dnsmasq
227 shell: docker exec {{ container_name }} killall dnsmasq
228
229 - name: stop veg
230 service: name={{ container_name }} state=stopped
231
232 - name: remove container
233 docker: name={{ container_name }} state=absent image=docker-veg
234
235 - name: start veg
236 service: name={{ container_name }} state=started
237
238 - name: reload ufw
239 shell: docker exec {{ container_name }} bash -c "/sbin/iptables -t nat -F PREROUTING; /sbin/iptables -t nat -F POSTROUTING; /usr/sbin/ufw reload"
240
241 - name: rerun /etc/rc.local
242 shell: docker exec {{ container_name }} bash -c "/etc/rc.local"
243
244 - name: reset bwlimits
245 shell: docker exec {{ container_name }} bash -c "/usr/local/sbin/bwlimit.sh restart"
246
247 - name: restart veg
248 shell: service {{ container_name }} stop; sleep 1; service {{ container_name }} start
249
250 - name: restart docker
251 shell: service docker restart