move vsg service from XOS
diff --git a/xos/synchronizer/steps/sync_vcpetenant_vtn.yaml b/xos/synchronizer/steps/sync_vcpetenant_vtn.yaml
new file mode 100644
index 0000000..0226354
--- /dev/null
+++ b/xos/synchronizer/steps/sync_vcpetenant_vtn.yaml
@@ -0,0 +1,244 @@
+---
+- hosts: {{ instance_name }}
+ #gather_facts: False
+ connection: ssh
+ user: ubuntu
+ sudo: yes
+ vars:
+ container_name: {{ container_name }}
+ cdn_enable: {{ cdn_enable }}
+ dnsdemux_ip: {{ dnsdemux_ip }}
+ firewall_enable: {{ firewall_enable }}
+ url_filter_enable: {{ url_filter_enable }}
+ c_tags:
+ {% for c_tag in c_tags %}
+ - {{ c_tag }}
+ {% endfor %}
+ s_tags:
+ {% for s_tag in s_tags %}
+ - {{ s_tag }}
+ {% endfor %}
+ firewall_rules:
+ {% for firewall_rule in firewall_rules.split("\n") %}
+ - {{ firewall_rule }}
+ {% endfor %}
+ cdn_prefixes:
+ {% for prefix in cdn_prefixes %}
+ - {{ prefix }}
+ {% endfor %}
+ bbs_addrs:
+ {% for bbs_addr in bbs_addrs %}
+ - {{ bbs_addr }}
+ {% endfor %}
+ dns_servers:
+ {% for dns_server in dns_servers %}
+ - {{ dns_server }}
+ {% endfor %}
+ nat_ip: {{ nat_ip }}
+ nat_mac: {{ nat_mac }}
+ lan_ip: {{ lan_ip }}
+ lan_mac: {{ lan_mac }}
+ wan_ip: {{ wan_ip }}
+ wan_mac: {{ wan_mac }}
+ wan_container_ip: {{ wan_container_ip }}
+ wan_container_netbits: {{ wan_container_netbits }}
+ wan_container_mac: {{ wan_container_mac }}
+ wan_container_gateway_ip: {{ wan_container_gateway_ip }}
+ wan_vm_ip: {{ wan_vm_ip }}
+ wan_vm_mac: {{ wan_vm_mac }}
+ wan_next_hop: 10.0.1.253 # FIX ME
+ private_ip: {{ private_ip }}
+ private_mac: {{ private_mac }}
+ hpc_client_ip: {{ hpc_client_ip }}
+ hpc_client_mac: {{ hpc_client_mac }}
+ keystone_tenant_id: {{ keystone_tenant_id }}
+ keystone_user_id: {{ keystone_user_id }}
+ rabbit_user: {{ rabbit_user }}
+ rabbit_password: {{ rabbit_password }}
+ rabbit_host: {{ rabbit_host }}
+ safe_browsing:
+ {% for mac in safe_browsing_macs %}
+ - {{ mac }}
+ {% endfor %}
+ uplink_speed: {{ uplink_speed }}
+ downlink_speed: {{ downlink_speed }}
+ status: {{ status }}
+ enable_uverse: {{ enable_uverse }}
+ url_filter_kind: {{ url_filter_kind }}
+
+
+ tasks:
+ - name: Add hostname to /etc/hosts
+ lineinfile: dest=/etc/hosts
+ regexp='^127\.0\.0\.1'
+ line="127.0.0.1 localhost {{ '{{' }} ansible_hostname {{ '}}' }}"
+ owner=root group=root mode=0644
+
+ - name: Verify that bridge-utils is installed
+ shell: stat /sbin/brctl
+
+ - name: Verify that docker is installed
+ shell: stat /usr/bin/docker
+
+ - name: Check to see if network is setup
+ stat: path=/root/network_is_setup
+ register: network_is_setup
+
+ - name: set up the network
+ shell: "{{ '{{' }} item {{ '}}' }}"
+ with_items:
+ - ip link del link eth0 eth0.500 || true
+ - ip link add link eth0 eth0.500 type vlan id 500
+ - ip link set eth0.500 up
+ - ifconfig br-wan down || true
+ - brctl delbr br-wan || true
+ - brctl addbr br-wan
+ - brctl addif br-wan eth0.500
+ - ifconfig br-wan hw ether {{ wan_vm_mac }}
+ - ip addr add {{ wan_vm_ip }}/{{ wan_container_netbits }} dev br-wan
+ - ip link set br-wan up
+ - ip route del default || true
+ - ip route add default via {{ wan_container_gateway_ip }}
+ - ip link set dev br-wan promisc on
+ when: network_is_setup.stat.exists == False
+
+ - name: Remember that the network is setup, so we never do the above again
+ shell: touch /root/network_is_setup
+
+{% if full_setup %}
+ - name: Check to see if environment is setup
+ stat: path=/root/environment_is_setup
+ register: environment_is_setup
+
+# Everything here is now baked into the vCPE image
+# Leave this spot in place for future temporary setup stuff
+
+ - name: Remember that the environment is setup, so we never do the above again
+ shell: touch /root/environment_is_setup
+
+ - name: Verify if vcpe_stats_notifier ([] is to avoid capturing the shell process) cron job is already running
+ shell: pgrep -f [v]cpe_stats_notifier | wc -l
+ register: cron_job_pids_count
+
+# - name: DEBUG
+# debug: var=cron_job_pids_count.stdout
+
+# - name: make sure ~/bin exists
+# file: path=~/bin state=directory owner=root group=root
+# when: cron_job_pids_count.stdout == "0"
+
+# - name: Copy cron job to destination
+# copy: src=/opt/xos/synchronizers/vsg/vcpe_stats_notifier.py
+# dest=/usr/local/sbin/vcpe_stats_notifier.py
+# when: cron_job_pids_count.stdout == "0"
+
+# - name: install python-kombu
+# apt: name=python-kombu state=present
+# when: cron_job_pids_count.stdout == "0"
+
+# - name: Initiate vcpe_stats_notifier cron job
+# command: sudo python /usr/local/sbin/vcpe_stats_notifier.py --keystone_tenant_id={{ keystone_tenant_id }} --keystone_user_id={{ keystone_user_id }} --rabbit_user={{ rabbit_user }} --rabbit_password={{ rabbit_password }} --rabbit_host={{ rabbit_host }} --vcpeservice_rabbit_exchange='vcpeservice'
+# async: 9999999999999999
+# poll: 0
+# when: cron_job_pids_count.stdout == "0"
+{% endif %}
+
+ - name: vCPE upstart
+ template: src=/opt/xos/synchronizers/vsg/templates/vcpe.conf.j2 dest=/etc/init/{{ container_name }}.conf
+
+ - name: vCPE startup script
+ template: src=/opt/xos/synchronizers/vsg/templates/start-vcpe-vtn.sh.j2 dest=/usr/local/sbin/start-{{ container_name }}.sh mode=0755
+ notify:
+# - restart vcpe
+ - stop vcpe
+ - remove container
+ - start vcpe
+
+ - name: create /var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/
+ file: path=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe state=directory owner=root group=root
+
+ - name: vCPE basic dnsmasq config
+ copy: src=/opt/xos/synchronizers/vsg/files/vcpe.dnsmasq dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/vcpe.conf owner=root group=root
+ notify:
+ - restart dnsmasq
+
+ - name: dnsmasq config
+ template: src=/opt/xos/synchronizers/vsg/templates/dnsmasq_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/servers.conf owner=root group=root
+ notify:
+ - restart dnsmasq
+
+ - name: dnsmasq "safe" config
+ template: src=/opt/xos/synchronizers/vsg/templates/dnsmasq_safe_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/servers.conf owner=root group=root
+ notify:
+ - restart dnsmasq
+
+ - name: create /var/container_volumes/{{ container_name }}/mount/
+ file: path=/var/container_volumes/{{ container_name }}/mount state=directory owner=root group=root
+
+ - name: redirection rules for safe DNS
+ template: src=/opt/xos/synchronizers/vsg/templates/before.rules.j2 dest=/var/container_volumes/{{ container_name }}/mount/before.rules owner=root group=root mode=0644
+ notify:
+ - reload ufw
+
+ - name: base ufw setup uses /etc/rc.local
+ template: src=/opt/xos/synchronizers/vsg/templates/rc.local.j2 dest=/var/container_volumes/{{ container_name }}/mount/rc.local owner=root group=root mode=0755
+ notify:
+ - rerun /etc/rc.local
+
+ - name: create directory for local programs
+ file: path=/var/container_volumes/{{ container_name }}/usr/local/sbin state=directory
+
+ - name: bandwidth limit script
+ template: src=/opt/xos/synchronizers/vsg/templates/bwlimit.sh.j2 dest=/var/container_volumes/{{ container_name }}/usr/local/sbin/bwlimit.sh owner=root group=root mode=0755
+ notify:
+ - reset bwlimits
+
+ - name: create directory for simple webserver
+ file: path=/var/container_volumes/{{ container_name }}/etc/service/message state=directory
+
+ - name: copy simple webserver
+ copy: src=/opt/xos/synchronizers/vsg/files/etc/service/ dest=/var/container_volumes/{{ container_name }}/etc/service/ owner=root group=root
+ when: status != "enabled"
+
+ - name: make webserver script executable
+ file: path=/var/container_volumes/{{ container_name }}/etc/service/message/run mode=0755
+ when: status != "enabled"
+
+ - name: generate the message page
+ template: src=/opt/xos/synchronizers/vsg/templates/message.html.j2 dest=/var/container_volumes/{{ container_name }}/etc/service/message/message.html owner=root group=root mode=0644
+ when: status != "enabled"
+ #notify: restart vcpe
+
+ - name: remove simple webserver
+ file: path=/var/container_volumes/{{ container_name }}/etc/service/message/run state=absent
+ when: status == "enabled"
+ #notify: restart vcpe
+
+ - name: Make sure vCPE service is running
+ service: name={{ container_name }} state=started
+
+ handlers:
+ # Dnsmasq is automatically restarted in the container
+ - name: restart dnsmasq
+ shell: docker exec {{ container_name }} killall dnsmasq
+
+ - name: stop vcpe
+ service: name={{ container_name }} state=stopped
+
+ - name: remove container
+ docker: name={{ container_name }} state=absent image=docker-vcpe
+
+ - name: start vcpe
+ service: name={{ container_name }} state=started
+
+ - name: reload ufw
+ shell: docker exec {{ container_name }} bash -c "/sbin/iptables -t nat -F PREROUTING; /sbin/iptables -t nat -F POSTROUTING; /usr/sbin/ufw reload"
+
+ - name: rerun /etc/rc.local
+ shell: docker exec {{ container_name }} bash -c "/etc/rc.local"
+
+ - name: reset bwlimits
+ shell: docker exec {{ container_name }} bash -c "/usr/local/sbin/bwlimit.sh restart"
+
+ - name: restart vcpe
+ shell: service {{ container_name }} stop; sleep 1; service {{ container_name }} start