blob: b7968b2c796b019977428e07d1605e44db9c529a [file] [log] [blame]
# Copyright 2017-present Open Networking Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- hosts: {{ instance_name }}
#gather_facts: False
connection: ssh
become_user: ubuntu
vars:
container_name: {{ container_name }}
cdn_enable: {{ cdn_enable }}
dnsdemux_ip: {{ dnsdemux_ip }}
firewall_enable: {{ firewall_enable }}
url_filter_enable: {{ url_filter_enable }}
docker_remote_image_name: {{ docker_remote_image_name }}
docker_local_image_name: {{ docker_local_image_name }}
docker_opts: {{ docker_opts }}
c_tags:
{% for c_tag in c_tags %}
- {{ c_tag }}
{% endfor %}
s_tags:
{% for s_tag in s_tags %}
- {{ s_tag }}
{% endfor %}
firewall_rules:
{% for firewall_rule in firewall_rules.split("\n") %}
- {{ firewall_rule }}
{% endfor %}
cdn_prefixes:
{% for prefix in cdn_prefixes %}
- {{ prefix }}
{% endfor %}
dns_servers:
{% for dns_server in dns_servers %}
- {{ dns_server }}
{% endfor %}
nat_ip: {{ nat_ip }}
nat_mac: {{ nat_mac }}
lan_ip: {{ lan_ip }}
lan_mac: {{ lan_mac }}
wan_ip: {{ wan_ip }}
wan_mac: {{ wan_mac }}
wan_container_ip: {{ wan_container_ip }}
wan_container_netbits: {{ wan_container_netbits }}
wan_container_mac: {{ wan_container_mac }}
wan_container_gateway_ip: {{ wan_container_gateway_ip }}
wan_vm_ip: {{ wan_vm_ip }}
wan_vm_mac: {{ wan_vm_mac }}
wan_next_hop: 10.0.1.253 # FIX ME
private_ip: {{ private_ip }}
private_mac: {{ private_mac }}
hpc_client_ip: {{ hpc_client_ip }}
hpc_client_mac: {{ hpc_client_mac }}
keystone_tenant_id: {{ keystone_tenant_id }}
keystone_user_id: {{ keystone_user_id }}
rabbit_user: {{ rabbit_user }}
rabbit_password: {{ rabbit_password }}
rabbit_host: {{ rabbit_host }}
safe_browsing:
{% for mac in safe_browsing_macs %}
- {{ mac }}
{% endfor %}
uplink_speed: {{ uplink_speed }}
downlink_speed: {{ downlink_speed }}
status: {{ status }}
enable_uverse: {{ enable_uverse }}
url_filter_kind: {{ url_filter_kind }}
tasks:
- name: Add hostname to /etc/hosts
lineinfile: dest=/etc/hosts
regexp='^127\.0\.0\.1'
line="127.0.0.1 localhost {{ '{{' }} ansible_hostname {{ '}}' }}"
owner=root group=root mode=0644
- name: Verify that bridge-utils is installed
shell: stat /sbin/brctl
- name: Verify that docker is installed
shell: stat /usr/bin/docker
- name: Check to see if network is setup
stat: path=/root/network_is_setup
register: network_is_setup
- name: set up the network
shell: "{{ '{{' }} item {{ '}}' }}"
with_items:
- ip link del link eth0 eth0.500 || true
- ip link add link eth0 eth0.500 type vlan id 500
- ip link set eth0.500 up
- ifconfig br-wan down || true
- brctl delbr br-wan || true
- brctl addbr br-wan
- brctl addif br-wan eth0.500
- ifconfig br-wan hw ether {{ wan_vm_mac }}
- ip addr add {{ wan_vm_ip }}/{{ wan_container_netbits }} dev br-wan
- ip link set br-wan up
- ip route del default || true
- ip route add default via {{ wan_container_gateway_ip }}
- ip link set dev br-wan promisc on
when: network_is_setup.stat.exists == False
- name: Remember that the network is setup, so we never do the above again
shell: touch /root/network_is_setup
{% if full_setup %}
- name: Check to see if environment is setup
stat: path=/root/environment_is_setup
register: environment_is_setup
# Everything here is now baked into the vSG image
# Leave this spot in place for future temporary setup stuff
- name: Remember that the environment is setup, so we never do the above again
shell: touch /root/environment_is_setup
- name: Verify if vsg_stats_notifier ([] is to avoid capturing the shell process) cron job is already running
shell: pgrep -f [v]sg_stats_notifier | wc -l
register: cron_job_pids_count
# - name: DEBUG
# debug: var=cron_job_pids_count.stdout
# - name: make sure ~/bin exists
# file: path=~/bin state=directory owner=root group=root
# when: cron_job_pids_count.stdout == "0"
# - name: Copy cron job to destination
# copy: src=/opt/xos/synchronizers/vsg/vsg_stats_notifier.py
# dest=/usr/local/sbin/vsg_stats_notifier.py
# when: cron_job_pids_count.stdout == "0"
# - name: install python-kombu
# apt: name=python-kombu state=present
# when: cron_job_pids_count.stdout == "0"
# - name: Initiate vsg_stats_notifier cron job
# command: sudo python /usr/local/sbin/vsg_stats_notifier.py --keystone_tenant_id={{ keystone_tenant_id }} --keystone_user_id={{ keystone_user_id }} --rabbit_user={{ rabbit_user }} --rabbit_password={{ rabbit_password }} --rabbit_host={{ rabbit_host }} --vcpeservice_rabbit_exchange='vcpeservice'
# async: 9999999999999999
# poll: 0
# when: cron_job_pids_count.stdout == "0"
{% endif %}
- name: Set docker options
template: src=/opt/xos/synchronizers/vsg/templates/docker.j2 dest=/etc/default/docker
notify:
- restart docker
- name: vSG upstart
template: src=/opt/xos/synchronizers/vsg/templates/vsg.conf.j2 dest=/etc/init/{{ container_name }}.conf
- name: vSG startup script
template: src=/opt/xos/synchronizers/vsg/templates/start-vsg-vtn.sh.j2 dest=/usr/local/sbin/start-{{ container_name }}.sh mode=0755
notify:
# - restart vsg
- stop vsg
- remove container
- start vsg
- name: create /var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/
file: path=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe state=directory owner=root group=root
- name: vSG basic dnsmasq config
copy: src=/opt/xos/synchronizers/vsg/files/vsg.dnsmasq dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/vsg.conf owner=root group=root
notify:
- restart dnsmasq
- name: dnsmasq config
template: src=/opt/xos/synchronizers/vsg/templates/dnsmasq_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/servers.conf owner=root group=root
notify:
- restart dnsmasq
- name: dnsmasq "safe" config
template: src=/opt/xos/synchronizers/vsg/templates/dnsmasq_safe_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/servers.conf owner=root group=root
notify:
- restart dnsmasq
- name: create /var/container_volumes/{{ container_name }}/mount/
file: path=/var/container_volumes/{{ container_name }}/mount state=directory owner=root group=root
- name: redirection rules for safe DNS
template: src=/opt/xos/synchronizers/vsg/templates/before.rules.j2 dest=/var/container_volumes/{{ container_name }}/mount/before.rules owner=root group=root mode=0644
notify:
- reload ufw
- name: base ufw setup uses /etc/rc.local
template: src=/opt/xos/synchronizers/vsg/templates/rc.local.j2 dest=/var/container_volumes/{{ container_name }}/mount/rc.local owner=root group=root mode=0755
notify:
- rerun /etc/rc.local
- name: create directory for local programs
file: path=/var/container_volumes/{{ container_name }}/usr/local/sbin state=directory
- name: bandwidth limit script
template: src=/opt/xos/synchronizers/vsg/templates/bwlimit.sh.j2 dest=/var/container_volumes/{{ container_name }}/usr/local/sbin/bwlimit.sh owner=root group=root mode=0755
notify:
- reset bwlimits
- name: create directory for simple webserver
file: path=/var/container_volumes/{{ container_name }}/etc/service/message state=directory
- name: copy simple webserver
copy: src=/opt/xos/synchronizers/vsg/files/etc/service/ dest=/var/container_volumes/{{ container_name }}/etc/service/ owner=root group=root
when: status != "enabled"
- name: make webserver script executable
file: path=/var/container_volumes/{{ container_name }}/etc/service/message/run mode=0755
when: status != "enabled"
- name: generate the message page
template: src=/opt/xos/synchronizers/vsg/templates/message.html.j2 dest=/var/container_volumes/{{ container_name }}/etc/service/message/message.html owner=root group=root mode=0644
when: status != "enabled"
#notify: restart vsg
- name: remove simple webserver
file: path=/var/container_volumes/{{ container_name }}/etc/service/message/run state=absent
when: status == "enabled"
#notify: restart vsg
- name: Make sure vSG service is running
service: name={{ container_name }} state=started
handlers:
# Dnsmasq is automatically restarted in the container
- name: restart dnsmasq
shell: docker exec {{ container_name }} killall dnsmasq
- name: stop vsg
service: name={{ container_name }} state=stopped
- name: remove container
docker: name={{ container_name }} state=absent image=docker-vsg
- name: start vsg
service: name={{ container_name }} state=started
- name: reload ufw
shell: docker exec {{ container_name }} bash -c "/sbin/iptables -t nat -F PREROUTING; /sbin/iptables -t nat -F POSTROUTING; /usr/sbin/ufw reload"
- name: rerun /etc/rc.local
shell: docker exec {{ container_name }} bash -c "/etc/rc.local"
- name: reset bwlimits
shell: docker exec {{ container_name }} bash -c "/usr/local/sbin/bwlimit.sh restart"
- name: restart vsg
shell: service {{ container_name }} stop; sleep 1; service {{ container_name }} start
- name: restart docker
shell: service docker restart