blob: b7968b2c796b019977428e07d1605e44db9c529a [file] [log] [blame]
Matteo Scandoloaca86652017-08-08 13:05:27 -07001
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
Scott Baker761e1062016-06-20 17:18:17 -070017---
18- hosts: {{ instance_name }}
19 #gather_facts: False
20 connection: ssh
Sapan Bhatia2c954122017-02-05 20:42:14 -080021 become_user: ubuntu
22
Scott Baker761e1062016-06-20 17:18:17 -070023 vars:
24 container_name: {{ container_name }}
25 cdn_enable: {{ cdn_enable }}
26 dnsdemux_ip: {{ dnsdemux_ip }}
27 firewall_enable: {{ firewall_enable }}
28 url_filter_enable: {{ url_filter_enable }}
Scott Baker8e66d662016-10-13 13:22:49 -070029 docker_remote_image_name: {{ docker_remote_image_name }}
30 docker_local_image_name: {{ docker_local_image_name }}
31 docker_opts: {{ docker_opts }}
Scott Baker761e1062016-06-20 17:18:17 -070032 c_tags:
33 {% for c_tag in c_tags %}
34 - {{ c_tag }}
35 {% endfor %}
36 s_tags:
37 {% for s_tag in s_tags %}
38 - {{ s_tag }}
39 {% endfor %}
40 firewall_rules:
41 {% for firewall_rule in firewall_rules.split("\n") %}
42 - {{ firewall_rule }}
43 {% endfor %}
44 cdn_prefixes:
45 {% for prefix in cdn_prefixes %}
46 - {{ prefix }}
47 {% endfor %}
Scott Baker761e1062016-06-20 17:18:17 -070048 dns_servers:
49 {% for dns_server in dns_servers %}
50 - {{ dns_server }}
51 {% endfor %}
52 nat_ip: {{ nat_ip }}
53 nat_mac: {{ nat_mac }}
54 lan_ip: {{ lan_ip }}
55 lan_mac: {{ lan_mac }}
56 wan_ip: {{ wan_ip }}
57 wan_mac: {{ wan_mac }}
58 wan_container_ip: {{ wan_container_ip }}
59 wan_container_netbits: {{ wan_container_netbits }}
60 wan_container_mac: {{ wan_container_mac }}
61 wan_container_gateway_ip: {{ wan_container_gateway_ip }}
62 wan_vm_ip: {{ wan_vm_ip }}
63 wan_vm_mac: {{ wan_vm_mac }}
64 wan_next_hop: 10.0.1.253 # FIX ME
65 private_ip: {{ private_ip }}
66 private_mac: {{ private_mac }}
67 hpc_client_ip: {{ hpc_client_ip }}
68 hpc_client_mac: {{ hpc_client_mac }}
69 keystone_tenant_id: {{ keystone_tenant_id }}
70 keystone_user_id: {{ keystone_user_id }}
71 rabbit_user: {{ rabbit_user }}
72 rabbit_password: {{ rabbit_password }}
73 rabbit_host: {{ rabbit_host }}
74 safe_browsing:
75 {% for mac in safe_browsing_macs %}
76 - {{ mac }}
77 {% endfor %}
78 uplink_speed: {{ uplink_speed }}
79 downlink_speed: {{ downlink_speed }}
80 status: {{ status }}
81 enable_uverse: {{ enable_uverse }}
82 url_filter_kind: {{ url_filter_kind }}
83
84
85 tasks:
86 - name: Add hostname to /etc/hosts
87 lineinfile: dest=/etc/hosts
88 regexp='^127\.0\.0\.1'
89 line="127.0.0.1 localhost {{ '{{' }} ansible_hostname {{ '}}' }}"
90 owner=root group=root mode=0644
91
92 - name: Verify that bridge-utils is installed
93 shell: stat /sbin/brctl
94
95 - name: Verify that docker is installed
96 shell: stat /usr/bin/docker
97
98 - name: Check to see if network is setup
99 stat: path=/root/network_is_setup
100 register: network_is_setup
101
102 - name: set up the network
103 shell: "{{ '{{' }} item {{ '}}' }}"
104 with_items:
105 - ip link del link eth0 eth0.500 || true
106 - ip link add link eth0 eth0.500 type vlan id 500
107 - ip link set eth0.500 up
108 - ifconfig br-wan down || true
109 - brctl delbr br-wan || true
110 - brctl addbr br-wan
111 - brctl addif br-wan eth0.500
112 - ifconfig br-wan hw ether {{ wan_vm_mac }}
113 - ip addr add {{ wan_vm_ip }}/{{ wan_container_netbits }} dev br-wan
114 - ip link set br-wan up
115 - ip route del default || true
116 - ip route add default via {{ wan_container_gateway_ip }}
117 - ip link set dev br-wan promisc on
118 when: network_is_setup.stat.exists == False
119
120 - name: Remember that the network is setup, so we never do the above again
121 shell: touch /root/network_is_setup
122
123{% if full_setup %}
124 - name: Check to see if environment is setup
125 stat: path=/root/environment_is_setup
126 register: environment_is_setup
127
Scott Baker645c0c52017-09-15 10:38:32 -0700128# Everything here is now baked into the vSG image
Scott Baker761e1062016-06-20 17:18:17 -0700129# Leave this spot in place for future temporary setup stuff
130
131 - name: Remember that the environment is setup, so we never do the above again
132 shell: touch /root/environment_is_setup
133
Scott Baker645c0c52017-09-15 10:38:32 -0700134 - name: Verify if vsg_stats_notifier ([] is to avoid capturing the shell process) cron job is already running
135 shell: pgrep -f [v]sg_stats_notifier | wc -l
Scott Baker761e1062016-06-20 17:18:17 -0700136 register: cron_job_pids_count
137
138# - name: DEBUG
139# debug: var=cron_job_pids_count.stdout
140
141# - name: make sure ~/bin exists
142# file: path=~/bin state=directory owner=root group=root
143# when: cron_job_pids_count.stdout == "0"
144
145# - name: Copy cron job to destination
Scott Baker645c0c52017-09-15 10:38:32 -0700146# copy: src=/opt/xos/synchronizers/vsg/vsg_stats_notifier.py
147# dest=/usr/local/sbin/vsg_stats_notifier.py
Scott Baker761e1062016-06-20 17:18:17 -0700148# when: cron_job_pids_count.stdout == "0"
149
150# - name: install python-kombu
151# apt: name=python-kombu state=present
152# when: cron_job_pids_count.stdout == "0"
153
Scott Baker645c0c52017-09-15 10:38:32 -0700154# - name: Initiate vsg_stats_notifier cron job
155# command: sudo python /usr/local/sbin/vsg_stats_notifier.py --keystone_tenant_id={{ keystone_tenant_id }} --keystone_user_id={{ keystone_user_id }} --rabbit_user={{ rabbit_user }} --rabbit_password={{ rabbit_password }} --rabbit_host={{ rabbit_host }} --vcpeservice_rabbit_exchange='vcpeservice'
Scott Baker761e1062016-06-20 17:18:17 -0700156# async: 9999999999999999
157# poll: 0
158# when: cron_job_pids_count.stdout == "0"
159{% endif %}
160
Scott Baker8e66d662016-10-13 13:22:49 -0700161 - name: Set docker options
162 template: src=/opt/xos/synchronizers/vsg/templates/docker.j2 dest=/etc/default/docker
163 notify:
164 - restart docker
165
Scott Baker645c0c52017-09-15 10:38:32 -0700166 - name: vSG upstart
167 template: src=/opt/xos/synchronizers/vsg/templates/vsg.conf.j2 dest=/etc/init/{{ container_name }}.conf
Scott Baker761e1062016-06-20 17:18:17 -0700168
Scott Baker645c0c52017-09-15 10:38:32 -0700169 - name: vSG startup script
170 template: src=/opt/xos/synchronizers/vsg/templates/start-vsg-vtn.sh.j2 dest=/usr/local/sbin/start-{{ container_name }}.sh mode=0755
Scott Baker761e1062016-06-20 17:18:17 -0700171 notify:
Scott Baker645c0c52017-09-15 10:38:32 -0700172# - restart vsg
173 - stop vsg
Scott Baker761e1062016-06-20 17:18:17 -0700174 - remove container
Scott Baker645c0c52017-09-15 10:38:32 -0700175 - start vsg
Scott Baker761e1062016-06-20 17:18:17 -0700176
177 - name: create /var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/
178 file: path=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe state=directory owner=root group=root
179
Scott Baker645c0c52017-09-15 10:38:32 -0700180 - name: vSG basic dnsmasq config
181 copy: src=/opt/xos/synchronizers/vsg/files/vsg.dnsmasq dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/vsg.conf owner=root group=root
Scott Baker761e1062016-06-20 17:18:17 -0700182 notify:
183 - restart dnsmasq
184
185 - name: dnsmasq config
186 template: src=/opt/xos/synchronizers/vsg/templates/dnsmasq_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/servers.conf owner=root group=root
187 notify:
188 - restart dnsmasq
189
190 - name: dnsmasq "safe" config
191 template: src=/opt/xos/synchronizers/vsg/templates/dnsmasq_safe_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/servers.conf owner=root group=root
192 notify:
193 - restart dnsmasq
194
195 - name: create /var/container_volumes/{{ container_name }}/mount/
196 file: path=/var/container_volumes/{{ container_name }}/mount state=directory owner=root group=root
197
198 - name: redirection rules for safe DNS
199 template: src=/opt/xos/synchronizers/vsg/templates/before.rules.j2 dest=/var/container_volumes/{{ container_name }}/mount/before.rules owner=root group=root mode=0644
200 notify:
201 - reload ufw
202
203 - name: base ufw setup uses /etc/rc.local
204 template: src=/opt/xos/synchronizers/vsg/templates/rc.local.j2 dest=/var/container_volumes/{{ container_name }}/mount/rc.local owner=root group=root mode=0755
205 notify:
206 - rerun /etc/rc.local
207
208 - name: create directory for local programs
209 file: path=/var/container_volumes/{{ container_name }}/usr/local/sbin state=directory
210
211 - name: bandwidth limit script
212 template: src=/opt/xos/synchronizers/vsg/templates/bwlimit.sh.j2 dest=/var/container_volumes/{{ container_name }}/usr/local/sbin/bwlimit.sh owner=root group=root mode=0755
213 notify:
214 - reset bwlimits
215
216 - name: create directory for simple webserver
217 file: path=/var/container_volumes/{{ container_name }}/etc/service/message state=directory
218
219 - name: copy simple webserver
220 copy: src=/opt/xos/synchronizers/vsg/files/etc/service/ dest=/var/container_volumes/{{ container_name }}/etc/service/ owner=root group=root
221 when: status != "enabled"
222
223 - name: make webserver script executable
224 file: path=/var/container_volumes/{{ container_name }}/etc/service/message/run mode=0755
225 when: status != "enabled"
226
227 - name: generate the message page
228 template: src=/opt/xos/synchronizers/vsg/templates/message.html.j2 dest=/var/container_volumes/{{ container_name }}/etc/service/message/message.html owner=root group=root mode=0644
229 when: status != "enabled"
Scott Baker645c0c52017-09-15 10:38:32 -0700230 #notify: restart vsg
Scott Baker761e1062016-06-20 17:18:17 -0700231
232 - name: remove simple webserver
233 file: path=/var/container_volumes/{{ container_name }}/etc/service/message/run state=absent
234 when: status == "enabled"
Scott Baker645c0c52017-09-15 10:38:32 -0700235 #notify: restart vsg
Scott Baker761e1062016-06-20 17:18:17 -0700236
Scott Baker645c0c52017-09-15 10:38:32 -0700237 - name: Make sure vSG service is running
Scott Baker761e1062016-06-20 17:18:17 -0700238 service: name={{ container_name }} state=started
239
240 handlers:
241 # Dnsmasq is automatically restarted in the container
242 - name: restart dnsmasq
243 shell: docker exec {{ container_name }} killall dnsmasq
244
Scott Baker645c0c52017-09-15 10:38:32 -0700245 - name: stop vsg
Scott Baker761e1062016-06-20 17:18:17 -0700246 service: name={{ container_name }} state=stopped
247
248 - name: remove container
Scott Baker645c0c52017-09-15 10:38:32 -0700249 docker: name={{ container_name }} state=absent image=docker-vsg
Scott Baker761e1062016-06-20 17:18:17 -0700250
Scott Baker645c0c52017-09-15 10:38:32 -0700251 - name: start vsg
Scott Baker761e1062016-06-20 17:18:17 -0700252 service: name={{ container_name }} state=started
253
254 - name: reload ufw
255 shell: docker exec {{ container_name }} bash -c "/sbin/iptables -t nat -F PREROUTING; /sbin/iptables -t nat -F POSTROUTING; /usr/sbin/ufw reload"
256
257 - name: rerun /etc/rc.local
258 shell: docker exec {{ container_name }} bash -c "/etc/rc.local"
259
260 - name: reset bwlimits
261 shell: docker exec {{ container_name }} bash -c "/usr/local/sbin/bwlimit.sh restart"
262
Scott Baker645c0c52017-09-15 10:38:32 -0700263 - name: restart vsg
Scott Baker761e1062016-06-20 17:18:17 -0700264 shell: service {{ container_name }} stop; sleep 1; service {{ container_name }} start
Scott Baker8e66d662016-10-13 13:22:49 -0700265
266 - name: restart docker
267 shell: service docker restart