blob: 723c1d978a244b621fd85d6f1f1061bc6a87203a [file] [log] [blame]
Matteo Scandoloaca86652017-08-08 13:05:27 -07001
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
Scott Baker761e1062016-06-20 17:18:17 -070017---
18- hosts: {{ instance_name }}
19 gather_facts: False
20 connection: ssh
Sapan Bhatia2c954122017-02-05 20:42:14 -080021 become_user: {{ username }}
22
Scott Baker761e1062016-06-20 17:18:17 -070023 vars:
24 container_name: {{ container_name }}
25 cdn_enable: {{ cdn_enable }}
26 dnsdemux_ip: {{ dnsdemux_ip }}
27 firewall_enable: {{ firewall_enable }}
28 url_filter_enable: {{ url_filter_enable }}
29 c_tags:
30 {% for c_tag in c_tags %}
31 - {{ c_tag }}
32 {% endfor %}
33 s_tags:
34 {% for s_tag in s_tags %}
35 - {{ s_tag }}
36 {% endfor %}
37 firewall_rules:
38 {% for firewall_rule in firewall_rules.split("\n") %}
39 - {{ firewall_rule }}
40 {% endfor %}
41 cdn_prefixes:
42 {% for prefix in cdn_prefixes %}
43 - {{ prefix }}
44 {% endfor %}
45 bbs_addrs:
46 {% for bbs_addr in bbs_addrs %}
47 - {{ bbs_addr }}
48 {% endfor %}
49 dns_servers:
50 {% for dns_server in dns_servers %}
51 - {{ dns_server }}
52 {% endfor %}
53 nat_ip: {{ nat_ip }}
54 nat_mac: {{ nat_mac }}
55 lan_ip: {{ lan_ip }}
56 lan_mac: {{ lan_mac }}
57 wan_ip: {{ wan_ip }}
58 wan_mac: {{ wan_mac }}
59 wan_container_mac: {{ wan_container_mac }}
60 wan_next_hop: 10.0.1.253 # FIX ME
61 private_ip: {{ private_ip }}
62 private_mac: {{ private_mac }}
63 hpc_client_ip: {{ hpc_client_ip }}
64 hpc_client_mac: {{ hpc_client_mac }}
65 keystone_tenant_id: {{ keystone_tenant_id }}
66 keystone_user_id: {{ keystone_user_id }}
67 rabbit_user: {{ rabbit_user }}
68 rabbit_password: {{ rabbit_password }}
69 rabbit_host: {{ rabbit_host }}
70 safe_browsing:
71 {% for mac in safe_browsing_macs %}
72 - {{ mac }}
73 {% endfor %}
74 uplink_speed: {{ uplink_speed }}
75 downlink_speed: {{ downlink_speed }}
76 status: {{ status }}
77 enable_uverse: {{ enable_uverse }}
78 url_filter_kind: {{ url_filter_kind }}
79
80 tasks:
81 - name: Verify if vcpe_stats_notifier ([] is to avoid capturing the shell process) cron job is already running
82 shell: pgrep -f [v]cpe_stats_notifier | wc -l
83 register: cron_job_pids_count
84
85# - name: DEBUG
86# debug: var=cron_job_pids_count.stdout
87
88 - name: make sure ~/bin exists
89 file: path=~/bin state=directory owner=root group=root
90 when: cron_job_pids_count.stdout == "0"
91
92 - name: Copy cron job to destination
93 copy: src=/opt/xos/synchronizers/vsg/vcpe_stats_notifier.py
94 dest=~/bin/vcpe_stats_notifier.py
95 when: cron_job_pids_count.stdout == "0"
96
97 - name: install python-kombu
98 apt: name=python-kombu state=present
99 when: cron_job_pids_count.stdout == "0"
100
101 - name: Initiate vcpe_stats_notifier cron job
102 command: python ~/bin/vcpe_stats_notifier.py --keystone_tenant_id={{ keystone_tenant_id }} --keystone_user_id={{ keystone_user_id }} --rabbit_user={{ rabbit_user }} --rabbit_password={{ rabbit_password }} --rabbit_host={{ rabbit_host }} --vcpeservice_rabbit_exchange='vcpeservice'
103 async: 9999999999999999
104 poll: 0
105 when: cron_job_pids_count.stdout == "0"
106
107 - name: vCPE basic dnsmasq config
108 copy: src=/opt/xos/synchronizers/vsg/files/vcpe.dnsmasq dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/vcpe.conf owner=root group=root
109 notify:
110 - restart dnsmasq
111
112 - name: dnsmasq config
113 template: src=/opt/xos/synchronizers/vsg/templates/dnsmasq_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/servers.conf owner=root group=root
114 notify:
115 - restart dnsmasq
116
117 - name: create directory for "safe" config
118 file: path=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe state=directory
119
120 - name: dnsmasq "safe" config
121 template: src=/opt/xos/synchronizers/vsg/templates/dnsmasq_safe_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/servers.conf owner=root group=root
122 notify:
123 - restart dnsmasq
124
125 - name: copy base ufw files
126 synchronize: src=/opt/xos/synchronizers/vsg/files/etc/ufw/ dest=/var/container_volumes/{{ container_name }}/etc/ufw/
127 notify:
128 - reload ufw
129
130 - name: redirection rules for safe DNS
131 template: src=/opt/xos/synchronizers/vsg/templates/before.rules.j2 dest=/var/container_volumes/{{ container_name }}/etc/ufw/before.rules owner=root group=root
132 notify:
133 - reload ufw
134
135 - name: base ufw setup uses /etc/rc.local
136 copy: src=/opt/xos/synchronizers/vsg/files/etc/rc.local dest=/var/container_volumes/{{ container_name }}/etc/ owner=root group=root
137 notify:
138 - copy in /etc/rc.local
139
140 handlers:
141 # Dnsmasq is automatically restarted in the container
142 - name: restart dnsmasq
143 shell: docker exec {{ container_name }} /usr/bin/killall dnsmasq
144
145 - name: reload ufw
146 shell: docker exec {{ container_name }} bash -c "/sbin/iptables -t nat -F PREROUTING; /usr/sbin/ufw reload"
147
148 # Use docker cp instead of single-file volume
149 # The reason is that changes to external file volume don't show up inside the container
150 # Probably Ansible deletes and then recreates the external file, and container has old version
151 - name: copy in /etc/rc.local
152 shell: docker cp /var/container_volumes/{{ container_name }}/etc/rc.local {{ container_name }}:/etc/