Gitiles
Code Review Sign In
gerrit.opencord.org / vsg / 5563f10bdaf5544b3aa7d571731c40d368d50359 / . / xos / synchronizer / steps / sync_vcpetenant_vtn.yaml
blob: 02263548a917011077f6431d7812410c7803ae39 [file] [log] [blame]
Scott Baker761e1062016-06-20 17:18:17 -0700[diff] [blame]1---
2- hosts: {{ instance_name }}
3 #gather_facts: False
4 connection: ssh
5 user: ubuntu
6 sudo: yes
7 vars:
8 container_name: {{ container_name }}
9 cdn_enable: {{ cdn_enable }}
10 dnsdemux_ip: {{ dnsdemux_ip }}
11 firewall_enable: {{ firewall_enable }}
12 url_filter_enable: {{ url_filter_enable }}
13 c_tags:
14 {% for c_tag in c_tags %}
15 - {{ c_tag }}
16 {% endfor %}
17 s_tags:
18 {% for s_tag in s_tags %}
19 - {{ s_tag }}
20 {% endfor %}
21 firewall_rules:
22 {% for firewall_rule in firewall_rules.split("\n") %}
23 - {{ firewall_rule }}
24 {% endfor %}
25 cdn_prefixes:
26 {% for prefix in cdn_prefixes %}
27 - {{ prefix }}
28 {% endfor %}
29 bbs_addrs:
30 {% for bbs_addr in bbs_addrs %}
31 - {{ bbs_addr }}
32 {% endfor %}
33 dns_servers:
34 {% for dns_server in dns_servers %}
35 - {{ dns_server }}
36 {% endfor %}
37 nat_ip: {{ nat_ip }}
38 nat_mac: {{ nat_mac }}
39 lan_ip: {{ lan_ip }}
40 lan_mac: {{ lan_mac }}
41 wan_ip: {{ wan_ip }}
42 wan_mac: {{ wan_mac }}
43 wan_container_ip: {{ wan_container_ip }}
44 wan_container_netbits: {{ wan_container_netbits }}
45 wan_container_mac: {{ wan_container_mac }}
46 wan_container_gateway_ip: {{ wan_container_gateway_ip }}
47 wan_vm_ip: {{ wan_vm_ip }}
48 wan_vm_mac: {{ wan_vm_mac }}
49 wan_next_hop: 10.0.1.253 # FIX ME
50 private_ip: {{ private_ip }}
51 private_mac: {{ private_mac }}
52 hpc_client_ip: {{ hpc_client_ip }}
53 hpc_client_mac: {{ hpc_client_mac }}
54 keystone_tenant_id: {{ keystone_tenant_id }}
55 keystone_user_id: {{ keystone_user_id }}
56 rabbit_user: {{ rabbit_user }}
57 rabbit_password: {{ rabbit_password }}
58 rabbit_host: {{ rabbit_host }}
59 safe_browsing:
60 {% for mac in safe_browsing_macs %}
61 - {{ mac }}
62 {% endfor %}
63 uplink_speed: {{ uplink_speed }}
64 downlink_speed: {{ downlink_speed }}
65 status: {{ status }}
66 enable_uverse: {{ enable_uverse }}
67 url_filter_kind: {{ url_filter_kind }}
68
69
70 tasks:
71 - name: Add hostname to /etc/hosts
72 lineinfile: dest=/etc/hosts
73 regexp='^127\.0\.0\.1'
74 line="127.0.0.1 localhost {{ '{{' }} ansible_hostname {{ '}}' }}"
75 owner=root group=root mode=0644
76
77 - name: Verify that bridge-utils is installed
78 shell: stat /sbin/brctl
79
80 - name: Verify that docker is installed
81 shell: stat /usr/bin/docker
82
83 - name: Check to see if network is setup
84 stat: path=/root/network_is_setup
85 register: network_is_setup
86
87 - name: set up the network
88 shell: "{{ '{{' }} item {{ '}}' }}"
89 with_items:
90 - ip link del link eth0 eth0.500 || true
91 - ip link add link eth0 eth0.500 type vlan id 500
92 - ip link set eth0.500 up
93 - ifconfig br-wan down || true
94 - brctl delbr br-wan || true
95 - brctl addbr br-wan
96 - brctl addif br-wan eth0.500
97 - ifconfig br-wan hw ether {{ wan_vm_mac }}
98 - ip addr add {{ wan_vm_ip }}/{{ wan_container_netbits }} dev br-wan
99 - ip link set br-wan up
100 - ip route del default || true
101 - ip route add default via {{ wan_container_gateway_ip }}
102 - ip link set dev br-wan promisc on
103 when: network_is_setup.stat.exists == False
104
105 - name: Remember that the network is setup, so we never do the above again
106 shell: touch /root/network_is_setup
107
108{% if full_setup %}
109 - name: Check to see if environment is setup
110 stat: path=/root/environment_is_setup
111 register: environment_is_setup
112
113# Everything here is now baked into the vCPE image
114# Leave this spot in place for future temporary setup stuff
115
116 - name: Remember that the environment is setup, so we never do the above again
117 shell: touch /root/environment_is_setup
118
119 - name: Verify if vcpe_stats_notifier ([] is to avoid capturing the shell process) cron job is already running
120 shell: pgrep -f [v]cpe_stats_notifier | wc -l
121 register: cron_job_pids_count
122
123# - name: DEBUG
124# debug: var=cron_job_pids_count.stdout
125
126# - name: make sure ~/bin exists
127# file: path=~/bin state=directory owner=root group=root
128# when: cron_job_pids_count.stdout == "0"
129
130# - name: Copy cron job to destination
131# copy: src=/opt/xos/synchronizers/vsg/vcpe_stats_notifier.py
132# dest=/usr/local/sbin/vcpe_stats_notifier.py
133# when: cron_job_pids_count.stdout == "0"
134
135# - name: install python-kombu
136# apt: name=python-kombu state=present
137# when: cron_job_pids_count.stdout == "0"
138
139# - name: Initiate vcpe_stats_notifier cron job
140# command: sudo python /usr/local/sbin/vcpe_stats_notifier.py --keystone_tenant_id={{ keystone_tenant_id }} --keystone_user_id={{ keystone_user_id }} --rabbit_user={{ rabbit_user }} --rabbit_password={{ rabbit_password }} --rabbit_host={{ rabbit_host }} --vcpeservice_rabbit_exchange='vcpeservice'
141# async: 9999999999999999
142# poll: 0
143# when: cron_job_pids_count.stdout == "0"
144{% endif %}
145
146 - name: vCPE upstart
147 template: src=/opt/xos/synchronizers/vsg/templates/vcpe.conf.j2 dest=/etc/init/{{ container_name }}.conf
148
149 - name: vCPE startup script
150 template: src=/opt/xos/synchronizers/vsg/templates/start-vcpe-vtn.sh.j2 dest=/usr/local/sbin/start-{{ container_name }}.sh mode=0755
151 notify:
152# - restart vcpe
153 - stop vcpe
154 - remove container
155 - start vcpe
156
157 - name: create /var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/
158 file: path=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe state=directory owner=root group=root
159
160 - name: vCPE basic dnsmasq config
161 copy: src=/opt/xos/synchronizers/vsg/files/vcpe.dnsmasq dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/vcpe.conf owner=root group=root
162 notify:
163 - restart dnsmasq
164
165 - name: dnsmasq config
166 template: src=/opt/xos/synchronizers/vsg/templates/dnsmasq_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/servers.conf owner=root group=root
167 notify:
168 - restart dnsmasq
169
170 - name: dnsmasq "safe" config
171 template: src=/opt/xos/synchronizers/vsg/templates/dnsmasq_safe_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/servers.conf owner=root group=root
172 notify:
173 - restart dnsmasq
174
175 - name: create /var/container_volumes/{{ container_name }}/mount/
176 file: path=/var/container_volumes/{{ container_name }}/mount state=directory owner=root group=root
177
178 - name: redirection rules for safe DNS
179 template: src=/opt/xos/synchronizers/vsg/templates/before.rules.j2 dest=/var/container_volumes/{{ container_name }}/mount/before.rules owner=root group=root mode=0644
180 notify:
181 - reload ufw
182
183 - name: base ufw setup uses /etc/rc.local
184 template: src=/opt/xos/synchronizers/vsg/templates/rc.local.j2 dest=/var/container_volumes/{{ container_name }}/mount/rc.local owner=root group=root mode=0755
185 notify:
186 - rerun /etc/rc.local
187
188 - name: create directory for local programs
189 file: path=/var/container_volumes/{{ container_name }}/usr/local/sbin state=directory
190
191 - name: bandwidth limit script
192 template: src=/opt/xos/synchronizers/vsg/templates/bwlimit.sh.j2 dest=/var/container_volumes/{{ container_name }}/usr/local/sbin/bwlimit.sh owner=root group=root mode=0755
193 notify:
194 - reset bwlimits
195
196 - name: create directory for simple webserver
197 file: path=/var/container_volumes/{{ container_name }}/etc/service/message state=directory
198
199 - name: copy simple webserver
200 copy: src=/opt/xos/synchronizers/vsg/files/etc/service/ dest=/var/container_volumes/{{ container_name }}/etc/service/ owner=root group=root
201 when: status != "enabled"
202
203 - name: make webserver script executable
204 file: path=/var/container_volumes/{{ container_name }}/etc/service/message/run mode=0755
205 when: status != "enabled"
206
207 - name: generate the message page
208 template: src=/opt/xos/synchronizers/vsg/templates/message.html.j2 dest=/var/container_volumes/{{ container_name }}/etc/service/message/message.html owner=root group=root mode=0644
209 when: status != "enabled"
210 #notify: restart vcpe
211
212 - name: remove simple webserver
213 file: path=/var/container_volumes/{{ container_name }}/etc/service/message/run state=absent
214 when: status == "enabled"
215 #notify: restart vcpe
216
217 - name: Make sure vCPE service is running
218 service: name={{ container_name }} state=started
219
220 handlers:
221 # Dnsmasq is automatically restarted in the container
222 - name: restart dnsmasq
223 shell: docker exec {{ container_name }} killall dnsmasq
224
225 - name: stop vcpe
226 service: name={{ container_name }} state=stopped
227
228 - name: remove container
229 docker: name={{ container_name }} state=absent image=docker-vcpe
230
231 - name: start vcpe
232 service: name={{ container_name }} state=started
233
234 - name: reload ufw
235 shell: docker exec {{ container_name }} bash -c "/sbin/iptables -t nat -F PREROUTING; /sbin/iptables -t nat -F POSTROUTING; /usr/sbin/ufw reload"
236
237 - name: rerun /etc/rc.local
238 shell: docker exec {{ container_name }} bash -c "/etc/rc.local"
239
240 - name: reset bwlimits
241 shell: docker exec {{ container_name }} bash -c "/usr/local/sbin/bwlimit.sh restart"
242
243 - name: restart vcpe
244 shell: service {{ container_name }} stop; sleep 1; service {{ container_name }} start