Gitiles
Code Review Sign In
gerrit.opencord.org / vsg / 8e66d6651d1536539ddf31505167a0b20a97f183 / . / xos / synchronizer / steps / sync_vcpetenant_vtn.yaml
blob: 7e32bd0aa6a042b0cc3f23ffeda928f542246430 [file] [log] [blame]
Scott Baker761e1062016-06-20 17:18:17 -0700[diff] [blame]1---
2- hosts: {{ instance_name }}
3 #gather_facts: False
4 connection: ssh
5 user: ubuntu
6 sudo: yes
7 vars:
8 container_name: {{ container_name }}
9 cdn_enable: {{ cdn_enable }}
10 dnsdemux_ip: {{ dnsdemux_ip }}
11 firewall_enable: {{ firewall_enable }}
12 url_filter_enable: {{ url_filter_enable }}
Scott Baker8e66d662016-10-13 13:22:49 -0700[diff] [blame^]13 docker_remote_image_name: {{ docker_remote_image_name }}
14 docker_local_image_name: {{ docker_local_image_name }}
15 docker_opts: {{ docker_opts }}
Scott Baker761e1062016-06-20 17:18:17 -0700[diff] [blame]16 c_tags:
17 {% for c_tag in c_tags %}
18 - {{ c_tag }}
19 {% endfor %}
20 s_tags:
21 {% for s_tag in s_tags %}
22 - {{ s_tag }}
23 {% endfor %}
24 firewall_rules:
25 {% for firewall_rule in firewall_rules.split("\n") %}
26 - {{ firewall_rule }}
27 {% endfor %}
28 cdn_prefixes:
29 {% for prefix in cdn_prefixes %}
30 - {{ prefix }}
31 {% endfor %}
32 bbs_addrs:
33 {% for bbs_addr in bbs_addrs %}
34 - {{ bbs_addr }}
35 {% endfor %}
36 dns_servers:
37 {% for dns_server in dns_servers %}
38 - {{ dns_server }}
39 {% endfor %}
40 nat_ip: {{ nat_ip }}
41 nat_mac: {{ nat_mac }}
42 lan_ip: {{ lan_ip }}
43 lan_mac: {{ lan_mac }}
44 wan_ip: {{ wan_ip }}
45 wan_mac: {{ wan_mac }}
46 wan_container_ip: {{ wan_container_ip }}
47 wan_container_netbits: {{ wan_container_netbits }}
48 wan_container_mac: {{ wan_container_mac }}
49 wan_container_gateway_ip: {{ wan_container_gateway_ip }}
50 wan_vm_ip: {{ wan_vm_ip }}
51 wan_vm_mac: {{ wan_vm_mac }}
52 wan_next_hop: 10.0.1.253 # FIX ME
53 private_ip: {{ private_ip }}
54 private_mac: {{ private_mac }}
55 hpc_client_ip: {{ hpc_client_ip }}
56 hpc_client_mac: {{ hpc_client_mac }}
57 keystone_tenant_id: {{ keystone_tenant_id }}
58 keystone_user_id: {{ keystone_user_id }}
59 rabbit_user: {{ rabbit_user }}
60 rabbit_password: {{ rabbit_password }}
61 rabbit_host: {{ rabbit_host }}
62 safe_browsing:
63 {% for mac in safe_browsing_macs %}
64 - {{ mac }}
65 {% endfor %}
66 uplink_speed: {{ uplink_speed }}
67 downlink_speed: {{ downlink_speed }}
68 status: {{ status }}
69 enable_uverse: {{ enable_uverse }}
70 url_filter_kind: {{ url_filter_kind }}
71
72
73 tasks:
74 - name: Add hostname to /etc/hosts
75 lineinfile: dest=/etc/hosts
76 regexp='^127\.0\.0\.1'
77 line="127.0.0.1 localhost {{ '{{' }} ansible_hostname {{ '}}' }}"
78 owner=root group=root mode=0644
79
80 - name: Verify that bridge-utils is installed
81 shell: stat /sbin/brctl
82
83 - name: Verify that docker is installed
84 shell: stat /usr/bin/docker
85
86 - name: Check to see if network is setup
87 stat: path=/root/network_is_setup
88 register: network_is_setup
89
90 - name: set up the network
91 shell: "{{ '{{' }} item {{ '}}' }}"
92 with_items:
93 - ip link del link eth0 eth0.500 || true
94 - ip link add link eth0 eth0.500 type vlan id 500
95 - ip link set eth0.500 up
96 - ifconfig br-wan down || true
97 - brctl delbr br-wan || true
98 - brctl addbr br-wan
99 - brctl addif br-wan eth0.500
100 - ifconfig br-wan hw ether {{ wan_vm_mac }}
101 - ip addr add {{ wan_vm_ip }}/{{ wan_container_netbits }} dev br-wan
102 - ip link set br-wan up
103 - ip route del default || true
104 - ip route add default via {{ wan_container_gateway_ip }}
105 - ip link set dev br-wan promisc on
106 when: network_is_setup.stat.exists == False
107
108 - name: Remember that the network is setup, so we never do the above again
109 shell: touch /root/network_is_setup
110
111{% if full_setup %}
112 - name: Check to see if environment is setup
113 stat: path=/root/environment_is_setup
114 register: environment_is_setup
115
116# Everything here is now baked into the vCPE image
117# Leave this spot in place for future temporary setup stuff
118
119 - name: Remember that the environment is setup, so we never do the above again
120 shell: touch /root/environment_is_setup
121
122 - name: Verify if vcpe_stats_notifier ([] is to avoid capturing the shell process) cron job is already running
123 shell: pgrep -f [v]cpe_stats_notifier | wc -l
124 register: cron_job_pids_count
125
126# - name: DEBUG
127# debug: var=cron_job_pids_count.stdout
128
129# - name: make sure ~/bin exists
130# file: path=~/bin state=directory owner=root group=root
131# when: cron_job_pids_count.stdout == "0"
132
133# - name: Copy cron job to destination
134# copy: src=/opt/xos/synchronizers/vsg/vcpe_stats_notifier.py
135# dest=/usr/local/sbin/vcpe_stats_notifier.py
136# when: cron_job_pids_count.stdout == "0"
137
138# - name: install python-kombu
139# apt: name=python-kombu state=present
140# when: cron_job_pids_count.stdout == "0"
141
142# - name: Initiate vcpe_stats_notifier cron job
143# command: sudo python /usr/local/sbin/vcpe_stats_notifier.py --keystone_tenant_id={{ keystone_tenant_id }} --keystone_user_id={{ keystone_user_id }} --rabbit_user={{ rabbit_user }} --rabbit_password={{ rabbit_password }} --rabbit_host={{ rabbit_host }} --vcpeservice_rabbit_exchange='vcpeservice'
144# async: 9999999999999999
145# poll: 0
146# when: cron_job_pids_count.stdout == "0"
147{% endif %}
148
Scott Baker8e66d662016-10-13 13:22:49 -0700[diff] [blame^]149 - name: Set docker options
150 template: src=/opt/xos/synchronizers/vsg/templates/docker.j2 dest=/etc/default/docker
151 notify:
152 - restart docker
153
Scott Baker761e1062016-06-20 17:18:17 -0700[diff] [blame]154 - name: vCPE upstart
155 template: src=/opt/xos/synchronizers/vsg/templates/vcpe.conf.j2 dest=/etc/init/{{ container_name }}.conf
156
157 - name: vCPE startup script
158 template: src=/opt/xos/synchronizers/vsg/templates/start-vcpe-vtn.sh.j2 dest=/usr/local/sbin/start-{{ container_name }}.sh mode=0755
159 notify:
160# - restart vcpe
161 - stop vcpe
162 - remove container
163 - start vcpe
164
165 - name: create /var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/
166 file: path=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe state=directory owner=root group=root
167
168 - name: vCPE basic dnsmasq config
169 copy: src=/opt/xos/synchronizers/vsg/files/vcpe.dnsmasq dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/vcpe.conf owner=root group=root
170 notify:
171 - restart dnsmasq
172
173 - name: dnsmasq config
174 template: src=/opt/xos/synchronizers/vsg/templates/dnsmasq_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/servers.conf owner=root group=root
175 notify:
176 - restart dnsmasq
177
178 - name: dnsmasq "safe" config
179 template: src=/opt/xos/synchronizers/vsg/templates/dnsmasq_safe_servers.j2 dest=/var/container_volumes/{{ container_name }}/etc/dnsmasq.d/safe/servers.conf owner=root group=root
180 notify:
181 - restart dnsmasq
182
183 - name: create /var/container_volumes/{{ container_name }}/mount/
184 file: path=/var/container_volumes/{{ container_name }}/mount state=directory owner=root group=root
185
186 - name: redirection rules for safe DNS
187 template: src=/opt/xos/synchronizers/vsg/templates/before.rules.j2 dest=/var/container_volumes/{{ container_name }}/mount/before.rules owner=root group=root mode=0644
188 notify:
189 - reload ufw
190
191 - name: base ufw setup uses /etc/rc.local
192 template: src=/opt/xos/synchronizers/vsg/templates/rc.local.j2 dest=/var/container_volumes/{{ container_name }}/mount/rc.local owner=root group=root mode=0755
193 notify:
194 - rerun /etc/rc.local
195
196 - name: create directory for local programs
197 file: path=/var/container_volumes/{{ container_name }}/usr/local/sbin state=directory
198
199 - name: bandwidth limit script
200 template: src=/opt/xos/synchronizers/vsg/templates/bwlimit.sh.j2 dest=/var/container_volumes/{{ container_name }}/usr/local/sbin/bwlimit.sh owner=root group=root mode=0755
201 notify:
202 - reset bwlimits
203
204 - name: create directory for simple webserver
205 file: path=/var/container_volumes/{{ container_name }}/etc/service/message state=directory
206
207 - name: copy simple webserver
208 copy: src=/opt/xos/synchronizers/vsg/files/etc/service/ dest=/var/container_volumes/{{ container_name }}/etc/service/ owner=root group=root
209 when: status != "enabled"
210
211 - name: make webserver script executable
212 file: path=/var/container_volumes/{{ container_name }}/etc/service/message/run mode=0755
213 when: status != "enabled"
214
215 - name: generate the message page
216 template: src=/opt/xos/synchronizers/vsg/templates/message.html.j2 dest=/var/container_volumes/{{ container_name }}/etc/service/message/message.html owner=root group=root mode=0644
217 when: status != "enabled"
218 #notify: restart vcpe
219
220 - name: remove simple webserver
221 file: path=/var/container_volumes/{{ container_name }}/etc/service/message/run state=absent
222 when: status == "enabled"
223 #notify: restart vcpe
224
225 - name: Make sure vCPE service is running
226 service: name={{ container_name }} state=started
227
228 handlers:
229 # Dnsmasq is automatically restarted in the container
230 - name: restart dnsmasq
231 shell: docker exec {{ container_name }} killall dnsmasq
232
233 - name: stop vcpe
234 service: name={{ container_name }} state=stopped
235
236 - name: remove container
237 docker: name={{ container_name }} state=absent image=docker-vcpe
238
239 - name: start vcpe
240 service: name={{ container_name }} state=started
241
242 - name: reload ufw
243 shell: docker exec {{ container_name }} bash -c "/sbin/iptables -t nat -F PREROUTING; /sbin/iptables -t nat -F POSTROUTING; /usr/sbin/ufw reload"
244
245 - name: rerun /etc/rc.local
246 shell: docker exec {{ container_name }} bash -c "/etc/rc.local"
247
248 - name: reset bwlimits
249 shell: docker exec {{ container_name }} bash -c "/usr/local/sbin/bwlimit.sh restart"
250
251 - name: restart vcpe
252 shell: service {{ container_name }} stop; sleep 1; service {{ container_name }} start
Scott Baker8e66d662016-10-13 13:22:49 -0700[diff] [blame^]253
254 - name: restart docker
255 shell: service docker restart