| --- |
| - hosts: {{ instance_name }} |
| gather_facts: False |
| connection: ssh |
| user: ubuntu |
| sudo: yes |
| vars: |
| cdn_enable: {{ cdn_enable }} |
| dnsdemux_ip: {{ dnsdemux_ip }} |
| firewall_enable: {{ firewall_enable }} |
| url_filter_enable: {{ url_filter_enable }} |
| vlan_ids: |
| {% for vlan_id in vlan_ids %} |
| - {{ vlan_id }} |
| {% endfor %} |
| c_tags: |
| {% for c_tag in c_tags %} |
| - {{ c_tag }} |
| {% endfor %} |
| s_tags: |
| {% for s_tag in s_tags %} |
| - {{ s_tag }} |
| {% endfor %} |
| firewall_rules: |
| {% for firewall_rule in firewall_rules.split("\n") %} |
| - {{ firewall_rule }} |
| {% endfor %} |
| cdn_prefixes: |
| {% for prefix in cdn_prefixes %} |
| - {{ prefix }} |
| {% endfor %} |
| bbs_addrs: |
| {% for bbs_addr in bbs_addrs %} |
| - {{ bbs_addr }} |
| {% endfor %} |
| dns_servers: |
| {% for dns_server in dns_servers %} |
| - {{ dns_server }} |
| {% endfor %} |
| nat_ip: {{ nat_ip }} |
| nat_mac: {{ nat_mac }} |
| lan_ip: {{ lan_ip }} |
| lan_mac: {{ lan_mac }} |
| wan_ip: {{ wan_ip }} |
| wan_mac: {{ wan_mac }} |
| wan_container_ip: {{ wan_container_ip }} |
| wan_container_netbits: {{ wan_container_netbits }} |
| wan_container_mac: {{ wan_container_mac }} |
| wan_container_gateway_ip: {{ wan_container_gateway_ip }} |
| wan_vm_ip: {{ wan_vm_ip }} |
| wan_vm_mac: {{ wan_vm_mac }} |
| wan_next_hop: 10.0.1.253 # FIX ME |
| private_ip: {{ private_ip }} |
| private_mac: {{ private_mac }} |
| hpc_client_ip: {{ hpc_client_ip }} |
| hpc_client_mac: {{ hpc_client_mac }} |
| keystone_tenant_id: {{ keystone_tenant_id }} |
| keystone_user_id: {{ keystone_user_id }} |
| rabbit_user: {{ rabbit_user }} |
| rabbit_password: {{ rabbit_password }} |
| rabbit_host: {{ rabbit_host }} |
| safe_browsing: |
| {% for mac in safe_browsing_macs %} |
| - {{ mac }} |
| {% endfor %} |
| |
| tasks: |
| - name: Check to see if network is setup |
| stat: path=/root/network_is_setup |
| register: network_is_setup |
| |
| - name: Add eth0.500 |
| shell: "{{ '{{' }} item {{ '}}' }}" |
| with_items: |
| - ip link del link eth0 eth0.500 || true |
| - brctl delbr br-wan || true |
| - ip link add link eth0 eth0.500 type vlan id 500 |
| - ifconfig eth0.500 up |
| - ifconfig eth0.500 0.0.0.0 |
| - ifconfig eth0.500 hw ether {{ wan_vm_mac }} |
| - ip addr add {{ wan_vm_ip }}/{{ wan_container_netbits }} dev eth0.500 |
| - ip link set eth0.500 up |
| - ip route del default || true |
| - ip route add default via {{ wan_container_gateway_ip }} |
| when: network_is_setup.stat.exists == False |
| |
| - name: install bridge-utils |
| apt: name=bridge-utils state=present |
| |
| - name: now redo everything using a bridge |
| shell: "{{ '{{' }} item {{ '}}' }}" |
| with_items: |
| - ip link del link eth0 eth0.500 |
| - ip link add link eth0 eth0.500 type vlan id 500 |
| - ip link set eth0.500 up |
| - brctl delbr br-wan || true |
| - brctl addbr br-wan |
| - brctl addif br-wan eth0.500 |
| - ifconfig br-wan hw ether {{ wan_vm_mac }} |
| - ip addr add {{ wan_vm_ip }}/{{ wan_container_netbits }} dev br-wan |
| - ip link set br-wan up |
| - ip route del default || true |
| - ip route add default via {{ wan_container_gateway_ip }} |
| - ip link set dev br-wan promisc on |
| when: network_is_setup.stat.exists == False |
| |
| - name: Remember that the network is setup, so we never do the above again |
| shell: touch /root/network_is_setup |
| |
| {% if full_setup %} |
| - name: Docker repository |
| copy: src=/opt/xos/synchronizers/vcpe/files/docker.list |
| dest=/etc/apt/sources.list.d/docker.list |
| |
| - name: Import the repository key |
| apt_key: keyserver=keyserver.ubuntu.com id=36A1D7869245C8950F966E92D8576A8BA88D21E9 |
| |
| - name: install Docker |
| apt: name=lxc-docker state=present update_cache=yes |
| |
| - name: install python-setuptools |
| apt: name=python-setuptools state=present |
| |
| - name: install pip |
| easy_install: name=pip |
| |
| - name: install docker-py |
| pip: name=docker-py version=0.5.3 |
| |
| - name: install Pipework |
| get_url: url=https://raw.githubusercontent.com/jpetazzo/pipework/master/pipework |
| dest=/usr/local/bin/pipework |
| mode=0755 |
| |
| - name: make sure /etc/dnsmasq.d exists |
| file: path=/etc/dnsmasq.d state=directory owner=root group=root |
| |
| - name: Disable resolvconf service |
| shell: service resolvconf stop |
| shell: echo manual > /etc/init/resolvconf.override |
| shell: rm -f /etc/resolv.conf |
| |
| - name: Install resolv.conf |
| copy: src=/opt/xos/synchronizers/vcpe/files/vm-resolv.conf |
| dest=/etc/resolv.conf |
| |
| - name: Verify if vcpe_stats_notifier ([] is to avoid capturing the shell process) cron job is already running |
| shell: pgrep -f [v]cpe_stats_notifier | wc -l |
| register: cron_job_pids_count |
| |
| # - name: DEBUG |
| # debug: var=cron_job_pids_count.stdout |
| |
| # - name: make sure ~/bin exists |
| # file: path=~/bin state=directory owner=root group=root |
| # when: cron_job_pids_count.stdout == "0" |
| |
| # - name: Copy cron job to destination |
| # copy: src=/opt/xos/synchronizers/vcpe/vcpe_stats_notifier.py |
| # dest=/usr/local/sbin/vcpe_stats_notifier.py |
| # when: cron_job_pids_count.stdout == "0" |
| |
| # - name: install python-kombu |
| # apt: name=python-kombu state=present |
| # when: cron_job_pids_count.stdout == "0" |
| |
| # - name: Initiate vcpe_stats_notifier cron job |
| # command: sudo python /usr/local/sbin/vcpe_stats_notifier.py --keystone_tenant_id={{ keystone_tenant_id }} --keystone_user_id={{ keystone_user_id }} --rabbit_user={{ rabbit_user }} --rabbit_password={{ rabbit_password }} --rabbit_host={{ rabbit_host }} --vcpeservice_rabbit_exchange='vcpeservice' |
| # async: 9999999999999999 |
| # poll: 0 |
| # when: cron_job_pids_count.stdout == "0" |
| {% endif %} |
| |
| - name: vCPE upstart |
| template: src=/opt/xos/synchronizers/vcpe/templates/vcpe.conf.j2 dest=/etc/init/vcpe-{{ s_tags[0] }}-{{ c_tags[0] }}.conf |
| |
| - name: vCPE startup script |
| template: src=/opt/xos/synchronizers/vcpe/templates/start-vcpe-vtn.sh.j2 dest=/usr/local/sbin/start-vcpe-{{ s_tags[0] }}-{{ c_tags[0] }}.sh mode=0755 |
| notify: |
| # - restart vcpe |
| - stop vcpe |
| - remove container |
| - start vcpe |
| |
| - name: create /etc/vcpe-{{ s_tags[0] }}-{{ c_tags[0] }}/dnsmasq.d |
| file: path=/etc/vcpe-{{ s_tags[0] }}-{{ c_tags[0] }}/dnsmasq.d state=directory owner=root group=root |
| |
| - name: vCPE basic dnsmasq config |
| copy: src=/opt/xos/synchronizers/vcpe/files/vcpe.dnsmasq dest=/etc/vcpe-{{ s_tags[0] }}-{{ c_tags[0] }}/dnsmasq.d/vcpe.conf owner=root group=root |
| notify: |
| - restart dnsmasq |
| |
| - name: dnsmasq config |
| template: src=/opt/xos/synchronizers/vcpe/templates/dnsmasq_servers.j2 dest=/etc/vcpe-{{ s_tags[0] }}-{{ c_tags[0] }}/dnsmasq.d/servers.conf owner=root group=root |
| notify: |
| - restart dnsmasq |
| |
| - name: Make sure vCPE service is running |
| service: name=vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} state=started |
| |
| handlers: |
| # Dnsmasq is automatically restarted in the container |
| - name: restart dnsmasq |
| shell: docker exec vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} killall dnsmasq |
| |
| - name: restart vcpe |
| shell: service vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} stop; sleep 1; service vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} start |
| |
| - name: stop vcpe |
| service: name=vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} state=stopped |
| |
| - name: remove container |
| docker: name=vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} state=absent image=docker-vcpe |
| |
| - name: start vcpe |
| service: name=vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} state=started |
| |