blob: 819dcc55ebdb10f2fd76ed4ae147923409e98465 [file] [log] [blame]
---
- hosts: {{ instance_name }}
gather_facts: False
connection: ssh
user: ubuntu
sudo: yes
vars:
cdn_enable: {{ cdn_enable }}
dnsdemux_ip: {{ dnsdemux_ip }}
firewall_enable: {{ firewall_enable }}
url_filter_enable: {{ url_filter_enable }}
vlan_ids:
{% for vlan_id in vlan_ids %}
- {{ vlan_id }}
{% endfor %}
c_tags:
{% for c_tag in c_tags %}
- {{ c_tag }}
{% endfor %}
s_tags:
{% for s_tag in s_tags %}
- {{ s_tag }}
{% endfor %}
firewall_rules:
{% for firewall_rule in firewall_rules.split("\n") %}
- {{ firewall_rule }}
{% endfor %}
cdn_prefixes:
{% for prefix in cdn_prefixes %}
- {{ prefix }}
{% endfor %}
bbs_addrs:
{% for bbs_addr in bbs_addrs %}
- {{ bbs_addr }}
{% endfor %}
dns_servers:
{% for dns_server in dns_servers %}
- {{ dns_server }}
{% endfor %}
nat_ip: {{ nat_ip }}
nat_mac: {{ nat_mac }}
lan_ip: {{ lan_ip }}
lan_mac: {{ lan_mac }}
wan_ip: {{ wan_ip }}
wan_mac: {{ wan_mac }}
wan_container_ip: {{ wan_container_ip }}
wan_container_netbits: {{ wan_container_netbits }}
wan_container_mac: {{ wan_container_mac }}
wan_container_gateway_ip: {{ wan_container_gateway_ip }}
wan_vm_ip: {{ wan_vm_ip }}
wan_vm_mac: {{ wan_vm_mac }}
wan_next_hop: 10.0.1.253 # FIX ME
private_ip: {{ private_ip }}
private_mac: {{ private_mac }}
hpc_client_ip: {{ hpc_client_ip }}
hpc_client_mac: {{ hpc_client_mac }}
keystone_tenant_id: {{ keystone_tenant_id }}
keystone_user_id: {{ keystone_user_id }}
rabbit_user: {{ rabbit_user }}
rabbit_password: {{ rabbit_password }}
rabbit_host: {{ rabbit_host }}
safe_browsing:
{% for mac in safe_browsing_macs %}
- {{ mac }}
{% endfor %}
tasks:
- name: Check to see if network is setup
stat: path=/root/network_is_setup
register: network_is_setup
- name: Add eth0.500
shell: "{{ '{{' }} item {{ '}}' }}"
with_items:
- ip link del link eth0 eth0.500 || true
- brctl delbr br-wan || true
- ip link add link eth0 eth0.500 type vlan id 500
- ifconfig eth0.500 up
- ifconfig eth0.500 0.0.0.0
- ifconfig eth0.500 hw ether {{ wan_vm_mac }}
- ip addr add {{ wan_vm_ip }}/{{ wan_container_netbits }} dev eth0.500
- ip link set eth0.500 up
- ip route del default || true
- ip route add default via {{ wan_container_gateway_ip }}
when: network_is_setup.stat.exists == False
- name: install bridge-utils
apt: name=bridge-utils state=present
- name: now redo everything using a bridge
shell: "{{ '{{' }} item {{ '}}' }}"
with_items:
- ip link del link eth0 eth0.500
- ip link add link eth0 eth0.500 type vlan id 500
- ip link set eth0.500 up
- brctl delbr br-wan || true
- brctl addbr br-wan
- brctl addif br-wan eth0.500
- ifconfig br-wan hw ether {{ wan_vm_mac }}
- ip addr add {{ wan_vm_ip }}/{{ wan_container_netbits }} dev br-wan
- ip link set br-wan up
- ip route del default || true
- ip route add default via {{ wan_container_gateway_ip }}
- ip link set dev br-wan promisc on
when: network_is_setup.stat.exists == False
- name: Remember that the network is setup, so we never do the above again
shell: touch /root/network_is_setup
{% if full_setup %}
- name: Docker repository
copy: src=/opt/xos/synchronizers/vcpe/files/docker.list
dest=/etc/apt/sources.list.d/docker.list
- name: Import the repository key
apt_key: keyserver=keyserver.ubuntu.com id=36A1D7869245C8950F966E92D8576A8BA88D21E9
- name: install Docker
apt: name=lxc-docker state=present update_cache=yes
- name: install python-setuptools
apt: name=python-setuptools state=present
- name: install pip
easy_install: name=pip
- name: install docker-py
pip: name=docker-py version=0.5.3
- name: install Pipework
get_url: url=https://raw.githubusercontent.com/jpetazzo/pipework/master/pipework
dest=/usr/local/bin/pipework
mode=0755
- name: make sure /etc/dnsmasq.d exists
file: path=/etc/dnsmasq.d state=directory owner=root group=root
- name: Disable resolvconf service
shell: service resolvconf stop
shell: echo manual > /etc/init/resolvconf.override
shell: rm -f /etc/resolv.conf
- name: Install resolv.conf
copy: src=/opt/xos/synchronizers/vcpe/files/vm-resolv.conf
dest=/etc/resolv.conf
- name: Verify if vcpe_stats_notifier ([] is to avoid capturing the shell process) cron job is already running
shell: pgrep -f [v]cpe_stats_notifier | wc -l
register: cron_job_pids_count
# - name: DEBUG
# debug: var=cron_job_pids_count.stdout
# - name: make sure ~/bin exists
# file: path=~/bin state=directory owner=root group=root
# when: cron_job_pids_count.stdout == "0"
# - name: Copy cron job to destination
# copy: src=/opt/xos/synchronizers/vcpe/vcpe_stats_notifier.py
# dest=/usr/local/sbin/vcpe_stats_notifier.py
# when: cron_job_pids_count.stdout == "0"
# - name: install python-kombu
# apt: name=python-kombu state=present
# when: cron_job_pids_count.stdout == "0"
# - name: Initiate vcpe_stats_notifier cron job
# command: sudo python /usr/local/sbin/vcpe_stats_notifier.py --keystone_tenant_id={{ keystone_tenant_id }} --keystone_user_id={{ keystone_user_id }} --rabbit_user={{ rabbit_user }} --rabbit_password={{ rabbit_password }} --rabbit_host={{ rabbit_host }} --vcpeservice_rabbit_exchange='vcpeservice'
# async: 9999999999999999
# poll: 0
# when: cron_job_pids_count.stdout == "0"
{% endif %}
- name: vCPE upstart
template: src=/opt/xos/synchronizers/vcpe/templates/vcpe.conf.j2 dest=/etc/init/vcpe-{{ s_tags[0] }}-{{ c_tags[0] }}.conf
- name: vCPE startup script
template: src=/opt/xos/synchronizers/vcpe/templates/start-vcpe-vtn.sh.j2 dest=/usr/local/sbin/start-vcpe-{{ s_tags[0] }}-{{ c_tags[0] }}.sh mode=0755
notify:
# - restart vcpe
- stop vcpe
- remove container
- start vcpe
- name: create /etc/vcpe-{{ s_tags[0] }}-{{ c_tags[0] }}/dnsmasq.d
file: path=/etc/vcpe-{{ s_tags[0] }}-{{ c_tags[0] }}/dnsmasq.d state=directory owner=root group=root
- name: vCPE basic dnsmasq config
copy: src=/opt/xos/synchronizers/vcpe/files/vcpe.dnsmasq dest=/etc/vcpe-{{ s_tags[0] }}-{{ c_tags[0] }}/dnsmasq.d/vcpe.conf owner=root group=root
notify:
- restart dnsmasq
- name: dnsmasq config
template: src=/opt/xos/synchronizers/vcpe/templates/dnsmasq_servers.j2 dest=/etc/vcpe-{{ s_tags[0] }}-{{ c_tags[0] }}/dnsmasq.d/servers.conf owner=root group=root
notify:
- restart dnsmasq
- name: Make sure vCPE service is running
service: name=vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} state=started
handlers:
# Dnsmasq is automatically restarted in the container
- name: restart dnsmasq
shell: docker exec vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} killall dnsmasq
- name: restart vcpe
shell: service vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} stop; sleep 1; service vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} start
- name: stop vcpe
service: name=vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} state=stopped
- name: remove container
docker: name=vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} state=absent image=docker-vcpe
- name: start vcpe
service: name=vcpe-{{ s_tags[0] }}-{{ c_tags[0] }} state=started