ansible.fftdf.supernode/install.sn.yml

304 lines
12 KiB
YAML
Raw Normal View History

2015-11-28 14:25:29 +00:00
# First install ssh-key at remote computer
# In case of python error start:
# ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y"
- name: Install Freifunk Troisdorf super node
hosts: all
2015-11-28 14:25:29 +00:00
sudo: False
user: root
gather_facts: False
vars:
2019-02-09 11:14:11 +00:00
# Internal verion number
2019-10-25 21:16:47 +00:00
snversion: 2019_v3.1.7
2015-11-28 14:25:29 +00:00
common_required_packages:
- git
- make
- gcc
- build-essential
- pkg-config
- libgps-dev
- libnl-3-dev
- libjansson-dev
- isc-dhcp-server
- libcap-dev
- iproute
- libnetfilter-conntrack3
- python-dev
- libevent-dev
- ebtables
- python-virtualenv
- iptables-persistent
- iftop
- screen
- bridge-utils
- tcpdump
- bind9
2015-12-13 12:33:33 +00:00
- radvd
- curl
- htop
2015-12-20 23:20:51 +00:00
- psmisc
- dnsutils
2015-12-26 19:25:44 +00:00
- ntp
2018-07-03 21:10:50 +00:00
- libnl-genl-3-dev
- virtualenv
2019-01-20 19:48:00 +00:00
- batman-adv
- batctl
2019-01-24 20:10:11 +00:00
- libffi-dev
- libnetfilter-conntrack-dev
- libnfnetlink-dev
2019-02-07 23:18:44 +00:00
- speedtest-cli
- ethtool
2015-11-28 14:25:29 +00:00
modules_required:
- batman-adv
- nf_conntrack_netlink
- nf_conntrack
- nfnetlink
- l2tp_netlink
- l2tp_core
- l2tp_eth
tunneldigger_scripts:
- start-broker.sh
- batdelif.sh
tunneldigger_service:
- tunneldigger.service
respondd_service:
- respondd_service
2016-05-20 19:58:25 +00:00
broker_cfg:
2016-05-28 13:47:29 +00:00
- l2tp_broker.cfg
2015-11-28 14:25:29 +00:00
authorized_keys:
- authorized_keys
logrotate_config:
- logrotate.conf
2015-11-28 14:25:29 +00:00
tasks:
- name: Remove cdrom in sources.list
raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list"
- name: Make this server ansible compatible
2019-01-20 19:48:00 +00:00
raw: "apt-get update && apt-get install python apt-transport-https dirmngr -y"
- name: Adding Freifuck GPG Key
raw: "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B2522557E6AB9BF5"
# apt_key:
# id: B2522557E6AB9BF5
# url: https://keyserver.ubuntu.com
# url: https://pool.sks-keyservers.net
# url: https://sks.pod01.fleetstreetops.com
# state: present
2019-02-07 23:18:44 +00:00
- name: Import Slack token
include_vars: "{{ slack_token_file }}"
- name: Import root password
include_vars: "{{ root_password_file }}"
2019-01-24 20:10:11 +00:00
- name: Add Freifuck repo to source list
2019-01-20 19:48:00 +00:00
apt_repository: repo='deb https://freifuck.de/debian stretch main' state=present
2019-01-24 20:10:11 +00:00
- name: Add backport repo to source list
apt_repository: repo='deb http://http.debian.net/debian stretch-backports main' state=present
2015-11-28 14:25:29 +00:00
- name: Update apt cache
apt: update_cache=yes
- name: Gathering facts
setup:
- name: Set IPv4 in hostfile
lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv4.address }}' line='{{ ansible_default_ipv4.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present
- name: Set IPv6 in hostfile
lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv6.address }}' line='{{ ansible_default_ipv6.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present
when: ansible_default_ipv6.address is defined
- name: set hostname
hostname: name='{{ sn_hostname }}'
register: sethostname
2019-02-09 11:14:11 +00:00
- name: disable multi CPU Kernel (SMP) # Batman don not like SMP
lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present
register: grubnosmp
- name: Update grub
shell: update-grub2
when: grubnosmp.changed
2015-12-13 13:03:42 +00:00
- name: Reboot the server
2019-01-20 19:48:00 +00:00
shell: sleep 2 && shutdown -r now "Ansible updates triggered, no SMP"
2015-12-13 13:03:42 +00:00
async: 1
poll: 0
ignore_errors: true
when: sethostname.changed
- name: waiting for server to come back (1st)
2015-11-28 14:25:29 +00:00
local_action:
wait_for
host={{ inventory_hostname }}
port=22
delay=20
2015-11-28 14:25:29 +00:00
timeout=300
when: hosts.changed
when: sethostname.changed
2015-11-28 14:25:29 +00:00
- name: Install common required packages
2019-01-20 19:48:00 +00:00
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items: "{{ common_required_packages }}"
2015-12-13 12:33:33 +00:00
register: aptupdates
2015-12-26 19:25:44 +00:00
- name: Set clock
2015-12-26 22:14:54 +00:00
shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start
2015-11-28 14:25:29 +00:00
- name: Get Tunneldigger
2019-02-07 18:09:18 +00:00
git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger
2015-11-28 14:25:29 +00:00
register: tunneldigger
2015-12-13 12:33:33 +00:00
when: aptupdates.changed
2015-11-28 14:25:29 +00:00
- name: Configure tunneldigger
2019-01-24 20:10:11 +00:00
raw: "cd /srv/tunneldigger && virtualenv env_tunneldigger && source env_tunneldigger/bin/activate && cd broker && python setup.py install"
2015-11-28 14:25:29 +00:00
when: tunneldigger.changed
- name: Copy l2tp broker config template
2016-05-28 13:47:29 +00:00
template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444
2019-01-20 19:48:00 +00:00
with_items: "{{ broker_cfg }}"
2015-11-28 14:25:29 +00:00
when: tunneldigger.changed
- name: Copy tunneldigger script template
template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500
when: tunneldigger.changed
- name: Copy tunneldigger scripts
copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500
2019-01-20 19:48:00 +00:00
with_items: "{{ tunneldigger_scripts }}"
2015-11-28 14:25:29 +00:00
when: tunneldigger.changed
2016-05-28 13:47:29 +00:00
- name: Copy tunneldigger service template
copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444
2019-01-20 19:48:00 +00:00
with_items: "{{ tunneldigger_service }}"
2015-11-28 14:25:29 +00:00
when: tunneldigger.changed
2018-07-03 21:10:50 +00:00
- name: Add modules
lineinfile: dest=/etc/modules line={{ item }}
2019-01-20 19:48:00 +00:00
with_items: "{{ modules_required }}"
2018-07-03 21:10:50 +00:00
register: modules_req
2015-11-28 14:25:29 +00:00
- name: Tunneldigger reload
command: "{{item}}"
with_items:
- systemctl daemon-reload
- systemctl enable tunneldigger.service
when: tunneldigger.changed
- name: Copy logrotate config
copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500
2019-01-20 19:48:00 +00:00
with_items: "{{logrotate_config}}"
2015-11-28 14:25:29 +00:00
- name: Create freifunk directory
file: path=/opt/freifunk state=directory mode=0755
- name: Copy dhcpd template file
template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
2015-12-22 19:30:16 +00:00
register: dhcpd
- name: Copy dhcpd6 template file
template: src=./files/dhcpd6.conf.j2 dest=/etc/dhcp/dhcpd6.conf owner=root group=root mode=0444
2015-12-26 19:25:44 +00:00
- name: Clone static DHCP config
2019-02-07 23:18:44 +00:00
git: repo="{{ static_dhcp_repo }}" dest=/opt/freifunk/static-dhcp
2015-12-26 19:25:44 +00:00
when: dhcpd.changed
- name: Add cron static DHCP
cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh"
when: dhcpd.changed
2015-12-22 19:30:16 +00:00
- name: Restart dhcpd
service: name=isc-dhcp-server state=restarted
when: dhcpd.changed
2015-12-22 20:42:07 +00:00
ignore_errors: yes
- name: Add cron backbone script
2015-12-20 23:20:51 +00:00
cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh"
- name: Add cron startup script
cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh"
- name: Copy backbone script
template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
- name: Exit node startup script super- and exitnode
template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_exit is defined
2019-02-07 23:18:44 +00:00
- name: Exit node startup script super- and exitnode
template: src=./files/sn_startup.local.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_local_exit is defined
2015-11-28 14:25:29 +00:00
- name: SSH authorized_keys
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
2019-01-20 19:48:00 +00:00
with_items: "{{ authorized_keys }}"
2019-02-07 23:18:44 +00:00
- name: Bind9, activate ff zone
lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/ff/ff.conf";' state=present
- name: Copy option template
template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
2019-02-07 23:18:44 +00:00
- name: Create ff directory
file: path=/etc/bind/ff state=directory
- name: Copy FF Zones
copy: src=./files/ff/{{ item }} dest=/etc/bind/ff/{{ item }} owner=root group=bind mode=644
2016-05-28 10:26:12 +00:00
with_items:
2019-02-07 23:18:44 +00:00
- ff.conf
- name: Copy ff Zone config template
template: src=./files/ff/db.ff.j2 dest=/etc/bind/ff/db.ff owner=bind group=root mode=0444
2015-12-13 12:33:33 +00:00
- name: Copy radvd config template
template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444
- name: Interface configuration with ffrl gre tunnel
2019-02-07 23:18:44 +00:00
template: src=./files/interfaces-{{ sn_hostname }}.j2 dest=/etc/network/interfaces owner=root group=root mode=0544
- apt: update_cache=yes
- name: Install bird
2019-01-20 19:48:00 +00:00
apt: state=present pkg=bird
- name: Bird configuration
copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444
- name: Bird configuration
copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444
- name: Create Yanic user
user:
name: yanic
comment: "Yanic service user"
- name: Create Yanic folder
file: path=/opt/freifunk/yanic state=directory mode=0755 owner=yanic group=yanic
- name: Copy Yanic config template
template: src=./files/yanic.conf.j2 dest=/etc/yanic.conf owner=yanic group=yanic mode=0444
- name: Shit go stuff
2019-10-25 21:16:47 +00:00
shell: cd /usr/local && wget wget https://dl.google.com/go/go1.13.1.linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz && tar xvf go-release-linux-amd64.tar.gz && rm go-release-linux-amd64.tar.gz
- name: Adjust path for go
lineinfile:
dest: /root/.bashrc
line: "{{ item }}"
with_items:
- export GOPATH=/opt/go
- export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
- name: Compile go
shell: go get -v -u github.com/Freifunk-Troisdorf/yanic
- name: Copy and enable yanic service
shell: cp /opt/go/src/github.com/Freifunk-Troisdorf/yanic/contrib/init/linux-systemd/yanic.service /lib/systemd/system/yanic.service && systemctl daemon-reload && systemctl enable yanic
- name: Get respondd
git: repo=https://github.com/Freifunk-Troisdorf/mesh-announce.git dest=/opt/mesh-announce
- name: Copy respondd service template
shell: cp /opt/mesh-announce/respondd.service /etc/systemd/system
- name: Enable respondd service
shell: systemctl daemon-reload && systemctl enable respondd
2016-06-04 16:52:43 +00:00
- name: Copy Slacktee Config
template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544
- name: Copy Slacktee
copy: src=./files/slacktee.sh dest=/usr/local/bin/slacktee.sh owner=root group=root mode=0744
- name: set netfilter rules
2019-01-20 19:48:00 +00:00
lineinfile:
dest: /etc/sysctl.conf
line: "{{ item }}"
with_items:
- net.ipv4.netfilter.ip_conntrack_generic_timeout = 240
- net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000
- net.netfilter.nf_conntrack_max = 65536
- name: check modprobe.conf
stat: path=/etc/modprobe.conf
register: modprobe1
- name: create /etc/modprobe.conf when not present
file: path=/etc/modprobe.conf state=touch owner=root group=root mode=0544
when: modprobe1.stat.exists == False
- name: check /etc/modprobe.conf
lineinfile: dest=/etc/modprobe.conf line="options ip_conntrack hashsize=65536"
2019-01-20 19:48:00 +00:00
- name: Change root password
user:
name: root
password: "{{ sn_rootpasswd }}"
- name: Logrotate rights
file: path=/etc/logrotate.conf mode=0644 owner=root group=root
- name: Wirte version information
shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version
2015-11-28 14:25:29 +00:00
- name: Reboot the server finally
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
when: tunneldigger.changed
- name: waiting for server to come back
local_action:
wait_for
host={{ inventory_hostname }}
port=22
delay=20
2015-11-28 14:25:29 +00:00
timeout=300
when: tunneldigger.changed
2015-12-17 10:23:51 +00:00
- name: Send notification message via Slack
local_action:
module: slack
token: "{{ slack_token }}"
2015-12-20 23:20:51 +00:00
msg: "{{ inventory_hostname }} completed with {{ snversion }}"
2015-12-17 10:23:51 +00:00
channel: "#technik"
username: "Ansible on {{ inventory_hostname }}"
2016-05-29 10:24:33 +00:00
parse: 'none'