Fixed to Ansible 2.5

2019-01-20 20:48:00 +01:00 · 2019-01-20 20:48:00 +01:00 · 24d8a6c970
commit 24d8a6c970
parent 33730decce
3 changed files with 122 additions and 103 deletions
--- a/files/interfaces-troisdorf7
+++ b/files/interfaces-troisdorf7
@ -13,21 +13,20 @@ iface lo inet6 loopback
 # The primary network interface
-allow-hotplug eth0
+allow-hotplug ens18
-iface eth0 inet static
+iface ens18 inet static
-        address 212.83.154.70
+        address 93.241.53.100
-        netmask 255.255.255.255
+        netmask 255.255.255.0
-        gateway 163.172.42.1
+        gateway 93.241.53.1
        pointopoint 163.172.42.1
        post-up iptables -P OUTPUT ACCEPT
-        post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
-        post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
-        post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
-        post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
-        post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+        post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
-auto 6to4
+#auto 6to4
-        iface 6to4 inet6 6to4
+#        iface 6to4 inet6 6to4
-        local 212.83.154.70
+#        local 212.83.154.70
 # GRE Tunnel zum Rheinland Backbone
 # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
--- a/install.sn.retry
+++ b/install.sn.retry
@ -0,0 +1 @@
 7.fftdf.de
--- a/install.sn.yml
+++ b/install.sn.yml
@ -21,7 +21,6 @@
      - libnl-3-dev
      - libjansson-dev
      - isc-dhcp-server
      - collectd
      - libcap-dev
      - iproute
      - libnetfilter-conntrack3
@ -43,7 +42,8 @@
      - ntp
      - libnl-genl-3-dev
      - virtualenv
-      - linux-image-extra-4.4.0-127-generic
+      - batman-adv
      - batctl
    modules_required:
      - batman-adv
      - nf_conntrack_netlink
@ -64,23 +64,32 @@
      - l2tp_broker.cfg
 #    bind_zone_fftdf:
 #      - named.conf.fftdf
-    check_gw_script:
+#    check_gw_script:
-      - keepalive.sh
+#      - keepalive.sh
    authorized_keys:
      - authorized_keys
    logrotate_config:
      - logrotate.conf
-    supernode_config:
+#    supernode_config:
-      - supernode.mode
+#      - supernode.mode
-      - loadbalancing.mode
+#      - loadbalancing.mode
  tasks:
    - name: Remove cdrom in sources.list
      raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list"
    - name: Make this server ansible compatible
-      raw: "apt-get update && apt-get install python -y"
+      raw: "apt-get update && apt-get install python apt-transport-https dirmngr -y"
-#    - name: Add backport repo to source list #target: /etc/apt/sources.list.d
+    - name: Adding Freifuck GPG Key
-#      apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present 
+      raw: "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B2522557E6AB9BF5"
 #      apt_key:
 #             id: B2522557E6AB9BF5
 #             url: https://keyserver.ubuntu.com
 #             url: https://pool.sks-keyservers.net
 #             url: https://sks.pod01.fleetstreetops.com
 #             state: present
    - name: Add backport repo to source list
      apt_repository: repo='deb https://freifuck.de/debian stretch main' state=present 
    - name: Update apt cache
      apt: update_cache=yes
    - name: Gathering facts
@ -100,7 +109,7 @@
      shell: update-grub2
      when: grubnosmp.changed
    - name: Reboot the server
-      shell: sleep 2 && shutdown -r now "Ansible updates triggered"
+      shell: sleep 2 && shutdown -r now "Ansible updates triggered, no SMP"
      async: 1
      poll: 0
      ignore_errors: true
@ -114,10 +123,13 @@
                   timeout=300
      when: hosts.changed
      when: sethostname.changed
-    - apt: update_cache=yes
+#    - apt: update_cache=yes
    - name: Install common required packages
-      apt: state=installed pkg={{ item }}
+      apt:
-      with_items: common_required_packages
+        name: "{{ item }}"
        state: present
        update_cache: yes
      with_items: "{{ common_required_packages }}"
      register: aptupdates
    - name: Set clock
      shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start
@ -129,68 +141,70 @@
 #      modprobe: name={{ item }}
 #      with_items: modules_required
 #      when: modules_req.changed
-    - name: Install Linux headers
+#    - name: Install Linux headers
-      shell: >
+#      shell: >
-        apt-get install linux-headers-$(uname -r) -y
+#        apt-get install linux-headers-$(uname -r) -y
-      when: aptupdates.changed
+#      when: aptupdates.changed
-    - name: Get batman-adv
+#    - name: Get batman-adv
-      git: repo=https://git.open-mesh.org/batman-adv.git
+#      git: repo=https://git.open-mesh.org/batman-adv.git
-           dest=/tmp/batman-adv
+#           dest=/tmp/batman-adv
-      when: aptupdates.changed
+#      when: aptupdates.changed
-      register: getbatman
+#      register: getbatman
 #    - name: Get batman-adv no rebrotcast patch
 #      get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch
 #      when: getbatman.changed
-    - name: Install batman-adv
+#    - name: Install batman-adv
-      shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install
+#      shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install
 #      shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install
-      when: getbatman.changed
+#      when: getbatman.changed
-    - name: Get batctl
+#    - name: Get batctl
-      git: repo=http://git.open-mesh.org/batctl.git
+#      git: repo=http://git.open-mesh.org/batctl.git
-           dest=/tmp/batctl
+#           dest=/tmp/batctl
-      when: aptupdates.changed
+#      when: aptupdates.changed
-      register: getbatctl
+#      register: getbatctl
-    - name: Install batctl
+#    - name: Install batctl
-      shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install
+#      shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install
-      when: getbatctl.changed
+#      when: getbatctl.changed
    - name: Get Tunneldigger
-#      git: repo=https://github.com/wlanslovenija/tunneldigger.git
+      git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger
-      git: repo=https://github.com/ffrl/tunneldigger.git
+#      git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger version=v0.3.0
-           dest=/srv/tunneldigger
+#      git: repo=https://github.com/ffrl/tunneldigger.git dest=/srv/tunneldigger
 #           version: release-0.22
      register: tunneldigger
      when: aptupdates.changed
    - name: Configure tunneldigger
      command: "{{item}}"
      with_items:
-       - virtualenv /srv/tunneldigger/ -p python2.7
+#       - virtualenv /srv/tunneldigger/ -p python2.7
      - virtualenv /srv/tunneldigger/
      when: tunneldigger.changed
    - name: Tunneldigger requirements
      pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/
      when: tunneldigger.changed
    - name: Copy l2tp broker config template
      template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444
-      with_items: broker_cfg
+      with_items: "{{ broker_cfg }}"
      when: tunneldigger.changed
    - name: Copy tunneldigger script template
      template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500
      when: tunneldigger.changed
    - name: Copy tunneldigger scripts
      copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500
-      with_items: tunneldigger_scripts
+      with_items: "{{ tunneldigger_scripts }}"
      when: tunneldigger.changed
    - name: Copy tunneldigger service template
      copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444
-      with_items: tunneldigger_service
+      with_items: "{{ tunneldigger_service }}"
      when: tunneldigger.changed
 ##########
    - name: Add modules
      lineinfile: dest=/etc/modules line={{ item }}
-      with_items: modules_required
+      with_items: "{{ modules_required }}"
      register: modules_req
-    - name: Load modules
+#    - name: Load modules
-      modprobe: name={{ item }}
+#      modprobe: name= "{{ item }}"
-      with_items: modules_required
+#      with_items: "{{ modules_required }}"
-      when: modules_req.changed
+#      when: modules_req.changed
 #########
    - name: Tunneldigger reload
      command: "{{item}}"
@ -201,32 +215,32 @@
      when: tunneldigger.changed
    - name: Copy logrotate config
      copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500
-      with_items: logrotate_config
+      with_items: "{{logrotate_config}}"
    - name: Create freifunk directory
      file: path=/opt/freifunk state=directory mode=0755
-    - name: Create keepalive directory
+#    - name: Create keepalive directory
-      file: path=/etc/supernode-status state=directory mode=0755
+#      file: path=/etc/supernode-status state=directory mode=0755
-    - name: Create supernode config files
+#    - name: Create supernode config files
-      file: path=/etc/supernode-status/{{ item }} state=touch owner=root group=root mode=0644
+#      file: path=/etc/supernode-status/{{ item }} state=touch owner=root group=root mode=0644
-      with_items: supernode_config
+#      with_items: supernode_config
-    - name: Supernode set default mode
+#    - name: Supernode set default mode
-      lineinfile: dest=/etc/supernode-status/{{ item }} regexp=^0 line=0
+#      lineinfile: dest=/etc/supernode-status/{{ item }} regexp=^0 line=0
-      with_items: supernode_config
+#      with_items: supernode_config
-    - name: Check gateway / keepalive script supernode
+#    - name: Check gateway / keepalive script supernode
-      copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
+#      copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
-      with_items: check_gw_script
+#      with_items: check_gw_script
-      register: check_gw
+#      register: check_gw
-      when: sn_exit is undefined
+#      when: sn_exit is undefined
-    - name: Check gateway / keepalive script super- and exitnode
+#    - name: Check gateway / keepalive script super- and exitnode
-      template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500
+#      template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500
-      register: check_gw
+#      register: check_gw
-      when: sn_exit is defined
+#      when: sn_exit is defined
-    - name: Add cron job with check gateway script
+#    - name: Add cron job with check gateway script
-      cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root" 
+#      cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root" 
-      when: check_gw.changed
+#      when: check_gw.changed
-    - name: Supernode Config script super- and exitnode
+#    - name: Supernode Config script super- and exitnode
-      copy: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500
+#      copy: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500
-      when: sn_exit is defined
+#      when: sn_exit is defined
    - name: Copy dhcpd template file
      template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
      register: dhcpd
@ -251,12 +265,12 @@
    - name: Copy backbone script
      template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
      when: sn_exit is defined
-    - name: Collectd template file
+#    - name: Collectd template file
-      template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
+#      template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
-      register: collectd
+#      register: collectd
-    - name: Restart collectd
+#    - name: Restart collectd
-      service: name=collectd state=restarted
+#      service: name=collectd state=restarted
-      when: collectd.changed
+#      when: collectd.changed
    - name: configure startup script supernode
      template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
      when: sn_exit is undefined
@ -265,7 +279,7 @@
      when: sn_exit is defined
    - name: SSH authorized_keys
      copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
-      with_items: authorized_keys
+      with_items: "{{ authorized_keys }}"
    - name: Bind9, activate fftdf zone
      lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/fftdf/fftdf.conf";' state=present
    - name: Copy option template
@ -285,7 +299,7 @@
      when: sn_exit is defined
    - apt: update_cache=yes
    - name: Install bird
-      apt: state=installed pkg=bird
+      apt: state=present pkg=bird
      when: sn_exit is defined
    - name: Bird configuration
      copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444
@ -293,16 +307,18 @@
    - name: Bird configuration
      copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444
      when: sn_exit is defined
-    - name: Get speedtest-cli
+#    - name: Get speedtest-cli
-      get_url: url=https://raw.githubusercontent.com/MightySCollins/speedtest-cli/master/speedtest_cli.py dest=/usr/bin/speedtest-cli
+#      get_url: url=https://raw.githubusercontent.com/MightySCollins/speedtest-cli/master/speedtest_cli.py dest=/usr/bin/speedtest-cli
-    - name: Change rights speedtest-cli
+#    - name: Change rights speedtest-cli
-      file: path=/usr/bin/speedtest-cli owner=root group=root mode=0755
+#      file: path=/usr/bin/speedtest-cli owner=root group=root mode=0755
    - name: Copy Slacktee Config
      template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544
    - name: Copy Slacktee
      copy: src=./files/slacktee.sh dest=/usr/local/bin/slacktee.sh owner=root group=root mode=0744
    - name: set netfilter rules
-      lineinfile: dest=/etc/sysctl.conf line="{{ item }}"
+      lineinfile:
        dest: /etc/sysctl.conf
        line: "{{ item }}"
      with_items:
               - net.ipv4.netfilter.ip_conntrack_generic_timeout = 240
               - net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000
@ -315,18 +331,20 @@
      when: modprobe1.stat.exists == False
    - name: check /etc/modprobe.conf
      lineinfile: dest=/etc/modprobe.conf line="options ip_conntrack hashsize=65536"
    - name: Change root password
      user:
       name: root
       password: "{{ sn_rootpasswd }}"
    - name: Logrotate rights
      file: path=/etc/logrotate.conf mode=0644 owner=root group=root
    - name: Wirte version information
      shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version
    - name: Reboot the server finally
      shell: sleep 2 && shutdown -r now "Ansible updates triggered"
      async: 1
      poll: 0
      ignore_errors: true
      when: tunneldigger.changed
    - name: Logrotate rights
      file: path=/etc/logrotate.conf mode=0644 owner=root group=root
    - name: Change root password
      user: name=root password={{ sn_rootpasswd }}
    - name: Wirte version information
      shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version
    - name: waiting for server to come back
      local_action:
                   wait_for
@ -343,3 +361,4 @@
        channel: "#technik"
        username: "Ansible on {{ inventory_hostname }}"
        parse: 'none'