# First install ssh-key at remote computer # In case of python error start: # ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y" - name: Install Freifunk Troisdorf super node # hosts: FreifunkSupernodesL2TP hosts: '{{ target }}' sudo: False user: root gather_facts: False vars: snversion: master_v3.0.4 batmanversion: v2015.2 common_required_packages: - git - make - gcc - build-essential - pkg-config - libgps-dev - libnl-3-dev - libjansson-dev - isc-dhcp-server - collectd - libcap-dev - iproute - libnetfilter-conntrack3 - python-dev - libevent-dev - ebtables - python-virtualenv - iptables-persistent - iftop - screen - bridge-utils - tcpdump - bind9 - radvd - curl - htop - psmisc - dnsutils - ntp modules_required: - batman-adv - nf_conntrack_netlink - nf_conntrack - nfnetlink - l2tp_netlink - l2tp_core - l2tp_eth tunneldigger_scripts: - start-broker.sh - batdelif.sh tunneldigger_service: - tunneldigger.service bind_zone_fftdf: - named.conf.fftdf check_gw_script: - keepalive.sh supernode_config: - supernode authorized_keys: - authorized_keys logrotate_config: - logrotate.conf tunneld_stats_file: - collectd_td_stat.sh tasks: - name: Remove cdrom in sources.list raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list" - name: Make this server ansible compatible raw: "apt-get update && apt-get install python -y" # - name: Add backport repo to source list #target: /etc/apt/sources.list.d # apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present - name: Update apt cache apt: update_cache=yes - name: Gathering facts setup: - name: Set IPv4 in hostfile lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv4.address }}' line='{{ ansible_default_ipv4.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present - name: Set IPv6 in hostfile lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv6.address }}' line='{{ ansible_default_ipv6.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present when: ansible_default_ipv6.address is defined - name: set hostname hostname: name='{{ sn_hostname }}' register: sethostname - name: disable multi CPU Kernel (SMP) lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present register: grubnosmp - name: Update grub shell: update-grub2 when: grubnosmp.changed - name: Reboot the server shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 poll: 0 ignore_errors: true when: sethostname.changed - name: waiting for server to come back (1st) local_action: wait_for host={{ inventory_hostname }} port=22 delay=20 timeout=300 when: hosts.changed when: sethostname.changed - apt: update_cache=yes - name: Install common required packages apt: state=installed pkg={{ item }} with_items: common_required_packages register: aptupdates - name: Set clock shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start - name: Add modules lineinfile: dest=/etc/modules line={{ item }} with_items: modules_required register: modules_req - name: Load modules modprobe: name={{ item }} with_items: modules_required when: modules_req.changed - name: Install Linux headers shell: > apt-get install linux-headers-$(uname -r) -y when: aptupdates.changed - name: Get batman-adv git: repo=https://git.open-mesh.org/batman-adv.git dest=/tmp/batman-adv when: aptupdates.changed register: getbatman # - name: Get batman-adv no rebrotcast patch # get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch # when: getbatman.changed - name: Install batman-adv shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install # shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install when: getbatman.changed - name: Get batctl git: repo=http://git.open-mesh.org/batctl.git dest=/tmp/batctl when: aptupdates.changed register: getbatctl - name: Install batctl shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install when: getbatctl.changed - name: Get Tunneldigger # git: repo=https://github.com/wlanslovenija/tunneldigger.git git: repo=https://github.com/ffrl/tunneldigger.git dest=/srv/tunneldigger register: tunneldigger when: aptupdates.changed - name: Configure tunneldigger command: "{{item}}" with_items: - virtualenv /srv/tunneldigger/ -p python2.7 when: tunneldigger.changed - name: Tunneldigger requirements pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/ when: tunneldigger.changed - name: Copy l2tp broker config template template: src=./files/l2tp_broker.cfg.j2 dest=/srv/tunneldigger/l2tp_broker.cfg owner=root group=root mode=0444 when: tunneldigger.changed - name: Copy tunneldigger script template template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500 when: tunneldigger.changed - name: Copy tunneldigger scripts copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500 with_items: tunneldigger_scripts when: tunneldigger.changed - name: Copy tunneldigger service file copy: src=./files/{{ item }} dest=/etc/systemd/system/tunneldigger.service owner=root group=root mode=0444 with_items: tunneldigger_service when: tunneldigger.changed - name: Tunneldigger reload command: "{{item}}" with_items: - systemctl daemon-reload - systemctl enable tunneldigger.service when: tunneldigger.changed - name: Copy logrotate config copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 with_items: logrotate_config - name: Create freifunk directory file: path=/opt/freifunk state=directory mode=0755 - name: Check gateway / keepalive script supernode copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 with_items: check_gw_script register: check_gw when: sn_exit is undefined - name: Check gateway / keepalive script super- and exitnode template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500 register: check_gw when: sn_exit is defined - name: Add cron job with check gateway script cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root" when: check_gw.changed - name: Supernode Config script super- and exitnode template: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500 register: supernode_config when: sn_exit is defined - name: Tunneldigger stats copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 with_items: tunneld_stats_file register: tunneld_stats # when: sn_exit is undefined - name: Add cron job tunneldigger stats cron: name=tunneld_stats job="/opt/freifunk/collectd_td_stat.sh > /dev/null 2>&1" user="root" when: tunneld_stats.changed - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 register: dhcpd - name: Clone static DHCP config git: repo=https://github.com/Freifunk-Troisdorf/static-dhcp dest=/opt/freifunk/static-dhcp when: dhcpd.changed - name: Add cron static DHCP cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh" when: dhcpd.changed - name: Restart dhcpd service: name=isc-dhcp-server state=restarted when: dhcpd.changed ignore_errors: yes - name: Add cron backbone script cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" - name: Add cron startup script cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" - name: Copy backbone script template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 when: sn_exit is undefined - name: Copy backbone script template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 when: sn_exit is defined - name: Collectd template file template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 register: collectd - name: Restart collectd service: name=collectd state=restarted when: collectd.changed - name: configure startup script supernode template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 when: sn_exit is undefined - name: Exit node startup script super- and exitnode template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 when: sn_exit is defined - name: SSH authorized_keys copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 with_items: authorized_keys - name: Copy secondary zone file copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644 with_items: bind_zone_fftdf - name: Bind9, activate fftdf zone lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present - name: Copy option template template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 - name: Copy radvd config template template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 - name: Alfed message template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544 - name: Add cron job with alfred info script cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root" - name: Interface configuration with ffrl gre tunnel copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544 when: sn_exit is defined - apt: update_cache=yes - name: Install bird apt: state=installed pkg=bird when: sn_exit is defined - name: Bird configuration copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444 when: sn_exit is defined - name: Bird configuration copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444 when: sn_exit is defined - name: set netfilter rules lineinfile: dest=/etc/sysctl.conf line="{{ item }}" with_items: - net.ipv4.netfilter.ip_conntrack_generic_timeout = 240 - net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000 - net.netfilter.nf_conntrack_max = 262144 - name: check modprobe.conf stat: path=/etc/modprobe.conf register: modprobe1 - name: create /etc/modprobe.conf when not present file: path=/etc/modprobe.conf state=touch owner=root group=root mode=0544 when: modprobe1.stat.exists == False - name: check /etc/modprobe.conf lineinfile: dest=/etc/modprobe.conf line="options ip_conntrack hashsize=65536" - name: Reboot the server finally shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 poll: 0 ignore_errors: true when: tunneldigger.changed - name: Wirte version information shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version - name: waiting for server to come back local_action: wait_for host={{ inventory_hostname }} port=22 delay=20 timeout=300 when: tunneldigger.changed - name: Send notification message via Slack local_action: module: slack token: "{{ slack_token }}" msg: "{{ inventory_hostname }} completed with {{ snversion }}" channel: "#technik" username: "Ansible on {{ inventory_hostname }}" parse: 'none'