# First install ssh-key at remote computer # In case of python error start: # ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y" - name: Install Freifunk Troisdorf super node # hosts: FreifunkSupernodesL2TP hosts: '{{ target }}' sudo: False user: root gather_facts: False vars: snversion: master_v3.1.5 batmanversion: v2017.4 common_required_packages: - git - make - gcc - build-essential - pkg-config - libgps-dev - libnl-3-dev - libjansson-dev - isc-dhcp-server - libcap-dev - iproute - libnetfilter-conntrack3 - python-dev - libevent-dev - ebtables - python-virtualenv - iptables-persistent - iftop - screen - bridge-utils - tcpdump - bind9 - radvd - curl - htop - psmisc - dnsutils - ntp - libnl-genl-3-dev - virtualenv - batman-adv - batctl - libffi-dev - libnetfilter-conntrack-dev - libnfnetlink-dev - speedtest-cli modules_required: - batman-adv - nf_conntrack_netlink - nf_conntrack - nfnetlink - l2tp_netlink - l2tp_core - l2tp_eth tunneldigger_scripts: - start-broker.sh - batdelif.sh tunneldigger_service: - tunneldigger.service broker_cfg: - l2tp_broker.cfg authorized_keys: - authorized_keys logrotate_config: - logrotate.conf tasks: - name: Remove cdrom in sources.list raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list" - name: Make this server ansible compatible raw: "apt-get update && apt-get install python apt-transport-https dirmngr -y" - name: Adding Freifuck GPG Key raw: "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B2522557E6AB9BF5" # apt_key: # id: B2522557E6AB9BF5 # url: https://keyserver.ubuntu.com # url: https://pool.sks-keyservers.net # url: https://sks.pod01.fleetstreetops.com # state: present - name: Import Slack token include_vars: "{{ slack_token_file }}" - name: Import root password include_vars: "{{ root_password_file }}" - name: Add Freifuck repo to source list apt_repository: repo='deb https://freifuck.de/debian stretch main' state=present - name: Add backport repo to source list apt_repository: repo='deb http://http.debian.net/debian stretch-backports main' state=present - name: Update apt cache apt: update_cache=yes - name: Gathering facts setup: - name: Set IPv4 in hostfile lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv4.address }}' line='{{ ansible_default_ipv4.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present - name: Set IPv6 in hostfile lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv6.address }}' line='{{ ansible_default_ipv6.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present when: ansible_default_ipv6.address is defined - name: set hostname hostname: name='{{ sn_hostname }}' register: sethostname - name: disable multi CPU Kernel (SMP) lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present register: grubnosmp - name: Update grub shell: update-grub2 when: grubnosmp.changed - name: Reboot the server shell: sleep 2 && shutdown -r now "Ansible updates triggered, no SMP" async: 1 poll: 0 ignore_errors: true when: sethostname.changed - name: waiting for server to come back (1st) local_action: wait_for host={{ inventory_hostname }} port=22 delay=20 timeout=300 when: hosts.changed when: sethostname.changed - name: Install common required packages apt: name: "{{ item }}" state: present update_cache: yes with_items: "{{ common_required_packages }}" register: aptupdates - name: Set clock shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start - name: Get Tunneldigger git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger register: tunneldigger when: aptupdates.changed - name: Configure tunneldigger raw: "cd /srv/tunneldigger && virtualenv env_tunneldigger && source env_tunneldigger/bin/activate && cd broker && python setup.py install" when: tunneldigger.changed - name: Copy l2tp broker config template template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444 with_items: "{{ broker_cfg }}" when: tunneldigger.changed - name: Copy tunneldigger script template template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500 when: tunneldigger.changed - name: Copy tunneldigger scripts copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500 with_items: "{{ tunneldigger_scripts }}" when: tunneldigger.changed - name: Copy tunneldigger service template copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444 with_items: "{{ tunneldigger_service }}" when: tunneldigger.changed - name: Add modules lineinfile: dest=/etc/modules line={{ item }} with_items: "{{ modules_required }}" register: modules_req - name: Tunneldigger reload command: "{{item}}" with_items: - systemctl daemon-reload - systemctl enable tunneldigger.service when: tunneldigger.changed - name: Copy logrotate config copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 with_items: "{{logrotate_config}}" - name: Create freifunk directory file: path=/opt/freifunk state=directory mode=0755 - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 register: dhcpd - name: Clone static DHCP config git: repo="{{ static_dhcp_repo }}" dest=/opt/freifunk/static-dhcp when: dhcpd.changed - name: Add cron static DHCP cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh" when: dhcpd.changed - name: Restart dhcpd service: name=isc-dhcp-server state=restarted when: dhcpd.changed ignore_errors: yes - name: Add cron backbone script cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" - name: Add cron startup script cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" - name: Copy backbone script template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 - name: Exit node startup script super- and exitnode template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 when: sn_exit is defined - name: Exit node startup script super- and exitnode template: src=./files/sn_startup.local.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 when: sn_local_exit is defined - name: SSH authorized_keys copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 with_items: "{{ authorized_keys }}" - name: Bind9, activate ff zone lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/ff/ff.conf";' state=present - name: Copy option template template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 - name: Create ff directory file: path=/etc/bind/ff state=directory - name: Copy FF Zones copy: src=./files/ff/{{ item }} dest=/etc/bind/ff/{{ item }} owner=root group=bind mode=644 with_items: - ff.conf - name: Copy ff Zone config template template: src=./files/ff/db.ff.j2 dest=/etc/bind/ff/db.ff owner=bind group=root mode=0444 - name: Copy radvd config template template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 - name: Interface configuration with ffrl gre tunnel template: src=./files/interfaces-{{ sn_hostname }}.j2 dest=/etc/network/interfaces owner=root group=root mode=0544 - apt: update_cache=yes - name: Install bird apt: state=present pkg=bird - name: Bird configuration copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444 - name: Bird configuration copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444 - name: Copy Slacktee Config template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544 - name: Copy Slacktee copy: src=./files/slacktee.sh dest=/usr/local/bin/slacktee.sh owner=root group=root mode=0744 - name: set netfilter rules lineinfile: dest: /etc/sysctl.conf line: "{{ item }}" with_items: - net.ipv4.netfilter.ip_conntrack_generic_timeout = 240 - net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000 - net.netfilter.nf_conntrack_max = 65536 - name: check modprobe.conf stat: path=/etc/modprobe.conf register: modprobe1 - name: create /etc/modprobe.conf when not present file: path=/etc/modprobe.conf state=touch owner=root group=root mode=0544 when: modprobe1.stat.exists == False - name: check /etc/modprobe.conf lineinfile: dest=/etc/modprobe.conf line="options ip_conntrack hashsize=65536" - name: Change root password user: name: root password: "{{ sn_rootpasswd }}" - name: Logrotate rights file: path=/etc/logrotate.conf mode=0644 owner=root group=root - name: Wirte version information shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version - name: Reboot the server finally shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 poll: 0 ignore_errors: true when: tunneldigger.changed - name: waiting for server to come back local_action: wait_for host={{ inventory_hostname }} port=22 delay=20 timeout=300 when: tunneldigger.changed - name: Send notification message via Slack local_action: module: slack token: "{{ slack_token }}" msg: "{{ inventory_hostname }} completed with {{ snversion }}" channel: "#technik" username: "Ansible on {{ inventory_hostname }}" parse: 'none'