diff --git a/ansible/inventory b/ansible/inventory new file mode 100644 index 0000000..662d3e6 --- /dev/null +++ b/ansible/inventory @@ -0,0 +1,2 @@ +[akanda] +10.10.10.76 ansible_ssh_user=akanda diff --git a/ansible/main.yml b/ansible/main.yml new file mode 100644 index 0000000..d071c33 --- /dev/null +++ b/ansible/main.yml @@ -0,0 +1,26 @@ +--- +- hosts: all + sudo: true + + vars: + bird_enable: True + bird6_enable: True + bird_enable_service: False + dnsmasq_conf_dir: /etc/dnsmasq.d + dnsmasq_conf_file: /etc/dnsmasq.conf + install_extras: False + do_cleanup: True + router_appliance: True + update_kernel: False + + tasks: + - include: tasks/debian_backports.yml + when: ansible_distribution == "Debian" and ansible_distribution_release == "wheezy" + - include: tasks/update_kernel.yml + when: update_kernel + - include: tasks/base.yml + - include: tasks/akanda.yml + - include: tasks/bird.yml + - include: tasks/dnsmasq.yml + - include: tasks/extras.yml + when: install_extras diff --git a/ansible/tasks/akanda.yml b/ansible/tasks/akanda.yml new file mode 100644 index 0000000..8fe3fd8 --- /dev/null +++ b/ansible/tasks/akanda.yml @@ -0,0 +1,52 @@ +--- + +- name: install base packages + apt: name={{item}} state=installed install_recommends=no + with_items: + - python-pip + - python-dev + +- name: copy akanda-appliance code + synchronize: src={{ playbook_dir }}/.. dest=/tmp/akanda-appliance + +- name: ensure latest setuptools + pip: name=setuptools state=latest + +- name: install required files + pip: requirements=/tmp/akanda-appliance/requirements.txt + +- name: install akanda-appliance + command: python setup.py install chdir=/tmp/akanda-appliance + +- name: install init.d files + copy: src={{playbook_dir}}/../scripts/etc/init.d/{{item}} dest=/etc/init.d/{{item}} mode=0555 + with_items: + - metadata + - akanda-router-api-server + +- name: update-rc + command: update-rc.d akanda-router-api-server start + +- name: add timestamp + shell: date > arg1 creates=/etc/akanda-release + +- name: enable forwarding + sysctl: name={{item}} value=1 sysctl_set=yes state=present reload=yes + with_items: + - net.ipv4.ip_forward + - net.ipv6.conf.all.forwarding + when: router_appliance + +- name: remove packages only needed for build + apt: name={{item}} state=absent + with_items: + - python-pip + - python-dev + - build-essential + when: do_cleanup + +- name: Autoremove unused packages + command: apt-get -y autoremove + when: do_cleanup + + diff --git a/ansible/tasks/base.yml b/ansible/tasks/base.yml new file mode 100644 index 0000000..294faca --- /dev/null +++ b/ansible/tasks/base.yml @@ -0,0 +1,32 @@ +--- + +- name: install base packages + apt: name={{item}} state=installed install_recommends=no + with_items: + - wget + - iptables + - iptables-persistent + - conntrack + - ntp + +- name: latest bash (CVE-2014-6271) + apt: name=bash state=latest install_recommends=no + +- name: remove timezone + command: rm -f arg1 removes=/etc/localtime + +- name: set timezone to UTC + command: ln -s /usr/share/zoneinfo/UTC arg1 creates=/etc/localtime + +- name: setting hostname + copy: content="akanda-linux" dest=/etc/hostname + +- name: set default nameserver + copy: content="nameserver 8.8.8.8" dest=/etc/resolv.conf + +- name: vanity motd + template: src=motd.j2 dest=/etc/motd + +- name: disable fsck on boot via fastboot + file: path=/fastboot state=touch + diff --git a/ansible/tasks/bird.yml b/ansible/tasks/bird.yml new file mode 100644 index 0000000..db5e17b --- /dev/null +++ b/ansible/tasks/bird.yml @@ -0,0 +1,26 @@ +--- + +- name: install bird + apt: name=bird state=installed install_recommends=no default_release=wheezy-backports + when: bird_enable + +- name: install bird6 + apt: name=bird6 state=installed install_recommends=no default_release=wheezy-backports + when: bird6_enable + +# Debian version does not support status ensure that it exists +- name: ensure bird status works in init.d + replace: dest=/etc/init.d/bird regexp='(\;\;\s*)\n(\s*reload\|)' replace='\1\n status)\n status_of_proc $DAEMON $NAME && exit 0 || exit $?\n ;;\n\2' + when: bird_enable + +- name: ensure bird6 status works in init.d + replace: dest=/etc/init.d/bird6 regexp='(\;\;\s*)\n(\s*reload\|)' replace='\1\n status)\n status_of_proc $DAEMON $NAME && exit 0 || exit $?\n ;;\n\2' + when: bird6_enable + +- name: Ensure bird is started + service: name=bird state=started enabled=yes + when: bird_enable and bird_enable_service + +- name: Ensure bird6 is started + service: name=bird6 state=started enabled=yes + when: bird6_enable and bird_enable_service diff --git a/ansible/tasks/debian_backports.yml b/ansible/tasks/debian_backports.yml new file mode 100644 index 0000000..7ee7ff9 --- /dev/null +++ b/ansible/tasks/debian_backports.yml @@ -0,0 +1,5 @@ +- name: Install Wheezy Backports and update + apt_repository: repo="deb http://http.debian.net/debian wheezy-backports main" + +- name: Update Cache + apt: update_cache=yes cache_valid_time=3600 diff --git a/ansible/tasks/dnsmasq.yml b/ansible/tasks/dnsmasq.yml new file mode 100644 index 0000000..68ed57c --- /dev/null +++ b/ansible/tasks/dnsmasq.yml @@ -0,0 +1,13 @@ +--- +- name: install dnsmasq (Debian) + apt: name=dnsmasq state=installed install_recommends=no + +- name: Create config directory + file: path={{dnsmasq_conf_dir}} state=directory mode=0755 + +- name: Generate Config + template: src=dnsmasq.conf.j2 dest={{dnsmasq_conf_file}} + +- name: Ensure dnsmasq is started + service: name=dnsmasq state=started enabled=yes + diff --git a/ansible/tasks/extras.yml b/ansible/tasks/extras.yml new file mode 100644 index 0000000..5b6af83 --- /dev/null +++ b/ansible/tasks/extras.yml @@ -0,0 +1,8 @@ +--- + +- name: install extras + apt: name={{item}} state=installed install_recommends=no + with_items: + - mtr + - tcpdump + - tshark diff --git a/ansible/tasks/update_kernel.yml b/ansible/tasks/update_kernel.yml new file mode 100644 index 0000000..47c0eb2 --- /dev/null +++ b/ansible/tasks/update_kernel.yml @@ -0,0 +1,21 @@ +--- + +- stat: path=/boot/grub + register: grub_dir + +- stat: path=/boot + register: boot_dir + +- name: install kernel (Debian) + apt: name=linux-image-amd64 state=latest install_recommends=no + +- name: update grub conf + when: grub_dir.stat.exists == True + template: src=default_grub dest=/etc/default/grub + +- stat: path=/boot + register: boot_dir_after + +- name: update-grub + when: boot_dir_after.stat.mtime > boot_dir.stat.mtime + command: update-grub diff --git a/ansible/templates/default_grub b/ansible/templates/default_grub new file mode 100644 index 0000000..f1f7f4e --- /dev/null +++ b/ansible/templates/default_grub @@ -0,0 +1,9 @@ +# If you change this file, run 'update-grub' afterwards to update +# /boot/grub/grub.cfg. + +GRUB_DEFAULT=0 +GRUB_TIMEOUT=0 +GRUB_DISTRIBUTOR=Debian +GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0,115200n8" +# Disable GSO (Generic Segmentation Offload) in order to improve IPv6 forwarding performance +GRUB_CMDLINE_LINUX="debian-installer=en_US virtio_net.gso=0" diff --git a/ansible/templates/dnsmasq.conf.j2 b/ansible/templates/dnsmasq.conf.j2 new file mode 100644 index 0000000..239feea --- /dev/null +++ b/ansible/templates/dnsmasq.conf.j2 @@ -0,0 +1,9 @@ +bind-interfaces +leasefile-ro +domain-needed +bogus-priv +no-hosts +no-poll +strict-order +dhcp-lease-max=256 +conf-dir={{dnsmasq_conf_dir}} diff --git a/ansible/templates/motd.j2 b/ansible/templates/motd.j2 new file mode 100644 index 0000000..e3eeef4 --- /dev/null +++ b/ansible/templates/motd.j2 @@ -0,0 +1,8 @@ + ___ ___ .___ + / \\ \\ | - L3 for OpenStack - | _/ + / _ \\ | | _______ ____ __| | ____ + / /_\\ \\| |/ /\\__ \\ / \\ / __ |\\__ \\ +/ | \\ < / __ \\| | \\/ /_/ | / __ \\_ +\\____|__ /__|_ \\(____ /___| /\\____ |(____ / + \\/ \\/ \\/ \\/ \\/ \\/ +Welcome to Akanda: Powered by Unicorns. diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..4f294d0 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,8 @@ +flask>=0.9 +dogpile.cache>=0.5.4 +gunicorn>=0.14.6,<19 +netaddr>=0.7.7 +eventlet>=0.9.17 +requests>=0.14.1,<=1.2.0 +greenlet>=0.4.0 +