Convert build script to Ansible

2015-03-25 15:56:41 -04:00 · 2015-03-25 15:56:41 -04:00 · 62a57712ed
parent e81a08fb89
commit 62a57712ed
13 changed files with 219 additions and 0 deletions
--- a/ansible/inventory
+++ b/ansible/inventory
@ -0,0 +1,2 @@
+[akanda]
+10.10.10.76 ansible_ssh_user=akanda
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -0,0 +1,26 @@
+---
+- hosts: all
+  sudo: true
+
+  vars:
+    bird_enable: True
+    bird6_enable: True
+    bird_enable_service: False
+    dnsmasq_conf_dir: /etc/dnsmasq.d
+    dnsmasq_conf_file: /etc/dnsmasq.conf
+    install_extras: False
+    do_cleanup: True
+    router_appliance: True
+    update_kernel: False
+
+  tasks:
+    - include: tasks/debian_backports.yml
+      when: ansible_distribution == "Debian" and ansible_distribution_release == "wheezy"
+    - include: tasks/update_kernel.yml
+      when: update_kernel
+    - include: tasks/base.yml
+    - include: tasks/akanda.yml
+    - include: tasks/bird.yml
+    - include: tasks/dnsmasq.yml
+    - include: tasks/extras.yml
+      when: install_extras
--- a/ansible/tasks/akanda.yml
+++ b/ansible/tasks/akanda.yml
@ -0,0 +1,52 @@
+---
+
+- name: install base packages
+  apt: name={{item}} state=installed install_recommends=no
+  with_items:
+    - python-pip
+    - python-dev
+
+- name: copy akanda-appliance code
+  synchronize: src={{ playbook_dir }}/.. dest=/tmp/akanda-appliance
+
+- name: ensure latest setuptools
+  pip: name=setuptools state=latest
+
+- name: install required files
+  pip: requirements=/tmp/akanda-appliance/requirements.txt
+
+- name: install akanda-appliance
+  command: python setup.py install chdir=/tmp/akanda-appliance
+
+- name: install init.d files
+  copy: src={{playbook_dir}}/../scripts/etc/init.d/{{item}} dest=/etc/init.d/{{item}} mode=0555
+  with_items:
+    - metadata
+    - akanda-router-api-server
+
+- name: update-rc
+  command: update-rc.d akanda-router-api-server start
+
+- name: add timestamp
+  shell: date > arg1 creates=/etc/akanda-release
+
+- name: enable forwarding
+  sysctl: name={{item}} value=1 sysctl_set=yes state=present reload=yes
+  with_items:
+   - net.ipv4.ip_forward
+   - net.ipv6.conf.all.forwarding
+  when: router_appliance
+
+- name: remove packages only needed for build
+  apt: name={{item}} state=absent
+  with_items:
+    - python-pip
+    - python-dev
+    - build-essential
+  when: do_cleanup
+
+- name: Autoremove unused packages
+  command: apt-get -y autoremove
+  when: do_cleanup
+
+
--- a/ansible/tasks/base.yml
+++ b/ansible/tasks/base.yml
@ -0,0 +1,32 @@
+---
+
+- name: install base packages
+  apt: name={{item}} state=installed install_recommends=no
+  with_items:
+    - wget
+    - iptables
+    - iptables-persistent
+    - conntrack
+    - ntp
+
+- name: latest bash (CVE-2014-6271)
+  apt: name=bash state=latest install_recommends=no
+
+- name: remove timezone
+  command: rm -f arg1 removes=/etc/localtime
+
+- name: set timezone to UTC
+  command: ln -s /usr/share/zoneinfo/UTC arg1 creates=/etc/localtime
+
+- name: setting hostname
+  copy: content="akanda-linux" dest=/etc/hostname
+
+- name: set default nameserver
+  copy: content="nameserver 8.8.8.8" dest=/etc/resolv.conf
+
+- name: vanity motd
+  template: src=motd.j2 dest=/etc/motd
+
+- name: disable fsck on boot via fastboot
+  file: path=/fastboot state=touch
+
--- a/ansible/tasks/bird.yml
+++ b/ansible/tasks/bird.yml
@ -0,0 +1,26 @@
+---
+
+- name: install bird
+  apt: name=bird state=installed install_recommends=no default_release=wheezy-backports
+  when: bird_enable
+
+- name: install bird6
+  apt: name=bird6 state=installed install_recommends=no default_release=wheezy-backports
+  when: bird6_enable
+
+# Debian version does not support status ensure that it exists
+- name: ensure bird status works in init.d
+  replace: dest=/etc/init.d/bird regexp='(\;\;\s*)\n(\s*reload\|)' replace='\1\n  status)\n    status_of_proc $DAEMON $NAME && exit 0 || exit $?\n    ;;\n\2'
+  when: bird_enable
+
+- name: ensure bird6 status works in init.d
+  replace: dest=/etc/init.d/bird6 regexp='(\;\;\s*)\n(\s*reload\|)' replace='\1\n  status)\n    status_of_proc $DAEMON $NAME && exit 0 || exit $?\n    ;;\n\2'
+  when: bird6_enable
+
+- name: Ensure bird is started
+  service: name=bird state=started enabled=yes
+  when: bird_enable and bird_enable_service
+
+- name: Ensure bird6 is started
+  service: name=bird6 state=started enabled=yes
+  when: bird6_enable and bird_enable_service
--- a/ansible/tasks/debian_backports.yml
+++ b/ansible/tasks/debian_backports.yml
@ -0,0 +1,5 @@
+- name: Install Wheezy Backports and update
+  apt_repository: repo="deb http://http.debian.net/debian wheezy-backports main"
+
+- name: Update Cache
+  apt: update_cache=yes cache_valid_time=3600
--- a/ansible/tasks/dnsmasq.yml
+++ b/ansible/tasks/dnsmasq.yml
@ -0,0 +1,13 @@
+---
+- name: install dnsmasq (Debian)
+  apt: name=dnsmasq state=installed install_recommends=no
+
+- name: Create config directory
+  file: path={{dnsmasq_conf_dir}} state=directory mode=0755
+
+- name: Generate Config
+  template: src=dnsmasq.conf.j2 dest={{dnsmasq_conf_file}}
+
+- name: Ensure dnsmasq is started
+  service: name=dnsmasq state=started enabled=yes
+
--- a/ansible/tasks/extras.yml
+++ b/ansible/tasks/extras.yml
@ -0,0 +1,8 @@
+---
+
+- name: install extras
+  apt: name={{item}} state=installed install_recommends=no
+  with_items:
+    - mtr
+    - tcpdump
+    - tshark
--- a/ansible/tasks/update_kernel.yml
+++ b/ansible/tasks/update_kernel.yml
@ -0,0 +1,21 @@
+---
+
+- stat: path=/boot/grub
+  register: grub_dir
+
+- stat: path=/boot
+  register: boot_dir
+
+- name: install kernel (Debian)
+  apt: name=linux-image-amd64 state=latest install_recommends=no
+
+- name: update grub conf
+  when: grub_dir.stat.exists == True
+  template: src=default_grub dest=/etc/default/grub
+
+- stat: path=/boot
+  register: boot_dir_after
+
+- name: update-grub
+  when: boot_dir_after.stat.mtime > boot_dir.stat.mtime
+  command: update-grub
--- a/ansible/templates/default_grub
+++ b/ansible/templates/default_grub
@ -0,0 +1,9 @@
+# If you change this file, run 'update-grub' afterwards to update
+# /boot/grub/grub.cfg.
+
+GRUB_DEFAULT=0
+GRUB_TIMEOUT=0
+GRUB_DISTRIBUTOR=Debian
+GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0,115200n8"
+# Disable GSO (Generic Segmentation Offload) in order to improve IPv6 forwarding performance
+GRUB_CMDLINE_LINUX="debian-installer=en_US virtio_net.gso=0"
--- a/ansible/templates/dnsmasq.conf.j2
+++ b/ansible/templates/dnsmasq.conf.j2
@ -0,0 +1,9 @@
+bind-interfaces
+leasefile-ro
+domain-needed
+bogus-priv
+no-hosts
+no-poll
+strict-order
+dhcp-lease-max=256
+conf-dir={{dnsmasq_conf_dir}}
--- a/ansible/templates/motd.j2
+++ b/ansible/templates/motd.j2
@ -0,0 +1,8 @@
+    ___   ___                       .___
+   /   \\  \\  | - L3 for OpenStack - | _/
+  /  _  \\ |  | _______    ____    __| | ____
+ /  /_\\  \\|  |/ /\\__  \\  /    \\  / __ |\\__  \\
+/    |    \\    <  / __ \\|   |  \\/ /_/ | / __ \\_
+\\____|__  /__|_ \\(____  /___|  /\\____ |(____  /
+        \\/     \\/     \\/     \\/      \\/     \\/
+Welcome to Akanda: Powered by Unicorns.
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,8 @@
+flask>=0.9
+dogpile.cache>=0.5.4
+gunicorn>=0.14.6,<19
+netaddr>=0.7.7
+eventlet>=0.9.17
+requests>=0.14.1,<=1.2.0
+greenlet>=0.4.0
+