playbook: add ors-offline playbook

playbook/ors-offline.yml

+- name: a play that runs entirely on the ansible host
+  hosts: 127.0.0.1
+  connection: local
+
+  vars_files:
+    - settings/vifib.yml
+    - settings/slapos-master.yml
+    - settings/ors.yml
+
+  roles:
+    - ors-offline

playbook/roles/ors-offline/files/configure-firewall

+#!/bin/bash
+
+# Enable ipv4 and ipv6 forwarding for core network
+echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
+echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+
+# Set correct iptables rules
+mkdir -p /etc/iptables
+IF_LIST=()
+CONFV4="/etc/iptables/rules.v4"
+TMPV4="/tmp/rules.v4.$(date +%s)"
+CONFV6="/etc/iptables/rules.v6"
+TMPV6="/tmp/rules.v6.$(date +%s)"
+
+## Get sorted list of physical network interfaces
+cd /sys/class/net;
+for IF in $(find . -type l -printf "%f\n"); do
+  # If interface is not virtual
+  if ! realpath $(readlink $IF) | grep -q "^/sys/devices/virtual"; then
+    IF_LIST+=($IF);
+  fi
+done
+IFS=$'\n' IF_LIST_SORTED=($(sort <<<"${IF_LIST[*]}"))
+unset IFS
+
+## Write target IPv4 rules
+cat > $TMPV4 << EOF
+*nat
+:PREROUTING ACCEPT
+:INPUT ACCEPT
+:OUTPUT ACCEPT
+:POSTROUTING ACCEPT
+-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination :5353
+-A POSTROUTING -p udp -m udp --sport 5353 -j SNAT --to-source :53
+EOF
+for IF in "${IF_LIST_SORTED[@]}"; do
+  cat >> $TMPV4 << EOF
+-A POSTROUTING -o $IF -j MASQUERADE
+EOF
+done
+cat >> $TMPV4 << EOF
+COMMIT
+*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+COMMIT
+EOF
+## Write target IPv6 rules
+cat > $TMPV6 << EOF
+*nat
+:PREROUTING ACCEPT
+:INPUT ACCEPT
+:OUTPUT ACCEPT
+:POSTROUTING ACCEPT
+EOF
+for IF in "${IF_LIST_SORTED[@]}"; do
+  cat >> $TMPV6 << EOF
+-A POSTROUTING -o $IF -j MASQUERADE
+EOF
+done
+cat >> $TMPV6 << EOF
+COMMIT
+*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+COMMIT
+EOF
+
+## Reconfigure iptables if current rules doens't match target rules
+touch $CONFV4 $CONFV6
+if ! diff $TMPV4 $CONFV4; then
+  cp $TMPV4 $CONFV4
+  iptables-restore $CONFV4
+fi
+if ! diff $TMPV6 $CONFV6; then
+  cp $TMPV6 $CONFV6
+  ip6tables-restore $CONFV6
+fi
+rm -f $TMPV4 $TMPV6

playbook/roles/ors-offline/files/configure-grub

+#!/bin/bash
+CONF="/etc/default/grub"
+BAK="/tmp/default.grub"
+N_CORE="$(($(lscpu | sed -n 's/^Core.*: *\([0-9]*\)/\1/gp') * $(lscpu | sed -n 's/^Socket.*: *\([0-9]*\)/\1/gp')))"
+cp $CONF $BAK;
+if ! (grep -q idle=halt /proc/cmdline && grep -q "maxcpus=$N_CORE" /proc/cmdline); then
+  sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT.*\)idle=[a-z]* *\(.*\)/\1\2/g' $CONF;
+  sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT.*\)"/\1 idle=halt"/g' $CONF;
+  sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT.*\)maxcpus=[0-9]* *\(.*\)/\1\2/g' $CONF;
+  sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT.*\)"/\1 maxcpus='"$N_CORE"'"/g' $CONF;
+  if ! update-grub; then
+    cp $BAK $CONF;
+    update-grub;
+  fi
+fi
+rm -f $BAK;

playbook/roles/ors-offline/files/configure-re6st

+#!/bin/bash
+IF_LIST=()
+RM_IF_LIST=()
+CONF="/etc/re6stnet/re6stnet.conf"
+TMP="/tmp/re6stnet.conf.$(date +%s)"
+cd /sys/class/net;
+for IF in $(find . -type l -printf "%f\n"); do
+  # If interface is virtual
+  if ! realpath $(readlink $IF) | grep -q "^/sys/devices/virtual"; then
+    # If interface is up and has IPv6 neighbours
+    if [ "$(cat $IF/operstate)" = "up" ] && [ -n "$(ip -6 neigh list dev $IF)" ]; then
+      # Special case: interfaces connected to Lille office LAN should not have interface option enabled
+      if ! ping6 -q -c3 -w3 fe80::20d:b9ff:fe3f:9055%$IF; then
+        IF_LIST+=($IF);
+      else
+        RM_IF_LIST+=($IF);
+      fi
+    fi
+  fi
+done
+cp $CONF $TMP;
+REPLACE=0
+# Check if configuration is correct
+for IF in "${IF_LIST[@]}"; do
+  if ! grep -q "^interface $IF" $TMP; then
+    REPLACE=1
+  fi
+done
+for IF in "${RM_IF_LIST[@]}"; do
+  if grep -q "^interface $IF" $TMP; then
+    REPLACE=1
+  fi
+done
+# Reconfigure re6st if configuration not correct
+if (( $REPLACE )); then
+  sed -i '/^interface/d' $TMP
+  for IF in "${IF_LIST[@]}"; do
+    echo "interface $IF" >> $TMP
+  done
+  mv $TMP $CONF;
+  systemctl restart re6stnet
+fi
+rm -rf $TMP;

playbook/roles/ors-offline/files/configure-slapos.py

+#!/usr/bin/env python3
+import configparser
+import subprocess
+
+CONF_PATH = "/etc/opt/slapos/slapos.cfg"
+
+ors_config = {
+    'slapformat': {
+        'create_tun': 'True',
+        'partition_amount': '20',
+        'ipv6_prefixshift': '7',
+    },
+    'networkcache': {
+        'download-from-binary-cache-force-url-list': '''
+https://lab.nexedi.com/nexedi/slapos/raw/1.
+https://lab.node.vifib.com/nexedi/slapos/raw/1.0.''',
+    },
+}
+
+with open('/opt/upgrader/configure-slapos.log', 'w+') as l:
+
+    l.write("[configure-slapos] Configuring slapos...\n")
+
+    config = configparser.ConfigParser()
+    config.read(CONF_PATH)
+
+    def is_slapformat_valid():
+        for k in ors_config['slapformat']:
+            if ors_config['slapformat'][k] != \
+               config.setdefault('slapformat', {}).setdefault(k, ''):
+                l.write("[configure-slapos] {} not valid ( {} != {} )\n".format(k, ors_config['slapformat'][k], config.setdefault('slapformat', {}).setdefault(k, '')))
+                return False
+        return True
+    slapformat_valid = is_slapformat_valid()
+
+    config['slapformat'].update(ors_config['slapformat'])
+    config['networkcache'].update(ors_config['networkcache'])
+    with open(CONF_PATH, 'w+') as f:
+        config.write(f)
+
+
+    if not slapformat_valid:
+        l.write("[configure-slapos] slapos.cfg not valid\n")
+        # Delete slaptun devices
+        for i in range(0,19):
+            subprocess.run(['ip', 'link', 'delete', 'slaptun{}'.format(i)])
+        subprocess.run(['rm', '-f', '/opt/slapos/slapos.xml'], check=True)
+        subprocess.run(['slapos', 'node', 'format', '--now'], check=True, capture_output=True)

playbook/roles/ors-offline/files/configure-sudoers

+#!/bin/bash
+mkdir -p /etc/sudoers.d
+COMMAND_LIST=("rm-tmp-lte" "init-enb" "init-mme" "init-sdr" "get-sdr-info")
+PARTITION_AMOUNT="$(sed -n 's/partition_amount = \(.*\)/\1/gp' /etc/opt/slapos/slapos.cfg)"
+for c in "${COMMAND_LIST[@]}"; do
+  SLAPUSER_LINES="$(cat /etc/sudoers.d/slapuser-$c 2> /dev/null | wc -l)"
+  if [ "$SLAPUSER_LINES" != "$PARTITION_AMOUNT" ]; then
+    echo "Configuring /etc/sudoers.d/slapuser-$c..."
+    for i in $(seq 0 $(($PARTITION_AMOUNT-1))); do
+      echo "slapuser$i ALL=NOPASSWD:/opt/amarisoft/$c" >> slapuser-$c
+    done
+    mv slapuser-$c /etc/sudoers.d/
+    chmod 440 /etc/sudoers.d/slapuser-$c
+  fi
+done
+c="sdr-util"
+SLAPUSER_LINES="$(cat /etc/sudoers.d/slapuser-$c 2> /dev/null | wc -l)"
+AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1)"
+if [ "$SLAPUSER_LINES" != "$PARTITION_AMOUNT" ]; then
+  echo "Configuring /etc/sudoers.d/slapuser-$c..."
+  for i in $(seq 0 $(($PARTITION_AMOUNT-1))); do
+    echo "slapuser$i ALL=NOPASSWD:$AMARISOFT_PATH/trx_sdr/sdr_util -c 0 version" >> slapuser-$c
+  done
+  mv slapuser-$c /etc/sudoers.d/
+  chmod 440 /etc/sudoers.d/slapuser-$c
+fi

playbook/roles/ors-offline/files/format-ims

+#!/opt/slapos/parts/python3/bin/python3
+# Copyright (C) 2023-2024  Nexedi SA and Contributors.
+#
+# This program is free software: you can Use, Study, Modify and Redistribute
+# it under the terms of the GNU General Public License version 3, or (at your
+# option) any later version, as published by the Free Software Foundation.
+#
+# You can also Link and Combine this program with other software covered by
+# the terms of any of the Free Software licenses or any of the Open Source
+# Initiative approved licenses and Convey the resulting work. Corresponding
+# source of such a combination shall include the source code for all other
+# software used.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# See COPYING file for full licensing terms.
+# See https://www.nexedi.com/licensing for rationale and options.
+"""Program format-ims splits each slaptun into two, adds a network
+namespace for IMS and configures a tun on that namespace
+"""
+
+# TODO Relying on format-ims should be replaced by slapos format.
+#      See discussion at
+#      https://lab.nexedi.com/nexedi/slapos/merge_requests/1471#note_194356
+#      for details.
+
+import os
+import sys
+try:
+    from packaging.version import Version
+except ModuleNotFoundError as e:
+    from distutils.version import StrictVersion as Version
+
+p = []
+for module in ['netifaces', 'netaddr']:
+    l = []
+    for directory in os.listdir('/opt/slapos/eggs'):
+        if directory.startswith(module):
+            l.append(directory)
+    p.append('/opt/slapos/eggs/' + sorted(l, key=lambda x:Version(x.split('%s-' % (module))[1].split('-')[0]))[-1])
+sys.path[0:0] = p
+
+os.environ['PATH'] = os.path.expandvars('/opt/slapos/parts/bison/bin:/opt/slapos/parts/bzip2/bin:/opt/slapos/parts/gettext/bin:/opt/slapos/parts/glib/bin:/opt/slapos/parts/libxml2/bin:/opt/slapos/parts/libxslt/bin:/opt/slapos/parts/m4/bin:/opt/slapos/parts/ncurses/bin:/opt/slapos/parts/openssl/bin:/opt/slapos/parts/pkgconfig/bin:/opt/slapos/parts/python3/bin:/opt/slapos/parts/readline/bin:/opt/slapos/parts/sqlite3/bin:/opt/slapos/parts/swig/bin:/opt/slapos/bin:/opt/slapos/parts/patch/bin:/opt/slapos/parts/socat/bin:$PATH')
+
+import logging
+import netifaces
+import netaddr
+from socket import AF_INET, AF_INET6
+from math import log2, ceil
+
+import sys
+import subprocess
+import json
+
+# LinkDB represents snapshot of state of all network interfaces.
+class LinkDB:
+    def __init__(db):
+        db.linkv = ip('link', 'show')
+
+    # ifget returns information about interface with specified name.
+    def ifget(db, ifname):
+        for link in db.linkv:
+            if link['ifname'] == ifname:
+                return link
+        raise KeyError('interface %r not found' % ifname)
+
+def main():
+
+    open(sys.argv[1], 'w+')
+    run('sed', '-i', '50001,$ d', sys.argv[1])
+
+    logger = logging.getLogger(__name__)
+    logging.basicConfig(filename=sys.argv[1], level=logging.DEBUG)
+    logging.basicConfig(format='%(asctime)s %(levelname)s %(message)s',
+                        level=logging.DEBUG)
+
+    for link in ip('link', 'list'):
+        tun = link['ifname']
+        if tun.startswith('slaptun'):
+            try:
+                int(tun.split('slaptun')[1])
+                formatTun(tun)
+            except (ValueError, IndexError) as e:
+                pass
+
+def formatTun(tun):
+
+    # determine tun's network address and owner
+    ldb = LinkDB()
+    _ = ldb.ifget(tun)
+    owner = _['linkinfo']['info_data']['user']
+    try:
+        net   = ifnet6(tun)
+        net4  = ifnet4(tun)
+    except RuntimeError as e:
+        return False
+
+    logging.info('%s: configure %s' % (tun, net))
+
+    # do the split
+    # with leaving first range for the original tun
+    subtun_set = set()
+    net4split = netsplit(net4, 2)
+    for i, subnet in enumerate(netsplit(net, 2)):
+        subnet4 = netaddr.IPNetwork("%s/%d" % (
+                  net4split[i].ip + 1, net4split[i].prefixlen))
+        if i == 0:
+            logging.info('preserve         %s' % subnet)
+            continue    # leave this range for original tun
+
+        subtun = '%s-%d' % (tun, i)
+        subtun_set.add(subtun)
+        logging.info('-> %s   %s %s' % (subtun, subnet, subnet4))
+        def note(msg):
+            logging.info(' # %s: %s' % (subtun, msg))
+
+        # create subtun
+        try:
+            link = ldb.ifget(subtun)
+        except KeyError:
+            run('ip', 'tuntap', 'add', 'dev', subtun, 'mode', 'tun', 'user', owner)
+            link = ip('link', 'show', 'dev', subtun)[0]
+        else:
+            note('already exists')
+
+        # set it up
+        if 'UP' not in link['flags']:
+            run('ip', 'link',   'set', subtun, 'up')
+        else:
+            note('already up')
+
+        # add subnet address
+        addrv = []
+        for _ in ip('-6', 'addr', 'show', 'dev', subtun):
+            addrv.extend(_['addr_info'])
+        for addr in addrv:
+            _ = netaddr.IPNetwork('%s/%s' % (addr['local'], addr['prefixlen']))
+            if _ == subnet and addr['noprefixroute']:
+                note('already has %s addr' % str(subnet))
+                break
+        else:
+            run('ip', 'addr',   'add', str(subnet), 'dev', subtun, 'noprefixroute')
+
+        # add subnet4 address
+        addrv = []
+        for _ in ip('-4', 'addr', 'show', 'dev', subtun):
+            addrv.extend(_['addr_info'])
+        for addr in addrv:
+            _ = netaddr.IPNetwork('%s/%s' % (addr['local'], addr['prefixlen']))
+            if _ == subnet4 and addr['noprefixroute']:
+                note('already has %s addr' % str(subnet4))
+                break
+        else:
+            run('ip', 'addr',   'add', str(subnet4), 'dev', subtun, 'noprefixroute')
+
+        # add /128 route to subnet::1
+        rtv = ip('-6', 'route', 'show', 'dev', subtun)
+        for rt in rtv:
+            if rt['dst'] == str(subnet[1])  and  'gateway' not in rt:
+                note('already has %s route' % str(subnet[1]))
+                break
+        else:
+            run('ip', 'route',  'add', str(subnet[1]), 'dev', subtun)
+
+        # add route to subnet via subnet::1
+        for rt in rtv:
+            if rt['dst'] == str(subnet)  and  rt.get('gateway') == str(subnet[1]):
+                note('already has %s route' % str(subnet))
+                break
+        else:
+            run('ip', 'route',  'add', str(subnet), 'dev', subtun, 'via', str(subnet[1]))
+
+        # configure IMS network namespace and tun
+        if i == 1:
+            tun_ims = '%s-ims' % (tun)
+            netns_ims = '%s-netns' % (tun_ims)
+            netns_ip4 = '%s/0' % (str(subnet4).split('/')[0])
+            netns_ip6 = '%s/0' % (str(subnet).split('/')[0])
+
+            try:
+                link = ldb.ifget(tun_ims)
+            except KeyError:
+                run('ip', 'tuntap', 'add', 'dev', tun_ims, 'mode', 'tun', 'user', owner)
+                link = ip('link', 'show', 'dev', tun_ims)[0]
+
+            for _ in ip('netns', 'list'):
+                if _['name'] == netns_ims:
+                    break
+            else:
+                run('ip', 'netns', 'add', netns_ims)
+
+            for _ in ip('netns', 'exec', netns_ims, 'ip', '-json',
+                        '-details', 'link', 'list'):
+                if _['ifname'] == tun_ims:
+                    break
+            else:
+                run('ip', 'link', 'set', 'dev', tun_ims,
+                    'name', tun_ims, 'netns', netns_ims)
+
+            addrv = []
+            for _ in ip('netns', 'exec', netns_ims, 'ip', '-json',
+                        '-details', '-4', 'addr', 'show', 'dev', tun_ims):
+                addrv.extend(_['addr_info'])
+            for addr in addrv:
+                _ = netaddr.IPNetwork('%s/%s' % (addr['local'], addr['prefixlen']))
+                if str(_) == netns_ip4:
+                    break
+            else:
+                run('ip', 'netns', 'exec', netns_ims, 'ip', 'addr',
+                    'add', netns_ip4, 'dev', tun_ims)
+
+            addrv = []
+            for _ in ip('netns', 'exec', netns_ims, 'ip', '-json',
+                        '-details', '-6', 'addr', 'show', 'dev', tun_ims):
+                addrv.extend(_['addr_info'])
+            for addr in addrv:
+                _ = netaddr.IPNetwork('%s/%s' % (addr['local'], addr['prefixlen']))
+                if str(_) == netns_ip6:
+                    break
+            else:
+                run('ip', 'netns', 'exec', netns_ims, 'ip', 'addr', 'add', netns_ip6,
+                    'dev', tun_ims)
+
+            if ip('netns', 'exec', netns_ims, 'ip', '-json', '-details', 'link', 'show',
+                   'dev', tun_ims)[0]['mtu'] != 1400:
+                run('ip', 'netns', 'exec', netns_ims, 'ip', 'link', 'set', tun_ims,
+                    'up', 'mtu', '1400')
+
+            for _ in ip('netns', 'exec', netns_ims, 'ip', '-json', '-details', 'route',
+                         'show', 'dev', tun_ims):
+                if _['dst'] == 'default':
+                    break
+            else:
+                    run('ip', 'netns', 'exec', netns_ims, 'ip', 'route', 'add',
+                        'default', 'dev', tun_ims)
+
+
+    # remove other existing children
+    for ifname in netifaces.interfaces():
+        if ifname.startswith('%s-' % tun) and (ifname not in subtun_set) and 'ims' not in ifname:
+            logging.info('-> del %s' % ifname)
+            run('ip', 'link', 'del', ifname)
+    return True
+
+
+# netsplit splits network into n subnetworks.
+def netsplit(net, n): # -> []subnet
+    # see how much prefix bits we need to take to be able to divide by n
+    ptake = ceil(log2(n))
+    return list( net.subnet(net.prefixlen + ptake) )[:n]
+
+# ifnet6 returns IPv6 network address associated with given interface.
+def ifnet6(ifname):
+    addr  = None
+    net   = None
+    prefixlen = None
+    for iaddr in netifaces.ifaddresses(ifname)[AF_INET6]:
+        a = iaddr['addr']
+        if '%' in a: # link-local
+            a = a.split('%')[0]
+            a = netaddr.IPAddress(a)
+            assert a.is_link_local(), a
+            continue
+
+        if addr is not None:
+            raise RuntimeError('%s: multiple addresses:  %s and %s' % (ifname, addr, a))
+
+        addr = netaddr.IPAddress(a)
+        netmask, plen = iaddr['netmask'].split('/')
+        prefixlen = int(plen)
+        net = netaddr.IPNetwork('%s/%d' % (a, prefixlen))
+
+    if addr is None:
+        raise RuntimeError('%s: no non link-local addresses' % ifname)
+
+    # normalize network
+    # ex 2401:5180:0:66:a7ff:ffff:ffff:ffff/71  ->  2401:5180:0:66:a600::/71
+    net = net.cidr
+    return net
+
+# ifnet4 returns IPv4 network address associated with given interface.
+def ifnet4(ifname):
+    addr  = None
+    net   = None
+    prefixlen = None
+    for iaddr in netifaces.ifaddresses(ifname)[AF_INET]:
+        a = iaddr['addr']
+
+        if addr is not None:
+            raise RuntimeError('%s: multiple addresses:  %s and %s' % (ifname, addr, a))
+
+        addr = netaddr.IPAddress(a)
+        net = netaddr.IPNetwork('%s/%s' % (a, iaddr['netmask']))
+
+    if addr is None:
+        raise RuntimeError('%s: no addresses' % ifname)
+
+    return net
+
+# run executes `*argv` as action.
+def run(*argv):
+    logging.info(' # %s' % ' '.join(argv))
+    subprocess.check_call(argv)
+
+# ip returns decoded output of `ip -details *argv`
+def ip(*argv):
+    _ = subprocess.check_output(['ip', '-json', '-details'] + list(argv))
+    return json.loads(_ or '{}')
+
+
+if __name__ == '__main__':
+    main()

playbook/roles/ors-offline/files/get-license-info

+#!/usr/bin/env python3
+
+import argparse, os, re, sys
+
+parser = argparse.ArgumentParser()
+parser.add_argument('-e', '--expiration', action='store_true')
+parser.add_argument('-v', '--version', action='store_true')
+args = parser.parse_args()
+
+amarisoft_dir = '/opt/amarisoft'
+try:
+  lte_version = sorted(filter(lambda x: re.match(r"v[0-9]{4}-[0-9]{2}-[0-9]{2}", x), os.listdir(amarisoft_dir)))[-1][1:]
+except FileNotFoundError:
+  lte_version = 'Unknown'
+lte_expiration = "Unknown"
+try:
+  for filename in os.listdir(amarisoft_dir + '/.amarisoft'):
+    if filename.endswith('.key'):
+      with open(os.path.join(amarisoft_dir + '/.amarisoft', filename), 'r') as f:
+        f.seek(260)
+        for l in f:
+          if l.startswith('version='):
+            lte_expiration = l.split('=')[1].strip()
+except FileNotFoundError:
+  pass
+
+if args.expiration:
+  print(lte_expiration, end='')
+elif args.version:
+  print(lte_version, end='')

playbook/roles/ors-offline/files/get-sdr-info

+#!/bin/bash
+
+IPRODUCT="$(lsusb -d 0403:6014 -v 2> /dev/null |sed -n 's/^  iProduct.*ORS \(.*\)$/\1/gp')"
+ISERIAL="$(lsusb -d 0403:6014 -v 2> /dev/null |sed -n 's/^  iSerial *[0-9]* \(.*\)$/\1/gp')"
+
+if [ -z "$IPRODUCT" ]; then
+  ORS="$(hostname | sed 's/ors\(.*\)/\1/g')"
+  case "$ORS" in
+    0)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A0";;
+    1)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A1";;
+    2)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A2";;
+    3)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A3";;
+    4)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A4";;
+    5)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B49";;
+    6)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A7";;
+    8)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A8";;
+    9)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B27";;
+    10)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B22";;
+    11)
+      TDD="TDD";BAND="B42";VERSION="3.4";ISERIAL="B44";;
+    13)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="UNKNOWN";;
+    14)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B24";;
+    15)
+      TDD="TDD";BAND="B42";VERSION="3.4";ISERIAL="B41";;
+    16)
+      TDD="TDD";BAND="B42";VERSION="3.4";ISERIAL="B43";;
+    17)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B46";;
+    18)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B47";;
+    19)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="UNKNOWN";;
+    20)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B33";;
+    21)
+      TDD="TDD";BAND="B42";VERSION="3.4";ISERIAL="B42";;
+    22)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B30";;
+    23)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B48";;
+    24)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B34";;
+    25)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="B18";;
+    26)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B31";;
+    27)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B38";;
+    28)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B35";;
+    29)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="UNKNOWN";;
+    30)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B50";;
+    31)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B51";;
+    32)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="UNKNOWN";;
+    33)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="UNKNOWN";;
+    34)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="UNKNOWN";;
+    35)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="UNKNOWN";;
+    36)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="UNKNOWN";;
+    37)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B65";;
+    38)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B60";;
+    39)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B61";;
+    40)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B64";;
+    41)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B57";;
+    42)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B26";;
+    43)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B29";;
+    44)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B36";;
+    45)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B37";;
+    46)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B39";;
+    47)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B28";;
+    48)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B66";;
+    49)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B67";;
+    50)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B23";;
+    51)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B59";;
+    52)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B56";;
+    53)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B58";;
+    54)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B68";;
+    55)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B52";;
+    56)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="B5";;
+    57)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B25";;
+    58)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B70";;
+    59)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B71";;
+    60)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B72";;
+    61)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A5";;
+    62)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A6";;
+    63)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B73";;
+    64)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B74";;
+    65)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B75";;
+    66)
+      TDD="TDD";BAND="N79";VERSION="4.5";ISERIAL="F4";;
+    67)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B20";;
+    68)
+      TDD="TDD";BAND="B39";VERSION="4.2";ISERIAL="D1";;
+    69)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="B3";;
+    70)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="B0";;
+    71)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B77";;
+    72)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B78";;
+    73)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B79";;
+    74)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B80";;
+    75)
+      TDD="TDD";BAND="B39";VERSION="4.2";ISERIAL="D2";;
+    76)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="B1";;
+    77)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B81";;
+    79)
+      TDD="TDD";BAND="B43";VERSION="4.2";ISERIAL="D24";;
+    80)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D11";;
+    81)
+      TDD="TDD";BAND="B43";VERSION="4.2";ISERIAL="D3";;
+    82)
+      TDD="TDD";BAND="B43";VERSION="4.2";ISERIAL="D23";;
+    83)
+      TDD="TDD";BAND="B43";VERSION="4.2";ISERIAL="D25";;
+    84)
+      TDD="TDD";BAND="B39";VERSION="4.2";ISERIAL="D22";;
+    85)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D12";;
+    86)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="UNKNOWN";;
+    87)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D13";;
+    88)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D14";;
+    89)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D18";;
+    90)
+      TDD="TDD";BAND="B42";VERSION="4.2";ISERIAL="D6";;
+    91)
+      TDD="FDD";BAND="B28";VERSION="4.4";ISERIAL="E1";;
+    92)
+      TDD="TDD";BAND="B43";VERSION="4.2";ISERIAL="D29";;
+    93)
+      TDD="TDD";BAND="B43";VERSION="4.2";ISERIAL="D26";;
+    94)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D16";;
+    96)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D19";;
+    97)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D15";;
+    98)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D20";;
+    99)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D17";;
+    100)
+      TDD="TDD";BAND="N77";VERSION="4.5";ISERIAL="F1";;
+    101)
+      TDD="TDD";BAND="N77";VERSION="4.5";ISERIAL="F2";;
+    102)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B76";;
+    103)
+      TDD="TDD";BAND="B39";VERSION="4.4";ISERIAL="E7";;
+    *)
+      TDD="UNKNOWN";BAND="UNKNOWN";VERSION="UNKNOWN";ISERIAL="UNKNOWN";;
+  esac
+else
+  test -z "$ISERIAL" && ISERIAL="UNKNOWN";
+  TDD="${IPRODUCT[@]:0:3}"
+  IPRODUCT="${IPRODUCT[@]:3}"
+  BAND="${IPRODUCT%% *}"
+  VERSION="${IPRODUCT##* }"
+fi
+
+usage() {
+  cat << ENDUSAGE
+Usage: $0 [-tbvs]
+    -t              TDD or FDD
+    -b              Band (e.g. B39)
+    -v              Version (e.g. v4.2)
+    -s              Serial number (e.g. B53)
+ENDUSAGE
+1>&2;
+}
+while getopts "tbvsh" opt; do
+  case "${opt}" in
+    h )
+        usage; exit 1;
+        ;;
+    t )
+        echo -n $TDD;
+        ;;
+    b )
+        echo -n $BAND;
+        ;;
+    v )
+        echo -n $VERSION;
+        ;;
+    s )
+        echo -n $ISERIAL;
+        ;;
+    * )
+        usage; exit 1;
+      ;;
+  esac
+done

playbook/roles/ors-offline/files/init-enb

+#!/bin/bash
+
+AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1)"
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
+
+$AMARISOFT_PATH/enb/lte_init.sh;

playbook/roles/ors-offline/files/init-mme

+#!/bin/bash
+
+AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1)"
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
+
+$AMARISOFT_PATH/mme/lte_init.sh;

playbook/roles/ors-offline/files/init-sdr

+#!/bin/bash
+
+OLD_AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v2021-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1)"
+AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1)"
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
+
+$AMARISOFT_PATH/trx_sdr/sdr_util version && exit;
+lsof /dev/sdr0 && exit;
+lsmod | grep -q sdr && rmmod sdr;
+if echo $AMARISOFT_PATH | grep -q 2023; then
+  cd $OLD_AMARISOFT_PATH/trx_sdr/kernel;
+  make clean && make && bash init.sh;
+  rmmod sdr;
+fi
+cd $AMARISOFT_PATH/trx_sdr/kernel;
+make clean && make && bash init.sh;

playbook/roles/ors-offline/files/rm-tmp-lte

+#!/bin/bash
+
+rm -f /tmp/.lte*

playbook/roles/ors-offline/files/systemd-dhcp-network

+[Match]
+Name=en*
+
+[Network]
+DHCP=yes

playbook/roles/ors-offline/files/systemd-lo-network

+[Match]
+Name=lo
+
+[Link]
+MTUBytes=1500

playbook/roles/ors-offline/files/systemd-wait-online-override

+[Service]
+ExecStart=
+ExecStart=/usr/lib/systemd/systemd-networkd-wait-online --any

playbook/roles/ors-offline/tasks/main.yml

+---
+# ors-image-backports playbook
+
+  - name: Check if Service Exists
+    stat: path=/etc/init.d/init-sdr
+    register: init_sdr_service
+
+  - name: Reload daemon
+    systemd: daemon_reload=yes
+    when: init_sdr_service.stat.exists
+
+  - name: Disable old init-sdr service
+    systemd: name=init-sdr enabled=no
+    when: init_sdr_service.stat.exists
+
+# Configure systemd-networkd 
+
+  - name: Configure /etc/systemd/network/dhcp.network
+    copy: src=systemd-dhcp-network dest=/etc/systemd/network/dhcp.network owner=root mode=644
+
+## eNB and MME addresses are on lo interface, using high MTU will result in bad throughput 
+## for TCP when using IPv6 and phones with low MTU
+  - name: Configure /etc/systemd/network/lo.network
+    copy: src=systemd-lo-network dest=/etc/systemd/network/lo.network owner=root mode=644
+
+  - name: Create a directory if it does not exist
+    file: path=/etc/systemd/system/systemd-networkd-wait-online.service.d state=directory mode=0755
+
+  - name: Configure /etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf
+    copy: src=systemd-wait-online-override dest=/etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf owner=root mode=644
+
+  - name: Enable and stop systemd-networkd
+    systemd: name=systemd-networkd.service enabled=yes state=stopped
+
+## Don't use role repository because package needs to be removed after installing systemd-networkd
+
+  - name: Remove ifupdown
+    shell: 'DEBIAN_FRONTEND="noninteractive" apt remove --purge -y ifupdown'
+
+  - name: Start systemd-networkd
+    systemd: name=systemd-networkd.service enabled=yes state=started
+
+# Configure DHCP timeout
+
+  - name: Configure dhcp timeout
+    lineinfile: dest=/etc/dhcp/dhclient.conf regexp="^timeout (.*)" line="timeout 15" state=present
+
+# Reinitialize machine-id for DHCP
+
+  - name: Check if machine-id needs to be reinitialized
+    shell: grep -q a3c3a27a44e74547963830b967b5a7ee /etc/machine-id
+    register: reinitialize_machine_id
+    ignore_errors: yes
+
+  - name: Reinitialize machine-id at next boot
+    shell: 'echo uninitialized > /etc/machine-id && dpkg-reconfigure systemd'
+    when: reinitialize_machine_id.rc == 0
+
+# Configure DNS
+
+  - name: Disable dnsmasq service
+    systemd: name=dnsmasq.service enabled=no state=stopped
+    ignore_errors: yes
+
+  - name: Disable DNS stub resolver
+    lineinfile: dest=/etc/systemd/resolved.conf regexp="(.*)DNSStubListener=(.*)" line="DNSStubListener=no" state=present
+    register: disable_dns_stub
+
+  - name: Create resolv symbolic link
+    file:
+      src: /run/systemd/resolve/resolv.conf
+      dest: /etc/resolv.conf
+      state: link
+      force: true
+    register: create_resolv_link
+
+  - name: Configure default nameservers
+    lineinfile: dest=/etc/systemd/resolved.conf regexp="^DNS=(.*)" line="DNS=1.1.1.1 8.8.8.8" state=present
+    register: configure_default_nameservers
+
+  - name: Restart systemd-resolved.service if necessary
+    systemd: name=systemd-resolved.service enabled=yes state=restarted
+    when: (disable_dns_stub.changed) or (create_resolv_link.changed) or (configure_default_nameservers.changed)
+
+  - name: Enable and start systemd-resolved.service
+    systemd: name=systemd-resolved.service enabled=yes state=started
+
+# ors playbook
+
+  - name: Create /opt/upgrader where some logs will be stored
+    file: path=/opt/upgrader state=directory mode=0755
+
+  - name: Copy get-sdr-info script
+    copy: src=get-sdr-info dest=/opt/amarisoft owner=root mode=770
+
+  - name: Copy get-license-info script
+    copy: src=get-license-info dest=/opt/amarisoft owner=root mode=770
+
+  - name: Configure re6st
+    script: configure-re6st
+
+  - name: Enable and start cron.service
+    systemd: name=cron.service enabled=yes state=started
+
+  - name: Configure slapos
+    script: configure-slapos.py
+
+  - name: Copy format-ims script
+    copy: src=format-ims dest=/opt/amarisoft owner=root mode=770
+
+# Amarisoft software
+
+  - name: Create a directory if it does not exist
+    file: path=/opt/amarisoft state=directory mode=0755
+
+  - name: Copy init-sdr script
+    copy: src=init-sdr dest=/opt/amarisoft owner=root mode=770
+
+  - name: Copy init-enb script
+    copy: src=init-enb dest=/opt/amarisoft owner=root mode=770
+
+  - name: Copy init-mme script
+    copy: src=init-mme dest=/opt/amarisoft owner=root mode=770
+
+  - name: Copy rm-tmp-lte script
+    copy: src=rm-tmp-lte dest=/opt/amarisoft owner=root mode=770
+
+  - name: Get Amarisoft path
+    shell: 'find /opt/amarisoft -maxdepth 1 | grep "^/opt/amarisoft/v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1'
+    register: amarisoft_path
+
+  - name: Check if lteenb has capabilities
+    shell: 'getcap {{ amarisoft_path.stdout }}/enb/lteenb | grep -q cap_sys_nice'
+    ignore_errors: yes
+    register: lteenb_cap
+
+  - name: Set capabilities on lteenb
+    shell: 'patchelf --set-rpath {{ amarisoft_path.stdout }}/enb {{ amarisoft_path.stdout }}/enb/lteenb && setcap cap_sys_nice=+pe {{ amarisoft_path.stdout }}/enb/lteenb'
+    when: lteenb_cap.rc != 0
+
+  - name: Check if lteenb-avx2 has capabilities
+    shell: 'getcap {{ amarisoft_path.stdout }}/enb/lteenb-avx2 | grep -q cap_sys_nice'
+    ignore_errors: yes
+    register: lteenb_avx2_cap
+
+  - name: Set capabilities on lteenb-avx2
+    shell: 'patchelf --set-rpath {{ amarisoft_path.stdout }}/enb {{ amarisoft_path.stdout }}/enb/lteenb-avx2 && setcap cap_sys_nice=+pe {{ amarisoft_path.stdout }}/enb/lteenb-avx2'
+    when: lteenb_avx2_cap.rc != 0
+
+  - name: Check if lteims has capabilities
+    shell: 'getcap {{ amarisoft_path.stdout }}/mme/lteims | grep cap_sys_admin | grep -q cap_net_raw'
+    ignore_errors: yes
+    register: lteims_cap
+
+  - name: Set capabilities on lteims
+    shell: 'patchelf --set-rpath {{ amarisoft_path.stdout }}/mme {{ amarisoft_path.stdout }}/mme/lteims && setcap cap_sys_admin,cap_net_raw=+pe {{ amarisoft_path.stdout }}/mme/lteims'
+    when: lteims_cap.rc != 0
+
+  - name: Create .amarisoft directory for SR
+    file: path=/opt/amarisoft/.amarisoft state=directory
+
+  - name: Copy keys for SR
+    copy: src=/root/.amarisoft dest=/opt/amarisoft owner=root mode=644
+    ignore_errors: yes
+
+  - name: Configure sudoers
+    script: configure-sudoers
+
+# Network
+
+  - name: Configure firewall
+    script: configure-firewall
+
+  - name: Configure IPv4 forwarding
+    lineinfile: dest=/etc/sysctl.conf regexp="^net.ipv4.conf.all.forwarding=(.*)" line="net.ipv4.conf.all.forwarding=1" state=present
+
+  - name: Configure IPv6 forwarding
+    lineinfile: dest=/etc/sysctl.conf regexp="^net.ipv6.conf.all.forwarding=(.*)" line="net.ipv6.conf.all.forwarding=1" state=present
+
+  - name: Redirect 53 to 5353
+    ansible.builtin.iptables:
+      chain: PREROUTING
+      table: nat
+      protocol: udp
+      match: udp
+      jump: DNAT
+      destination_port: '53'
+      to_destination: ':5353'
+
+  - name: Redirect 5353 to 53
+    ansible.builtin.iptables:
+      chain: POSTROUTING
+      table: nat
+      protocol: udp
+      match: udp
+      jump: SNAT
+      source_port: '5353'
+      to_source: ':53'
+
+# System
+
+  - name: Configure journald log size
+    lineinfile: dest=/etc/systemd/journald.conf regexp="^SystemMaxUse=(.*)" line="SystemMaxUse=1G" state=present
+
+  - name: Add kernel parameter
+    script: configure-grub
+
+# SSH
+
+  - name: Configure ssh
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin (.*)" line="PermitRootLogin yes" state=present
+
+  - name: Configure ssh
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication (.*)" line="PasswordAuthentication yes" state=present
+
+  - name: Add format-ims script to cron after slapos node boot
+    lineinfile: dest=/etc/cron.d/slapos-node regexp="@reboot root /opt/slapos/bin/slapos node boot(.*)" line="@reboot root /opt/slapos/bin/slapos node boot >> /opt/slapos/log/slapos-node-format.log 2>&1 ; /opt/amarisoft/format-ims /opt/amarisoft/format-ims.log" state=present
+
+  - name: Add format-ims script to cron after slapos node format
+    lineinfile: dest=/etc/cron.d/slapos-node regexp="(.*)root /opt/slapos/bin/slapos node format(.*)" line="0 * * * * root /opt/slapos/bin/slapos node format >> /opt/slapos/log/slapos-node-format.log 2>&1 ; /opt/amarisoft/format-ims /opt/amarisoft/format-ims.log" state=present