playbok/ors: refactor playbook

* move all roles into ors role * split /opt/amarisoft to /opt/amarisoft, /opt/sdr and /opt/simpleran * clean-up

playbok/ors: refactor playbook
* move all roles into ors role * split /opt/amarisoft to /opt/amarisoft, /opt/sdr and /opt/simpleran * clean-up
38cc830c · Joanne Hugé · 7ca8a73c · 38cc830c · 7ca8a73c · 7ca8a73c
Commit 38cc830c authored Nov 22, 2024 by Joanne Hugé
17 changed files
--- a/playbook/ors.yml
+++ b/playbook/ors.yml
@@ -13,6 +13,4 @@
    - settings/ors.yml

  roles:
-    - generate-key
-    - amarisoft-upgrade
    - ors
--- a/playbook/roles/amarisoft-upgrade/defaults/main.yml
+++ b/playbook/roles/amarisoft-upgrade/defaults/main.yml
-pkdir: /opt/private-key
--- a/playbook/roles/amarisoft-upgrade/tasks/main.yml
+++ b/playbook/roles/amarisoft-upgrade/tasks/main.yml
---
-
-  - set_fact: cn="{{ ansible_hostname }}"
-
-  - name: Configure /opt/amarisoft/shacache.cfg
-    copy: src=shacache.cfg dest=/opt/amarisoft/shacache.cfg owner=root mode=644
-
-  - stat: path="{{ pkdir }}/{{ cn }}.pub"
-    register: certificate
-
-  - name: Delete download directory
-    file: path={{ install_folder }}/download state=absent
-    when: certificate.stat.exists == True
-
-  - name: Create download directory
-    file: path={{ install_folder }}/download state=directory mode=0755
-    when: certificate.stat.exists == True
-
-  - name: Get license expiration
-    shell: '/opt/amarisoft/get-license-info -e || echo 0000-00-00'
-    register: license_expiration
-    when: certificate.stat.exists == True
-
-  - name: Get current version
-    shell: '/opt/amarisoft/get-license-info -v || echo 0000-00-00.0 | cut -d. -f1'
-    register: current_version
-    when: certificate.stat.exists == True
-
-  - name: Get current version timestamp
-    shell: '/opt/amarisoft/get-license-info -v | grep "\." || echo 0000-00-00.0 | cut -d. -f2'
-    register: current_timestamp
-    when: certificate.stat.exists == True
-
-  - debug:
-      msg: "[{{ ansible_date_time.date }} {{ ansible_date_time.time }}] License will expire on {{ license_expiration.stdout }}, current version is {{ current_version.stdout }}.{{ current_timestamp.stdout }}"
-    when: certificate.stat.exists == True
-
-  - name: Get new amarisoft version if available
-    shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k key-private:amarisoft 'cn==\"{{ cn }}\"' 'version<=\"{{ license_expiration.stdout }}\"' 'timestamp>=\"0\"' 'version>>\"0\"' 'timestamp>>\"0\"' --list | grep version | cut -d\\\" -f4"
-    register: new_version
-    when: certificate.stat.exists == True
-
-  - name: Get new amarisoft timestamp if available
-    shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k key-private:amarisoft 'cn==\"{{ cn }}\"' 'version<=\"{{ license_expiration.stdout }}\"' 'timestamp>=\"0\"' 'version>>\"0\"' 'timestamp>>\"0\"' --list | grep timestamp | cut -d\\\" -f4"
-    register: new_timestamp
-    when: certificate.stat.exists == True
-
-  - set_fact: new_version_found=False
-
-  - set_fact: new_version_found=True
-    when: new_version.stdout > current_version.stdout or (new_version.stdout == current_version.stdout and new_timestamp.stdout > current_timestamp.stdout)
-
-  - debug:
-      msg: "[{{ ansible_date_time.date }} {{ ansible_date_time.time }}] Found version {{ new_version.stdout }}.{{ new_timestamp.stdout }}"
-    when: certificate.stat.exists == True
-
-  - name: Download nonce to decrypt new amarisoft version
-    shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k file-private:amarisoft 'version==\"{{ new_version.stdout }}\"' 'timestamp==\"{{ new_timestamp.stdout }}\"' --list | grep nonce | cut -d\\\" -f4 > {{ install_folder }}/download/nonce"
-    register: nonce
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - set_fact: version="{{ new_version.stdout }}"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Download new amarisoft version
-    shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k file-private:amarisoft 'version==\"{{ new_version.stdout }}\"' 'timestamp==\"{{ new_timestamp.stdout }}\"' > {{ install_folder }}/download/amarisoft.tar.gz.enc"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Download encrypted symmetric key for new amarisoft version
-    shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k key-private:amarisoft 'cn==\"{{ cn }}\"' 'version==\"{{ new_version.stdout }}\"' 'timestamp==\"{{ new_timestamp.stdout }}\"' > {{ install_folder }}/download/symmetric_key.bin.enc"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Create directory if it does not exist
-    file: path={{ install_folder }}/{{ version }} state=directory mode=0755
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Create directory if it does not exist
-    file: path={{ install_folder }}/_{{ version }} state=directory mode=0755
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Decrypt key
-    shell: 'openssl pkeyutl -decrypt -in {{ install_folder }}/download/symmetric_key.bin.enc -inkey /opt/private-key/{{ cn }}.key -out /opt/private-key/symmetric_key-{{ version }}.key'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Decrypt archive
-    script: encrypt-data.sh /opt/private-key/symmetric_key-{{ version }}.key {{ install_folder }}/download/nonce decrypt {{ install_folder }}/download/amarisoft.tar.gz.enc {{ install_folder }}/amarisoft.tar.gz
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Extract archive
-    unarchive:
-      src: "{{ install_folder }}/amarisoft.tar.gz"
-      dest: "{{ install_folder }}"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Extract lteenb archive
-    unarchive:
-      src: "{{ install_folder }}/{{ version }}/lteenb-linux-{{ version }}.tar.gz"
-      dest: "{{ install_folder }}/_{{ version }}"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Extract ltemme archive
-    unarchive:
-      src: "{{ install_folder }}/{{ version }}/ltemme-linux-{{ version }}.tar.gz"
-      dest: "{{ install_folder }}/_{{ version }}"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Extract trx_sdr archive
-    unarchive:
-      src: "{{ install_folder }}/{{ version }}/trx_sdr-linux-{{ version }}.tar.gz"
-      dest: "{{ install_folder }}/_{{ version }}"
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Create a symbolic link for lteenb
-    file:
-      src: "lteenb-linux-{{ version }}"
-      dest: "{{ install_folder }}/_{{ version }}/enb"
-      state: link
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Create a symbolic link for ltemme
-    file:
-      src: "ltemme-linux-{{ version }}"
-      dest: "{{ install_folder }}/_{{ version }}/mme"
-      state: link
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Create a symbolic link for trx_sdr
-    file:
-      src: "trx_sdr-linux-{{ version }}"
-      dest: "{{ install_folder }}/_{{ version }}/trx_sdr"
-      state: link
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Copy trx_sdr libraries
-    shell: 'cp {{ install_folder }}/_{{ version }}/trx_sdr/*.so* {{ install_folder }}/_{{ version }}/enb/'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Copy libraries to mme
-    shell: 'cp {{ install_folder }}/{{ version }}/libs/*.so* {{ install_folder }}/_{{ version }}/mme/'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-    ignore_errors: True
-
-  - name: Copy libraries to mme
-    shell: 'cp {{ install_folder }}/{{ version }}/libs/linux/*.so* {{ install_folder }}/_{{ version }}/mme/'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-    ignore_errors: True
-
-  - name: Copy libraries to enb
-    shell: 'cp {{ install_folder }}/{{ version }}/libs/*.so* {{ install_folder }}/_{{ version }}/enb/'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-    ignore_errors: True
-
-  - name: Copy libraries to enb
-    shell: 'cp {{ install_folder }}/{{ version }}/libs/linux/*.so* {{ install_folder }}/_{{ version }}/enb/'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-    ignore_errors: True
-
-  - name: Move amarisoft folder
-    shell: 'mv {{ install_folder }}/_{{ version }} {{ install_folder }}/v{{ version }}.{{ new_timestamp.stdout }}'
-    when: (certificate.stat.exists == True) and (new_version_found == True)
-
-  - name: Remove extraction folder
-    file: 
-      path: "{{ install_folder }}/{{ version }}"
-      state: absent
-    when: (certificate.stat.exists == True) and (new_version_found == True)
--- a/playbook/roles/generate-key/defaults/main.yml
+++ b/playbook/roles/generate-key/defaults/main.yml
-pkdir: /opt/private-key
--- a/playbook/roles/generate-key/meta/main.yml
+++ b/playbook/roles/generate-key/meta/main.yml
---
-dependencies:
-  - { role: package, package_name: openssl, package_state: present  }
--- a/playbook/roles/generate-key/tasks/main.yml
+++ b/playbook/roles/generate-key/tasks/main.yml
---
-
-  - set_fact: cn="{{ ansible_hostname }}"
-
-  - name: Create directory if it does not exist
-    file: path="{{ pkdir }}" state=directory mode=0755
-
-  - stat: path="{{ pkdir }}/{{ cn }}.key"
-    register: private_key
-
-  - name: Generate private key
-    shell: 'openssl genrsa -out {{ pkdir }}/{{ cn }}.key 4096'
-    when: private_key.stat.exists == False
-
-  - stat: path="{{ pkdir }}/{{ cn }}.key"
-    register: private_key
-
-  - stat: path="{{ pkdir }}/{{ cn }}.pub"
-    register: public_key
-
-  - name: Generate public key
-    shell: 'openssl rsa -in {{ pkdir }}/{{ cn }}.key -outform PEM -pubout -out {{ pkdir }}/{{ cn }}.pub'
-    when: private_key.stat.exists == True and public_key.stat.exists == False
-
-  - name: Get monitor private directory path
-    shell: 'realpath $(dirname $(grep -lR "software_release_url = .*software/monitor/software.cfg" $(find /srv/slapgrid -type f -name "buildout.cfg")))/srv/monitor/private'
-    register: monitor_path
-    when: playbook_report | bool
-    ignore_errors: yes
-
-  - name: Create directory if it does not exist
-    file: path="{{ monitor_path.stdout }}/playbook-report" state=directory mode=0755
-    when: (monitor_path is succeeded) and (playbook_report | bool)
-
-  - stat: path="{{ pkdir }}/{{ cn }}.pub"
-    register: public_key
-    when: (monitor_path is succeeded) and (playbook_report | bool)
-
-  - name: Copy public key
-    copy: src="{{ pkdir }}/{{ cn }}.pub" dest="{{ monitor_path.stdout }}/playbook-report/{{ cn }}.pub" owner=root mode=774
-    when: (monitor_path is succeeded) and (playbook_report | bool) and (public_key.stat.exists == True)
--- a/playbook/roles/generate-key/templates/ansible-report.j2
+++ b/playbook/roles/generate-key/templates/ansible-report.j2
-{"time": "{{ ansible_date_time['date'] }} {{ ansible_date_time['time'] }}", "log_level": "INFO", "message": "msg"}
--- a/playbook/roles/ors/defaults/main.yml
+++ b/playbook/roles/ors/defaults/main.yml
 playbook_report: False
+amarisoft_dir: /opt/amarisoft
+sdr_dir: /opt/sdr
+simpleran_dir: /opt/simpleran
+pk_dir: /opt/private-key
--- a/playbook/roles/ors/files/configure-sudoers
+++ b/playbook/roles/ors/files/configure-sudoers
 #!/bin/bash
 mkdir -p /etc/sudoers.d
-COMMAND_LIST=("rm-tmp-lte" "init-enb" "init-mme" "init-sdr" "get-sdr-info")
 PARTITION_AMOUNT="$(sed -n 's/partition_amount = \(.*\)/\1/gp' /etc/opt/slapos/slapos.cfg)"
-for c in "${COMMAND_LIST[@]}"; do
-  SLAPUSER_LINES="$(cat /etc/sudoers.d/slapuser-$c 2> /dev/null | wc -l)"
-  if [ "$SLAPUSER_LINES" != "$PARTITION_AMOUNT" ]; then
-    echo "Configuring /etc/sudoers.d/slapuser-$c..."
-    for i in $(seq 0 $(($PARTITION_AMOUNT-1))); do
-      echo "slapuser$i ALL=NOPASSWD:/opt/amarisoft/$c" >> slapuser-$c
-    done
-    mv slapuser-$c /etc/sudoers.d/
-    chmod 440 /etc/sudoers.d/slapuser-$c
-  fi
-done
-c="sdr-util"
-SLAPUSER_LINES="$(cat /etc/sudoers.d/slapuser-$c 2> /dev/null | wc -l)"
-AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}.*[0-9]*$" | sort | tail -n1)"
-if [ "$SLAPUSER_LINES" != "$PARTITION_AMOUNT" ]; then
-  echo "Configuring /etc/sudoers.d/slapuser-$c..."
+
+add_line() {
+  echo "Configuring /etc/sudoers.d/slapuser-$1..."/
  for i in $(seq 0 $(($PARTITION_AMOUNT-1))); do
-    echo "slapuser$i ALL=NOPASSWD:$AMARISOFT_PATH/trx_sdr/sdr_util -c 0 version" >> slapuser-$c
+    echo "slapuser$i ALL=NOPASSWD:$2" >> slapuser-20241205-$1
+  done
+  mv slapuser-20241205-$1 /etc/sudoers.d/
+  chmod 440 /etc/sudoers.d/slapuser-20241205-$1
+}
+add_commands() {
+  for c in "${@:2}"; do
+    add_line $c $1/$c
  done
-  mv slapuser-$c /etc/sudoers.d/
-  chmod 440 /etc/sudoers.d/slapuser-$c
-fi
+}
+
+add_commands $1 rm-tmp-lte init-enb init-mme init-sdr
+add_commands $3 get-sdr-info
+
+c="sdr-util"
+add_line $c "$1/$2/trx_sdr/sdr_util -c 0 version"
--- a/playbook/roles/amarisoft-upgrade/files/encrypt-data.sh
+++ b/playbook/roles/amarisoft-upgrade/files/encrypt-data.sh
--- a/playbook/roles/amarisoft-upgrade/files/shacache.cfg
+++ b/playbook/roles/amarisoft-upgrade/files/shacache.cfg
--- a/playbook/roles/ors/meta/main.yml
+++ b/playbook/roles/ors/meta/main.yml
@@ -8,3 +8,4 @@ dependencies:
  - { role: package, package_name: curl, package_state: present  }
  - { role: package, package_name: sudo, package_state: present  }
  - { role: package, package_name: libsctp-dev, package_state: present  }
+  - { role: package, package_name: openssl, package_state: present  }
--- a/playbook/roles/ors/tasks/main.yml
+++ b/playbook/roles/ors/tasks/main.yml
--- a/playbook/roles/ors/files/get-license-info
+++ b/playbook/roles/ors/files/get-license-info
@@ -4,15 +4,22 @@ import argparse, os, re, sys

 parser = argparse.ArgumentParser()
 parser.add_argument('-e', '--expiration', action='store_true')
+# For backwards compatibility for SR where version is not fixed but the most recent
 parser.add_argument('-v', '--version', action='store_true')
+# For backwards compatibility for ORS which need to load 2021 sdr driver first
+parser.add_argument('-o', '--old-version', action='store_true')
 args = parser.parse_args()

-amarisoft_dir = '/opt/amarisoft'
+amarisoft_dir = "{{ amarisoft_dir }}"
 try:
  lte_version = sorted(filter(lambda x: re.match(r"v[0-9]{4}-[0-9]{2}-[0-9]{2}", x), os.listdir(amarisoft_dir)))[-1][1:]
-except FileNotFoundError:
-  lte_version = 'Unknown'
-lte_expiration = "Unknown"
+except (FileNotFoundError, IndexError):
+  lte_version = '0000-00-00'
+try:
+  old_lte_version = sorted(filter(lambda x: re.match(r"v2021-[0-9]{2}-[0-9]{2}", x), os.listdir(amarisoft_dir)))[-1][1:]
+except (FileNotFoundError, IndexError):
+  old_lte_version = '0000-00-00'
+lte_expiration = "9999-99-99"
 try:
  for filename in os.listdir(amarisoft_dir + '/.amarisoft'):
    if filename.endswith('.key'):
@@ -28,3 +35,5 @@ if args.expiration:
  print(lte_expiration, end='')
 elif args.version:
  print(lte_version, end='')
+elif args.old_version:
+  print(old_lte_version, end='')
--- a/playbook/roles/ors/files/init-sdr
+++ b/playbook/roles/ors/files/init-sdr
 #!/bin/bash

-OLD_AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v2021-[0-9]\{2\}-[0-9]\{2\}.*[0-9]*$" | sort | tail -n1)"
-AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}.*[0-9]*$" | sort | tail -n1)"
-export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
+DIR=$(dirname $(realpath $0))
+AMARISOFT_PATH=$1
+if [ -z "$AMARISOFT_PATH" ] ; then
+  AMARISOFT_PATH={{ amarisoft_dir }}/v$($DIR/get-amarisoft-info -v)
+fi
+OLD_AMARISOFT_PATH={{ amarisoft_dir }}/v$($DIR/get-amarisoft-info -o)

+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
 lsmod | grep -q sdr && rmmod sdr;
 if echo $AMARISOFT_PATH | grep -v -q 2021; then
  cd $OLD_AMARISOFT_PATH/trx_sdr/kernel;

--- a/playbook/settings/ors.yml
+++ b/playbook/settings/ors.yml
 ---
-install_folder: "/opt/amarisoft"
-amarisoft_version: "2023-06-10"
 launch_upgrader: True
 playbook_report: True
--- a/playbook/sha256sum
+++ b/playbook/sha256sum
-283b6c6ac743c0f72ae300d0799a64f36a1c7984ff533bf482d8047e07344878  -
+c45d79c4610e2561c297f9543090fd4563148b3dc3c279418442dc8a3c370a89  -