Commit 5571c907 authored by Joanne Hugé's avatar Joanne Hugé

playbook/ors: generate key and upgrade amarisoft in ors playbook

parent d12c5598
......@@ -13,4 +13,6 @@
- settings/ors.yml
roles:
- generate-key
- amarisoft-upgrade
- ors
#!/usr/bin/env python3
import sys
CONF_PATH = "/etc/opt/slapos/slapos.cfg"
signature = """ -----BEGIN CERTIFICATE-----
[networkcache]
download-cache-url = http://shacache.nxdcdn.com
download-dir-url = http://shadir.nxdcdn.com
signature-certificate-list =
-----BEGIN CERTIFICATE-----
MIIEDTCCAnWgAwIBAgIUOPXvdYH461MtYKJFh4uf9ANwn5AwDQYJKoZIhvcNAQEL
BQAwFTETMBEGA1UEAwwKUmFwaWRTcGFjZTAgFw0yNDA0MTkxMjU0MjNaGA8yMTIy
MTExMjEyNTQyM1owFTETMBEGA1UEAwwKUmFwaWRTcGFjZTCCAaIwDQYJKoZIhvcN
......@@ -26,31 +25,4 @@ signature = """ -----BEGIN CERTIFICATE-----
QVWI8zm7G64UGKJBKMoNiP25t1uZzDaJucQAd+4ovsjHctgvcJj8JKzQovIcly+r
PGHKeoTr8UBhoZZxYQTiOO8OK/F0GFfP9OsXoyFp+527X9tezUk28gzmoi7nuaSt
qYacPjDsKHmV1RfQFweSMk57RYN4NRJuHhl1OvY8FafK
-----END CERTIFICATE-----""".split('\n')
def main():
with open(CONF_PATH, 'r') as f:
i = 0
for l in f:
if i == len(signature):
return 0
if signature[i] == l[:-1]:
i += 1
else:
i = 0
conf = []
with open(CONF_PATH, 'r') as f:
for l in f:
conf.append(l[:-1])
if l[:-1] == 'signature-certificate-list = ':
conf += signature
with open(CONF_PATH, 'w+') as f:
f.write('\n'.join(conf))
return 0
if __name__ == '__main__':
sys.exit(main())
-----END CERTIFICATE-----
......@@ -2,104 +2,140 @@
- set_fact: cn="{{ ansible_hostname }}"
- name: Configure /opt/amarisoft/shacache.cfg
copy: src=shacache.cfg dest=/opt/amarisoft/shacache.cfg owner=root mode=644
- stat: path="{{ pkdir }}/{{ cn }}.pub"
register: certificate
- name: End playbook if we have no public key yet
meta: end_play
when: certificate.stat.exists == False
- name: Delete download directory
file: path={{ install_folder }}/download state=absent
when: certificate.stat.exists == True
- name: Create download directory
file: path={{ install_folder }}/download state=directory mode=0755
when: certificate.stat.exists == True
- name: Get license expiration
shell: '/opt/amarisoft/get-license-info -e'
register: license_expiration
when: certificate.stat.exists == True
- name: Get license version
shell: '/opt/amarisoft/get-license-info -v'
register: license_version
when: certificate.stat.exists == True
- debug:
msg: "[{{ ansible_date_time.date }} {{ ansible_date_time.time }}] License will expire on {{ license_expiration.stdout }}, current version is {{ license_version.stdout }}"
when: certificate.stat.exists == True
- name: Get new amarisoft version if available
shell: "networkcache-download -c /etc/opt/slapos/slapos.cfg -k key-private:amarisoft 'version<=\"{{ license_expiration.stdout }}\"' 'version>>\"{{ license_version.stdout }}\"' 'cn==\"{{ cn }}\"' --list | grep version | cut -d\\\" -f4"
shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k key-private:amarisoft 'version<=\"{{ license_expiration.stdout }}\"' 'version>>\"{{ license_version.stdout }}\"' 'cn==\"{{ cn }}\"' --list | grep version | cut -d\\\" -f4"
register: new_version
when: certificate.stat.exists == True
- name: End playbook if no new amarisoft versions
meta: end_play
when: new_version.stdout == ""
- debug:
msg: "[{{ ansible_date_time.date }} {{ ansible_date_time.time }}] Found new version: {{ new_version.stdout }}"
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Download nonce to decrypt new amarisoft version
shell: "networkcache-download -c /etc/opt/slapos/slapos.cfg -k file-private:amarisoft 'version<=\"{{ license_expiration.stdout }}\"' 'version>>\"{{ license_version.stdout }}\"' --list | grep nonce | cut -d\\\" -f4 > {{ install_folder }}/download/nonce"
shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k file-private:amarisoft 'version<=\"{{ license_expiration.stdout }}\"' 'version>>\"{{ license_version.stdout }}\"' --list | grep nonce | cut -d\\\" -f4 > {{ install_folder }}/download/nonce"
register: nonce
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- set_fact: version="{{ new_version.stdout }}"
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Download new amarisoft version
shell: "networkcache-download -c /etc/opt/slapos/slapos.cfg -k file-private:amarisoft 'version<=\"{{ license_expiration.stdout }}\"' 'version>>\"{{ license_version.stdout }}\"' > {{ install_folder }}/download/amarisoft.tar.gz.enc"
shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k file-private:amarisoft 'version<=\"{{ license_expiration.stdout }}\"' 'version>>\"{{ license_version.stdout }}\"' > {{ install_folder }}/download/amarisoft.tar.gz.enc"
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Download encrypted symmetric key for new amarisoft version
shell: "networkcache-download -c /etc/opt/slapos/slapos.cfg -k key-private:amarisoft 'version<=\"{{ license_expiration.stdout }}\"' 'version>>\"{{ license_version.stdout }}\"' 'cn==\"{{ cn }}\"' > {{ install_folder }}/download/symmetric_key.bin.enc"
shell: "networkcache-download -c /opt/amarisoft/shacache.cfg -k key-private:amarisoft 'version<=\"{{ license_expiration.stdout }}\"' 'version>>\"{{ license_version.stdout }}\"' 'cn==\"{{ cn }}\"' > {{ install_folder }}/download/symmetric_key.bin.enc"
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Create directory if it does not exist
file: path={{ install_folder }}/{{ version }} state=directory mode=0755
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Create directory if it does not exist
file: path={{ install_folder }}/_{{ version }} state=directory mode=0755
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Decrypt key
shell: 'openssl pkeyutl -decrypt -in {{ install_folder }}/download/symmetric_key.bin.enc -inkey /opt/private-key/{{ cn }}.key -out /opt/private-key/symmetric_key-{{ version }}.key'
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Decrypt archive
script: encrypt-data.sh /opt/private-key/symmetric_key-{{ version }}.key {{ install_folder }}/download/nonce decrypt {{ install_folder }}/download/amarisoft.tar.gz.enc {{ install_folder }}/amarisoft.tar.gz
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Extract archive
unarchive:
src: "{{ install_folder }}/amarisoft.tar.gz"
dest: "{{ install_folder }}"
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Extract lteenb archive
unarchive:
src: "{{ install_folder }}/{{ version }}/lteenb-linux-{{ version }}.tar.gz"
dest: "{{ install_folder }}/_{{ version }}"
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Extract ltemme archive
unarchive:
src: "{{ install_folder }}/{{ version }}/ltemme-linux-{{ version }}.tar.gz"
dest: "{{ install_folder }}/_{{ version }}"
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Extract trx_sdr archive
unarchive:
src: "{{ install_folder }}/{{ version }}/trx_sdr-linux-{{ version }}.tar.gz"
dest: "{{ install_folder }}/_{{ version }}"
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Create a symbolic link for lteenb
file:
src: "lteenb-linux-{{ version }}"
dest: "{{ install_folder }}/_{{ version }}/enb"
state: link
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Create a symbolic link for ltemme
file:
src: "ltemme-linux-{{ version }}"
dest: "{{ install_folder }}/_{{ version }}/mme"
state: link
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Create a symbolic link for trx_sdr
file:
src: "trx_sdr-linux-{{ version }}"
dest: "{{ install_folder }}/_{{ version }}/trx_sdr"
state: link
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Copy trx_sdr libraries
shell: 'cp {{ install_folder }}/_{{ version }}/trx_sdr/*.so {{ install_folder }}/_{{ version }}/enb/'
shell: 'cp {{ install_folder }}/_{{ version }}/trx_sdr/*.so* {{ install_folder }}/_{{ version }}/enb/'
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Copy libraries to mme
shell: 'cp {{ install_folder }}/_{{ version }}/libs/*.so* {{ install_folder }}/_{{ version }}/mme/'
when: (certificate.stat.exists == True) and (new_version.stdout != "")
ignore_errors: True
- name: Copy libraries to mme
shell: 'cp {{ install_folder }}/_{{ version }}/libs/linux/*.so* {{ install_folder }}/_{{ version }}/mme/'
when: (certificate.stat.exists == True) and (new_version.stdout != "")
ignore_errors: True
- name: Move amarisoft folder
shell: 'mv {{ install_folder }}/_{{ version }} {{ install_folder }}/v{{ version }}'
when: (certificate.stat.exists == True) and (new_version.stdout != "")
- name: Remove extraction folder
file:
path: "{{ install_folder }}/{{ version }}"
state: absent
when: (certificate.stat.exists == True) and (new_version.stdout != "")
......@@ -2,9 +2,6 @@
- set_fact: cn="{{ ansible_hostname }}"
- name: Update certificate signature list
script: update-signature-list.py
- name: Create directory if it does not exist
file: path="{{ pkdir }}" state=directory mode=0755
......@@ -28,13 +25,17 @@
- name: Get monitor private directory path
shell: 'realpath $(dirname $(grep -lR "software_release_url = .*software/monitor/software.cfg" $(find /srv/slapgrid -type f -name "buildout.cfg")))/srv/monitor/private'
register: monitor_path
when: playbook_report | bool
ignore_errors: yes
- name: Create directory if it does not exist
file: path="{{ monitor_path.stdout }}/playbook-report" state=directory mode=0755
when: (monitor_path is succeeded) and (playbook_report | bool)
- stat: path="{{ pkdir }}/{{ cn }}.pub"
register: public_key
when: (monitor_path is succeeded) and (playbook_report | bool)
- name: Copy public key
copy: src="{{ pkdir }}/{{ cn }}.pub" dest="{{ monitor_path.stdout }}/playbook-report/{{ cn }}.pub" owner=root mode=774
when: public_key.stat.exists == True
when: (monitor_path is succeeded) and (playbook_report | bool) and (public_key.stat.exists == True)
3eeaea021f937c8e85b08ddc6e49f8205d5878dd25b3dfd600ebc0c2da8baf7c -
926591266cf2e331df297067963046604b850b837818a294c5652a568a02ff87 -
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment