Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.package
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
15
Merge Requests
15
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
slapos.package
Commits
5571c907
Commit
5571c907
authored
May 28, 2024
by
Joanne Hugé
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
playbook/ors: generate key and upgrade amarisoft in ors playbook
parent
d12c5598
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
62 additions
and
51 deletions
+62
-51
playbook/ors.yml
playbook/ors.yml
+2
-0
playbook/roles/amarisoft-upgrade/files/shacache.cfg
playbook/roles/amarisoft-upgrade/files/shacache.cfg
+6
-34
playbook/roles/amarisoft-upgrade/tasks/main.yml
playbook/roles/amarisoft-upgrade/tasks/main.yml
+48
-12
playbook/roles/generate-key/tasks/main.yml
playbook/roles/generate-key/tasks/main.yml
+5
-4
playbook/sha256sum
playbook/sha256sum
+1
-1
No files found.
playbook/ors.yml
View file @
5571c907
...
...
@@ -13,4 +13,6 @@
-
settings/ors.yml
roles
:
-
generate-key
-
amarisoft-upgrade
-
ors
playbook/roles/
generate-key/files/update-signature-list.py
→
playbook/roles/
amarisoft-upgrade/files/shacache.cfg
100755 → 100644
View file @
5571c907
#!/usr/bin/env python3
import
sys
CONF_PATH
=
"/etc/opt/slapos/slapos.cfg"
signature
=
""" -----BEGIN CERTIFICATE-----
[networkcache]
download-cache-url = http://shacache.nxdcdn.com
download-dir-url = http://shadir.nxdcdn.com
signature-certificate-list =
-----BEGIN CERTIFICATE-----
MIIEDTCCAnWgAwIBAgIUOPXvdYH461MtYKJFh4uf9ANwn5AwDQYJKoZIhvcNAQEL
BQAwFTETMBEGA1UEAwwKUmFwaWRTcGFjZTAgFw0yNDA0MTkxMjU0MjNaGA8yMTIy
MTExMjEyNTQyM1owFTETMBEGA1UEAwwKUmFwaWRTcGFjZTCCAaIwDQYJKoZIhvcN
...
...
@@ -26,31 +25,4 @@ signature = """ -----BEGIN CERTIFICATE-----
QVWI8zm7G64UGKJBKMoNiP25t1uZzDaJucQAd+4ovsjHctgvcJj8JKzQovIcly+r
PGHKeoTr8UBhoZZxYQTiOO8OK/F0GFfP9OsXoyFp+527X9tezUk28gzmoi7nuaSt
qYacPjDsKHmV1RfQFweSMk57RYN4NRJuHhl1OvY8FafK
-----END CERTIFICATE-----"""
.
split
(
'
\
n
'
)
def
main
():
with
open
(
CONF_PATH
,
'r'
)
as
f
:
i
=
0
for
l
in
f
:
if
i
==
len
(
signature
):
return
0
if
signature
[
i
]
==
l
[:
-
1
]:
i
+=
1
else
:
i
=
0
conf
=
[]
with
open
(
CONF_PATH
,
'r'
)
as
f
:
for
l
in
f
:
conf
.
append
(
l
[:
-
1
])
if
l
[:
-
1
]
==
'signature-certificate-list = '
:
conf
+=
signature
with
open
(
CONF_PATH
,
'w+'
)
as
f
:
f
.
write
(
'
\
n
'
.
join
(
conf
))
return
0
if
__name__
==
'__main__'
:
sys
.
exit
(
main
())
-----END CERTIFICATE-----
playbook/roles/amarisoft-upgrade/tasks/main.yml
View file @
5571c907
...
...
@@ -2,104 +2,140 @@
-
set_fact
:
cn="{{ ansible_hostname }}"
-
name
:
Configure /opt/amarisoft/shacache.cfg
copy
:
src=shacache.cfg dest=/opt/amarisoft/shacache.cfg owner=root mode=644
-
stat
:
path="{{ pkdir }}/{{ cn }}.pub"
register
:
certificate
-
name
:
End playbook if we have no public key yet
meta
:
end_play
when
:
certificate.stat.exists == False
-
name
:
Delete download directory
file
:
path={{ install_folder }}/download state=absent
when
:
certificate.stat.exists == True
-
name
:
Create download directory
file
:
path={{ install_folder }}/download state=directory mode=0755
when
:
certificate.stat.exists == True
-
name
:
Get license expiration
shell
:
'
/opt/amarisoft/get-license-info
-e'
register
:
license_expiration
when
:
certificate.stat.exists == True
-
name
:
Get license version
shell
:
'
/opt/amarisoft/get-license-info
-v'
register
:
license_version
when
:
certificate.stat.exists == True
-
debug
:
msg
:
"
[{{
ansible_date_time.date
}}
{{
ansible_date_time.time
}}]
License
will
expire
on
{{
license_expiration.stdout
}},
current
version
is
{{
license_version.stdout
}}"
when
:
certificate.stat.exists == True
-
name
:
Get new amarisoft version if available
shell
:
"
networkcache-download
-c
/
etc/opt/slapos/slapos
.cfg
-k
key-private:amarisoft
'version<=
\"
{{
license_expiration.stdout
}}
\"
'
'version>>
\"
{{
license_version.stdout
}}
\"
'
'cn==
\"
{{
cn
}}
\"
'
--list
|
grep
version
|
cut
-d
\\\"
-f4"
shell
:
"
networkcache-download
-c
/
opt/amarisoft/shacache
.cfg
-k
key-private:amarisoft
'version<=
\"
{{
license_expiration.stdout
}}
\"
'
'version>>
\"
{{
license_version.stdout
}}
\"
'
'cn==
\"
{{
cn
}}
\"
'
--list
|
grep
version
|
cut
-d
\\\"
-f4"
register
:
new_version
when
:
certificate.stat.exists == True
-
name
:
End playbook if no new amarisoft versions
meta
:
end_play
when
:
new_version.stdout == ""
-
debug
:
msg
:
"
[{{
ansible_date_time.date
}}
{{
ansible_date_time.time
}}]
Found
new
version:
{{
new_version.stdout
}}"
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Download nonce to decrypt new amarisoft version
shell
:
"
networkcache-download
-c
/
etc/opt/slapos/slapos
.cfg
-k
file-private:amarisoft
'version<=
\"
{{
license_expiration.stdout
}}
\"
'
'version>>
\"
{{
license_version.stdout
}}
\"
'
--list
|
grep
nonce
|
cut
-d
\\\"
-f4
>
{{
install_folder
}}/download/nonce"
shell
:
"
networkcache-download
-c
/
opt/amarisoft/shacache
.cfg
-k
file-private:amarisoft
'version<=
\"
{{
license_expiration.stdout
}}
\"
'
'version>>
\"
{{
license_version.stdout
}}
\"
'
--list
|
grep
nonce
|
cut
-d
\\\"
-f4
>
{{
install_folder
}}/download/nonce"
register
:
nonce
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
set_fact
:
version="{{ new_version.stdout }}"
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Download new amarisoft version
shell
:
"
networkcache-download
-c
/etc/opt/slapos/slapos.cfg
-k
file-private:amarisoft
'version<=
\"
{{
license_expiration.stdout
}}
\"
'
'version>>
\"
{{
license_version.stdout
}}
\"
'
>
{{
install_folder
}}/download/amarisoft.tar.gz.enc"
shell
:
"
networkcache-download
-c
/opt/amarisoft/shacache.cfg
-k
file-private:amarisoft
'version<=
\"
{{
license_expiration.stdout
}}
\"
'
'version>>
\"
{{
license_version.stdout
}}
\"
'
>
{{
install_folder
}}/download/amarisoft.tar.gz.enc"
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Download encrypted symmetric key for new amarisoft version
shell
:
"
networkcache-download
-c
/etc/opt/slapos/slapos.cfg
-k
key-private:amarisoft
'version<=
\"
{{
license_expiration.stdout
}}
\"
'
'version>>
\"
{{
license_version.stdout
}}
\"
'
'cn==
\"
{{
cn
}}
\"
'
>
{{
install_folder
}}/download/symmetric_key.bin.enc"
shell
:
"
networkcache-download
-c
/opt/amarisoft/shacache.cfg
-k
key-private:amarisoft
'version<=
\"
{{
license_expiration.stdout
}}
\"
'
'version>>
\"
{{
license_version.stdout
}}
\"
'
'cn==
\"
{{
cn
}}
\"
'
>
{{
install_folder
}}/download/symmetric_key.bin.enc"
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Create directory if it does not exist
file
:
path={{ install_folder }}/{{ version }} state=directory mode=0755
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Create directory if it does not exist
file
:
path={{ install_folder }}/_{{ version }} state=directory mode=0755
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Decrypt key
shell
:
'
openssl
pkeyutl
-decrypt
-in
{{
install_folder
}}/download/symmetric_key.bin.enc
-inkey
/opt/private-key/{{
cn
}}.key
-out
/opt/private-key/symmetric_key-{{
version
}}.key'
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Decrypt archive
script
:
encrypt-data.sh /opt/private-key/symmetric_key-{{ version }}.key {{ install_folder }}/download/nonce decrypt {{ install_folder }}/download/amarisoft.tar.gz.enc {{ install_folder }}/amarisoft.tar.gz
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Extract archive
unarchive
:
src
:
"
{{
install_folder
}}/amarisoft.tar.gz"
dest
:
"
{{
install_folder
}}"
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Extract lteenb archive
unarchive
:
src
:
"
{{
install_folder
}}/{{
version
}}/lteenb-linux-{{
version
}}.tar.gz"
dest
:
"
{{
install_folder
}}/_{{
version
}}"
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Extract ltemme archive
unarchive
:
src
:
"
{{
install_folder
}}/{{
version
}}/ltemme-linux-{{
version
}}.tar.gz"
dest
:
"
{{
install_folder
}}/_{{
version
}}"
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Extract trx_sdr archive
unarchive
:
src
:
"
{{
install_folder
}}/{{
version
}}/trx_sdr-linux-{{
version
}}.tar.gz"
dest
:
"
{{
install_folder
}}/_{{
version
}}"
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Create a symbolic link for lteenb
file
:
src
:
"
lteenb-linux-{{
version
}}"
dest
:
"
{{
install_folder
}}/_{{
version
}}/enb"
state
:
link
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Create a symbolic link for ltemme
file
:
src
:
"
ltemme-linux-{{
version
}}"
dest
:
"
{{
install_folder
}}/_{{
version
}}/mme"
state
:
link
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Create a symbolic link for trx_sdr
file
:
src
:
"
trx_sdr-linux-{{
version
}}"
dest
:
"
{{
install_folder
}}/_{{
version
}}/trx_sdr"
state
:
link
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Copy trx_sdr libraries
shell
:
'
cp
{{
install_folder
}}/_{{
version
}}/trx_sdr/*.so
{{
install_folder
}}/_{{
version
}}/enb/'
shell
:
'
cp
{{
install_folder
}}/_{{
version
}}/trx_sdr/*.so*
{{
install_folder
}}/_{{
version
}}/enb/'
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Copy libraries to mme
shell
:
'
cp
{{
install_folder
}}/_{{
version
}}/libs/*.so*
{{
install_folder
}}/_{{
version
}}/mme/'
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
ignore_errors
:
True
-
name
:
Copy libraries to mme
shell
:
'
cp
{{
install_folder
}}/_{{
version
}}/libs/linux/*.so*
{{
install_folder
}}/_{{
version
}}/mme/'
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
ignore_errors
:
True
-
name
:
Move amarisoft folder
shell
:
'
mv
{{
install_folder
}}/_{{
version
}}
{{
install_folder
}}/v{{
version
}}'
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
-
name
:
Remove extraction folder
file
:
path
:
"
{{
install_folder
}}/{{
version
}}"
state
:
absent
when
:
(certificate.stat.exists == True) and (new_version.stdout != "")
playbook/roles/generate-key/tasks/main.yml
View file @
5571c907
...
...
@@ -2,9 +2,6 @@
-
set_fact
:
cn="{{ ansible_hostname }}"
-
name
:
Update certificate signature list
script
:
update-signature-list.py
-
name
:
Create directory if it does not exist
file
:
path="{{ pkdir }}" state=directory mode=0755
...
...
@@ -28,13 +25,17 @@
-
name
:
Get monitor private directory path
shell
:
'
realpath
$(dirname
$(grep
-lR
"software_release_url
=
.*software/monitor/software.cfg"
$(find
/srv/slapgrid
-type
f
-name
"buildout.cfg")))/srv/monitor/private'
register
:
monitor_path
when
:
playbook_report | bool
ignore_errors
:
yes
-
name
:
Create directory if it does not exist
file
:
path="{{ monitor_path.stdout }}/playbook-report" state=directory mode=0755
when
:
(monitor_path is succeeded) and (playbook_report | bool)
-
stat
:
path="{{ pkdir }}/{{ cn }}.pub"
register
:
public_key
when
:
(monitor_path is succeeded) and (playbook_report | bool)
-
name
:
Copy public key
copy
:
src="{{ pkdir }}/{{ cn }}.pub" dest="{{ monitor_path.stdout }}/playbook-report/{{ cn }}.pub" owner=root mode=774
when
:
public_key.stat.exists == True
when
:
(monitor_path is succeeded) and (playbook_report | bool) and (public_key.stat.exists == True)
playbook/sha256sum
View file @
5571c907
3eeaea021f937c8e85b08ddc6e49f8205d5878dd25b3dfd600ebc0c2da8baf7c
-
926591266cf2e331df297067963046604b850b837818a294c5652a568a02ff87
-
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment