--- - name: Create /opt/upgrader where some logs will be stored file: path=/opt/upgrader state=directory mode=0755 - name: Get monitor private directory path shell: 'realpath $(dirname $(grep -lR "software_release_url = .*software/monitor/software.cfg" $(find /srv/slapgrid -type f -name "buildout.cfg")))/srv/monitor/private' register: monitor_path when: (monitor_path is succeeded) and (playbook_report | bool) ignore_errors: yes - name: Create directory if it does not exist file: path="{{ monitor_path.stdout }}/playbook-report" state=directory mode=0755 when: (monitor_path is succeeded) and (playbook_report | bool) - name: Check Amarisoft version shell: 'find /opt/amarisoft -maxdepth 1 | grep "^/opt/amarisoft/v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | cut -d/ -f4 | sort | tail -n1' register: amarisoft_version ignore_errors: yes - name: Check registry URL shell: "grep registry /etc/re6stnet/re6stnet.conf | awk '{ print $2; }'" register: registry_url ignore_errors: yes - name: Setting playbook report message set_fact: playbook_report_message: "Starting ors playbook" playbook_report_progress: "30" data: { 'registry_url': "{{ registry_url.stdout }}", 'amarisoft_version': "{{ amarisoft_version.stdout }}"} - name: Render log template template: src: playbook-report.j2 dest: /tmp/playbook-report-tmp.log when: (monitor_path is succeeded) and (playbook_report | bool) - name: Append to log shell: 'cat /tmp/playbook-report-tmp.log >> {{ monitor_path.stdout }}/playbook-report/report.log' when: (monitor_path is succeeded) and (playbook_report | bool) and (extra_playbook | length > 0) # SSD image backports - stat: path=/opt/upgrader/last-backport register: last_backport - stat: path=/opt/upgrader/playbook-tmp/ors_backport_after register: ors_backport_after - shell: echo 1 > /opt/upgrader/last-backport when: last_backport.stat.exists == False - name: Do ors backport shell: ansible-playbook ors-image-backports.yml -i hosts 2>>/opt/upgrader/ors_backport.log >> /opt/upgrader/ors_backport.log when: (ors_backport_after.stat.exists == True) and (lookup('file', '/opt/upgrader/playbook-tmp/ors_backport_after')|int > lookup('file', '/opt/upgrader/last-backport')|int ) args: chdir: /opt/upgrader/playbook-tmp/ - shell: echo {{ ansible_date_time.epoch }} > /opt/upgrader/last-backport when: (ors_backport_after.stat.exists == True) and (lookup('file', '/opt/upgrader/playbook-tmp/ors_backport_after')|int > lookup('file', '/opt/upgrader/last-backport')|int ) # Radio Hardware - name: Copy get-sdr-info script copy: src=get-sdr-info dest=/opt/amarisoft owner=root mode=770 # Amarisoft software - name: Create a directory if it does not exist file: path=/opt/amarisoft state=directory mode=0755 - name: Copy init-sdr script copy: src=init-sdr dest=/opt/amarisoft owner=root mode=770 - name: Copy init-enb script copy: src=init-enb dest=/opt/amarisoft owner=root mode=770 - name: Copy rm-tmp-lte script copy: src=rm-tmp-lte dest=/opt/amarisoft owner=root mode=770 - name: Get Amarisoft path shell: 'find /opt/amarisoft -maxdepth 1 | grep "^/opt/amarisoft/v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1' register: amarisoft_path - name: Check if lteenb has capabilities shell: 'getcap {{ amarisoft_path.stdout }}/enb/lteenb | grep -q cap_sys_nice' ignore_errors: yes register: lteenb_cap - name: Set capabilities on lteenb shell: 'patchelf --set-rpath {{ amarisoft_path.stdout }}/enb {{ amarisoft_path.stdout }}/enb/lteenb && setcap cap_sys_nice=+pe {{ amarisoft_path.stdout }}/enb/lteenb' when: lteenb_cap.rc != 0 - name: Check if lteenb-avx2 has capabilities shell: 'getcap {{ amarisoft_path.stdout }}/enb/lteenb-avx2 | grep -q cap_sys_nice' ignore_errors: yes register: lteenb_avx2_cap - name: Set capabilities on lteenb-avx2 shell: 'patchelf --set-rpath {{ amarisoft_path.stdout }}/enb {{ amarisoft_path.stdout }}/enb/lteenb-avx2 && setcap cap_sys_nice=+pe {{ amarisoft_path.stdout }}/enb/lteenb-avx2' when: lteenb_avx2_cap.rc != 0 - name: Create .amarisoft directory for SR file: path=/opt/amarisoft/.amarisoft state=directory - name: Copy keys for SR copy: src=/root/.amarisoft dest=/opt/amarisoft owner=root mode=644 ignore_errors: yes - name: Configure sudoers script: configure-sudoers # Re6st - name: Configure re6st script: configure-re6st # Slapos - name: Enable and start cron.service systemd: name=cron.service enabled=yes state=started - name: Configure slapos script: configure-slapos.py # Network - name: Configure firewall script: configure-firewall - name: Configure IPv4 forwarding lineinfile: dest=/etc/sysctl.conf regexp="^net.ipv4.conf.all.forwarding=(.*)" line="net.ipv4.conf.all.forwarding=1" state=present - name: Configure IPv6 forwarding lineinfile: dest=/etc/sysctl.conf regexp="^net.ipv6.conf.all.forwarding=(.*)" line="net.ipv6.conf.all.forwarding=1" state=present - name: Redirect 53 to 5353 ansible.builtin.iptables: chain: PREROUTING table: nat protocol: udp match: udp jump: DNAT destination_port: '53' to_destination: ':5353' - name: Redirect 5353 to 53 ansible.builtin.iptables: chain: POSTROUTING table: nat protocol: udp match: udp jump: SNAT source_port: '5353' to_source: ':53' # System - name: Configure journald log size lineinfile: dest=/etc/systemd/journald.conf regexp="^SystemMaxUse=(.*)" line="SystemMaxUse=1G" state=present - name: Add kernel parameter script: configure-grub # SSH - name: Configure ssh lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin (.*)" line="PermitRootLogin yes" state=present - name: Configure ssh lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication (.*)" line="PasswordAuthentication yes" state=present # Schedule and upgrade playbook - name: Install upgrader shell: ansible-playbook upgrader-run.yml --extra-vars 'extra_playbook={{ extra_playbook }} upgrader_playbook={{ upgrader_playbook }} repeat_until_success={{ repeat_until_success }} upgrade_kernel={{ upgrade_kernel | default(False) == True }} playbook_report={{ playbook_report }}' -i hosts 2>>/opt/upgrader/latest_daily_upgrade.log >> /opt/upgrader/latest_daily_upgrade.log when: launch_upgrader | bool