920954e31d
This change adds Strongswan to support VPNaaS in appliance. Change-Id: I1adb74c159eaf4f62950d17ed015856e90a91641 Partial-Blueprint: neutron-vpnaas
98 lines
2.7 KiB
YAML
98 lines
2.7 KiB
YAML
---
|
|
|
|
- name: install base packages
|
|
apt: name={{item}} state=installed install_recommends=no
|
|
with_items:
|
|
- gunicorn
|
|
- python-pip
|
|
- python-dev
|
|
- logrotate
|
|
|
|
- name: copy astara-appliance code
|
|
synchronize: src={{ playbook_dir }}/.. dest=/tmp/astara-appliance
|
|
|
|
- name: ensure latest setuptools
|
|
pip: name=setuptools state=latest
|
|
|
|
- name: install required files
|
|
pip: requirements=/tmp/astara-appliance/requirements.txt
|
|
|
|
- name: install astara-appliance
|
|
command: python setup.py install chdir=/tmp/astara-appliance
|
|
|
|
- name: install astara gunicorn logging directory
|
|
file: path=/var/log/astara state=directory
|
|
|
|
- name: install astara logrotate config
|
|
template: src=logrotate.j2 dest=/etc/logrotate.d/astara
|
|
|
|
- name: install gunicorn config file
|
|
template: src=gunicorn.j2 dest=/etc/astara_gunicorn_config.py
|
|
|
|
|
|
- name: add gunicorn user
|
|
action: user name=gunicorn state=present
|
|
|
|
- name: install init.d files
|
|
copy: src={{playbook_dir}}/../scripts/etc/init.d/{{item}} dest=/etc/init.d/{{item}} mode=0555
|
|
with_items:
|
|
- metadata
|
|
- astara-router-api-server
|
|
|
|
- name: install rootwrap config file
|
|
copy: src={{playbook_dir}}/../etc/rootwrap.conf dest=/etc/rootwrap.conf mode=0555
|
|
|
|
- name: create /etc/rootwrap.d/
|
|
file: path=/etc/rootwrap.d/ state=directory
|
|
|
|
- name: install rootwrap rules file
|
|
copy: src={{playbook_dir}}/../etc/rootwrap.d/ dest=/etc/rootwrap.d/ mode=0555
|
|
with_items:
|
|
- network.filters
|
|
|
|
- stat: path=/etc/sudoers.d
|
|
register: sudoers_dir
|
|
|
|
- name: install sudoer file
|
|
when: sudoers_dir.stat.exists == True
|
|
template: src=gunicorn dest=/etc/sudoers.d/gunicorn mode=0440
|
|
|
|
- name: create /usr/local/share/astara/
|
|
file: path=/usr/local/share/astara state=directory
|
|
|
|
- name: make /usr/local/share/astara/ importable
|
|
copy: dest=/usr/local/share/astara/__init__.py content=''
|
|
|
|
- name: install astara_local_settings.py
|
|
copy: dest=/usr/local/share/astara/astara_local_settings.py content='ENABLED_SERVICES = {{enabled_advanced_services.split(',')}}\n'
|
|
|
|
- name: update-rc
|
|
command: update-rc.d astara-router-api-server start
|
|
|
|
- name: add timestamp
|
|
shell: date > arg1 creates=/etc/astara-release
|
|
|
|
- name: enable forwarding
|
|
sysctl: name={{item}} value=1 sysctl_set=yes state=present reload=yes
|
|
with_items:
|
|
- net.ipv4.ip_forward
|
|
- net.ipv6.conf.all.forwarding
|
|
when: router_appliance
|
|
|
|
- name: remove packages only needed for build
|
|
apt: name={{item}} state=absent
|
|
with_items:
|
|
- python-pip
|
|
- python-dev
|
|
- build-essential
|
|
when: do_cleanup
|
|
|
|
- name: Autoremove unused packages
|
|
command: apt-get -y autoremove
|
|
when: do_cleanup
|
|
|
|
- name: Ensure gunicorn is restarted
|
|
service: name=astara-router-api-server state=restarted enabled=yes
|
|
|
|
|