ffdo-infrastruktur
/
ffdo-ansible-l2tp
mirror of https://github.com/ffdo/ffdo-ansible-l2tp.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195
							- name: Install dependencies for this role
  apt:
    pkg: "{{ item }}"
    state: present
  with_items:
    - bridge-utils
    - ebtables
    - git
    - iproute
    - libevent-dev
    - libnetfilter-conntrack3
    - python-dev
    - python-virtualenv
    # additional dependencies for wlanslovenija's version
    # - libffi-dev
    # - libnfnetlink-dev
    # - libnetfilter-conntrack-dev
    # - gcc
  when: domaenenliste is defined

- name: Determine whether the global version of tunneldigger is installed or not
  stat: path=/lib/systemd/system/tunneldigger.service
  register: _td_global_installed
  when: domaenenliste is defined

- name: Determine whether the per domain version of tunneldigger is installed or not
  stat: path=/lib/systemd/system/tunneldigger@.service
  register: _td_per_domain_installed
  when: domaenenliste is defined


- name: Get all enabled tunneldigger (domain specific) instances
  shell: '/bin/ls /etc/systemd/system/multi-user.target.wants/tunneldigger@* | grep -oE "[0-9]+"'
  changed_when: False
  failed_when: False
  check_mode: no
  register: _td_domain_instances
  when: domaenenliste is defined

# remove /etc/systemd/system/tunneldigger.service if it's not a symlink (issue within older versie of this role, may can be removed in the future)
- name: Remove tunneldigger.service from systemd's local config if it isn't a symlink
  file: path=/etc/systemd/system/tunneldigger.service state=absent
  register: _old_td_systemd
  when: domaenenliste is defined

- name: Stop and disable obsolete td instances
  service: name="tunneldigger@{{item}}.service" enabled=no state=stopped
  with_items: "{{_td_domain_instances.stdout_lines}}"
  when: domaenenliste is defined and (item not in domaenenliste or tunneldigger.instance_per_domain == False) and _td_per_domain_installed.stat.exists == True


- name: Stop global td instance if change to per domain instances is ongoing
  service: name="tunneldigger.service" enabled=no state=stopped
  when: 
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == True and (_td_global_installed.stat.exists == True or _old_td_systemd.changed == True)

- name: Delete global td systemd config if change to per domain instances is ongoing
  file: path=/lib/systemd/system/tunneldigger.service state=absent
  when: 
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == True and (_td_global_installed.stat.exists == True or _old_td_systemd.changed == True)

- name: Delete per domain td systemd config if change to global td is ongoing
  file: path=/lib/systemd/system/tunneldigger@.service state=absent
  when: 
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == False and _td_per_domain_installed.stat.exists == True

# tasks for wlanslovenija's version
# - name: git für tunneldigger
#   git: repo=https://github.com/wlanslovenija/tunneldigger dest=/srv/tunneldigger force=yes update=yes version=235e111fb8fa02c4687af7f695e21204d9d28fe6

# - name: Install python dependencies
#   shell: "/srv/tunneldigger/bin/python /srv/tunneldigger/broker/setup.py install"
#   args:
#     chdir: /srv/tunneldigger/broker/

- name: Remove repository if td mode change is ongoing
  file: path=/srv/tunneldigger state=absent
  when: 
    - domaenenliste is defined
    - (tunneldigger.instance_per_domain == False and _td_per_domain_installed.stat.exists == True) or (tunneldigger.instance_per_domain == True and (_td_global_installed.stat.exists == True or _old_td_systemd.changed == True))

#- name: Clone tunneldigger (wlanslovenija fork)
#  git: repo=https://github.com/wlanslovenija/tunneldigger dest=/srv/tunneldigger force=yes update=yes
#  when: domaenenliste is defined

- name: Clone tunneldigger (ffrl fork)
  git: repo=https://github.com/ffrl/tunneldigger dest=/srv/tunneldigger force=yes update=yes version=e6b09f365f8d3459488680840feb77c54a9c9668
  when: domaenenliste is defined

- name: patch l2tp_broker.py if mode is global
  patch: src=l2tp_broker.py.patch dest=/srv/tunneldigger/broker/l2tp_broker.py
  when: 
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == False

- name: Install python dependencies
  pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger
  when: domaenenliste is defined

- name: Deploy addif.sh for each domain
  template: src=addif.sh.j2 dest="/srv/tunneldigger/broker/scripts/addif_domain{{item.key}}.sh" mode=0755
  with_dict: "{{domaenenliste}}"
  when: 
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == True

- name: Deploy addif.sh if mode is global
  copy: src=addif.sh dest=/srv/tunneldigger/broker/scripts mode=0755
  when: 
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == False

- name: Deploy delif.sh for each domain
  template: src=delif.sh.j2 dest="/srv/tunneldigger/broker/scripts/delif_domain{{item.key}}.sh" mode=0755
  with_dict: "{{domaenenliste}}"
  when: 
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == True

- name: Deploy delif.sh if mode is global
  copy: src=delif.sh dest=/srv/tunneldigger/broker/scripts mode=0755
  when:
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == False

- name: Create sperrliste.txt if not exists
  command: touch /srv/tunneldigger/broker/scripts/sperrliste.txt
  args:
    creates: /srv/tunneldigger/broker/scripts/sperrliste.txt
  when: domaenenliste is defined

- name: Deploy tunneldigger.conf to /etc/modules-load.d/
  copy: src=tunneldigger.conf dest=/etc/modules-load.d/tunneldigger.conf
  notify: load kernel modules
  when: domaenenliste is defined

- name: Deploy l2tp_broker.cfg for each domain
  template: src="l2tp_broker.cfg.j2" dest="/srv/tunneldigger/broker/l2tp_broker_domain{{item.key}}.cfg"
  notify: restart tunneldigger per domain
  with_dict: "{{domaenenliste}}"
  when:
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == True

- name: Deploy l2tp_broker.cfg if mode is global
  template: src="l2tp_broker.cfg.j2" dest="/srv/tunneldigger/broker/l2tp_broker.cfg"
  notify: restart tunneldigger
  when:
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == False

- name: l2tp-bridge einrichten
  template: src=l2tp_bridge.j2 dest=/etc/network/interfaces.d/20_l2tp_bridge.cfg
  notify: restart networking
  when: domaenenliste is defined

- name: Deploy tunneldigger@.service template file
  copy: src=tunneldigger@.service dest=/lib/systemd/system/tunneldigger@.service
  register: _domain_td_systemd
  notify:
  - restart tunneldigger per domain
  when:
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == True

- name: Deploy tunneldigger.service file
  copy: src=tunneldigger.service dest=/lib/systemd/system/tunneldigger.service
  register: _global_td_systemd
  notify:
  - restart tunneldigger
  when:
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == False

- name: reload systemd
  shell: systemctl daemon-reload
  when:
    - domaenenliste is defined
    - _domain_td_systemd.changed or _global_td_systemd.changed

- name: enable all tunneldigger instances
  service: name="tunneldigger@{{item.key}}.service" enabled=yes
  with_dict: "{{domaenenliste}}"
  when:
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == True

- name: Enable tunneldigger.service if mode is global
  service: name="tunneldigger.service" enabled=yes
  when:
    - domaenenliste is defined
    - tunneldigger.instance_per_domain == False