diff --git a/ansible/install.yml b/ansible/install.yml index fbfd01b12..bd013cf91 100644 --- a/ansible/install.yml +++ b/ansible/install.yml @@ -1,6 +1,12 @@ --- - import_playbook: install_setup.yml - import_playbook: install_metastore.yml +- import_playbook: install_metastore_leader.yml - import_playbook: install_simulation_system.yml +- import_playbook: install_simulation_system_leader.yml - import_playbook: install_emulation_system.yml +- import_playbook: install_emulation_system_leader.yml +- import_playbook: install_emulation_system_worker.yml - import_playbook: install_management_system.yml +- import_playbook: install_management_system_leader.yml +- import_playbook: start.yml diff --git a/ansible/install_emulation_system.yml b/ansible/install_emulation_system.yml index f4d8c31c9..cbbc3fd9c 100644 --- a/ansible/install_emulation_system.yml +++ b/ansible/install_emulation_system.yml @@ -2,114 +2,124 @@ - hosts: all + vars: + spark_base: "csle_spark_base" + spark_derived: "csle_spark_1" + tasks: - - name: Check if apt keyrings directory exist - become: true - stat: - path: /etc/apt/keyrings - register: keyrings_directory_exists - - - name: Create keyrings directory if it does not exist - become: true - ansible.builtin.file: - path: /etc/apt/keyrings - state: directory - mode: "0755" - when: not keyrings_directory_exists.stat.exists - - - name: Download Docker GPG key and install GPG key - shell: | - expect -c ' - spawn /bin/bash -c "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg" - expect -re ".*Overwrite?.*" - send "y\r" - interact - ' - - - name: Install docker apt keys - become: true - shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - - - name: Update package cache - become: true - apt: - update_cache: yes - - - name: Install Docker packages - become: true - apt: - name: - - docker-ce - - docker-ce-cli - - containerd.io - state: present - - - name: Add Docker group - become: true - group: - name: docker - state: present - - - name: Add user to Docker group - become: true - shell: "sudo usermod -aG docker {{ user }}" - - - name: Initialize Docker Swarm - command: docker swarm init --advertise-addr "{{ leader_ip }}" - ignore_errors: yes - - - name: Pulling base Docker images - shell: "cd /home/{{ user }}/csle/emulation-system/base_images && make pull" - - - name: Pulling derived Docker images - shell: | - cd "/home/{{ user }}/csle/emulation-system/derived_images" && \ - make pull - args: - executable: /bin/bash - - - name: Installing the emulation environments on the leader node - shell: | - source "/home/{{ user }}/anaconda3/bin/activate {{ conda_environment_name }}" && \ - cd "/home/{{ user }}/csle/emulation-system/envs" && \ - make install - args: - executable: /bin/bash - - - name: Set max_map_count kernel parameter - become: true - sysctl: - name: vm.max_map_count - value: 262144 - sysctl_set: yes - reload: yes - state: present - - - name: Add line to limits.conf if not exists - become: true - ansible.builtin.lineinfile: - path: /etc/security/limits.conf - line: "{{ user }}\tsoft\tnofile\t102400" - regexp: "^{{ user }}\\s+soft\\s+nofile\\s+102400$" - state: present - register: line_added - changed_when: false - - - name: Add second line to limits.conf if not exists - become: true - ansible.builtin.lineinfile: - path: /etc/security/limits.conf - line: "{{ user }}\thard\tnofile\t1024000" - regexp: "^{{ user }}\\s+hard\\s+nofile\\s+1024000$" - state: present - register: line_added - changed_when: false - - - name: Set fs.inotify.max_user_watches in sysctl.conf - become: true - ansible.builtin.shell: "echo 'fs.inotify.max_user_watches=524288' | sudo tee -a /etc/sysctl.conf" - - - name: Reload sysctl - become: true - ansible.builtin.shell: "sudo sysctl -p" + - name: Check if apt keyrings directory exist + become: true + stat: + path: /etc/apt/keyrings + register: keyrings_directory_exists + + - name: Create keyrings directory if it does not exist + become: true + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: "0755" + when: not keyrings_directory_exists.stat.exists + + - name: Add Docker GPG apt Key + become: true + ansible.builtin.apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + + - name: Add repository into sources list + become: true + ansible.builtin.apt_repository: + repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename }} stable + state: present + filename: docker + + - name: Update package cache + become: true + apt: + update_cache: yes + + - name: Install Docker packages + become: true + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + state: present + + - name: Add Docker group + become: true + group: + name: docker + state: present + + - name: Add user to Docker group + become: true + shell: "sudo usermod -aG docker {{ user }}" + + - name: List all docker images + become: true + shell: "docker images" + args: + executable: /bin/bash + register: docker_images_list + changed_when: false + + - name: Check if the base images are pulled + set_fact: + base_images_pulled: "{{ spark_base in docker_images_list.stdout }}" + + - name: Check if the derived images are pulled + set_fact: + derived_images_pulled: "{{ spark_derived in docker_images_list.stdout }}" + + - name: Pulling base Docker images + shell: "cd /home/{{ user }}/csle/emulation-system/base_images && make pull" + args: + executable: /bin/bash + when: not base_images_pulled + + - name: Pulling derived Docker images + shell: "cd /home/{{ user }}/csle/emulation-system/derived_images && make pull" + args: + executable: /bin/bash + when: not derived_images_pulled + + - name: Set max_map_count kernel parameter + become: true + sysctl: + name: vm.max_map_count + value: 262144 + sysctl_set: yes + reload: yes + state: present + + - name: Add line to limits.conf if not exists + become: true + ansible.builtin.lineinfile: + path: /etc/security/limits.conf + line: "{{ user }}\tsoft\tnofile\t102400" + regexp: "^{{ user }}\\s+soft\\s+nofile\\s+102400$" + state: present + register: line_added + changed_when: false + + - name: Add second line to limits.conf if not exists + become: true + ansible.builtin.lineinfile: + path: /etc/security/limits.conf + line: "{{ user }}\thard\tnofile\t1024000" + regexp: "^{{ user }}\\s+hard\\s+nofile\\s+1024000$" + state: present + register: line_added + changed_when: false + + - name: Set fs.inotify.max_user_watches in sysctl.conf + become: true + ansible.builtin.shell: "echo 'fs.inotify.max_user_watches=524288' | sudo tee -a /etc/sysctl.conf" + + - name: Reload sysctl + become: true + ansible.builtin.shell: "sudo sysctl -p" diff --git a/ansible/install_emulation_system_leader.yml b/ansible/install_emulation_system_leader.yml new file mode 100644 index 000000000..003edfd7d --- /dev/null +++ b/ansible/install_emulation_system_leader.yml @@ -0,0 +1,64 @@ +--- + +- hosts: leader + + vars: + active: "Active" + + tasks: + + - name: List installed emulation environments + become: yes + become_method: sudo + become_user: postgres + community.postgresql.postgresql_query: + db: csle + login_user: postgres + login_password: "{{ postgres_password }}" + query: "SELECT id FROM emulations;" + register: emulations + + - name: Check if the emulation environments are installed + set_fact: + emulation_environments_installed: "{{ emulations.rowcount > 0 }}" + + - name: Installing the emulation environments on the leader node + shell: "source /home/{{ user }}/anaconda3/bin/activate {{ conda_environment_name }}; cd /home/{{ user }}/csle/emulation-system/envs && make install" + args: + executable: /bin/bash + when: not emulation_environments_installed + + - name: List docker swarm status + become: true + shell: "docker node ls" + args: + executable: /bin/bash + register: docker_swarm_status + changed_when: false + + - name: Check if the docker swarm has been initialized + set_fact: + swarm_initialized: "{{ active in docker_swarm_status.stdout }}" + + - name: Initialize Docker Swarm + become: true + command: docker swarm init --advertise-addr "{{ leader_ip }}" + ignore_errors: yes + when: not swarm_initialized + + - name: List docker swarm join command + become: true + shell: "docker swarm join-token worker" + args: + executable: /bin/bash + register: docker_swarm_join_command_output + changed_when: false + + - name: Extract join token + set_fact: + docker_swarm_join_command: "{{ docker_swarm_join_command_output.stdout | regex_search(stdout_regex, multiline=True)}}" + vars: + stdout_regex: 'docker swarm join --token (.*)' + + - debug: + var: hostvars[leader_ip]['docker_swarm_join_command'] \ No newline at end of file diff --git a/ansible/install_emulation_system_worker.yml b/ansible/install_emulation_system_worker.yml new file mode 100644 index 000000000..bcaf2df9c --- /dev/null +++ b/ansible/install_emulation_system_worker.yml @@ -0,0 +1,10 @@ +--- + +- hosts: worker + + tasks: + + - name: Join Docker Swarm + become: true + command: "{{ hostvars[leader_ip]['docker_swarm_join_command'] }}" + ignore_errors: yes \ No newline at end of file diff --git a/ansible/install_management_system.yml b/ansible/install_management_system.yml index 5149b13c0..d1dcc15a1 100644 --- a/ansible/install_management_system.yml +++ b/ansible/install_management_system.yml @@ -2,193 +2,180 @@ - hosts: all + vars: + nvm_env_var: "$NVM_DIR" + prometheus: "prometheus" + node_exporter: "node_exporter" tasks: - - name: Check if nvm is installed - shell: | - source "/home/{{ user }}/.nvm/nvm.sh" && \ - nvm -v - args: - executable: /bin/bash - register: nvm_installed - ignore_errors: true - - - name: Download nvm - ansible.builtin.get_url: - url: "https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.2/install.sh" - dest: "/home/{{ user }}" - mode: '0755' - owner: "{{ user }}" - when: nvm_installed.rc != 0 - - - name: Set NVM_DIR environment variable - shell: | - "/home/{{ user }}/install.sh" - export NVM_DIR="/home/{{ user }}/.nvm" - if [ -s "$NVM_DIR/nvm.sh" ]; then - . "$NVM_DIR/nvm.sh" - fi - args: - executable: /bin/bash - when: nvm_installed.rc != 0 - - - - name: Check if node is installed - shell: | - source "/home/{{ user }}/.nvm/nvm.sh" && \ - node -v - args: - executable: /bin/bash - register: nvm_node_installed - ignore_errors: true - - - name: Using nvm to install nodes - shell: | - source "/home/{{ user }}/.nvm/nvm.sh" && \ - nvm install node - args: - executable: /bin/bash - when: - - nvm_installed.rc == 0 - - nvm_node_installed.rc != 0 - ignore_errors: true - - - name: Check if npm is installed - shell: | - source "/home/{{ user }}/.nvm/nvm.sh" && \ - npm -v - args: - executable: /bin/bash - register: npm_installed - ignore_errors: true - - - name: Installing npm - shell: | - source "/home/{{ user }}/.nvm/nvm.sh" && \ - npm install -g npm - args: - executable: /bin/bash - when: - - nvm_installed.rc == 0 - - npm_installed.rc != 0 - ignore_errors: true - - - name: Check if the web application is installed - stat: - path: "/home/{{ user }}/csle/management-system/csle-mgmt-webapp/node_modules" - register: web_app_installed - ignore_errors: true - - - name: Check if the web application is built - stat: - path: "/home/{{ user }}/csle/management-system/csle-mgmt-webapp/build" - register: web_app_built - ignore_errors: true - - - - name: Install and build web application - shell: | - source "/home/{{ user }}/.nvm/nvm.sh" && \ - cd "/home/{{ user }}/csle/management-system/csle-mgmt-webapp" && \ - npm install --legacy-peer-deps - npm run build - args: - executable: /bin/bash - when: - - nvm_installed.rc == 0 - - npm_installed.rc == 0 - - web_app_installed == 0 - - web_app_built == 0 - ignore_errors: true - - - name: Check if port 7778 is available - wait_for: - port: 7778 - state: started - timeout: 5 # Adjust timeout value as needed - ignore_errors: true - register: port_check_result - - - name: Install and start pgadmin - shell: | - docker pull dpage/pgadmin4 - docker run -p 7778:80 -e "PGADMIN_DEFAULT_EMAIL=user@domain.com" -e "PGADMIN_DEFAULT_PASSWORD=SuperSecret" -d dpage/pgadmin4 - args: - executable: /bin/bash - ignore_errors: true - when: port_check_result == 0 - - - name: Copy content of local Nginx file to remote server - copy: - content: "{{ lookup('file', '{{ nginx_content_name }}') }}" - dest: /etc/nginx/sites-available/default - - - name: Restart the nginx service - become: true - service: - name: nginx - state: restarted - - - name: Change permissions on /var/log/nginx - become: true - command: sudo chmod -R u+rw /var/log/nginx - - - name: Change ownership of /var/log/nginx - become: true - command: sudo chown -R "{{ user }}" /var/log/nginx - - - name: Restart the nginx service - become: true - service: - name: nginx - state: restarted - - - name: Check if the Prometheus folder exists - stat: - path: "/home/{{ user }}/csle/management-system/prometheus" - register: folder_stat - - - name: Install Prometheus and node exporter - shell: | - cd "/home/{{ user }}/csle/management-system" && \ - chmod u+x install.sh && \ - ./install.sh - args: - executable: /bin/bash - when: folder_stat == 0 - - - name: Modify serverIp.js file - lineinfile: - path: "/home/{{ user }}/csle/management-system/csle-mgmt-webapp/src/components/Common/serverIp.js" - regexp: '^const serverIp =' - line: 'const serverIp = "{{ ansible_host }}";' - - - name: Modify serverPort.js file - lineinfile: - path: "/home/{{ user }}/csle/management-system/csle-mgmt-webapp/src/components/Common/serverPort.js" - regexp: '^const serverPort =' - line: 'const serverPort = "{{ web_port }}";' - - - name: Check if prometheus already exists in .bashrc, If you see error, Ignore it! - shell: grep -qxF 'export PATH=/home/{{ user }}/csle/management-system/prometheus/:$PATH' "/home/{{ user }}/.bashrc" - register: variable_exists - ignore_errors: true - - - name: Add environment variable to .bashrc if not already present - lineinfile: - path: "/home/{{ user }}/.bashrc" - line: "export PATH=/home/{{ user }}/csle/management-system/prometheus/:$PATH" - when: variable_exists.rc != 0 - - - name: CSLE init - shell: "source /home/{{ user }}/anaconda3/bin/activate {{ conda_environment_name }} && echo $CSLE_HOME && csle init" - args: - executable: /bin/bash - environment: - CSLE_HOME: "/home/{{ user }}/csle" - register: CSLE_init_output - ignore_errors: true - - - debug: - var: CSLE_init_output + - name: Check if nvm is installed; if you see error, ignore it! + shell: "source /home/{{ user }}/.nvm/nvm.sh && nvm -v" + args: + executable: /bin/bash + register: nvm_installed + ignore_errors: true + + - name: Download nvm + ansible.builtin.get_url: + url: "https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.2/install.sh" + dest: "/home/{{ user }}" + mode: '0755' + owner: "{{ user }}" + when: nvm_installed.rc != 0 + + - name: Install nvm + shell: "/home/{{ user }}/install.sh; export NVM_DIR=/home/{{ user }}/.nvm" + args: + executable: /bin/bash + when: nvm_installed.rc != 0 + + - name: Cat the .bashrc file + shell: "cat /home/{{ user }}/.bashrc" + args: + executable: /bin/bash + register: user_bashrc + + - name: Check if the NVM environment variable is configured + set_fact: + nvm_environment_variable_configured: "{{ nvm_env_var in user_bashrc.stdout }}" + + - name: Setup NVM environment variables in bashrc + lineinfile: + dest: "/home/{{ user }}/.bashrc" + line: | + export NVM_DIR="/home/{{ user }}/.nvm" + [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" + when: not nvm_environment_variable_configured + + - name: Check if node is installed + shell: "source /home/{{ user }}/.nvm/nvm.sh && node -v" + args: + executable: /bin/bash + register: nvm_node_installed + ignore_errors: true + + - name: Using nvm to install node + shell: "source /home/{{ user }}/.nvm/nvm.sh && nvm install node" + args: + executable: /bin/bash + when: + - nvm_installed.rc == 0 + - nvm_node_installed.rc != 0 + ignore_errors: true + + - name: Check if npm is installed + shell: "source /home/{{ user }}/.nvm/nvm.sh && npm -v" + args: + executable: /bin/bash + register: npm_installed + ignore_errors: true + + - name: Installing npm + shell: "source /home/{{ user }}/.nvm/nvm.sh && npm install -g npm" + args: + executable: /bin/bash + when: + - nvm_installed.rc == 0 + - npm_installed.rc != 0 + ignore_errors: true + + - name: Check if the web application is installed + stat: + path: "/home/{{ user }}/csle/management-system/csle-mgmt-webapp/node_modules" + register: web_app_installed + ignore_errors: true + + - name: Check if the web application is built + stat: + path: "/home/{{ user }}/csle/management-system/csle-mgmt-webapp/build" + register: web_app_built + ignore_errors: true + + - name: Install and build web application + shell: "source /home/{{ user }}/.nvm/nvm.sh && cd /home/{{ user }}/csle/management-system/csle-mgmt-webapp && npm install --legacy-peer-deps && npm run build" + args: + executable: /bin/bash + when: + - nvm_installed.rc == 0 + - npm_installed.rc == 0 + - not web_app_installed.stat.exists + - not web_app_built.stat.exists + ignore_errors: true + + - name: List running docker containers + become: true + shell: "docker ps" + args: + executable: /bin/bash + register: docker_containers_list + changed_when: false + + - name: Copy content of local Nginx file to remote server + become: true + copy: + content: "{{ lookup('file', '{{ nginx_content_name }}') }}" + dest: /etc/nginx/sites-available/default + + - name: Restart the nginx service + become: true + service: + name: nginx + state: restarted + + - name: Change permissions on /var/log/nginx + become: true + command: sudo chmod -R u+rw /var/log/nginx + + - name: Change ownership of /var/log/nginx + become: true + command: sudo chown -R "{{ user }}" /var/log/nginx + + - name: Restart the nginx service + become: true + service: + name: nginx + state: restarted + + - name: Check if the Prometheus folder exists + stat: + path: "/home/{{ user }}/csle/management-system/prometheus" + register: folder_stat + + - name: Install Prometheus and node exporter + shell: "cd /home/{{ user }}/csle/management-system && chmod u+x install.sh && ./install.sh" + args: + executable: /bin/bash + when: not folder_stat.stat.exists + + - name: Modify serverIp.js file + lineinfile: + path: "/home/{{ user }}/csle/management-system/csle-mgmt-webapp/src/components/Common/serverIp.js" + regexp: '^const serverIp =' + line: 'const serverIp = "{{ ansible_host }}";' + + - name: Modify serverPort.js file + lineinfile: + path: "/home/{{ user }}/csle/management-system/csle-mgmt-webapp/src/components/Common/serverPort.js" + regexp: '^const serverPort =' + line: 'const serverPort = "{{ web_port }}";' + + - name: Check if the prometheus environment variable is configured + set_fact: + prometheus_path_configured: "{{ prometheus in user_bashrc.stdout }}" + + - name: Add prometheus environment variable to .bashrc + lineinfile: + path: "/home/{{ user }}/.bashrc" + line: "export PATH=/home/{{ user }}/csle/management-system/prometheus/:$PATH" + when: not prometheus_path_configured + + - name: Check if the node_exporter environment variable is configured + set_fact: + node_exporter_path_configured: "{{ node_exporter in user_bashrc.stdout }}" + + - name: Add node_exporter environment variable to .bashrc + lineinfile: + path: "/home/{{ user }}/.bashrc" + line: "export PATH=/home/{{ user }}/csle/management-system/node_exporter/:$PATH" + when: not node_exporter_path_configured diff --git a/ansible/install_management_system_leader.yml b/ansible/install_management_system_leader.yml new file mode 100644 index 000000000..127f32348 --- /dev/null +++ b/ansible/install_management_system_leader.yml @@ -0,0 +1,35 @@ +--- + +- hosts: leader + + vars: + pg_admin: "pgadmin" + + tasks: + + - name: List running docker containers + become: true + shell: "docker ps" + args: + executable: /bin/bash + register: docker_containers_list + changed_when: false + + - name: Check if pg_admin is running + set_fact: + pg_admin_running: "{{ pg_admin in docker_containers_list.stdout }}" + + - name: Install and start pgadmin + shell: docker pull dpage/pgadmin4 && docker run -p 7778:80 -e "PGADMIN_DEFAULT_EMAIL=user@domain.com" -e "PGADMIN_DEFAULT_PASSWORD=SuperSecret" -d --name=pgadmin dpage/pgadmin4 + args: + executable: /bin/bash + ignore_errors: true + when: not pg_admin_running + + - name: CSLE init + shell: "source /home/{{ user }}/anaconda3/bin/activate {{ conda_environment_name }} && csle init" + args: + executable: /bin/bash + environment: + CSLE_HOME: "/home/{{ user }}/csle" + register: CSLE_init_output \ No newline at end of file diff --git a/ansible/install_metastore.yml b/ansible/install_metastore.yml index 55a6cf2f4..7c296abab 100644 --- a/ansible/install_metastore.yml +++ b/ansible/install_metastore.yml @@ -105,16 +105,6 @@ become: true shell: update-rc.d postgresql enable - - name: Clear create_cluster.sql file - shell: "rm /home/{{ user }}/csle/metastore/create_cluster.sql; touch /home/{{ user }}/csle/metastore/create_cluster.sql" - - - name: Add leader to create_cluster.sql file - shell: echo SELECT "citus_set_coordinator_host('{{ leader_ip }}', {{ citus_port }});" >> "/home/{{ user }}/csle/metastore/create_cluster.sql" - - - name: Add workers to create_cluster.sql file - shell: echo SELECT "citus_add_node('{{ item }}', {{ citus_port }});" >> "/home/{{ user }}/csle/metastore/create_cluster.sql" - loop: "{{ groups['worker'] }}" - - name: Copy create_db.sql script to postgres home become: true copy: @@ -125,40 +115,6 @@ group: postgres mode: u=rwx,g=rwx,o=rwx,a=rwx - - name: Copy create_tables.sql script to postgres home - become: true - copy: - dest: /var/lib/postgresql/create_tables.sql - src: "/home/{{ user }}/csle/metastore/create_tables.sql" - remote_src: yes - owner: postgres - group: postgres - mode: u=rwx,g=rwx,o=rwx,a=rwx - - - name: Copy create_cluster.sql script to postgres home - become: true - copy: - dest: /var/lib/postgresql/create_cluster.sql - src: "/home/{{ user }}/csle/metastore/create_cluster.sql" - remote_src: yes - owner: postgres - group: postgres - mode: u=rwx,g=rwx,o=rwx,a=rwx - - - name: Modify create_tables.sql file - become: true - lineinfile: - path: /var/lib/postgresql/create_tables.sql - regexp: '^\\connect' - line: '' - - - name: Modify create_cluster.sql file - become: true - lineinfile: - path: /var/lib/postgresql/create_cluster.sql - regexp: '^\\connect' - line: '' - - name: Remove extension from create_db.sql file become: true lineinfile: @@ -206,27 +162,6 @@ name: citus version: latest - - name: Create PostgreSQL tables, if you see error here just ignore it! - become: yes - become_method: sudo - become_user: postgres - community.postgresql.postgresql_script: - login_user: postgres - login_password: "{{ postgres_password }}" - db: csle - path: /var/lib/postgresql/create_tables.sql - ignore_errors: true - - - name: Create PostgreSQL CITUS cluster - become: yes - become_method: sudo - become_user: postgres - community.postgresql.postgresql_script: - login_user: postgres - login_password: "{{ postgres_password }}" - db: csle - path: /var/lib/postgresql/create_cluster.sql - - name: Change mode and ownership of the /var/log/postgresql file: path: /var/log/postgresql diff --git a/ansible/install_metastore_leader.yml b/ansible/install_metastore_leader.yml new file mode 100644 index 000000000..faa2f0a22 --- /dev/null +++ b/ansible/install_metastore_leader.yml @@ -0,0 +1,71 @@ +--- + +- hosts: leader + + tasks: + + - name: Clear create_cluster.sql file + shell: "rm /home/{{ user }}/csle/metastore/create_cluster.sql; touch /home/{{ user }}/csle/metastore/create_cluster.sql" + + - name: Add leader to create_cluster.sql file + shell: echo SELECT "citus_set_coordinator_host('{{ leader_ip }}', {{ citus_port }});" >> "/home/{{ user }}/csle/metastore/create_cluster.sql" + + - name: Add workers to create_cluster.sql file + shell: echo SELECT "citus_add_node('{{ item }}', {{ citus_port }});" >> "/home/{{ user }}/csle/metastore/create_cluster.sql" + loop: "{{ groups['worker'] }}" + + + - name: Copy create_tables.sql script to postgres home + become: true + copy: + dest: /var/lib/postgresql/create_tables.sql + src: "/home/{{ user }}/csle/metastore/create_tables.sql" + remote_src: yes + owner: postgres + group: postgres + mode: u=rwx,g=rwx,o=rwx,a=rwx + + - name: Copy create_cluster.sql script to postgres home + become: true + copy: + dest: /var/lib/postgresql/create_cluster.sql + src: "/home/{{ user }}/csle/metastore/create_cluster.sql" + remote_src: yes + owner: postgres + group: postgres + mode: u=rwx,g=rwx,o=rwx,a=rwx + + - name: Modify create_tables.sql file + become: true + lineinfile: + path: /var/lib/postgresql/create_tables.sql + regexp: '^\\connect' + line: '' + + - name: Modify create_cluster.sql file + become: true + lineinfile: + path: /var/lib/postgresql/create_cluster.sql + regexp: '^\\connect' + line: '' + + - name: Create PostgreSQL tables, if you see error here just ignore it! + become: yes + become_method: sudo + become_user: postgres + community.postgresql.postgresql_script: + login_user: postgres + login_password: "{{ postgres_password }}" + db: csle + path: /var/lib/postgresql/create_tables.sql + ignore_errors: true + + - name: Create PostgreSQL CITUS cluster + become: yes + become_method: sudo + become_user: postgres + community.postgresql.postgresql_script: + login_user: postgres + login_password: "{{ postgres_password }}" + db: csle + path: /var/lib/postgresql/create_cluster.sql \ No newline at end of file diff --git a/ansible/install_setup.yml b/ansible/install_setup.yml index a92b0d1e6..a5c7baedc 100644 --- a/ansible/install_setup.yml +++ b/ansible/install_setup.yml @@ -4,133 +4,133 @@ tasks: - - name: Installation of build-essential - become: true - apt: - name: build-essential - - - name: Installation of make - become: true - apt: - name: make - - - name: Installation of git - become: true - apt: - name: git - - - name: Installation of bzip2 - become: true - apt: - name: bzip2 - - - name: Installation of nginx - become: true - apt: - name: nginx - - - name: Check if Anaconda is installed; if you see error, ignore it! - shell: "/home/{{ user }}/anaconda3/bin/conda --version" - register: anaconda_installed - ignore_errors: true - - - name: Download Anaconda - ansible.builtin.get_url: - url: "{{ anaconda_url }}" - dest: "/home/{{ user }}" - mode: '0770' - when: anaconda_installed.rc != 0 - - - name: Install Anaconda - shell: "/home/{{ user }}/{{ anaconda_install_script }} -b -u -p /home/{{ user }}/anaconda3" - when: anaconda_installed.rc != 0 - - - name: Add Anaconda bin to path - become: true - shell: "echo export PATH=/home/{{ user }}/anaconda3/bin:$PATH >> /etc/profile" - when: anaconda_installed.rc != 0 - - - name: Initialize anaconda - shell: "/home/{{ user }}/anaconda3/bin/conda init" - when: anaconda_installed.rc != 0 - - - name: Set read permission for all on the Anaconda folder - file: - path: "/home/{{ user }}/anaconda3" - mode: +r - recurse: yes - when: anaconda_installed.rc != 0 - - - name: Conda - execution permission for all - file: - path: "/home/{{ user }}/anaconda3/bin" - mode: +x - recurse: yes - when: anaconda_installed.rc != 0 - - - name: Check if the folder is cloned - stat: - path: "{{ csle_git_repo_url }}" - register: git_folder_stat - - - name: Clone CSLE - ansible.builtin.git: - repo: "{{ csle_git_repo_url }}" - dest: "/home/{{ user }}/csle" - single_branch: yes - version: master - when: not git_folder_stat.stat.exists - - - name: Update configuration file - copy: - dest: "/home/{{ user }}/csle/config.json" - content: "{{ csle_config | to_json(indent=4, sort_keys=True) }}" - - - name: Check if csle home environment variable already exists in .bashrc; if you see error, ignore it! - shell: grep -qxF 'export CSLE_HOME=/home/{{ user }}/csle' "/home/{{ user }}/.bashrc" - register: variable_exists - ignore_errors: true - - - name: Add environment variable to .bashrc if not already present - lineinfile: - path: "/home/{{ user }}/.bashrc" - line: "export CSLE_HOME=/home/{{ user }}/csle" - when: variable_exists.rc != 0 - - - name: Check if CSLE log directory exists - become: true - stat: - path: /var/log/csle - register: log_directory_exists - - - name: Create the CSLE log directory - become: true - ansible.builtin.file: - path: /var/log/csle - state: directory - mode: "0774" - owner: "{{ user }}" - when: not log_directory_exists.stat.exists - - - name: Check if CSLE tmp directory exists - become: true - stat: - path: /tmp/csle - register: tmp_directory_exists - - - name: Create the CSLE tmp directory - become: true - ansible.builtin.file: - path: /tmp/csle - state: directory - mode: "0774" - owner: "{{ user }}" - when: not tmp_directory_exists.stat.exists - - - name: Add or modify the sudoers configuration - become: true - lineinfile: - path: /etc/sudoers - line: "{{ user }} ALL= NOPASSWD: /usr/sbin/service docker stop, /usr/sbin/service docker start, /usr/sbin/service docker restart, /usr/sbin/service nginx stop, /usr/sbin/service nginx start, /usr/sbin/service nginx restart, /usr/sbin/service postgresql start, /usr/sbin/service postgresql stop, /usr/sbin/service postgresql restart, /bin/kill, /usr/bin/journalctl -u docker.service -n 100 --no-pager -e" - state: present - validate: 'visudo -cf %s' # Validate the sudoers file syntax + - name: Installation of build-essential + become: true + apt: + name: build-essential + + - name: Installation of make + become: true + apt: + name: make + + - name: Installation of git + become: true + apt: + name: git + + - name: Installation of bzip2 + become: true + apt: + name: bzip2 + + - name: Installation of nginx + become: true + apt: + name: nginx + + - name: Check if Anaconda is installed; if you see error, ignore it! + shell: "/home/{{ user }}/anaconda3/bin/conda --version" + register: anaconda_installed + ignore_errors: true + + - name: Download Anaconda + ansible.builtin.get_url: + url: "{{ anaconda_url }}" + dest: "/home/{{ user }}" + mode: '0770' + when: anaconda_installed.rc != 0 + + - name: Install Anaconda + shell: "/home/{{ user }}/{{ anaconda_install_script }} -b -u -p /home/{{ user }}/anaconda3" + when: anaconda_installed.rc != 0 + + - name: Add Anaconda bin to path + become: true + shell: "echo export PATH=/home/{{ user }}/anaconda3/bin:$PATH >> /etc/profile" + when: anaconda_installed.rc != 0 + + - name: Initialize anaconda + shell: "/home/{{ user }}/anaconda3/bin/conda init" + when: anaconda_installed.rc != 0 + + - name: Set read permission for all on the Anaconda folder + file: + path: "/home/{{ user }}/anaconda3" + mode: +r + recurse: yes + when: anaconda_installed.rc != 0 + + - name: Conda - execution permission for all + file: + path: "/home/{{ user }}/anaconda3/bin" + mode: +x + recurse: yes + when: anaconda_installed.rc != 0 + + - name: Check if the folder is cloned + stat: + path: "{{ csle_git_repo_url }}" + register: git_folder_stat + + - name: Clone CSLE + ansible.builtin.git: + repo: "{{ csle_git_repo_url }}" + dest: "/home/{{ user }}/csle" + single_branch: yes + version: master + when: not git_folder_stat.stat.exists + + - name: Update configuration file + copy: + dest: "/home/{{ user }}/csle/config.json" + content: "{{ csle_config | to_json(indent=4, sort_keys=True) }}" + + - name: Check if csle home environment variable already exists in .bashrc; if you see error, ignore it! + shell: grep -qxF 'export CSLE_HOME=/home/{{ user }}/csle' "/home/{{ user }}/.bashrc" + register: variable_exists + ignore_errors: true + + - name: Add environment variable to .bashrc if not already present + lineinfile: + path: "/home/{{ user }}/.bashrc" + line: "export CSLE_HOME=/home/{{ user }}/csle" + when: variable_exists.rc != 0 + + - name: Check if CSLE log directory exists + become: true + stat: + path: /var/log/csle + register: log_directory_exists + + - name: Create the CSLE log directory + become: true + ansible.builtin.file: + path: /var/log/csle + state: directory + mode: "0774" + owner: "{{ user }}" + when: not log_directory_exists.stat.exists + + - name: Check if CSLE tmp directory exists + become: true + stat: + path: /tmp/csle + register: tmp_directory_exists + + - name: Create the CSLE tmp directory + become: true + ansible.builtin.file: + path: /tmp/csle + state: directory + mode: "0774" + owner: "{{ user }}" + when: not tmp_directory_exists.stat.exists + + - name: Add or modify the sudoers configuration + become: true + lineinfile: + path: /etc/sudoers + line: "{{ user }} ALL= NOPASSWD: /usr/sbin/service docker stop, /usr/sbin/service docker start, /usr/sbin/service docker restart, /usr/sbin/service nginx stop, /usr/sbin/service nginx start, /usr/sbin/service nginx restart, /usr/sbin/service postgresql start, /usr/sbin/service postgresql stop, /usr/sbin/service postgresql restart, /bin/kill, /usr/bin/journalctl -u docker.service -n 100 --no-pager -e" + state: present + validate: 'visudo -cf %s' # Validate the sudoers file syntax diff --git a/ansible/install_simulation_system.yml b/ansible/install_simulation_system.yml index 0a18ddaab..36babb2d3 100644 --- a/ansible/install_simulation_system.yml +++ b/ansible/install_simulation_system.yml @@ -2,55 +2,57 @@ - hosts: all + vars: + csle_cli: "csle-cli" + tasks: - - name: List all Conda environments - shell: "/home/{{ user }}/anaconda3/bin/conda env list" - register: conda_env_list - changed_when: false - - - name: Check if the conda environment exists - set_fact: - conda_env_exists: "{{ '{{ conda_environment_name }}' in conda_env_list.stdout }}" - - - name: Create and activate the conda environment if it does not exist - shell: | - "/home/{{ user }}/anaconda3/bin/conda create -y -n {{ conda_environment_name }} python={{ python_version }}" && \ - source "/home/{{ user }}/anaconda3/bin/activate {{ conda_environment_name }}" && \ - "/home/{{ user }}/anaconda3/bin/conda" install -y pip - args: - executable: /bin/bash - when: not conda_env_exists - - - name: Add execute permissions on Python install script - file: - path: "/home/{{ user }}/csle/simulation-system/libs/local_install.sh" - mode: +rwx - recurse: yes - - - name: Add execute permissions on Python dev-install script - file: - path: "/home/{{ user }}/csle/simulation-system/libs/local_install_dev.sh" - mode: +rwx - recurse: yes - - - name: Activate the environment if it exist and install CSLE Python libraries - shell: | - source "/home/{{ user }}/anaconda3/bin/activate {{ conda_environment_name }}" && \ - cd "/home/{{ user }}/csle/simulation-system/libs" && \ - ./local_install.sh && \ - ./local_install_dev.sh - - - name: Modify constants.py file - lineinfile: - path: "/home/{{ user }}/csle/simulation-system/libs/csle-common/src/csle_common/constants/constants.py" - regexp: '^HOST =' - line: 'HOST = "{{ leader_ip }}"' - - - name: Install CSLE simulation environments on the leader node - shell: | - source "/home/{{ user }}/anaconda3/bin/activate {{ conda_environment_name }}" && \ - cd "/home/{{ user }}/csle/simulation-system/envs" && \ - make install - args: - executable: /bin/bash + - name: List all Conda environments + shell: "/home/{{ user }}/anaconda3/bin/conda env list" + register: conda_env_list + changed_when: false + + - name: Check if the conda environment exists + set_fact: + conda_env_exists: "{{ conda_environment_name in conda_env_list.stdout }}" + + - name: Create the conda environment if it does not exist + shell: "/home/{{ user }}/anaconda3/bin/conda create -y -n {{ conda_environment_name }} python={{ python_version }}" + args: + executable: /bin/bash + when: not conda_env_exists + + - name: Add execute permissions on Python install script + file: + path: "/home/{{ user }}/csle/simulation-system/libs/local_install.sh" + mode: +rwx + + - name: Add execute permissions on Python dev-install script + file: + path: "/home/{{ user }}/csle/simulation-system/libs/local_install_dev.sh" + mode: +rwx + + - name: List all python libraries environments + shell: "source /home/{{ user }}/anaconda3/bin/activate {{ conda_environment_name }}; pip list" + args: + executable: /bin/bash + register: python_packages_list + changed_when: false + + - name: Check if the python libraries are installed + set_fact: + python_libraries_installed: "{{ csle_cli in python_packages_list.stdout }}" + + - name: Install CSLE Python libraries + shell: "source /home/{{ user }}/anaconda3/bin/activate {{ conda_environment_name }}; cd /home/{{ user }}/csle/simulation-system/libs/; ./local_install.sh; local_install_dev.sh" + args: + executable: /bin/bash + ignore_errors: true + when: not python_libraries_installed + + - name: Modify constants.py file + replace: + path: "/home/{{ user }}/csle/simulation-system/libs/csle-common/src/csle_common/constants/constants.py" + regexp: '172.31.212.92' + replace: "{{ leader_ip }}" + diff --git a/ansible/install_simulation_system_leader.yml b/ansible/install_simulation_system_leader.yml new file mode 100644 index 000000000..0451a1026 --- /dev/null +++ b/ansible/install_simulation_system_leader.yml @@ -0,0 +1,26 @@ +--- + +- hosts: leader + + tasks: + + - name: List installed simulation environments + become: yes + become_method: sudo + become_user: postgres + community.postgresql.postgresql_query: + db: csle + login_user: postgres + login_password: "{{ postgres_password }}" + query: "SELECT id FROM simulations;" + register: simulations + + - name: Check if the simulation environments are installed + set_fact: + simulation_environments_installed: "{{ simulations.rowcount > 0 }}" + + - name: Install CSLE simulation environments on the leader node + shell: "source /home/{{ user }}/anaconda3/bin/activate {{ conda_environment_name }}; cd /home/{{ user }}/csle/simulation-system/envs; make install" + args: + executable: /bin/bash + when: not simulation_environments_installed \ No newline at end of file diff --git a/ansible/start.yml b/ansible/start.yml new file mode 100644 index 000000000..10ad54794 --- /dev/null +++ b/ansible/start.yml @@ -0,0 +1,46 @@ +--- + +- hosts: all + + vars: + cadvisor: "cadvisor" + grafana: "grafana" + + tasks: + + - name: Restart clustermanager + shell: "source /home/{{ user }}/.bashrc; source /home/{{ user }}/anaconda3/bin/activate {{ conda_environment_name }} && csle stop clustermanager && sleep 5; csle start clustermanager && sleep 10" + args: + executable: /bin/bash + environment: + CSLE_HOME: "/home/{{ user }}/csle" + register: CSLE_init_output + + - name: Check if cadvisor is running + set_fact: + cadvisor_running: "{{ cadvisor in docker_containers_list.stdout }}" + + - name: Start cadvisor + become: true + shell: "docker run -dt --volume=/:/rootfs:ro --volume=/var/run:/var/run:ro --volume=/sys:/sys:ro --volume=/var/lib/docker/:/var/lib/docker:ro --volume=/dev/disk/:/dev/disk:ro --publish=8080:8080 --name=cadvisor gcr.io/cadvisor/cadvisor" + args: + executable: /bin/bash + when: not cadvisor_running + + - name: Check if grafana is running + set_fact: + grafana_running: "{{ grafana in docker_containers_list.stdout }}" + + - name: Start grafana + become: true + shell: "docker run -d -p 3000:3000 --name grafana grafana/grafana" + args: + executable: /bin/bash + when: not grafana_running + + - name: CSLE start + shell: "source /home/{{ user }}/anaconda3/bin/activate {{ conda_environment_name }}; csle start nodeexporter; csle start prometheus; csle start flask; csle start nginx" + args: + executable: /bin/bash + environment: + CSLE_HOME: "/home/{{ user }}/csle" \ No newline at end of file