├── hosts
├── playbooks
    ├── templates
    │   ├── persistence.conf
    │   ├── boot
    │   │   └── grub
    │   │   │   ├── device.map.j2
    │   │   │   └── grub.cfg.j2
    │   └── config.boot.default.ec2
    ├── roles
    │   ├── build-disk
    │   │   ├── tests
    │   │   │   ├── inventory
    │   │   │   └── test.yml
    │   │   ├── templates
    │   │   │   ├── persistence.conf
    │   │   │   ├── boot
    │   │   │   │   └── grub
    │   │   │   │   │   ├── device.map.j2
    │   │   │   │   │   └── grub.cfg.j2
    │   │   │   └── config.boot.default.ec2
    │   │   ├── handlers
    │   │   │   └── main.yml
    │   │   ├── vars
    │   │   │   └── main.yml
    │   │   ├── files
    │   │   │   └── sources.list
    │   │   ├── molecule
    │   │   │   └── default
    │   │   │   │   ├── converge.yml
    │   │   │   │   ├── verify.yml
    │   │   │   │   ├── molecule.yml
    │   │   │   │   └── INSTALL.rst
    │   │   ├── defaults
    │   │   │   └── main.yml
    │   │   ├── .travis.yml
    │   │   ├── .yamllint
    │   │   ├── README.md
    │   │   ├── meta
    │   │   │   └── main.yml
    │   │   └── tasks
    │   │   │   └── main.yml
    │   ├── ec2-cleanup
    │   │   ├── tests
    │   │   │   ├── inventory
    │   │   │   └── test.yml
    │   │   ├── vars
    │   │   │   └── main.yml
    │   │   ├── handlers
    │   │   │   └── main.yml
    │   │   ├── molecule
    │   │   │   └── default
    │   │   │   │   ├── converge.yml
    │   │   │   │   ├── verify.yml
    │   │   │   │   ├── molecule.yml
    │   │   │   │   └── INSTALL.rst
    │   │   ├── defaults
    │   │   │   └── main.yml
    │   │   ├── .travis.yml
    │   │   ├── .yamllint
    │   │   ├── tasks
    │   │   │   └── main.yml
    │   │   ├── README.md
    │   │   └── meta
    │   │   │   └── main.yml
    │   ├── build-vyos-ami
    │   │   ├── tests
    │   │   │   ├── inventory
    │   │   │   └── test.yml
    │   │   ├── handlers
    │   │   │   └── main.yml
    │   │   ├── defaults
    │   │   │   └── main.yml
    │   │   ├── molecule
    │   │   │   └── default
    │   │   │   │   ├── converge.yml
    │   │   │   │   ├── verify.yml
    │   │   │   │   ├── molecule.yml
    │   │   │   │   └── INSTALL.rst
    │   │   ├── vars
    │   │   │   └── main.yml
    │   │   ├── .travis.yml
    │   │   ├── .yamllint
    │   │   ├── README.md
    │   │   ├── meta
    │   │   │   └── main.yml
    │   │   └── tasks
    │   │   │   └── main.yml
    │   ├── provision-ec2-instance
    │   │   ├── tests
    │   │   │   ├── inventory
    │   │   │   └── test.yml
    │   │   ├── vars
    │   │   │   └── main.yml
    │   │   ├── handlers
    │   │   │   └── main.yml
    │   │   ├── molecule
    │   │   │   └── default
    │   │   │   │   ├── converge.yml
    │   │   │   │   ├── verify.yml
    │   │   │   │   ├── molecule.yml
    │   │   │   │   └── INSTALL.rst
    │   │   ├── defaults
    │   │   │   └── main.yml
    │   │   ├── .travis.yml
    │   │   ├── .yamllint
    │   │   ├── README.md
    │   │   ├── meta
    │   │   │   └── main.yml
    │   │   └── tasks
    │   │   │   └── main.yml
    │   └── meta
    │   │   └── main.yml
    ├── cleanup.yml
    ├── build-disk.yml
    ├── build-ami.yml
    ├── provision-instance.yml
    ├── init.yml
    ├── vyos-build-ami.yml
    └── group_vars
    │   └── all
├── .gitignore
├── bootstrap-virtualenv
├── Pipfile
├── Vagrantfile
├── LICENSE
├── vyos-build-ami
└── README.md


/hosts:
--------------------------------------------------------------------------------
1 | [local]
2 | localhost
3 | 


--------------------------------------------------------------------------------
/playbooks/templates/persistence.conf:
--------------------------------------------------------------------------------
1 | / union
2 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/tests/inventory:
--------------------------------------------------------------------------------
1 | localhost
2 | 
3 | 


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/tests/inventory:
--------------------------------------------------------------------------------
1 | localhost
2 | 
3 | 


--------------------------------------------------------------------------------
/playbooks/templates/boot/grub/device.map.j2:
--------------------------------------------------------------------------------
1 | (hd0)  /dev/sda
2 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/templates/persistence.conf:
--------------------------------------------------------------------------------
1 | / union
2 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/tests/inventory:
--------------------------------------------------------------------------------
1 | localhost
2 | 
3 | 


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/tests/inventory:
--------------------------------------------------------------------------------
1 | localhost
2 | 
3 | 


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # vars file for ec2-cleanup


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # handlers file for build-disk


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/templates/boot/grub/device.map.j2:
--------------------------------------------------------------------------------
1 | (hd0)  /dev/sda
2 | 


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # handlers file for ec2-cleanup


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | doc/
2 | playbooks/files/ssh-keys/
3 | .vagrant
4 | *.retry
5 | env
6 | .tmp/
7 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # handlers file for build-vyos-ami


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # vars file for provision-ec2-instance


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # vars file for build-disk
3 | vyos_iso_url: "{{ iso }}"


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # handlers file for provision-ec2-instance


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 |   remote_user: root
4 |   roles:
5 |     - build-disk


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 |   remote_user: root
4 |   roles:
5 |     - ec2-cleanup


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 |   remote_user: root
4 |   roles:
5 |     - build-vyos-ami


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # defaults file for build-vyos-ami
3 | ec2_region: us-east-1
4 | ebs_drive: /dev/sdf


--------------------------------------------------------------------------------
/playbooks/cleanup.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | - name: Cleanup
4 |   hosts: local
5 |   connection: local
6 |   gather_facts: False
7 |   roles:
8 |     - ec2-cleanup


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 |   remote_user: root
4 |   roles:
5 |     - provision-ec2-instance


--------------------------------------------------------------------------------
/bootstrap-virtualenv:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | 
3 | rm -rf env
4 | virtualenv env
5 | source env/bin/activate
6 | pip install ansible
7 | pip install awscli
8 | 


--------------------------------------------------------------------------------
/playbooks/build-disk.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Build disk
3 |   hosts: ec2
4 |   user: admin
5 |   become: True
6 |   gather_facts: True
7 |   roles:
8 |     - build-disk


--------------------------------------------------------------------------------
/playbooks/build-ami.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | - name: Build AMI
4 |   hosts: local
5 |   connection: local
6 |   gather_facts: False
7 | 
8 |   roles:
9 |     - build-vyos-ami


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/files/sources.list:
--------------------------------------------------------------------------------
1 | deb http://deb.debian.org/debian/ jessie main non-free contrib
2 | deb-src http://deb.debian.org/debian/ jessie main non-free contrib


--------------------------------------------------------------------------------
/playbooks/provision-instance.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Provision instance
3 |   hosts: local
4 |   connection: local
5 |   gather_facts: True
6 | 
7 |   roles:
8 |     - provision-ec2-instance
9 | 


--------------------------------------------------------------------------------
/playbooks/init.yml:
--------------------------------------------------------------------------------
1 | - name: Setup
2 |   hosts: local
3 |   connection: local
4 |   gather_facts: False
5 | 
6 |   tasks:
7 |     - fail: msg="Assert that an ISO is specified"
8 |       when: iso == ""
9 | 


--------------------------------------------------------------------------------
/Pipfile:
--------------------------------------------------------------------------------
 1 | [[source]]
 2 | name = "pypi"
 3 | url = "https://pypi.org/simple"
 4 | verify_ssl = true
 5 | 
 6 | [dev-packages]
 7 | 
 8 | [packages]
 9 | botocore = "*"
10 | boto3 = "*"
11 | boto = "*"
12 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/molecule/default/converge.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Converge
3 |   hosts: all
4 |   tasks:
5 |     - name: "Include build-disk"
6 |       include_role:
7 |         name: "build-disk"
8 | 


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/molecule/default/converge.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Converge
3 |   hosts: all
4 |   tasks:
5 |     - name: "Include ec2-cleanup"
6 |       include_role:
7 |         name: "ec2-cleanup"
8 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/molecule/default/converge.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Converge
3 |   hosts: all
4 |   tasks:
5 |     - name: "Include build-vyos-ami"
6 |       include_role:
7 |         name: "build-vyos-ami"
8 | 


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # defaults file for ec2-cleanup
3 | placeholder: vyos-build-ami
4 | ec2_region: us-east-1
5 | key_pair_name: vyos-build-ami
6 | temp_folder: "{{ playbook_dir }}/files/ssh-keys"


--------------------------------------------------------------------------------
/playbooks/roles/meta/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | galaxy_info:
 3 |   author: 
 4 |   description: vyos community
 5 |   company: vyos,sentium
 6 |   license: GPLv2 
 7 |   min_ansible_version: 2.8
 8 |   galaxy_tags: []
 9 | dependencies: []
10 | 


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/molecule/default/converge.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Converge
3 |   hosts: all
4 |   tasks:
5 |     - name: "Include provision-ec2-instance"
6 |       include_role:
7 |         name: "provision-ec2-instance"
8 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/molecule/default/verify.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # This is an example playbook to execute Ansible tests.
 3 | 
 4 | - name: Verify
 5 |   hosts: all
 6 |   tasks:
 7 |   - name: Example assertion
 8 |     assert:
 9 |       that: true
10 | 


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/molecule/default/verify.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # This is an example playbook to execute Ansible tests.
 3 | 
 4 | - name: Verify
 5 |   hosts: all
 6 |   tasks:
 7 |   - name: Example assertion
 8 |     assert:
 9 |       that: true
10 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/molecule/default/verify.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # This is an example playbook to execute Ansible tests.
 3 | 
 4 | - name: Verify
 5 |   hosts: all
 6 |   tasks:
 7 |   - name: Example assertion
 8 |     assert:
 9 |       that: true
10 | 


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/molecule/default/verify.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # This is an example playbook to execute Ansible tests.
 3 | 
 4 | - name: Verify
 5 |   hosts: all
 6 |   tasks:
 7 |   - name: Example assertion
 8 |     assert:
 9 |       that: true
10 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/molecule/default/molecule.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | dependency:
 3 |   name: galaxy
 4 | driver:
 5 |   name: docker
 6 | platforms:
 7 |   - name: instance
 8 |     image: docker.io/pycontribs/centos:7
 9 |     pre_build_image: true
10 | provisioner:
11 |   name: ansible
12 | verifier:
13 |   name: ansible
14 | 


--------------------------------------------------------------------------------
/playbooks/vyos-build-ami.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # playbook: vyos-build-ami.yml
 3 | # Main entry point in vyos-build-ami playbook
 4 | 
 5 | - import_playbook: init.yml
 6 | - import_playbook: provision-instance.yml
 7 | - import_playbook: build-disk.yml
 8 | - import_playbook: build-ami.yml
 9 | - import_playbook: cleanup.yml
10 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/molecule/default/molecule.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | dependency:
 3 |   name: galaxy
 4 | driver:
 5 |   name: docker
 6 | platforms:
 7 |   - name: instance
 8 |     image: docker.io/pycontribs/centos:7
 9 |     pre_build_image: true
10 | provisioner:
11 |   name: ansible
12 | verifier:
13 |   name: ansible
14 | 


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/molecule/default/molecule.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | dependency:
 3 |   name: galaxy
 4 | driver:
 5 |   name: docker
 6 | platforms:
 7 |   - name: instance
 8 |     image: docker.io/pycontribs/centos:7
 9 |     pre_build_image: true
10 | provisioner:
11 |   name: ansible
12 | verifier:
13 |   name: ansible
14 | 


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/molecule/default/molecule.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | dependency:
 3 |   name: galaxy
 4 | driver:
 5 |   name: docker
 6 | platforms:
 7 |   - name: instance
 8 |     image: docker.io/pycontribs/centos:7
 9 |     pre_build_image: true
10 | provisioner:
11 |   name: ansible
12 | verifier:
13 |   name: ansible
14 | 


--------------------------------------------------------------------------------
/playbooks/templates/boot/grub/grub.cfg.j2:
--------------------------------------------------------------------------------
1 | set default=0
2 | set timeout=0
3 | 
4 | menuentry "VyOS AMI (HVM) {{ version_string.stdout }}" {
5 |   linux /boot/{{ version_string.stdout }}/vmlinuz boot=live selinux=0 vyos-union=/boot/{{ version_string.stdout }} console=tty1
6 |   initrd /boot/{{ version_string.stdout }}/initrd.img
7 | }
8 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/templates/boot/grub/grub.cfg.j2:
--------------------------------------------------------------------------------
1 | set default=0
2 | set timeout=0
3 | 
4 | menuentry "VyOS AMI (HVM) {{ version_string.stdout }}" {
5 |   linux /boot/{{ version_string.stdout }}/vmlinuz boot=live selinux=0 vyos-union=/boot/{{ version_string.stdout }} console=tty1
6 |   initrd /boot/{{ version_string.stdout }}/initrd.img
7 | }
8 | 


--------------------------------------------------------------------------------
/playbooks/group_vars/all:
--------------------------------------------------------------------------------
 1 | key_pair_name: vyos-build-ami
 2 | ec2_region: us-east-1
 3 | temp_folder: "{{ playbook_dir }}/files/ssh-keys"
 4 | key_pair_file: "{{ temp_folder }}/{{ key_pair_name }}.pem"
 5 | instance_type: t2.micro
 6 | placeholder: vyos-build-ami
 7 | volume_size: 4
 8 | volume_drive: /dev/xvdf
 9 | ansible_ssh_private_key_file: "{{ key_pair_file }}"
10 | ansible_host_key_checking: False
11 | ansible_python_interpreter: python
12 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # vars file for build-vyos-ami
3 | version_string: "{{ hostvars[groups['ec2'][0]]['version_string']['stdout'] }}"
4 | snapshot_description: VyOS AMI (HVM) {{ version_string }}
5 | ami_name: VyOS (HVM) {{ version_string }}
6 | ami_description: The VyOS AMI is an EBS-backed, HVM image. It is an open-source Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality.
7 | ami_architecture: x86_64
8 | ami_virtualization_type: hvm
9 | ami_root_device_name: /dev/xvda


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/defaults/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # defaults file for build-disk
 3 | vyos_iso_url: "{{ iso }}"
 4 | vyos_iso_local: /tmp/vyos.iso
 5 | vyos_key_url: http://packages.vyos.net/vyos-release.gpg
 6 | vyos_key_local: /tmp/vyos-release.gpg
 7 | CD_ROOT: /mnt/cdrom
 8 | CD_SQUASH_ROOT: /mnt/cdsquash
 9 | SQUASHFS_IMAGE: "{{ CD_ROOT }}/live/filesystem.squashfs"
10 | 
11 | ROOT_FSTYPE: ext4
12 | ROOT_PARTITION: "{{ volume_drive }}1" # The install partition
13 | volume_size: 4
14 | volume_drive: /dev/xvdf
15 | WRITE_ROOT: /mnt/wroot
16 | READ_ROOT: /mnt/squashfs
17 | INSTALL_ROOT: /mnt/inst_root


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/defaults/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # defaults file for provision-ec2-instance
 3 | key_pair_name: vyos-build-ami
 4 | ec2_region: us-east-1
 5 | temp_folder: "{{ playbook_dir }}/files/ssh-keys"
 6 | key_pair_file: "{{ temp_folder }}/{{ key_pair_name }}.pem"
 7 | instance_type: t2.micro
 8 | 
 9 | base_image:
10 |   debian_aws_account_id: "379101102735"
11 |   name: "debian-jessie-amd64-hvm-*"
12 |   architecture: "x86_64"
13 |   hypervisor: "xen"
14 |   root_device_type: "ebs"
15 | 
16 | placeholder: vyos-build-ami
17 | volume_size: 4
18 | volume_drive: /dev/xvdf
19 | ansible_ssh_private_key_file: "{{ key_pair_file }}"
20 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/.travis.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | language: python
 3 | python: "2.7"
 4 | 
 5 | # Use the new container infrastructure
 6 | sudo: false
 7 | 
 8 | # Install ansible
 9 | addons:
10 |   apt:
11 |     packages:
12 |     - python-pip
13 | 
14 | install:
15 |   # Install ansible
16 |   - pip install ansible
17 | 
18 |   # Check ansible version
19 |   - ansible --version
20 | 
21 |   # Create ansible.cfg with correct roles_path
22 |   - printf '[defaults]\nroles_path=../' >ansible.cfg
23 | 
24 | script:
25 |   # Basic role syntax check
26 |   - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
27 | 
28 | notifications:
29 |   webhooks: https://galaxy.ansible.com/api/v1/notifications/


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/molecule/default/INSTALL.rst:
--------------------------------------------------------------------------------
 1 | *******
 2 | Docker driver installation guide
 3 | *******
 4 | 
 5 | Requirements
 6 | ============
 7 | 
 8 | * Docker Engine
 9 | 
10 | Install
11 | =======
12 | 
13 | Please refer to the `Virtual environment`_ documentation for installation best
14 | practices. If not using a virtual environment, please consider passing the
15 | widely recommended `'--user' flag`_ when invoking ``pip``.
16 | 
17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/
18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
19 | 
20 | .. code-block:: bash
21 | 
22 |     $ pip install 'molecule[docker]'
23 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/.travis.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | language: python
 3 | python: "2.7"
 4 | 
 5 | # Use the new container infrastructure
 6 | sudo: false
 7 | 
 8 | # Install ansible
 9 | addons:
10 |   apt:
11 |     packages:
12 |     - python-pip
13 | 
14 | install:
15 |   # Install ansible
16 |   - pip install ansible
17 | 
18 |   # Check ansible version
19 |   - ansible --version
20 | 
21 |   # Create ansible.cfg with correct roles_path
22 |   - printf '[defaults]\nroles_path=../' >ansible.cfg
23 | 
24 | script:
25 |   # Basic role syntax check
26 |   - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
27 | 
28 | notifications:
29 |   webhooks: https://galaxy.ansible.com/api/v1/notifications/


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/.travis.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | language: python
 3 | python: "2.7"
 4 | 
 5 | # Use the new container infrastructure
 6 | sudo: false
 7 | 
 8 | # Install ansible
 9 | addons:
10 |   apt:
11 |     packages:
12 |     - python-pip
13 | 
14 | install:
15 |   # Install ansible
16 |   - pip install ansible
17 | 
18 |   # Check ansible version
19 |   - ansible --version
20 | 
21 |   # Create ansible.cfg with correct roles_path
22 |   - printf '[defaults]\nroles_path=../' >ansible.cfg
23 | 
24 | script:
25 |   # Basic role syntax check
26 |   - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
27 | 
28 | notifications:
29 |   webhooks: https://galaxy.ansible.com/api/v1/notifications/


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/molecule/default/INSTALL.rst:
--------------------------------------------------------------------------------
 1 | *******
 2 | Docker driver installation guide
 3 | *******
 4 | 
 5 | Requirements
 6 | ============
 7 | 
 8 | * Docker Engine
 9 | 
10 | Install
11 | =======
12 | 
13 | Please refer to the `Virtual environment`_ documentation for installation best
14 | practices. If not using a virtual environment, please consider passing the
15 | widely recommended `'--user' flag`_ when invoking ``pip``.
16 | 
17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/
18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
19 | 
20 | .. code-block:: bash
21 | 
22 |     $ pip install 'molecule[docker]'
23 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/molecule/default/INSTALL.rst:
--------------------------------------------------------------------------------
 1 | *******
 2 | Docker driver installation guide
 3 | *******
 4 | 
 5 | Requirements
 6 | ============
 7 | 
 8 | * Docker Engine
 9 | 
10 | Install
11 | =======
12 | 
13 | Please refer to the `Virtual environment`_ documentation for installation best
14 | practices. If not using a virtual environment, please consider passing the
15 | widely recommended `'--user' flag`_ when invoking ``pip``.
16 | 
17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/
18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
19 | 
20 | .. code-block:: bash
21 | 
22 |     $ pip install 'molecule[docker]'
23 | 


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/.travis.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | language: python
 3 | python: "2.7"
 4 | 
 5 | # Use the new container infrastructure
 6 | sudo: false
 7 | 
 8 | # Install ansible
 9 | addons:
10 |   apt:
11 |     packages:
12 |     - python-pip
13 | 
14 | install:
15 |   # Install ansible
16 |   - pip install ansible
17 | 
18 |   # Check ansible version
19 |   - ansible --version
20 | 
21 |   # Create ansible.cfg with correct roles_path
22 |   - printf '[defaults]\nroles_path=../' >ansible.cfg
23 | 
24 | script:
25 |   # Basic role syntax check
26 |   - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
27 | 
28 | notifications:
29 |   webhooks: https://galaxy.ansible.com/api/v1/notifications/


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/molecule/default/INSTALL.rst:
--------------------------------------------------------------------------------
 1 | *******
 2 | Docker driver installation guide
 3 | *******
 4 | 
 5 | Requirements
 6 | ============
 7 | 
 8 | * Docker Engine
 9 | 
10 | Install
11 | =======
12 | 
13 | Please refer to the `Virtual environment`_ documentation for installation best
14 | practices. If not using a virtual environment, please consider passing the
15 | widely recommended `'--user' flag`_ when invoking ``pip``.
16 | 
17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/
18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
19 | 
20 | .. code-block:: bash
21 | 
22 |     $ pip install 'molecule[docker]'
23 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/.yamllint:
--------------------------------------------------------------------------------
 1 | ---
 2 | # Based on ansible-lint config
 3 | extends: default
 4 | 
 5 | rules:
 6 |   braces:
 7 |     max-spaces-inside: 1
 8 |     level: error
 9 |   brackets:
10 |     max-spaces-inside: 1
11 |     level: error
12 |   colons:
13 |     max-spaces-after: -1
14 |     level: error
15 |   commas:
16 |     max-spaces-after: -1
17 |     level: error
18 |   comments: disable
19 |   comments-indentation: disable
20 |   document-start: disable
21 |   empty-lines:
22 |     max: 3
23 |     level: error
24 |   hyphens:
25 |     level: error
26 |   indentation: disable
27 |   key-duplicates: enable
28 |   line-length: disable
29 |   new-line-at-end-of-file: disable
30 |   new-lines:
31 |     type: unix
32 |   trailing-spaces: disable
33 |   truthy: disable
34 | 


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/.yamllint:
--------------------------------------------------------------------------------
 1 | ---
 2 | # Based on ansible-lint config
 3 | extends: default
 4 | 
 5 | rules:
 6 |   braces:
 7 |     max-spaces-inside: 1
 8 |     level: error
 9 |   brackets:
10 |     max-spaces-inside: 1
11 |     level: error
12 |   colons:
13 |     max-spaces-after: -1
14 |     level: error
15 |   commas:
16 |     max-spaces-after: -1
17 |     level: error
18 |   comments: disable
19 |   comments-indentation: disable
20 |   document-start: disable
21 |   empty-lines:
22 |     max: 3
23 |     level: error
24 |   hyphens:
25 |     level: error
26 |   indentation: disable
27 |   key-duplicates: enable
28 |   line-length: disable
29 |   new-line-at-end-of-file: disable
30 |   new-lines:
31 |     type: unix
32 |   trailing-spaces: disable
33 |   truthy: disable
34 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/.yamllint:
--------------------------------------------------------------------------------
 1 | ---
 2 | # Based on ansible-lint config
 3 | extends: default
 4 | 
 5 | rules:
 6 |   braces:
 7 |     max-spaces-inside: 1
 8 |     level: error
 9 |   brackets:
10 |     max-spaces-inside: 1
11 |     level: error
12 |   colons:
13 |     max-spaces-after: -1
14 |     level: error
15 |   commas:
16 |     max-spaces-after: -1
17 |     level: error
18 |   comments: disable
19 |   comments-indentation: disable
20 |   document-start: disable
21 |   empty-lines:
22 |     max: 3
23 |     level: error
24 |   hyphens:
25 |     level: error
26 |   indentation: disable
27 |   key-duplicates: enable
28 |   line-length: disable
29 |   new-line-at-end-of-file: disable
30 |   new-lines:
31 |     type: unix
32 |   trailing-spaces: disable
33 |   truthy: disable
34 | 


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/.yamllint:
--------------------------------------------------------------------------------
 1 | ---
 2 | # Based on ansible-lint config
 3 | extends: default
 4 | 
 5 | rules:
 6 |   braces:
 7 |     max-spaces-inside: 1
 8 |     level: error
 9 |   brackets:
10 |     max-spaces-inside: 1
11 |     level: error
12 |   colons:
13 |     max-spaces-after: -1
14 |     level: error
15 |   commas:
16 |     max-spaces-after: -1
17 |     level: error
18 |   comments: disable
19 |   comments-indentation: disable
20 |   document-start: disable
21 |   empty-lines:
22 |     max: 3
23 |     level: error
24 |   hyphens:
25 |     level: error
26 |   indentation: disable
27 |   key-duplicates: enable
28 |   line-length: disable
29 |   new-line-at-end-of-file: disable
30 |   new-lines:
31 |     type: unix
32 |   trailing-spaces: disable
33 |   truthy: disable
34 | 


--------------------------------------------------------------------------------
/playbooks/templates/config.boot.default.ec2:
--------------------------------------------------------------------------------
 1 | service {
 2 |     ssh {
 3 |         disable-password-authentication {
 4 |         }
 5 |         port 22
 6 |     }
 7 | }
 8 | system {
 9 |     host-name VyOS-AMI
10 |     login {
11 |         user vyos {
12 |             authentication {
13 |                 encrypted-password "*"
14 |                 plaintext-password ""
15 |             }
16 |             level admin
17 |         }
18 |     }
19 |     syslog {
20 |         global {
21 |             facility all {
22 |                 level notice
23 |             }
24 |             facility protocols {
25 |                 level debug
26 |             }
27 |         }
28 |     }
29 |     ntp {
30 |         server "0.pool.ntp.org"
31 |         server "1.pool.ntp.org"
32 |         server "2.pool.ntp.org"
33 |     }
34 |     config-management {
35 |         commit-revisions 100
36 |     }
37 | }
38 | interfaces {
39 |     ethernet eth0 {
40 |         address dhcp
41 |     }
42 |     loopback lo
43 | }
44 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/templates/config.boot.default.ec2:
--------------------------------------------------------------------------------
 1 | service {
 2 |     ssh {
 3 |         disable-password-authentication {
 4 |         }
 5 |         port 22
 6 |     }
 7 | }
 8 | system {
 9 |     host-name VyOS-AMI
10 |     login {
11 |         user vyos {
12 |             authentication {
13 |                 encrypted-password "*"
14 |                 plaintext-password ""
15 |             }
16 |             level admin
17 |         }
18 |     }
19 |     syslog {
20 |         global {
21 |             facility all {
22 |                 level notice
23 |             }
24 |             facility protocols {
25 |                 level debug
26 |             }
27 |         }
28 |     }
29 |     ntp {
30 |         server "0.pool.ntp.org"
31 |         server "1.pool.ntp.org"
32 |         server "2.pool.ntp.org"
33 |     }
34 |     config-management {
35 |         commit-revisions 100
36 |     }
37 | }
38 | interfaces {
39 |     ethernet eth0 {
40 |         address dhcp
41 |     }
42 |     loopback lo
43 | }
44 | 


--------------------------------------------------------------------------------
/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # vi: set ft=ruby
 2 | 
 3 | $script = <<SCRIPT
 4 | #!/usr/bin/env bash
 5 | 
 6 | 
 7 | apt-get update
 8 | apt-get install -y python-dev gcc python-pip
 9 | apt-get install -y vim git ack-grep
10 | 
11 | pip install virtualenv
12 | 
13 | ./bootstrap-virtualenv
14 | 
15 | echo "source env/bin/activate" > ~vagrant/.bash_profile
16 | echo "cd /vagrant" >> ~vagrant/.bash_profile
17 | 
18 | 
19 | SCRIPT
20 | 
21 | Vagrant.configure("2") do |config|
22 |   config.vm.box = "puppetlabs-debian-607-x64-vbox4210-nocm"
23 |   config.vm.box_url = "http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210-nocm.box"
24 | 
25 |   config.vm.provision :file, source: '~/.gitconfig', destination: '/home/vagrant/.gitconfig' if File.exist?(ENV['HOME'] + '/.gitconfig')
26 |   config.vm.provision :file, source: '~/.vimrc', destination: '/home/vagrant/.vimrc' if File.exist?(ENV['HOME'] + '/.vimrc')
27 |   config.vm.provision :file, source: '~/.vim', destination: '/home/vagrant/.vim' if File.exist?(ENV['HOME'] + '/.vim')
28 |   config.vm.provision "shell", inline: $script
29 | end
30 | 
31 | 


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # tasks file for ec2-cleanup
 3 | - name: Grab instance IDs
 4 |   ec2_instance_facts:
 5 |     filters:
 6 |       instance-state-name:  [ "shutting-down", "stopping", "stopped","running" ] 
 7 |       "tag:Name": "vyos-build-ami"
 8 |       "tag:Type": "VyOS"
 9 |     region: "{{ ec2_region }}"
10 |   register: ec2_instances
11 | 
12 | - name: Delete the EC2 Instance
13 |   ec2:
14 |     state: absent
15 |     region: "{{ ec2_region }}"
16 |     instance_ids: "{{ item.instance_id }}"
17 |     wait: True
18 |   ignore_errors: True
19 |   with_items: "{{ ec2_instances.instances }}"
20 | 
21 | - name: Delete key pair
22 |   ec2_key:
23 |     name: "{{ key_pair_name }}"
24 |     state: absent
25 |     region: "{{ ec2_region }}"
26 |   ignore_errors: True
27 | 
28 | - name: Delete security group
29 |   ec2_group:
30 |     state: absent
31 |     group_id: "{{ security_group.group_id }}"
32 |     region: "{{ ec2_region }}"
33 | 
34 | - name: Remove key file from {{ temp_folder }}
35 |   file:
36 |     path: "{{ temp_folder }}"
37 |     state: absent
38 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2018 VyOS maintainers and contributors <maintainers@vyos.net>
 4 | Portions copyright (c) 2014 hydrajump <wave@hydrajump.com>
 5 | 
 6 | Permission is hereby granted, free of charge, to any person obtaining a copy
 7 | of this software and associated documentation files (the "Software"), to deal
 8 | in the Software without restriction, including without limitation the rights
 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 | copies of the Software, and to permit persons to whom the Software is
11 | furnished to do so, subject to the following conditions:
12 | 
13 | The above copyright notice and this permission notice shall be included in all
14 | copies or substantial portions of the Software.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 | SOFTWARE.
23 | 


--------------------------------------------------------------------------------
/vyos-build-ami:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | # vyos-build-ami.sh: ansible-playbook wrapper for vyos-build-ami project
 4 | # Copyright 2018 VyOS maintainers and contributors <maintainers@vyos.net>
 5 | # Portions copyright 2014 hydrajump <wave@hydrajump.com>
 6 | # Distributed under the terms of the MIT license
 7 | 
 8 | # Playbooks are located in 'playbooks/' directory by default and have an .yml
 9 | # extension.
10 | 
11 | # Check dependencies
12 | 
13 | which aws 2>&1 >/dev/null
14 | if [ $? -ne 0 ]; then
15 |     echo "awscli is not installed or is not in your $PATH"
16 |     exit 1
17 | fi
18 | 
19 | which ansible 2>&1 >/dev/null
20 | if [ $? -ne 0 ]; then
21 |     echo "ansible is not installed or is not in your $PATH"
22 |     exit 1
23 | fi
24 | 
25 | # Get arguments
26 | 
27 | if [ $# -lt 1 ]; then
28 |     echo "Usage: $0 <ISO URL>"
29 |     exit 1
30 | fi
31 | 
32 | ISO_URL=$1
33 | 
34 | # Allow boto (2) to connect to new regions that aren't built-in
35 | # (see https://github.com/boto/boto/issues/3783#issuecomment-422990383)
36 | export BOTO_USE_ENDPOINT_HEURISTICS=True
37 | 
38 | # Do the job
39 | 
40 | cd $( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
41 | 
42 | ANSIBLE_ARGS="-e iso=$ISO_URL --skip-tags verify"
43 | 
44 | ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/vyos-build-ami.yml -vvv -i hosts --private-key=playbooks/files/ssh-keys/vyos-build-ami.pem  $ANSIBLE_ARGS $2
45 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/README.md:
--------------------------------------------------------------------------------
 1 | Role Name
 2 | =========
 3 | 
 4 | A brief description of the role goes here.
 5 | 
 6 | Requirements
 7 | ------------
 8 | 
 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
10 | 
11 | Role Variables
12 | --------------
13 | 
14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
15 | 
16 | Dependencies
17 | ------------
18 | 
19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
20 | 
21 | Example Playbook
22 | ----------------
23 | 
24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
25 | 
26 |     - hosts: servers
27 |       roles:
28 |          - { role: username.rolename, x: 42 }
29 | 
30 | License
31 | -------
32 | 
33 | BSD
34 | 
35 | Author Information
36 | ------------------
37 | 
38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed).
39 | 


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/README.md:
--------------------------------------------------------------------------------
 1 | Role Name
 2 | =========
 3 | 
 4 | A brief description of the role goes here.
 5 | 
 6 | Requirements
 7 | ------------
 8 | 
 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
10 | 
11 | Role Variables
12 | --------------
13 | 
14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
15 | 
16 | Dependencies
17 | ------------
18 | 
19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
20 | 
21 | Example Playbook
22 | ----------------
23 | 
24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
25 | 
26 |     - hosts: servers
27 |       roles:
28 |          - { role: username.rolename, x: 42 }
29 | 
30 | License
31 | -------
32 | 
33 | BSD
34 | 
35 | Author Information
36 | ------------------
37 | 
38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed).
39 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/README.md:
--------------------------------------------------------------------------------
 1 | Role Name
 2 | =========
 3 | 
 4 | A brief description of the role goes here.
 5 | 
 6 | Requirements
 7 | ------------
 8 | 
 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
10 | 
11 | Role Variables
12 | --------------
13 | 
14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
15 | 
16 | Dependencies
17 | ------------
18 | 
19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
20 | 
21 | Example Playbook
22 | ----------------
23 | 
24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
25 | 
26 |     - hosts: servers
27 |       roles:
28 |          - { role: username.rolename, x: 42 }
29 | 
30 | License
31 | -------
32 | 
33 | BSD
34 | 
35 | Author Information
36 | ------------------
37 | 
38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed).
39 | 


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/README.md:
--------------------------------------------------------------------------------
 1 | Role Name
 2 | =========
 3 | 
 4 | A brief description of the role goes here.
 5 | 
 6 | Requirements
 7 | ------------
 8 | 
 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
10 | 
11 | Role Variables
12 | --------------
13 | 
14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
15 | 
16 | Dependencies
17 | ------------
18 | 
19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
20 | 
21 | Example Playbook
22 | ----------------
23 | 
24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
25 | 
26 |     - hosts: servers
27 |       roles:
28 |          - { role: username.rolename, x: 42 }
29 | 
30 | License
31 | -------
32 | 
33 | BSD
34 | 
35 | Author Information
36 | ------------------
37 | 
38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed).
39 | 


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/meta/main.yml:
--------------------------------------------------------------------------------
 1 | galaxy_info:
 2 |   author: your name
 3 |   description: your role description
 4 |   company: your company (optional)
 5 | 
 6 |   # If the issue tracker for your role is not on github, uncomment the
 7 |   # next line and provide a value
 8 |   # issue_tracker_url: http://example.com/issue/tracker
 9 | 
10 |   # Choose a valid license ID from https://spdx.org - some suggested licenses:
11 |   # - BSD-3-Clause (default)
12 |   # - MIT
13 |   # - GPL-2.0-or-later
14 |   # - GPL-3.0-only
15 |   # - Apache-2.0
16 |   # - CC-BY-4.0
17 |   license: license (GPL-2.0-or-later, MIT, etc)
18 | 
19 |   min_ansible_version: 2.9
20 | 
21 |   # If this a Container Enabled role, provide the minimum Ansible Container version.
22 |   # min_ansible_container_version:
23 | 
24 |   #
25 |   # Provide a list of supported platforms, and for each platform a list of versions.
26 |   # If you don't wish to enumerate all versions for a particular platform, use 'all'.
27 |   # To view available platforms and versions (or releases), visit:
28 |   # https://galaxy.ansible.com/api/v1/platforms/
29 |   #
30 |   # platforms:
31 |   # - name: Fedora
32 |   #   versions:
33 |   #   - all
34 |   #   - 25
35 |   # - name: SomePlatform
36 |   #   versions:
37 |   #   - all
38 |   #   - 1.0
39 |   #   - 7
40 |   #   - 99.99
41 | 
42 |   galaxy_tags: []
43 |     # List tags for your role here, one per line. A tag is a keyword that describes
44 |     # and categorizes the role. Users find roles by searching for tags. Be sure to
45 |     # remove the '[]' above, if you add tags to this list.
46 |     #
47 |     # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
48 |     #       Maximum 20 tags per role.
49 | 
50 | dependencies: []
51 |   # List your role dependencies here, one per line. Be sure to remove the '[]' above,
52 |   # if you add dependencies to this list.
53 |   


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/meta/main.yml:
--------------------------------------------------------------------------------
 1 | galaxy_info:
 2 |   author: your name
 3 |   description: your role description
 4 |   company: your company (optional)
 5 | 
 6 |   # If the issue tracker for your role is not on github, uncomment the
 7 |   # next line and provide a value
 8 |   # issue_tracker_url: http://example.com/issue/tracker
 9 | 
10 |   # Choose a valid license ID from https://spdx.org - some suggested licenses:
11 |   # - BSD-3-Clause (default)
12 |   # - MIT
13 |   # - GPL-2.0-or-later
14 |   # - GPL-3.0-only
15 |   # - Apache-2.0
16 |   # - CC-BY-4.0
17 |   license: license (GPL-2.0-or-later, MIT, etc)
18 | 
19 |   min_ansible_version: 2.9
20 | 
21 |   # If this a Container Enabled role, provide the minimum Ansible Container version.
22 |   # min_ansible_container_version:
23 | 
24 |   #
25 |   # Provide a list of supported platforms, and for each platform a list of versions.
26 |   # If you don't wish to enumerate all versions for a particular platform, use 'all'.
27 |   # To view available platforms and versions (or releases), visit:
28 |   # https://galaxy.ansible.com/api/v1/platforms/
29 |   #
30 |   # platforms:
31 |   # - name: Fedora
32 |   #   versions:
33 |   #   - all
34 |   #   - 25
35 |   # - name: SomePlatform
36 |   #   versions:
37 |   #   - all
38 |   #   - 1.0
39 |   #   - 7
40 |   #   - 99.99
41 | 
42 |   galaxy_tags: []
43 |     # List tags for your role here, one per line. A tag is a keyword that describes
44 |     # and categorizes the role. Users find roles by searching for tags. Be sure to
45 |     # remove the '[]' above, if you add tags to this list.
46 |     #
47 |     # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
48 |     #       Maximum 20 tags per role.
49 | 
50 | dependencies: []
51 |   # List your role dependencies here, one per line. Be sure to remove the '[]' above,
52 |   # if you add dependencies to this list.
53 |   


--------------------------------------------------------------------------------
/playbooks/roles/ec2-cleanup/meta/main.yml:
--------------------------------------------------------------------------------
 1 | galaxy_info:
 2 |   author: your name
 3 |   description: your role description
 4 |   company: your company (optional)
 5 | 
 6 |   # If the issue tracker for your role is not on github, uncomment the
 7 |   # next line and provide a value
 8 |   # issue_tracker_url: http://example.com/issue/tracker
 9 | 
10 |   # Choose a valid license ID from https://spdx.org - some suggested licenses:
11 |   # - BSD-3-Clause (default)
12 |   # - MIT
13 |   # - GPL-2.0-or-later
14 |   # - GPL-3.0-only
15 |   # - Apache-2.0
16 |   # - CC-BY-4.0
17 |   license: license (GPL-2.0-or-later, MIT, etc)
18 | 
19 |   min_ansible_version: 2.9
20 | 
21 |   # If this a Container Enabled role, provide the minimum Ansible Container version.
22 |   # min_ansible_container_version:
23 | 
24 |   #
25 |   # Provide a list of supported platforms, and for each platform a list of versions.
26 |   # If you don't wish to enumerate all versions for a particular platform, use 'all'.
27 |   # To view available platforms and versions (or releases), visit:
28 |   # https://galaxy.ansible.com/api/v1/platforms/
29 |   #
30 |   # platforms:
31 |   # - name: Fedora
32 |   #   versions:
33 |   #   - all
34 |   #   - 25
35 |   # - name: SomePlatform
36 |   #   versions:
37 |   #   - all
38 |   #   - 1.0
39 |   #   - 7
40 |   #   - 99.99
41 | 
42 |   galaxy_tags: []
43 |     # List tags for your role here, one per line. A tag is a keyword that describes
44 |     # and categorizes the role. Users find roles by searching for tags. Be sure to
45 |     # remove the '[]' above, if you add tags to this list.
46 |     #
47 |     # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
48 |     #       Maximum 20 tags per role.
49 | 
50 | dependencies: []
51 |   # List your role dependencies here, one per line. Be sure to remove the '[]' above,
52 |   # if you add dependencies to this list.
53 |   


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/meta/main.yml:
--------------------------------------------------------------------------------
 1 | galaxy_info:
 2 |   author: your name
 3 |   description: your role description
 4 |   company: your company (optional)
 5 | 
 6 |   # If the issue tracker for your role is not on github, uncomment the
 7 |   # next line and provide a value
 8 |   # issue_tracker_url: http://example.com/issue/tracker
 9 | 
10 |   # Choose a valid license ID from https://spdx.org - some suggested licenses:
11 |   # - BSD-3-Clause (default)
12 |   # - MIT
13 |   # - GPL-2.0-or-later
14 |   # - GPL-3.0-only
15 |   # - Apache-2.0
16 |   # - CC-BY-4.0
17 |   license: license (GPL-2.0-or-later, MIT, etc)
18 | 
19 |   min_ansible_version: 2.9
20 | 
21 |   # If this a Container Enabled role, provide the minimum Ansible Container version.
22 |   # min_ansible_container_version:
23 | 
24 |   #
25 |   # Provide a list of supported platforms, and for each platform a list of versions.
26 |   # If you don't wish to enumerate all versions for a particular platform, use 'all'.
27 |   # To view available platforms and versions (or releases), visit:
28 |   # https://galaxy.ansible.com/api/v1/platforms/
29 |   #
30 |   # platforms:
31 |   # - name: Fedora
32 |   #   versions:
33 |   #   - all
34 |   #   - 25
35 |   # - name: SomePlatform
36 |   #   versions:
37 |   #   - all
38 |   #   - 1.0
39 |   #   - 7
40 |   #   - 99.99
41 | 
42 |   galaxy_tags: []
43 |     # List tags for your role here, one per line. A tag is a keyword that describes
44 |     # and categorizes the role. Users find roles by searching for tags. Be sure to
45 |     # remove the '[]' above, if you add tags to this list.
46 |     #
47 |     # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
48 |     #       Maximum 20 tags per role.
49 | 
50 | dependencies: []
51 |   # List your role dependencies here, one per line. Be sure to remove the '[]' above,
52 |   # if you add dependencies to this list.
53 |   


--------------------------------------------------------------------------------
/playbooks/roles/build-vyos-ami/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # tasks file for build-vyos-ami
 3 | - name: Create a snapshot of the EBS volume
 4 |   ec2_snapshot:
 5 |     region: "{{ ec2_region }}"
 6 |     device_name: "{{ ebs_drive }}"
 7 |     instance_id: "{{ ec2_instance.instances[0].id }}"
 8 |     description: "{{ snapshot_description }}"
 9 |   register: ec2_snap
10 | 
11 | - name: Stop instance that were previously launched
12 |   ec2:
13 |     state: 'stopped'
14 |     instance_ids: 
15 |       - "{{ ec2_instance.instances[0].id }}"
16 |     region: "{{ ec2_region }}"
17 |     wait: yes
18 | 
19 | - name: Register AMI from
20 |   command: aws ec2 register-image
21 |             --region {{ ec2_region }}
22 |             --name '{{ ami_name }}'
23 |             --description '{{ ami_description }}'
24 |             --architecture {{ ami_architecture }}
25 |             --root-device-name {{ ami_root_device_name }}
26 |             --block-device-mappings '[{"DeviceName":"{{ ami_root_device_name }}","Ebs":{"SnapshotId":"{{ ec2_snap.snapshot_id }}"}}]'
27 |             --virtualization-type {{ ami_virtualization_type }}
28 |             --sriov-net-support simple
29 |             --ena-support
30 |             --output json
31 |   register: ec2_ami
32 | 
33 | - debug: msg="{{ (ec2_ami.stdout | from_json).ImageId}}"
34 | 
35 | - name: Tag the AMI
36 |   ec2_tag:
37 |     region: "{{ ec2_region }}"
38 |     resource: "{{ (ec2_ami.stdout | from_json).ImageId }}"
39 |     tags:
40 |       iso_url: "{{ iso }}"
41 |       iso: "{{ iso | basename }}"
42 |     # vyos-build-ami-git-rev: "{{ local_git_revision.stdout }}"
43 |       build_user: "{{ ansible_user_id }}"
44 |       build_controller_host: "{{ ansible_hostname }}"
45 | 
46 | # - name: Register AMI from {{ ec2_instance.instances[0].id }}
47 | #   ec2_ami:
48 | #     instance_id: "{{ ec2_instance.instances[0].id }}"
49 | #     wait: yes
50 | #     name: "{{ ami_name }}"
51 | #     region: "{{ ec2_region }}"
52 | #     description: "{{ ami_description }}"
53 | #     architecture: "{{ ami_architecture }}"
54 | #     root_device_name: "{{ ami_root_device_name }}"
55 | #     device_mapping:
56 | #       - device_name: "{{ ami_root_device_name }}"
57 | #         snapshot_id: "{{ ec2_snap.snapshot_id }}"
58 | #     tags:
59 | #       Name: "{{ ami_name }}"
60 | #       iso_url: "{{ iso }}"
61 | #       iso: "{{ iso | basename }}"
62 | #       build_user: "{{ ansible_user_id }}"
63 | #       build_controller_host: "{{ ansible_hostname }}"
64 | 
65 | 
66 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | VyOS build-ami
 2 | --------------
 3 | 
 4 | **NOTE:** You can support VyOS development by using the official VyOS AMI from the marketplace: https://aws.amazon.com/marketplace/pp/B074KJK4WC
 5 | (starting from $50/year).
 6 | 
 7 | The official AMIs are built with these exact scripts so if you build one for yourself, your own AMI will be functionally identical to the official ones.
 8 | 
 9 | ## Prerequisites
10 | 
11 | VyOS images built with default `make iso` options *do not* include EC2 autoconfiguration mechanism).
12 | 
13 | To make an image suitable for an AMI, do this instead:
14 | 
15 | ```
16 | ./configure
17 | sudo make AWS
18 | ```
19 | 
20 | ## Requirements
21 | 
22 | The build scripts are based on ansible and awscli.
23 | 
24 | To install and configure awscli, follow the user guide: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html
25 | Make sure the python modules boto, botocore, and boto3 also gets installed.
26 | 
27 | Ansible is available from the repositories on most Linux distributions.
28 | 
29 | These scripts and playbooks should work on any Linux system, or, theoretically, on any system supported by ansible and awscli.
30 | 
31 | At this time Python3 support is limited by its supports by ansible, so it's safer to use Python 2.7.
32 | 
33 | ## Usage
34 | 
35 | ```
36 | ./vyos-build-ami <VyOS ISO URL>
37 | ```
38 | 
39 | The baseline code now supports only VyOS >=1.2.0. If you want to build an AMI from VyOS 1.1.x, check out the 1.1.x tag.
40 | 
41 | ## Operation
42 | 
43 | Since there is no easy way to upload a disk image to AWS directly, the playbooks create a Debian Jessie instance and run a sequence of commands to create an EBS disk and unpack the
44 | VyOS image to it, emulating the installation procedure.
45 | 
46 | ## Troubleshooting
47 | 
48 | **NOTE:** If playbook fails, it leaves behind a t2.micro instance, an SSH key pair names "vyos-build-ami", and a security group also named "vyos-build-ami".
49 | If you want to restart the process from the beginning, remove those by hand.
50 | 
51 | Sometimes playbook tasks fail through no one's fault, for example, SSH timeouts if an instance takes too long to create.
52 | 
53 | Note that AMI name is fixed, and registering the AMI will fail if you try to run the playbooks when you already have one in your account. De-register the old one first.
54 | 
55 | ## License
56 | 
57 | These scripts are available under the MIT license. See the LICENSE file for more info.
58 | 
59 | build-ami playbooks were originally written by hydrajump (https://github.com/hydrajump) and are now maintained
60 | by the VyOS team.
61 | 


--------------------------------------------------------------------------------
/playbooks/roles/provision-ec2-instance/tasks/main.yml:
--------------------------------------------------------------------------------
  1 | ---
  2 | - name: install boto3 prerequisites
  3 |   pip:
  4 |     state: present
  5 |     name:
  6 |      - boto3
  7 |      - boto
  8 |   become: yes
  9 |   tags:
 10 |     - prerequisites
 11 | 
 12 | # tasks file for provision-ec2-instance
 13 | - name: Make sure that files/ssh-keys directory exists
 14 |   file:
 15 |     path: "{{ temp_folder }}"
 16 |     state: directory
 17 |   tags:
 18 |     - aws
 19 |     - AWS
 20 | 
 21 | - name: Create an SSH key pair
 22 |   ec2_key:
 23 |     name: "{{ key_pair_name }}"
 24 |     region: "{{ ec2_region }}"
 25 |     wait: True
 26 |   register: key_pair
 27 |   tags:
 28 |     - aws
 29 |     - AWS
 30 | 
 31 | - name: Dump key pair
 32 |   copy:
 33 |     content: "{{ key_pair.key.private_key }}"
 34 |     dest: "{{ key_pair_file }}"
 35 |     mode: 0600
 36 |   when: key_pair.changed | bool
 37 |   tags:
 38 |     - aws
 39 |     - AWS
 40 | 
 41 | - name: Looking  for {{ key_pair_file }}
 42 |   stat:
 43 |     path: "{{ key_pair_file }}"
 44 |   register: st_ssh_key
 45 |   when: not (key_pair.changed | bool)
 46 |   tags:
 47 |     - aws
 48 |     - AWS
 49 | 
 50 | - name: Assert that SSH private key is persent if ec2 key already exists
 51 |   assert:
 52 |     that: st_ssh_key.stat.exists
 53 |   when: not (key_pair.changed | bool)
 54 |   tags:
 55 |     - aws
 56 |     - AWS
 57 | 
 58 | - name: Find the default VPC
 59 |   ec2_vpc_net_facts:
 60 |     region: "{{ ec2_region }}"
 61 |     filters:
 62 |       isDefault: "true"
 63 |   register: vpc_nets
 64 |   tags:
 65 |     - aws
 66 |     - AWS
 67 | 
 68 | - name: Find the default VPC subnet
 69 |   ec2_vpc_subnet_facts:
 70 |     region: "{{ ec2_region }}"
 71 |     filters:
 72 |       "vpc-id": "{{ vpc_nets.vpcs[0].vpc_id }}"
 73 |       defaultForAz: "true"
 74 |   register: vpc_subnets
 75 |   tags:
 76 |     - aws
 77 |     - AWS
 78 | 
 79 | - name: Create a security group that allows SSH
 80 |   ec2_group:
 81 |     name: "vyos_build_ami"
 82 |     state: present
 83 |     description: This security group was generated by ansible playbook vyos_build_ami.yml
 84 |     region: "{{ ec2_region }}"
 85 |     vpc_id: "{{ vpc_subnets.subnets[0].vpc_id }}"
 86 |     rules:
 87 |       - proto: tcp
 88 |         from_port: 22
 89 |         to_port: 22
 90 |         cidr_ip: 0.0.0.0/0
 91 |   register: security_group
 92 |   tags:
 93 |     - aws
 94 |     - AWS
 95 | 
 96 | #Look up the AMI id to use based on a search
 97 | - name: Look up Debian Jessie AMI
 98 |   ec2_ami_facts:
 99 |     owners: "{{ base_image.debian_aws_account_id }}"
100 |     region: "{{ ec2_region }}"
101 |     filters:
102 |       name: "{{ base_image.name }}"
103 |       architecture: "{{ base_image.architecture }}"
104 |       hypervisor: "{{ base_image.hypervisor }}"
105 |       "root-device-type": "{{ base_image.root_device_type }}"
106 |       state: available
107 |   register: debian_ami
108 |   tags:
109 |     - aws
110 |     - AWS
111 | 
112 | #---- Launch EC2 instance ----
113 | - name: Launch an EC2 instance
114 |   ec2:
115 |     key_name: "{{ key_pair_name }}"
116 |     assign_public_ip: True
117 |     vpc_subnet_id: "{{ vpc_subnets.subnets[0].subnet_id }}"
118 |     image: "{{ debian_ami.images[0].image_id }}"
119 |     instance_type: "{{ instance_type }}"
120 |     region: "{{ ec2_region }}"
121 |     group_id: "{{ security_group.group_id  }}"
122 |     wait: yes
123 |     instance_tags:
124 |       Name: "{{ placeholder }}"
125 |       Type: "VyOS"
126 |     volumes:
127 |       - device_name: /dev/sdf
128 |         volume_type: gp2
129 |         volume_size: "{{ volume_size }}"
130 |         delete_on_termination: True
131 |   register: ec2_instance
132 |   tags:
133 |     - aws
134 |     - AWS
135 | 
136 | - name: Add instance's public DNS name to ansible host group ec2
137 |   add_host:
138 |     name: "{{ ec2_instance.instances[0].public_ip }}"
139 |     groups: ec2
140 |     ansible_user: admin
141 |     ansible_ssh_private_key_file: "{{ key_pair_file }}"
142 |     ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
143 |   tags:
144 |     - aws
145 |     - AWS
146 | 
147 | - name: Show EC2 instance public ip.
148 |   debug: 
149 |     msg: "{{ ec2_instance.instances[0].public_ip }}"
150 |   tags:
151 |     - aws
152 |     - AWS
153 | 
154 | - name: Wait for instance's SSH port to open
155 |   wait_for:
156 |     host: "{{ ec2_instance.instances[0].public_ip }}"
157 |     port: 22
158 |     delay: 10
159 |     timeout: 300
160 |     state: started
161 |   tags:
162 |     - aws
163 |     - AWS


--------------------------------------------------------------------------------
/playbooks/roles/build-disk/tasks/main.yml:
--------------------------------------------------------------------------------
  1 | ---
  2 | - name: remove sources.list
  3 |   file:
  4 |     path: "/etc/apt/sources.list"
  5 |     state: absent
  6 | 
  7 | - name: remove sources.list.d
  8 |   file:
  9 |     path: "/etc/apt/sources.list.d"
 10 |     state: absent
 11 | 
 12 | - name: update sources.list
 13 |   copy:
 14 |     src: "files/sources.list"
 15 |     dest: "/etc/apt/sources.list"
 16 |     owner: root
 17 |     group: root
 18 |     mode: 0644
 19 |     force: yes
 20 | 
 21 | - name: Install required packages
 22 |   apt:
 23 |     update_cache: yes
 24 |     name:
 25 |       - parted
 26 |       - e2fsprogs
 27 |       - gnupg
 28 |     state: present
 29 | 
 30 | - name: Load aufs module
 31 |   shell: modprobe aufs
 32 | 
 33 | # ---- Set up the specified ISO release ----
 34 | 
 35 | # - name: Fetch VyOS ISO GPG signature
 36 | #   uri:
 37 | #     url: "{{ vyos_iso_url }}.asc"
 38 | #     dest: "{{ vyos_iso_local }}.asc"
 39 | #     status_code: 200,404,403
 40 | #   tags: verify
 41 | #   register: gpg_uri
 42 | 
 43 | - name: Download VyOS ISO release
 44 |   get_url:
 45 |     url: "{{ vyos_iso_url }}"
 46 |     dest: "{{ vyos_iso_local }}"
 47 | 
 48 | # - name: Fetch the VyOS release GPG key
 49 | #   get_url:
 50 | #     url: "{{ vyos_key_url}}"
 51 | #     dest: "{{ vyos_key_local }}"
 52 | #   tags: verify
 53 | 
 54 | # - name: Install the VyOS release GPG key
 55 | #   command: gpg --import {{ vyos_key_local }}
 56 | #   when: gpg_uri.status == 200
 57 | #   tags: verify
 58 | 
 59 | # - name: Validate ISO GPG signature
 60 | #   command: gpg --verify {{ vyos_iso_local }}.asc {{ vyos_iso_local }}
 61 | #   when: gpg_uri.status == 200
 62 | #   tags: verify
 63 | 
 64 | - name: Mount ISO
 65 |   mount:
 66 |     name: "{{ CD_ROOT }}"
 67 |     src: "{{ vyos_iso_local }}"
 68 |     fstype: iso9660
 69 |     opts: loop,ro
 70 |     state: mounted
 71 | 
 72 | - name: Verify checksums of all the files in the ISO image
 73 |   command: md5sum -c md5sum.txt
 74 |   args:
 75 |     chdir: "{{ CD_ROOT }}"
 76 |   changed_when: False
 77 | 
 78 | - name: Mount squashfs image from ISO
 79 |   mount:
 80 |     name: "{{ CD_SQUASH_ROOT }}"
 81 |     src: "{{ SQUASHFS_IMAGE }}"
 82 |     fstype: squashfs
 83 |     opts: loop,ro
 84 |     state: mounted
 85 | 
 86 | - name: Read version string from iso packages
 87 |   shell: cat {{ CD_SQUASH_ROOT }}/opt/vyatta/etc/version | awk '{print $2}' | tr + -
 88 |   register: version_string
 89 | 
 90 | - name: Debug version string as read from ISO
 91 |   debug: msg="This is version {{ version_string.stdout }}"
 92 | 
 93 | - name: Partition the target drive
 94 |   parted:
 95 |     device: "{{ volume_drive }}"
 96 |     state: present
 97 |     label: msdos
 98 |     number: 1
 99 |     part_type: primary
100 |     part_start: 0%
101 |     part_end: 100%
102 |     align: optimal
103 |     flags: [boot]
104 | 
105 | - name: Create a filesystem on root partition
106 |   filesystem:
107 |     fstype: "{{ ROOT_FSTYPE }}"
108 |     device: "{{ ROOT_PARTITION }}"
109 |     opts: "-L persistence"
110 | 
111 | - name: Mount root partition
112 |   mount:
113 |     name: "{{ WRITE_ROOT }}"
114 |     src: "{{ ROOT_PARTITION }}"
115 |     fstype: "{{ ROOT_FSTYPE }}"
116 |     state: mounted
117 | 
118 |     # ---- Install image from ISO ----
119 | - name: Create {{ WRITE_ROOT }} directories
120 |   file:
121 |     path: "{{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/rw"
122 |     state: directory
123 |   register: RW_DIR
124 | 
125 | - name: Create the work directory
126 |   file:
127 |     path: "{{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/work/work"
128 |     state: directory
129 | 
130 | - name: Copy squashfs image from ISO to root partition
131 |   command: cp -p {{ SQUASHFS_IMAGE }} {{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/{{ version_string.stdout }}.squashfs
132 |   args:
133 |     creates: "{{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/{{ version_string.stdout }}.squashfs"
134 | 
135 | - name: Copy boot files (kernel and initrd images) from ISO to root partition
136 |   shell: find {{ CD_SQUASH_ROOT }}/boot -maxdepth 1  \( -type f -o -type l \) -print -exec cp -dp {} {{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/ \;
137 |   args:
138 |     creates: "{{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/vmlinuz"
139 | 
140 | - name: Mount squashfs image from root partition
141 |   mount:
142 |     name: "{{ READ_ROOT }}"
143 |     src: "{{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/{{ version_string.stdout }}.squashfs"
144 |     fstype: squashfs
145 |     opts: loop,ro
146 |     state: mounted
147 | 
148 | - name: Set up union root for post installation tasks
149 |   mount:
150 |     name: "{{ INSTALL_ROOT }}"
151 |     src: none
152 |     fstype: aufs
153 |     opts: "noatime,dirs={{ RW_DIR.path }}=rw:{{ READ_ROOT }}=rr"
154 |     state: mounted
155 | 
156 | # ---- Post image installation tasks ----
157 | 
158 |     ## ---- VyOS configuration ----
159 | - name: Make sure that config partition marker exists
160 |   file:
161 |     path: "{{ INSTALL_ROOT }}/opt/vyatta/etc/config/.vyatta_config"
162 |     state: touch
163 | 
164 | - name: Copy the default config for EC2 to the installed image
165 |   template:
166 |     src: templates/config.boot.default.ec2
167 |     dest: "{{ INSTALL_ROOT }}/opt/vyatta/etc/config/config.boot"
168 |     mode: 0755
169 | 
170 |     ## ---- Install GRUB boot loader ----
171 | - name: Create GRUB directory
172 |   file:
173 |     path: "{{ WRITE_ROOT }}/boot/grub"
174 |     state: directory
175 | 
176 | # It is necessary to mount and bind /dev, /proc, /sys and /boot in order to execute grub-install
177 | # and install GRUB correctly within the {{ volume_drive }} using chroot
178 | 
179 | # XXX: ansible mount module requires fstype so it cannot be used for binding an already
180 | # mounted location, we get to use mount directly at least for /boot
181 | - name: Mount and bind /dev /proc /sys and {{ WRITE_ROOT }}/boot to {{ INSTALL_ROOT }}
182 |   shell: mount --bind /dev {{ INSTALL_ROOT }}/dev &&
183 |           mount --bind /proc {{ INSTALL_ROOT }}/proc &&
184 |           mount --bind /sys {{ INSTALL_ROOT }}/sys &&
185 |           mount --bind {{ WRITE_ROOT }} {{ INSTALL_ROOT }}/boot
186 |   args:
187 |     warn: no
188 | 
189 | - name: Install GRUB in the boot sector of {{ volume_drive }}
190 |   command: chroot {{ INSTALL_ROOT }} grub-install --no-floppy --root-directory=/boot {{ volume_drive }}
191 |   args:
192 |     creates: "{{ INSTALL_ROOT }}/boot/grub/grubenv"
193 | 
194 | - name: Configure GRUB for AWS EC2
195 |   template:
196 |     src: templates/boot/grub/grub.cfg.j2
197 |     dest: "{{ WRITE_ROOT }}/boot/grub/grub.cfg"
198 |     mode: 0644
199 | 
200 | - name: Create the persistence config
201 |   template:
202 |     src: templates/persistence.conf
203 |     dest: "{{ WRITE_ROOT }}/persistence.conf"
204 |     mode: 0644
205 | 
206 | # ---- Unmount all mounts ----
207 | - name: Unmount {{ INSTALL_ROOT }}/boot
208 |   mount:
209 |     name: "{{ INSTALL_ROOT }}/boot"
210 |     src: "{{ WRITE_ROOT }}"
211 |     fstype: none
212 |     state: unmounted
213 | 
214 | - name: Unmount {{ INSTALL_ROOT }}/sys, {{ INSTALL_ROOT }}/proc, {{ INSTALL_ROOT }}/dev
215 |   mount:
216 |     name: "{{ INSTALL_ROOT }}/{{ item }}"
217 |     src: "/{{ item }}"
218 |     fstype: none
219 |     state: unmounted
220 |   with_items: [ 'sys', 'proc', 'dev' ]
221 | 
222 | - name: Unmount {{ INSTALL_ROOT }}
223 |   mount:
224 |     name: "{{ INSTALL_ROOT }}"
225 |     src: overlayfs
226 |     fstype: overlayfs
227 |     state: unmounted
228 | 
229 | - name: Unmount {{ READ_ROOT }}
230 |   mount:
231 |     name: "{{ READ_ROOT }}"
232 |     src: "{{ WRITE_ROOT }}/boot/{{ version_string.stdout }}/{{ version_string.stdout }}.squashfs"
233 |     fstype: squashfs
234 |     state: unmounted
235 | 
236 | - name: Unmount {{ WRITE_ROOT }}
237 |   mount:
238 |     name: "{{ WRITE_ROOT }}"
239 |     src: "{{ ROOT_PARTITION }}"
240 |     fstype: "{{ ROOT_FSTYPE }}"
241 |     state: unmounted
242 | 
243 | - name: Unmount {{ CD_SQUASH_ROOT }}
244 |   mount:
245 |     name: "{{ CD_SQUASH_ROOT }}"
246 |     src: "{{ SQUASHFS_IMAGE }}"
247 |     fstype: squashfs
248 |     state: unmounted
249 | 
250 | - name: Unmount {{ CD_ROOT }}
251 |   mount:
252 |     name: "{{ CD_ROOT }}"
253 |     src: "{{ vyos_iso_local }}"
254 |     fstype: iso9660
255 |     state: unmounted
256 | 
257 | 


--------------------------------------------------------------------------------