Merge pull request #352 from Limmen/ansible

add ansible installation files

ansible/Nginx_configuration_content.txt

@@ -0,0 +1,25 @@
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	root /var/www/html;
+
+	index index.html index.htm index.nginx-debian.html;
+
+	server_name _;
+
+	location /pgadmin {
+		proxy_set_header X-Script-Name /pgadmin;
+		proxy_set_header Host $host;
+		proxy_pass http://localhost:7778/;
+		proxy_redirect off;
+	}
+
+	location / {
+		proxy_pass http://localhost:7777/;
+		proxy_buffering off;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-Host $host;
+		proxy_set_header X-Forwarded-Port $server_port;
+	}
+}

ansible/Nginx_configuration_content_https.txt

@@ -0,0 +1,31 @@
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+	server_name _;
+	return 301 https://$host$request_uri;
+
+	location /pgadmin {
+		proxy_set_header X-Script-Name /pgadmin;
+		proxy_set_header Host $host;
+		proxy_pass http://localhost:7778/;
+		proxy_redirect off;
+	}
+}
+
+
+server {
+	listen 443 ssl default_server;
+	listen [::]:443 ssl default_server;
+	ssl_certificate /var/log/csle/certs/csle.dev.crt;
+	ssl_certificate_key /var/log/csle/certs/csle_private.key;
+	root /var/www/html;
+	index index.html index.htm index.nginx-debian.html;
+	server_name csle.dev;
+	location / {
+		proxy_pass http://localhost:7777/;
+		proxy_buffering off;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-Host $host;
+		proxy_set_header X-Forwarded-Port $server_port;
+	}
+}

ansible/README.md

@@ -0,0 +1,53 @@
+# Ansible installation
+
+CSLE can be installed in two ways: (1) by manually executing the installation commands described in the documentation; and
+(2) through Ansible. The recommended way to install CSLE is with Ansible as it automates repetitive tasks and simplifies management of the installation.
+This folder contains configuration files and ansible playbooks for installing CSLE.
+
+Ansible documentation can be found at [https://docs.ansible.com/](https://docs.ansible.com/).
+
+## Installing Ansible
+
+Ansible can be installed by running the command:
+```bash
+pip install ansible
+```
+
+## Configuring the installation
+Before starting the CSLE installation, open the file XXX and configure the following variables:
+
+- user
+- todo
+
+## Installing CSLE
+To install CSLE with ansible, run the following commands:
+```bash
+ansible-playbook --ask-become-pass installing_the_management_system.yml
+```
+
+### Debugging
+If the installation fails at some step, you can debug the reason for the failure by adding the following 
+line to the Ansible playbook. First, we register a variable that holds a dictionary of the output for the module in that task. In the given example git_installation is this variable. In the next lines, we use debug to print the variable. 
+
+```bash
+- name: Installation of git
+    apt:
+      name: git
+    register: git_installation
+- debug:
+    var: git_installation
+```
+
+## Author & Maintainer
+
+Kim Hammar <kimham@kth.se>
+
+Forough Shahab <foro@kth.se>
+
+## Copyright and license
+
+[LICENSE](../LICENSE.md)
+
+Creative Commons
+
+(C) 2020-2024, Kim Hammar

ansible/ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+inventory = inventory
+private_key_file = ~/.ssh/ansible

ansible/installation_setup.yml

@@ -0,0 +1,122 @@
+---
+
+- hosts: all
+  become: true
+
+  vars:
+    csle_git_repo_url: "https://github.com/Limmen/csle"
+    anaconda_url: "https://repo.anaconda.com/archive/Anaconda3-2022.10-Linux-x86_64.sh"
+    user: "shahab"
+
+  tasks:
+
+  - name: Installation of build-essential
+    apt:
+      name: build-essential
+
+  - name: Installation of make
+    apt:
+      name: make
+
+  - name: Installation of git
+    apt:
+      name: git
+
+  - name: Installation of bzip2
+    apt:
+      name: bzip2
+
+  - name: Installation of nginx
+    apt:
+      name: nginx
+
+  - name: Check if Anaconda is installed
+    shell: "/home/{{ user }}/anaconda3/bin/conda --version"
+    register: anaconda_installed
+    ignore_errors: true
+
+  - name: Download anaconda
+    ansible.builtin.get_url:
+      url: "{{ anaconda_url }}"
+      dest: "/home/{{ user }}"
+      mode: '0770'
+    when: anaconda_installed.rc != 0
+
+  - name: Install anaconda
+    shell: "/home/{{ user }}/Anaconda3-2022.10-Linux-x86_64.sh -b -u -p /home/{{ user }}/anaconda3"
+    when: anaconda_installed.rc != 0
+
+  - name: Add anaconda bin to path
+    shell: "echo export PATH=/home/{{ user }}/anaconda3/bin:$PATH >> /etc/profile"
+    when: anaconda_installed.rc != 0
+
+  - name: Conda - read permission for all
+    file:
+      path: "/home/{{ user }}/anaconda3"
+      mode: +r
+      recurse: yes
+    when: anaconda_installed.rc != 0
+
+  - name: Conda - execution permission for all
+    file:
+      path: "/home/{{ user }}/anaconda3/bin"
+      mode: +x
+      recurse: yes
+    when: anaconda_installed.rc != 0
+
+  - name: Check if the folder is cloned
+    stat:
+      path: "{{ csle_git_repo_url }}"
+    register: git_folder_stat
+
+  - name: Clone CSLE 
+    ansible.builtin.git:
+      repo: "{{ csle_git_repo_url }}"
+      dest: "/home/{{ user }}/csle"
+      single_branch: yes
+      version: master 
+    when: not git_folder_stat.stat.exists
+
+  - name: Check if csle home environment variable already exists in .bashrc, If you see error, Ignore it!
+    shell: grep -qxF 'export CSLE_HOME=/home/{{ user }}/csle' "/home/{{ user }}/.bashrc"
+    register: variable_exists
+    ignore_errors: true
+
+  - name: Add environment variable to .bashrc if not already present
+    lineinfile:
+      path: "/home/{{ user }}/.bashrc"
+      line: "export CSLE_HOME=/home/{{ user }}/csle"
+    when: variable_exists.rc != 0
+
+  - name: Check if CSLE log directory exists
+    stat:
+      path: /var/log/csle
+    register: log_directory_exists
+
+  - name: Creates CSLE log directory
+    ansible.builtin.file:
+      path: /var/log/csle
+      state: directory 
+      mode: "0774"
+      owner: "{{ user }}"
+    when: not log_directory_exists.stat.exists
+
+  - name: Check if CSLE tmp directory exists
+    stat:
+      path: /tmp/csle
+    register: tmp_directory_exists
+
+  - name: Creates CSLE tmp directory
+    ansible.builtin.file:
+      path: /tmp/csle
+      state: directory
+      mode: "0774"
+      owner: "{{ user }}"
+    when: not tmp_directory_exists.stat.exists
+
+  - name: Add or modify sudoers configuration
+    lineinfile:
+      path: /etc/sudoers
+      line: "{{ user }} ALL= NOPASSWD: /usr/sbin/service docker stop, /usr/sbin/service docker start, /usr/sbin/service docker restart, /usr/sbin/service nginx stop, /usr/sbin/service nginx start, /usr/sbin/service nginx restart, /usr/sbin/service postgresql start, /usr/sbin/service postgresql stop, /usr/sbin/service postgresql restart, /bin/kill, /usr/bin/journalctl -u docker.service -n 100 --no-pager -e"
+      state: present
+      validate: 'visudo -cf %s'  # Validate the sudoers file syntax

ansible/installing_emulation_system.yml

@@ -0,0 +1,108 @@
+---
+
+- hosts: all
+  become: true
+
+  vars:
+    user: "shahab"
+    leader_ip: "172.31.212.83"
+
+  tasks:
+
+  - name: Check if keyrings folder exist
+    stat:
+      path: /etc/apt/keyrings
+    register: keyrings_directory_exists
+
+  - name: Creates keyrings directory if it does not exist
+    ansible.builtin.file:
+      path: /etc/apt/keyrings
+      state: directory
+      mode: "0755"
+    when: not keyrings_directory_exists.stat.exists
+
+  - name: Download Docker GPG key and install GPG key
+    shell: |
+      expect -c '
+          spawn /bin/bash -c "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg"
+          expect -re ".*Overwrite?.*"
+          send "y\r"
+          interact
+        '
+        
+  - name: Second command for installing keys
+    shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+  - name: Update package cache
+    apt:
+      update_cache: yes
+
+  - name: Install Docker packages
+    apt:
+      name:
+        - docker-ce
+        - docker-ce-cli
+        - containerd.io
+      state: present
+
+  - name: Add Docker group
+    group:
+      name: docker
+      state: present
+
+  - name: Add user to Docker group
+    shell: sudo usermod -aG docker $USER
+
+  - name: Initialize Docker Swarm
+    command: docker swarm init --advertise-addr "{{ leader_ip }}"
+    ignore_errors: yes
+
+  - name: Pulling base image
+    shell: "cd /home/{{ user }}/csle/emulation-system/base_images && make pull"
+
+  - name: Pulling derived image
+    shell: |
+      cd "/home/{{ user }}/csle/emulation-system/derived_images" && \
+      make pull
+    args:
+      executable: /bin/bash
+
+  - name: Installing the envs on the leader node
+    shell: |
+      source "/home/{{ user }}/anaconda3/bin/activate" py39 && \
+      cd "/home/{{ user }}/csle/emulation-system/envs" && \
+      make install
+    args:
+      executable: /bin/bash
+
+  - name: Set max_map_count kernel parameter
+    sysctl:
+      name: vm.max_map_count
+      value: 262144
+      sysctl_set: yes
+      reload: yes
+      state: present
+
+  - name: Add line to limits.conf if not exists
+    ansible.builtin.lineinfile:
+      path: /etc/security/limits.conf
+      line: "{{ user }}\tsoft\tnofile\t102400"
+      regexp: "^{{ user }}\\s+soft\\s+nofile\\s+102400$"
+      state: present
+    register: line_added
+    changed_when: false
+
+  - name: Add second line to limits.conf if not exists
+    ansible.builtin.lineinfile:
+      path: /etc/security/limits.conf
+      line: "{{ user }}\thard\tnofile\t1024000"
+      regexp: "^{{ user }}\\s+hard\\s+nofile\\s+1024000$"
+      state: present
+    register: line_added
+    changed_when: false
+
+  - name: Set fs.inotify.max_user_watches in sysctl.conf
+    ansible.builtin.shell: "echo 'fs.inotify.max_user_watches=524288' | sudo tee -a /etc/sysctl.conf"
+
+  - name: Reload sysctl
+    ansible.builtin.shell: "sudo sysctl -p"