roles/amarisoft-upgrade: add role to upgrade amarisoft binaries

This role makes a request to shacache to check if new amarisoft
binaries are available. If there are and if the license on the
machine allows it the binaries will be downloaded and decrypted
using the server's private key in /opt/private-key.
The binaries will then be installed in
/opt/amarisoft/vYYYY-MM-DD, to be used with ors-amarisoft
software release.

playbook/amarisoft-upgrade.yml

+- name: a play that runs entirely on the ansible host
+  hosts: 127.0.0.1
+  connection: local
+
+  vars_files:
+    - settings/ors.yml
+
+  roles:
+    - amarisoft-upgrade

playbook/roles/amarisoft-upgrade/defaults/main.yml

+pkdir: /opt/private-key

playbook/roles/amarisoft-upgrade/files/encrypt-data.sh

+#!/bin/sh
+usage() {
+    echo 1>&2 "Usage: $0 KEYFILE IVFILE (encrypt | decrypt | genkey) [IN] [OUT]"
+    exit 
+}
+chacha20() {
+    test "$#" -ne 6 && usage
+    KEY="$(od -An -v -tx1 $1 |tr -d ' \n')"
+    IV="$(openssl base64 -A -in $2 -d |od -An -v -tx1 |tr -d ' \n')"
+    openssl enc $6 -chacha20 -K $KEY -iv $IV -nosalt -in $4 -out $5
+}
+case "$3" in
+    encrypt )
+        chacha20 $@ -e;;
+    decrypt )
+        chacha20 $@ -d;;
+    genkey )
+        test "$#" -ne 3 && usage
+        head -c32 /dev/urandom > $1
+        head -c16 /dev/urandom > $2.bin
+        openssl base64 -A -in $2.bin -out $2;;
+    * )
+        usage;;
+esac

playbook/roles/amarisoft-upgrade/tasks/main.yml

+---
+
+  - set_fact: cn="{{ ansible_hostname }}"
+
+  - stat: path="{{ pkdir }}/{{ cn }}.pub"
+    register: certificate
+
+  - name: End playbook if we have no public key yet
+    meta: end_play
+    when: certificate.stat.exists == False
+
+  - name: Delete download directory
+    file: path={{ install_folder }}/download state=absent
+
+  - name: Create download directory
+    file: path={{ install_folder }}/download state=directory mode=0755
+
+  - name: Get license expiration
+    shell: '/opt/amarisoft/get-license-info -e'
+    register: license_expiration
+
+  - name: Get license version
+    shell: '/opt/amarisoft/get-license-info -v'
+    register: license_version
+
+  - name: Get new amarisoft version if available
+    shell: "networkcache-download -c /etc/opt/slapos/slapos.cfg -k key-private:amarisoft 'version<=\"{{ license_expiration.stdout }}\"' 'version>>\"{{ license_version.stdout }}\"' 'cn==\"{{ cn }}\"' --list | grep version | cut -d\\\" -f4"
+    register: new_version
+
+  - name: End playbook if no new amarisoft versions
+    meta: end_play
+    when: new_version.rc != 0
+
+  - name: Download nonce to decrypt new amarisoft version
+    shell: "networkcache-download -c /etc/opt/slapos/slapos.cfg -k file-private:amarisoft 'version<=\"{{ license_expiration.stdout }}\"' 'version>>\"{{ license_version.stdout }}\"' --list | grep nonce | cut -d\\\" -f4 > {{ install_folder }}/download/nonce"
+    register: nonce
+
+  - set_fact: version="{{ new_version.stdout }}"
+
+  - name: Download new amarisoft version
+    shell: "networkcache-download -c /etc/opt/slapos/slapos.cfg -k file-private:amarisoft 'version<=\"{{ license_expiration.stdout }}\"' 'version>>\"{{ license_version.stdout }}\"' > {{ install_folder }}/download/amarisoft.tar.gz.enc"
+
+  - name: Download encrypted symmetric key for new amarisoft version
+    shell: "networkcache-download -c /etc/opt/slapos/slapos.cfg -k key-private:amarisoft 'version<=\"{{ license_expiration.stdout }}\"' 'version>>\"{{ license_version.stdout }}\"' 'cn==\"{{ cn }}\"' > {{ install_folder }}/download/symmetric_key.bin.enc"
+
+  - name: Create directory if it does not exist
+    file: path={{ install_folder }}/{{ version }} state=directory mode=0755
+
+  - name: Create directory if it does not exist
+    file: path={{ install_folder }}/_{{ version }} state=directory mode=0755
+
+  - name: Decrypt key
+    shell: 'openssl pkeyutl -decrypt -in {{ install_folder }}/download/symmetric_key.bin.enc -inkey /opt/private-key/{{ cn }}.key -out /opt/private-key/symmetric_key-{{ version }}.key'
+
+  - name: Decrypt archive
+    script: encrypt-data.sh /opt/private-key/symmetric_key-{{ version }}.key {{ install_folder }}/download/nonce decrypt {{ install_folder }}/download/amarisoft.tar.gz.enc {{ install_folder }}/amarisoft.tar.gz
+
+  - name: Extract archive
+    unarchive:
+      src: "{{ install_folder }}/amarisoft.tar.gz"
+      dest: "{{ install_folder }}"
+
+  - name: Extract lteenb archive
+    unarchive:
+      src: "{{ install_folder }}/{{ version }}/lteenb-linux-{{ version }}.tar.gz"
+      dest: "{{ install_folder }}/_{{ version }}"
+
+  - name: Extract ltemme archive
+    unarchive:
+      src: "{{ install_folder }}/{{ version }}/ltemme-linux-{{ version }}.tar.gz"
+      dest: "{{ install_folder }}/_{{ version }}"
+
+  - name: Extract trx_sdr archive
+    unarchive:
+      src: "{{ install_folder }}/{{ version }}/trx_sdr-linux-{{ version }}.tar.gz"
+      dest: "{{ install_folder }}/_{{ version }}"
+
+  - name: Create a symbolic link for lteenb
+    file:
+      src: "lteenb-linux-{{ version }}"
+      dest: "{{ install_folder }}/_{{ version }}/enb"
+      state: link
+
+  - name: Create a symbolic link for ltemme
+    file:
+      src: "ltemme-linux-{{ version }}"
+      dest: "{{ install_folder }}/_{{ version }}/mme"
+      state: link
+
+  - name: Create a symbolic link for trx_sdr
+    file:
+      src: "trx_sdr-linux-{{ version }}"
+      dest: "{{ install_folder }}/_{{ version }}/trx_sdr"
+      state: link
+
+  - name: Copy trx_sdr libraries
+    shell: 'cp {{ install_folder }}/_{{ version }}/trx_sdr/*.so {{ install_folder }}/_{{ version }}/enb/'
+
+  - name: Move amarisoft folder
+    shell: 'mv {{ install_folder }}/_{{ version }} {{ install_folder }}/v{{ version }}'
+
+  - name: Remove extraction folder
+    file: 
+      path: "{{ install_folder }}/{{ version }}"
+      state: absent

playbook/sha256sum

-52d2ed49a2b4f3069880686375a4492f4d7f9501b39670abb76550b087634967  -
+fc02ecb8cc1e71ad3ffa7dc95de6b0c555285829e59ac165f5096f3c597158f0  -