playbook: add ors-offline playbook

12e2014e · Joanne Hugé · f296aee8 · 12e2014e · 12e2014e · 12e2014e
Commit 12e2014e authored Jun 17, 2024 by Joanne Hugé
17 changed files
--- a/playbook/ors-offline.yml
+++ b/playbook/ors-offline.yml
+- name: a play that runs entirely on the ansible host
+  hosts: 127.0.0.1
+  connection: local
+
+  vars_files:
+    - settings/vifib.yml
+    - settings/slapos-master.yml
+    - settings/ors.yml
+
+  roles:
+    - ors-offline
--- a/playbook/roles/ors-offline/files/configure-firewall
+++ b/playbook/roles/ors-offline/files/configure-firewall
+#!/bin/bash
+
+# Enable ipv4 and ipv6 forwarding for core network
+echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
+echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+
+# Set correct iptables rules
+mkdir -p /etc/iptables
+IF_LIST=()
+CONFV4="/etc/iptables/rules.v4"
+TMPV4="/tmp/rules.v4.$(date +%s)"
+CONFV6="/etc/iptables/rules.v6"
+TMPV6="/tmp/rules.v6.$(date +%s)"
+
+## Get sorted list of physical network interfaces
+cd /sys/class/net;
+for IF in $(find . -type l -printf "%f\n"); do
+  # If interface is not virtual
+  if ! realpath $(readlink $IF) | grep -q "^/sys/devices/virtual"; then
+    IF_LIST+=($IF);
+  fi
+done
+IFS=$'\n' IF_LIST_SORTED=($(sort <<<"${IF_LIST[*]}"))
+unset IFS
+
+## Write target IPv4 rules
+cat > $TMPV4 << EOF
+*nat
+:PREROUTING ACCEPT
+:INPUT ACCEPT
+:OUTPUT ACCEPT
+:POSTROUTING ACCEPT
+-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination :5353
+-A POSTROUTING -p udp -m udp --sport 5353 -j SNAT --to-source :53
+EOF
+for IF in "${IF_LIST_SORTED[@]}"; do
+  cat >> $TMPV4 << EOF
+-A POSTROUTING -o $IF -j MASQUERADE
+EOF
+done
+cat >> $TMPV4 << EOF
+COMMIT
+*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+COMMIT
+EOF
+## Write target IPv6 rules
+cat > $TMPV6 << EOF
+*nat
+:PREROUTING ACCEPT
+:INPUT ACCEPT
+:OUTPUT ACCEPT
+:POSTROUTING ACCEPT
+EOF
+for IF in "${IF_LIST_SORTED[@]}"; do
+  cat >> $TMPV6 << EOF
+-A POSTROUTING -o $IF -j MASQUERADE
+EOF
+done
+cat >> $TMPV6 << EOF
+COMMIT
+*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+COMMIT
+EOF
+
+## Reconfigure iptables if current rules doens't match target rules
+touch $CONFV4 $CONFV6
+if ! diff $TMPV4 $CONFV4; then
+  cp $TMPV4 $CONFV4
+  iptables-restore $CONFV4
+fi
+if ! diff $TMPV6 $CONFV6; then
+  cp $TMPV6 $CONFV6
+  ip6tables-restore $CONFV6
+fi
+rm -f $TMPV4 $TMPV6
--- a/playbook/roles/ors-offline/files/configure-grub
+++ b/playbook/roles/ors-offline/files/configure-grub
+#!/bin/bash
+CONF="/etc/default/grub"
+BAK="/tmp/default.grub"
+N_CORE="$(($(lscpu | sed -n 's/^Core.*: *\([0-9]*\)/\1/gp') * $(lscpu | sed -n 's/^Socket.*: *\([0-9]*\)/\1/gp')))"
+cp $CONF $BAK;
+if ! (grep -q idle=halt /proc/cmdline && grep -q "maxcpus=$N_CORE" /proc/cmdline); then
+  sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT.*\)idle=[a-z]* *\(.*\)/\1\2/g' $CONF;
+  sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT.*\)"/\1 idle=halt"/g' $CONF;
+  sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT.*\)maxcpus=[0-9]* *\(.*\)/\1\2/g' $CONF;
+  sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT.*\)"/\1 maxcpus='"$N_CORE"'"/g' $CONF;
+  if ! update-grub; then
+    cp $BAK $CONF;
+    update-grub;
+  fi
+fi
+rm -f $BAK;
--- a/playbook/roles/ors-offline/files/configure-re6st
+++ b/playbook/roles/ors-offline/files/configure-re6st
+#!/bin/bash
+IF_LIST=()
+RM_IF_LIST=()
+CONF="/etc/re6stnet/re6stnet.conf"
+TMP="/tmp/re6stnet.conf.$(date +%s)"
+cd /sys/class/net;
+for IF in $(find . -type l -printf "%f\n"); do
+  # If interface is virtual
+  if ! realpath $(readlink $IF) | grep -q "^/sys/devices/virtual"; then
+    # If interface is up and has IPv6 neighbours
+    if [ "$(cat $IF/operstate)" = "up" ] && [ -n "$(ip -6 neigh list dev $IF)" ]; then
+      # Special case: interfaces connected to Lille office LAN should not have interface option enabled
+      if ! ping6 -q -c3 -w3 fe80::20d:b9ff:fe3f:9055%$IF; then
+        IF_LIST+=($IF);
+      else
+        RM_IF_LIST+=($IF);
+      fi
+    fi
+  fi
+done
+cp $CONF $TMP;
+REPLACE=0
+# Check if configuration is correct
+for IF in "${IF_LIST[@]}"; do
+  if ! grep -q "^interface $IF" $TMP; then
+    REPLACE=1
+  fi
+done
+for IF in "${RM_IF_LIST[@]}"; do
+  if grep -q "^interface $IF" $TMP; then
+    REPLACE=1
+  fi
+done
+# Reconfigure re6st if configuration not correct
+if (( $REPLACE )); then
+  sed -i '/^interface/d' $TMP
+  for IF in "${IF_LIST[@]}"; do
+    echo "interface $IF" >> $TMP
+  done
+  mv $TMP $CONF;
+  systemctl restart re6stnet
+fi
+rm -rf $TMP;
--- a/playbook/roles/ors-offline/files/configure-slapos.py
+++ b/playbook/roles/ors-offline/files/configure-slapos.py
+#!/usr/bin/env python3
+import configparser
+import subprocess
+
+CONF_PATH = "/etc/opt/slapos/slapos.cfg"
+
+ors_config = {
+    'slapformat': {
+        'create_tun': 'True',
+        'partition_amount': '20',
+        'ipv6_prefixshift': '7',
+    },
+    'networkcache': {
+        'download-from-binary-cache-force-url-list': '''
+https://lab.nexedi.com/nexedi/slapos/raw/1.
+https://lab.node.vifib.com/nexedi/slapos/raw/1.0.''',
+    },
+}
+
+with open('/opt/upgrader/configure-slapos.log', 'w+') as l:
+
+    l.write("[configure-slapos] Configuring slapos...\n")
+
+    config = configparser.ConfigParser()
+    config.read(CONF_PATH)
+
+    def is_slapformat_valid():
+        for k in ors_config['slapformat']:
+            if ors_config['slapformat'][k] != \
+               config.setdefault('slapformat', {}).setdefault(k, ''):
+                l.write("[configure-slapos] {} not valid ( {} != {} )\n".format(k, ors_config['slapformat'][k], config.setdefault('slapformat', {}).setdefault(k, '')))
+                return False
+        return True
+    slapformat_valid = is_slapformat_valid()
+
+    config['slapformat'].update(ors_config['slapformat'])
+    config['networkcache'].update(ors_config['networkcache'])
+    with open(CONF_PATH, 'w+') as f:
+        config.write(f)
+
+
+    if not slapformat_valid:
+        l.write("[configure-slapos] slapos.cfg not valid\n")
+        # Delete slaptun devices
+        for i in range(0,19):
+            subprocess.run(['ip', 'link', 'delete', 'slaptun{}'.format(i)])
+        subprocess.run(['rm', '-f', '/opt/slapos/slapos.xml'], check=True)
+        subprocess.run(['slapos', 'node', 'format', '--now'], check=True, capture_output=True)
--- a/playbook/roles/ors-offline/files/configure-sudoers
+++ b/playbook/roles/ors-offline/files/configure-sudoers
+#!/bin/bash
+mkdir -p /etc/sudoers.d
+COMMAND_LIST=("rm-tmp-lte" "init-enb" "init-mme" "init-sdr" "get-sdr-info")
+PARTITION_AMOUNT="$(sed -n 's/partition_amount = \(.*\)/\1/gp' /etc/opt/slapos/slapos.cfg)"
+for c in "${COMMAND_LIST[@]}"; do
+  SLAPUSER_LINES="$(cat /etc/sudoers.d/slapuser-$c 2> /dev/null | wc -l)"
+  if [ "$SLAPUSER_LINES" != "$PARTITION_AMOUNT" ]; then
+    echo "Configuring /etc/sudoers.d/slapuser-$c..."
+    for i in $(seq 0 $(($PARTITION_AMOUNT-1))); do
+      echo "slapuser$i ALL=NOPASSWD:/opt/amarisoft/$c" >> slapuser-$c
+    done
+    mv slapuser-$c /etc/sudoers.d/
+    chmod 440 /etc/sudoers.d/slapuser-$c
+  fi
+done
+c="sdr-util"
+SLAPUSER_LINES="$(cat /etc/sudoers.d/slapuser-$c 2> /dev/null | wc -l)"
+AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1)"
+if [ "$SLAPUSER_LINES" != "$PARTITION_AMOUNT" ]; then
+  echo "Configuring /etc/sudoers.d/slapuser-$c..."
+  for i in $(seq 0 $(($PARTITION_AMOUNT-1))); do
+    echo "slapuser$i ALL=NOPASSWD:$AMARISOFT_PATH/trx_sdr/sdr_util -c 0 version" >> slapuser-$c
+  done
+  mv slapuser-$c /etc/sudoers.d/
+  chmod 440 /etc/sudoers.d/slapuser-$c
+fi
--- a/playbook/roles/ors-offline/files/format-ims
+++ b/playbook/roles/ors-offline/files/format-ims
--- a/playbook/roles/ors-offline/files/get-license-info
+++ b/playbook/roles/ors-offline/files/get-license-info
+#!/usr/bin/env python3
+
+import argparse, os, re, sys
+
+parser = argparse.ArgumentParser()
+parser.add_argument('-e', '--expiration', action='store_true')
+parser.add_argument('-v', '--version', action='store_true')
+args = parser.parse_args()
+
+amarisoft_dir = '/opt/amarisoft'
+try:
+  lte_version = sorted(filter(lambda x: re.match(r"v[0-9]{4}-[0-9]{2}-[0-9]{2}", x), os.listdir(amarisoft_dir)))[-1][1:]
+except FileNotFoundError:
+  lte_version = 'Unknown'
+lte_expiration = "Unknown"
+try:
+  for filename in os.listdir(amarisoft_dir + '/.amarisoft'):
+    if filename.endswith('.key'):
+      with open(os.path.join(amarisoft_dir + '/.amarisoft', filename), 'r') as f:
+        f.seek(260)
+        for l in f:
+          if l.startswith('version='):
+            lte_expiration = l.split('=')[1].strip()
+except FileNotFoundError:
+  pass
+
+if args.expiration:
+  print(lte_expiration, end='')
+elif args.version:
+  print(lte_version, end='')
--- a/playbook/roles/ors-offline/files/get-sdr-info
+++ b/playbook/roles/ors-offline/files/get-sdr-info
+#!/bin/bash
+
+IPRODUCT="$(lsusb -d 0403:6014 -v 2> /dev/null |sed -n 's/^  iProduct.*ORS \(.*\)$/\1/gp')"
+ISERIAL="$(lsusb -d 0403:6014 -v 2> /dev/null |sed -n 's/^  iSerial *[0-9]* \(.*\)$/\1/gp')"
+
+if [ -z "$IPRODUCT" ]; then
+  ORS="$(hostname | sed 's/ors\(.*\)/\1/g')"
+  case "$ORS" in
+    0)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A0";;
+    1)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A1";;
+    2)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A2";;
+    3)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A3";;
+    4)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A4";;
+    5)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B49";;
+    6)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A7";;
+    8)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A8";;
+    9)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B27";;
+    10)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B22";;
+    11)
+      TDD="TDD";BAND="B42";VERSION="3.4";ISERIAL="B44";;
+    13)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="UNKNOWN";;
+    14)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B24";;
+    15)
+      TDD="TDD";BAND="B42";VERSION="3.4";ISERIAL="B41";;
+    16)
+      TDD="TDD";BAND="B42";VERSION="3.4";ISERIAL="B43";;
+    17)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B46";;
+    18)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B47";;
+    19)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="UNKNOWN";;
+    20)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B33";;
+    21)
+      TDD="TDD";BAND="B42";VERSION="3.4";ISERIAL="B42";;
+    22)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B30";;
+    23)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B48";;
+    24)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B34";;
+    25)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="B18";;
+    26)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B31";;
+    27)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B38";;
+    28)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B35";;
+    29)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="UNKNOWN";;
+    30)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B50";;
+    31)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B51";;
+    32)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="UNKNOWN";;
+    33)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="UNKNOWN";;
+    34)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="UNKNOWN";;
+    35)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="UNKNOWN";;
+    36)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="UNKNOWN";;
+    37)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B65";;
+    38)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B60";;
+    39)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B61";;
+    40)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B64";;
+    41)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B57";;
+    42)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B26";;
+    43)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B29";;
+    44)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B36";;
+    45)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B37";;
+    46)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B39";;
+    47)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B28";;
+    48)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B66";;
+    49)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B67";;
+    50)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B23";;
+    51)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B59";;
+    52)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B56";;
+    53)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B58";;
+    54)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B68";;
+    55)
+      TDD="TDD";BAND="B43";VERSION="3.4";ISERIAL="B52";;
+    56)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="B5";;
+    57)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B25";;
+    58)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B70";;
+    59)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B71";;
+    60)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B72";;
+    61)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A5";;
+    62)
+      TDD="TDD";BAND="B39";VERSION="3.2";ISERIAL="A6";;
+    63)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B73";;
+    64)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B74";;
+    65)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B75";;
+    66)
+      TDD="TDD";BAND="N79";VERSION="4.5";ISERIAL="F4";;
+    67)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B20";;
+    68)
+      TDD="TDD";BAND="B39";VERSION="4.2";ISERIAL="D1";;
+    69)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="B3";;
+    70)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="B0";;
+    71)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B77";;
+    72)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B78";;
+    73)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B79";;
+    74)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B80";;
+    75)
+      TDD="TDD";BAND="B39";VERSION="4.2";ISERIAL="D2";;
+    76)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="B1";;
+    77)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B81";;
+    79)
+      TDD="TDD";BAND="B43";VERSION="4.2";ISERIAL="D24";;
+    80)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D11";;
+    81)
+      TDD="TDD";BAND="B43";VERSION="4.2";ISERIAL="D3";;
+    82)
+      TDD="TDD";BAND="B43";VERSION="4.2";ISERIAL="D23";;
+    83)
+      TDD="TDD";BAND="B43";VERSION="4.2";ISERIAL="D25";;
+    84)
+      TDD="TDD";BAND="B39";VERSION="4.2";ISERIAL="D22";;
+    85)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D12";;
+    86)
+      TDD="TDD";BAND="B39";VERSION="3.4";ISERIAL="UNKNOWN";;
+    87)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D13";;
+    88)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D14";;
+    89)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D18";;
+    90)
+      TDD="TDD";BAND="B42";VERSION="4.2";ISERIAL="D6";;
+    91)
+      TDD="FDD";BAND="B28";VERSION="4.4";ISERIAL="E1";;
+    92)
+      TDD="TDD";BAND="B43";VERSION="4.2";ISERIAL="D29";;
+    93)
+      TDD="TDD";BAND="B43";VERSION="4.2";ISERIAL="D26";;
+    94)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D16";;
+    96)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D19";;
+    97)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D15";;
+    98)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D20";;
+    99)
+      TDD="TDD";BAND="B38";VERSION="4.2";ISERIAL="D17";;
+    100)
+      TDD="TDD";BAND="N77";VERSION="4.5";ISERIAL="F1";;
+    101)
+      TDD="TDD";BAND="N77";VERSION="4.5";ISERIAL="F2";;
+    102)
+      TDD="TDD";BAND="B38";VERSION="3.4";ISERIAL="B76";;
+    103)
+      TDD="TDD";BAND="B39";VERSION="4.4";ISERIAL="E7";;
+    *)
+      TDD="UNKNOWN";BAND="UNKNOWN";VERSION="UNKNOWN";ISERIAL="UNKNOWN";;
+  esac
+else
+  test -z "$ISERIAL" && ISERIAL="UNKNOWN";
+  TDD="${IPRODUCT[@]:0:3}"
+  IPRODUCT="${IPRODUCT[@]:3}"
+  BAND="${IPRODUCT%% *}"
+  VERSION="${IPRODUCT##* }"
+fi
+
+usage() {
+  cat << ENDUSAGE
+Usage: $0 [-tbvs]
+    -t              TDD or FDD
+    -b              Band (e.g. B39)
+    -v              Version (e.g. v4.2)
+    -s              Serial number (e.g. B53)
+ENDUSAGE
+1>&2;
+}
+while getopts "tbvsh" opt; do
+  case "${opt}" in
+    h )
+        usage; exit 1;
+        ;;
+    t )
+        echo -n $TDD;
+        ;;
+    b )
+        echo -n $BAND;
+        ;;
+    v )
+        echo -n $VERSION;
+        ;;
+    s )
+        echo -n $ISERIAL;
+        ;;
+    * )
+        usage; exit 1;
+      ;;
+  esac
+done
--- a/playbook/roles/ors-offline/files/init-enb
+++ b/playbook/roles/ors-offline/files/init-enb
+#!/bin/bash
+
+AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1)"
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
+
+$AMARISOFT_PATH/enb/lte_init.sh;
--- a/playbook/roles/ors-offline/files/init-mme
+++ b/playbook/roles/ors-offline/files/init-mme
+#!/bin/bash
+
+AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1)"
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
+
+$AMARISOFT_PATH/mme/lte_init.sh;
--- a/playbook/roles/ors-offline/files/init-sdr
+++ b/playbook/roles/ors-offline/files/init-sdr
+#!/bin/bash
+
+OLD_AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v2021-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1)"
+AMARISOFT_PATH="/opt/amarisoft/$(ls -1 /opt/amarisoft | grep "^v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1)"
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
+
+$AMARISOFT_PATH/trx_sdr/sdr_util version && exit;
+lsof /dev/sdr0 && exit;
+lsmod | grep -q sdr && rmmod sdr;
+if echo $AMARISOFT_PATH | grep -q 2023; then
+  cd $OLD_AMARISOFT_PATH/trx_sdr/kernel;
+  make clean && make && bash init.sh;
+  rmmod sdr;
+fi
+cd $AMARISOFT_PATH/trx_sdr/kernel;
+make clean && make && bash init.sh;
--- a/playbook/roles/ors-offline/files/rm-tmp-lte
+++ b/playbook/roles/ors-offline/files/rm-tmp-lte
+#!/bin/bash
+
+rm -f /tmp/.lte*
--- a/playbook/roles/ors-offline/files/systemd-dhcp-network
+++ b/playbook/roles/ors-offline/files/systemd-dhcp-network
+[Match]
+Name=en*
+
+[Network]
+DHCP=yes
--- a/playbook/roles/ors-offline/files/systemd-lo-network
+++ b/playbook/roles/ors-offline/files/systemd-lo-network
+[Match]
+Name=lo
+
+[Link]
+MTUBytes=1500
--- a/playbook/roles/ors-offline/files/systemd-wait-online-override
+++ b/playbook/roles/ors-offline/files/systemd-wait-online-override
+[Service]
+ExecStart=
+ExecStart=/usr/lib/systemd/systemd-networkd-wait-online --any
--- a/playbook/roles/ors-offline/tasks/main.yml
+++ b/playbook/roles/ors-offline/tasks/main.yml
+---
+# ors-image-backports playbook
+
+  - name: Check if Service Exists
+    stat: path=/etc/init.d/init-sdr
+    register: init_sdr_service
+
+  - name: Reload daemon
+    systemd: daemon_reload=yes
+    when: init_sdr_service.stat.exists
+
+  - name: Disable old init-sdr service
+    systemd: name=init-sdr enabled=no
+    when: init_sdr_service.stat.exists
+
+# Configure systemd-networkd 
+
+  - name: Configure /etc/systemd/network/dhcp.network
+    copy: src=systemd-dhcp-network dest=/etc/systemd/network/dhcp.network owner=root mode=644
+
+## eNB and MME addresses are on lo interface, using high MTU will result in bad throughput 
+## for TCP when using IPv6 and phones with low MTU
+  - name: Configure /etc/systemd/network/lo.network
+    copy: src=systemd-lo-network dest=/etc/systemd/network/lo.network owner=root mode=644
+
+  - name: Create a directory if it does not exist
+    file: path=/etc/systemd/system/systemd-networkd-wait-online.service.d state=directory mode=0755
+
+  - name: Configure /etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf
+    copy: src=systemd-wait-online-override dest=/etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf owner=root mode=644
+
+  - name: Enable and stop systemd-networkd
+    systemd: name=systemd-networkd.service enabled=yes state=stopped
+
+## Don't use role repository because package needs to be removed after installing systemd-networkd
+
+  - name: Remove ifupdown
+    shell: 'DEBIAN_FRONTEND="noninteractive" apt remove --purge -y ifupdown'
+
+  - name: Start systemd-networkd
+    systemd: name=systemd-networkd.service enabled=yes state=started
+
+# Configure DHCP timeout
+
+  - name: Configure dhcp timeout
+    lineinfile: dest=/etc/dhcp/dhclient.conf regexp="^timeout (.*)" line="timeout 15" state=present
+
+# Reinitialize machine-id for DHCP
+
+  - name: Check if machine-id needs to be reinitialized
+    shell: grep -q a3c3a27a44e74547963830b967b5a7ee /etc/machine-id
+    register: reinitialize_machine_id
+    ignore_errors: yes
+
+  - name: Reinitialize machine-id at next boot
+    shell: 'echo uninitialized > /etc/machine-id && dpkg-reconfigure systemd'
+    when: reinitialize_machine_id.rc == 0
+
+# Configure DNS
+
+  - name: Disable dnsmasq service
+    systemd: name=dnsmasq.service enabled=no state=stopped
+    ignore_errors: yes
+
+  - name: Disable DNS stub resolver
+    lineinfile: dest=/etc/systemd/resolved.conf regexp="(.*)DNSStubListener=(.*)" line="DNSStubListener=no" state=present
+    register: disable_dns_stub
+
+  - name: Create resolv symbolic link
+    file:
+      src: /run/systemd/resolve/resolv.conf
+      dest: /etc/resolv.conf
+      state: link
+      force: true
+    register: create_resolv_link
+
+  - name: Configure default nameservers
+    lineinfile: dest=/etc/systemd/resolved.conf regexp="^DNS=(.*)" line="DNS=1.1.1.1 8.8.8.8" state=present
+    register: configure_default_nameservers
+
+  - name: Restart systemd-resolved.service if necessary
+    systemd: name=systemd-resolved.service enabled=yes state=restarted
+    when: (disable_dns_stub.changed) or (create_resolv_link.changed) or (configure_default_nameservers.changed)
+
+  - name: Enable and start systemd-resolved.service
+    systemd: name=systemd-resolved.service enabled=yes state=started
+
+# ors playbook
+
+  - name: Create /opt/upgrader where some logs will be stored
+    file: path=/opt/upgrader state=directory mode=0755
+
+  - name: Copy get-sdr-info script
+    copy: src=get-sdr-info dest=/opt/amarisoft owner=root mode=770
+
+  - name: Copy get-license-info script
+    copy: src=get-license-info dest=/opt/amarisoft owner=root mode=770
+
+  - name: Configure re6st
+    script: configure-re6st
+
+  - name: Enable and start cron.service
+    systemd: name=cron.service enabled=yes state=started
+
+  - name: Configure slapos
+    script: configure-slapos.py
+
+  - name: Copy format-ims script
+    copy: src=format-ims dest=/opt/amarisoft owner=root mode=770
+
+# Amarisoft software
+
+  - name: Create a directory if it does not exist
+    file: path=/opt/amarisoft state=directory mode=0755
+
+  - name: Copy init-sdr script
+    copy: src=init-sdr dest=/opt/amarisoft owner=root mode=770
+
+  - name: Copy init-enb script
+    copy: src=init-enb dest=/opt/amarisoft owner=root mode=770
+
+  - name: Copy init-mme script
+    copy: src=init-mme dest=/opt/amarisoft owner=root mode=770
+
+  - name: Copy rm-tmp-lte script
+    copy: src=rm-tmp-lte dest=/opt/amarisoft owner=root mode=770
+
+  - name: Get Amarisoft path
+    shell: 'find /opt/amarisoft -maxdepth 1 | grep "^/opt/amarisoft/v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1'
+    register: amarisoft_path
+
+  - name: Check if lteenb has capabilities
+    shell: 'getcap {{ amarisoft_path.stdout }}/enb/lteenb | grep -q cap_sys_nice'
+    ignore_errors: yes
+    register: lteenb_cap
+
+  - name: Set capabilities on lteenb
+    shell: 'patchelf --set-rpath {{ amarisoft_path.stdout }}/enb {{ amarisoft_path.stdout }}/enb/lteenb && setcap cap_sys_nice=+pe {{ amarisoft_path.stdout }}/enb/lteenb'
+    when: lteenb_cap.rc != 0
+
+  - name: Check if lteenb-avx2 has capabilities
+    shell: 'getcap {{ amarisoft_path.stdout }}/enb/lteenb-avx2 | grep -q cap_sys_nice'
+    ignore_errors: yes
+    register: lteenb_avx2_cap
+
+  - name: Set capabilities on lteenb-avx2
+    shell: 'patchelf --set-rpath {{ amarisoft_path.stdout }}/enb {{ amarisoft_path.stdout }}/enb/lteenb-avx2 && setcap cap_sys_nice=+pe {{ amarisoft_path.stdout }}/enb/lteenb-avx2'
+    when: lteenb_avx2_cap.rc != 0
+
+  - name: Check if lteims has capabilities
+    shell: 'getcap {{ amarisoft_path.stdout }}/mme/lteims | grep cap_sys_admin | grep -q cap_net_raw'
+    ignore_errors: yes
+    register: lteims_cap
+
+  - name: Set capabilities on lteims
+    shell: 'patchelf --set-rpath {{ amarisoft_path.stdout }}/mme {{ amarisoft_path.stdout }}/mme/lteims && setcap cap_sys_admin,cap_net_raw=+pe {{ amarisoft_path.stdout }}/mme/lteims'
+    when: lteims_cap.rc != 0
+
+  - name: Create .amarisoft directory for SR
+    file: path=/opt/amarisoft/.amarisoft state=directory
+
+  - name: Copy keys for SR
+    copy: src=/root/.amarisoft dest=/opt/amarisoft owner=root mode=644
+    ignore_errors: yes
+
+  - name: Configure sudoers
+    script: configure-sudoers
+
+# Network
+
+  - name: Configure firewall
+    script: configure-firewall
+
+  - name: Configure IPv4 forwarding
+    lineinfile: dest=/etc/sysctl.conf regexp="^net.ipv4.conf.all.forwarding=(.*)" line="net.ipv4.conf.all.forwarding=1" state=present
+
+  - name: Configure IPv6 forwarding
+    lineinfile: dest=/etc/sysctl.conf regexp="^net.ipv6.conf.all.forwarding=(.*)" line="net.ipv6.conf.all.forwarding=1" state=present
+
+  - name: Redirect 53 to 5353
+    ansible.builtin.iptables:
+      chain: PREROUTING
+      table: nat
+      protocol: udp
+      match: udp
+      jump: DNAT
+      destination_port: '53'
+      to_destination: ':5353'
+
+  - name: Redirect 5353 to 53
+    ansible.builtin.iptables:
+      chain: POSTROUTING
+      table: nat
+      protocol: udp
+      match: udp
+      jump: SNAT
+      source_port: '5353'
+      to_source: ':53'
+
+# System
+
+  - name: Configure journald log size
+    lineinfile: dest=/etc/systemd/journald.conf regexp="^SystemMaxUse=(.*)" line="SystemMaxUse=1G" state=present
+
+  - name: Add kernel parameter
+    script: configure-grub
+
+# SSH
+
+  - name: Configure ssh
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin (.*)" line="PermitRootLogin yes" state=present
+
+  - name: Configure ssh
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication (.*)" line="PasswordAuthentication yes" state=present
+
+  - name: Add format-ims script to cron after slapos node boot
+    lineinfile: dest=/etc/cron.d/slapos-node regexp="@reboot root /opt/slapos/bin/slapos node boot(.*)" line="@reboot root /opt/slapos/bin/slapos node boot >> /opt/slapos/log/slapos-node-format.log 2>&1 ; /opt/amarisoft/format-ims /opt/amarisoft/format-ims.log" state=present
+
+  - name: Add format-ims script to cron after slapos node format
+    lineinfile: dest=/etc/cron.d/slapos-node regexp="(.*)root /opt/slapos/bin/slapos node format(.*)" line="0 * * * * root /opt/slapos/bin/slapos node format >> /opt/slapos/log/slapos-node-format.log 2>&1 ; /opt/amarisoft/format-ims /opt/amarisoft/format-ims.log" state=present