diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index e75703d..605c17b 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -4,6 +4,49 @@ To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine +## Setup User `dev` + +- Create a new `hosts.ini` file: + + ```bash + cp ../hosts.example.ini hosts.ini + ``` + +- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: + + ```ini + [deployment_host] + ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' + ``` + + - Replace `` with the desired `hostname` of the remote machine + - Replace `` with the IP address or hostname of the target machine + - Replace `` with `root` + +- Verify that you are able to connect to the host using the following command: + + ```bash + ansible all -m ping -i hosts.ini + + # Expected output: + + # | SUCCESS => { + # "ansible_facts": { + # "discovered_interpreter_python": "/usr/bin/python3.10" + # }, + # "changed": false, + # "ping": "pong" + # } + ``` + +- Execute the `setup-user.yml` Ansible playbook to create a user `dev` with sudo permissions: + + ```bash + ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }' + ``` + +For the following playbooks, Update `ansible_user` in the [`hosts.ini`](./hosts.ini) file to the user that you created + ## Configure DNS ### Prerequisites @@ -17,7 +60,7 @@ To get started, follow the [installation](../README.md#installation) guide to se - Copy the [`dns-vars.example.yml`](./vars/dns-vars.example.yml) file ```bash - cd vars/ + cd vars cp dns-vars.example.yml dns-vars.yml ``` @@ -47,43 +90,94 @@ To get started, follow the [installation](../README.md#installation) guide to se ansible-playbook setup-dns.yml ``` -## Setup User `dev` +## Setup k8s clusters -- Create a new `hosts.ini` file: +- Create a PGP key on your target host - ```bash - cp ../hosts.example.ini hosts.ini - ``` - -- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: - - ```ini - [deployment_host] - ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' + ``` + gpg --full-generate-key ``` - - Replace `` with the desired `hostname` of the remote machine - - Replace `` with the IP address or hostname of the target machine - - Replace `` with `root` +- List the secret keys -- Verify that you are able to connect to the host using the following command: + ``` + gpg --list-secret-keys --keyid-format=long + ``` + +- This will output something like this + + ``` + [keyboxd] + --------- + sec rsa4096/0AFB10B643944C22 2024-05-03 [SC] [expires: 2025-05-03] + 17B3248D6784EC6CB43365A60AFB10B643944C22 + uid [ultimate] user + ``` + + Note the `0AFB10B643944C22` sequence of characters. + +- Copy the [`k8s-vars.example.yml`](./vars/k8s-vars.example.yml) file ```bash - ansible all -m ping -i hosts.ini -k - - # Expected output: - - # | SUCCESS => { - # "ansible_facts": { - # "discovered_interpreter_python": "/usr/bin/python3.10" - # }, - # "changed": false, - # "ping": "pong" - # } + cd vars + cp k8s-vars.example.yml k8s-vars.yml ``` -- Execute the `setup-user.yml` Ansible playbook to create a user `dev` with sudo permissions: +- Update `gpg_key_id` in [`k8s-vars.yml`](./vars/k8s-vars.yml) with the the following: ```bash - ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }' + target_host: "deployment_host" + + # The sequence you obtained in the previous step + # eg: 0AFB10B643944C22 + gpg_key_id: "" + + # The passphrase used while creating the GPG key + vault_passphrase: "" + + # Three letter identifier for your organization + # eg: lcn + org_id: "" + + # Three letter identifier for your location + # eg: cad + location_id: "" + + # your domain + dns_domain: "" ``` + +- Run the `setup-k8s.yml` ansible playbook: + + ```bash + ansible-playbook setup-k8s.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER + ``` + +## Setup Container Registry + +- Copy the [`container-vars.example.yml`](./vars/container-vars.example.yml) file + + ```bash + cd vars + cp container-vars.example.yml container-vars.yml + ``` + +- Update the following in the [`container-vars.yml`](./vars/container-vars.yml) file: + + ```bash + # username for the container registry + container_registry_username: "" + + # password for the container registry + container_registry_password: "" + ``` + +- Run the `setup-container-registry.yml` ansible playbook + + ```bash + ansible-playbook setup-container-registry.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER + ``` + +## Setup laconicd and laconic console + +- \ No newline at end of file diff --git a/service-provider-setup/setup-dns.yml b/service-provider-setup/setup-dns.yml index 8324a3c..cf5d33a 100644 --- a/service-provider-setup/setup-dns.yml +++ b/service-provider-setup/setup-dns.yml @@ -18,7 +18,7 @@ oauth_token: "{{ do_api_token }}" domain: "{{ domain }}" type: A - name: "{{ subdomain }}-cluster-control" + name: "{{ subdomain_prefix }}-cluster-control" data: "{{ cluster_control_ip }}" - name: Create CNAME record for www @@ -38,7 +38,7 @@ data: "{{ subdomain_cluster_control }}.{{ domain }}" domain: "{{ domain }}" type: CNAME - name: "{{ subdomain }}" + name: "{{ subdomain_prefix }}" ttl: 43200 - name: Create wildcard CNAME record for subdomain @@ -48,7 +48,7 @@ data: "{{ subdomain_cluster_control }}.{{ domain }}" domain: "{{ domain }}" type: CNAME - name: "*.{{ subdomain }}" + name: "*.{{ subdomain_prefix }}" ttl: 43200 - name: Create CNAME record for pwa diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index d472e9b..66bbee9 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -35,6 +35,13 @@ state: present create: yes + - name: Ensure ~/.local/bin is in PATH in .zshrc + lineinfile: + path: ~/.zshrc + line: 'export PATH="$HOME/.local/bin:$PATH"' + state: present + create: yes + - name: Clone the service provider template repo git: repo: "https://git.vdb.to/cerc-io/service-provider-template.git" @@ -59,6 +66,8 @@ command: bash .vault/vault-rekey.sh responses: "Enter passphrase:": "{{ vault_passphrase }}" + environment: + VAULT_KEY='{{ vault_passphrase }}' args: chdir: "service-provider-template" @@ -161,11 +170,11 @@ chdir: "{{ ansible_env.HOME }}/service-provider-template" - name: Install Stack Orchestrator - command: ansible-playbook -i hosts site.yml --tags=so --limit=so + command: ansible-playbook -i hosts site.yml --tags=so --limit=so --user so args: chdir: "{{ ansible_env.HOME }}/service-provider-template" - name: Deploy Kubernetes - command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} + command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user so args: chdir: "{{ ansible_env.HOME }}/service-provider-template" diff --git a/service-provider-setup/setup-user.yml b/service-provider-setup/setup-user.yml index cfb17db..ebd3aa4 100644 --- a/service-provider-setup/setup-user.yml +++ b/service-provider-setup/setup-user.yml @@ -78,6 +78,7 @@ - /var/lib/snapd become: yes + # TODO: Make username and password configurable - name: Create a user `dev` user: name: dev @@ -85,7 +86,7 @@ shell: /bin/zsh state: present - - name: Add dev' user to sudoers group + - name: Add dev user to sudoers group user: name: dev groups: sudo @@ -98,3 +99,5 @@ owner: dev group: dev mode: '0700' + + # TODO: Add tasks to setup passwordless sudo for the user \ No newline at end of file diff --git a/service-provider-setup/vars/container-vars.example.yml b/service-provider-setup/vars/container-vars.example.yml index 643335e..3b34f94 100644 --- a/service-provider-setup/vars/container-vars.example.yml +++ b/service-provider-setup/vars/container-vars.example.yml @@ -1,3 +1,3 @@ container_registry_username: "" container_registry_password: "" -container_registry_domain: "" +container_registry_domain: "container-registry.pwa.{{ dns_domain }}.com"