service-provider-setup/README.md

@@ -4,39 +4,99 @@
 
 To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine
 
+## Setup a new User
+
+- Create a new `hosts.ini` file:
+
+   ```bash
+   cp ../hosts.example.ini hosts.ini
+   ```
+
+- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine:
+
+  ```ini
+  [root_host]
+  <host_name> ansible_host=<target_ip> ansible_user=<ssh_user> ansible_ssh_common_args='-o ForwardAgent=yes'
+  ```
+
+  - Replace `<host_name>` with the desired `hostname` of the remote machine
+  - Replace `<target_ip>` with the IP address or hostname of the target machine
+  - Replace `<ssh_user>` with `root`
+
+- Verify that you are able to connect to the host using the following command:
+
+  ```bash
+  ansible all -m ping -i hosts.ini
+
+  # Expected output:
+
+  # <host_name> | SUCCESS => {
+  #  "ansible_facts": {
+  #      "discovered_interpreter_python": "/usr/bin/python3.10"
+  #  },
+  #  "changed": false,
+  #  "ping": "pong"
+  # }
+  ```
+
+- Setup `user-vars.yml`  using the example file
+
+  ```bash
+  cp vars/user-vars.example.yml vars/user-vars.yml
+  ```
+
+- Edit the following vars:
+
+  ```bash
+  # name of the user you want to setup on the target host
+  username: ""
+
+  # password of the user you want to setup on the target host
+  password: ""
+
+  # path to the ssh key on your machine, eg: "/home/dev/.ssh/id_rsa.pub"
+  path_to_ssh_key: "
+  ```
+
+- Execute the `setup-user.yml` Ansible playbook to create a user with passwordless sudo permissions:
+
+  ```bash
+  cd ../
+  LANG=en_US.utf8 ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }'
+  ```
+
 ## Become a Service Provider
 
 ### Prerequisites
 
-- Buy a domain and configure nameservers to DigitalOcean
+- Set up a DigitalOcean Droplet with passwordless SSH access
 
-- Generate a DigitalOcean access token
+- Buy a domain and configure [nameservers pointing to DigitalOcean](https://docs.digitalocean.com/products/networking/dns/getting-started/dns-registrars/)
+
+- Generate a DigitalOcean access token, used for API authentication and managing cloud resources
+
+### Setup
 
 - Copy the vars files:
 
   ```bash
   cd vars
-  cp user-vars.example.yml user-vars.yml
   cp dns-vars.example.yml dns-vars.yml
   cp gpg-vars.example.yml gpg-vars.yml
   cp k8s-vars.example.yml k8s-vars.yml
   cp container-vars.example.yml container-vars.yml
   cp webapp-vars.example.yml webapp-vars.yml
+  cd -
   ```
 
 - Update the following values in the respective variable files:
 
   ```bash
-  # vars/user-vars.yml
-  username: ""          # name of the user you want to setup on the target host
-  password: ""          # password of the user you want to setup on the target host
-  path_to_ssh_key: ""    # path to the ssh key on your machine
-
   # vars/dns-vars.yml
   full_domain: ""               # eg: laconic.com
   subdomain_prefix: ""          # eg: lcn-cad
-  cluster_control_ip: ""        # eg: 23.111.78.179
+  service_provider_ip: ""        # eg: 23.111.78.179
-  do_api_token: ""              # eg: dop_v1...
+  do_api_token: ""              # Digital Ocean access token that you generated, eg: dop_v1...
 
   # vars/gpg-vars.yml
   gpg_user_name: ""         # Full name of the user for the GPG key
@@ -58,15 +118,10 @@ To get started, follow the [installation](../README.md#installation) guide to se
   authority_name: ""      # eg: my-org-name
   cpu_reservation: ""     # Minimum number of cpu cores to be used, eg: 2
   memory_reservation: ""  # Minimum amount of memory in GB to be used, eg: 4G
+  deployer_gpg_passphrase: "" # passphrase for creating GPG key used by webapp-deployer, eg: SECRET
   ```
 
-- Create a new `hosts.ini` file:
+- Update the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine:
-
-   ```bash
-   cp ../hosts.example.ini hosts.ini
-   ```
-
-- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine:
 
   ```ini
   [root_host]
@@ -78,7 +133,7 @@ To get started, follow the [installation](../README.md#installation) guide to se
 
   - Replace `<host_name>` with the desired `hostname` of the remote machine
   - Replace `<target_ip>` with the IP address or hostname of the target machine
-  - Under `deployment_host`, Replace `<ansible_user>` with the name of the user you want to create
+  - Under `deployment_host`, Replace `<ansible_user>` with the name of the user you have created
 
 - Verify that you are able to connect to the host using the following command:
 
@@ -96,7 +151,12 @@ To get started, follow the [installation](../README.md#installation) guide to se
   # }
   ```
 
-- Run the `service-provider-setup.yml` ansible-playbook to setup a new user, create DNS records, deploy k8s, setup laconicd and laconic console, setup container registry, deploy the webapp-deployer API and webapp-deployer UI
+- Run the `service-provider-setup.yml` ansible-playbook to:
+  - Create DNS records
+  - Deploy k8s,
+  - Setup laconicd and laconic console
+  - Setup container registry
+  - Deploy the webapp-deployer API and webapp-deployer UI
 
   ```bash
   LANG=en_US.utf8 ansible-playbook service-provider-setup.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER

service-provider-setup/setup-dns.yml

@@ -10,7 +10,7 @@
         state: present
         oauth_token: "{{ do_api_token }}"
         name: "{{ full_domain }}"
-        ip: "{{ cluster_control_ip }}"
+        ip: "{{ service_provider_ip }}"
 
     - name: Create record for cluster control machine
       community.digitalocean.digital_ocean_domain_record:
@@ -19,7 +19,7 @@
         domain: "{{ full_domain }}"
         type: A
         name: "{{ subdomain_prefix }}-cluster-control"
-        data: "{{ cluster_control_ip }}"
+        data: "{{ service_provider_ip }}"
 
     - name: Create CNAME record for www
       community.digitalocean.digital_ocean_domain_record:

service-provider-setup/templates/control-firewalld.yml.j2

@@ -13,4 +13,4 @@ firewalld_add:
     sources:
       - 10.42.0.0/16
       - 10.43.0.0/16
-      - {{ cluster_control_ip }}
+      - {{ service_provider_ip }}

service-provider-setup/templates/daemon-firewalld.yml.j2

@@ -13,4 +13,4 @@ firewalld_add:
 
   - name: trusted
     sources:
-      - {{ cluster_control_ip }}
+      - {{ service_provider_ip }}

service-provider-setup/templates/hosts.j2

@@ -1,12 +1,12 @@
 [all]
-{{ org_id }}-daemon ansible_host={{ cluster_control_ip }}
+{{ org_id }}-daemon ansible_host={{ service_provider_ip }}
-{{ org_id }}-{{ location_id }}-cluster-control ansible_host={{ cluster_control_ip }}
+{{ org_id }}-{{ location_id }}-cluster-control ansible_host={{ service_provider_ip }}
 
 [so]
 {{ org_id }}-daemon
 
 [{{ org_id }}_{{ location_id }}]
-{{ org_id }}-{{ location_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ cluster_control_ip }}
+{{ org_id }}-{{ location_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ service_provider_ip }}
 
 [k8s:children]
 {{ org_id }}_{{ location_id }}

service-provider-setup/vars/dns-vars.example.yml

@@ -1,5 +1,5 @@
 full_domain: ""
 subdomain_prefix: ""
 subdomain_cluster_control: "{{ subdomain_prefix }}-cluster-control"
-cluster_control_ip: ""
+service_provider_ip: ""
 do_api_token: ""