service-provider-setup/README.md

@@ -4,6 +4,49 @@
 
 To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine
 
+## Setup User `dev`
+
+- Create a new `hosts.ini` file:
+
+   ```bash
+   cp ../hosts.example.ini hosts.ini
+   ```
+
+- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine:
+
+  ```ini
+  [deployment_host]
+  <host_name> ansible_host=<target_ip> ansible_user=<ssh_user> ansible_ssh_common_args='-o ForwardAgent=yes'
+  ```
+
+  - Replace `<host_name>` with the desired `hostname` of the remote machine
+  - Replace `<target_ip>` with the IP address or hostname of the target machine
+  - Replace `<ssh_user>` with `root`
+
+- Verify that you are able to connect to the host using the following command:
+
+  ```bash
+  ansible all -m ping -i hosts.ini
+
+  # Expected output:
+
+  # <host_name> | SUCCESS => {
+  #  "ansible_facts": {
+  #      "discovered_interpreter_python": "/usr/bin/python3.10"
+  #  },
+  #  "changed": false,
+  #  "ping": "pong"
+  # }
+  ```
+
+- Execute the `setup-user.yml` Ansible playbook to create a user `dev` with sudo permissions:
+
+  ```bash
+  ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }'
+  ```
+
+For the following playbooks, Update `ansible_user` in the [`hosts.ini`](./hosts.ini) file to the user that you created
+
 ## Configure DNS
 
 ### Prerequisites
@@ -17,7 +60,7 @@ To get started, follow the [installation](../README.md#installation) guide to se
 - Copy the [`dns-vars.example.yml`](./vars/dns-vars.example.yml) file
 
   ```bash
-  cd vars/
+  cd vars
   cp dns-vars.example.yml dns-vars.yml
   ```
 
@@ -47,43 +90,94 @@ To get started, follow the [installation](../README.md#installation) guide to se
   ansible-playbook setup-dns.yml
   ```
 
-## Setup User `dev`
+## Setup k8s clusters
 
-- Create a new `hosts.ini` file:
+- Create a PGP key on your target host
 
-   ```bash
+  ```
-   cp ../hosts.example.ini hosts.ini
+  gpg --full-generate-key
-   ```
-
-- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine:
-
-  ```ini
-  [deployment_host]
-  <host_name> ansible_host=<target_ip> ansible_user=<ssh_user> ansible_ssh_common_args='-o ForwardAgent=yes'
   ```
 
-  - Replace `<host_name>` with the desired `hostname` of the remote machine
+- List the secret keys
-  - Replace `<target_ip>` with the IP address or hostname of the target machine
-  - Replace `<ssh_user>` with `root`
 
-- Verify that you are able to connect to the host using the following command:
+  ```
+  gpg --list-secret-keys --keyid-format=long
+  ```
+
+- This will output something like this
+
+  ```
+  [keyboxd]
+  ---------
+  sec   rsa4096/0AFB10B643944C22 2024-05-03 [SC] [expires: 2025-05-03]
+        17B3248D6784EC6CB43365A60AFB10B643944C22
+  uid                 [ultimate] user <hello@laconic.com>
+  ```
+
+  Note the `0AFB10B643944C22` sequence of characters.
+
+- Copy the [`k8s-vars.example.yml`](./vars/k8s-vars.example.yml) file
 
   ```bash
-  ansible all -m ping -i hosts.ini -k
+  cd vars
-
+  cp k8s-vars.example.yml k8s-vars.yml
-  # Expected output:
-
-  # <host_name> | SUCCESS => {
-  #  "ansible_facts": {
-  #      "discovered_interpreter_python": "/usr/bin/python3.10"
-  #  },
-  #  "changed": false,
-  #  "ping": "pong"
-  # }
   ```
 
-- Execute the `setup-user.yml` Ansible playbook to create a user `dev` with sudo permissions:
+- Update `gpg_key_id` in [`k8s-vars.yml`](./vars/k8s-vars.yml) with the the following:
 
   ```bash
-  ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }'
+  target_host: "deployment_host"
+
+  # The sequence you obtained in the previous step
+  # eg: 0AFB10B643944C22
+  gpg_key_id: ""
+
+  # The passphrase used while creating the GPG key
+  vault_passphrase: ""
+
+  # Three letter identifier for your organization
+  # eg: lcn
+  org_id: ""
+
+  # Three letter identifier for your location
+  # eg: cad
+  location_id: ""
+
+  # your domain
+  dns_domain: ""
   ```
+
+- Run the `setup-k8s.yml` ansible playbook:
+
+  ```bash
+  ansible-playbook setup-k8s.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER
+  ```
+
+## Setup Container Registry
+
+- Copy the [`container-vars.example.yml`](./vars/container-vars.example.yml) file
+
+  ```bash
+  cd vars
+  cp container-vars.example.yml container-vars.yml
+  ```
+
+- Update the following in the [`container-vars.yml`](./vars/container-vars.yml) file:
+
+  ```bash
+  # username for the container registry
+  container_registry_username: ""
+
+  # password for the container registry
+  container_registry_password: ""
+  ```
+
+- Run the `setup-container-registry.yml` ansible playbook
+
+  ```bash
+  ansible-playbook setup-container-registry.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER
+  ```
+
+## Setup laconicd and laconic console
+
+- 

service-provider-setup/setup-dns.yml

@@ -18,7 +18,7 @@
         oauth_token: "{{ do_api_token }}"
         domain: "{{ domain }}"
         type: A
-        name: "{{ subdomain }}-cluster-control"
+        name: "{{ subdomain_prefix }}-cluster-control"
         data: "{{ cluster_control_ip }}"
 
     - name: Create CNAME record for www
@@ -38,7 +38,7 @@
         data: "{{ subdomain_cluster_control }}.{{ domain }}"
         domain: "{{ domain }}"
         type: CNAME
-        name: "{{ subdomain }}"
+        name: "{{ subdomain_prefix }}"
         ttl: 43200
 
     - name: Create wildcard CNAME record for subdomain
@@ -48,7 +48,7 @@
         data: "{{ subdomain_cluster_control }}.{{ domain }}"
         domain: "{{ domain }}"
         type: CNAME
-        name: "*.{{ subdomain }}"
+        name: "*.{{ subdomain_prefix }}"
         ttl: 43200
 
     - name: Create CNAME record for pwa

service-provider-setup/setup-k8s.yml

@@ -35,6 +35,13 @@
         state: present
         create: yes
 
+    - name: Ensure ~/.local/bin is in PATH in .zshrc
+      lineinfile:
+        path: ~/.zshrc
+        line: 'export PATH="$HOME/.local/bin:$PATH"'
+        state: present
+        create: yes
+
     - name: Clone the service provider template repo
       git:
         repo: "https://git.vdb.to/cerc-io/service-provider-template.git"
@@ -59,6 +66,8 @@
         command: bash .vault/vault-rekey.sh
         responses:
           "Enter passphrase:": "{{ vault_passphrase }}"
+      environment:
+        VAULT_KEY='{{ vault_passphrase }}'
       args:
         chdir: "service-provider-template"
 
@@ -161,11 +170,11 @@
         chdir: "{{ ansible_env.HOME }}/service-provider-template"
 
     - name: Install Stack Orchestrator
-      command: ansible-playbook -i hosts site.yml --tags=so --limit=so
+      command: ansible-playbook -i hosts site.yml --tags=so --limit=so --user so
       args:
         chdir: "{{ ansible_env.HOME }}/service-provider-template"
 
     - name: Deploy Kubernetes
-      command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }}
+      command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user so
       args:
         chdir: "{{ ansible_env.HOME }}/service-provider-template"

service-provider-setup/setup-user.yml

@@ -78,6 +78,7 @@
             - /var/lib/snapd
           become: yes
 
+    # TODO: Make username and password configurable
     - name: Create a user `dev`
       user:
         name: dev
@@ -85,7 +86,7 @@
         shell: /bin/zsh
         state: present
 
-    - name: Add dev' user to sudoers group
+    - name: Add dev user to sudoers group
       user:
         name: dev
         groups: sudo
@@ -98,3 +99,5 @@
         owner: dev
         group: dev
         mode: '0700'
+
+    # TODO: Add tasks to setup passwordless sudo for the user

service-provider-setup/vars/container-vars.example.yml

@@ -1,3 +1,3 @@
 container_registry_username: ""
 container_registry_password: ""
-container_registry_domain: ""
+container_registry_domain: "container-registry.pwa.{{ dns_domain }}.com"