cerc-io/testnet-ops
16
0
Fork 1
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

[WIP] Add ansible playbook to automate service provider setup #10

Draft
nabarun wants to merge 21 commits from deep-stack/testnet-ops:ag-sp-setup into main
pull from: deep-stack/testnet-ops:ag-sp-setup
merge into: cerc-io:main
Conversation 0 Commits 21 Files Changed 35 +58 -20
3 changed files with 58 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 9172c8ab36 - Show all commits

22
service-provider-setup/README.md
View File

@ -39,7 +39,27 @@ To get started, follow the [installation](../README.md#installation) guide to se
# }
```
- Execute the `setup-user.yml` Ansible playbook to create a user `dev` with sudo permissions:
- Setup `user-vars.yml` using the example file
```bash
cd vars
cp user-vars.example.yml user-vars.yml
```
- Edit the following vars:
```bash
# name of the user you want to setup on the target host
username: ""
# password of the user you want to setup on the target host
password: ""
# path to the ssh key on your machine
path_to_ssh_key: "
```
- Execute the `setup-user.yml` Ansible playbook to create a user with passwordless sudo permissions:
```bash
ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }'

15
service-provider-setup/setup-k8s.yml
View File

@ -59,12 +59,16 @@
ignore_errors: yes
- name: Sign a dummy string using gpg-key
shell: echo "This is a dummy string." | gpg --batch --yes --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign -
shell: echo "This is a dummy string." | gpg --batch --yes --local-user "{{ gpg_key_id }}" --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign -
- name: Run vault-rekey.sh
shell: bash .vault/vault-rekey.sh
args:
chdir: "service-provider-template"
register: rekey_result
until: rekey_result.stderr == ""
retries: 5
delay: 5
- name: Ensure the target directory exists
file:
@ -163,13 +167,10 @@
command: ansible-playbook -i hosts site.yml --tags=firewalld,nginx
args:
chdir: "{{ ansible_env.HOME }}/service-provider-template"
- name: Install Stack Orchestrator
command: ansible-playbook -i hosts site.yml --tags=so --limit=so --user so
args:
chdir: "{{ ansible_env.HOME }}/service-provider-template"
environment:
ANSIBLE_HOST_KEY_CHECKING: "False"
- name: Deploy Kubernetes
command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user so
command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user {{ ansible_user }}
args:
chdir: "{{ ansible_env.HOME }}/service-provider-template"

41
service-provider-setup/setup-user.yml
View File

@ -2,12 +2,16 @@
hosts: "{{ target_host }}"
become: yes
vars_files:
- vars/user-vars.yml
tasks:
- name: Set unique hostname
hostname:
name: "{{ inventory_hostname }}"
when: ansible_hostname != inventory_hostname
# TODO: Move installation to k8s playbook
- name: Install additional packages
apt:
name:
@ -78,26 +82,39 @@
- /var/lib/snapd
become: yes
# TODO: Make username and password configurable
- name: Create a user `dev`
- name: Create a user
user:
name: dev
password: "{{ 'so-service-provider' | password_hash('sha512') }}"
shell: /bin/zsh
name: "{{ username }}"
password: "{{ '{{ password }}' | password_hash('sha512') }}"
shell: /bin/bash
state: present
- name: Add dev user to sudoers group
- name: Add user to sudoers group
user:
name: dev
name: "{{ username }}"
groups: sudo
append: yes
- name: Ensure .ssh directory exists for 'dev' user
- name: Ensure .ssh directory exists for user
file:
path: /home/dev/.ssh
path: /home/"{{ username }}"/.ssh
state: directory
owner: dev
group: dev
owner: "{{ username }}"
group: "{{ username }}"
mode: '0700'
# TODO: Add tasks to setup passwordless sudo for the user
- name: Copy SSH public key to authorized_keys
copy:
src: "{{ path_to_ssh_key }}"
dest: /home/{{ username }}/.ssh/authorized_keys
owner: "{{ username }}"
group: "{{ username }}"
mode: '0600'
- name: Add user to sudoers for passwordless sudo
lineinfile:
path: /etc/sudoers
state: present
regexp: '^{{ username }} ALL=\(ALL\) NOPASSWD:ALL'
line: '{{ username }} ALL=(ALL) NOPASSWD:ALL'
validate: 'visudo -cf %s'