Move user setup playbook to separate directory

Update service provider setup to configure laconicd chain id (#12 )
Part of [Service Provider setup](https://www.notion.so/Service-provider-setup-a09e2207e1f34f3a847f7ce9713b7ac5) and [Service provider auctions for web deployments](https://www.notion.so/Service-provider-auctions-for-web-deployments-104a6b22d47280dbad51d28aa3a91d75) - Configure laconicd chain id - Configure whether deployer should handle auctions and amount to bid - Update playbook to issue wildcard cert on deploying k8s Co-authored-by: Adw8 <adwaitgharpure@gmail.com> Co-authored-by: Shreerang Kale <shreerangkale@gmail.com> Reviewed-on: cerc-io/testnet-ops#12 Co-authored-by: Prathamesh Musale <prathamesh.musale0@gmail.com> Co-committed-by: Prathamesh Musale <prathamesh.musale0@gmail.com>
2024-10-22 14:39:32 +05:30 · 2024-10-21 10:22:32 +00:00
25 changed files with 159 additions and 87 deletions
--- a/README.md
+++ b/README.md
@ -36,10 +36,21 @@

    - Reference: <https://udhayakumarc.medium.com/error-ansible-requires-the-locale-encoding-to-be-utf-8-detected-iso8859-1-6da808387f7d>

+- Install `sshpass` used for automating SSH password authentication
+
+  ```bash
+  sudo apt-get install sshpass
+  ```
+
+- Install `passlib` used for handling encrypted passwords
+
+  ```bash
+  pip install passlib
+  ```
+
 ## Playbooks

 - [stack-orchestrator-setup](./stack-orchestrator-setup/README.md)
- [l2-setup](./l2-setup/README.md)
 - [nitro-node-setup](./nitro-nodes-setup/README.md)
 - [nitro-bridge-setup](./nitro-bridge-setup/README.md)
 - [nitro-contracts-setup](./nitro-contracts-setup/README.md)
--- a/nitro-bridge-setup/run-nitro-bridge.yml
+++ b/nitro-bridge-setup/run-nitro-bridge.yml
@ -30,14 +30,6 @@
      timeout: 300
      ignore_errors: yes

-    - name: Clone repositories required for nitro-stack
-      expect:
-        command: laconic-so --stack {{ ansible_env.HOME }}/cerc/nitro-stack/stack-orchestrator/stacks/bridge setup-repositories --git-ssh --pull
-        responses:
-          "Are you sure you want to continue connecting \\(yes/no/\\[fingerprint\\]\\)\\?": "yes"
-      timeout: 300
-      ignore_errors: yes
-
    - name: Build containers
      command: laconic-so --stack ~/cerc/nitro-stack/stack-orchestrator/stacks/bridge build-containers --force-rebuild
      when: not skip_container_build
--- a/nitro-contracts-setup/README.md
+++ b/nitro-contracts-setup/README.md
@ -27,8 +27,8 @@ The following commands have to be executed in the [`nitro-contracts-setup`](./)
  geth_deployer_pk: ""

  # Custom L1 token to be deployed
-  token_name: "LaconicNetworkToken"
-  token_symbol: "LNT"
+  token_name: "TestToken"
+  token_symbol: "TST"
  initial_token_supply: "129600"
  ```

--- a/nitro-contracts-setup/deploy-contracts.yml
+++ b/nitro-contracts-setup/deploy-contracts.yml
@ -14,7 +14,6 @@
        path: "{{ nitro_directory }}"
        state: directory

-
    - name: Change owner of nitro-directory
      file:
        path: "{{ nitro_directory }}"
@ -23,7 +22,7 @@
        state: directory
        recurse: yes

-    - name: Clone go-nitro stack repo
+    - name: Clone nitro stack repo
      expect:
        command: laconic-so fetch-stack git.vdb.to/cerc-io/nitro-stack --git-ssh --pull
        responses:
@ -33,14 +32,14 @@

    - name: Clone repositories required for nitro-stack
      expect:
-        command: laconic-so --stack ~/cerc/nitro-stack/stack-orchestrator/stacks/bridge setup-repositories --git-ssh --pull
+        command: laconic-so --stack ~/cerc/nitro-stack/stack-orchestrator/stacks/nitro-contracts setup-repositories --git-ssh --pull
        responses:
          "Are you sure you want to continue connecting \\(yes/no/\\[fingerprint\\]\\)\\?": "yes"
      timeout: 300
      ignore_errors: yes

    - name: Build containers
-      command: laconic-so --stack ~/cerc/nitro-stack/stack-orchestrator/stacks/bridge build-containers --force-rebuild
+      command: laconic-so --stack ~/cerc/nitro-stack/stack-orchestrator/stacks/nitro-contracts build-containers --force-rebuild
      when: not skip_container_build

    - name: Generate spec file for nitro contracts deployment
@ -94,7 +93,7 @@
        msg: "VPA_ADDRESS: {{ vpa_address.stdout }}"

    - name: Export ASSET_ADDRESS
-      shell: laconic-so deployment --dir nitro-contracts-deployment exec nitro-contracts "jq -r '.\"{{ geth_chain_id }}\"[0].contracts.Token.address' /app/deployment/nitro-addresses.json"
+      shell: laconic-so deployment --dir nitro-contracts-deployment exec nitro-contracts "jq -r '.\"{{ geth_chain_id }}\"[0].contracts.{{ token_name }}.address' /app/deployment/nitro-addresses.json"
      args:
        chdir: "{{ nitro_directory }}"
      register: asset_address
--- a/nitro-nodes-setup/README.md
+++ b/nitro-nodes-setup/README.md
@ -4,14 +4,6 @@

 To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine

-## Setup for Remote Host
-
-To run the playbook on a remote host:
-
- Follow steps from [setup remote hosts](../README.md#setup-remote-hosts)
-
- Update / append the [`hosts.ini`](../hosts.ini) file for your remote host with `<deployment_host>` set as `nitro_host`
-
 ## Setup

 The following commands have to be executed in [`nitro-nodes-setup`](./) directory
--- a/nitro-nodes-setup/run-nitro-nodes.yml
+++ b/nitro-nodes-setup/run-nitro-nodes.yml
@ -29,7 +29,7 @@
        state: directory
        recurse: yes

-    - name: Clone go-nitro stack repo
+    - name: Clone nitro-stack repo
      expect:
        command: laconic-so fetch-stack git.vdb.to/cerc-io/nitro-stack --git-ssh --pull
        responses:
@ -37,14 +37,6 @@
      timeout: 300
      ignore_errors: yes

-    - name: Clone repositories required for nitro-stack
-      expect:
-        command: laconic-so --stack {{ ansible_env.HOME }}/cerc/nitro-stack/stack-orchestrator/stacks/nitro-node setup-repositories --git-ssh --pull
-        responses:
-          "Are you sure you want to continue connecting \\(yes/no/\\[fingerprint\\]\\)\\?": "yes"
-      timeout: 300
-      ignore_errors: yes
-
    - name: Build containers
      command: laconic-so --stack {{ ansible_env.HOME }}/cerc/nitro-stack/stack-orchestrator/stacks/nitro-node build-containers --force-rebuild
      when: not skip_container_build
--- a/service-provider-setup/README.md
+++ b/service-provider-setup/README.md
@ -84,6 +84,7 @@ To get started, follow the [installation](../README.md#installation) guide to se
  cp gpg-vars.example.yml gpg-vars.yml
  cp k8s-vars.example.yml k8s-vars.yml
  cp container-vars.example.yml container-vars.yml
+  cp laconicd-vars.example.yml laconicd-vars.yml
  cp webapp-vars.example.yml webapp-vars.yml
  cd -
  ```
@ -95,12 +96,12 @@ To get started, follow the [installation](../README.md#installation) guide to se
  full_domain: ""               # eg: laconic.com
  subdomain_prefix: ""          # eg: lcn-cad
  service_provider_ip: ""        # eg: 23.111.78.179
-  do_api_token: ""              # Digital Ocean access token that you generated, eg: dop_v1...
+  do_api_token: ""              # DigitalOcean access token that you generated, eg: dop_v1...

  # vars/gpg-vars.yml
-  gpg_user_name: ""         # Full name of the user for the GPG key
-  gpg_user_email: ""        # Email address associated with the GPG key
-  gpg_passphrase: ""        # Passphrase for securing the GPG key
+  gpg_user_name: ""         # full name of the user for the GPG key
+  gpg_user_email: ""        # email address associated with the GPG key
+  gpg_passphrase: ""        # passphrase for securing the GPG key

  # vars/k8s-vars.yml
  target_host: "deployment_host"
@ -113,13 +114,18 @@ To get started, follow the [installation](../README.md#installation) guide to se
  container_registry_username: "" # username to login to the container registry
  container_registry_password: "" # password to login to the container registry

+  # vars/laconicd-vars.yml
+  chain_id: "" # chain id to use for the Laconic chain
+
  # vars/webapp-vars.yml
-  authority_name: ""      # eg: my-org-name
-  cpu_reservation: ""     # Minimum number of cpu cores to be used, eg: 2
-  memory_reservation: ""  # Minimum amount of memory in GB to be used, eg: 4G
-  cpu_limit: ""           # Maximum number of cpu cores to be used, eg: 6
-  memory_limit: ""        # Maximum amount of memory in GB to be used, eg: 8G
+  authority_name: ""          # eg: my-org-name
+  cpu_reservation: ""         # minimum number of cpu cores to be used, eg: 2
+  memory_reservation: ""      # minimum amount of memory in GB to be used, eg: 4G
+  cpu_limit: ""               # maximum number of cpu cores to be used, eg: 6
+  memory_limit: ""            # maximum amount of memory in GB to be used, eg: 8G
  deployer_gpg_passphrase: "" # passphrase for creating GPG key used by webapp-deployer, eg: SECRET
+  handle_auction_requests: "" # whether the webapp deployer should handle deployment auction requests, eg: true
+  auction_bid_amount: ""      # bid amount for deployment auctions in alnt, eg: 500000
  ```

 - Update the [`hosts.ini`](./hosts.ini) file:
@ -167,8 +173,8 @@ To get started, follow the [installation](../README.md#installation) guide to se

 After the playbook finishes executing, the following services will be deployed (your setup should look similar to the example below):

- laconicd chain RPC endpoint: http://lcn-daemon.laconic.com:26657
- laconic console: http://lcn-daemon.laconic.com:8080/registry
- laconicd GQL endpoint: http://lcn-daemon.laconic.com:9473/api
- webapp deployer API: https://webapp-deployer-api.pwa.laconic.com
- webapp deployer UI: https://webapp-deployer-ui.pwa.laconic.com
+- laconicd chain RPC endpoint: <http://lcn-daemon.laconic.com:26657>
+- laconicd GQL endpoint: <http://lcn-daemon.laconic.com:9473/api>
+- laconic console: <http://lcn-console.laconic.com:8080/registry>
+- webapp deployer API: <https://webapp-deployer-api.pwa.laconic.com>
+- webapp deployer UI: <https://webapp-deployer-ui.pwa.laconic.com>
--- a/service-provider-setup/deploy-backend.yml
+++ b/service-provider-setup/deploy-backend.yml
@ -10,6 +10,7 @@
    - vars/container-vars.yml
    - vars/k8s-vars.yml
    - vars/dns-vars.yml
+    - vars/laconicd-vars.yml

  tasks:
    - name: Ensure gpg-keys directory exists
@ -43,7 +44,7 @@
    - name: Create laconic config file
      template:
        src: "./templates/laconic.yml.j2"
-        dest: "config/laconic.yml"
+        dest: "{{ ansible_env.HOME }}/config/laconic.yml"

    - name: Copy the gpg private key file to config dir
      copy:
@ -65,7 +66,7 @@
            --laconic-config /home/root/config/laconic.yml \
            --api-url https://webapp-deployer-api.pwa.{{ full_domain }} \
            --public-key-file /home/root/config/webapp-deployer-api.{{ full_domain }}.pgp.pub \
-            --lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ full_domain }} \
+            --lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.pwa.{{ full_domain }} \
            --min-required-payment 0
      register: publish_output

@ -78,7 +79,7 @@
        src: "./templates/specs/webapp-deployer.spec.j2"
        dest: "webapp-deployer.spec"

-    - name: Create the deployment directory from the spec file
+    - name: Create deployment directory for webapp-deployer
      command: >
        laconic-so --stack webapp-deployer-backend deploy create
        --deployment-dir webapp-deployer --spec-file webapp-deployer.spec
@ -100,7 +101,7 @@
        dest: "webapp-deployer/data/config/laconic.yml"

    - name: login to the container registry
-      command: "docker login container-registry.pwa.{{ full_domain }} --username  {{ container_registry_username }} --password {{ container_registry_password}}"
+      command: "docker login container-registry.pwa.{{ full_domain }} --username {{ container_registry_username }} --password {{ container_registry_password}}"

    - name: Push images to container registry
      command: laconic-so deployment --dir webapp-deployer push-images
--- a/service-provider-setup/deploy-frontend.yml
+++ b/service-provider-setup/deploy-frontend.yml
@ -26,7 +26,7 @@
        --image cerc/webapp-deployment-status-ui:local --url https://webapp-deployer-ui.pwa.{{ full_domain }}
        --env-file ~/cerc/webapp-deployment-status-ui/.env

-    - name: Push image to container registry
+    - name: Push webapp-ui images to container registry
      command: laconic-so deployment --dir webapp-ui push-images

    - name: Update config file for webapp ui
--- a/service-provider-setup/run-laconic-console.yml
+++ b/service-provider-setup/run-laconic-console.yml
@ -8,6 +8,7 @@
    - vars/webapp-vars.yml
    - vars/dns-vars.yml
    - vars/k8s-vars.yml
+    - vars/laconicd-vars.yml

  tasks:
    - name: Clone the stack repo
--- a/service-provider-setup/run-laconicd.yml
+++ b/service-provider-setup/run-laconicd.yml
@ -4,6 +4,9 @@
  environment:
    PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin"

+  vars_files:
+    - vars/laconicd-vars.yml
+
  tasks:
    - name: Clone the fixturenet-laconicd-stack repo
      command: laconic-so fetch-stack git.vdb.to/cerc-io/fixturenet-laconicd-stack --pull
@ -15,7 +18,7 @@
    - name: Build container images
      command: laconic-so --stack ~/cerc/fixturenet-laconicd-stack/stack-orchestrator/stacks/fixturenet-laconicd build-containers --force-rebuild

-    - name: Generate over spec file for laconicd deployment
+    - name: Generate spec file for laconicd deployment
      template:
        src: "./templates/specs/fixturenet-laconicd-spec.yml.j2"
        dest: "fixturenet-laconicd-spec.yml"
@ -29,5 +32,10 @@
      command: laconic-so --stack ~/cerc/fixturenet-laconicd-stack/stack-orchestrator/stacks/fixturenet-laconicd deploy create --spec-file fixturenet-laconicd-spec.yml --deployment-dir fixturenet-laconicd-deployment
      when: not deployment_dir.stat.exists

+    - name: Create laconicd config
+      template:
+        src: "./templates/configs/laconicd-config.env.j2"
+        dest: "fixturenet-laconicd-deployment/config.env"
+
    - name: Start the deployment
      command: laconic-so deployment --dir fixturenet-laconicd-deployment start
--- a/service-provider-setup/setup-container-registry.yml
+++ b/service-provider-setup/setup-container-registry.yml
@ -120,7 +120,7 @@
            var: daemonsets_output.stdout

      ignore_errors: yes
-      
+
    - name: Deploy the container registry
      command: >
        laconic-so deployment --dir container-registry start
--- a/service-provider-setup/setup-dns.yml
+++ b/service-provider-setup/setup-dns.yml
@ -6,6 +6,16 @@
    - vars/k8s-vars.yml

  tasks:
+    - name: Check if domain exists
+      community.digitalocean.digital_ocean_domain_facts:
+        oauth_token: "{{ do_api_token }}"
+      register: existing_domains
+
+    - name: Fail if domain already exists
+      fail:
+        msg: "Domain {{ full_domain }} already exists."
+      when: full_domain in existing_domains.data | map(attribute='name') | list
+
    - name: Create a domain
      community.digitalocean.digital_ocean_domain:
        state: present
@ -48,7 +58,7 @@
        data: "{{ subdomain_cluster_control }}.{{ full_domain }}"
        domain: "{{ full_domain }}"
        type: CNAME
-        name: "{{ subdomain_prefix }}.{{ full_domain }}"
+        name: "{{ subdomain_prefix }}"
        ttl: 43200

    - name: Create CNAME record for laconicd endpoint
@ -58,7 +68,7 @@
        data: "{{ org_id }}-daemon.{{ full_domain }}"
        domain: "{{ full_domain }}"
        type: CNAME
-        name: "laconicd.{{ full_domain }}"
+        name: "laconicd"
        ttl: 43200

    - name: Create CNAME record for backend
@ -68,7 +78,7 @@
        data: "{{ org_id }}-daemon.{{ full_domain }}"
        domain: "{{ full_domain }}"
        type: CNAME
-        name: "{{ org_id }}-backend.{{ full_domain }}"
+        name: "{{ org_id }}-backend"
        ttl: 43200

    - name: Create CNAME record for console
@ -78,47 +88,35 @@
        data: "{{ org_id }}-daemon.{{ full_domain }}"
        domain: "{{ full_domain }}"
        type: CNAME
-        name: "{{ org_id }}-console.{{ full_domain }}"
+        name: "{{ org_id }}-console"
        ttl: 43200

-    - name: Create CNAME record for org and location
+    - name: Create wildcard CNAME record for subdomain
      community.digitalocean.digital_ocean_domain_record:
        state: present
        oauth_token: "{{ do_api_token }}"
-        data: "{{ org_id }}-daemon.{{ full_domain }}"
+        name: "*.{{ subdomain_prefix }}"
+        data: "{{ subdomain_prefix }}-cluster-control.{{ full_domain }}"
        domain: "{{ full_domain }}"
        type: CNAME
-        name: "{{ subdomain_prefix }}"
-        ttl: 43200
-
-    - name: Create wildcard A record for subdomain
-      community.digitalocean.digital_ocean_domain_record:
-        state: present
-        oauth_token: "{{ do_api_token }}"
-        name: "{{ subdomain_cluster_control }}.{{ full_domain }}"
-        data: "{{ service_provider_ip }}"
-        domain: "{{ full_domain }}"
-        type: A
-        name: "*.{{ subdomain_prefix }}"
        ttl: 43200

    - name: Create CNAME record for pwa
      community.digitalocean.digital_ocean_domain_record:
        state: present
        oauth_token: "{{ do_api_token }}"
-        data: "{{ subdomain_cluster_control }}.{{ full_domain }}"
+        name: "pwa"
+        data: "{{ subdomain_prefix }}-cluster-control.{{ full_domain }}"
        domain: "{{ full_domain }}"
        type: CNAME
-        name: "pwa"
        ttl: 43200

-    - name: Create wildcard A record for pwa
+    - name: Create wildcard CNAME record for pwa
      community.digitalocean.digital_ocean_domain_record:
        state: present
        oauth_token: "{{ do_api_token }}"
-        name: "{{ subdomain_cluster_control }}.{{ full_domain }}"
-        data: "{{ service_provider_ip }}"
-        domain: "{{ full_domain }}"
-        type: A
        name: "*.pwa"
+        data: "{{ subdomain_prefix }}-cluster-control.{{ full_domain }}"
+        domain: "{{ full_domain }}"
+        type: CNAME
        ttl: 43200
--- a/service-provider-setup/templates/configs/console-config.env.j2
+++ b/service-provider-setup/templates/configs/console-config.env.j2
@ -2,4 +2,5 @@ CERC_LACONICD_USER_KEY={{ALICE_PK}}
 CERC_LACONICD_BOND_ID={{BOND_ID}}
 CERC_LACONICD_RPC_ENDPOINT=http://{{ org_id }}-daemon.{{ full_domain }}:26657
 CERC_LACONICD_GQL_ENDPOINT=http://{{ org_id }}-daemon.{{ full_domain }}:9473/api
+CERC_LACONICD_CHAIN_ID={{ chain_id }}
 LACONIC_HOSTED_ENDPOINT=http://{{ org_id }}-daemon.{{ full_domain }}:9473
--- a/service-provider-setup/templates/configs/laconicd-config.env.j2
+++ b/service-provider-setup/templates/configs/laconicd-config.env.j2
@ -0,0 +1 @@
+CHAINID={{ chain_id }}
--- a/service-provider-setup/templates/configs/webapp-deployer-config.env.j2
+++ b/service-provider-setup/templates/configs/webapp-deployer-config.env.j2
@ -20,9 +20,11 @@ CHECK_INTERVAL=5
 FQDN_POLICY="allow"

 # lrn of the webapp deployer
-LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ full_domain }}"
+LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.pwa.{{ full_domain }}"
 export OPENPGP_PRIVATE_KEY_FILE="webapp-deployer-api.{{ full_domain }}.pgp.key"
 export OPENPGP_PASSPHRASE="{{ deployer_gpg_passphrase }}"
 export DEPLOYER_STATE="srv-test/deployments/autodeploy.state"
 export UNDEPLOYER_STATE="srv-test/deployments/autoundeploy.state"
 export UPLOAD_DIRECTORY="srv-test/uploads"
+export HANDLE_AUCTION_REQUESTS={{ handle_auction_requests }}
+export AUCTION_BID_AMOUNT={{ auction_bid_amount }}
--- a/service-provider-setup/templates/laconic.yml.j2
+++ b/service-provider-setup/templates/laconic.yml.j2
@ -4,6 +4,6 @@ services:
    gqlEndpoint: 'http://{{ org_id }}-daemon.{{ full_domain }}:9473/api'
    userKey: "{{ ALICE_PK }}"
    bondId: "{{ BOND_ID }}"
-    chainId: lorotestnet-1
+    chainId: {{ chain_id }}
    gas: 200000
    fees: 200000alnt
--- a/service-provider-setup/templates/wildcard-pwa-example.yml.j2
+++ b/service-provider-setup/templates/wildcard-pwa-example.yml.j2
@ -9,7 +9,7 @@ spec:
    name: letsencrypt-prod-wild
    kind: ClusterIssuer
    group: cert-manager.io
-  commonName: *.pwa.{{ full_domain }}
+  commonName: "*.pwa.{{ full_domain }}"
  dnsNames:
-    - pwa.{{ full_domain }}
-    - *.pwa.{{ full_domain }}
+    - "pwa.{{ full_domain }}"
+    - "*.pwa.{{ full_domain }}"
--- a/service-provider-setup/vars/k8s-vars.example.yml
+++ b/service-provider-setup/vars/k8s-vars.example.yml
@ -1,4 +1,3 @@
-target_host: "deployment_host"
 gpg_key_id: "{{ sec_key_id }}"
 vault_passphrase: "{{ gpg_passphrase }}"
 org_id: ""
--- a/service-provider-setup/vars/laconicd-vars.example.yml
+++ b/service-provider-setup/vars/laconicd-vars.example.yml
@ -0,0 +1 @@
+chain_id: "laconic_9000-1"
--- a/service-provider-setup/vars/webapp-vars.example.yml
+++ b/service-provider-setup/vars/webapp-vars.example.yml
@ -6,3 +6,5 @@ memory_reservation: ""
 cpu_limit: "6"
 memory_limit: "8G"
 deployer_gpg_passphrase: ""
+handle_auction_requests: "false"
+auction_bid_amount: "0"
--- a/user-setup/.gitignore
+++ b/user-setup/.gitignore
@ -0,0 +1 @@
+user-vars.yml
--- a/user-setup/README.md
+++ b/user-setup/README.md
@ -0,0 +1,65 @@
+# user-setup
+
+## Setup Ansible
+
+To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine.
+
+## Setup a user
+
+- Create a new `hosts.ini` file:
+
+   ```bash
+   cp ../hosts.example.ini hosts.ini
+   ```
+
+- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine:
+
+  ```ini
+  [deployment_host]
+  <host_name> ansible_host=<target_ip> ansible_user=<ssh_user> ansible_ssh_common_args='-o ForwardAgent=yes'
+  ```
+
+  - Replace `<host_name>` with the desired `hostname` of the remote machine
+  - Replace `<target_ip>` with the IP address or hostname of the target machine
+  - Replace `<ssh_user>` with `root`
+
+- Verify that you are able to connect to the host using the following command:
+
+  ```bash
+  ansible all -m ping -i hosts.ini
+
+  # Expected output:
+
+  # <host_name> | SUCCESS => {
+  #  "ansible_facts": {
+  #      "discovered_interpreter_python": "/usr/bin/python3.10"
+  #  },
+  #  "changed": false,
+  #  "ping": "pong"
+  # }
+  ```
+
+- Setup `user-vars.yml`  using the example file
+
+  ```bash
+  cp user-vars.example.yml user-vars.yml
+  ```
+
+- Edit the `user-vars.yml` file:
+
+  ```bash
+  # name of the user you want to setup on the target host
+  username: ""
+
+  # password of the user you want to setup on the target host
+  password: ""
+
+  # path to the ssh key on your machine, eg: "/home/user/.ssh/id_rsa.pub"
+  path_to_ssh_key: ""
+  ```
+
+- Execute the `setup-user.yml` Ansible playbook to create a user with passwordless sudo permissions:
+
+  ```bash
+  LANG=en_US.utf8 ansible-playbook setup-user.yml -i hosts.ini
+  ```
--- a/service-provider-setup/setup-user.yml
+++ b/service-provider-setup/setup-user.yml
@ -1,9 +1,9 @@
 - name: Configure system
-  hosts: root_host
+  hosts: deployment_host
  become: yes

  vars_files:
-    - vars/user-vars.yml
+    - user-vars.yml

  tasks:
    - name: Create a user
--- a/service-provider-setup/vars/user-vars.example.yml
+++ b/service-provider-setup/vars/user-vars.example.yml