commit | author | age
|
6f95e1
|
1 |
= Preparing your Workstation to use the Ansible Playbooks |
S |
2 |
|
|
3 |
== Prerequisites |
|
4 |
In order to use these playbooks, you will need to set a few things up. |
|
5 |
|
|
6 |
=== AWS Permissions and Policies |
|
7 |
|
|
8 |
AWS credentials for the account above must be used with the AWS command line |
|
9 |
tool (detailed below) |
|
10 |
|
|
11 |
* An AWS IAM account with the following permissions: |
|
12 |
- Policies can be defined for Users, Groups or Roles |
|
13 |
- Navigate to: AWS Dashboard -> Identity & Access Management -> Select Users or Groups or Roles -> Permissions -> Inline Policies -> Create Policy -> Custom Policy |
|
14 |
- Policy Name: openshift (your preference) |
|
15 |
- Policy Document: |
|
16 |
+ |
|
17 |
[source,json] |
|
18 |
---- |
|
19 |
{ |
|
20 |
"Version": "2012-10-17", |
|
21 |
"Statement": [ |
|
22 |
{ |
|
23 |
"Sid": "Stmt1459269951000", |
|
24 |
"Effect": "Allow", |
|
25 |
"Action": [ |
|
26 |
"cloudformation:*", |
|
27 |
"iam:*", |
|
28 |
"route53:*", |
|
29 |
"elasticloadbalancing:*", |
|
30 |
"ec2:*", |
|
31 |
"cloudwatch:*", |
|
32 |
"autoscaling:*", |
|
33 |
"s3:*" |
|
34 |
], |
|
35 |
"Resource": [ |
|
36 |
"*" |
|
37 |
] |
|
38 |
} |
|
39 |
] |
|
40 |
} |
|
41 |
---- |
|
42 |
|
|
43 |
NOTE: Finer-grained permissions are possible, and pull requests are welcome. |
|
44 |
|
|
45 |
|
|
46 |
=== AWS existing resources |
|
47 |
|
|
48 |
* A route53 |
|
49 |
link:http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingHostedZone.html[public hosted zone] |
|
50 |
is required for the scripts to create the various DNS entries for the |
|
51 |
resources it creates. Two DNS entries will be created for workshops: |
|
52 |
- `master.guid.domain.tld` - a DNS entry pointing to the master |
|
53 |
- `*.cloudapps.guid.domain.tld` - a wildcard DNS entry pointing to the |
|
54 |
router/infrastructure node |
|
55 |
* An EC2 SSH keypair should be created in advance and you should save the key |
|
56 |
file to your system. |
|
57 |
+ |
|
58 |
[source,bash] |
|
59 |
---- |
f51f50
|
60 |
REGION=us-east-1 |
S |
61 |
KEYNAME=accentureworkshop2 |
6f95e1
|
62 |
openssl genrsa -out ~/.ssh/${KEYNAME}.pem 2048 |
S |
63 |
openssl rsa -in ~/.ssh/${KEYNAME}.pem -pubout > ~/.ssh/${KEYNAME}.pub |
|
64 |
chmod 400 ~/.ssh/${KEYNAME}.pub |
062d29
|
65 |
chmod 400 ~/.ssh/${KEYNAME}.pem |
6f95e1
|
66 |
touch ~/.ssh/config |
10fa67
|
67 |
chmod 600 ~/.ssh/config |
6f95e1
|
68 |
aws ec2 import-key-pair --key-name ${KEYNAME} --region=$REGION --output=text --public-key-material "`cat ~/.ssh/${KEYNAME}.pub | grep -v PUBLIC`" |
S |
69 |
---- |
|
70 |
+ |
|
71 |
CAUTION: Key pairs are created per region, you will need to specify a different keypair for each region or duplicate the keypair into every region. |
|
72 |
+ |
|
73 |
---- |
|
74 |
REGIONS="ap-southeast-1 ap-southeast-2 OTHER_REGIONS..." |
|
75 |
for REGION in `echo ${REGIONS}` ; |
|
76 |
do |
|
77 |
aws ec2 import-key-pair --key-name ${KEYNAME} --region=$REGION --output=text --public-key-material "`cat ~/.ssh/${KEYNAME}.pub | grep -v PUBLIC`" |
|
78 |
done |
|
79 |
---- |
|
80 |
|
|
81 |
|
|
82 |
== Software Requirements on workstation |
|
83 |
|
|
84 |
* Some deployments would require a Red Hat Customer Portal account that has |
|
85 |
appropriate subscriptions. This is not required for the playbook themselves. |
|
86 |
+ |
|
87 |
NOTE: Red Hat employee subscriptions can be used |
|
88 |
|
|
89 |
|
|
90 |
=== Software required for deployment |
|
91 |
|
|
92 |
* [Python](https://www.python.org) version 2.7.x (3.x untested and may not work) |
|
93 |
* [Python Boto](http://docs.pythonboto.org) version 2.41 or greater |
|
94 |
* [Git](http://github.com) any version would do. |
|
95 |
* [Ansible](https://github.com/ansible/ansible) version 2.1.2 or greater |
|
96 |
* [awscli bundle](https://s3.amazonaws.com/aws-cli/awscli-bundle.zip) tested with version 1.11.32 |
|
97 |
Python and the Python dependencies may be installed via your OS' package manager |
|
98 |
(eg: python2-boto on Fedora/CentOS/RHEL) or via |
|
99 |
[pip](https://pypi.python.org/pypi/pip). [Python |
|
100 |
virtualenv](https://pypi.python.org/pypi/virtualenv) can also work. |
|
101 |
|
|
102 |
.Example script to install required software |
|
103 |
[source,bash] |
|
104 |
---- |
|
105 |
|
|
106 |
# Install basic packages |
c359d7
|
107 |
yum install -y wget python python-pip unzip tmux git |
6f95e1
|
108 |
|
c359d7
|
109 |
# Install boto libraries for AWS access |
IT |
110 |
pip install boto botocore boto3 |
6f95e1
|
111 |
|
S |
112 |
# Enable epel repositories for Ansible |
|
113 |
cd /tmp |
|
114 |
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm |
|
115 |
sudo yum -y install `ls *epel*.rpm` |
|
116 |
|
|
117 |
# Install ansible and checked install version (required 2.2.0.0) |
|
118 |
yum install -y ansible |
|
119 |
ansible --version |
|
120 |
|
|
121 |
|
|
122 |
## Install aws cli |
|
123 |
curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip" |
|
124 |
unzip awscli-bundle.zip |
|
125 |
sudo ./awscli-bundle/install -i /usr/local/aws -b /bin/aws |
|
126 |
aws --version |
|
127 |
|
|
128 |
---- |
|
129 |
|
|
130 |
== Configuring your workstation |
|
131 |
|
|
132 |
=== Configure the EC2 Credentials |
|
133 |
|
|
134 |
* You will need to place your EC2 credentials in the ~/.aws/credentials file: |
|
135 |
[source, shell] |
|
136 |
---- |
|
137 |
mkdir ~/.aws |
|
138 |
cat << EOF >> ~/.aws/credentials |
|
139 |
[default] |
|
140 |
aws_access_key_id = AKIAJAAYOURACCESSKEY |
|
141 |
aws_secret_access_key = rT54UYOURSECRETACCESSKEY |
|
142 |
|
|
143 |
EOF |
|
144 |
---- |
|
145 |
|
|
146 |
* Add the SSH Key to the SSH Agent (optional) |
|
147 |
If your operating system has an SSH agent and you are not using your default |
|
148 |
configured SSH key, you will need to add the private key you use with your EC2 |
|
149 |
instances to your SSH agent: |
|
150 |
+ |
|
151 |
---- |
|
152 |
ssh-add <path to key file> |
|
153 |
---- |
|
154 |
|
|
155 |
NOTE: If you use an SSH config that specifies what keys to use for what |
|
156 |
hosts this step may not be necessary. |