ansible/configs/ansible-provisioner/README.adoc | ●●●●● patch | view | raw | blame | history | |
ansible/configs/ansible-provisioner/post_software.yml | ●●●●● patch | view | raw | blame | history | |
ansible/configs/ocp-workshop/README.adoc | ●●●●● patch | view | raw | blame | history | |
ansible/configs/ocp-workshop/post_software.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/opentlc-integration/tasks/main.yml | ●●●●● patch | view | raw | blame | history |
ansible/configs/ansible-provisioner/README.adoc
@@ -7,7 +7,7 @@ - setup users * AWS credentials * authorized_keys to access by SSH * symlinks (for Cloudform integration) * symlinks (for Cloudform integration with OPEN_Admin repository) * copy private key - download repositories (ansible_agnostic_deployer, private OPEN_Admin) - installed dependencies to run ansible_agnostic_deployer @@ -61,6 +61,7 @@ mgr_users: - name: opentlc-mgr home: /home/opentlc-mgr open_admin: yes private_key: ocpkey authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4OojwKH74UWVOY92y87Tb/b56CMJoWbz2gyEYsr3geOc2z/n1pXMwPfiC2KT7rALZFHofc+x6vfUi6px5uTm06jXa78S7UB3MX56U3RUd8XF3svkpDzql1gLRbPIgL1h0C7sWHfr0K2LG479i0nPt/X+tjfsAmT3nWj5PVMqSLFfKrOs6B7dzsqAcQPInYIM+Pqm/pXk+Tjc7cfExur2oMdzx1DnF9mJaj1XTnMsR81h5ciR2ogXUuns0r6+HmsHzdr1I1sDUtd/sEVu3STXUPR8oDbXBsb41O5ek6E9iacBJ327G3/1SWwuLoJsjZM0ize+iq3HpT1NqtOW6YBLR opentlc-mgr@inf00-mwl.opentlc.com @@ -75,7 +76,24 @@ path: bin/deploy_scripts ---- You can, for example, want to add another user: Note the `open_admin` key that will be checked to know if the OPEN_Admin private repository needs to be fetched. If yes, there is 2 ways: - pull it manually and create `OPEN_Admin.tar.gz` archive on your workstation. The file will be uploaded and unarchive to the user's home. - set github.user and github.password for user. For example: + [source,yaml] ---- mgr_users: - name: opentlc-mgr home: /home/opentlc-mgr open_admin: yes private_key: ocpkey github: user: fridim password: MYPASSWORD ---- Here a complete example if you want, for example, add another user: .managing users ("Secret" Vars file or Env Vars file) [source,yaml] @@ -83,6 +101,7 @@ mgr_users: - name: opentlc-mgr home: /home/opentlc-mgr open_admin: yes private_key: ocpkey authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4OojwKH74UWVOY92y87Tb/b56CMJoWbz2gyEYsr3geOc2z/n1pXMwPfiC2KT7rALZFHofc+x6vfUi6px5uTm06jXa78S7UB3MX56U3RUd8XF3svkpDzql1gLRbPIgL1h0C7sWHfr0K2LG479i0nPt/X+tjfsAmT3nWj5PVMqSLFfKrOs6B7dzsqAcQPInYIM+Pqm/pXk+Tjc7cfExur2oMdzx1DnF9mJaj1XTnMsR81h5ciR2ogXUuns0r6+HmsHzdr1I1sDUtd/sEVu3STXUPR8oDbXBsb41O5ek6E9iacBJ327G3/1SWwuLoJsjZM0ize+iq3HpT1NqtOW6YBLR opentlc-mgr@inf00-mwl.opentlc.com @@ -101,7 +120,6 @@ - https://github.com/fridim.keys aws_access_key_id: "{{fridim_aws_access_key_id}}" aws_secret_access_key: "{{fridim_aws_secret_access_key}}" symlinks: [] ---- ansible/configs/ansible-provisioner/post_software.yml
@@ -22,6 +22,7 @@ mgr_users: - name: opentlc-mgr home: /home/opentlc-mgr open_admin: yes private_key: ocpkey authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4OojwKH74UWVOY92y87Tb/b56CMJoWbz2gyEYsr3geOc2z/n1pXMwPfiC2KT7rALZFHofc+x6vfUi6px5uTm06jXa78S7UB3MX56U3RUd8XF3svkpDzql1gLRbPIgL1h0C7sWHfr0K2LG479i0nPt/X+tjfsAmT3nWj5PVMqSLFfKrOs6B7dzsqAcQPInYIM+Pqm/pXk+Tjc7cfExur2oMdzx1DnF9mJaj1XTnMsR81h5ciR2ogXUuns0r6+HmsHzdr1I1sDUtd/sEVu3STXUPR8oDbXBsb41O5ek6E9iacBJ327G3/1SWwuLoJsjZM0ize+iq3HpT1NqtOW6YBLR opentlc-mgr@inf00-mwl.opentlc.com ansible/configs/ocp-workshop/README.adoc
@@ -41,6 +41,40 @@ need to define to control the deployment of your environment. === Add new users on the bastion For managing users on the bastion, you can override the `mgr_users` variable. The default is the following: .managing users ("Secret" Vars file or Env Vars file) [source,yaml] ---- mgr_users: - name: opentlc-mgr home: /home/opentlc-mgr open_admin: false authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4OojwKH74UWVOY92y87Tb/b56CMJoWbz2gyEYsr3geOc2z/n1pXMwPfiC2KT7rALZFHofc+x6vfUi6px5uTm06jXa78S7UB3MX56U3RUd8XF3svkpDzql1gLRbPIgL1h0C7sWHfr0K2LG479i0nPt/X+tjfsAmT3nWj5PVMqSLFfKrOs6B7dzsqAcQPInYIM+Pqm/pXk+Tjc7cfExur2oMdzx1DnF9mJaj1XTnMsR81h5ciR2ogXUuns0r6+HmsHzdr1I1sDUtd/sEVu3STXUPR8oDbXBsb41O5ek6E9iacBJ327G3/1SWwuLoJsjZM0ize+iq3HpT1NqtOW6YBLR opentlc-mgr@inf00-mwl.opentlc.com ---- You can, for example, want to add another user: .managing users ("Secret" Vars file or Env Vars file) [source,yaml] ---- mgr_users: - name: opentlc-mgr home: /home/opentlc-mgr open_admin: false authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4OojwKH74UWVOY92y87Tb/b56CMJoWbz2gyEYsr3geOc2z/n1pXMwPfiC2KT7rALZFHofc+x6vfUi6px5uTm06jXa78S7UB3MX56U3RUd8XF3svkpDzql1gLRbPIgL1h0C7sWHfr0K2LG479i0nPt/X+tjfsAmT3nWj5PVMqSLFfKrOs6B7dzsqAcQPInYIM+Pqm/pXk+Tjc7cfExur2oMdzx1DnF9mJaj1XTnMsR81h5ciR2ogXUuns0r6+HmsHzdr1I1sDUtd/sEVu3STXUPR8oDbXBsb41O5ek6E9iacBJ327G3/1SWwuLoJsjZM0ize+iq3HpT1NqtOW6YBLR opentlc-mgr@inf00-mwl.opentlc.com - name: fridim home: /home/fridim authorized_keys: - https://github.com/fridim.keys aws_access_key_id: "{{fridim_aws_access_key_id}}" aws_secret_access_key: "{{fridim_aws_secret_access_key}}" ---- == Running Ansible Playbook You can run the playbook with the following arguments to overwrite the default variable values: ansible/configs/ocp-workshop/post_software.yml
@@ -69,16 +69,9 @@ mgr_users: - name: opentlc-mgr home: /home/opentlc-mgr private_key: ocpkey open_admin: false authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4OojwKH74UWVOY92y87Tb/b56CMJoWbz2gyEYsr3geOc2z/n1pXMwPfiC2KT7rALZFHofc+x6vfUi6px5uTm06jXa78S7UB3MX56U3RUd8XF3svkpDzql1gLRbPIgL1h0C7sWHfr0K2LG479i0nPt/X+tjfsAmT3nWj5PVMqSLFfKrOs6B7dzsqAcQPInYIM+Pqm/pXk+Tjc7cfExur2oMdzx1DnF9mJaj1XTnMsR81h5ciR2ogXUuns0r6+HmsHzdr1I1sDUtd/sEVu3STXUPR8oDbXBsb41O5ek6E9iacBJ327G3/1SWwuLoJsjZM0ize+iq3HpT1NqtOW6YBLR opentlc-mgr@inf00-mwl.opentlc.com aws_access_key_id: "{{aws_access_key_id}}" aws_secret_access_key: "{{aws_secret_access_key}}" symlinks: - src: OPEN_Admin/OPENTLC-OCP3/provision-ose-projects.sh path: bin/provision-accounts.sh - src: OPEN_Admin/OPENTLC-OCP3/provision-ose-projects.sh path: bin/provision-ose-projects.sh tags: - env-specific - cf_integration ansible/roles/opentlc-integration/tasks/main.yml
@@ -34,37 +34,56 @@ creates: "{{ item.home }}/OPEN_Admin" when: - openadmin_archive.stat.exists - item.open_admin is defined - item.open_admin == True with_items: "{{ mgr_users }}" - name: Get updated files from git repository github.com/redhat-gpe/OPEN_Admin.git git: repo: "https://{{ githubuser }}:{{ githubpassword }}@github.com/redhat-gpe/OPEN_Admin.git" repo: "https://{{ item.github.user }}:{{ item.github.password }}@github.com/redhat-gpe/OPEN_Admin.git" dest: "{{ item.home }}/OPEN_Admin" force: yes when: - githubuser is defined - githubpassword is defined - item.github is defined - item.github.user is defined - item.github.password is defined - not openadmin_archive.stat.exists - item.open_admin is defined - item.open_admin == True with_items: "{{ mgr_users }}" - name: No OPEN_Admin repo available - name: No OPEN_Admin repo available for user fail: msg: "You need to either provide githubuser/githubpassword to fetch OPEN_Admin repo from the provisioner or provide {{ ANSIBLE_REPO_PATH }}/OPEN_Admin.tar.gz to be uploaded (recommended). Caution: github credentials will be readable on the provisioner if you choose the first option." msg: "User {{ item.name }}: You need to either provide github.user/github.password to fetch OPEN_Admin repo from the provisioner or provide {{ ANSIBLE_REPO_PATH }}/OPEN_Admin.tar.gz to be uploaded (recommended). Caution: github credentials will be readable on the provisioner if you choose the first option." when: - not openadmin_archive.stat.exists - githubpassword is not defined - item.github is not defined - item.open_admin is defined - item.open_admin == True with_items: "{{ mgr_users }}" - name: Set permissions for directories OPEN_Admin and ansible_agnostic_deployer - name: Set permissions for directories ansible_agnostic_deployer file: path: "{{ item[0].home }}/{{ item[1] }}" path: "{{ item.home }}/ansible_agnostic_deployer" state: directory owner: "{{ item[0].name }}" owner: "{{ item.name }}" recurse: yes group: "{{ item[0].name }}" group: "{{ item.name }}" mode: 0770 with_nested: - "{{ mgr_users }}" - [ "OPEN_Admin", "ansible_agnostic_deployer" ] with_items: "{{ mgr_users }}" - name: Set permissions for directories OPEN_Admin file: path: "{{ item.home }}/OPEN_Admin" state: directory owner: "{{ item.name }}" recurse: yes group: "{{ item.name }}" mode: 0770 when: - item.open_admin is defined - item.open_admin == True with_items: "{{ mgr_users }}" - name: Create ~/bin file: @@ -81,6 +100,7 @@ with_subelements: - "{{ mgr_users }}" - symlinks ignore_errors: yes - name: add authorized_keys authorized_key: