ansible/configs/linklight/README-new.adoc | ●●●●● patch | view | raw | blame | history | |
ansible/configs/linklight/README.adoc | ●●●●● patch | view | raw | blame | history | |
ansible/configs/linklight/destroy_env.yml | ●●●●● patch | view | raw | blame | history | |
ansible/configs/linklight/env_vars.yml | ●●●●● patch | view | raw | blame | history | |
ansible/configs/linklight/playbook.yml | ●●●●● patch | view | raw | blame | history | |
ansible/configs/linklight/post_infra.yml | ●●●●● patch | view | raw | blame | history | |
ansible/configs/linklight/post_software.yml | ●●●●● patch | view | raw | blame | history | |
ansible/configs/linklight/pre_infra.yml | ●●●●● patch | view | raw | blame | history | |
ansible/configs/linklight/pre_software.yml | ●●●●● patch | view | raw | blame | history | |
ansible/configs/linklight/software.yml | ●●●●● patch | view | raw | blame | history |
ansible/configs/linklight/README-new.adoc
New file @@ -0,0 +1,150 @@ = Ansible Lightbulb Config Ansible Lightbulb is an example of an existing deployer being wrapped by Ansible https://github.com/ansible/lightbulb == Set up your "Secret" variables * You need to provide some credentials for deployments to work * Create a file called "env_secret_vars.yml" and put it in the ./ansible/configs/CONFIGNAME/ directory. ** At this point this file *has to be created* even if no vars from it are used. * You can choose to provide these values as extra vars (-e "var=value") in the command line if you prefer not to keep sensitive information in a file. .Example contents of "Secret" Vars file ---- # ## Logon credentials for Red Hat Network # ## Required if using the subscription component # ## of this playbook. rhel_subscription_user: '' rhel_subscription_pass: '' # # ## LDAP Bind Password bindPassword: '' # # ## Desired admin name and password if required admin_user: "" admin_user_password: "" # # ## AWS Credentials. This is required. aws_access_key_id: "" aws_secret_access_key: "" #If using repo_method: satellite, you must set these values as well. satellite_url: https://satellite.example.com satellite_org: Sat_org_name satellite_activationkey: "rhel7basic" ---- == Review the Env_Type variable file * This file link:./env_vars.yml[./env_vars.yml] contains all the variables you need to define to control the deployment of your environment. == Running Ansible Playbook You can run the playbook with the following arguments to overwrite the default variable values: [source,bash] ---- ec2_key_name: ocpkey # SSH key in AWS to put in all the instances ec2_region: us-east-1 # region where the nodes will live ec2_az: us-east-1a # the availability zone ec2_name_prefix: lightbulb # name prefix for all the VMs admin_password: ansible # Set this to something better if you'd like. Defaults to 'LearnAnsible[two digit month][two digit year]', e.g., LearnAnsible0416 ## Optional Variables email: no # Set this if you wish to disable email users: - name: tony kay username: tok email: tok@redhat.com #USERS='{"users":[{ "name": "Alice", "username": "alice", "email": "alice@example.com" }, { "name": "Bob", "username":"bob", "email": "bob@example.com" }]}' #REPO_PATH='https://admin.example.com/repos/ocp/3.6/' # -e "repo_method=file" -e "own_repo_path=${REPO_PATH}" -e "repo_version=${REPO_VERSION}" \ # -e ${USERS} \ REGION=us-east-1 AVAILABILITYZONE=us-east-1a EC2NAMEPREFIX=lightbulb KEYNAME=ocpkey GUID=lightbulb ENVTYPE=lightbulb ADMINPASSWORD=lightbulb EMAILUSERS=no CLOUDPROVIDER=ec2 HOSTZONEID='Z3IHLWJZOU9SRT' BASESUFFIX='.example.opentlc.com' DEPLOYER_REPO_PATH=`pwd` ansible-playbook \ ${DEPLOYER_REPO_PATH}/main.yml \ -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \ -e "ec2_key_name=${KEYNAME}" \ -e "ec2_region=${REGION}" \ -e "ec2_az=${AVAILABILITYZONE}" \ -e "ec2_name_prefix=${EC2NAMEPREFIX}" \ -e "admin_password=${ADMINPASSWORD}" \ -e "email=${EMAILUSERS}" \ -e "guid=${GUID}" \ -e "env_type=${ENVTYPE}" \ -e "key_name=${KEYNAME}" \ -e "subdomain_base_suffix=${BASESUFFIX}" \ -e "cloud_provider=${CLOUDPROVIDER}" \ -e "aws_region=${REGION}" \ -e "HostedZoneId=${HOSTZONEID}" \ -e "install_ipa_client=false" \ -e "software_to_deploy=none" \ --skip-tags=deploy_infrastructure,post_infra_tasks,pre_software_tasks,deploy_software,post_software,email ---- === To Delete an environment [source,bash] ---- REGION=us-east-1 AVAILABILITYZONE=us-east-1a EC2NAMEPREFIX=lightbulb KEYNAME=ocpkey GUID=lightbulb ENVTYPE=lightbulb ADMINPASSWORD=lighbulb EMAILUSERS=no USERS='{"users":[{ "name": "Alice", "username":"alice", "email": "alice@example.com" }, { "name": "Bob", "username":"bob", "email": "bob@example.com" }]}' CLOUDPROVIDER=ec2 HOSTZONEID='Z3IHLWJZOU9SRT' REPO_PATH='https://admin.example.com/repos/ocp/3.6/' BASESUFFIX='.example.opentlc.com' DEPLOYER_REPO_PATH=`pwd` #To Destroy an Env ansible-playbook \ ${DEPLOYER_REPO_PATH}/configs/${ENVTYPE}/destroy_env.yml \ -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \ -e "ec2_key_name=${KEYNAME}" \ -e "ec2_region=${REGION}" \ -e "ec2_az=${AVAILABILITYZONE}" \ -e "ec2_name_prefix=${EC2NAMEPREFIX}" \ -e "admin_password=${ADMINPASSWORD}" \ -e "email=${EMAILUSERS}" \ -e ${USERS} \ -e "guid=${GUID}" \ -e "env_type=${ENVTYPE}" \ -e "key_name=${KEYNAME}" \ -e "subdomain_base_suffix=${BASESUFFIX}" \ -e "cloud_provider=${CLOUDPROVIDER}" \ -e "aws_region=${REGION}" \ -e "HostedZoneId=${HOSTZONEID}" \ -e "install_ipa_client=false" \ -e "repo_method=file" -e "own_repo_path=${REPO_PATH}" -e "repo_version=${REPO_VERSION}" \ -e "software_to_deploy=none" ---- ansible/configs/linklight/README.adoc
New file @@ -0,0 +1,149 @@ = Ansible Lightbulb Config Ansible Lightbulb is an example of an existing deployer being wrapped by Ansible https://github.com/ansible/lightbulb == Set up your "Secret" variables * You need to provide some credentials for deployments to work * Create a file called "env_secret_vars.yml" and put it in the ./ansible/configs/CONFIGNAME/ directory. ** At this point this file *has to be created* even if no vars from it are used. * You can choose to provide these values as extra vars (-e "var=value") in the command line if you prefer not to keep sensitive information in a file. .Example contents of "Secret" Vars file ---- # ## Logon credentials for Red Hat Network # ## Required if using the subscription component # ## of this playbook. rhel_subscription_user: '' rhel_subscription_pass: '' # # ## LDAP Bind Password bindPassword: '' # # ## Desired admin name and password if required admin_user: "" admin_user_password: "" # # ## AWS Credentials. This is required. aws_access_key_id: "" aws_secret_access_key: "" #If using repo_method: satellite, you must set these values as well. satellite_url: https://satellite.example.com satellite_org: Sat_org_name satellite_activationkey: "rhel7basic" ---- == Review the Env_Type variable file * This file link:./env_vars.yml[./env_vars.yml] contains all the variables you need to define to control the deployment of your environment. == Running Ansible Playbook You can run the playbook with the following arguments to overwrite the default variable values: [source,bash] ---- ec2_key_name: ocpkey # SSH key in AWS to put in all the instances ec2_region: us-east-1 # region where the nodes will live ec2_az: us-east-1a # the availability zone ec2_name_prefix: lightbulb # name prefix for all the VMs admin_password: ansible # Set this to something better if you'd like. Defaults to 'LearnAnsible[two digit month][two digit year]', e.g., LearnAnsible0416 ## Optional Variables email: no # Set this if you wish to disable email users: - name: tony kay username: tok email: tok@redhat.com # Multi user example #USERS='{"users":[{ "name": "Alice", "username": "alice", "email": "alice@example.com" }, { "name": "Bob", "username":"bob", "email": "bob@example.com" }]}' REGION=us-east-1 AVAILABILITYZONE=us-east-1a EC2NAMEPREFIX=lightbulb KEYNAME=ocpkey GUID=lightbulb ENVTYPE=lightbulb ADMINPASSWORD=lightbulb EMAILUSERS=no USERS='{"users":[{ "name": "tony", "username": "tok", "email": "tok$redhat.com" }]}' CLOUDPROVIDER=ec2 HOSTZONEID='Z3IHLWJZOU9SRT' BASESUFFIX='.example.opentlc.com' DEPLOYER_REPO_PATH=`pwd` ansible-playbook \ ${DEPLOYER_REPO_PATH}/main.yml \ -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \ -e "ec2_key_name=${KEYNAME}" \ -e "ec2_region=${REGION}" \ -e "ec2_az=${AVAILABILITYZONE}" \ -e "ec2_name_prefix=${EC2NAMEPREFIX}" \ -e "admin_password=${ADMINPASSWORD}" \ -e "email=${EMAILUSERS}" \ -e ${USERS} \ -e "guid=${GUID}" \ -e "env_type=${ENVTYPE}" \ -e "key_name=${KEYNAME}" \ -e "subdomain_base_suffix=${BASESUFFIX}" \ -e "cloud_provider=${CLOUDPROVIDER}" \ -e "aws_region=${REGION}" \ -e "HostedZoneId=${HOSTZONEID}" \ -e "install_ipa_client=false" \ -e "repo_method=file" -e "own_repo_path=${REPO_PATH}" -e "repo_version=${REPO_VERSION}" \ -e "software_to_deploy=none" \ --skip-tags=deploy_infrastructure,post_infra_tasks,pre_software_tasks,deploy_software,post_software,email ---- === To Delete an environment [source,bash] ---- REGION=us-east-1 AVAILABILITYZONE=us-east-1a EC2NAMEPREFIX=lightbulb KEYNAME=ocpkey GUID=lightbulb ENVTYPE=lightbulb ADMINPASSWORD=lighbulb EMAILUSERS=no USERS='{"users":[{ "name": "Alice", "username":"alice", "email": "alice@example.com" }, { "name": "Bob", "username":"bob", "email": "bob@example.com" }]}' CLOUDPROVIDER=ec2 HOSTZONEID='Z3IHLWJZOU9SRT' REPO_PATH='https://admin.example.com/repos/ocp/3.6/' BASESUFFIX='.example.opentlc.com' DEPLOYER_REPO_PATH=`pwd` #To Destroy an Env ansible-playbook \ ${DEPLOYER_REPO_PATH}/configs/${ENVTYPE}/destroy_env.yml \ -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \ -e "ec2_key_name=${KEYNAME}" \ -e "ec2_region=${REGION}" \ -e "ec2_az=${AVAILABILITYZONE}" \ -e "ec2_name_prefix=${EC2NAMEPREFIX}" \ -e "admin_password=${ADMINPASSWORD}" \ -e "email=${EMAILUSERS}" \ -e ${USERS} \ -e "guid=${GUID}" \ -e "env_type=${ENVTYPE}" \ -e "key_name=${KEYNAME}" \ -e "subdomain_base_suffix=${BASESUFFIX}" \ -e "cloud_provider=${CLOUDPROVIDER}" \ -e "aws_region=${REGION}" \ -e "HostedZoneId=${HOSTZONEID}" \ -e "install_ipa_client=false" \ -e "repo_method=file" -e "own_repo_path=${REPO_PATH}" -e "repo_version=${REPO_VERSION}" \ -e "software_to_deploy=none" ---- ansible/configs/linklight/destroy_env.yml
New file @@ -0,0 +1,10 @@ - name: Delete Infrastructure hosts: localhost connection: local gather_facts: False become: no vars_files: - "./env_vars.yml" - "./env_secret_vars.yml" - import_playbook: "{{ ANSIBLE_REPO_PATH }}/workdir/lightbulb/tools/aws_lab_setup/teardown_lab.yml" ansible/configs/linklight/env_vars.yml
New file @@ -0,0 +1,55 @@ ####### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT ####### OR PASS as "-e" args to ansible-playbook command # # Lightbulb comes with its OWN deployer which AAD simply wraps # Hence many of the variables typically used are redundant # # Note: both AAD and Lightbulb use "email" as a var for different # purposes. Below the lightbulb usage is used. # ###### Variables from the Ansible Lightbulb AWS Provisioner: ec2_key_name: ocpkey # SSH key in AWS to put in all the instances ec2_region: us-east-1 # region where the nodes will live ec2_az: us-east-1a # the availability zone ec2_name_prefix: "{{ guid }}" # name prefix for all the VMs student_total: 1 # amount of work benches to provision #networking: true # workshop is put into networking mode, uses two Cisco IOS-XE devices ## Optional Variables admin_password: ansible # password used for student account on control node localsecurity: false # skips firewalld installation and SE Linux when false create_login_page: false email: no # <OPTIONAL> Set this if you wish to disable email users: - name: tony kay username: tok email: tok@redhat.com ### END OF ANSIBLE Lightbulb AWS Provisioner Variables # #### If you want a Key Pair name created and injected into the hosts, ## set `set_env_authorized_key` to true and set the keyname in `env_authorized_key` ## you can use the key used to create the environment or use your own self generated key ## if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}}) ##use_own_key: true ##env_authorized_key: "{{guid}}key" ##ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem #<<<<<<< HEAD # #env_authorized_key: fookey #======= #use_own_key: true # env_authorized_key: "{{guid}}key" #ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem #>>>>>>> 97e92d3972791ab798a7768c7de6cd2e814481d4 set_env_authorized_key: true ansible/configs/linklight/playbook.yml
New file @@ -0,0 +1,11 @@ - name: Step 000a Pre Infrastructure hosts: localhost connection: local gather_facts: false become: false tasks: - name: debug stuff debug: msg: I've been imported ansible/configs/linklight/post_infra.yml
New file @@ -0,0 +1,28 @@ - name: Step 002 Post Infrastructure hosts: localhost connection: local become: false vars_files: - "./env_vars.yml" - "./env_secret_vars.yml" tags: - step002 - post_infrastructure tasks: - name: Job Template to launch a Job Template with update on launch inventory set uri: url: "https://{{ ansible_tower_ip }}/api/v1/job_templates/{{ job_template_id }}/launch/" method: POST user: "{{tower_admin}}" password: "{{tower_admin_password}}" body: extra_vars: guid: "{{guid}}" ipa_host_password: "{{ipa_host_password}}" body_format: json validate_certs: False HEADER_Content-Type: "application/json" status_code: 200, 201 when: tower_run == 'true' ansible/configs/linklight/post_software.yml
New file @@ -0,0 +1,43 @@ - name: Step 00xxxxx post software hosts: support gather_facts: False become: yes vars_files: - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" tasks: - debug: msg: "Post-Software tasks Started" - name: Step lab post software deployment hosts: bastions gather_facts: False become: yes tags: - opentlc_bastion_tasks vars_files: - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" tasks: - import_role: name: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa" when: install_ipa_client|bool # sssd bug, fixed by restart - name: restart sssd service: name: sssd state: restarted when: install_ipa_client - name: PostSoftware flight-check hosts: localhost connection: local gather_facts: false become: false vars_files: - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" tags: - post_flight_check tasks: - debug: msg: "Post-Software checks completed successfully" ansible/configs/linklight/pre_infra.yml
New file @@ -0,0 +1,43 @@ - name: Step 000 Pre Infrastructure hosts: localhost connection: local gather_facts: false become: false vars_files: - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" tags: - step001 - pre_infrastructure - generate_env_keys tasks: - debug: msg: "Step 000 Pre Infrastructure" - name: Generate SSH keys shell: ssh-keygen -b 2048 -t rsa -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_authorized_key }}" -q -N "" args: creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_authorized_key }}" when: set_env_authorized_key - name: fix permission file: path: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_authorized_key }}" mode: 0400 when: set_env_authorized_key - name: Generate SSH pub key shell: ssh-keygen -y -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_authorized_key }}" > "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_authorized_key }}.pub" args: creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_authorized_key }}.pub" when: set_env_authorized_key # tested version on 2018-07-24 fc86de92080165b72906a1477e389cf0298bd499 - name: Clone Ansible linklight repo locally - specfic commit git: repo: https://github.com/network-automation/linklight.git dest: "{{ ANSIBLE_REPO_PATH }}/workdir/linklight_{{ guid }}" version: fc86de92080165b72906a1477e389cf0298bd499 - import_playbook: "{{ ANSIBLE_REPO_PATH }}/workdir/linklight_{{ guid }}/provisioner/provision_lab.yml" ansible/configs/linklight/pre_software.yml
New file @@ -0,0 +1,44 @@ # Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} - name: Configure all hosts with Repositories, Common Files and Set environment key hosts: - all:!windows become: true gather_facts: False vars_files: - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" tags: - step004 - common_tasks roles: - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories", when: 'repo_method is defined' } - { role: "{{ ANSIBLE_REPO_PATH }}/roles/common", when: 'install_common' } - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key", when: 'set_env_authorized_key' } - name: Configuring Bastion Hosts hosts: bastions become: true vars_files: - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" roles: - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion", when: 'install_bastion' } tags: - step004 - bastion_tasks - name: PreSoftware flight-check hosts: localhost connection: local gather_facts: false become: false vars_files: - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" tags: - flight_check tasks: - debug: msg: "Pre-Software checks completed successfully" ansible/configs/linklight/software.yml
New file @@ -0,0 +1,19 @@ --- - name: Step 00xxxxx software hosts: localhost gather_facts: False become: false tasks: - debug: msg: "Software tasks Started" - name: Software flight-check hosts: localhost connection: local gather_facts: false become: false tags: - post_flight_check tasks: - debug: msg: "Software checks completed successfully"