...
 
Commits (2)
......@@ -8,7 +8,26 @@ Status: Draft
This branch contains the playbooks for setting up the default Ansible Tower Server for the demo deployment.
# TL;DR (Setup)
1. Import required keys into OpenStack
2. `./openstack_create_environment.sh --tower_setup`
3. `./openstack_create_environment.sh --client_setup`
4. `ansible-playbook -i rl-inventory.yml playbooks/rl_ansible_tower_server.yml
# TL;DR (Reset)
1. Delete tower01 and ac0[1..4] instances in openstack
2. `./openstack_create_environment.sh --tower_setup`
3. `./openstack_create_environment.sh --client_setup`
---
## Requirements
In order to get this to work, these requirements must be in place and properly configured.
If you're just maintaining the demo platform, the requirements should be already in place. You might need to import the keys into your OpenStack configuration, but you should be fine otherwise.
### Gitlab
* TBD
......@@ -51,6 +70,39 @@ The scripts to setup the Ansible Tower instance and clients will use these keys
#### Project
The repository provides a bash script to create
1. The Ansible Tower instance host
2. Four Ansible Tower clients
##### Ansible Tower host
In order to create the Ansible Tower host in OpenStack, change to the subdirectory `/openstack` and execute the script with the parameter `--tower_setup`.
```bash
# In the project root
cd openstack
./openstack_create_environment.sh --tower_setup
```
This will setup a host `tower01.tower.demo.redpill-linpro.com` in the current project in OpenStack, update the host to the latest version and reboot it.
The imported key `ansible_tower_demo_tower_access` is required to be in the project in order to work.
#### Ansible Tower nodes
In order to create the Ansible Tower nodes in OpenStack, change to the subdirectory `/openstack` and execute the script with the parameters `--client_setup`.
```bash
# In the project root
cd openstack
./openstack_create_environment.sh --client_setup
```
The imported key `ansible_tower_demo_client_acess` is required to be in the project in order to work.
---
#### Cloud-init
......@@ -62,10 +114,7 @@ The following changes are made:
* Update all packages on the host to the latest version.
* Reboot the host.
* Host: CentOS
User: ansible
Description: Service user for ansible deployment.
sudo: no password, all commands
---
### Ansible
......@@ -73,7 +122,7 @@ For the deployment ansible will require a user and a SSH key in place. This is d
With the user `ansible` and the correct access key in place, the playbook for deploying Ansible Tower can be executed. Run it like this.
``` yaml
```yaml
# File: rl_inventory.yml
---
tower:
......@@ -85,22 +134,5 @@ tower:
```
``` bash
ansible-playbook -i rl_inventory.yml playbooks/rl_ansible_tower_server.yml
$ ansible-playbook -i rl_inventory.yml playbooks/rl_ansible_tower_server.yml
```
## Procedure
1. Create the hosts in the environment using the script in the subfolder `openstack`:
```bash
cd openstack
./openstack_create_environment.sh
```
2. Assign manually a floating IP in Openstack to the node `tower01.tower.demo.redpill-linpro.com`.
3. Wait until the server has been created and rebooted after the package upgrade.
4.
This diff is collapsed.
......@@ -14,6 +14,182 @@
# --ip-version 4 \
# --network ansible_tower_network \
# ansible_tower_subnet
OS_AT_CLIENTS_DOMAIN="tower.demo.redpill-linpro.com"
OS_AT_CLIENTS_FLAVOR=lab.gp.tiny
OS_AT_CLIENTS_IMAGE=centos7
OS_AT_CLIENTS_KEY='ansible_tower_demo_client_access'
OS_AT_CLIENTS_NAME="ac01 ac02 ac03 ac04"
OS_AT_CLIENTS_NETWORK=ansible_tower_network
OS_AT_CLIENTS_SECURITYGROUP='default'
OS_AT_HOST_NAME='tower01'
OS_AT_HOST_DOMAIN="${OS_AT_CLIENTS_DOMAIN}"
OS_AT_HOST_FLAVOR='lab.gp.medium'
OS_AT_HOST_DOMAIN='tower.demo.redpill-linpro.com'
OS_AT_HOST_IMAGE=centos7
OS_AT_HOST_KEY='ansible_tower_demo_tower_access'
OS_AT_HOST_NAME='tower01'
#
# Check if the basic OS variables have been set.
# Output some useful information if something is missing
#
function os_check_requirements() {
requirements_met=true
if [ -z "${OS_AUTH_URL+x}" ]; then
requirements_met=false
fi
if [ -z "${OS_USERNAME+x}" ]; then
requirements_met=false
fi
if [ "${requirements_met}" = false ]; then
echo 'Requirements are not met.'
echo 'Include the Openstack project file to set all the required variables.'
echo 'Abort'
exit 1
fi
}
os_check_requirements
function help() {
echo showing help
}
#
# Check for existing instance
function instance_exists() {
instance_name="${1}"
instances=$(openstack server list -f value | grep -m 1 -c "${instance_name}")
echo "${instances}"
}
# Delete openstack instance
#
# Setup Tower server
# If there is already an instance with that name, the process will be interrupted.
function os_setup_tower() {
TOWER_FQDN=$1
if [ "$(instance_exists "${TOWER_FQDN}")" -eq 1 ]; then
echo "There is already a tower instance. Remove that one first."
exit 1
else
echo "Setup: ${TOWER_FQDN}"
openstack server create \
--flavor "${OS_AT_HOST_FLAVOR}" \
--image "${OS_AT_HOST_IMAGE}" \
--key-name "${OS_AT_HOST_KEY}" \
--network ansible_tower_network \
--security-group default \
--security-group ansible_tower_access \
--user-data ./cloud-init.tower01.yml \
"${TOWER_FQDN}"
# Assign the first available floating IP
INSTANCE_ID=$(openstack server list -f value | grep -m 1 "${OS_AT_HOST_NAME}.${OS_AT_HOST_DOMAIN}" | cut -d ' ' -f1)
FLOATING_IP=$(openstack floating ip list -f value | grep -m 1 'None None' | cut -f2 -d ' ')
echo "Assign IP: ${FLOATING_IP}"
openstack server add floating ip "${INSTANCE_ID}" "${FLOATING_IP}"
fi
}
#
# Setup a single client
function os_setup_client() {
CLIENT_FQDN=$1
if [ "$(instance_exists "${CLIENT_FQDN}")" -eq 1 ]; then
echo "There is already a client instance named ${CLIENT_FQDN}. Remove it first."
exit 1
else
echo "Setup: ${CLIENT_FQDN}"
openstack server create \
--flavor "${OS_AT_CLIENTS_FLAVOR}" \
--image "${OS_AT_CLIENTS_IMAGE}" \
--key-name "${OS_AT_CLIENTS_KEY}" \
--security-group "${OS_AT_CLIENTS_SECURITYGROUP}" \
--user-data ./cloud-init.ansible_client.yml \
--network "${OS_AT_CLIENTS_NETWORK}" \
"${CLIENT_FQDN}"
fi
}
#
# Setup clients
function os_setup_clients() {
for client in ${OS_AT_CLIENTS_NAME}; do
os_setup_client "${client}.${OS_AT_CLIENTS_DOMAIN}"
done
}
# Parse commandline paramter
if [[ $# -eq 0 ]]; then
help
exit 1
fi
POSITIONAL=()
AT_CLIENT_NAME=''
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
-n|--name)
AT_CLIENT_NAME="${2}"
shift # past argument
;;
-c|--client_setup)
AT_SETUP_CLIENTS=true
;;
--tower_setup)
AT_SETUP_TOWER=true
;;
-h|--help)
help
exit 0
;;
*) # unknown option
POSITIONAL+=("$1") # save it in an array for later
echo "unknown parameter: ${1}"
help
exit 1
;;
esac
shift # past argument/value
done
#########################################
# Handle the tower server setup
if [ "${AT_SETUP_TOWER}" = true ]; then
echo "SETUP TOWER SERVER"
os_setup_tower "${OS_AT_HOST_NAME}.${OS_AT_HOST_DOMAIN}"
fi
# Handle the client setup
if [ "${AT_SETUP_CLIENTS}" = true ]; then
if [ "${AT_CLIENT_NAME}" != '' ]; then
echo "SETUP CLIENT ${AT_CLIENT_NAME}.${AT_CLIENTS_DOMAIN}"
os_setup_client "${AT_CLIENT_NAME}.${AT_CLIENTS_DOMAIN}"
else
echo "SETUP ALL CLIENTS"
os_setup_clients
fi
fi
exit 0
# Reset the environment
......@@ -34,7 +210,7 @@ AT_HOST_KEY='ansible_tower_demo_tower_access'
AT_FLAVOR='lab.gp.medium'
echo 'CREATING THE TOWER SERVER'
openstack server create \
--flavor "${AT_FLAVOR}" \
--flavor "${OS_AT_HOST_FLAVOR}" \
--image "${AT_HOST_IMAGE}" \
--key-name "${AT_HOST_KEY}" \
--network ansible_tower_network \
......@@ -49,31 +225,3 @@ openstack server create \
# --fixed-ip-address 192.168.80.25 \
# 87.238.59.10
echo ''
echo ''
# DEPLOY DEMO CLIENTS
AC_HOSTS_NAME='ac01 ac02 ac03 ac04'
AC_HOSTS_DOMAIN='tower.demo.redpill-linpro.com'
AC_HOSTS_IMAGE=centos7
AC_HOSTS_KEY='ansible_tower_demo_client_access'
AC_HOSTS_NETWORK=ansible_tower_network
AC_SECURITY_GROUP='default'
AC_FLAVOR=lab.gp.tiny
echo 'Creating the Ansible Demo Clients'
for hostname in ${AC_HOSTS_NAME}; do
echo openstack server create \
--flavor "${AC_FLAVOR}" \
--image "${AC_HOSTS_IMAGE}" \
--key-name "${AC_HOSTS_KEY}" \
--security-group "${AC_SECURITY_GROUP}" \
--user-data ./cloud-init.ansible_client.yml \
--network "${AC_HOSTS_NETWORK}" \
"${hostname}.${AC_HOSTS_DOMAIN}"
done
# Run this playbook
echo ansible-playbook -i rl_inventory.yml playbooks/rl_ansible_tower_server.yml
......@@ -3,182 +3,6 @@
become: True
gather_facts: True
vars:
default_packages: vim, tree, screen, ansible, python-pip
ansible_tower_version: '3.5.2-1.el7'
ansible_tower_download_link: "https://releases.ansible.com/ansible-tower/setup-bundle/ansible-tower-setup-bundle-{{ ansible_tower_version }}.tar.gz"
ansible_tower_local_package: "/home/ansible/ansible-tower-setup-bundle-{{ ansible_tower_version }}.tar.gz"
passwords:
- regexp: '^admin_password='
line: "admin_password='{{ admin_password }}'"
- regexp: '^pg_password='
line: "pg_password='{{ pg_password }}'"
- regexp: '^rabbitmq_password='
line: "rabbitmq_password='{{ rabbitmq_password }}'"
organization_passwords:
onordmann_password: &onordmann_password '1qaz!QAZ' # Ola
knordmann_password: &knordmann_password '1qaz!QAZ' # Kari
enordmann_password: &enordmann_password '2wsx"WSX' # Emma
lnordmann_password: &lnordmann_password '2wsx"WSX' # Lucas
demo_client_access_password: &demo_client_access_password '1qaz!QAZ' # Ansible Clients
tower_config:
host: "{{ inventory_hostname }}"
username: admin
password: "{{ admin_password }}"
verify_ssl: False
setting:
license:
company_name: Redpill Linpro AS
contact_email: 'lars.odegaard@redpill-linpro.com'
contact_name: Lars degaard
hostname: 31e4c17f8eda4e8fabb941b486aa0ce1
instance_count: 100
license_type: basic
license_date: 1582387661
license_key: 17ef5ae4c12f01490e7300865e2ca3e8344299a41fad4019a4981825c9d403c0
subscription_name: 'Red Hat Ansible Tower, Self-Support (100 Managed Nodes) NFR'
features:
surveys: true
multiple_organizations: true
ldap: true
enterprise_auth: true
rebranding: true
activity_streams: true
workflows: true
ha: true
system_tracking: true
organization:
default:
name: Default
state: absent
demo:
name: demo
description: DEMO ORGANIZATION
users:
- name: onordmann
password: *onordmann_password
first_name: Ola
second_name: Nordmann
superuser: False
auditor: False
email: ola.nordmann@redpill-linpro.com
- name: knordmann
password: *knordmann_password
first_name: Kari
second_name: Nordmann
superuser: True
auditor: False
email: kari.nordmann@redpill-linpro.com
- name: enordmann
password: *enordmann_password
first_name: Emma
second_name: Nordmann
email: emma.nordmann@redpill-linpro.com
superuser: False
auditor: False
email: emma.nordmann@redpill-linpro.com
- name: lnordmann
password: *lnordmann_password
first_name: Lucas
second_name: Nordmann
email: lucas.nordmann@redpill-linpro.com
superuser: False
auditor: False
teams:
- name: silver
description: OK users (children, do not trust)
members:
- name: "enordmann"
- name: "lnordmann"
- name: gold
description: Very good users (parents)
members:
- name: "onordmann"
- name: "knordmann"
credentials:
- name: demo_client_access_pw
description: Password based client access
username: ansible
password: *demo_client_access_password
kind: ssh
- name: demo_client_access_key
description: SSH key based client access
kind: ssh
username: ansible
ssh_key_data: "{{ lookup('file', 'files/ssh_keys/ansible_client_access') }}"
- name: demo_project_a_key
kind: scm
ssh_key_data: "{{ lookup('file', 'files/ssh_keys/demo_project_a') }}"
- name: demo_project_b_key
kind: scm
ssh_key_data: "{{ lookup('file', 'files/ssh_keys/demo_project_b') }}"
- name: 'Demo Credential' # Does not work???
state: absent
kind: ssh
inventories:
- name: demo_clients-1_to_3
description: Demo clients for Ansible, 1, 2 and 3
- name: demo_clients-4
description: Demo client for Ansible, 4
hosts:
- name: ac01.tower.demo.redpill-linpro.com
description: Ansible Test client 01
inventory: demo_clients-1_to_3
- name: ac02.tower.demo.redpill-linpro.com
description: Ansible Test client 02
inventory: demo_clients-1_to_3
ip: 192.168.80.15
- name: ac03.tower.demo.redpill-linpro.com
description: Ansible Test client 03
inventory: demo_clients-1_to_3
- name: ac04.tower.demo.redpill-linpro.com
description: Ansible Test client 04
inventory: demo_clients-4
projects:
- name: RL Demo Project A
state: present
description: RL Demo project A for Ansible Tower.
scm_credential: demo_project_a_key
scm_clean: True
scm_branch: demo_project_a
scm_delete_on_update: False
scm_type: git
scm_update_on_launch: True
scm_url: git@gitlab.redpill-linpro.com:is/ansible-tower-demo.git
- name: RL Demo Project B
state: present
description: RL Demo project B for Ansible Tower.
scm_credential: demo_project_b_key
scm_clean: True
scm_branch: demo_project_b
scm_delete_on_update: False
scm_type: git
scm_update_on_launch: True
scm_url: git@gitlab.redpill-linpro.com:is/ansible-tower-demo.git
job_templates:
# - name: 'Demo Job Template' # Does not work TBD
# state: absent
# playbook:
- name: 'PA: Ping'
description: Ping hosts
state: present
job_type: run
forks: 3
inventory: demo_clients-1_to_3
state: present
playbook: 'playbooks/ping.yml'
project: 'RL Demo Project A'
become_enabled: False
credential: demo_client_access_key
- name: 'PB: Ping'
description: Ping hosts
state: present
job_type: run
inventory: demo_clients-4
state: present
playbook: 'playbooks/ping.yml'
project: 'RL Demo Project B'
become_enabled: False
credential: demo_client_access_key
pre_tasks:
......@@ -268,14 +92,3 @@
name: ansible_tower_config
tags: config
- name: UPDATE HOSTS FILE
lineinfile:
path: /etc/hosts
line: "{{ item.ip }} {{ item.name }}"
regexp: "{{ item.name }}"
loop: "{{ tower_config.organization['demo'].hosts }}"
tags: hosts
when: item.ip is defined
......@@ -2,3 +2,7 @@
- name: "config.setting-cli: Process [ license ]"
include_tasks: "setting/license.yml"
when: tower_config.setting.license is defined
- name: "config.setting-cli: Process [ setting ]"
include_tasks: "setting/setting.yml"
when: tower_config.setting.setting is defined
---
- name: "config.setting [ SETTINGS ]"
tower_settings:
tower_host: "{{ tower_config.host | default(omit) }}"
tower_username: "{{ tower_config.username | default(omit) }}"
tower_password: "{{ tower_config.password | default(omit) }}"
tower_verify_ssl: "{{ tower_config.verify_ssl | default(omit) }}"
name: "{{ item.name }}"
value: "{{ item.value }}"
loop: "{{ tower_config.setting.setting }}"
loop_control:
label: "{{ item.name }}"
digraph setup {
splines="ortho";
node [ fillcolor="#FF0000;" shape="box"; ] ;
ansible_tower [ label="Ansible Tower\ntower01.tower.demo.redpill-linpro.comn\nreachable via public IP" ];
ac01 [ label="Client\nac01.tower.demo.redpill-linpro.com" ];
ac02 [ label="Client\nac02.tower.demo.redpill-linpro.com" ];
ac03 [ label="Client\nac03.tower.demo.redpill-linpro.com" ];
ac04 [ label="Client\nac04.tower.demo.redpill-linpro.com" ];
gitlab [ label="Code repository\ngitlab.redpill-linpro.com" ];
internet [ label="Internet" shape="circle"; ];
subgraph cluster_openstack {
label="OpenStack";
labelloc="b";
labeljust="r";
fontcolor="gray";
fontname="Helvetica";
fillcolor="lightgray";
color="gray";
style="filled";
ansible_tower
ansible_tower -> ac01
ansible_tower -> ac02
ansible_tower -> ac03
ansible_tower -> ac04
}
subgraph cluster_rl_network {
label="RL network";
labelloc="b";
labeljust="r";
fontcolor="gray";
fontname="Helvetica";
fillcolor="lightgray";
color="gray";
style="filled";
gitlab -> ansible_tower
}
internet -> ansible_tower
}
setup.png

28.7 KB