diff options
| -rw-r--r-- | bin/zsh_functions/_ossh | 49 | ||||
| -rw-r--r-- | lib/aws_command.rb | 2 | ||||
| -rw-r--r-- | playbooks/aws/ansible-tower/config.yml | 22 | ||||
| -rw-r--r-- | playbooks/aws/ansible-tower/launch.yml | 78 | ||||
| -rw-r--r-- | playbooks/aws/ansible-tower/user_data.txt | 6 | ||||
| -rw-r--r-- | playbooks/aws/ansible-tower/vars.ops.yml | 9 | ||||
| -rw-r--r-- | playbooks/aws/ansible-tower/vars.yml | 1 | ||||
| -rw-r--r-- | roles/ansible/tasks/main.yaml | 7 | ||||
| -rw-r--r-- | roles/ansible_tower/tasks/main.yaml | 27 | ||||
| -rw-r--r-- | roles/base_os/tasks/main.yaml | 5 | ||||
| -rw-r--r-- | roles/os_ipv6_disable/tasks/main.yaml | 11 |
11 files changed, 216 insertions, 1 deletions
diff --git a/bin/zsh_functions/_ossh b/bin/zsh_functions/_ossh new file mode 100644 index 000000000..7c6cb7b0b --- /dev/null +++ b/bin/zsh_functions/_ossh @@ -0,0 +1,49 @@ +#compdef ossh oscp + +_ossh_known_hosts(){ + if [[ -f ~/.ansible/tmp/multi_ec2_inventory.cache ]]; then + print $(/usr/bin/python -c 'import json,os; z = json.loads(open("%s"%os.path.expanduser("~/.ansible/tmp/multi_ec2_inventory.cache")).read()); print "\n".join(["%s.%s" % (host["ec2_tag_Name"],host["ec2_tag_environment"]) for dns, host in z["_meta"]["hostvars"].items()])') + fi +} + +_ossh(){ + local curcontext="$curcontext" state line + typeset -A opt_args + + common_arguments=( + '(- *)'{-h,--help}'[show help]' \ + {-v,--verbose}'[enable verbose]' \ + {-d,--debug}'[debug mode]' \ + {-l,--login_name}+'[login name]:login_name' \ + {-c,--command}+'[command to run on remote host]:command' \ + {-o,--ssh_opts}+'[SSH Options to pass to SSH]:ssh options' \ + {-e,--env}+'[environtment to use]:environment:->env' \ + '--list[list out hosts]' \ + ':OP Hosts:->oo_hosts' + ) + + case "$service" in + ossh) + _arguments -C -s \ + "$common_arguments[@]" \ + ;; + + oscp) + _arguments -C -s \ + "$common_arguments[@]" \ + {-r,--recurse}'[Recursive copy]' \ + ':file:_files' + ;; + esac + + case "$state" in + oo_hosts) + _values 'oo_hosts' $(_ossh_known_hosts) + ;; + env) + _values 'environment' ops int stg prod + ;; + esac +} + +_ossh "$@" diff --git a/lib/aws_command.rb b/lib/aws_command.rb index 0c714cdb4..44df05e6a 100644 --- a/lib/aws_command.rb +++ b/lib/aws_command.rb @@ -7,7 +7,7 @@ module OpenShift module Ops class AwsCommand < Thor # WARNING: we do not currently support environments with hyphens in the name - SUPPORTED_ENVS = %w(prod stg int twiest gshipley kint test jhonce amint tdint lint) + SUPPORTED_ENVS = %w(prod stg int ops twiest gshipley kint test jhonce amint tdint lint) option :type, :required => true, :enum => LaunchHelper.get_aws_host_types, :desc => 'The host type of the new instances.' diff --git a/playbooks/aws/ansible-tower/config.yml b/playbooks/aws/ansible-tower/config.yml new file mode 100644 index 000000000..423860828 --- /dev/null +++ b/playbooks/aws/ansible-tower/config.yml @@ -0,0 +1,22 @@ +--- +- name: "populate oo_hosts_to_config host group if needed" + hosts: localhost + gather_facts: no + tasks: + - name: Evaluate oo_host_group_exp if it's set + add_host: "name={{ item }} groups=oo_hosts_to_config" + with_items: "{{ oo_host_group_exp | default(['']) }}" + when: oo_host_group_exp is defined + +- name: "Configure instances" + hosts: oo_hosts_to_config + connection: ssh + user: root + vars_files: + - vars.yml + - "vars.{{ oo_env }}.yml" + roles: + - ../../../roles/base_os + - ../../../roles/os_ipv6_disable + - ../../../roles/ansible + - ../../../roles/ansible_tower diff --git a/playbooks/aws/ansible-tower/launch.yml b/playbooks/aws/ansible-tower/launch.yml new file mode 100644 index 000000000..4c29fa833 --- /dev/null +++ b/playbooks/aws/ansible-tower/launch.yml @@ -0,0 +1,78 @@ +--- +- name: Launch instance(s) + hosts: localhost + connection: local + gather_facts: no + + vars: + inst_region: us-east-1 + rhel7_ami: ami-a24e30ca + user_data_file: user_data.txt + + vars_files: + - vars.yml + - "vars.{{ oo_env }}.yml" + + tasks: + - name: Launch instances in VPC + ec2: + state: present + region: "{{ inst_region }}" + keypair: mmcgrath_libra + group_id: "{{ oo_security_group_ids }}" + instance_type: c4.xlarge + image: "{{ rhel7_ami }}" + count: "{{ oo_new_inst_names | oo_len }}" + user_data: "{{ lookup('file', user_data_file) }}" + wait: yes + assign_public_ip: "{{ oo_assign_public_ip }}" + vpc_subnet_id: "{{ oo_vpc_subnet_id }}" + register: ec2 + + - name: Add Name and environment tags to instances + ec2_tag: "resource={{ item.1.id }} region={{ inst_region }} state=present" + with_together: + - oo_new_inst_names + - ec2.instances + args: + tags: + Name: "{{ item.0 }}" + + - name: Add other tags to instances + ec2_tag: "resource={{ item.id }} region={{ inst_region }} state=present" + with_items: ec2.instances + args: + tags: "{{ oo_new_inst_tags }}" + + - name: Add new instances public IPs to oo_hosts_to_config + add_host: "hostname={{ item.0 }} ansible_ssh_host={{ item.1.public_ip }} groupname=oo_hosts_to_config" + with_together: + - oo_new_inst_names + - ec2.instances + + - debug: var=ec2 + + - name: Wait for ssh + wait_for: "port=22 host={{ item.public_ip }}" + with_items: ec2.instances + + - name: Wait for root user setup + command: "ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null root@{{ item.public_ip }} echo root user is setup" + register: result + until: result.rc == 0 + retries: 20 + delay: 10 + with_items: ec2.instances + +- name: Initial setup + hosts: oo_hosts_to_config + user: root + gather_facts: true + + tasks: + + - name: Yum update + yum: name=* state=latest + +# Apply the configs, seprate so that just the configs can be run by themselves +- include: config.yml diff --git a/playbooks/aws/ansible-tower/user_data.txt b/playbooks/aws/ansible-tower/user_data.txt new file mode 100644 index 000000000..643d17c32 --- /dev/null +++ b/playbooks/aws/ansible-tower/user_data.txt @@ -0,0 +1,6 @@ +#cloud-config +disable_root: 0 + +system_info: + default_user: + name: root diff --git a/playbooks/aws/ansible-tower/vars.ops.yml b/playbooks/aws/ansible-tower/vars.ops.yml new file mode 100644 index 000000000..feb5d786a --- /dev/null +++ b/playbooks/aws/ansible-tower/vars.ops.yml @@ -0,0 +1,9 @@ +--- +oo_env_long: operations +oo_zabbix_hostgroups: ['OPS Environment'] +oo_vpc_subnet_id: subnet-4f0bdd38 # USE OPS +oo_assign_public_ip: yes +oo_security_group_ids: + - sg-02c2f267 # Libra (vpc) + - sg-7fc4f41a # ops (vpc) + - sg-4dc26829 # ops_tower (vpc) diff --git a/playbooks/aws/ansible-tower/vars.yml b/playbooks/aws/ansible-tower/vars.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/playbooks/aws/ansible-tower/vars.yml @@ -0,0 +1 @@ +--- diff --git a/roles/ansible/tasks/main.yaml b/roles/ansible/tasks/main.yaml new file mode 100644 index 000000000..67a04b919 --- /dev/null +++ b/roles/ansible/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +# Install ansible client + +- name: Install Ansible + yum: + pkg: ansible + state: installed diff --git a/roles/ansible_tower/tasks/main.yaml b/roles/ansible_tower/tasks/main.yaml new file mode 100644 index 000000000..f58a5b1c2 --- /dev/null +++ b/roles/ansible_tower/tasks/main.yaml @@ -0,0 +1,27 @@ +--- +- name: install some useful packages + yum: name={{ item }} + with_items: + - git + - python-pip + - unzip + - python-psphere + - ansible + - telnet + - ack + +- name: download Tower setup + get_url: url=http://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-2.1.1.tar.gz dest=/opt/ force=no + +- name: extract Tower + unarchive: src=/opt/ansible-tower-setup-2.1.1.tar.gz dest=/opt copy=no creates=ansible-tower-setup-2.1.1 + +- name: Open firewalld port for http + firewalld: port=80/tcp permanent=true state=enabled + +- name: Open firewalld port for https + firewalld: port=443/tcp permanent=true state=enabled + +- name: Open firewalld port for https + firewalld: port=8080/tcp permanent=true state=enabled + diff --git a/roles/base_os/tasks/main.yaml b/roles/base_os/tasks/main.yaml index 2bb2b4ec7..448221cfb 100644 --- a/roles/base_os/tasks/main.yaml +++ b/roles/base_os/tasks/main.yaml @@ -19,6 +19,11 @@ state: present insertafter: EOF +- name: Bash Completion + yum: + pkg: bash-completion + state: installed + - name: Install firewalld yum: pkg: firewalld diff --git a/roles/os_ipv6_disable/tasks/main.yaml b/roles/os_ipv6_disable/tasks/main.yaml new file mode 100644 index 000000000..fae5beee7 --- /dev/null +++ b/roles/os_ipv6_disable/tasks/main.yaml @@ -0,0 +1,11 @@ +--- +# Disable ipv6 on RHEL7 + +- name: Disable all ipv6 + sysctl: name="net.ipv6.conf.all.disable_ipv6" value=1 sysctl_set=yes state=present reload=yes + +- name: Disable default ipv6 + sysctl: name="net.ipv6.conf.default.disable_ipv6" value=1 sysctl_set=yes state=present reload=yes + +- name: Remove ipv6 localhost from /etc/hosts + lineinfile: dest='/etc/hosts' regexp='^::1 ' state=absent owner=root group=root mode=0644 |