diff options
Diffstat (limited to 'ansible')
| -rw-r--r-- | ansible/.gitignore | 3 | ||||
| -rw-r--r-- | ansible/README.md | 64 | ||||
| -rw-r--r-- | ansible/ansible.cfg | 140 | ||||
| -rw-r--r-- | ansible/default_variables.yaml | 1 | ||||
| -rw-r--r-- | ansible/hosts | 45 | ||||
| -rwxr-xr-x | ansible/install.sh | 72 | ||||
| -rw-r--r-- | ansible/playbooks/setup_dev_machine.yaml | 17 | ||||
| -rw-r--r-- | ansible/playbooks/setup_jhbuild.yaml | 19 | ||||
| -rwxr-xr-x | ansible/setup_dev_machine.sh | 40 |
9 files changed, 401 insertions, 0 deletions
diff --git a/ansible/.gitignore b/ansible/.gitignore new file mode 100644 index 0000000..3e8500f --- /dev/null +++ b/ansible/.gitignore @@ -0,0 +1,3 @@ +*.swp +*~ +*.log diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 0000000..bc2c0e2 --- /dev/null +++ b/ansible/README.md @@ -0,0 +1,64 @@ +# Using Ansible + +## Principles + +- Ansible is an automatic configuration management (CM) tool that helps with deploying and +configuring devices with little interaction and repeatability. Anything that one might manually +"configure" on a target device should be done through Ansible to make sure that we can with +minimal effort recreate critical parts of our infrastructure. While there are limitation to +what can be done with this tool, the benefits (currently) far outweigh the cons. + +## Installation + +- To fully utilize these scripts, you need to manually install Ansible 1.2+ using `install.sh` +since Ubuntu repositories only carry version 1.1. The install scripts downloads the proper +dependencies, downloads Ansible, makes it, and installs it. The script also soft-links the +configuration files from /etc to the ones in the repository. In general if you're using sudo, +you don't need to do anything special to get the script to work. Ansible is fully configured +on ansible@domain-services and the ansible test machine is on sg@10.0.1.8. + +## Running + +- Ansible uses configuration files (`ansible.cfg`), hosts definiton files (`hosts`), variable +definitions (`default_variables.yaml`) and playbooks (any other `yaml`s) to run scripts. +- To run a "playbook" yaml file, you need to type `ansible-playbook <playbook name>.yaml`. For +standardization, top-level scripts are in this directory while helper modules have been included +in the playbooks files. +- root@obs-repository and ansible@domain-services pulic keys have been also placed in keys/ for +reference +- In general, the account that you are using to run the ansible script needs to have its ssh key +in the target's ssh `authorized_hosts` file. You can do this by running `ssh-copy-id user@machine` +- Logs are published on the server that the script is running on. This means that migrations are +logged on ostree.endlessm.com and publishes logged on obs-repository. + +## Writing/extending the scripts + +- This is too broad of a topic so please refer to the current scripts and the following sites: + - https://gist.github.com/marktheunissen/2979474 + - http://www.ansibleworks.com/docs/modules.html + +## Current scripts +- NOTE: **Most playbooks have testing hosts assigned by default and will need editing before running +scripts** + +- setup\_ostree\_server + - Installs all relevant files and applications to replicate our current ostree.endlessm.com + +- publish_ostree + - Backs up the staging/dev folder on the server + - Syncs obs-repository ostree with ostree.endlessm.com + +- migrate\_to\_* + - Migrates all files from more unstable version to a more stable release endpoint + - Process: staging/dev => staging/demo => prod + +## Examples + +- NOTE: **Most playbooks have testing hosts assigned by default and will need editing before running +scripts** + +- To publish the obs-repository ostree to the server, run: + - `ansible-playbook publish_ostree.yaml` and don't put in a sudo password + +- To setup another ostree publishing server, run: + - `ansible-playbook setup_ostree_server.yaml` and put in a valid sudo password diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..3289d8e --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,140 @@ +# config file for ansible -- http://ansible.github.com +# nearly all parameters can be overridden in ansible-playbook or with command line flags +# ansible will read ~/.ansible.cfg or /etc/ansible/ansible.cfg, whichever it finds first + +[defaults] + +# location of inventory file, eliminates need to specify -i + +hostfile = /etc/ansible/hosts + +# location of ansible library, eliminates need to specify --module-path + +library = /usr/share/ansible + +# default module name used in /usr/bin/ansible when -m is not specified + +module_name = command + +# home directory where temp files are stored on remote systems. Should +# almost always contain $HOME or be a directory writeable by all users + +remote_tmp = $HOME/.ansible/tmp + +# Disable deprecation warnings +deprecation_warnings=False + +# the default pattern for ansible-playbooks ("hosts:") + +pattern = * + +# the default number of forks (parallelism) to be used. Usually you +# can crank this up. + +forks=5 + +# the timeout used by various connection types. Usually this corresponds +# to an SSH timeout + +timeout=10 + +# when using --poll or "poll:" in an ansible playbook, and not specifying +# an explicit poll interval, use this interval + +poll_interval=15 + +# when specifying --sudo to /usr/bin/ansible or "sudo:" in a playbook, +# and not specifying "--sudo-user" or "sudo_user" respectively, sudo +# to this user account + +sudo_user=root + +# the following forces ansible to always ask for the sudo password (instead of having +# to add -K to the commandline). Or you can use the environment variable (ANSIBLE_ASK_SUDO_PASS) + +#ask_sudo_pass=True + +# the following forces ansible to always ask for the ssh-password (-k) +# can also be set by the environment variable ANSIBLE_ASK_PASS + +#ask_pass=True + +# connection to use when -c <connection_type> is not specified + +transport=paramiko + +# remote SSH port to be used when --port or "port:" or an equivalent inventory +# variable is not specified. + +remote_port=22 + +# if set, always run /usr/bin/ansible commands as this user, and assume this value +# if "user:" is not set in a playbook. If not set, use the current Unix user +# as the default + +#remote_user=root + +# the default sudo executable. If a sudo alternative with a sudo-compatible interface +# is used, specify its executable name as the default + +sudo_exe=sudo + +# the default flags passed to sudo +# sudo_flags=-H + +# how to handle hash defined in several places +# hash can be merged, or replaced +# if you use replace, and have multiple hashes named 'x', the last defined +# will override the previously defined one +# if you use merge here, hash will cumulate their keys, but keys will still +# override each other +# replace is the default value, and is how ansible always handled hash variables +# +# hash_behaviour=replace + +# if you need to use jinja2 extensions, you can list them here +# use a coma to separate extensions, e.g. : +# jinja2_extensions=jinja2.ext.do,jinja2.ext.i18n +# no extensions are loaded by default + +#jinja2_extensions= + +# if set, always use this private key file for authentication, same as if passing +# --private-key to ansible or ansible-playbook + +#private_key_file=/path/to/file + +# format of string $ansible_managed available within Jinja2 templates, replacing +# {file}, {host} and {uid} with template filename, host and owner respectively. +# The resulting string is passed through strftime(3) so it may contain any +# time-formatting specifiers. +# +# Example: ansible_managed = DONT TOUCH {file}: call {uid} at {host} for changes +ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} + +# additional plugin paths for non-core plugins + +action_plugins = /usr/share/ansible_plugins/action_plugins +callback_plugins = /usr/share/ansible_plugins/callback_plugins +connection_plugins = /usr/share/ansible_plugins/connection_plugins +lookup_plugins = /usr/share/ansible_plugins/lookup_plugins +vars_plugins = /usr/share/ansible_plugins/vars_plugins +filter_plugins = /usr/share/ansible_plugins/filter_plugins + +[paramiko_connection] + +# nothing to configure yet + +[ssh_connection] + +# if uncommented, sets the ansible ssh arguments to the following. Leaving off ControlPersist +# will result in poor performance, so use transport=paramiko on older platforms rather than +# removing it + +ssh_args=-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/tmp/ansible-ssh-%h-%p-%r + +# the following makes ansible use scp if the connection type is ssh (default is sftp) + +scp_if_ssh=True + + diff --git a/ansible/default_variables.yaml b/ansible/default_variables.yaml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/ansible/default_variables.yaml @@ -0,0 +1 @@ +--- diff --git a/ansible/hosts b/ansible/hosts new file mode 100644 index 0000000..b9b315a --- /dev/null +++ b/ansible/hosts @@ -0,0 +1,45 @@ +# This is the default ansible 'hosts' file. +# It should live in /etc/ansible/hosts +# - Comments begin with the '#' character +# - Blank lines are ignored +# - Groups of hosts are delimited by [header] elements +# - You can enter hostnames or ip addresses +# - A hostname/ip can be a member of multiple groups + +# Ex 1: Ungrouped hosts, specify before any group headers. + +#green.example.com +#blue.example.com +#192.168.100.1 +#192.168.100.10 + +# Ex 2: A collection of hosts belonging to the 'webservers' group + +#[webservers] +#alpha.example.org +#beta.example.org +#192.168.1.100 +#192.168.1.110 + +# If you have multiple hosts following a pattern you can specify +# them like this: + +#www[001:006].example.com + +# Ex 3: A collection of database servers in the 'dbservers' group + +#[dbservers] +# +#db01.intranet.mydomain.net +#db02.intranet.mydomain.net +#10.25.1.56 +#10.25.1.57 + +# Here's another example of host ranges, this time there are no +# leading 0s: + +#db-[99:101]-node.example.com +127.0.0.1 ansible_ssh_user=ansible + +[dev_machine] +root@ostree.endlessm.com ansible_ssh_host=72.14.189.30 ansible_ssh_user=root ansible_connection=ssh diff --git a/ansible/install.sh b/ansible/install.sh new file mode 100755 index 0000000..1f3ac90 --- /dev/null +++ b/ansible/install.sh @@ -0,0 +1,72 @@ +#!/bin/bash -e + +ANSIBLE_DIR="/etc/ansible" +DEPENDENCIES="make python-pip python-dev git sshpass" + +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as sudo or root. Exiting." + exit 1 +fi + +read -p "Are you sure you want to install the server config? " -n 1 -r +echo # Move to a new line +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + echo "Install canceled. Exiting." + exit 1 +fi + +echo "Checking dependencies" +set +e + dpkg -s $DEPENDENCIES &> /dev/null + has_dependencies=$? +set -e + +if [[ $has_dependencies -ne 0 || ! $(which ansible) ]]; then + echo "Installing $DEPENDENCIES" + apt-get update + apt-get install -y --force-yes $DEPENDENCIES + echo "Dependencies installed" + + echo "Installing ansible" + pip install PyYAML jinja2 paramiko + rm -rf ${HOME}/apps/ansible + sudo -u $SUDO_USER -- mkdir -p ${HOME}/apps + pushd ${HOME}/apps + sudo -u $SUDO_USER -- git clone https://github.com/ansible/ansible.git + cd ansible + make install + popd + mkdir -p /etc/ansible +fi + +if [[ ! $(which ansible-playbook) ]]; then + echo "Installing playbook script softlink" + ln -fs ${HOME}/apps/ansible/build/scripts-2.7/ansible-playbook /usr/bin/ +fi + +echo "Checking if this user has a ssh key" +ssh_key="$HOME/.ssh/id_rsa" +ssh_public_key="$ssh_key.pub" +ssh_keygen_cmd="ssh-keygen -b 4096 -f $ssh_key" + +if [[ ! -f $ssh_public_key ]]; then + echo "No ssh key found. Regenerating" + echo "Using $ssh_keygen_cmd to create key" + sudo -u $SUDO_USER -- $ssh_keygen_cmd +fi + +echo "Removing old files and links" +rm -rf $ANSIBLE_DIR/hosts + +echo "Soft-linking relevant files" +cwd=$(dirname $0) +abs_cwd=$(readlink -f $cwd) + +echo "Current directory: $abs_cwd" +ln -s $abs_cwd/hosts $ANSIBLE_DIR/hosts + +echo "Checking connectivity. If any failures appear below, it means that \ + you need to push your ssh keys to those hosts with ssh-copy-id <user>@<machine>" + +sudo -u $SUDO_USER ansible all -m ping diff --git a/ansible/playbooks/setup_dev_machine.yaml b/ansible/playbooks/setup_dev_machine.yaml new file mode 100644 index 0000000..3ffe699 --- /dev/null +++ b/ansible/playbooks/setup_dev_machine.yaml @@ -0,0 +1,17 @@ +--- +# vim:ff=unix ts=2 sw=2 ai expandtab + +### +# Notice the minus on the line below -- this starts the playbook's record +# in the YAML document. Only one playbook is allowed per YAML file. Indent +# the body of the playbook. +- + hosts: dev_machine + + sudo: False + + vars_files: + - "../default_variables.yaml" + + tasks: + - include: setup_jhbuild.yaml diff --git a/ansible/playbooks/setup_jhbuild.yaml b/ansible/playbooks/setup_jhbuild.yaml new file mode 100644 index 0000000..3df6a63 --- /dev/null +++ b/ansible/playbooks/setup_jhbuild.yaml @@ -0,0 +1,19 @@ +--- +# vim:ff=unix ts=2 sw=2 ai expandtab + +- name: "Ensuring that git is installed" + apt: name=git +- name: "Creating checkout directory" + file: path=~/checkout state=directory mode=755 +- name: "Cloning jhbuild" + git: repo=git://git.gnome.org/jhbuild + dest=~/checkout/jhbuild + +- name: "Installing jhbuildi - autogen" + shell: cd ~/checkout/jhbuild && ./autogen.sh + +- name: "Installing jhbuildi - make" + shell: cd ~/checkout/jhbuild && make + +- name: "Installing jhbuildi - make install" + shell: cd ~/checkout/jhbuild && make install diff --git a/ansible/setup_dev_machine.sh b/ansible/setup_dev_machine.sh new file mode 100755 index 0000000..9387570 --- /dev/null +++ b/ansible/setup_dev_machine.sh @@ -0,0 +1,40 @@ +#!/bin/bash -e + +#DEFAULT_USER="endless" +DEFAULT_USER="sg" +DEFAULT_PASSWORD="endless" +DEFAULT_IP="192.168.56.101" + +echo "To run this script, you need to have the following" +echo " - VM running with the correct dev HD image" +echo " - A user defined with sudo privileges" +echo " - sshpass installed on the local machine" +echo +read -p "Press [Enter] to continue..." + +if [[ ! $(which sshpass) ]]; then + echo "sshpass not found. Exiting" + echo "You can install it with sudo apt-get install sshpass" + exit 1 +fi + +read -e -p "Enter your machine's IP: " -i "$DEFAULT_IP" TARGET_IP +read -e -p "Enter your machine's user: " -i "$DEFAULT_USER" TARGET_USER +read -e -p "Enter your machine's password: " -i "${DEFAULT_PASSWORD}" TARGET_PASS +echo + +echo -n "Checking connectivity to machine..." +sshpass -p "${TARGET_PASS}" ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $TARGET_USER@$TARGET_IP 'uname -a' &> /dev/null +echo "[OK]" +echo + +tmp_inventory=$(mktemp) +trap "rm -f $tmp_inventory" EXIT + +echo "Creating Ansible inventory file in $tmp_inventory" +cat << EOF > $tmp_inventory +[dev_machine] +dev_machine ansible_ssh_host=$TARGET_IP ansible_ssh_user="$TARGET_USER" ansible_ssh_pass="${TARGET_PASS}" ansible_connection=ssh +EOF + +ansible-playbook -i $tmp_inventory playbooks/setup_dev_machine.yaml |