diff options
| -rw-r--r-- | bin/zsh_functions/_ossh | 49 | ||||
| -rw-r--r-- | playbooks/aws/ansible-tower/config.yml | 23 | ||||
| -rw-r--r-- | playbooks/aws/ansible-tower/launch.yml | 103 | ||||
| -rw-r--r-- | playbooks/aws/ansible-tower/user_data.txt | 6 | ||||
| -rw-r--r-- | playbooks/aws/ansible-tower/vars.ops.yml | 9 | ||||
| -rw-r--r-- | playbooks/aws/ansible-tower/vars.yml | 1 | ||||
| -rw-r--r-- | roles/ansible_install/tasks/main.yaml | 7 | ||||
| -rw-r--r-- | roles/ansible_tower/files/inventory | 5 | ||||
| -rw-r--r-- | roles/ansible_tower/files/tower_setup_conf.yml | 10 | ||||
| -rw-r--r-- | roles/ansible_tower/tasks/main.yaml | 38 | ||||
| -rw-r--r-- | roles/base_os/tasks/main.yaml | 5 | ||||
| -rw-r--r-- | roles/os_ipv6_disable/tasks/main.yaml | 11 |
12 files changed, 267 insertions, 0 deletions
diff --git a/bin/zsh_functions/_ossh b/bin/zsh_functions/_ossh new file mode 100644 index 000000000..7c6cb7b0b --- /dev/null +++ b/bin/zsh_functions/_ossh @@ -0,0 +1,49 @@ +#compdef ossh oscp + +_ossh_known_hosts(){ + if [[ -f ~/.ansible/tmp/multi_ec2_inventory.cache ]]; then + print $(/usr/bin/python -c 'import json,os; z = json.loads(open("%s"%os.path.expanduser("~/.ansible/tmp/multi_ec2_inventory.cache")).read()); print "\n".join(["%s.%s" % (host["ec2_tag_Name"],host["ec2_tag_environment"]) for dns, host in z["_meta"]["hostvars"].items()])') + fi +} + +_ossh(){ + local curcontext="$curcontext" state line + typeset -A opt_args + + common_arguments=( + '(- *)'{-h,--help}'[show help]' \ + {-v,--verbose}'[enable verbose]' \ + {-d,--debug}'[debug mode]' \ + {-l,--login_name}+'[login name]:login_name' \ + {-c,--command}+'[command to run on remote host]:command' \ + {-o,--ssh_opts}+'[SSH Options to pass to SSH]:ssh options' \ + {-e,--env}+'[environtment to use]:environment:->env' \ + '--list[list out hosts]' \ + ':OP Hosts:->oo_hosts' + ) + + case "$service" in + ossh) + _arguments -C -s \ + "$common_arguments[@]" \ + ;; + + oscp) + _arguments -C -s \ + "$common_arguments[@]" \ + {-r,--recurse}'[Recursive copy]' \ + ':file:_files' + ;; + esac + + case "$state" in + oo_hosts) + _values 'oo_hosts' $(_ossh_known_hosts) + ;; + env) + _values 'environment' ops int stg prod + ;; + esac +} + +_ossh "$@" diff --git a/playbooks/aws/ansible-tower/config.yml b/playbooks/aws/ansible-tower/config.yml new file mode 100644 index 000000000..0318d7a98 --- /dev/null +++ b/playbooks/aws/ansible-tower/config.yml @@ -0,0 +1,23 @@ +--- +- name: "populate oo_hosts_to_config host group if needed" + hosts: localhost + gather_facts: no + tasks: + - name: Evaluate oo_host_group_exp if it's set + add_host: "name={{ item }} groups=oo_hosts_to_config" + with_items: "{{ oo_host_group_exp | default(['']) }}" + when: oo_host_group_exp is defined + +- name: "Configure instances" + hosts: oo_hosts_to_config + connection: ssh + user: root + vars_files: + - vars.yml + - "vars.{{ oo_env }}.yml" + roles: + - ../../../roles/base_os + - ../../../roles/timezone + - ../../../roles/ipv6_disable + - ../../../roles/ansible_install + - ../../../roles/ansible_tower diff --git a/playbooks/aws/ansible-tower/launch.yml b/playbooks/aws/ansible-tower/launch.yml new file mode 100644 index 000000000..d2938f443 --- /dev/null +++ b/playbooks/aws/ansible-tower/launch.yml @@ -0,0 +1,103 @@ +--- +- name: Launch instance(s) + hosts: localhost + connection: local + gather_facts: no + + vars: + inst_region: us-east-1 + rhel7_ami: ami-a24e30ca + user_data_file: user_data.txt + oo_vpc_subnet_id: # Purposely left blank, these are here to be overridden in env vars_files + oo_assign_public_ip: # Purposely left blank, these are here to be overridden in env vars_files + + vars_files: + - vars.yml + - "vars.{{ oo_env }}.yml" + + tasks: + - name: Launch instances in VPC + ec2: + state: present + region: "{{ inst_region }}" + keypair: mmcgrath_libra + group_id: "{{ oo_security_group_ids }}" + instance_type: c4.xlarge + image: "{{ rhel7_ami }}" + count: "{{ oo_new_inst_names | oo_len }}" + user_data: "{{ lookup('file', user_data_file) }}" + wait: yes + assign_public_ip: "{{ oo_assign_public_ip }}" + vpc_subnet_id: "{{ oo_vpc_subnet_id }}" + when: oo_vpc_subnet_id + register: ec2_vpc + + - set_fact: + ec2: "{{ ec2_vpc }}" + when: oo_vpc_subnet_id + + - name: Launch instances in Classic + ec2: + state: present + region: "{{ inst_region }}" + keypair: mmcgrath_libra + group: ['Libra', '{{ oo_env }}', '{{ oo_env }}_proxy', '{{ oo_env }}_proxy_atomic'] + instance_type: c4.xlarge + image: "{{ rhel7_ami }}" + count: "{{ oo_new_inst_names | oo_len }}" + user_data: "{{ lookup('file', user_data_file) }}" + wait: yes + when: not oo_vpc_subnet_id + register: ec2_classic + + - set_fact: + ec2: "{{ ec2_classic }}" + when: not oo_vpc_subnet_id + + - name: Add Name and environment tags to instances + ec2_tag: "resource={{ item.1.id }} region={{ inst_region }} state=present" + with_together: + - oo_new_inst_names + - ec2.instances + args: + tags: + Name: "{{ item.0 }}" + + - name: Add other tags to instances + ec2_tag: "resource={{ item.id }} region={{ inst_region }} state=present" + with_items: ec2.instances + args: + tags: "{{ oo_new_inst_tags }}" + + - name: Add new instances public IPs to oo_hosts_to_config + add_host: "hostname={{ item.0 }} ansible_ssh_host={{ item.1.public_ip }} groupname=oo_hosts_to_config" + with_together: + - oo_new_inst_names + - ec2.instances + + - debug: var=ec2 + + - name: Wait for ssh + wait_for: "port=22 host={{ item.public_ip }}" + with_items: ec2.instances + + - name: Wait for root user setup + command: "ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null root@{{ item.public_ip }} echo root user is setup" + register: result + until: result.rc == 0 + retries: 20 + delay: 10 + with_items: ec2.instances + +- name: Initial setup + hosts: oo_hosts_to_config + user: root + gather_facts: true + + tasks: + + - name: Yum update + yum: name=* state=latest + +# Apply the configs, seprate so that just the configs can be run by themselves +- include: config.yml diff --git a/playbooks/aws/ansible-tower/user_data.txt b/playbooks/aws/ansible-tower/user_data.txt new file mode 100644 index 000000000..643d17c32 --- /dev/null +++ b/playbooks/aws/ansible-tower/user_data.txt @@ -0,0 +1,6 @@ +#cloud-config +disable_root: 0 + +system_info: + default_user: + name: root diff --git a/playbooks/aws/ansible-tower/vars.ops.yml b/playbooks/aws/ansible-tower/vars.ops.yml new file mode 100644 index 000000000..feb5d786a --- /dev/null +++ b/playbooks/aws/ansible-tower/vars.ops.yml @@ -0,0 +1,9 @@ +--- +oo_env_long: operations +oo_zabbix_hostgroups: ['OPS Environment'] +oo_vpc_subnet_id: subnet-4f0bdd38 # USE OPS +oo_assign_public_ip: yes +oo_security_group_ids: + - sg-02c2f267 # Libra (vpc) + - sg-7fc4f41a # ops (vpc) + - sg-4dc26829 # ops_tower (vpc) diff --git a/playbooks/aws/ansible-tower/vars.yml b/playbooks/aws/ansible-tower/vars.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/playbooks/aws/ansible-tower/vars.yml @@ -0,0 +1 @@ +--- diff --git a/roles/ansible_install/tasks/main.yaml b/roles/ansible_install/tasks/main.yaml new file mode 100644 index 000000000..67a04b919 --- /dev/null +++ b/roles/ansible_install/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +# Install ansible client + +- name: Install Ansible + yum: + pkg: ansible + state: installed diff --git a/roles/ansible_tower/files/inventory b/roles/ansible_tower/files/inventory new file mode 100644 index 000000000..c4f03c7fb --- /dev/null +++ b/roles/ansible_tower/files/inventory @@ -0,0 +1,5 @@ +[primary] +localhost + +[all:children] +primary diff --git a/roles/ansible_tower/files/tower_setup_conf.yml b/roles/ansible_tower/files/tower_setup_conf.yml new file mode 100644 index 000000000..023e6cd3e --- /dev/null +++ b/roles/ansible_tower/files/tower_setup_conf.yml @@ -0,0 +1,10 @@ +admin_password: Wd97YLJkqt0Z +database: external +munin_password: Wd97YLJkqt0Z +pg_database: tower +pg_host: use-tower1.cx5dyo4uindu.us-east-1.rds.amazonaws.com +pg_password: qG3JwuXb6uXi +pg_port: 5432 +pg_username: tower_admin +primary_machine: localhost +redis_password: wbTneuaKu4YSLSmWqCYVQaB83bREadRg8HRvNJX4 diff --git a/roles/ansible_tower/tasks/main.yaml b/roles/ansible_tower/tasks/main.yaml new file mode 100644 index 000000000..8fe0634d2 --- /dev/null +++ b/roles/ansible_tower/tasks/main.yaml @@ -0,0 +1,38 @@ +--- +- name: install some useful packages + yum: name={{ item }} + with_items: + - git + - python-pip + - unzip + - python-psphere + - ansible + - telnet + - ack + +- name: download Tower setup + #get_url: url=http://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-{{tower_version}}.tar.gz + get_url: url=http://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-2.1.1.tar.gz + dest=/opt/ force=yes + +#- name: extract Tower +# unarchive: src=/opt/ansible-tower-setup-2.1.1.tar.gz dest=/opt copy=no +# +#- name: copy tower_setup_conf.yml +# copy: src=tower_setup_conf.yml dest=/opt/ansible-tower-setup-2.1.1 owner=root group=root mode=0644 +# +#- name: copy inventory +# copy: src=inventory dest=/opt/ansible-tower-setup-2.1.1 owner=root group=root mode=0644 + +- name: run the Tower installer + command: chdir=/opt/ansible-tower-setup-2.1.1 creates=/etc/awx/settings.py ./setup.sh + +- name: Open firewalld port for http + firewalld: port=80/tcp permanent=true state=enabled + +- name: Open firewalld port for https + firewalld: port=443/tcp permanent=true state=enabled + +- name: Open firewalld port for https + firewalld: port=8080/tcp permanent=true state=enabled + diff --git a/roles/base_os/tasks/main.yaml b/roles/base_os/tasks/main.yaml index 2bb2b4ec7..448221cfb 100644 --- a/roles/base_os/tasks/main.yaml +++ b/roles/base_os/tasks/main.yaml @@ -19,6 +19,11 @@ state: present insertafter: EOF +- name: Bash Completion + yum: + pkg: bash-completion + state: installed + - name: Install firewalld yum: pkg: firewalld diff --git a/roles/os_ipv6_disable/tasks/main.yaml b/roles/os_ipv6_disable/tasks/main.yaml new file mode 100644 index 000000000..fae5beee7 --- /dev/null +++ b/roles/os_ipv6_disable/tasks/main.yaml @@ -0,0 +1,11 @@ +--- +# Disable ipv6 on RHEL7 + +- name: Disable all ipv6 + sysctl: name="net.ipv6.conf.all.disable_ipv6" value=1 sysctl_set=yes state=present reload=yes + +- name: Disable default ipv6 + sysctl: name="net.ipv6.conf.default.disable_ipv6" value=1 sysctl_set=yes state=present reload=yes + +- name: Remove ipv6 localhost from /etc/hosts + lineinfile: dest='/etc/hosts' regexp='^::1 ' state=absent owner=root group=root mode=0644 |