Skip to content
Snippets Groups Projects
Commit fcaa658f authored by debora.benedetto@hpe.com's avatar debora.benedetto@hpe.com
Browse files

remove output_file_generated folder from gitignore, add ssh_key file generation for ansible

parent 04b41506
Branches
No related tags found
No related merge requests found
Showing
with 411 additions and 13 deletions
.idea
*.tar.gz
icgparser/doml/*domlx
output_files_generated/*
# output_files_generated/*
# Byte-compiled / optimized / DLL files
__pycache__/
......
---
input:
- instance_server_public_key
- instance_server_private_key
- instance_ip
output: []
engine: ansible
......
......@@ -4,4 +4,4 @@
[vms:vars]
ansible_connection=ssh
ansible_user=ubuntu
ansible_ssh_private_key_file={{ ssh_key_file }}
ansible_ssh_private_key_file=ssh_key
{{ instance_server_private_key }}
\ No newline at end of file
......@@ -18,19 +18,11 @@ data "openstack_networking_network_v2" "external" {
name = "external"
}
data "openstack_identity_project_v3" "test_tenant" {
name = "admin"
}
data "openstack_networking_secgroup_v2" "default" {
name = "default"
tenant_id = data.openstack_identity_project_v3.test_tenant.id
}
# Create virtual machine
resource "openstack_compute_instance_v2" "nginx" {
name = "nginx-host"
image_name = "Ubuntu-Focal-20.04-Daily-2022-04-19"
flavor_name = "ubuntu"
flavor_name = "łubuntu"
key_pair = openstack_compute_keypair_v2.user_key.name
network {
port = openstack_networking_port_v2.nginx.id
......@@ -75,7 +67,8 @@ resource "openstack_networking_port_v2" "nginx" {
network_id = openstack_networking_network_v2.generic.id
admin_state_up = true
security_group_ids = [
data.openstack_networking_secgroup_v2.default.id #default flavour id
openstack_compute_secgroup_v2.ssh.id,
openstack_compute_secgroup_v2.http.id
]
fixed_ip {
subnet_id = openstack_networking_subnet_v2.nginx.id
......
---
input:
- instance_ip_nginx-host
- instance_server_private_key_
output: []
engine: ansible
...
[servers_for_nginx]
{{ instance_ip_nginx-host }}
[servers_for_nginx:vars]
ansible_connection=ssh
ansible_user=
ansible_ssh_private_key_file={{ instance_server_private_key_ }}
---
- hosts: servers_for_nginx
gather_facts: no
become: yes
tasks:
- name: Update repositories
apt:
update_cache: yes
- name: Install nginx
package:
name: nginx
- name: Start nginx
service:
name: nginx
enabled: yes
state: started
- name: Set attributes
set_stats:
data:
site_config_dir: /etc/nginx/conf.d
- name: Install sample site
copy:
dest: "{{ item }}"
content: |
<!doctype html>
<html lang="en">
<head>
<title>Hello World!</title>
</head>
<body>
<h1>Sample web page</h1>
<p>With little content ;)</p>
</body>
</html>
with_items:
- /var/www/html/index.html
- /usr/share/nginx/html/index.html
{{ instance_server_private_key }}
\ No newline at end of file
---
iac:
- terraform
- ansible
...
\ No newline at end of file
# https://docs.ansible.com/ansible/latest/reference_appendices/config.html
[defaults]
host_key_checking = False
inventory = {{CWD}}/hosts.yaml ; This points to the file that lists your hosts
remote_user = esilab
deprecation_warnings=False ; to remove the python version depretation warning
display_skipped_hosts = no
\ No newline at end of file
roles:
# - name: dj-wasabi.telegraf
# version: 0.13.2
# source: https://galaxy.ansible.com
- name: dj-wasabi.telegraf
src: https://github.com/dj-wasabi/ansible-telegraf.git
scm: git
version: 0.13.2
all:
hosts:
localhost:
ansible_connection: local
#!/bin/bash
set -e
SCRIPT_DIR=$(dirname "$0")
# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable
if [[ -f ./ansible.cfg ]]
then
export ANSIBLE_CONFIG=./ansible.cfg
else
if [[ -f $SCRIPT_DIR/ansible.cfg ]]
then
export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
fi
fi
if [[ -z "$ANSIBLE_CONFIG" ]]
then
echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
else
echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
fi
if [[ -z "$1" ]]
then
# echo without params
echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml
ansible-playbook $SCRIPT_DIR/site_requirements.yaml
else
# echo with params
echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
fi
#!/bin/bash
set -e
SCRIPT_DIR=$(dirname "$0")
# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable
if [[ -f ./ansible.cfg ]]
then
export ANSIBLE_CONFIG=./ansible.cfg
else
if [[ -f $SCRIPT_DIR/ansible.cfg ]]
then
export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
fi
fi
if [[ -z "$ANSIBLE_CONFIG" ]]
then
echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
else
echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
fi
if [[ -z "$1" ]]
then
# echo without params
echo ansible-playbook $SCRIPT_DIR/site.yaml
ansible-playbook $SCRIPT_DIR/site.yaml
else
# echo with params
echo ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
fi
- hosts: all
pre_tasks:
- name: Check parameters
fail:
msg: 'variable {{item}} not defined'
when: item is not defined
with_items:
- pma_deployment_id
- pma_influxdb_bucket
- pma_influxdb_token
- pma_influxdb_org
- pma_influxdb_addr
- name: Print parameters
debug:
msg:
- "pma_deployment_id: {{ pma_deployment_id }}"
- "pma_influxdb_bucket: {{ pma_influxdb_bucket }}"
- "pma_influxdb_token: {{ pma_influxdb_token }}"
- "pma_influxdb_org: {{ pma_influxdb_org }}"
- "pma_influxdb_addr: {{ pma_influxdb_addr }}"
- name: Ensure gnupg package
package:
name: gnupg
state: present
become: true
vars_files:
- vars/main.yaml
roles:
- dj-wasabi.telegraf
- hosts: localhost
tasks:
- name: print disclamer
debug:
msg: this can also be done with "ansible-galaxy install -r requirements"
- name: install telegraf from galaxy
community.general.ansible_galaxy_install:
type: role
requirements_file: ansible_requirements.yml
telegraf_agent_package_state: latest
telegraf_agent_output:
- type: influxdb_v2
config:
- urls = ["{{ pma_influxdb_addr }}"]
- token = "{{ pma_influxdb_token }}"
- organization = "{{ pma_influxdb_org }}"
- bucket = "{{ pma_influxdb_bucket }}"
- insecure_skip_verify = true
telegraf_global_tags:
- tag_name: deployment_id
tag_value: "{{ pma_deployment_id }}"
telegraf_plugins_default:
- plugin: cpu
- plugin: mem
- plugin: processes
- plugin: disk
- plugin: net
---
engine: terraform
input:
- OS_USERNAME
- OS_PASSWORD
- OS_AUTH_URL
- OS_PROJECT_NAME
output:
- instance_server_public_key_
- instance_server_private_key_
- instance_ip_nginx-host
...
terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "~> 1.35.0"
}
}
}
# Configure the OpenStack Provider
provider "openstack" {
#user_name = var.openstack_username
#tenant_name = "admin"
#password = var.openstack_password
#auth_url = var.openstack_auth_url
insecure = true
}
# Retrieve data
data "openstack_networking_network_v2" "external" {
name = "external"
}
data "openstack_identity_project_v3" "test_tenant" {
name = "admin"
}
data "openstack_networking_secgroup_v2" "default" {
name = "default"
tenant_id = data.openstack_identity_project_v3.test_tenant.id
}
# Create virtual machine
resource "openstack_compute_instance_v2" "vm1" {
name = "nginx-host"
image_name = "Ubuntu-Focal-20.04-Daily-2022-04-19"
flavor_name = "small"
key_pair = openstack_compute_keypair_v2.ssh_key.name
network {
port = openstack_networking_port_v2.net1.id
}
## AGENTS TO ADD
# this is subject to be moved to IEM as part of its baseline
provisioner "local-exec" {
command = "ansible-galaxy collection install community.general"
}
# this is subject to be moved to IEM as part of its baseline
provisioner "local-exec" {
command = "ansible-playbook ansible/playbooks/pma/site_requirements.yaml"
}
# secrets can be taken from environment variables at IEM but these security issues I will leave them to y2, the user can also be problematic ubuntu/root/centos/...
provisioner "local-exec" {
command = "ansible-playbook -u root -i '${openstack_networking_floatingip_v2.vm1_floating_ip.address},' ansible/playbooks/pma/site.yaml --extra-vars '{\"pma_deployment_id\": \"123e4567-e89b-12d3-a456-426614174002\", \"pma_influxdb_bucket\": \"bucket\", \"pma_influxdb_token\": \"piacerePassword\", \"pma_influxdb_org\": \"piacere\", \"pma_influxdb_addr\": \"https://influxdb.pm.ci.piacere.digital.tecnalia.dev\" }'"
}
}
# Create floating ip
resource "openstack_networking_floatingip_v2" "vm1_floating_ip" {
pool = "external"
# fixed_ip = ""
}
# Attach floating ip to instance
resource "openstack_compute_floatingip_associate_v2" "vm1_floating_ip_association" {
floating_ip = openstack_networking_floatingip_v2.vm1_floating_ip.address
instance_id = openstack_compute_instance_v2.vm1.id
}
## Network
# Create Network
resource "openstack_networking_network_v2" "net1" {
name = "concrete_net"
}
# Create Subnet
resource "openstack_networking_subnet_v2" "net1_subnet" {
name = "concrete_net_subnet"
network_id = openstack_networking_network_v2.net1.id
cidr = "16.0.0.0/24"
dns_nameservers = ["8.8.8.8", "8.8.8.4"]
}
# Attach networking port
resource "openstack_networking_port_v2" "net1" {
name = "concrete_net"
network_id = openstack_networking_network_v2.net1.id
admin_state_up = true
security_group_ids = [
data.openstack_networking_secgroup_v2.default.id #default flavour id
]
fixed_ip {
subnet_id = openstack_networking_subnet_v2.net1_subnet.id
}
}
# Create router
resource "openstack_networking_router_v2" "net1_router" {
name = "net1_router"
external_network_id = data.openstack_networking_network_v2.external.id #External network id
}
# Router interface configuration
resource "openstack_networking_router_interface_v2" "net1_router_interface" {
router_id = openstack_networking_router_v2.net1_router.id
subnet_id = openstack_networking_subnet_v2.net1_subnet.id
}
# Create ssh keys
resource "openstack_compute_keypair_v2" "ssh_key" {
name = "ubuntu"
# public_key = "ubuntu"
}
# CREATING SECURITY_GROUP
resource "openstack_compute_secgroup_v2" "icmp" {
name = "icmp"
description = "Security group rule for port -1"
rule {
from_port = -1
to_port = -1
ip_protocol = "icmp"
cidr = "0.0.0.0/0"
}
}
resource "openstack_compute_secgroup_v2" "http" {
name = "http"
description = "Security group rule for port 80"
rule {
from_port = 80
to_port = 80
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
resource "openstack_compute_secgroup_v2" "https" {
name = "https"
description = "Security group rule for port 443"
rule {
from_port = 443
to_port = 443
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
resource "openstack_compute_secgroup_v2" "ssh" {
name = "ssh"
description = "Security group rule for port 22"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment