-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathcontroller_cockpit_setup.yml
193 lines (168 loc) · 5.95 KB
/
controller_cockpit_setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
- name: Install and configure Cockpit/Web Console on Controller and RHEL lab nodes
hosts: control
become: true
gather_facts: true
tasks:
# Gather EC2 metadata facts
- amazon.aws.ec2_metadata_facts:
- ansible.builtin.set_fact:
workshop_ec2_region: "{{ ansible_ec2_instance_identity_document_region }}"
- name: Get instance details
ansible.builtin.include_role:
name: heatmiser.ansible_snapshot.aws
tasks_from: instance/get_instance_details
- name: Grab ec2_instance_info for node1
amazon.aws.ec2_instance_info:
region: "{{ workshop_ec2_region }}"
filters:
instance-state-name: running
"tag:Workshop_node1": "{{ instances.tags.Workshop | lower }}-node1"
delegate_to: localhost
become: false
register: node1_node_facts
- name: Debug output - node1_node_facts
ansible.builtin.debug:
msg: "{{ node1_node_facts }}"
- name: Grab ec2_instance_info for node2
amazon.aws.ec2_instance_info:
region: "{{ ec2_region }}"
filters:
instance-state-name: running
"tag:Workshop_node2": "{{ instances.tags.Workshop | lower }}-node2"
delegate_to: localhost
become: false
register: node2_node_facts
- name: Grab ec2_instance_info for node3
amazon.aws.ec2_instance_info:
region: "{{ ec2_region }}"
filters:
instance-state-name: running
"tag:Workshop_node3": "{{ instances.tags.Workshop | lower }}-node3"
delegate_to: localhost
become: false
register: node3_node_facts
- name: Grab ec2_instance_info for node4
amazon.aws.ec2_instance_info:
region: "{{ ec2_region }}"
filters:
instance-state-name: running
"tag:Workshop_node4": "{{ instances.tags.Workshop | lower }}-node4"
delegate_to: localhost
become: false
register: node4_node_facts
- name: Install cockpit console
ansible.builtin.package:
name:
- cockpit
- cockpit-system
state: present
- name: Generate 99-webui.json
ansible.builtin.template:
src: "cockpit_machines/cockpit_machines.j2"
dest: "/etc/cockpit/machines.d/99-webui.json"
- name: Check if cockpit key exists
ansible.builtin.stat:
path: "/etc/cockpit/ws-certs.d/00-signed.key"
register: cockpit_key_check
- name: Copy controller key to cockpit
ansible.builtin.copy:
src: "/home/student/{{ student }}.{{ instances.tags.Workshop | lower }}.{{ workshop_dns_zone }}/privkey.pem"
dest: "/etc/cockpit/ws-certs.d/00-signed.key"
remote_src: true
when:
- cockpit_key_check is defined
- cockpit_key_check.stat is defined
- not cockpit_key_check.stat.exists
- name: Check if cockpit cert exists
ansible.builtin.stat:
path: "/etc/cockpit/ws-certs.d/00-signed.cert"
register: cockpit_cert_check
- name: Copy controller cert to cockpit
ansible.builtin.copy:
src: "/home/student/{{ student }}.{{ instances.tags.Workshop | lower }}.{{ workshop_dns_zone }}/cert.pem"
dest: "/etc/cockpit/ws-certs.d/00-signed.cert"
remote_src: true
when:
- cockpit_cert_check is defined
- cockpit_cert_check.stat is defined
- not cockpit_cert_check.stat.exists
- name: Populate ssh host keys to known_hosts
become: yes
become_user: student
become_method: su
become_exe: sudo su -
ansible.builtin.shell: >
ssh-keyscan -tecdsa-sha2-nistp256 {{ item.tags.short_name }} >> ~/.ssh/known_hosts
with_items:
- "{{ node1_node_facts.instances }}"
- "{{ node2_node_facts.instances }}"
- "{{ node3_node_facts.instances }}"
- "{{ node4_node_facts.instances }}"
- name: Enable and start cockpit console service
ansible.builtin.service:
name: cockpit.socket
enabled: true
state: started
- name: Install and configure Cockpit/Web Console on RHEL lab nodes
hosts: web
become: true
gather_facts: false
tasks:
- name: Leapp custom actor repository
ansible.builtin.yum_repository:
name: leapp-supplements
description: Leapp custom actors for workshop demo
baseurl: https://people.redhat.com/bmader/leapp-supplements-demo/RHEL/$releasever/$basearch
gpgcheck: false
enabled: false
- name: Install Cockpit
ansible.builtin.yum:
name:
- cockpit
- cockpit-system
state: latest
- name: Enable and start cockpit console service
ansible.builtin.service:
name: cockpit.socket
enabled: true
state: started
- name: Gather distribution and distribution_major_version facts
ansible.builtin.setup:
gather_subset:
- '!all'
- distribution
- distribution_major_version
- name: Code block for RHEL7 nodes
block:
- name: Install packages for ripu pets
ansible.builtin.package:
name:
- at
- git
state: present
- name: Enable and start atd
ansible.builtin.service:
name: atd.service
enabled: true
state: started
- name: Set PasswordAuthentication no in sshd_config
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication'
line: "PasswordAuthentication no"
- name: restart ssh
ansible.builtin.service:
name: sshd
state: restarted
- name: Wait 400 seconds (using ansible.builtin.wait_for)
ansible.builtin.wait_for:
host: "{{ ansible_host }}"
timeout: 400
port: 22
become: false
vars:
ansible_connection: local
when:
- ansible_distribution == 'RedHat'
- ansible_distribution_major_version|int == 7
...