Merge pull request #78 from mwoodson/tower_install

tower install

bin/zsh_functions/_ossh

@@ -0,0 +1,49 @@
+#compdef ossh oscp
+
+_ossh_known_hosts(){
+  if [[ -f ~/.ansible/tmp/multi_ec2_inventory.cache ]]; then
+    print $(/usr/bin/python -c 'import json,os; z = json.loads(open("%s"%os.path.expanduser("~/.ansible/tmp/multi_ec2_inventory.cache")).read()); print "\n".join(["%s.%s" % (host["ec2_tag_Name"],host["ec2_tag_environment"]) for dns, host in z["_meta"]["hostvars"].items()])')
+  fi
+}
+
+_ossh(){
+  local curcontext="$curcontext" state line
+  typeset -A opt_args
+
+  common_arguments=(
+    '(- *)'{-h,--help}'[show help]' \
+    {-v,--verbose}'[enable verbose]' \
+    {-d,--debug}'[debug mode]' \
+    {-l,--login_name}+'[login name]:login_name' \
+    {-c,--command}+'[command to run on remote host]:command' \
+    {-o,--ssh_opts}+'[SSH Options to pass to SSH]:ssh options' \
+    {-e,--env}+'[environtment to use]:environment:->env' \
+    '--list[list out hosts]' \
+    ':OP Hosts:->oo_hosts'
+  )
+
+  case "$service" in
+    ossh)
+      _arguments -C -s  \
+        "$common_arguments[@]" \
+      ;;
+
+    oscp)
+      _arguments -C -s  \
+        "$common_arguments[@]" \
+        {-r,--recurse}'[Recursive copy]' \
+        ':file:_files'
+      ;;
+  esac
+
+  case "$state" in
+      oo_hosts)
+        _values 'oo_hosts' $(_ossh_known_hosts)
+        ;;
+      env)
+        _values 'environment' ops int stg prod
+        ;;
+  esac
+}
+
+_ossh "$@"

lib/aws_command.rb

@@ -7,7 +7,7 @@ module OpenShift
   module Ops
     class AwsCommand < Thor
       # WARNING: we do not currently support environments with hyphens in the name
-      SUPPORTED_ENVS = %w(prod stg int twiest gshipley kint test jhonce amint tdint lint)
+      SUPPORTED_ENVS = %w(prod stg int ops twiest gshipley kint test jhonce amint tdint lint)
 
       option :type, :required => true, :enum => LaunchHelper.get_aws_host_types,
              :desc => 'The host type of the new instances.'

playbooks/aws/ansible-tower/config.yml

@@ -0,0 +1,22 @@
+---
+- name: "populate oo_hosts_to_config host group if needed"
+  hosts: localhost
+  gather_facts: no
+  tasks:
+  - name: Evaluate oo_host_group_exp if it's set
+    add_host: "name={{ item }} groups=oo_hosts_to_config"
+    with_items: "{{ oo_host_group_exp | default(['']) }}"
+    when: oo_host_group_exp is defined
+
+- name: "Configure instances"
+  hosts: oo_hosts_to_config
+  connection: ssh
+  user: root
+  vars_files:
+    - vars.yml
+    - "vars.{{ oo_env }}.yml"
+  roles:
+    - ../../../roles/base_os
+    - ../../../roles/os_ipv6_disable
+    - ../../../roles/ansible
+    - ../../../roles/ansible_tower

playbooks/aws/ansible-tower/launch.yml

@@ -0,0 +1,78 @@
+---
+- name: Launch instance(s)
+  hosts: localhost
+  connection: local
+  gather_facts: no
+
+  vars:
+    inst_region: us-east-1
+    rhel7_ami: ami-a24e30ca
+    user_data_file: user_data.txt
+
+  vars_files:
+    - vars.yml
+    - "vars.{{ oo_env }}.yml"
+
+  tasks:
+    - name: Launch instances in VPC
+      ec2:
+        state: present
+        region: "{{ inst_region }}"
+        keypair: mmcgrath_libra
+        group_id: "{{ oo_security_group_ids }}"
+        instance_type: c4.xlarge
+        image: "{{ rhel7_ami }}"
+        count: "{{ oo_new_inst_names | oo_len }}"
+        user_data: "{{ lookup('file', user_data_file) }}"
+        wait: yes
+        assign_public_ip: "{{ oo_assign_public_ip }}"
+        vpc_subnet_id: "{{ oo_vpc_subnet_id }}"
+      register: ec2
+
+    - name: Add Name and environment tags to instances
+      ec2_tag: "resource={{ item.1.id }} region={{ inst_region }} state=present"
+      with_together:
+        - oo_new_inst_names
+        - ec2.instances
+      args:
+        tags:
+          Name: "{{ item.0 }}"
+
+    - name: Add other tags to instances
+      ec2_tag: "resource={{ item.id }} region={{ inst_region }} state=present"
+      with_items: ec2.instances
+      args:
+        tags: "{{ oo_new_inst_tags }}"
+
+    - name: Add new instances public IPs to oo_hosts_to_config
+      add_host: "hostname={{ item.0 }} ansible_ssh_host={{ item.1.public_ip }} groupname=oo_hosts_to_config"
+      with_together:
+        - oo_new_inst_names
+        - ec2.instances
+
+    - debug: var=ec2
+
+    - name: Wait for ssh
+      wait_for: "port=22 host={{ item.public_ip }}"
+      with_items: ec2.instances
+
+    - name: Wait for root user setup
+      command: "ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null root@{{ item.public_ip }} echo root user is setup"
+      register: result
+      until: result.rc == 0
+      retries: 20
+      delay: 10
+      with_items: ec2.instances
+
+- name: Initial setup
+  hosts: oo_hosts_to_config
+  user: root
+  gather_facts: true
+
+  tasks:
+
+    - name: Yum update
+      yum: name=* state=latest
+
+# Apply the configs, seprate so that just the configs can be run by themselves
+- include: config.yml

playbooks/aws/ansible-tower/user_data.txt

@@ -0,0 +1,6 @@
+#cloud-config
+disable_root: 0
+
+system_info:
+  default_user:
+    name: root

playbooks/aws/ansible-tower/vars.ops.yml

@@ -0,0 +1,9 @@
+---
+oo_env_long: operations
+oo_zabbix_hostgroups: ['OPS Environment']
+oo_vpc_subnet_id: subnet-4f0bdd38  # USE OPS
+oo_assign_public_ip: yes
+oo_security_group_ids:
+  - sg-02c2f267 # Libra (vpc)
+  - sg-7fc4f41a # ops (vpc)
+  - sg-4dc26829 # ops_tower (vpc)

playbooks/aws/ansible-tower/vars.yml

@@ -0,0 +1 @@
+---

roles/ansible/tasks/main.yaml

@@ -0,0 +1,7 @@
+---
+# Install ansible client
+
+- name: Install Ansible
+  yum:
+    pkg: ansible
+    state: installed

roles/ansible_tower/tasks/main.yaml

@@ -0,0 +1,27 @@
+---
+- name: install some useful packages
+  yum: name={{ item }}
+  with_items:
+  - git
+  - python-pip
+  - unzip
+  - python-psphere
+  - ansible
+  - telnet
+  - ack
+
+- name: download Tower setup
+  get_url: url=http://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-2.1.1.tar.gz dest=/opt/ force=no
+
+- name: extract Tower
+  unarchive: src=/opt/ansible-tower-setup-2.1.1.tar.gz dest=/opt copy=no creates=ansible-tower-setup-2.1.1
+
+- name: Open firewalld port for http
+  firewalld: port=80/tcp permanent=true state=enabled
+
+- name: Open firewalld port for https
+  firewalld: port=443/tcp permanent=true state=enabled
+
+- name: Open firewalld port for https
+  firewalld: port=8080/tcp permanent=true state=enabled
+

roles/base_os/tasks/main.yaml

@@ -19,6 +19,11 @@
     state: present
     insertafter: EOF
 
+- name: Bash Completion
+  yum:
+    pkg: bash-completion
+    state: installed
+
 - name: Install firewalld
   yum:
     pkg: firewalld

roles/os_ipv6_disable/tasks/main.yaml

@@ -0,0 +1,11 @@
+---
+# Disable ipv6 on RHEL7
+
+- name: Disable all ipv6
+  sysctl: name="net.ipv6.conf.all.disable_ipv6" value=1 sysctl_set=yes state=present reload=yes
+
+- name: Disable default ipv6
+  sysctl: name="net.ipv6.conf.default.disable_ipv6" value=1 sysctl_set=yes state=present reload=yes
+
+- name: Remove ipv6 localhost from /etc/hosts
+  lineinfile: dest='/etc/hosts' regexp='^::1 ' state=absent owner=root group=root mode=0644