Skip to content
This repository was archived by the owner on Aug 19, 2021. It is now read-only.

Configure your Training Server

Jump to bottom
mawinkler edited this page May 13, 2020 · 8 revisions

Adapt your Ansible Server for MOADSD-NG

Now, you need to know your default python version which Ansible is going to use. Do the following:

$ ansible --version
ansible 2.9.4
  config file = /home/ansible/.ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ansible/.local/lib/python3.6/site-packages/ansible
  executable location = /home/ansible/.local/bin/ansible
  python version = 3.6.9 (default, Nov  7 2019, 10:44:02) [GCC 8.3.0]

That command reports the python version 2.x.x or 3.x.x in use by Ansible (in the example above it points to python version 3).

Set the following variables in /home/ansible/.ansible.cfg within the [defaults]-chapter at the beginning of the file:

$ vi ~/.ansible.cfg
stdout_callback = yaml
display_skipped_hosts = False
force_valid_group_names = ignore

Ansible Vault

For all credentials, the ansible-vault is used. Create a file called .vault-pass.txt in the home directory of the ansibleuser with a secret password.

$ echo '<YOUR VERY STRONG PASSWORD>' > ~/.vault-pass.txt && \
  chmod 600 ~/.vault-pass.txt

Install python modules

The module netaddr is a Python library for representing and manipulating network addresses. The module pywinrm is required for Windows remote management. Do

$ pip3 install netaddr --user
$ sudo apt install -y libffi6 libffi-dev libssl-dev
$ pip3 install pywinrm --user --no-binary :all:

Clone MOADSD-NG

Being logged in as user ansible clone the MOADSD-NG repo

$ git clone https://github.com/mawinkler/moadsd-ng.git && \
  cd moadsd-ng

StrictHostKeyChecking

To ease handling with ssh-keys and get rid of WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!, you can disable StrictHostKeyChecking in your ssh_config. You should do this only in non-productive environments, of course.

$ sudo vi /etc/ssh/ssh_config
StrictHostKeyChecking no

Setup awscli

We should start by installing the AWS CLI on a host running Ansible:

$ sudo apt install -y awscli

Confirm installation:

$ aws --version
aws-cli/1.14.44 Python/3.6.9 Linux/4.15.0-74-generic botocore/1.8.48

Use the configure option to continue with the AWS CLI configuration:

$ aws configure
AWS Access Key ID [None]: <access key>
AWS Secret Access Key [None]: <secret key>
Default region name [None]: <default region>
Default output format [None]: json

Example for the default region would be eu-central-1 or eu-west-1.

The Amazon AWS ec2 modules require the boto libraries to be installed. Do

$ pip3 install boto boto3 --user

Create an AWS Key Pair

When using windows instances within AWS EC2 we need to have an keypair to do an initial password change for the administrator. To create it do the following:

$ aws ec2 create-key-pair --key-name moadsd-ng-$(date '+%m%d%Y-%H%M%S') | \
    jq -r '.KeyMaterial' > ~/.ssh/moadsd-ng
$ chmod 600 ~/.ssh/moadsd-ng

We now have a private key which allows us to authenticate to the instances.

Configurator

Last step for the preparation is to configure MOADSD-NG. We do that by the use of the build-in configurator.

First, we create our configuration.yml file.

cp configuration.yml.sample configuration.yml
vi configuration.yml

Within the sample configuration, a standard Kubernets cluster is defined to which Smart Check, Jenkins, Prometheus and Grafana are getting deployed. Minimal settings to be defined by you are marked with MANDATORY. All other settings available for the configurator can be reviewed within the default-file:

cat roles/configurator/defaults/main.yml

Please, do not change that file!!

Finaly, you should encrypt your configuration.yml by doing

ansible-vault encrypt --vault-password-file \
  ../.vault-pass.txt configuration.yml

From then on, you can edit the configuration by

ansible-vault edit --vault-password-file \
  ../.vault-pass.txt configuration.yml

To change settings for your MOADSD-NG overwrite the values as required within your configuration.yml and rerun the configurator.

To run the configurator call the menu of MOADSD-NG, select the cloud and choose configurator.

./menu.sh
Please choose the target environment:
1) gcp            3) esx            5) switch_to_gcp  7) switch_to_esx
2) aws            4) site_secrets   6) switch_to_aws
#? 1
Please choose the playbook:
1) site                          8) pause_scheduled_cancel
2) deploy                        9) resume
3) deploy_endpoints             10) terminate
4) jenkins_create_credentials   11) terminate_site
5) deploy_gitlab_runners        12) configuration
6) pause                        13) manual
7) pause_scheduled
#? 12

The Configurator does quite a few checks on your configuration and will complain when a misconfiguration got detected.

Wiki

About MOADSD-NG

Getting Started

MOADSD-NG Containerized

MOADSD-NG Manual Setup

Adapt MOADSD-NG to Your Needs

The MOADSD-NG Life-Cycle

Software Components

Tipps

Final Words

Deprecated Chapters

Clone this wiki locally