diff --git a/olam/create_instance.yml b/olam/create_instance.yml index b86a69d..679f4d6 100644 --- a/olam/create_instance.yml +++ b/olam/create_instance.yml @@ -263,6 +263,7 @@ - name: Configure new instances hosts: all + become: true gather_facts: false vars_files: - default_vars.yml @@ -309,6 +310,12 @@ ansible.builtin.include_tasks: "olam_passwordless_setup.yml" when: passwordless_ssh + - name: Install Oracle Linux Automation Manager + ansible.builtin.include_tasks: deploy-olam-tasks.yml + vars: + control_node_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + when: inventory_hostname == 'olam-node' + - name: Update all rpm packages ansible.builtin.import_playbook: update_all_rpms.yml when: update_all diff --git a/olam/create_instance_1.yml b/olam/create_instance_1.yml deleted file mode 100644 index 025f649..0000000 --- a/olam/create_instance_1.yml +++ /dev/null @@ -1,379 +0,0 @@ ---- -# Copyright (c) 2024 Oracle and/or its affiliates. -# This software is made available to you under the terms of the Universal Permissive License (UPL), Version 1.0. -# The Universal Permissive License (UPL), Version 1.0 (see COPYING or https://oss.oracle.com/licenses/upl) -# See LICENSE.TXT for details. - -- name: Gather facts and create instances - hosts: localhost - collections: - - oracle.oci - - community.general - - vars: - oci_config_section: DEFAULT - ad_placement: 1 - compartment_name: - compartment_id: - compute_instances: - 1: - instance_name: "control-node" - 2: - instance_name: "olam-node" - os: "Oracle Linux" - os_version: "8" - instance_shape: "VM.Standard.E4.Flex" - instance_ocpus: 2 - instance_memory: 16 - private_key: "id_rsa" - # ansible_python_interpreter: /usr/bin/python3.6 - debug_enabled: false - - tasks: - - # - name: Check if state file exists - # ansible.builtin.stat: - # path: /tmp/ansible.state - # register: state_exists - - # - name: Fail if state file already exists - # ansible.builtin.fail: - # msg: "Exit instance creation as a state file already exists." - # when: hosts_exists.stat.exists - - - name: Get location of oci_config - ansible.builtin.set_fact: - oci_config_file: "{{lookup('env','HOME') + '/.oci/config'}}" - - - name: Get tenancy ocid - ansible.builtin.set_fact: - my_tenancy_id: "{{ lookup('ini', 'tenancy section={{ oci_config_section }} file={{ oci_config_file }}') }}" - - - name: Get region id - ansible.builtin.set_fact: - my_region_id: "{{ lookup('ini', 'region section={{ oci_config_section }} file={{ oci_config_file }}') }}" - - - name: Print regions selected - ansible.builtin.debug: - msg: "{{ my_region_id }}" - when: debug_enabled - - - name: Get list availbility domains - oci_identity_availability_domain_facts: - compartment_id: "{{ my_tenancy_id }}" - region: "{{ my_region_id }}" - register: result - - - name: Print availability domains - ansible.builtin.debug: - msg: "{{ result }}" - when: debug_enabled - - - name: Set list of availability domains - ansible.builtin.set_fact: - availability_domains: "{{ result.availability_domains }}" - - - name: Set to availability domain from list - ansible.builtin.set_fact: - my_availability_domain: "{{ availability_domains[ (lookup('ansible.builtin.vars', 'ad_placement')| int)-1 ].name }}" - - - name: Print availability domain ad_placement - ansible.builtin.debug: - msg: "{{ my_availability_domain }}" - when: debug_enabled - -## Get compartment id from .oci/config or env OCI_COMPARTMENT_OCID - - - name: Get compartment id - ansible.builtin.set_fact: - my_compartment_id: "{{ compartment_id | default(lookup('ansible.builtin.env', 'OCI_COMPARMENT_OCID'), true) | default(lookup('ini', 'compartment-id section={{ oci_config_section }} file={{ oci_config_file }}'), true) }}" - - - name: Print compartment id - ansible.builtin.debug: - msg: "{{ my_compartment_id }}" - when: debug_enabled - - - name: Fail when compartment_id is not defined - ansible.builtin.fail: - msg: "Variable for compartment_id is not defined." - when: my_compartment_id is not defined - - - name: Generate random hex string - ansible.builtin.set_fact: - vcn_code: "{{ query('community.general.random_string', upper=false, lower=false, override_special=hex_chars, numbers=false) }}" - vars: - hex_chars: '0123456789abcdef' - - - name: Create a virtual cloud network - oci_network_vcn: - compartment_id: "{{ my_compartment_id }}" - display_name: "Linuxvirt Virtual Cloud Network" - cidr_blocks: "10.0.0.0/16" - dns_label: "vcn" - register: result - retries: 10 - delay: 30 - until: result is not failed - - - name: Set vcn id - ansible.builtin.set_fact: - my_vcn_id: "{{ result.vcn.id }}" - - - name: Create internet_gateway - oci_network_internet_gateway: - compartment_id: "{{ my_compartment_id }}" - vcn_id: "{{ my_vcn_id }}" - is_enabled: true - display_name: "Linuxvirt Internet Gateway" - state: 'present' - register: result - retries: 10 - delay: 30 - until: result is not failed - - - name: Set internet gateway id - ansible.builtin.set_fact: - my_internet_gateway_id: "{{ result.internet_gateway.id }}" - - - name: Create route_table - oci_network_route_table: - compartment_id: "{{ my_compartment_id }}" - vcn_id: "{{ my_vcn_id }}" - display_name: "Linuxvirt Route Table" - route_rules: - - network_entity_id: "{{ my_internet_gateway_id }}" - cidr_block: "0.0.0.0/0" - destination_type: CIDR_BLOCK - state: 'present' - register: result - retries: 10 - delay: 30 - until: result is not failed - - - name: Set route table id - ansible.builtin.set_fact: - my_rt_id: "{{ result.route_table.id }}" - - - name: Create security_list - oci_network_security_list: - display_name: "Linuxvirt Security List" - compartment_id: "{{ my_compartment_id }}" - vcn_id: "{{ my_vcn_id }}" - egress_security_rules: - - destination: "0.0.0.0/0" - protocol: 6 - ingress_security_rules: - - source: "0.0.0.0/0" - protocol: 6 - tcp_options: - destination_port_range: - max: 22 - min: 22 - register: result - retries: 10 - delay: 30 - until: result is not failed - - - name: Set security list id - ansible.builtin.set_fact: - my_security_list_id: "{{ result.security_list.id }}" - - - name: Create subnet - oci_network_subnet: - compartment_id: "{{ my_compartment_id }}" - vcn_id: "{{ my_vcn_id }}" - cidr_block: "10.0.0.48/28" - display_name: "Linuxvirt Subnet" - prohibit_public_ip_on_vnic: false - route_table_id: "{{ my_rt_id }}" - security_list_ids: "{{ my_security_list_id }}" - dns_label: "lv" - register: result - retries: 10 - delay: 30 - until: result is not failed - - - name: Set subnet id - ansible.builtin.set_fact: - my_subnet_id: "{{ result.subnet.id }}" - - - name: Get image - oci_compute_image_facts: - compartment_id: "{{ my_compartment_id }}" - operating_system: "{{ os }}" - operating_system_version: "{{ os_version }}" - shape: "{{ instance_shape }}" - sort_by: TIMECREATED - sort_order: DESC - register: result - retries: 10 - delay: 30 - until: result is not failed - - - name: Print image list - ansible.builtin.debug: - var: result - when: debug_enabled - - - name: Set compute image id - ansible.builtin.set_fact: - ol_image_id: "{{ result.images[0].id }}" - - # - name: Create the state file - # ansible.builtin.copy: - # dest: /tmp/ansible.state - # content: | - # vcn_id: {{ my_vcn_id }} - # internet_gateway_id: {{ my_internet_gateway_id }} - # route_table_id: {{ my_rt_id }} - # security_list_id: {{ my_security_list_id }} - # subnet_id: {{ my_subnet_id }} - - - name: Build an instance - ansible.builtin.include_tasks: "build.yaml" - loop: "{{ lookup('dict', compute_instances) }}" - - - name: Print in-memory inventory - ansible.builtin.debug: - msg: "{{ groups['in_memory'] }}" - when: debug_enabled - -- name: Configure new instances - hosts: in_memory - become: yes - gather_facts: false - vars: - username: "oracle" - user_default_password: "oracle" - private_key: "id_rsa" - debug_enabled: false - - tasks: - - - name: Wait for system to become reachable - ansible.builtin.wait_for_connection: - - - name: Run facts module to get latest information - ansible.builtin.setup: - - - name: Add user account with access to sudo - ansible.builtin.user: - name: "{{ username }}" - password: "{{ user_default_password | password_hash('sha512') }}" - comment: Ansible created user - groups: wheel - append: yes - update_password: on_create - - - name: Set authorized key for user using local pubilc key file - ansible.posix.authorized_key: - user: "{{ username }}" - state: present - key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/' + private_key + '.pub' ) }}" - - - name: Set user with passwordless sudo access - ansible.builtin.lineinfile: - path: '/etc/sudoers.d/{{ username }}' - regexp: '{{ username }} ALL=' - line: '{{ username}} ALL=(ALL:ALL) NOPASSWD: ALL' - state: present - create: yes - - - name: Add locale settings to .bashrc - ansible.builtin.lineinfile: - dest: ~/.bashrc - line: "{{ item }}" - with_items: - - 'export LC_ALL="en_US.UTF-8"' - - 'export LC_CTYPE="en_US.UTF-8"' - become_user: "{{ username }}" - - - name: Generate ssh keypair for user - community.crypto.openssh_keypair: - path: ~/.ssh/id_rsa - size: 2048 - comment: ocne ssh keypair - become_user: "{{ username }}" - - - name: Fetch public key file from server - ansible.builtin.fetch: - src: "~/.ssh/id_rsa.pub" - dest: "buffer/{{ inventory_hostname }}-id_rsa.pub" - flat: yes - become_user: "{{ username }}" - - - name: Copy public key to each destination - ansible.posix.authorized_key: - user: "{{ username }}" - state: present - key: "{{ lookup('file', 'buffer/{{ item }}-id_rsa.pub') }}" - loop: "{{ groups['in_memory'] | flatten(levels=1) }}" - - - name: Print hostvars for groups - ansible.builtin.debug: - msg: "{{ hostvars[item] }}" - loop: "{{ groups['in_memory'] | flatten(levels=1) }}" - when: debug_enabled - - - name: Accept new ssh fingerprints - ansible.builtin.shell: | - ssh-keyscan -t ecdsa-sha2-nistp256 {{ hostvars[item].ansible_host }} >> ~/.ssh/known_hosts - with_items: - - "{{ groups['in_memory'] }}" - become_user: "{{ username }}" - - - name: Install Oracle Linux Automation Manager - ansible.builtin.include_tasks: deploy-olam-tasks.yaml - vars: - control_node_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" - when: inventory_hostname == 'olam-node' - - - name: Print instance details - ansible.builtin.debug: - msg: - - "Instance name: {{ hostvars[inventory_hostname]['ansible_hostname'] }}" - - " public ip: {{ hostvars[inventory_hostname]['ansible_host'] }}" - - " private ip: {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" - - - name: Pause play to interact with the servers - ansible.builtin.pause: - prompt: "Playbook paused... hit to continue or then to abort. Aborting at this stage requires manual removal of all cloud resources this playbook creates." - -- name: Terminate instances and delete OCI resources - hosts: localhost - collections: - - oracle.oci - - community.general - - tasks: - - - name: Terminate the instances - oci_compute_instance: - id: "{{ hostvars[item]['instance_ocid'] }}" - state: absent - loop: "{{ groups['in_memory'] | flatten(levels=1) }}" - - - name: Delete the subnet - oci_network_subnet: - id: "{{ my_subnet_id }}" - state: absent - - - name: Delete the security list - oci_network_security_list: - id: "{{ my_security_list_id }}" - state: absent - - - name: Delete the route table - oci_network_route_table: - id: "{{ my_rt_id }}" - state: absent - - - name: Delete the Internet Gateway - oci_network_internet_gateway: - id: "{{ my_internet_gateway_id }}" - state: absent - - - name: Delete the VCN - oci_network_vcn: - vcn_id: "{{ my_vcn_id }}" - state: absent \ No newline at end of file diff --git a/olam/default_vars.yml b/olam/default_vars.yml index b2fe46e..3197a96 100644 --- a/olam/default_vars.yml +++ b/olam/default_vars.yml @@ -1,6 +1,6 @@ compute_instances: 1: - instance_name: "olam" + instance_name: "olam-node" type: "control" boot_volume_size_in_gbs: 50 os: "Oracle Linux" diff --git a/olam/deploy-olam-tasks.yml b/olam/deploy-olam-tasks.yml index b37423e..1b06821 100644 --- a/olam/deploy-olam-tasks.yml +++ b/olam/deploy-olam-tasks.yml @@ -46,7 +46,7 @@ stream=13 profiles= state=enabled - when: + when: - ansible_distribution_major_version | int >= 8 - name: Install the database @@ -60,7 +60,7 @@ owner: "postgres" group: "postgres" state: directory - mode: 0700 + mode: "0700" # Handle the ol-automation-manager-DB-init.sh script @@ -72,6 +72,7 @@ - name: initialize postgresql database ansible.builtin.command: "postgresql-setup --initdb" when: not pgdata_dir_version.stat.exists + become: true become_user: postgres - name: Change database password storage encryption @@ -79,18 +80,19 @@ path: /var/lib/pgsql/data/postgresql.conf regexp: '^#password_encryption.*' replace: 'password_encryption = scram-sha-256' - + - name: Enable and start postgresql.service ansible.builtin.systemd: name: postgresql state: started - enabled: yes + enabled: true - name: Create awx postgresql user community.postgresql.postgresql_user: name: awx password: password role_attr_flags: NOSUPERUSER + become: true become_user: postgres - name: Create awx postgresql db @@ -128,7 +130,7 @@ section: ol8_automation1 option: enabled value: "0" - mode: 0644 + mode: "0644" - name: Enable Oracle Linux Automation Manager 2.0 repository ansible.builtin.ini_file: @@ -136,7 +138,7 @@ section: ol8_automation2 option: enabled value: "1" - mode: 0644 + mode: "0644" - name: Install Oracle Linux Automation Manager ansible.builtin.dnf: @@ -155,7 +157,7 @@ path: /etc/redis.conf regexp: '^unixsocketperm ' insertafter: '^unixsocket ' - line: unixsocketperm 775 + line: unixsocketperm 775 - name: Configure CLUSTER_HOST_ID setting ansible.builtin.copy: @@ -188,6 +190,7 @@ - name: Provision olam ansible container environment containers.podman.podman_image: name: container-registry.oracle.com/oracle_linux_automation_manager/olam-ee + become: true become_user: awx - name: Check if awx provisioned @@ -206,6 +209,7 @@ touch /var/lib/awx/.awx-provisioned args: executable: /bin/bash + become: true become_user: awx register: awx_migrate when: not awx_provision.stat.exists @@ -218,8 +222,9 @@ 'Password:': admin 'Password \(again\):': admin register: awx_password + become: true become_user: awx - ignore_errors: yes + ignore_errors: true changed_when: awx_password.stdout is not search('is already taken') - name: Print the AWX admin password @@ -250,7 +255,7 @@ dest: /etc/nginx/nginx.conf owner: root group: root - mode: 0644 + mode: "0644" - name: Remove default configuration in receptor ansible.builtin.template: @@ -258,15 +263,15 @@ dest: /etc/receptor/receptor.conf owner: root group: root - mode: '0644' + mode: "0644" - name: Set firewall service rules ansible.posix.firewalld: zone: public service: "{{ item }}" - permanent: yes + permanent: true state: enabled - immediate: yes + immediate: true loop: - http - https @@ -275,9 +280,9 @@ ansible.posix.firewalld: zone: public port: "{{ item }}" - permanent: yes + permanent: true state: enabled - immediate: yes + immediate: true loop: - 27199/tcp @@ -285,7 +290,7 @@ ansible.builtin.systemd: name: "{{ item }}" state: started - enabled: yes + enabled: true with_items: - ol-automation-manager @@ -297,4 +302,3 @@ - name: Enable lingering is needed ansible.builtin.command: "loginctl enable-linger awx" when: not user_lingering.stat.exists - diff --git a/olam/get_facts.yml b/olam/get_facts.yml index bf3a8af..65cc31c 100644 --- a/olam/get_facts.yml +++ b/olam/get_facts.yml @@ -12,14 +12,14 @@ - name: Get minimum set of available facts ansible.builtin.setup: - gather_subset: - - 'min' + gather_subset: + - 'min' register: min_facts - name: Print minimum set of facts ansible.builtin.debug: - msg: "{{ min_facts }}" + msg: "{{ min_facts }}" - name: Print system date ansible.builtin.debug: - var: ansible_date_time.date + var: ansible_date_time.date diff --git a/olam/olam_passwordless_setup.yml b/olam/olam_passwordless_setup.yml index d44f842..7e5b9d3 100644 --- a/olam/olam_passwordless_setup.yml +++ b/olam/olam_passwordless_setup.yml @@ -29,7 +29,9 @@ key: "{{ lookup('file', 'buffer/{{ item }}-id_rsa.pub') }}" loop: "{{ groups['control'] | flatten(levels=1) }}" become: true - when: inventory_hostname in groups['remote'] + when: + - "'remote' in groups" + - inventory_hostname in groups['remote'] - name: Print hostvars for groups ansible.builtin.debug: @@ -49,4 +51,6 @@ become_user: "{{ username }}" register: result changed_when: result.rc == 0 - when: inventory_hostname in groups['control'] + when: + - "'remote' in groups" + - inventory_hostname in groups['control']