Skip to content

Commit 7fb9c36

Browse files
committed
Initial Commit
1 parent 8e12104 commit 7fb9c36

File tree

56 files changed

+2144
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

56 files changed

+2144
-0
lines changed

.ansible-lint

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
skip_list:
2+
- package-latest

.gitignore

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
__pycache__/
2+
*.py[cod]
3+
*$py.class
4+
dist/
5+
lib/
6+
*.egg-info/
7+
.cache
8+
pytestdebug.log
9+
source-contexts.json
10+
source-context.json
11+
client_secrets.json
12+
\#*\#
13+
.\#*
14+
*_flymake.py
15+
.DS_Store
16+
.eggs/
17+
.python-version
18+
.idea
19+
node_modules/
20+
*.code-workspace
21+
.envrc
22+
.coverage
23+
htmlcov/
24+
*.iml
25+
26+
# Terraform
27+
# See: https://github.com/github/gitignore/blob/master/Terraform.gitignore
28+
**/.terraform/*
29+
*.tfstate
30+
*.tfstate.*
31+
override.tf
32+
override.tf.json
33+
*_override.tf
34+
*_override.tf.json
35+
.terraformrc
36+
terraform.rc
37+
/cloudbuild/.terraform.lock.hcl

README.md

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
# Example Ansible Automation for Installing Anthos Bare Metal
2+
3+
4+
## Setup Remote User
5+
Make sure that the remote user account is configured to allow for the execution of sudo without the need to enter a password. An example of how this can be achieved can be found below:
6+
7+
```
8+
# Setup sudoers for remote user account e.g "ansible-runner"
9+
sudo rm -f /etc/sudoers.d/*
10+
cat <<EOF | sudo tee /etc/sudoers.d/00-ansible-runner
11+
ansible-runner ALL=(ALL) NOPASSWD:ALL
12+
EOF
13+
```
14+
15+
## Ansible Control Machine Setup
16+
On your Ansible Control Machine, ensure that you install and initialize the Google Cloud SDK using these [instructions](https://cloud.google.com/sdk/docs). This process will install gcloud and gsutil.
17+
18+
Next we need to loging in with your Google Account which will be used by Ansible to manage the services and service accounts:
19+
```
20+
gcloud auth login --update-adc
21+
```
22+
and finally ensure that you setup the default Google Cloud Project
23+
```
24+
gcloud config set project "PROJECT_ID"
25+
```

ansible.cfg

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
# Copyright 2021, Matthew Winter
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
16+
[defaults]
17+
inventory = ./inventory/hosts.yml
18+
host_key_checking = False
19+
private_key_file = ~/.ssh/id_rsa

create-anthos-cluster.yml

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
# Copyright 2021, Matthew Winter
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
16+
#--------------------------------------------------------------------
17+
# Playbook to Create Anthos Cluster
18+
#--------------------------------------------------------------------
19+
20+
---
21+
22+
- name: Prepare the Anthos Cluster Nodes
23+
hosts: "{{ target_nodes }}"
24+
vars_files:
25+
- vars/anthos.yml
26+
- vars/timesync.yml
27+
roles:
28+
- role: remove-docker
29+
- role: system-package-update
30+
- role: disable-firewall
31+
- role: setup-timesync
32+
- role: setup-login-user
33+
- role: copy-workstation-ssh
34+
35+
36+
- name: Setup the Anthos Cluster
37+
hosts: "{{ target_workstation }}"
38+
remote_user: "{{ login_user }}"
39+
vars_files:
40+
- vars/anthos.yml
41+
roles:
42+
- role: check-cluster-registered
43+
- role: bmctl-create-config
44+
- role: bmctl-check-config
45+
- role: bmctl-create-cluster

create-anthos-workstation.yml

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
# Copyright 2021, Matthew Winter
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
16+
#--------------------------------------------------------------------
17+
# Playbook to Create Anthos Workstation
18+
#--------------------------------------------------------------------
19+
20+
---
21+
22+
- name: Prepare the Google Cloud Project for Anthos
23+
hosts: localhost
24+
vars_files:
25+
- vars/anthos.yml
26+
roles:
27+
- role: enable-ansible-services
28+
- role: enable-anthos-services
29+
- role: create-anthos-service-accounts
30+
- role: create-ansible-service-accounts
31+
32+
33+
- name: Prepare the Anthos Workstation
34+
hosts: "{{ target_workstation }}"
35+
vars_files:
36+
- vars/anthos.yml
37+
- vars/timesync.yml
38+
roles:
39+
- role: system-package-update
40+
- role: disable-firewall
41+
- role: setup-timesync
42+
- role: setup-login-user
43+
44+
45+
- name: Setup the Anthos Workstation as "login_user"
46+
hosts: "{{ target_workstation }}"
47+
remote_user: "{{ login_user }}"
48+
vars_files:
49+
- vars/anthos.yml
50+
roles:
51+
- role: copy-service-account-keys
52+
- role: setup-gcloud-sdk
53+
- role: activate-gcloud-sdk
54+
- role: setup-kubectl
55+
- role: setup-bmctl
56+
- role: setup-docker

inventory/hosts.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
anthos_workstations:
2+
hosts:
3+
anthos-workstation:
4+
ansible_host: 10.0.200.1
5+
6+
anthos_cluster:
7+
hosts:
8+
anthos-edge:
9+
ansible_host: 10.0.200.2
Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
# Copyright 2021, Matthew Winter
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
16+
---
17+
18+
- name: Add GOOGLE_APPLICATION_CREDENTIALS Environment Variable to ".bashrc"
19+
ansible.builtin.lineinfile:
20+
path: "{{ ansible_user_dir }}/.bashrc"
21+
regexp: "^export GOOGLE_APPLICATION_CREDENTIALS="
22+
line: "export GOOGLE_APPLICATION_CREDENTIALS=\"{{ gcp_keys_dir }}/{{ item }}.json\""
23+
with_items:
24+
- "{{ ansible_service_account }}"
25+
26+
- name: Activate Ansible Service Account for "login_user"
27+
ansible.builtin.shell:
28+
cmd: |
29+
set -o pipefail
30+
gcloud auth activate-service-account "{{ item }}@{{ gcp_project_id }}.iam.gserviceaccount.com" --key-file="{{ item }}.json"
31+
gcloud config set project "{{ gcp_project_id }}"
32+
chdir: "{{ gcp_keys_dir }}"
33+
args:
34+
executable: /bin/bash
35+
changed_when: false
36+
with_items:
37+
- "{{ ansible_service_account }}"
38+
39+
- name: Activate Ansible Service Account for "root"
40+
ansible.builtin.shell:
41+
cmd: |
42+
set -o pipefail
43+
gcloud auth activate-service-account "{{ item }}@{{ gcp_project_id }}.iam.gserviceaccount.com" --key-file="{{ item }}.json"
44+
gcloud config set project "{{ gcp_project_id }}"
45+
chdir: "{{ gcp_keys_dir }}"
46+
args:
47+
executable: /bin/bash
48+
become: true
49+
changed_when: false
50+
with_items:
51+
- "{{ ansible_service_account }}"
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
# Copyright 2021, Matthew Winter
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
16+
---
17+
18+
- name: Check "bmctl" Configuration for Anthos Cluster
19+
ansible.builtin.shell:
20+
cmd: |
21+
set -o pipefail
22+
export GOOGLE_APPLICATION_CREDENTIALS="{{ gcp_keys_dir }}/{{ ansible_service_account }}.json"
23+
bmctl check config -c "{{ cluster_name }}" --quiet
24+
args:
25+
executable: /bin/bash
26+
register: cluster_check_fail
27+
failed_when: false
28+
changed_when: false
29+
30+
- name: Check the Previous Task
31+
ansible.builtin.debug:
32+
msg: "{{ cluster_check_fail.stdout_lines + cluster_check_fail.stderr_lines }}"
33+
failed_when: cluster_check_fail.rc != 0
34+
when:
35+
- cluster_check_fail.stdout_lines is defined
36+
- cluster_check_fail.stderr_lines is defined
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
# Copyright 2021, Matthew Winter
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
16+
---
17+
18+
- name: Create Anthos Cluster
19+
ansible.builtin.shell:
20+
cmd: |
21+
set -o pipefail
22+
export GOOGLE_APPLICATION_CREDENTIALS="{{ gcp_keys_dir }}/{{ ansible_service_account }}.json"
23+
bmctl create cluster -c "{{ cluster_name }}" --quiet
24+
args:
25+
executable: /bin/bash
26+
register: create_cluster
27+
failed_when: false
28+
changed_when: false
29+
30+
- name: Check the Previous Task
31+
ansible.builtin.debug:
32+
msg: "{{ create_cluster.stdout_lines + create_cluster.stderr_lines }}"
33+
failed_when: create_cluster.rc != 0
34+
when:
35+
- create_cluster.stdout_lines is defined
36+
- create_cluster.stderr_lines is defined
Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
# Copyright 2021, Matthew Winter
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
16+
---
17+
18+
- name: Check if the "bmctl" Configuration YAML File Exists
19+
ansible.builtin.stat:
20+
path: "{{ bmctl_workspace_dir }}/{{ cluster_name }}/{{ cluster_name }}.yaml"
21+
register: bmctl_config_exists
22+
23+
- name: Create the Standard Workspace for a "NEW" Anthos Cluster
24+
ansible.builtin.shell:
25+
cmd: |
26+
set -o pipefail
27+
export GOOGLE_APPLICATION_CREDENTIALS="{{ gcp_keys_dir }}/{{ ansible_service_account }}.json"
28+
bmctl create config -c "{{ cluster_name }}" --quiet
29+
args:
30+
executable: /bin/bash
31+
register: create_config
32+
failed_when: false
33+
changed_when: false
34+
when: not bmctl_config_exists.stat.exists
35+
36+
- name: Check the Previous Task
37+
ansible.builtin.debug:
38+
msg: "{{ create_config.stdout_lines + create_config.stderr_lines }}"
39+
failed_when: create_config.rc != 0
40+
when:
41+
- create_config.stdout_lines is defined
42+
- create_config.stderr_lines is defined
43+
44+
- name: Write the "bmctl" Configuration YAML File
45+
ansible.builtin.template:
46+
src: bmctl-config-{{ cluster_name }}.yaml.j2
47+
dest: "{{ bmctl_workspace_dir }}/{{ cluster_name }}/{{ cluster_name }}.yaml"
48+
owner: "{{ login_user }}"
49+
group: "{{ login_user }}"
50+
mode: u=rw,g=rw,o=r

0 commit comments

Comments
 (0)