198
edits
Changes
Created page with '= OSTEP Infrastructure SOP = This page should be used for all OSTEP Infrastructure. Explaining the standard operating procedure of all tools, configuration, and programs. = Ans…'
= OSTEP Infrastructure SOP =
This page should be used for all OSTEP Infrastructure. Explaining the standard operating procedure of all tools, configuration, and programs.
= Ansible Builder Configuration Management =
== Details About Ansible ==
Ansible allows for remotely managing the configuration of all builders in a simple and efficient way. Ansible works by running a playbook, a playbook is a way to organize plays and run plays. A play is a set of ansible "command" or "modules" that are used on each builder, these modules can: copy files, change permissions, modify files, run commands, run scripts, and much more.
host = japan
directory = /etc/ansible
hosts file = /etc/ansible/ansible_hosts
ansible config = /etc/ansible/ansible.cfg
playbook = /etc/ansible/install_builder.yml
plays = /etc/ansible/builders_tasks/
builders files = /etc/ansible/builders/
== How To Use Ansible ==
* Log in to japan as root
<pre>
ssh japan
</pre>
* Change to the ansible directory
<pre>
cd /etc/ansible
</pre>
* Check the status of all hosts connected to ansible
** The word builders in the command below is specifying an ansible group
<pre>
ansible -m ping builders
</pre>
* Copy over all configurations required and start the koji service
<pre>
ansible-playbook install_builders.yml --verbose
</pre>
== Change Builder Configurations ==
The best way to edit a play in ansible is to find the ansible module that is needed and read about it. Ansible modules have great documentation and there are tons of them, so many that there is one for every task that needs to be completed.
* The ansible modules can be found here:[http://www.ansibleworks.com/docs/modules.html/ Ansible Modules]
* All builder plays can be found inside /etc/ansible/builders_plays/ on japan.
* Make sure that if a new play is created, it is added into the playbook at /etc/ansible/install_builders.yml on japan
== How To Set Up A New Builder ==
Before adding a builder to ansible, there are a few things that need to be completed.
=== Network ===
* Add a hostname to the /etc/hosts file on japan
* Add a hostname to the /etc/ansible/builders/config_files/hosts file on japan
* If it uses DHCP, then link the hostname to a host in /etc/dhcp/dhcpd.conf by specifying the mac address and host name
or
* If the builder has a changing mac address and can't use DHCP, get access to the builder and set the ip manually
<pre>
ifconfig <interface> <ipaddr> netmask 255.255.255.0 up
route add default gw 192.168.1.254
</pre>
=== Services ===
* Initially change services on the builder, since ansible needs to gain access to the builder there are a few things that need to be done.
* NetworkManager - If it is a static address, stop this service, or if you have already setup DHCP on japan, start network manager
<pre>systemctl start NetworkManager</pre>
or
<pre>systemctl stop NetworkManager</pre>
* sshd - Start this service
<pre>systemctl start sshd</pre>
* firewalld - Stop this service
<pre>systemctl stop firewalld</pre>
* selinux - Stop selinux for now as it interferes with ansible ssh
<pre>setenforce 0</pre>
=== SSHD ===
* Copy the file /etc/ansible/builder/config_files/authorized_keys from japan to the builder
** This file contains public keys for users and ansible
<pre>scp /etc/ansible/builder/config_files/authorized_keys root@builder:</pre>
* Login to the builder
<pre>ssh root@builder</pre>
* Setup ssh and authorized keys
<pre>
mkdir .ssh
mv authorized_keys .ssh/
chmod 700 .ssh/
chmod 600 .ssh/authorized_keys
</pre>
* Ansible should now have access to this builder
== Ansible Groups ==
The following ansible groups are used to change the type of configuration that each builder receives. Once each builder has been added to the groups they should be in, run ansible and each group will get treated slightly differently, configuring all builders.
=== Group Structure ===
The following is a structure of groups, this shows parent groups with child groups.
* builders
** builders_default
*** trimslices
*** arndales
*** cubies
*** specials
** builders_nfs
** builders_swap
*** trimslices
** builders_staticip
***arndales
The child groups link back to a list of hostnames.
* trimslices
** tri-1-1
** tri-1-2
** tri-1-3
** tri-1-4
* cubies
** cub-2-1
** cub-2-2
* arndales
** arn-3-1
** arn-3-2
* specials
** arm-4-1
** arm-4-2
** arm-4-3
** arm-4-4
=== builders_default ===
This group is a default group to for all builders. All builders should be in this group.
=== builders_nfs ===
This group is used for nfs configuration. This was previously used on older builders that did not have hard drives and required more building space and speed.
=== builder_swap ===
This group will allow for ansible to generate a 4GB swap file on the builders and turn that swap file on. This is primarily used for builders that require more swap than is set up on their swap partitions.
=== builder_staticip ===
This group should be used for all builders that require static ip addresses. It will setup the custom ip address based on the resolved hostname inside the /etc/ansible/ansible_hosts file.
This page should be used for all OSTEP Infrastructure. Explaining the standard operating procedure of all tools, configuration, and programs.
= Ansible Builder Configuration Management =
== Details About Ansible ==
Ansible allows for remotely managing the configuration of all builders in a simple and efficient way. Ansible works by running a playbook, a playbook is a way to organize plays and run plays. A play is a set of ansible "command" or "modules" that are used on each builder, these modules can: copy files, change permissions, modify files, run commands, run scripts, and much more.
host = japan
directory = /etc/ansible
hosts file = /etc/ansible/ansible_hosts
ansible config = /etc/ansible/ansible.cfg
playbook = /etc/ansible/install_builder.yml
plays = /etc/ansible/builders_tasks/
builders files = /etc/ansible/builders/
== How To Use Ansible ==
* Log in to japan as root
<pre>
ssh japan
</pre>
* Change to the ansible directory
<pre>
cd /etc/ansible
</pre>
* Check the status of all hosts connected to ansible
** The word builders in the command below is specifying an ansible group
<pre>
ansible -m ping builders
</pre>
* Copy over all configurations required and start the koji service
<pre>
ansible-playbook install_builders.yml --verbose
</pre>
== Change Builder Configurations ==
The best way to edit a play in ansible is to find the ansible module that is needed and read about it. Ansible modules have great documentation and there are tons of them, so many that there is one for every task that needs to be completed.
* The ansible modules can be found here:[http://www.ansibleworks.com/docs/modules.html/ Ansible Modules]
* All builder plays can be found inside /etc/ansible/builders_plays/ on japan.
* Make sure that if a new play is created, it is added into the playbook at /etc/ansible/install_builders.yml on japan
== How To Set Up A New Builder ==
Before adding a builder to ansible, there are a few things that need to be completed.
=== Network ===
* Add a hostname to the /etc/hosts file on japan
* Add a hostname to the /etc/ansible/builders/config_files/hosts file on japan
* If it uses DHCP, then link the hostname to a host in /etc/dhcp/dhcpd.conf by specifying the mac address and host name
or
* If the builder has a changing mac address and can't use DHCP, get access to the builder and set the ip manually
<pre>
ifconfig <interface> <ipaddr> netmask 255.255.255.0 up
route add default gw 192.168.1.254
</pre>
=== Services ===
* Initially change services on the builder, since ansible needs to gain access to the builder there are a few things that need to be done.
* NetworkManager - If it is a static address, stop this service, or if you have already setup DHCP on japan, start network manager
<pre>systemctl start NetworkManager</pre>
or
<pre>systemctl stop NetworkManager</pre>
* sshd - Start this service
<pre>systemctl start sshd</pre>
* firewalld - Stop this service
<pre>systemctl stop firewalld</pre>
* selinux - Stop selinux for now as it interferes with ansible ssh
<pre>setenforce 0</pre>
=== SSHD ===
* Copy the file /etc/ansible/builder/config_files/authorized_keys from japan to the builder
** This file contains public keys for users and ansible
<pre>scp /etc/ansible/builder/config_files/authorized_keys root@builder:</pre>
* Login to the builder
<pre>ssh root@builder</pre>
* Setup ssh and authorized keys
<pre>
mkdir .ssh
mv authorized_keys .ssh/
chmod 700 .ssh/
chmod 600 .ssh/authorized_keys
</pre>
* Ansible should now have access to this builder
== Ansible Groups ==
The following ansible groups are used to change the type of configuration that each builder receives. Once each builder has been added to the groups they should be in, run ansible and each group will get treated slightly differently, configuring all builders.
=== Group Structure ===
The following is a structure of groups, this shows parent groups with child groups.
* builders
** builders_default
*** trimslices
*** arndales
*** cubies
*** specials
** builders_nfs
** builders_swap
*** trimslices
** builders_staticip
***arndales
The child groups link back to a list of hostnames.
* trimslices
** tri-1-1
** tri-1-2
** tri-1-3
** tri-1-4
* cubies
** cub-2-1
** cub-2-2
* arndales
** arn-3-1
** arn-3-2
* specials
** arm-4-1
** arm-4-2
** arm-4-3
** arm-4-4
=== builders_default ===
This group is a default group to for all builders. All builders should be in this group.
=== builders_nfs ===
This group is used for nfs configuration. This was previously used on older builders that did not have hard drives and required more building space and speed.
=== builder_swap ===
This group will allow for ansible to generate a 4GB swap file on the builders and turn that swap file on. This is primarily used for builders that require more swap than is set up on their swap partitions.
=== builder_staticip ===
This group should be used for all builders that require static ip addresses. It will setup the custom ip address based on the resolved hostname inside the /etc/ansible/ansible_hosts file.