added more structure
This commit is contained in:
93
docs/tech_docs/automation/ansible-build.txt
Normal file
93
docs/tech_docs/automation/ansible-build.txt
Normal file
@@ -0,0 +1,93 @@
|
||||
FROM python:slim
|
||||
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
software-properties-common \
|
||||
openssh-client \
|
||||
sshpass \
|
||||
locales \
|
||||
# bat \
|
||||
bash \
|
||||
git \
|
||||
curl \
|
||||
rsync \
|
||||
zsh \
|
||||
nano \
|
||||
sudo \
|
||||
less \
|
||||
# #new
|
||||
# gcc \
|
||||
# python3-dev \
|
||||
# #end-new
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
|
||||
&& rm -Rf /usr/share/doc && rm -Rf /usr/share/man
|
||||
|
||||
ARG USERNAME=ansible
|
||||
ARG USER_UID=1000
|
||||
ARG USER_GID=$USER_UID
|
||||
ENV HOME=/home/$USERNAME
|
||||
RUN groupadd --gid $USER_GID $USERNAME
|
||||
RUN useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME
|
||||
RUN echo $USERNAME ALL=\(root\) NOPASSWD:ALL >/etc/sudoers.d/$USERNAME
|
||||
RUN chmod 0440 /etc/sudoers.d/$USERNAME
|
||||
|
||||
RUN pip3 install --no-cache-dir \
|
||||
ansible \
|
||||
# ansible-cmdb \
|
||||
# ansible-runner \
|
||||
# ansible-builder \
|
||||
# ansible-test \
|
||||
ara \
|
||||
hvac \
|
||||
# molecule \
|
||||
dnspython \
|
||||
jmespath \
|
||||
"hvac[parser]" \
|
||||
certifi \
|
||||
ansible-lint \
|
||||
ansible-modules-hashivault
|
||||
# ansible-autodoc
|
||||
|
||||
# COPY --from=hashicorp/consul-template /consul-template /usr/local/bin/consul-template
|
||||
# COPY --from=hashicorp/envconsul /bin/envconsul /usr/local/bin/envconsul
|
||||
COPY --from=hashicorp/vault /bin/vault /usr/local/bin/vault
|
||||
COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
|
||||
COPY --from=donaldrich/function:container /usr/local/bin/goss /usr/local/bin/goss
|
||||
COPY --from=donaldrich/function:task /usr/local/bin/tusk /usr/local/bin/tusk
|
||||
COPY --from=donaldrich/function:task /usr/local/bin/task /usr/local/bin/task
|
||||
COPY --from=donaldrich/function:task /usr/local/bin/variant /usr/local/bin/variant
|
||||
COPY --from=donaldrich/function:syntax-tools /usr/local/bin/jq /usr/local/bin/jq
|
||||
|
||||
COPY --from=donaldrich/runner:zsh /zsh/ /zsh/
|
||||
COPY --from=donaldrich/runner:zsh --chown=ansible:ansible /zsh/.zshrc /home/ansible/.zshrc
|
||||
COPY --from=donaldrich/runner:zsh --chown=ansible:ansible /zsh/.nanorc /home/ansible/.nanorc
|
||||
|
||||
ENV ANSIBLE_GATHERING smart
|
||||
ENV ANSIBLE_HOST_KEY_CHECKING false
|
||||
ENV ANSIBLE_RETRY_FILES_ENABLED false
|
||||
ENV ANSIBLE_FORCE_COLOR true
|
||||
ENV GOSS_FMT documentation
|
||||
ENV GOSS_COLOR true
|
||||
|
||||
# ENV ANSIBLE_CALLBACK_PLUGINS="$(python3 -m ara.setup.callback_plugins)"
|
||||
# ENV ARA_API_CLIENT="http"
|
||||
# ENV ARA_API_SERVER="http://192.168.1.101:8734"
|
||||
|
||||
RUN echo "LC_ALL=en_US.UTF-8" >> /etc/environment
|
||||
RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
|
||||
RUN echo "LANG=en_US.UTF-8" > /etc/locale.conf
|
||||
RUN locale-gen en_US.UTF-8
|
||||
|
||||
COPY ./tusk-docker.yml ./tusk.yml
|
||||
COPY ./goss.yaml ./goss.yaml
|
||||
COPY ./goss2.yaml ./goss2.yaml
|
||||
COPY ./Dockerfile ./Dockerfile
|
||||
|
||||
# USER ${USERNAME}
|
||||
|
||||
ENV DEBIAN_FRONTEND=dialog
|
||||
|
||||
RUN goss validate
|
||||
60
docs/tech_docs/automation/cloud-init.md
Normal file
60
docs/tech_docs/automation/cloud-init.md
Normal file
@@ -0,0 +1,60 @@
|
||||
Here's a simple example of using cloud-init to automate the configuration of an instance on first boot:
|
||||
|
||||
```yaml
|
||||
#cloud-config
|
||||
|
||||
# Update packages on first boot
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
|
||||
# Install additional packages
|
||||
packages:
|
||||
- nginx
|
||||
- php-fpm
|
||||
|
||||
# Write files to the system
|
||||
write_files:
|
||||
- path: /var/www/html/index.php
|
||||
content: |
|
||||
<?php
|
||||
phpinfo();
|
||||
?>
|
||||
|
||||
# Run commands on first boot
|
||||
runcmd:
|
||||
- systemctl start nginx
|
||||
- systemctl enable nginx
|
||||
|
||||
# Create a user
|
||||
users:
|
||||
- name: webadmin
|
||||
groups: sudo
|
||||
shell: /bin/bash
|
||||
sudo: ['ALL=(ALL) NOPASSWD:ALL']
|
||||
ssh_authorized_keys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAA...your_public_ssh_key_here
|
||||
|
||||
# Configure SSH access
|
||||
ssh_pwauth: false
|
||||
disable_root: true
|
||||
```
|
||||
|
||||
In this example:
|
||||
|
||||
1. The `package_update` and `package_upgrade` directives ensure that the system packages are updated on first boot.
|
||||
|
||||
2. The `packages` section specifies additional packages to be installed, in this case, `nginx` and `php-fpm`.
|
||||
|
||||
3. The `write_files` section is used to create a file on the system. Here, it creates a simple PHP script at `/var/www/html/index.php`.
|
||||
|
||||
4. The `runcmd` section specifies commands to be executed on first boot. In this case, it starts and enables the Nginx service.
|
||||
|
||||
5. The `users` section is used to create a user named `webadmin` with sudo privileges and an authorized SSH key.
|
||||
|
||||
6. The `ssh_pwauth` and `disable_root` directives are used to configure SSH access, disabling password authentication and root login.
|
||||
|
||||
To use this cloud-init configuration, you would save it as a YAML file (e.g., `cloud-config.yaml`) and provide it to your cloud provider or provisioning tool when launching a new instance.
|
||||
|
||||
Cloud-init will execute the specified configuration on the instance's first boot, automating the process of updating packages, installing software, creating files and users, and configuring SSH access.
|
||||
|
||||
This is just a simple example, but cloud-init supports a wide range of directives and modules for configuring various aspects of an instance, such as networking, storage, and more.
|
||||
Reference in New Issue
Block a user