Update

roles/configure_hosts/README.md

@@ -0,0 +1,83 @@
+Configure Hosts
+=========
+Role to configure day one bootstrapping of hosts including:
+
+- hostnames
+- /etc/hosts file
+- Add an administator user with sudo abilities
+- Change the root password
+- Distribute ssh key to hosts
+- Change the login banner
+- Lock the ubuntu account
+
+Manual Commands to match this playbook
+-------------
+These assume you're running sudo. The hostname, hosts file, and user will all need to be done on each machine you want them on. 
+
+To set a hostname: 
+- hostnamectl set-hostname
+
+To edit /etc/hosts: 
+- vi /etc/hosts
+  * Use "i" to enter insert mode and use the arrow keys to move around
+  * Hit "Esc" to exit insert mode and type ":wq" to write and quit the file
+
+To change the root password: 
+- passswd root
+
+To add a user: 
+- useradd k8sadmin -c "kubernetes admin" -s /bin/bash
+
+To add a user to the sudo group:
+- usermod -aG sudo k8sadmin
+
+To change the password for the user:
+- passwd k8sadmin
+
+To make users home directory:
+- mkdir /home/k8sadmin && chown k8sadmin:k8sadmin /home/k8sadmin
+
+To lock the ubuntu account:
+- usermod -L ubuntu
+
+To create ssh keys for the user:
+- ssh-keygen (follow the prompts or hint "Enter" 3 times)
+
+To Edit the login banner:
+- vi /etc/ssh/sshd_config
+  - Change the "#Banner none" line to "Banner /etc/issue"
+  - Save the file
+  - systemctl restart sshd
+- vi /etc/issue
+  - Paste whatever you want
+
+This one only needs to be done from the machine you will manage all of the others from
+
+To copy your ssh keys to the other hosts:
+- ssh-copy-id k8sadmin@k8sworker01 (do this for each host)
+
+Encrypting passwords
+------------
+
+* Create vault.pass in the playbook directory with a password that will be used to encrypt and decrypt with ansible vault
+* Create a .gitignore file and place the name of the vault.pass file in it
+* vi /etc/ansible/ansible.cfg and change the "vault_password_file = /home/user/kubernetes/Kubernetes-Home-Lab/pass.vault" To match your vault.pass file path
+* mkpasswd --method=SHA-512 ( Copy this hashed password when you're done with this command) 
+* Run "ansible-vault encrypt_string 'hashed_password_to_encrypt' --name 'root_password'" ( The above command prevents you from using "--vault-password-file" in your command )
+
+
+Requirements
+------------
+
+- A Sudo user on your hosts you wish to apply this to
+
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/configure_hosts/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for configure_hosts

roles/configure_hosts/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for configure_hosts

roles/configure_hosts/meta/main.yml

@@ -0,0 +1,57 @@
+galaxy_info:
+  author: your name
+  description: your description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+
+  min_ansible_version: 1.2
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  # Optionally specify the branch Galaxy will use when accessing the GitHub
+  # repo for this role. During role install, if no tags are available,
+  # Galaxy will use this branch. During import Galaxy will access files on
+  # this branch. If Travis integration is configured, only notifications for this
+  # branch will be accepted. Otherwise, in all cases, the repo's default branch
+  # (usually master) will be used.
+  #github_branch:
+
+  #
+  # platforms is a list of platforms, and each platform has a name and a list of versions.
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/configure_hosts/tasks/main.yml

@@ -0,0 +1,126 @@
+---
+# tasks file for configure_hosts
+
+
+# Assign worker nodes hostnames
+- name: Assign hostname for worker 01
+  hostname:
+    name: "{{ k8s_worker_01 }}"
+    use: systemd
+  when: inventory_hostname == '192.168.50.177'
+  tags:
+  - worker
+  - ip_address
+
+- name: Assign hostname for worker 02
+  hostname:
+    name: "{{ k8s_worker_02 }}"
+  when: inventory_hostname == '192.168.50.202'
+  tags:
+  - worker
+  - ip_address
+
+- name: Assign hostname for worker 03
+  hostname:
+    name: "{{ k8s_worker_03 }}"
+  when: inventory_hostname == '192.168.50.30'
+  tags:
+  - worker
+  - ip_address
+
+# Assign API Master Server Hostname
+- name: Assign hostname for K8's Master
+  hostname:
+    name: "{{ k8s_master_01 }}"
+  when: inventory_hostname == '192.168.50.240'
+  tags:
+  - master
+  - ip_address
+
+# Assign Load Balancer Hostname
+- name: Assign hostname for Load Balancer
+  hostname:
+    name: "{{ k8s_balancer_01 }}"
+  when: inventory_hostname == '192.168.50.117'
+  tags:
+  - load
+  - ip_address
+
+
+# Assign NFS/TFTP Server Hostname
+- name: Assign hostnames
+  hostname:
+    name: "{{ management_01 }}"
+  when: inventory_hostname == '192.168.50.113'
+  tags:
+  - management
+  - ip_address
+
+# Copy /etc/hosts file
+- name: Copy /etc/hosts
+  template:
+    src: hosts.j2
+    dest: /etc/hosts
+  tags:
+  - hosts
+
+# Change the root password
+- name: Change the root password
+  user:
+    name: root
+    update_password: always
+    password: "{{ root_password }}"
+  tags:
+    - manage_users
+
+# Create Kubernetes Admin
+- name: Add k8sadmin to cluster
+  user:
+    name: "{{ kubernetes_admin }}"
+    comment: Kubernetes Admin
+    shell: /bin/bash
+    password: "{{ k8s_admin_password}}"
+    groups: sudo
+    append: yes
+    create_home: yes
+    generate_ssh_key: yes
+    ssh_key_bits: 2048
+    ssh_key_file: .ssh/id_rsa
+  tags:
+    - manage_users
+
+# Lock the default ubuntu account
+- name: Lock the default ubuntu account
+  user:
+    name: ubuntu
+    password_lock: yes
+  tags:
+    - manage_users
+
+# Change the login banner
+- name: Change the login banner
+  template:
+    src: issue.j2
+    dest: /etc/issue
+  tags:
+    - banner
+
+# Change SSH login banner path
+- name: Change Banner option in /etc/ssh/sshd_config
+  replace:
+    path: /etc/ssh/sshd_config
+    regexp: '#Banner none'
+    replace: 'Banner /etc/issue'
+  tags:
+    - banner
+
+# Restart sshd service
+- name: Restsart sshd service
+  service:
+    name: sshd
+    state: restarted
+  tags:
+    - banner
+
+  
+    

roles/configure_hosts/templates/hosts.j2

@@ -0,0 +1,23 @@
+127.0.0.1       localhost
+127.0.1.1       ubuntu
+
+# Workers
+{{ worker_address_01 }}  {{ k8s_worker_01 }}
+{{ worker_address_02 }}  {{ k8s_worker_02 }}
+{{ worker_address_03 }}  {{ k8s_worker_03 }}
+
+# Masters
+{{ master_address_01 }} {{ k8s_master_01 }}
+
+# Load Balancer
+{{ balancer_address_01 }}  {{ k8s_balancer_01 }}
+
+# Management
+{{ management_address_01 }}  {{ management_01}}
+
+# The following lines are desirable for IPv6 capable hosts
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters

roles/configure_hosts/templates/issue.j2

@@ -0,0 +1,8 @@
+ Welcome and please do not do illegal stuff!
+
+       ●
+    /\__\__/\
+   /         \
+ \(ﾐ  ⌒ ● ⌒  ﾐ)/     ★KUPO★
+
+ ★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★

roles/configure_hosts/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

roles/configure_hosts/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - configure_hosts

roles/configure_hosts/vars/main.yml

@@ -0,0 +1,75 @@
+---
+# vars file for configure_hosts
+#########################################
+#### Begin Hostnames and IP Addressess ####
+# Worker Node Addresses
+
+# 8GB RAM / 64GB Storage
+worker_address_01: 10.0.4.102
+k8s_worker_01: kworker-001
+# 8GB RAM / 64GB Storage
+worker_address_02: 10.0.4.103
+k8s_worker_02: kworker-002
+# 8GB RAM / 64GB Storage
+worker_address_03: 10.0.4.104
+k8s_worker_03: kworker-003
+# 8GB RAM / 64GB Storage
+worker_address_04: 10.0.4.105
+k8s_worker_04: kworker-004
+# 8GB RAM / 64GB Storage
+worker_address_05: 10.0.4.106
+k8s_worker_05: kworker-005
+# 8GB RAM / 64GB Storage
+worker_address_06: 10.0.4.107
+k8s_worker_06: kworker-006
+# 8GB RAM / 64GB Storage
+worker_address_07: 10.0.4.108
+k8s_worker_07: kworker-007
+
+#########################################
+# Master Node Addressess
+#8GB RAM / 64GB Storage
+master_address_01: 10.0.4.101
+k8s_master_01: kmaster-01
+
+#########################################
+# Load Balancer Addressess
+#8GB RAM / 64GB Storage
+balancer_address_01: 10.0.4.100
+k8s_balancer_01: kbalancer-01
+
+
+#########################################
+# NFS/TFTP - Other Management Addressess
+# 8GB RAM / 64GB Storage
+management_address_01: 192.168.50.113
+management_01: management01
+
+#### End Hostnames and IP Addresses ####
+#### Begin Usernames and Passwords ####
+root_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          35343631313338656635383933306363653966343263346432383062643362393265663861623336
+          3761353061353832396139373238666139393635653636360a306463633831313833323264623930
+          33376138666235636264336436336239653732616334326564396333353539393238313032613335
+          3633396462636135380a363332623263623231663930386536626239316161366434376438646163
+          30616466333436633939306237333731313232623534623633653862636465636632623034646239
+          62666662303539373638626566313931626433383361313265316236323132363766356339343635
+          38666132363737343438336335643039343465376136376461313434613434383166653238386538
+          62393131393131356638613562396237623235633636353137333531326636326335353566373132
+          39616233356163623532363161366266393333633263393362626263373665653035
+kubernetes_admin: k8sadmin
+k8s_admin_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64343530616230663338343238323235636538393062636434386234393134666439316332613666
+          6365323463313235653630613366383933373764643136360a353631633465393739343530383234
+          33366537373131336335333566333535623134663565643064633763616466396436643930313033
+          6136613330323065650a663532616463363537333164323432616335303438656534663534353239
+          64303966633764636462376231353934663633623363656634353435303565333837376166366366
+          64376165613261656664393635316232306632383363353866373765373362666631353031343966
+          38613831636631656631313765373636373134376331386566333133363030366535643861623564
+          34633032333065303031613133303664356335363262613330626333653939323332326332363830
+          37636236663365336463663533363735366463363237653436343361313631376365
+
+
+#### End Usernames and Passwords ####