Task/me/ansible

.gitignore

@@ -1 +1,3 @@
-.DS_Store
+.DS_Store
+venv
+.vault_password

configs/README.md

@@ -0,0 +1,4 @@
+# Configurations Folder
+
+This folder contains different sets
+of configuration files maintained by the IWG.

configs/aws-ansible/.pylintrc

@@ -0,0 +1,6 @@
+[MASTER]
+jobs=0
+load-plugins=pylint.extensions.redefined_variable_type, pylint.extensions.docparams
+disable=bad-continuation,trailing-newlines
+max-line-length=160
+

configs/aws-ansible/.yamllint

@@ -0,0 +1,14 @@
+---
+
+extends: default
+
+ignore: |
+  roles/test
+
+rules:
+  line-length: {max: 320, allow-non-breakable-words: true}
+  new-line-at-end-of-file:
+    level: warning
+  truthy:
+    allowed-values: ['true', 'false', 'yes', 'no']
+    check-keys: true

configs/aws-ansible/ansible.cfg

@@ -0,0 +1,13 @@
+[ssh_connection]
+ssh_args = -C -o ControlMaster=auto -o ControlPersist=30m
+[defaults]
+inventory=inventories/aws
+
+# Use the YAML callback plugin.
+stdout_callback = yaml
+# Use the stdout_callback when running ad-hoc commands.
+bin_ansible_callbacks = True
+vault_password_file=.vault_password
+
+[local]
+localhost   ansible_connection=local

configs/aws-ansible/files/akor_llvm.key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4n0w8Q2FWRqCCTDnHj+G6l7/0OA/pyhCkP3qVLnhB4Mi5xJngjbiEB8pYz3uYXkT2hxUtKA1veHieET97relZ7LuXZM0VjdTWiaKQgvUw1mjEG+STlXt1jd9qnXf32pon833ioKdwZoeRQoPcDrhtgjHuJadvI11kqEn2GJ/ce10hvy/mtIghSPzPKIdQLryc3k0ghChazcJFl5YUNa6IT6xLOBBA8KGk9vsqQ5+De7viUw1a1++zgpsRZ6ULpL0X8yCNL0FxDZPl1ujdjD4tXUr636RWq9CSE6E8fHAKuI5XM5NfYmsfqaV6nz/cVQWsRMENTM453j6gbdL7hSXRQ== asl@aslstation

configs/aws-ansible/files/medwards_llvm.key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDk1Cbx+lyBzTPxtOCvOckswHLJ+rNbaWXRzpyqSL2m/d5g8zR0PqF5kk8b9+jFq32Ge7A8vcw8cFmtzVP4hPkB6OrhboFRrBDPfIzbrFWaMNRUC9fJAELczuJMFKxUI6srIC7bWhpkxG/vbzLC8EUotWcXbjfFg5VP2LagRDM31SGw98g28TzizBvYgI8PYEcKmxF+4iY7lG+SWZFTV3p/a2PNyIwHi20OhXZfmlnvPsPtx7thvviQumu4S3CDWR3OhPiSQudNAEwSQ+11tuwkx6M1n4F3RfHtXowIAN0guDRprzopL5i+ue2RK3KclWGWlTliUKSo9kQHhLzRztjebFL/jkBBTraYMJZ5RYqUvE2UX4OJbzI6GL4DudCIpW02A3y3vFHaes8VyxqQMJbmmdbX4wNcVi4F+CDl+8vCVHOGOIUrzl8+zW/Pcp04eYSeca4RHe3/4HJtnA0olaHKeyIaB/xZiQ2oqc1UhV1K5KUDMCIzFXaTLYAF1BpbgpyxYfHUGKDy2zUL6fwvV/NkT6m+UM2QMR6DW6wOpwvawKdFy1bebmYSBHZrWgciKHHudaj3rifuN1seJz04n7xMOALgdpH5PoLm4XugK7ce1fwpwmidm1du1YAQNkxUp7uzGCQmk2zyoLBJX+0NIZYw67uJ50/R/XLpp9SySteMRQ==

configs/aws-ansible/files/tstellar_llvm.key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDS7hdlT00UDR9rm4SQAMI7yOoS0aDeXQCauaHTnBsE42bkrWJq/TLmjZX6RtTl5aw1+/VVwcazdcHyasUYXUgARy34/aARz1vGUC5h9DW8fyELrnBUGUjbTXO6AXYQ7rEfndtCVC5muNIZPPFTPO9foMKwKode6VjhFIvbRSyde1WsjwuXkdQjp2tHRzGNaTQCh/A8NVcdLR0HJjteHX0PR3sDX+XcPVMRXwL+IMSyxLrooFsDeY7DYPz2Drp6AlMiZ4bcUATN0BZ7aFHUS3eAOTb1iJTTxc7+25EnKEkHsiCnPy4+ZZnpNUNDZaueH9j/taqTvPShByVOzPZefZ5gwls96YCHvidL3Xkf4pYqOLUEryuVb9LWUeuofF6ej8Lrb5T8DJhMpr/QRrDuwyqeGkxzWPd6kdr6rhVyhHz1muKSrFUdGjqBh5OpAt5AnL5nIzVJX8kKpjbmgnbYBaD617/+MRXMOcb+xyoqe3ZOQXbjtdkNTW9At7o+wdnxDk0= [email protected]

configs/aws-ansible/inventories/aws/group_vars/aws_ec2/vars.yaml

@@ -0,0 +1,2 @@
+---
+ansible_python_interpreter: /usr/bin/python3

configs/aws-ansible/inventories/aws/group_vars/aws_ec2/vault.yaml

@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+37343734393663663661656433383565316231326335366535333161666630656235636133323262
+3665646135376135616230613530636663666532326335300a656366343466386130623137383634
+64623764336363396136613634343363313132326637386136323736336564636236373531396666
+6233316637396263380a396631333930633564386262613236366335303965636638613233653634
+38613366643131376164633665623733303634613839636162353261373436366135376338323764
+36356136613732666134353739336330373163323231653638353336353833316237653363393862
+346236633566336337636237336562386262

configs/aws-ansible/inventories/aws/host_vars/ec2-18-144-11-123.us-west-1.compute.amazonaws.com/vars.yaml

@@ -0,0 +1,2 @@
+---
+ansible_user: ec2-user

configs/aws-ansible/inventories/aws/hosts

@@ -0,0 +1,2 @@
+[aws_ec2]
+ec2-18-144-11-123.us-west-1.compute.amazonaws.com

configs/aws-ansible/playbooks/playbook_aws_deploy.yaml

@@ -0,0 +1,12 @@
+---
+- hosts: all
+  gather_facts: yes
+
+  tasks:
+    - include_tasks: "../tasks/add_users.yaml"
+      with_items:
+        - { username: medwards, uid: 510}
+        - { username: akor, uid: 511 }
+        - { username: tstellar, uid: 512 }
+      loop_control:
+        loop_var: user_dict

configs/aws-ansible/playbooks/playbook_aws_inventory.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: all
+  gather_facts: yes
+  roles:
+    - role: roles/hardware_facts

configs/aws-ansible/requirements.txt

@@ -0,0 +1,5 @@
+ansible
+pylint
+yamllint
+jmespath
+

configs/aws-ansible/tasks/add_users.yaml

@@ -0,0 +1,34 @@
+---
+- name: Install latest passlib with pip
+  pip: name=passlib
+
+- name: "Add the user '{{ user_dict.username }}' with a specific uid and a primary group of 'wheel'"
+  become: yes
+  user:
+    name: "{{ user_dict.username }}"
+    comment: "{{ user_dict.username }} (LLVM Foundation)"
+    group: wheel
+    groups: "adm,wheel,systemd-journal"
+    shell: /bin/bash
+    state: present
+    remove: no
+    password: "{{ vault_default_user_password | password_hash('sha512') }}"
+    update_password: on_create
+
+- name: "Create /home/{{ user_dict.username }}/.ssh dir"
+  become: yes
+  ansible.builtin.file:
+    path: "/home/{{ user_dict.username }}/.ssh"
+    state: directory
+    owner: "{{ user_dict.username }}"
+    group: wheel
+    mode: '0700'
+
+- name: "Setup {{ user_dict.username }} public key"
+  become: yes
+  ansible.builtin.copy:
+    src: "../files/{{ user_dict.username }}_llvm.key.pub"
+    dest: "/home/{{ user_dict.username }}/.ssh/authorized_keys"
+    owner: "{{ user_dict.username }}"
+    group: wheel
+    mode: '0644'

configs/ghactions-ansible/.pylintrc

@@ -0,0 +1,6 @@
+[MASTER]
+jobs=0
+load-plugins=pylint.extensions.redefined_variable_type, pylint.extensions.docparams
+disable=bad-continuation,trailing-newlines
+max-line-length=160
+

configs/ghactions-ansible/.yamllint

@@ -0,0 +1,14 @@
+---
+
+extends: default
+
+ignore: |
+  roles/test
+
+rules:
+  line-length: {max: 320, allow-non-breakable-words: true}
+  new-line-at-end-of-file:
+    level: warning
+  truthy:
+    allowed-values: ['true', 'false', 'yes', 'no']
+    check-keys: true

configs/ghactions-ansible/ansible.cfg

@@ -0,0 +1,13 @@
+[ssh_connection]
+ssh_args = -C -o ControlMaster=auto -o ControlPersist=30m
+[defaults]
+inventory=inventories/libcxx.yaml
+
+# Use the YAML callback plugin.
+stdout_callback = yaml
+# Use the stdout_callback when running ad-hoc commands.
+bin_ansible_callbacks = True
+vault_password_file=.vault_password
+
+[local]
+localhost   ansible_connection=local

configs/ghactions-ansible/files/medwards_llvm.key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDk1Cbx+lyBzTPxtOCvOckswHLJ+rNbaWXRzpyqSL2m/d5g8zR0PqF5kk8b9+jFq32Ge7A8vcw8cFmtzVP4hPkB6OrhboFRrBDPfIzbrFWaMNRUC9fJAELczuJMFKxUI6srIC7bWhpkxG/vbzLC8EUotWcXbjfFg5VP2LagRDM31SGw98g28TzizBvYgI8PYEcKmxF+4iY7lG+SWZFTV3p/a2PNyIwHi20OhXZfmlnvPsPtx7thvviQumu4S3CDWR3OhPiSQudNAEwSQ+11tuwkx6M1n4F3RfHtXowIAN0guDRprzopL5i+ue2RK3KclWGWlTliUKSo9kQHhLzRztjebFL/jkBBTraYMJZ5RYqUvE2UX4OJbzI6GL4DudCIpW02A3y3vFHaes8VyxqQMJbmmdbX4wNcVi4F+CDl+8vCVHOGOIUrzl8+zW/Pcp04eYSeca4RHe3/4HJtnA0olaHKeyIaB/xZiQ2oqc1UhV1K5KUDMCIzFXaTLYAF1BpbgpyxYfHUGKDy2zUL6fwvV/NkT6m+UM2QMR6DW6wOpwvawKdFy1bebmYSBHZrWgciKHHudaj3rifuN1seJz04n7xMOALgdpH5PoLm4XugK7ce1fwpwmidm1du1YAQNkxUp7uzGCQmk2zyoLBJX+0NIZYw67uJ50/R/XLpp9SySteMRQ==

configs/ghactions-ansible/files/mishal_shah_llvm.key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC59swvCE+N33rlEpIHQ6NJJM41/gK71nTKYeS3CEG/pSK91Kln5HSr4/Z3D+qumwHEXfn5jJkkUXYxDqSrpdyudFL8zqtivwbpNCKJn6vygPsE7s0lhdGIck5eYQ5/oG74qcQWtcmP/vX+Y8YwOpcXOnfoRtXmySVWlvolhUSnSZMqamYjbEKjMHZgP6CJ73iDFvHESFfupkQEgRK+b5DJ6h0ungaycJl/wM62xjIHy0Kb7CBTGLcRCFiXMEuyvm1V5K5ZnNwRIXXClhpbA7FGA1sw+w7d5xws9S4MZrjHTB3EVTj2vNhSL1IFkjU9cBzgIZ7aEtx2BG2nD6x3Se8fWJIXQqyyt2v1OLV5UWOqleCKzq2YjkmzWgZXuGQ1dmNjCmYY0K5/dU0t/vey0QSk7qvrXP+ddSF17C1//7cDV3W+m6aF6x5u9vx4u6RgivewQ9uGbe1Mcm7lbmAV0UJoChZk1oGiJpMKxa7FoFmRZB7SsI7p1XvTk3fks1R5Yv0= mishal_shah@mishal

configs/ghactions-ansible/inventories/macminivault/group_vars/macminivault/vault.yaml

@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+38313630636464623262613832303137316333636137656432653130343266666138626538666463
+6230666663633065643262373466663237356538356565620a353436656533666465336164613064
+62663163343335353535663938343431643039613765336164656131323833313437363961633630
+6636626436323138350a313530303536613037633636303435633831333535336331656262303332
+36386566336335373965346361316666396263396362313564323537336430636636343166313433
+35613865663162373365646337316238613961366230396135633238616366373665363963346465
+383734363066313134393264373631613663

configs/ghactions-ansible/inventories/macminivault/host_vars/w7-2.macminivault.com/vars.yaml

@@ -0,0 +1,2 @@
+---
+ansible_user: administrator

configs/ghactions-ansible/inventories/macminivault/host_vars/w7-2.macminivault.com/vault.yaml

@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+64613366393566316639646266653337363739656565646132396133326564393734623562646138
+3537323263623832656662383365626363383863393863300a613836626139653136373766636264
+64303530316234383931343139383664393439386531376464626261316265363666343031613866
+3461656539386332650a643766373063646638663338303233343532643830366337356334623234
+31306262373963353063323864366633656462396237303636303632613961313030376430633562
+6661343261323136653734326438616138366532616337616261

configs/ghactions-ansible/inventories/macminivault/hosts

@@ -0,0 +1,2 @@
+[macminivault]
+w7-2.macminivault.com

configs/ghactions-ansible/playbooks/playbook_deploy.yaml

@@ -0,0 +1,12 @@
+---
+- hosts: all
+  gather_facts: yes
+  roles:
+    - role: roles/hardware_facts
+  tasks:
+    - include_tasks: "../tasks/add_users.yaml"
+      with_items:
+        - { username: medwards, uid: 501 }
+        - { username: mishal_shah, uid: 502 }
+      loop_control:
+        loop_var: user_dict

configs/ghactions-ansible/playbooks/playbook_inventory.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: all
+  gather_facts: yes
+  roles:
+    - role: roles/hardware_facts

configs/ghactions-ansible/requirements.txt

@@ -0,0 +1,5 @@
+ansible
+pylint
+yamllint
+jmespath
+

configs/ghactions-ansible/roles/hardware_facts/README.md

@@ -0,0 +1,49 @@
+Hardware_Facts
+=========
+
+This role is used to install a custom fact script which helps generate
+hardware information about a node.  The information comes from the
+system_profiler binary which is part of macOS.  This role focuses on
+the SPHardwareDataType within system_profiler.
+
+Dependencies
+------------
+
+This role depends on the included file/hardware.fact which will be installed on the target machine.
+
+Example Playbook
+----------------
+
+    ---
+    - hosts: all
+      roles:
+        - role: roles/hardware_facts
+
+Example Output
+--------------
+
+    TASK [roles/hardware_facts : Print Node Hardware Facts] ***********
+    ok: [smoosh-229] =>
+      ansible_local.hardware.SPHardwareDataType[0]:
+        Lightshow_version: 1.4a6
+        SMC_version_system: 2.20e0
+        _name: hardware_overview
+        boot_rom_version: 426.0.0.0.0
+        cpu_type: 6-Core Intel Xeon E5
+        current_processor_speed: 3.5 GHz
+        l2_cache_core: 256 KB
+        l3_cache: 12 MB
+        machine_model: MacPro6,1
+        machine_name: Mac Pro
+        number_processors: 6
+        packages: 1
+        physical_memory: 32 GB
+        platform_UUID: 3C12ED30-F131-5579-A485-C32B0A027221
+        platform_cpu_htt: htt_enabled
+        provisioning_UDID: 3C12ED30-F131-5579-A485-C32B0A027221
+        serial_number: F5KLQ04CF694
+
+Responsible Individual
+------------------
+
+Mike Edwards - [email protected]

configs/ghactions-ansible/roles/hardware_facts/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for hardware_facts

configs/ghactions-ansible/roles/hardware_facts/files/hardware.fact

@@ -0,0 +1,2 @@
+#!/bin/bash
+/usr/sbin/system_profiler -json SPHardwareDataType

configs/ghactions-ansible/roles/hardware_facts/files/storage.fact

@@ -0,0 +1,2 @@
+#!/bin/bash
+/usr/sbin/system_profiler -json SPStorageDataType

configs/ghactions-ansible/roles/hardware_facts/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for hardware_facts

configs/ghactions-ansible/roles/hardware_facts/tasks/main.yml

@@ -0,0 +1,42 @@
+---
+# tasks file for hardware_facts
+- name: "Create custom fact directory"
+  file:
+    path: "/etc/ansible/facts.d"
+    state: "directory"
+  become: yes
+
+- name: "Insert hardware fact file"
+  become: yes
+  copy:
+    src: files/hardware.fact
+    dest: /etc/ansible/facts.d/hardware.fact
+    mode: 0755
+
+- name: "Insert storage fact file"
+  become: yes
+  copy:
+    src: files/storage.fact
+    dest: /etc/ansible/facts.d/storage.fact
+    mode: 0755
+  register: copy_status
+
+- name: "Re-run setup to use custom facts"
+  setup: ~
+  when: copy_status.changed
+
+- name: Print Node Hardware Facts
+  ansible.builtin.debug:
+    var: ansible_local.hardware.SPHardwareDataType[0]
+
+- name: Print Node Storage Facts
+  ansible.builtin.debug:
+    var: ansible_local.storage.SPStorageDataType[0]
+
+- name: Print Node Serial Number
+  ansible.builtin.debug:
+    msg: "The machine serial number is {{ ansible_local.hardware.SPHardwareDataType[0].serial_number }}"
+
+- name: Print Node Disk Type
+  ansible.builtin.debug:
+    msg: "The machine drive type is {{ ansible_local.storage.SPStorageDataType[0].physical_drive.device_name }}"

configs/ghactions-ansible/roles/hardware_facts/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

configs/ghactions-ansible/roles/hardware_facts/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - ./roles/hardware_facts

configs/ghactions-ansible/roles/hardware_facts/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for hardware_facts

configs/ghactions-ansible/tasks/add_users.yaml

@@ -0,0 +1,28 @@
+---
+- name: "Add the user '{{ user_dict.username }}' with a specific uid and a primary group of 'admin'"
+  become: yes
+  user:
+    name: "{{ user_dict.username }}"
+    comment: "{{ user_dict.username }} (LLVM Foundation)"
+    group: admin
+    shell: /bin/zsh
+    state: present
+    remove: no
+    password: "{{ vault_default_user_password }}"
+    update_password: on_create
+- name: "Create /Users/{{ user_dict.username }}/.ssh dir"
+  become: yes
+  ansible.builtin.file:
+    path: "/Users/{{ user_dict.username }}/.ssh"
+    state: directory
+    owner: "{{ user_dict.username }}"
+    group: staff
+    mode: '0700'
+- name: "Setup {{ user_dict.username }} public key"
+  become: yes
+  ansible.builtin.copy:
+    src: "../files/{{ user_dict.username }}_llvm.key.pub"
+    dest: "/Users/{{ user_dict.username }}/.ssh/authorized_keys"
+    owner: "{{ user_dict.username }}"
+    group: staff
+    mode: '0644'

configs/libcxx-ansible/.pylintrc

@@ -0,0 +1,6 @@
+[MASTER]
+jobs=0
+load-plugins=pylint.extensions.redefined_variable_type, pylint.extensions.docparams
+disable=bad-continuation,trailing-newlines
+max-line-length=160
+

configs/libcxx-ansible/.yamllint

@@ -0,0 +1,14 @@
+---
+
+extends: default
+
+ignore: |
+  roles/test
+
+rules:
+  line-length: {max: 320, allow-non-breakable-words: true}
+  new-line-at-end-of-file:
+    level: warning
+  truthy:
+    allowed-values: ['true', 'false', 'yes', 'no']
+    check-keys: true