Initial commit of the ansible patterns repo with the developer-keys and server-density-agent patterns initially.

daviddoran · daviddoran · commit c5c139c28a96 · 2013-05-17T22:11:40.000+01:00
diff --git a/README b/README
@@ -0,0 +1,48 @@
+# Ansible Patterns
+
+This is a collection of useful patterns for [ansible](http://ansible.cc/), a server management and orchestration tool.
+
+You can use ansible to do things such as installing packages, restarting services, uploading files and enabling apache sites.
+
+## Getting started
+
+First, [install ansible](http://ansible.cc/docs/gettingstarted.html) and create your
+ansible hosts (inventory) file with the details of the servers you're going to manage with ansible.
+
+For convenience, here is the format of the hosts file:
+
+    SERVERNAME ansible_ssh_user=USERNAME ansible_ssh_host=IPADDRESS ansible_connection=ssh
+
+where
+
+- `SERVERNAME` is the nickname of the server,
+- `USERNAME` is the SSH username, and
+- `IPADDRESS` is the IP address of the machine.
+
+For example, your hosts file might look like this:
+
+    web1 ansible_ssh_user=daviddoran ansible_ssh_host=192.0.2.1 ansible_connection=ssh
+
+## Using a pattern
+
+`cd` into the directory of the pattern:
+
+    cd developer-keys
+
+Configure the example-playbook file (follow the instructions in the folder's README file).
+
+Run the example playbook on your hosts file:
+
+    ansible-playbook -i hosts example-playbook.yml
+
+where `hosts` is the path to your hosts file.
+
+## Requirements
+
+- ansible on your development computer
+- the ansible prerequisites on your servers (usually just Python 2.6)
+- a [hosts file](http://ansible.cc/docs/patterns.html) (containing the hostnames of your server)
+
+## License
+
+This project is released under the MIT License - see the LICENSE file for details.
diff --git a/developer-keys/README b/developer-keys/README
@@ -0,0 +1,33 @@
+# Developer Public Keys
+
+This pattern handles:
+
+- creating a developer's home directory
+- uploading a developer's public key to allow password-free access to the server
+- removing access and deleting the developer's home directory when they leave the company
+
+### To grant a developer access:
+
+- list their username in the `$current_developers` variable in example-playbook.yml
+- add their public key to the `keyfiles` folder (their username is the filename and the extension is .pub)
+
+For example, to grant Jane Doe (using the username janedoe) access to the servers, the variables would contain:
+
+```yml
+vars:
+    current_developers: [janedoe]
+    retired_developers: []
+```
+
+and the keyfiles folder would contain:
+
+    janedoe.pub
+
+Running the playbook will create the developers' home directories (once) and upload the public keys.
+
+### To revoke a developer's access:
+
+- list their username in the `$retired_developers` variable
+- remove their public key from the `keyfiles` folder
+
+Running the playbook will **permanently delete** their home directory and revoke SSH access.
diff --git a/developer-keys/developer-keys.yml b/developer-keys/developer-keys.yml
@@ -0,0 +1,24 @@
+# Uploads developer public keys to *nix servers
+#
+# To give access to a new developer add their username
+# to the $current_developers variable in your main playbook.
+---
+  # add developer user accounts
+  - name: ensure account exists
+    user: name=$item comment="" shell=/bin/bash createhome=yes
+    with_items: ${current_developers}
+
+  # send the developers' public keys to the server to allow passwordless SSH login
+  - name: add public key
+    authorized_key: user=$item state=present key='$FILE(keyfiles/$item.pub)'
+    with_items: ${current_developers}
+
+  # ################################################################
+  # Only edit below this line when a developer has left the company.
+  # ################################################################
+
+  # remove a developer's account (list their username in with_items)
+  # WARNING: This will delete everything in the user's home directory.
+  - name: remove developer's account (and thus their SSH access)
+    authorized_key: name=$item comment="" state=absent remove=yes
+    with_items: ${retired_developers}
diff --git a/developer-keys/example-playbook.yml b/developer-keys/example-playbook.yml
@@ -0,0 +1,15 @@
+# Example playbook (to demo developer-keys pattern)
+#
+# To run this playbook on the command line:
+#     ansible-playbook -c ssh -i hosts example-playbook.yml
+# where hosts is the name of your ansible hosts file (inventory).
+#
+# Edit current_developers and retired_developers as required.
+---
+  - hosts: all
+    sudo: yes
+    vars:
+      current_developers: [daviddoran, janedoe, johnsmith]
+      retired_developers: []
+    tasks:
+      - include: developer-keys.yml tags=developer-keys
diff --git a/developer-keys/keyfiles/README.md b/developer-keys/keyfiles/README.md
@@ -0,0 +1,21 @@
+# Developer public key files
+
+Place your developers' public keys in this folder.
+
+To generate a new public/private key pair:
+
+    ssh-keygen -t rsa -C "developer name"
+
+By default this will create two files:
+
+    ~/.ssh/id_rsa
+    ~/.ssh/id_rsa.pub
+
+To enable ansible to copy the public keys to the server:
+
+1. Copy the id_rsa.pub file (not id_rsa) to ./keyfiles/
+2. Rename the file to the developer's username (e.g. daviddoran.pub)
+
+The username is the username of the account on the server. If the developer
+uses a different username on their dev computer then they'll need to manually
+give the username on the command line or add an alias in ~/.ssh/config
diff --git a/hosts b/hosts
@@ -0,0 +1,3 @@
+# ansible hosts file
+#SERVERNAME ansible_ssh_user=USERNAME ansible_ssh_host=IPADDRESS ansible_connection=ssh
+#web1 ansible_ssh_user=daviddoran ansible_ssh_host=192.0.2.1 ansible_connection=ssh
diff --git a/server-density-agent/README b/server-density-agent/README
@@ -0,0 +1,11 @@
+# Server Density Agent
+
+This pattern installs the [Server Density](http://www.serverdensity.com/) monitoring agent.
+
+To install the agent:
+
+- define your server density credentials (in your main playbook, as demonstrated in `example-playbook.yml`)
+- edit `server-density-agent.cfg.j2` to customize your monitoring agent setup *
+- run the playbook on your selected servers
+
+\* Tip: You can create variables for the custom settings you add to `server-density-agent.cfg.j2` (e.g. MySQL / MongoDB) if the configuration varies by server.
diff --git a/server-density-agent/example-playbook.yml b/server-density-agent/example-playbook.yml
@@ -0,0 +1,16 @@
+# Example playbook (to demo setting up the server density agent)
+#
+# To run this playbook on the command line:
+#     ansible-playbook -c ssh -i hosts example-playbook.yml
+# where hosts is the name of your ansible hosts file (inventory).
+#
+# Edit vars below with your server density credentials.
+---
+  - hosts: all
+    sudo: yes
+    vars:
+      # server density agent credentials
+      server_density_url: ""
+      server_density_agent_key: ""
+    tasks:
+      - include: server-density-agent.yml tags=server-density-agent
diff --git a/server-density-agent/server-density-agent.cfg.j2 b/server-density-agent/server-density-agent.cfg.j2
@@ -0,0 +1,26 @@
+###############################################################################
+#     Generated by ansible. WARNING: Do not edit this file on the server.     #
+###############################################################################
+
+[Main]
+sd_url: {{ server_density_url }}
+agent_key: {{ server_density_agent_key }}
+
+# Plugins
+# Leave blank to ignore. See www.serverdensity.com/docs/agent/plugins/
+plugin_directory:
+
+# Optional status monitoring
+# See www.serverdensity.com/docs/agent/
+# Ignore these if you do not wish to monitor them
+
+# Apache
+# See http://support.serverdensity.com/customer/portal/articles/72259-configuring-apache-monitoring
+#apache_status_url: http://127.0.0.1/server-status?auto
+
+# MySQL
+# See http://support.serverdensity.com/customer/portal/articles/72265-configuring-mysql-monitoring
+
+#mysql_server: localhost
+#mysql_user: username
+#mysql_pass: password
diff --git a/server-density-agent/server-density-agent.yml b/server-density-agent/server-density-agent.yml
@@ -0,0 +1,22 @@
+# Install and set up the Server Density agent
+#
+# See http://www.serverdensity.com/
+---
+- name: install boxed ice's repo public key
+  apt_key: url=https://www.serverdensity.com/downloads/boxedice-public.key state=present
+
+- name: add boxed ice's repository as an apt source
+  apt_repository: repo='deb http://www.serverdensity.com/downloads/linux/deb all main'
+
+- name: install sd-agent package from boxed ice's repository
+  apt: pkg=sd-agent state=latest update_cache=yes
+
+- name: ensure mysql dependencies are present
+  apt: pkg=python-dev state=present
+  apt: pkg=python-mysqldb state=present
+
+- name: copy the sd-agent config file
+  template: src=server-density-agent.cfg.j2 dest=/etc/sd-agent/config.cfg owner=sd-agent mode=0644
+
+- name: ensure sd-agent is running
+  service: name=sd-agent state=started enabled=yes

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# ansible hosts file`
	`2`	`+#SERVERNAME ansible_ssh_user=USERNAME ansible_ssh_host=IPADDRESS ansible_connection=ssh`
	`3`	`+#web1 ansible_ssh_user=daviddoran ansible_ssh_host=192.0.2.1 ansible_connection=ssh`