Add materials for production deployment.

43f7bfe9 · McConahy, Renee Margaret · 6aa80675 · 43f7bfe9 · 43f7bfe9 · 43f7bfe9
Commit 43f7bfe9 authored 5 years ago by McConahy, Renee Margaret
--- a/.gitignore
+++ b/.gitignore
 /.vagrant/
+/production_secrets.yml
--- a/ansible.cfg
+++ b/ansible.cfg
+[defaults]
+interpreter_python = auto
+inventory = hosts.yml
+any_errors_fatal = true
+nocows = 1
+stdout_callback = yaml
--- a/bin/generate-production-secrets
+++ b/bin/generate-production-secrets
+#!/usr/bin/env bash
+#<
+# Usage:
+#   generate-production-secrets [-f]
+#
+# Options:
+#   -f    Overwrite.
+#>
+
+genkey() {
+    local s=$(tr -dc a-z </dev/urandom | head -c 14)
+    [[ $s =~ ^[a-z]{14}$ ]] && printf "%s\\n" "$s"
+}
+
+fail() {
+    printf "%s\\n" "$1" >&2
+    exit 1
+}
+
+set -u
+target=$(dirname -- "$0")/../production_secrets.yml
+
+force=0
+while getopts fh opt; do
+    case $opt in
+    f) force=1 ;;
+    h|*)
+        sed -ne '/^#</,/^#>/ { /^#\(<\|>\)/d; s/^# \?//; p; }' -- "$0"
+        [[ $opt == "?" ]] && exit 1
+        exit 0 ;;
+    esac
+done
+shift $((OPTIND - 1))
+(($#)) && exit 1
+
+[[ -e $target && $force -eq 0 ]] && fail "Refusing to overwrite."
+
+for i in 0 1; do
+    keys[$i]=$(genkey) || fail "Error generating keys."
+done
+
+sed 's/^ \{4\}//' <<YML >"$target"
+    ---
+
+    lockss_db_password: ${keys[0]}
+    lockss_ui_password: ${keys[1]}
+YML
--- a/hosts.yml
+++ b/hosts.yml
+---
+
+lockss:
+  hosts:
+    lockssmich19:
--- a/lookup_plugins/.gitignore
+++ b/lookup_plugins/.gitignore
+/__pycache__/
--- a/lookup_plugins/ip.py
+++ b/lookup_plugins/ip.py
+# Source: <https://stackoverflow.com/a/32324513/3716479> with modifications.
+
+import ansible.errors as errors
+from ansible.plugins.lookup import LookupBase
+import socket
+
+class LookupModule(LookupBase):
+    def run(self, terms, variables=None, **kwargs):
+        if len(terms) != 1 or not isinstance(terms[0], str):
+            raise errors.AnsibleError("bad invocation")
+
+        return [socket.gethostbyname(terms[0])]
--- a/production.playbook.yml
+++ b/production.playbook.yml
+---
+
+- hosts: lockss
+  become: true
+  vars:
+    lockss_data_dir: /var/lib/lockss
+    lockss_uid: 995
+    lockss_gid: 995
+    external_ip: "{{ lookup('ip', ansible_host) }}"
+    lockss_hostname: "{{ ansible_host }}"
+    lockss_ipaddr: "{{ external_ip }}"
+    lockss_external_ipaddr: "{{ external_ip }}"
+    lockss_network_ips:
+      - 35.8.220.0/22
+    lockss_admin_ips:
+      - 35.8.220.0/22
+    lockss_admin_email: nepeta@msu.edu
+    lockss_props_url: "http://lib-lockss-con-pilot.library.wmich.edu:8001\
+                       /locksscon/lockss.xml"
+  vars_files:
+    - production_secrets.yml
+  roles:
+    - lockss