[WIP] Rollout nodes (#17)

- Added a new version of the Makefile (see also osism/cfg-generics#461) - Improved templateing of the SSH configuration for Supermicro BMCs - New backups of the server configurations - Better documentation of the environment-sepecific bootstrap process - Add a simple facility to provide serial terminal access - Adding all users to the dialout group to provide serial terminal access - Changed NTP configuration (the managers and the controllers will be ntp servers in future) - Set initial system dates by http requests to prevent gpg problems - Add tinyproxy as an alternative to squid (because squid breaks apt functionality due to a bug) - Better ansible host inventory generation -- Signed-off-by: Marc Schöchlin <[email protected]> Signed-off-by: Marc Schöchlin <[email protected]>
SovereignCloudStack · Jul 7, 2024 · e8fdebe · e8fdebe
1 parent 1c98774
commit e8fdebe
Show file tree

Hide file tree

Showing 79 changed files with 2,061 additions and 939 deletions.
diff --git a/Makefile b/Makefile
@@ -19,18 +19,41 @@ sync: deps
 	@[ "${BRANCH}" ] && sed -i -e "s/version: .*/version: ${BRANCH}/" gilt.yml || exit 0
 	@${venv} && gilt overlay && gilt overlay
 
+
+.PHONY: check_vault_pass
+check_vault_pass:
+	@test -r secrets/vaultpass  || ( echo "the file secrets/vaultpass does not exist"; exit 1)
+
+
 .PHONY: ansible_vault_rekey
-ansible_vault_rekey: deps
-	pwgen -1 32 > secrets/vaultpass.new
-	${venv} && find environments/ inventory/ -name "*.yml" -exec grep -l ANSIBLE_VAULT {} \+|\
+ansible_vault_rekey: deps check_vault_pass
+	@if ! git diff-index --quiet HEAD --; then \
+	    echo "Error: Uncommitted changes found in the repository. Stash or drop them before rekeying."; \
+		 git diff; \
+	    exit 1; \
+	fi
+	openssl rand -base64 24 | tr -dc 'A-Za-z0-9' | head -c 32  > secrets/vaultpass.new
+	echo "CREATING A BACKUP"
+	cp secrets/vaultpass secrets/vaultpass_backup_$(shell date --date="today" "+%Y-%m-%d_%H-%M-%S")
+	echo "PERFORM REKEYING"
+	${venv} && find environments/ inventory/ -name "*.yml" -not -path "*/.venv/*" -exec grep -l ANSIBLE_VAULT {} \+|\
 		sort -u|\
 		xargs -n 1 --verbose ansible-vault rekey  -v \
 		--vault-password-file secrets/vaultpass \
 		--new-vault-password-file secrets/vaultpass.new
+	echo "MOVE NEW KEY IN PLACE"
 	mv secrets/vaultpass.new secrets/vaultpass
 
 .PHONY: ansible_vault_show
-ansible_vault_show: deps
-	${venv} && find environments/ inventory/ -name "*.yml" -exec grep -l ANSIBLE_VAULT {} \+|\
+ansible_vault_show: deps check_vault_pass
+	${venv} && find environments/ inventory/ -name "*.yml" -and -not -path "*/.venv/*" -exec grep -l ANSIBLE_VAULT {} \+|\
 		sort -u|\
-		xargs -n 1 --verbose ansible-vault view --vault-password-file secrets/vaultpass | cat
+		xargs -n 1 --verbose ansible-vault view --vault-password-file secrets/vaultpass 2>&1 | less
+
+
+.PHONY: ansible_vault_edit
+ansible_vault_edit: deps check_vault_pass
+ifndef FILE
+	$(error FILE variable is not set)
+endif
+	${venv} && ansible-vault edit --vault-password-file secrets/vaultpass ${FILE}
diff --git a/config-snippets/ssh_config_scs_servers b/config-snippets/ssh_config_scs_servers
@@ -1,145 +1,166 @@
 Host scs-bmc-st01-comp-r01-u09
    Hostname 10.10.23.25
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-comp-r01-u09
    Hostname 10.10.21.25
 
 Host scs-bmc-st01-comp-r01-u11
    Hostname 10.10.23.26
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-comp-r01-u11
    Hostname 10.10.21.26
 
 Host scs-bmc-st01-comp-r01-u13
    Hostname 10.10.23.27
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-comp-r01-u13
    Hostname 10.10.21.27
 
 Host scs-bmc-st01-comp-r01-u15
    Hostname 10.10.23.28
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-comp-r01-u15
    Hostname 10.10.21.28
 
 Host scs-bmc-st01-comp-r01-u17
    Hostname 10.10.23.29
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-comp-r01-u17
    Hostname 10.10.21.29
 
 Host scs-bmc-st01-comp-r01-u19
    Hostname 10.10.23.30
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-comp-r01-u19
    Hostname 10.10.21.30
 
 Host scs-bmc-st01-comp-r01-u21
    Hostname 10.10.23.15
+   HostKeyAlgorithms=+ssh-rsa
    User root
 
 Host scs-node-st01-comp-r01-u21
    Hostname 10.10.21.15
 
 Host scs-bmc-st01-comp-r01-u22
    Hostname 10.10.23.16
+   HostKeyAlgorithms=+ssh-rsa
    User root
 
 Host scs-node-st01-comp-r01-u22
    Hostname 10.10.21.16
 
 Host scs-bmc-st01-comp-r01-u23
    Hostname 10.10.23.17
+   HostKeyAlgorithms=+ssh-rsa
    User root
 
 Host scs-node-st01-comp-r01-u23
    Hostname 10.10.21.17
 
 Host scs-bmc-st01-comp-r01-u24
    Hostname 10.10.23.18
+   HostKeyAlgorithms=+ssh-rsa
    User root
 
 Host scs-node-st01-comp-r01-u24
    Hostname 10.10.21.18
 
 Host scs-bmc-st01-comp-r01-u25
    Hostname 10.10.23.19
+   HostKeyAlgorithms=+ssh-rsa
    User root
 
 Host scs-node-st01-comp-r01-u25
    Hostname 10.10.21.19
 
 Host scs-bmc-st01-comp-r01-u26
    Hostname 10.10.23.20
+   HostKeyAlgorithms=+ssh-rsa
    User root
 
 Host scs-node-st01-comp-r01-u26
    Hostname 10.10.21.20
 
 Host scs-bmc-st01-ctl-r01-u27
    Hostname 10.10.23.12
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-ctl-r01-u27
    Hostname 10.10.21.12
 
 Host scs-bmc-st01-ctl-r01-u28
    Hostname 10.10.23.13
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-ctl-r01-u28
    Hostname 10.10.21.13
 
 Host scs-bmc-st01-ctl-r01-u29
    Hostname 10.10.23.14
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-ctl-r01-u29
    Hostname 10.10.21.14
 
 Host scs-bmc-st01-mgmt-r01-u30
    Hostname 10.10.23.10
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-mgmt-r01-u30
    Hostname 10.10.21.10
 
 Host scs-bmc-st01-mgmt-r01-u31
    Hostname 10.10.23.11
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-mgmt-r01-u31
    Hostname 10.10.21.11
 
 Host scs-bmc-st01-stor-r01-u01
    Hostname 10.10.23.21
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-stor-r01-u01
    Hostname 10.10.21.21
 
 Host scs-bmc-st01-stor-r01-u03
    Hostname 10.10.23.22
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-stor-r01-u03
    Hostname 10.10.21.22
 
 Host scs-bmc-st01-stor-r01-u05
    Hostname 10.10.23.23
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-stor-r01-u05
    Hostname 10.10.21.23
 
 Host scs-bmc-st01-stor-r01-u07
    Hostname 10.10.23.24
+   HostKeyAlgorithms=+ssh-rsa
    User ADMIN
 
 Host scs-node-st01-stor-r01-u07