From 6749f378c24d4c9490c45bf24c87046673f8a076 Mon Sep 17 00:00:00 2001
From: Rasmus Thorslund <thorslund@sunet.se>
Date: Fri, 31 May 2024 18:23:21 +0200
Subject: [PATCH] added scripts and ansible stuff for easy managment

---
 scripts/ansible_inventory.ini                 | 35 ++++++++++++++++
 scripts/ansible_playbooks/cosmos_lock.yaml    | 12 ++++++
 scripts/ansible_playbooks/cosmos_unlock.yaml  |  9 +++++
 .../remove_root_password.yaml                 |  8 ++++
 .../ansible_playbooks/set_root_password.yaml  | 21 ++++++++++
 scripts/get_knotctl_commands.sh               | 11 +++++
 scripts/make_ansible_inventory.sh             | 40 +++++++++++++++++++
 7 files changed, 136 insertions(+)
 create mode 100644 scripts/ansible_inventory.ini
 create mode 100644 scripts/ansible_playbooks/cosmos_lock.yaml
 create mode 100644 scripts/ansible_playbooks/cosmos_unlock.yaml
 create mode 100644 scripts/ansible_playbooks/remove_root_password.yaml
 create mode 100644 scripts/ansible_playbooks/set_root_password.yaml
 create mode 100755 scripts/get_knotctl_commands.sh
 create mode 100755 scripts/make_ansible_inventory.sh

diff --git a/scripts/ansible_inventory.ini b/scripts/ansible_inventory.ini
new file mode 100644
index 0000000..1b194ad
--- /dev/null
+++ b/scripts/ansible_inventory.ini
@@ -0,0 +1,35 @@
+[all]
+internal-sto4-prod-k8sw-0.rut.sunet.se
+internal-sto4-prod-k8sw-4.rut.sunet.se
+internal-sto4-prod-k8sw-5.rut.sunet.se
+internal-sto4-prod-k8sc-2.rut.sunet.se
+internal-sto4-prod-k8sw-1.rut.sunet.se
+internal-sto4-prod-satosa-1.rut.sunet.se
+internal-sto4-prod-k8sw-2.rut.sunet.se
+internal-sto4-prod-k8sw-3.rut.sunet.se
+internal-sto4-prod-k8sc-1.rut.sunet.se
+internal-sto4-prod-monitor-1.rut.sunet.se
+internal-sto4-prod-k8sc-0.rut.sunet.se
+
+[worker_nodes]
+internal-sto4-prod-k8sw-0.rut.sunet.se
+internal-sto4-prod-k8sw-4.rut.sunet.se
+internal-sto4-prod-k8sw-5.rut.sunet.se
+internal-sto4-prod-k8sw-1.rut.sunet.se
+internal-sto4-prod-k8sw-2.rut.sunet.se
+internal-sto4-prod-k8sw-3.rut.sunet.se
+
+
+[control_nodes]
+internal-sto4-prod-k8sc-2.rut.sunet.se
+internal-sto4-prod-k8sc-1.rut.sunet.se
+internal-sto4-prod-k8sc-0.rut.sunet.se
+
+
+[satosa]
+internal-sto4-prod-satosa-1.rut.sunet.se
+
+
+[monitor]
+internal-sto4-prod-monitor-1.rut.sunet.se
+
diff --git a/scripts/ansible_playbooks/cosmos_lock.yaml b/scripts/ansible_playbooks/cosmos_lock.yaml
new file mode 100644
index 0000000..d7f5312
--- /dev/null
+++ b/scripts/ansible_playbooks/cosmos_lock.yaml
@@ -0,0 +1,12 @@
+---
+- name: Create a file to pause Cosmos
+  hosts: all
+  become: yes
+  tasks:
+    - name: Ensure the file /etc/no-automatic-cosmos exists with specific content
+      ansible.builtin.copy:
+        dest: /etc/no-automatic-cosmos
+        content: "Cosmos paused by Ansible\n"
+        owner: root
+        group: root
+        mode: '0644'
diff --git a/scripts/ansible_playbooks/cosmos_unlock.yaml b/scripts/ansible_playbooks/cosmos_unlock.yaml
new file mode 100644
index 0000000..4ae2fc2
--- /dev/null
+++ b/scripts/ansible_playbooks/cosmos_unlock.yaml
@@ -0,0 +1,9 @@
+---
+- name: Remove the file to resume Cosmos
+  hosts: all
+  become: yes
+  tasks:
+    - name: Remove the file /etc/no-automatic-cosmos if it exists
+      ansible.builtin.file:
+        path: /etc/no-automatic-cosmos
+        state: absent
diff --git a/scripts/ansible_playbooks/remove_root_password.yaml b/scripts/ansible_playbooks/remove_root_password.yaml
new file mode 100644
index 0000000..135d5db
--- /dev/null
+++ b/scripts/ansible_playbooks/remove_root_password.yaml
@@ -0,0 +1,8 @@
+---
+- name: Remove root password for hosts
+  hosts: all
+  become: yes
+  tasks:
+    - name: Remove root password
+      ansible.builtin.command:
+        cmd: passwd -d root
diff --git a/scripts/ansible_playbooks/set_root_password.yaml b/scripts/ansible_playbooks/set_root_password.yaml
new file mode 100644
index 0000000..589f751
--- /dev/null
+++ b/scripts/ansible_playbooks/set_root_password.yaml
@@ -0,0 +1,21 @@
+---
+- name: Set root password for hosts
+  hosts: all
+  become: yes
+  vars_prompt:
+    - name: "root_password"
+      prompt: "Enter the new root password"
+      private: yes
+
+  tasks:
+    - name: Hash the root password on localhost
+      delegate_to: localhost
+      run_once: true
+      become: false
+      set_fact:
+        hashed_password: "{{ root_password | password_hash('sha512') }}"
+
+    - name: Set root password on target hosts
+      ansible.builtin.user:
+        name: root
+        password: "{{ hashed_password }}"
diff --git a/scripts/get_knotctl_commands.sh b/scripts/get_knotctl_commands.sh
new file mode 100755
index 0000000..0ae6a02
--- /dev/null
+++ b/scripts/get_knotctl_commands.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+export OS_CLOUD=sto4-rut
+SERVER_LIST=$(openstack server list -f json | jq -r '.[] | {Name: .Name, IPv4: .Networks.public[] | select(test("^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+$")), IPv6: .Networks.public[] | select(test("^[0-9a-fA-F:]+$"))} | [ .Name, .IPv4, .IPv6 ] | @csv' | tr -d '"')
+
+DOMAIN="rut.sunet.se"
+
+while IFS=',' read -r name ipv4 ipv6; do
+	echo "knotctl add -r A -z $DOMAIN -n $name. -d $ipv4"
+	echo "knotctl add -r AAAA -z $DOMAIN -n $name. -d $ipv6"
+done <<< "$SERVER_LIST"
diff --git a/scripts/make_ansible_inventory.sh b/scripts/make_ansible_inventory.sh
new file mode 100755
index 0000000..65c08a2
--- /dev/null
+++ b/scripts/make_ansible_inventory.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+SERVER_LIST=$(openstack server list -f json | jq -r '.[] | .Name')
+
+INVENTORY_FILE="ansible_inventory.ini"
+
+rm -f $INVENTORY_FILE
+
+echo "[all]" > $INVENTORY_FILE
+
+WORKER_NODES_SECTION=""
+CONTROL_NODES_SECTION=""
+SATOSA_SECTION=""
+MONITOR_SECTION=""
+
+while read -r name; do
+    echo "$name" >> $INVENTORY_FILE
+
+    if [[ $name == *k8sw* ]]; then
+        WORKER_NODES_SECTION+="$name\n"
+    elif [[ $name == *k8sc* ]]; then
+        CONTROL_NODES_SECTION+="$name\n"
+    elif [[ $name == *satosa* ]]; then
+        SATOSA_SECTION+="$name\n"
+    elif [[ $name == *monitor* ]]; then
+        MONITOR_SECTION+="$name\n"
+    fi
+done <<< "$SERVER_LIST"
+
+# Append each section to the inventory file
+echo -e "\n[worker_nodes]" >> $INVENTORY_FILE
+echo -e "$WORKER_NODES_SECTION" >> $INVENTORY_FILE
+echo -e "\n[control_nodes]" >> $INVENTORY_FILE
+echo -e "$CONTROL_NODES_SECTION" >> $INVENTORY_FILE
+echo -e "\n[satosa]" >> $INVENTORY_FILE
+echo -e "$SATOSA_SECTION" >> $INVENTORY_FILE
+echo -e "\n[monitor]" >> $INVENTORY_FILE
+echo -e "$MONITOR_SECTION" >> $INVENTORY_FILE
+
+echo "Ansible inventory file created at $INVENTORY_FILE"