Initial version

README.md

@@ -1,2 +1,48 @@
-# ansible-target-role
-Ansible role for configuring target hosts for use by the Delphix platform
+Delphix Target Host
+===================
+
+This role will configure a Linux system for use as a target host in the Delphix
+platform. This includes installing all required packages, and creating a
+`delphix` user with sufficient sudo privileges support all platform operations,
+most notably managing NFS mounts.  The resulting host can be used with a
+standard username, directories, and SSH key access.
+
+The role provides a mechanism for configuring the `delphix` user with a single
+engine public SSH key in `/home/delphix/.ssh/authorized_keys`. In the event
+that you are building a cloud image and want to configure the SSH key at
+runtime, you can use cloud init (as described for AWS
+[here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html)) to
+append one or more SSH keys to the `authorized_keys` file on first boot. To get
+the public SSH key of an engine, use the `system get sshPublicKey` CLI command.
+
+This role has been manually tested against latest Ubuntu and CentOS AMIs, but
+there is no reason it should not work with any RedHat or Debian variant.
+
+Role Variables
+--------------
+
+The following role variables can be configured:
+
+    delphix_user: delphix
+    delphix_group: delphix
+    delphix_mount: /mnt/delphix
+    delphix_toolkit: /home/delphix/toolkit
+    delphix_ssh_key:
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+    - hosts: servers
+      roles:
+         - { role: delphix.target-host, delphix_toolkit: /toolkit }
+
+License
+-------
+
+Apache 2.0
+

defaults/main.yml

@@ -0,0 +1,9 @@
+---
+#
+# Copyright (c) 2018 by Delphix. All rights reserved.
+#
+delphix_user: delphix
+delphix_group: delphix
+delphix_mount: /mnt/delphix
+delphix_toolkit: /home/delphix/toolkit
+delphix_ssh_key:

meta/main.yml

@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2018 by Delphix. All rights reserved.
+#
+galaxy_info:
+  author: eschrock
+  description: Delphix Target Host Configuration
+  company: Delphix
+  license: Apache
+  min_ansible_version: 2.0
+  platforms:
+   - name: RedHat
+     versions:
+     - all
+   - name: Debian
+     versions:
+     - all
+  galaxy_tags:
+   - delphix
+
+dependencies: []

tasks/main.yml

@@ -0,0 +1,65 @@
+---
+#
+# Copyright (c) 2018 by Delphix. All rights reserved.
+#
+
+# Install OS-specific packages
+- include: setup-redhat.yml
+  when: ansible_os_family == 'RedHat'
+- include: setup-debian.yml
+  when: ansible_os_family == 'Debian'
+
+#
+# Configure the 'delphix' user and home directory
+#
+- name: Add Delphix group
+  group:
+    name: "{{ delphix_group }}"
+
+- name: Add Delphix user
+  user:
+    name: "{{ delphix_user }}"
+    home: "/home/{{ delphix_user }}"
+    group: "{{ delphix_group }}"
+    comment: "Delphix Automation"
+
+- name: Create delphix directories
+  file:
+    path: "{{ item.path }}"
+    owner: "{{ delphix_user }}"
+    group: "{{ delphix_group }}"
+    mode: "{{ item.mode }}"
+    state: directory
+  with_items:
+    - { path: "{{ delphix_toolkit }}", mode: "0770" }
+    - { path: "/home/{{ delphix_user }}/.ssh", mode: "0700" }
+    - { path: "{{ delphix_mount }}", mode: "0700" }
+
+- name: Create empty authorized keys
+  file:
+    path: "/home/{{ delphix_user }}/.ssh/authorized_keys"
+    owner: "{{ delphix_user }}"
+    group: "{{ delphix_group }}"
+    mode: 0600
+    state: touch
+
+- name: Set SSH key
+  copy:
+    content: "{{ delphix_ssh_key }}"
+    dest: "/home/{{ delphix_user }}/.ssh/authorized_keys"
+  when: delphix_ssh_key is not none
+
+#
+# This role will configure sudoers for use as a target on any platform. If more
+# fine-grained access is required, this could be placed behind a number of
+# variables to tune it for platforms. It could also be tightened up to only
+# allow commands with specific arguments.
+#
+- name: Configure delphix user for sudo
+  blockinfile:
+    dest: /etc/sudoers
+    state: present
+    block: |
+      Defaults:{{ delphix_user }} !requiretty
+      {{ delphix_user }} ALL=NOPASSWD: /bin/mount, /bin/umount, /bin/ps, /bin/mkdir, /bin/rmdir
+    validate: "visudo -cf %s"

tasks/setup-debian.yml

@@ -0,0 +1,28 @@
+---
+#
+# Copyright (c) 2018 by Delphix. All rights reserved.
+#
+
+- name: Check if 32-bit runtime is installed
+  shell: dpkg --print-foreign-architectures | grep i386
+  register: result_32bit
+  changed_when: result_32bit.rc == 1
+  failed_when: result_32bit.rc > 1
+
+- name: Enable 32-bit runtime
+  command: dpkg --add-architecture i386
+  when: result_32bit.rc == 1
+
+- name: Install required packages
+  apt:
+    name: "{{ item }}"
+    state: installed
+    update_cache: yes
+  with_items:
+    # Required for 32-bit java used by Delphix
+    - libc6:i386
+    - libstdc++6:i386
+    # Required for mounting NFS filesystems
+    - nfs-common
+    # Required for sudo access to mount/unmount NFS filesystems
+    - sudo

tasks/setup-redhat.yml

@@ -0,0 +1,13 @@
+---
+#
+# Copyright (c) 2018 by Delphix. All rights reserved.
+#
+
+- name: Install required packages
+  yum:
+    name: "{{ item }}"
+    state: present
+    update_cache: yes
+  with_items:
+    # Required for mounting NFS filesystems
+    - nfs-utils