Bootstrap the Target Hosts
Once the inventory file has been completed, you have to bootstrap the target hosts to prepare them for the deployment to run. CMP
Converged Monetisation Platform. The MDS Global product that supports customer care and billing for digital service providers. provides a playbook - playbooks/bootstrap.yaml - which you can run to bootstrap the hosts.
This is an optional step and all the below actions can be performed manually depending on the environment in which CMP is being installed.
The bootstrap play does the following:
- Creates an Ansible user A person with the capability to log in to the CMP GUI software, such as a customer service advisor or agent..
- Adds your public key to the list of the Ansible user authorized keys to enable private key SSH login.
-
Registers target RHEL systems with Red Hat, giving them access to the Red Hat YUM repositories.
The deployment process relies on access to the corresponding RedHat YUM repositories (jb-eap-7.2-for-rhel-7-server-rpms/jws-5-for-rhel-7-server-rpms) or their equivalents.
In order to run the bootstrap play the following parameters must be set:
|
Parameter |
Description |
|---|---|
|
ansible_ssh_user |
A user account that will be used to bootstrap target servers. It must be either a root, or an account with the sudo access. If the account in question is the one with the sudo access that requires password an -K (or --ask-become-pass) parameter should be used when running the ansible-playbook program. It is recommended that you set the |
|
bootstrap |
A dictionary that includes a user public key(s) and Red Hat credentials to register target servers |
The bootstrap dictionary must have the following three values:
|
Key |
Description |
|---|---|
|
authorized_keys |
A JSON array of the strings, each element of which is the SSH public key that will be added to the list of authorized keys. (see the example below) |
|
rhel_username |
Red Hat account user name. The account must be able to register system with Red Hat to avail use of the Red Hat YUM repositories |
|
rhel_password |
Red Hat account password. |
Submit the Bootstrap Parameter:
You can submit the bootstrap parameter in two ways: command line or the global vault file
Command line
The command line method has higher precedence; if the same parameter is submitted via the group In the Customer Manager Platform hierarchy, the highest level of the structure. The group level can be used to group corporates. Groups can hold financial information. or host file and the command line at the same time, the one submitted via the command line will be used.
When the bootstrap dictionary is submitted via the command line it must be submitted as JSON JavaScript Object Notation. JSON is a lightweight format for storing and transporting data, often used when data is sent from a server to a web page. object rather than YAML. The above parameters submitted via the command line can look as follows:
-e '{"bootstrap": {"authorized_keys": ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDe0/WFdlPa/DxEDWpDKbNs9c7obG3jKwHvlf2byVIQu+iCqfu8WF93CwbJBUT54yiMb7rR8hjINNIDv5YceYfwDez2oG91W93sgH690YFftViQhLU4ZrdULVo7QbEJJedYraeTtmSpyrXIdHw7rT22641yxcX+GjaMULJHp0sJcVQSkwTq5l0yjeOa8cFHrbjVCkWCmCJ0T2VlLKmvByHjKDxWNJT2kNckudtIV3fzv+UoAkrRFzKBFBL0dod7NNFfGFcC3dZk0BWW9JUZecIU9Ll0fA/oIVF7D+PThkH+YsmDcyTrjydtwm2pZHLDs/KlgTYuCqgVzeMuXaf7oMtOs5OXnPCy0rKamAnC0qwXn/mNq5KGof12+olqVUCqmNK4UheIfwCY9jepxsb4p5vVh22TJLP3H/EWICxjm4btT+vzUpt7QNAb8kIT/2EgGx8Qd7aeQz1M95yc3OTw1TKOlU6x0zUJ+BiPHsUkeSEE8RqwTSNuw9altlMg2ClT55kYbQuoPJ/LOX4ikMO3Lms8J6ZzkKHeQxXF9hfbrWLKKVsbs/rCpyCVhWy+7hkVaNuOeEuw6Ii7GwetyGYVDyWcM2/I9i4Pp/V4ANZWF761pRDYn36io7UqeqcPFc0/pyHimEvJf6vek4NQqLm12Q94Xaz2eWdj+xba3LBvPmnL7w== root@d82dd3c8aeb3", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDU61rIZVtwZtSV7KJw42utB5my68KakPAudzSmNFWmKZstbS7RMYE/Fzk0n8BzRbz2doZoEfjiQIhzgfTEq5WjfogeWi3SInK7A5YrQRCt1QvToW4WJjvwbepOcC840falm3BQfv0U6FZAFyl++MQQ4H1XGq2BjZeLiPNxzrrbEvVYKapp3IQWtk6kqN8P8wo5oKErgoCKPI0dda+AMEfH1dQUPDTfHgbJ8XWymd8mM3Fnh7hRVRRUq6uYosGak6U23nczAViT4YyXEoGJOs3Xi6fqcAyS23AyaIBW7LBDOmJ8FqCkBWU5Hjj1sirN2gFrc+9eTQwJEvvEEmKWN1TDj4O7OgFNzVHl04FcjaDHCBPAAUyQQccM3p/CaJUb0msXFOXzKNHSx3/6gWc3mG4bxysRx5No+nNDCTQWBFsVSoHpbniKliaqR/2Qbr601ga+zNtU7kwLlHxOYFaKEQbAXNpSwjupkiv/rIf6FvrWH1MufBECqiGti2nc9wGBp5KhU7OuKozdmI2ztxuePdDVjN66mxnoWxWWNqLN8QxjJAFUbLNGncfkQ92zOo5uAYW85ZyD/KspFDPjP1Phyru4LDVTj5o2YbxJHQem2ZUmPnA2DunNNB0vqP5XXnnNnIA8hYeYLGmo+j/2VVPTNtor0gNCwT5bxFKFJuZwjiWfIw== developer@CMP-7-2-0-LNX32.mdsuk.com"], "rhel_username": "RHEL_username", "rhel_password": "RHEL_password"}}'
Important
When the dictionary parameter is specified, it must be specified in full - all the required dictionary properties must be specified. Ansible cannot merge the properties from different sources, it always overwrites them in memory with the one taken from the source with the highest precedence. So, if in the above example all three properties are defined in the vault file, but then you submit only one element array of the authoried_keys via the command line, Ansible won't be able to find the RHEL credentials and the play execution will fail.
Once the the credentials are submitted via the command line, run the bootstrap play by running the following command:
ansible-playbook --vault-password-file=~/.vaultpwd -i inventory/benchmark.yaml -e '{"bootstrap": {"authorized_keys": ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDKKNlqxNU37q2cEOA9zJmESEmLo78JIvF3lzJ/UsiQzTgpy5YS+2Az8N9lX32GYT1cllVXIdYI+TdIMTahipx9pCC0HvOxUogdmS2PKxDa/859dsiwLT0dsRmPUG957u8Qqqa92Hl4g03lCV/qSI3HC1eqUGLGyzC1Pgdn58n/RzDzCCJccvHeMD0Lbc033Y67zyTR0rALR1SsivxmbBaCe4MHjfZ1vZ7IdVZCkaoEFax0Op8Dk2VeANdIaZyIrLQQ7LaXAJCW9OxqGfQF7fFmgEJDE47RhAu0DQMHWg0QfN0gWReLhxz4vijmcDXeSAUuZ0dwrJw7O4s24z+CbboqV3Um/WXMw9FBDL+OfLxhMYg7Vn/TZ29nm1eKprJBCpRUUlLYCQnjO1B8ieeK+brl5CH7LBcPiYxfqDD33LLHlyDXAF68wci1wMmYIpAK0su7AMsq4/JyVSZjl1+72pJm1rrgCIodixOZudNL83w+GxkMkQsrES/r30t1olIYxVu8folh/kZH/d5UFcxhLLJEWYULGSwWMLaaYaiVQXedFizEG38bM42gFqMo+OqGoH3w3CRbcKF0zCp3Wo8t0fCdMlNpO45OxBb1VZeLLBbfvRRpL7zCwzwKDShrLzhTSB78EQb/Q1ngYTmGGW6l9RawxNgK9K8Yt+zAXcrlxjQ/Zw== ansible@alpha22.mdsuk.com"], "rhel_username": "RHEL_username", "rhel_password": "RHEL_password"}}' -e 'ansible_ssh_user=root' -k playbooks/bootstrap.yaml
The global vault file (playbooks/group_vars/all/vault.yaml)
In this case the credentials can be stored in SCM securely. See Vault Password File for information on how to edit an existing vault file.
The global vault file can look as follows:
bootstrap:
authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDe0/WFdlPa/DxEDWpDKbNs9c7obG3jKwHvlf2byVIQu+iCqfu8WF93CwbJBUT54yiMb7rR8hjINNIDv5YceYfwDez2oG91W93sgH690YFftViQhLU4ZrdULVo7QbEJJedYraeTtmSpyrXIdHw7rT22641yxcX+GjaMULJHp0sJcVQSkwTq5l0yjeOa8cFHrbjVCkWCmCJ0T2VlLKmvByHjKDxWNJT2kNckudtIV3fzv+UoAkrRFzKBFBL0dod7NNFfGFcC3dZk0BWW9JUZecIU9Ll0fA/oIVF7D+PThkH+YsmDcyTrjydtwm2pZHLDs/KlgTYuCqgVzeMuXaf7oMtOs5OXnPCy0rKamAnC0qwXn/mNq5KGof12+olqVUCqmNK4UheIfwCY9jepxsb4p5vVh22TJLP3H/EWICxjm4btT+vzUpt7QNAb8kIT/2EgGx8Qd7aeQz1M95yc3OTw1TKOlU6x0zUJ+BiPHsUkeSEE8RqwTSNuw9altlMg2ClT55kYbQuoPJ/LOX4ikMO3Lms8J6ZzkKHeQxXF9hfbrWLKKVsbs/rCpyCVhWy+7hkVaNuOeEuw6Ii7GwetyGYVDyWcM2/I9i4Pp/V4ANZWF761pRDYn36io7UqeqcPFc0/pyHimEvJf6vek4NQqLm12Q94Xaz2eWdj+xba3LBvPmnL7w== root@d82dd3c8aeb3
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDU61rIZVtwZtSV7KJw42utB5my68KakPAudzSmNFWmKZstbS7RMYE/Fzk0n8BzRbz2doZoEfjiQIhzgfTEq5WjfogeWi3SInK7A5YrQRCt1QvToW4WJjvwbepOcC840falm3BQfv0U6FZAFyl++MQQ4H1XGq2BjZeLiPNxzrrbEvVYKapp3IQWtk6kqN8P8wo5oKErgoCKPI0dda+AMEfH1dQUPDTfHgbJ8XWymd8mM3Fnh7hRVRRUq6uYosGak6U23nczAViT4YyXEoGJOs3Xi6fqcAyS23AyaIBW7LBDOmJ8FqCkBWU5Hjj1sirN2gFrc+9eTQwJEvvEEmKWN1TDj4O7OgFNzVHl04FcjaDHCBPAAUyQQccM3p/CaJUb0msXFOXzKNHSx3/6gWc3mG4bxysRx5No+nNDCTQWBFsVSoHpbniKliaqR/2Qbr601ga+zNtU7kwLlHxOYFaKEQbAXNpSwjupkiv/rIf6FvrWH1MufBECqiGti2nc9wGBp5KhU7OuKozdmI2ztxuePdDVjN66mxnoWxWWNqLN8QxjJAFUbLNGncfkQ92zOo5uAYW85ZyD/KspFDPjP1Phyru4LDVTj5o2YbxJHQem2ZUmPnA2DunNNB0vqP5XXnnNnIA8hYeYLGmo+j/2VVPTNtor0gNCwT5bxFKFJuZwjiWfIw== developer@CMP-7-2-0-LNX32.mdsuk.com
rhel_username: <RedHat_Username>
rhel_password: <RedHat_Password>
Once the vault file is prepared you can run the bootstrap play by running the following command (providing that my vault password file is stored in my home directory):