# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- # Credentials ### The /etc/profile.d/gcloud_auth.sh requires it readable for all users - name: Create the temp keys directory file: path: '{{ remote_gsa_key }}' state: directory mode: '0755' group: 'root' owner: 'root' tags: - initial-install - tool-authentication ### The /etc/profile.d/gcloud_auth.sh requires it readable for all users - name: Get the SA key to initialize gcloud with copy: src: '{{ local_gsa_key }}' dest: '{{ remote_gsa_key }}/gsa-key.json' mode: '0444' # read only group: 'root' owner: 'root' tags: - initial-install - tool-authentication ##### gcloud - name: Create the tools temp directory file: path: '{{ tools_base_path }}' state: directory mode: '0755' tags: - initial-install - name: Download and unarchive gcloud unarchive: src: 'https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-{{ gcloud_version }}-linux-x86_64.tar.gz' dest: '{{ tools_base_path }}' creates: '{{ tools_base_path }}/google-cloud-sdk' remote_src: yes tags: - initial-install - tool-install - name: Download and unarchive kubectx unarchive: src: 'https://github.com/ahmetb/kubectx/releases/download/v{{ kubectx_version }}/kubectx_v{{ kubectx_version }}_linux_x86_64.tar.gz' dest: '{{ tools_base_path }}/google-cloud-sdk/bin/' creates: '{{ tools_base_path }}/google-cloud-sdk/bin/kubectx' remote_src: yes tags: - initial-install - tool-install ### All other tools - name: Install kubectl, nomos, kustomize and gsutil command: cmd: gcloud components install kubectl kustomize anthos-auth kpt nomos gsutil kubectl-oidc alpha beta -q creates: "{{ tools_base_path }}/google-cloud-sdk/bin/kubectl" environment: PATH: "{{ tools_base_path }}/google-cloud-sdk/bin:{{ ansible_env.PATH }}" tags: - initial-install - tool-install - name: Remove previous /usr/bin links and non-gcloud based binaries ansible.builtin.file: path: '/usr/bin/{{ item.app }}' state: absent loop: - { app: gcloud } - { app: kubectx } - { app: nomos } - { app: gsutil } - { app: kustomize } - { app: anthoscli } - { app: kpt } - { app: kubectl } - { app: kubectl-oidc } tags: - initial-install - tool-install - name: Put the primary google sdk tools in /usr/bin ansible.builtin.file: src: '{{ tools_base_path }}/google-cloud-sdk/bin/{{ item.app }}' dest: '/usr/bin/{{ item.app }}' state: link loop: - { app: gcloud } - { app: kubectx } - { app: nomos } - { app: gsutil } - { app: kustomize } - { app: anthoscli } - { app: kpt } - { app: kubectl } - { app: kubectl-oidc } tags: - initial-install - tool-install - name: Download and unarchive kubens unarchive: src: 'https://github.com/ahmetb/kubectx/releases/download/v{{ kubectx_version }}/kubens_v{{ kubectx_version }}_linux_x86_64.tar.gz' dest: '{{ tools_base_path }}/google-cloud-sdk/bin/' creates: '{{ tools_base_path }}/google-cloud-sdk/bin/kubens' remote_src: yes tags: - initial-install - tool-install ### Set up application default credentials - name: Setting up Google App Creds for non-interactive shells lineinfile: path: /etc/environment line: 'GOOGLE_APPLICATION_CREDENTIALS="/var/keys/gsa-key.json"' tags: - profile - initial-install - non-interactive-shell #### Setting up non-interactive PATH for gcloud - name: Add gcloud to PATH on all shells (including non-interactive) lineinfile: path: /etc/environment regexp: 'PATH="(\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/snap\/bin)"$' #uugghhly...but works line: 'PATH="/var/google-tools-install/google-cloud-sdk/bin:\1"' #prepend gcloud (snap auto installs gcloud on GCE instances) backrefs: yes state: present tags: - profile - initial-install - non-interactive-shell ## Set up auto-complete - name: Add gcloud BASH completion lineinfile: path: /etc/profile.d/bash_completion.sh line: "if [ -f '/var/google-tools-install/google-cloud-sdk/completion.bash.inc' ]; then source '/var/google-tools-install/google-cloud-sdk/completion.bash.inc'; fi" tags: - profile - initial-install - non-interactive-shell - name: Add gcloud BASH completion lineinfile: path: /etc/profile.d/gcloud_auth.sh line: "gcloud auth activate-service-account --key-file={{ remote_gsa_key }}/gsa-key.json --project {{ google_project_id }}" state: present create: yes tags: - profile - initial-install - non-interactive-shell - gcloud-setup ### Switch current session to target-machine-gsa - name: Switch to target-machine-gsa command: cmd: bash /etc/profile.d/gcloud_auth.sh environment: PATH: "{{ tools_base_path }}/google-cloud-sdk/bin:{{ ansible_env.PATH }}" tags: - initial-install - name: Enable services command: # https://cloud.google.com/anthos/clusters/docs/bare-metal/latest/installing/install-prereq cmd: gcloud services enable {{ gcp_services_required | join(' ') }} --project={{ google_project_id }} run_once: true # only one in whole inventory to run this environment: PATH: "{{ tools_base_path }}/google-cloud-sdk/bin:{{ ansible_env.PATH }}" when: - gcp_services_required is defined - (gcp_services_required|length>0) tags: - initial-install - name: Set Default Region command: cmd: gcloud config set compute/region {{ google_region }} --project={{ google_project_id }} environment: PATH: "{{ tools_base_path }}/google-cloud-sdk/bin:{{ ansible_env.PATH }}" tags: - initial-install - tool-install - name: Set Default Zone command: cmd: gcloud config set compute/zone {{ google_zone }} --project={{ google_project_id }} environment: PATH: "{{ tools_base_path }}/google-cloud-sdk/bin:{{ ansible_env.PATH }}" tags: - tool-install - initial-install ### IF upgrading BMCTL, remove existing - name: Remove bmctl ansible.builtin.file: path: "/usr/local/bin/bmctl" state: absent when: - force_tools_upgrade is defined - force_tools_upgrade == True tags: - initial-install - tool-install ### Find versions with: gsutil ls -al gs://anthos-baremetal-release/bmctl - name: Install Anthos Bare Metal CLI shell: | gsutil cp gs://anthos-baremetal-release/bmctl/{{ bmctl_version }}/linux-amd64/bmctl {{ tools_base_path }} chmod a+x {{ tools_base_path }}/bmctl mv {{ tools_base_path }}/bmctl /usr/local/bin/bmctl bmctl version exit $? args: creates: /usr/local/bin/bmctl executable: /bin/bash environment: PATH: "{{ tools_base_path }}/google-cloud-sdk/bin:{{ ansible_env.PATH }}" tags: - initial-install - tool-install - name: Adding k9s utility to machine (optional, but recommended) ansible.builtin.unarchive: src: https://github.com/derailed/k9s/releases/download/{{ k9s_version }}/k9s_Linux_x86_64.tar.gz dest: /usr/local/bin remote_src: yes ignore_errors: true tags: - optional - tool-install ### Install virtctl via bmctl (keeps this up-to-date without explicit downloading) - name: Install virtctl command: cmd: "bmctl install virtctl" args: creates: /usr/bin/kubectl-virt chdir: "{{ tools_base_path }}" environment: PATH: "{{ tools_base_path }}/google-cloud-sdk/bin:{{ ansible_env.PATH }}" tags: - optional - tool-install