Open loudonlune opened 1 year ago
@bencourliss @naphelps @dlarson04 FYI ... these Ansible playbook files will help with user management, all-in-one hub installation and updates, and in theory, agent installation. Hopefully we'll get a PR to start testing within a week. Any requirements or expectations? For example ... when managing user accounts, should it be able to re-create them from a configuration, or would we expect to only add them interactively one at a time so that passwords are not stored in a file? Or should we be using Ansible Secrets for those?
Most of the Ansible facts related to users and other secrets (like vault unseal keys) should be stored in an Ansible vault. When the role generates a new install configuration, it doesn't store the secrets in a vault by default. The user needs to do that step themselves.
The proposed change would add an Ansible playbook and role to install, uninstall, and manage the management hub. This would wrap the existing "deploy-mgmt-hub.sh" script. The Ansible role would also provide utilities to manage organizations and users through the exchange API. The configuration for the Ansible role may be given as an environment file, a YAML document, or as a combination of the two.
Users and orgs will be declared in YAML, and the playbook will ensure that users and groups declared in the file exist when it is run. Users and orgs not present in the file will be cleaned up.
The purpose of this is to enable end users to maintain an inventory of one or more management hub instances in a declarative manner.