IPA Client Teardown
This is a configuration template (i.e. an Ansible Playbook) to customize your environment in the European Weather Cloud (EWC).
The template is designed to run on an existing virtual machine, running an IPA client previously enrolled in your IPA server, such that it:
- Checks if a
terraform.tfstatestate file for the target instance is available under the user-defined directory - Requests configuration changes to said IPA server for:
- Stopping user authentication/authorization management (LDAP) to target instance
- Deletion of IPA server-internal DNS records referencing the target instance machine, if and when found
- Teardown the target instance and any attached volumes or IP addresses.
After successful teardown, you can take advantage of Terraform built-in functionality to safely re-provision the instance from scratch.
To learn the basics about managing infrastructure with Terraform, checkout the official documentation examples.
Prerequisites
💡 Versions listed correspond to minimal prerequisites.
To successfully run this playbook, the following packages should be available in your work environment:
| Name | Version | License | Home URL |
|---|---|---|---|
| git | 2.0 | GPLv2 | https://git-scm.com/downloads |
| python | 3.9 | PSF | https://www.python.org/downloads |
| ansible | 2.15 | GPLv3+ | https://pypi.org/project/ansible |
| terraform | 0.14 | BSL | https://developer.hashicorp.com/terraform/install |
Usage
1. Download Ansible dependencies
💡 By default, Ansible Roles are installed under the
~/.ansible/rolesdirectory within your working environment.
Download the correct version of the Ansible dependencies, if you haven't done so already:
ansible-galaxy role install -r requirements.yml
2. Configure and apply the template
2.1. Interactive Mode
By running the following command, you can trigger an interactive session that prompts you for the necessary user inputs, and then applies changes to your target EWC environment:
ansible-playbook ipa-client-teardown.yml
2.2. Non-Interactive Mode
💡 To learn more about defining variables at runtime, checkout the official Ansible documentation.
You can also run in non-interactive mode by passing the
--extra-vars or -e flag, followed by a map of key-value pairs; one for
each and every available input (see inputs section below). For example:
ansible-playbook \
-e '{
"tf_project_path": "~/iac/ipa-client-1",
"private_keypair_path": "~/.ssh/id_rsa",
"ipa_domain": "eumetsat.sandbox.ewc",
"ipa_server_hostname": "ipa-server-1",
"ipa_admin_username": "iapadmin",
"ipa_admin_password": "my-secret-password"
}' \
ipa-client-teardown.yml
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| tf_project_path | path to terraform working directory. Example: ~/iac/ipa-client-1 |
string |
n/a | yes |
| private_keypair_path | path to the local private keypair to use for SSH access to the instance. Example: ~/.ssh/id_rsa |
string |
n/a | yes |
| ipa_domain | domain name managed by the IPA server. Example: eumetsat.sandbox.ewc |
string |
n/a | yes |
| ipa_server_hostname | hostname of the IPA server. Example: ipa-server-1 |
string |
n/a | yes |
| ipa_admin_username | username of the administrator account from the IPA server | string |
n/a | yes |
| ipa_admin_password | password of the administrator account from the IPA server | string |
n/a | yes |
Dependencies
| Name | Version | License | Home URL |
|---|---|---|---|
| ewc-tf-module-openstack-compute | 1.4 | MIT | https://github.com/ewcloud/ewc-tf-module-openstack-compute |
| ewc-ansible-role-ipa-client-disenroll | 1.0 | MIT | https://github.com/ewcloud/ewc-ansible-role-ipa-client-disenroll |