controller test

deployment/02_deploy_to_controller/ansible.cfg

@@ -1,7 +1,7 @@
 [defaults]
 inventory = inventory/hosts.ini
 remote_user = ubuntu
-private_key_file = ~/.ssh/keys/id_admin_CS553
+private_key_file = ../../keys/EC2 instance temp.pem
 host_key_checking = False
 
 [privilege_escalation]

deployment/02_deploy_to_controller/inventory/hosts.ini

@@ -1,2 +1,2 @@
 [ec2_instance]
-controler1 ansible_host=3.141.197.138
+controler1 ansible_host=34.238.170.248

deployment/02_deploy_to_controller/playbooks/install_tailscale.yml

@@ -1,30 +0,0 @@
----
-- name: Install and configure Tailscale
-  hosts: all
-  become: yes
-  vars_files:
-    - ../vars/secrets.yml
-
-  tasks:
-    - name: Add Tailscale GPG key
-      apt_key:
-        url: https://pkgs.tailscale.com/stable/ubuntu/focal.gpg
-        state: present
-
-    - name: Add Tailscale repository
-      apt_repository:
-        repo: deb https://pkgs.tailscale.com/stable/ubuntu focal main
-        state: present
-        filename: tailscale
-
-    - name: Install Tailscale
-      apt:
-        name: tailscale
-        state: present
-        update_cache: yes
-
-    - name: Run tailscale up with pre-authentication
-      command: tailscale up --authkey={{ vault_tailscale_authkey }}
-      register: tailscale_result
-      changed_when: "'Success' in tailscale_result.stdout"
-

deployment/02_deploy_to_controller/playbooks/main.yml

@@ -1,44 +1,199 @@
 ---
-- name: Setup AWS EC2 instance
-  hosts: ec2_instance
+- name: Set up Controller Server
+  hosts: all
   become: yes
   vars_files:
     - ../vars/secrets.yml
 
   tasks:
+    - name: Update apt cache
+      apt:
+        update_cache: yes
+      become: yes
+
+    - name: Install required packages
+      apt:
+        name: 
+          - apt-transport-https
+          - ca-certificates
+          - curl
+          - gnupg
+          - git
+          - ansible
+        state: present
+      become: yes
+
+    - name: Check if Tailscale GPG key exists
+      stat:
+        path: /usr/share/keyrings/tailscale-archive-keyring.gpg
+      register: tailscale_key
+
+    - name: Download Tailscale GPG key
+      get_url:
+        url: https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg
+        dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
+        mode: '0644'
+      become: yes
+      when: not tailscale_key.stat.exists
+
+    - name: Add Tailscale repository
+      ansible.builtin.apt_repository:
+        repo: deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/ubuntu jammy main
+        state: present
+        filename: tailscale
+      become: yes
+
+    - name: Update apt cache again
+      apt:
+        update_cache: yes
+      become: yes
+
     - name: Install Tailscale
-      include_tasks: install_tailscale.yml
+      apt:
+        name: tailscale
+        state: present
+      become: yes
+
+    - name: Check Tailscale status
+      command: tailscale status
+      register: tailscale_status
+      changed_when: false
+      ignore_errors: yes
+
+    - name: Run tailscale up with pre-authentication
+      command: tailscale up --authkey={{ tailscale_authkey }}
+      register: tailscale_result
+      changed_when: "'Success' in tailscale_result.stdout"
+      become: yes
+      when: tailscale_status.rc != 0 or 'Tailscale is stopped' in tailscale_status.stdout
 
-    - name: Setup Ansible
-      include_tasks: setup_ansible.yml
+    - name: Check if repository exists
+      stat:
+        path: /opt/CS_553
+      register: repo_check
 
-    - name: Clone Git repository
+    - name: Remove existing repository if it exists
+      file:
+        path: /opt/CS_553
+        state: absent
+      become: yes
+      when: repo_check.stat.exists
+
+    - name: Clone the Git repository
       git:
         repo: 'https://github.com/jake-molnia/CS_553'
-        dest: /home/ubuntu/CS_553
+        dest: /opt/CS_553
         version: main
+      become: yes
 
-    - name: Run initial SSH configuration script
-      script: ../scripts/initial_ssh_config.sh
+    - name: Set permissions for the cloned repository
+      file:
+        path: /opt/CS_553
+        owner: ubuntu
+        group: ubuntu
+        mode: '0755'
+        recurse: yes
+      become: yes
 
-    - name: Connect using Tailscale
-      command: tailscale up --authkey "{{ tailscale_authkey }}"
+    - name: Ensure .ssh directory exists
+      file:
+        path: /home/ubuntu/.ssh
+        state: directory
+        owner: ubuntu
+        group: ubuntu
+        mode: '0700'
+      become: yes
 
-    - name: Copy vault password file to EC2 instance
+    - name: Copy ED25519 private SSH key from vault
       copy:
-        src: ../../.secrets/password.txt
-        dest: /home/ubuntu/vault_password.txt
+        content: "{{ vault_ssh_private_key }}"
+        dest: /home/ubuntu/.ssh/id_ed25519
+        owner: ubuntu
+        group: ubuntu
         mode: '0600'
+      become: yes
 
-    - name: Run Ansible playbook for app deployment
+    - name: Ensure correct permissions on ED25519 key
+      file:
+        path: /home/ubuntu/.ssh/id_ed25519
+        owner: ubuntu
+        group: ubuntu
+        mode: '0600'
+      become: yes
+
+    - name: Ensure SSH config file exists
+      file:
+        path: /home/ubuntu/.ssh/config
+        state: touch
+        owner: ubuntu
+        group: ubuntu
+        mode: '0600'
+      become: yes
+
+    - name: Add turing.wpi.edu to SSH config
+      blockinfile:
+        path: /home/ubuntu/.ssh/config
+        block: |
+          Host turing.wpi.edu
+            User jrmolnia
+            Hostname turing.wpi.edu
+            IdentityFile ~/.ssh/id_ed25519
+        marker: "# {mark} ANSIBLE MANAGED BLOCK FOR TURING"
+      become: yes
+      become_user: ubuntu
+
+    - name: Add app server to SSH config
+      blockinfile:
+        path: /home/ubuntu/.ssh/config
+        block: |
+          Host app
+            Port 22018
+            Hostname paffenroth-23.dyn.wpi.edu
+            IdentityFile ~/.ssh/id_ed25519
+        marker: "# {mark} ANSIBLE MANAGED BLOCK FOR APP SERVER"
+      become: yes
+      become_user: ubuntu
+
+    - name: Check if initial setup script has been run
+      stat:
+        path: /home/ubuntu/.initial_setup_complete
+      register: setup_check
+
+    - name: Run initial setup shell script with Tailscale key
       command: >
-        ansible-playbook -i /home/ubuntu/CS_553/01_deploy_to_app/inventory/hosts.ini 
-        /home/ubuntu/CS_553/01_deploy_to_app/playbooks/main.yml
-        --vault-password-file /home/ubuntu/vault_password.txt
+        /opt/CS_553/deployment/02_deploy_to_controller/scripts/initial_ssh_config.sh -k {{ tailscale_authkey }}
       args:
-        chdir: /home/ubuntu/CS_553/01_deploy_to_app
+        chdir: /opt/CS_553/deployment/02_deploy_to_controller
+      become: yes
+      become_user: ubuntu
+      when: not setup_check.stat.exists
 
-    - name: Remove vault password file
+    - name: Ensure .ansible directory exists
       file:
-        path: /home/ubuntu/vault_password.txt
-        state: absent
+        path: /home/ubuntu/.ansible
+        state: directory
+        owner: ubuntu
+        group: ubuntu
+        mode: '0700'
+      become: yes
+
+    - name: Copy vault password file from local machine
+      copy:
+        src: /path/to/local/vault_password.txt
+        dest: /home/ubuntu/.ansible/vault_password.txt
+        owner: ubuntu
+        group: ubuntu
+        mode: '0600'
+      become: yes
+
+    - name: Run Ansible playbook for app server setup
+      command: >
+        ansible-playbook -i inventory/hosts.ini 
+        playbooks/main.yml 
+        --vault-password-file /home/ubuntu/.ansible/vault_password.txt
+      args:
+        chdir: /opt/CS_553/deployment/01_deploy_to_app
+      become: yes
+      become_user: ubuntu
+      environment:
+        ANSIBLE_CONFIG: /opt/CS_553/deployment/01_deploy_to_app/ansible.cfg

deployment/02_deploy_to_controller/playbooks/setup_ansible.yml

@@ -1,16 +0,0 @@
-- name: Setup Ansible
-  block:
-    - name: Install Ansible and dependencies
-      apt:
-        name:
-          - ansible
-          - git
-          - python3-pip
-        state: present
-        update_cache: yes
-    - name: Install required Python packages
-      pip:
-        name:
-          - boto3
-          - botocore
-        state: present

deployment/02_deploy_to_controller/scripts/initial_ssh_config.sh

@@ -1,5 +1,75 @@
 #!/bin/bash
-ssh -i /path/to/your/private_key.pem ec2-user@paffenroth-23.dyn.wpi.edu <<EOF
-  # Change key (you need to provide the actual commands here)
-  # Install Tailscale (you need to provide the actual commands here)
+
+# Function to handle errors
+handle_error() {
+  echo "Error: $1"
+  exit 1
+}
+
+# Function to display usage information
+usage() {
+  echo "Usage: $0 -k <tailscale_auth_key>"
+  echo "  -k    Tailscale authentication key"
+  exit 1
+}
+
+# Parse command line arguments
+while getopts "k:" opt; do
+  case $opt in
+  k) TAILSCALE_KEY="$OPTARG" ;;
+  *) usage ;;
+  esac
+done
+
+# Check if Tailscale key is provided
+if [ -z "$TAILSCALE_KEY" ]; then
+  usage
+fi
+
+# Function to test SSH connection
+test_ssh_connection() {
+  ssh -o BatchMode=yes -o ConnectTimeout=5 -J turing.wpi.edu app echo "SSH connection successful" >/dev/null 2>&1
+}
+
+# Backup the existing authorized_keys file
+ssh -i /opt/CS_553/keys/student-admin-key -J turing.wpi.edu app <<EOF || handle_error "Failed to backup authorized_keys"
+    cp ~/.ssh/authorized_keys ~/.ssh/authorized_keys.bak || handle_error "Failed to create backup of authorized_keys"
+    echo "Backup of authorized_keys created"
 EOF
+
+# Update authorized_keys file with the new key while keeping existing keys
+ssh -i /opt/CS_553/keys/student-admin-key -J turing.wpi.edu app <<EOF || handle_error "Failed to update authorized_keys"
+    NEW_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARTYgwoPW+VpBofWGYuHIldh18EUo42PHF/e08Dzcyp admin key CS553"
+    if ! grep -q "\$NEW_KEY" ~/.ssh/authorized_keys; then
+        echo "\$NEW_KEY" >> ~/.ssh/authorized_keys || handle_error "Failed to append new key to authorized_keys"
+    fi
+    chmod 600 ~/.ssh/authorized_keys || handle_error "Failed to set permissions on authorized_keys"
+    echo "authorized_keys updated successfully"
+EOF
+
+# Test the SSH connection with the new key
+if test_ssh_connection; then
+  echo "SSH connection with new key successful"
+else
+  echo "SSH connection with new key failed. Restoring backup..."
+  ssh -i /opt/CS_553/keys/student-admin-key -J turing.wpi.edu app <<EOF || handle_error "Failed to restore authorized_keys backup"
+        cp ~/.ssh/authorized_keys.bak ~/.ssh/authorized_keys || handle_error "Failed to restore backup of authorized_keys"
+        chmod 600 ~/.ssh/authorized_keys || handle_error "Failed to set permissions on restored authorized_keys"
+        echo "Backup of authorized_keys restored"
+EOF
+  handle_error "SSH connection test failed. Original authorized_keys restored."
+fi
+
+# Install Tailscale and set up with provided key
+ssh -J turing.wpi.edu app <<EOF || handle_error "Failed to set up Tailscale"
+    # Install Tailscale
+    curl -fsSL https://tailscale.com/install.sh | sh || handle_error "Failed to install Tailscale"
+
+    # Run Tailscale with the provided auth key
+    sudo tailscale up --authkey "$TAILSCALE_KEY" || handle_error "Failed to run Tailscale"
+
+    echo "Tailscale setup completed successfully"
+    exit
+EOF
+
+echo "Script completed successfully"

deployment/02_deploy_to_controller/vars/secrets.yml

@@ -1,10 +1,32 @@
 $ANSIBLE_VAULT;1.1;AES256
-32313364663065623531616639356230653438393737303765313835623165623536313630313134
-3265653332636634633864316661623463346633623965380a343161313331396535383034636161
-37373538666530663162383231663437623939343064376435393734343333623734613331643639
-3565653333663436350a383736383462303739383738623336333636303533393935373666353133
-64393235656465383662316161623034383230353766356264376332323938316261313032346164
-34656266336665313434383862303739363766336363313931393133313366393065386136306531
-62636536376136653961653235366537336233633162306533326564663138353330336330643532
-36373162306161373336333966666135353136376537623237623465313365336538393261376233
-6435
+32356435633365366531643665366233363439303333336631616536633863623930643832376466
+3163656465663561656366633633633664373038656437630a373565653666623932343131666163
+30316135353237633132336334666165623235336466316461636564316139323264333139643539
+6466356163663936360a336665653638626536636562326532623037393463333264386234323939
+32613262623131346536363731326431353364393164383163616637373135353730356565623836
+38363438643131623230343432666133653336626665643365633935383831643635393264633465
+38363833313166346165616638363430383139356332303139653962643961623266343965383031
+36306634336132633336323863633136326133336362356365363038366662636232663737363334
+65633933663334323366333330353538316166373566626535356334306639336339333734666337
+38386431366661663239366533383732343361323137323235636337316261383536333165633366
+65333238356638356634303061353733383535636139326134633230313333643639306463373733
+31316165363230356334316433326538316636656239323662313438306161353462333066396661
+37383934333265316630663265643862343462643563646663663865666462666632646264346566
+39633661623434656563376564343165306234626137306431393665376338636339643464653261
+32616636326161396430633739653232383464656538393434396430366239383963373034363233
+30303966633363333137303934383038646266326332393630653734613430316433353864303834
+62353262396138316239326465633638363637326635353261663861373432376364366164623339
+30363463636266613930333539333761356531316431623161626338313361613833323731353361
+36383130376335656237353939633136666665636631343961333437333536343131393237643331
+62623131313437653332346238303361316566313066636439313732633766313930393262666336
+62616633343138653038626464653466356131323831306461666536643063306461343730343663
+38383365306331356165343233353865343935323137333236323439343137343834646638356138
+34636535363861646135326136623661623130336338313735636134656261366631316532333532
+32626237323233323831376539366433633761653532633838373662366433303265343138636365
+36393831623836333033343039323836633632623461333730653438366533313564653738383134
+36353166373239633463333962386235363235633234333361356131323363343439336565623332
+33613766626365303963376335393962643363383665323032636237643431356435653863373930
+31373831363366643738623330316261336366666431646632383239613938363239336531343166
+66396161653265363864323233646139316461646263633764666364313633316465386461663965
+63343830346436306533343264346238623634616135373037366434613737323137653866653434
+303136663233333161366664386533316462