{"id":51012880,"url":"https://github.com/kenmoini/grain-tower","last_synced_at":"2026-06-21T05:31:05.862Z","repository":{"id":64402893,"uuid":"404099997","full_name":"kenmoini/grain-tower","owner":"kenmoini","description":"A collection of Ansible content for bootstrapping different resources in and out of RHPDS/RHOE/RTO environments","archived":false,"fork":false,"pushed_at":"2023-01-23T00:29:41.000Z","size":149,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2023-03-24T11:44:04.223Z","etag":null,"topics":["ansible","freeipa","gitlab","openshift"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kenmoini.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-09-07T19:31:14.000Z","updated_at":"2023-03-05T07:22:47.000Z","dependencies_parsed_at":"2023-02-12T19:16:11.018Z","dependency_job_id":null,"html_url":"https://github.com/kenmoini/grain-tower","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"purl":"pkg:github/kenmoini/grain-tower","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenmoini%2Fgrain-tower","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenmoini%2Fgrain-tower/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenmoini%2Fgrain-tower/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenmoini%2Fgrain-tower/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kenmoini","download_url":"https://codeload.github.com/kenmoini/grain-tower/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenmoini%2Fgrain-tower/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34596046,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-21T02:00:05.568Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","freeipa","gitlab","openshift"],"created_at":"2026-06-21T05:31:05.772Z","updated_at":"2026-06-21T05:31:05.853Z","avatar_url":"https://github.com/kenmoini.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Grain Tower - Seed for your Ansible Tower\n\n\u003e This repo should be considered to be archived and no longer receiving updates - patch PRs are welcome.\n\nThis repository provides quickstart automation with Ansible with little setup.\n\nThe intended environment is Red Hat Open Environments, AWS in most cases.  For IBM Cloud there's [Blue Forge](https://github.com/kenmoini/blue-forge).\n\nWith little more than a set of AWS Keys and Machine/SSH Credentials you can deploy a number of workloads such as:\n\n- A Bastion Host!\n- Red Hat Identity Management\n- GitLab\n- Red Hat OpenShift Container Platform, via the Bastion Host\n\n---\n\n## General Prerequisites\n\n## AWS Keys\n\nSince we're deploying resources in AWS, you'll need an AWS Access Key ID and Secret Pair - if you've requested the RHOE AWS catalog item, you'll receive this Access Key and Secret via email.\n\nYour AWS Keys are usually stored in `~/.aws/credentials` that looks like this:\n\n```\n; https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html\n[default]\naws_access_key_id     = AKISOMESTRING\naws_secret_access_key = someLongerString\n```\n\n### SSH Key Pair\n\nYou'll need an SSH Key Pair - if you don't already have one, create a set via the following command: `ssh-keygen -t rsa -b 4096`\n\nThe Private Key is secret and will be used to actually connect to created VMs, the Public Key will be passed along to the Playbooks and to AWS to create AWS EC2 Keys from.\n\n### OpenShift Pull Secret\n\nIf deploying an OpenShift cluster, you'll need an OpenShift Pull Secret: https://console.redhat.com/openshift/install/pull-secret\n\nStore it in `~/rh-ocp-pull-secret.json`\n\n---\n\n## Getting Started\n\nThe primary entry point of this automation collection is via `./deploy.yaml` or `./destroy.yaml` and a set of variable definitions to control what workloads are being deployed in tandem.\n\n## Using via Ansible CLI\n\n### Install the Ansible Collections \u0026 Pip Modules\n\nIf this is your first time running these Playbooks then you'll likely need to install the Ansible Collections and Pip Python Modules on your terminal:\n\n```bash=\n# Install the pip modules\npython3 -m pip install --upgrade -r requirements.txt\n\n# Install the reqiuired Ansible Collections\nansible-galaxy collection install -r ./collections/requirements.yml\n```\n\n### Creating the secret variable file\n\nWith your AWS keys in place and an SSH Key Pair at hand, you can create a file called `secret-vars.yaml` where you can include variable overrides - see `example.secret-vars.yaml` for standard variables used.\n\n```bash\n# secret-vars.yaml is in .gitignore so copy the example over to there to modify\ncp example.secret-vars.yaml secret-vars.yaml\n# modify the file\nvi secrets-vars.yaml\n# or\nnano secrets-vars.yaml\n```\n\nYou could go a step futher and even encrypt this `secret-vars.yaml` file with Ansible Vault: `ansible-vault encrypt secret-vars.yaml` and then run the playbook with the `--ask-vault-pass`.\n\n### Running the Playbooks\n\nNext you'll run the Deploy Playbook with that variable file:\n\n```bash\nansible-playbook -e \"@secret-vars.yaml\" deploy.yaml\n```\n\n---\n\n## Using in Ansible Tower\n\n### 1. Create a Project\n\nAll things start with a Project in Ansible Tower - create a new Project with this repo as a source: https://github.com/kenmoini/grain-tower\n\n### 2. Create your Machine Credentials\n\nTake your Private Key and create a new Machine type Credential in Ansible Tower\n\n### 3. Create your AWS Credentials\n\nNext, create your AWS type Credentials in Ansible Tower.\n\n### 4. Create a localhost Inventory\n\nYou'll need an Inventory for the local Ansible Tower host without using SSH credentials - in the Inventory Extra Variables, provide the following:\n\n```yaml\n---\nconnection: local\nansible_connection: local\nansible_python_interpreter: /usr/bin/python\n```\n\nMake a Host with the Hostname `localhost` and those same Extra Variables.\n\n### 5. Create the Job Template\n\nWith the Credentials, Inventory, and Project setup and synced, you can now create a Job Template to deploy the various workloads.\n\n- Give it a Name, something like `Grain Tower - Deploy Workloads to RHOE AWS`\n- Set the Inventory to the localhost Inventory\n- Select the Project\n- Choose the `deploy.yaml` Playbook (unless making individual Job Templates for each workload, extra work and not able to compose as Workflow Jobs due to Credential substitution limitations)\n- Check the \"Prompt On Launch\" checkboxes for Credentials and Extra Variables\n- In the Extra Variables section, you can provide the same variables as demonstrated in `example.secret-vars.yaml` to override the executed Playbook defaults.  Any other variables can also be overriden here\n- Optionally, instead of simply defining all Extra Variables to compose the deployment, set them as Survey inputs to be set by the executing user\n\nIdeally there's a healthy split of Extra Variables defined, and Survey inputs - this is a suggested Extra Variables baseline:\n\n```yaml\n---\nshared_public_key: \"{{ lookup('file', '~/.ssh/id_rsa.pub') }}\"\nbastion_ec2_keypair: \"{{ shared_public_key }}\"\ngitlab_ec2_keypair: \"{{ shared_public_key }}\"\nidm_ec2_keypair: \"{{ shared_public_key }}\"\nocp_ssh_public_key: \"{{ shared_public_key }}\"\nkeystone_ssh_public_key: \"{{ shared_public_key }}\"\n# Variable overrides needed for OCP cluster deployment:\n#ocp_pull_secret: \"{{ lookup('file', '~/rh-ocp-pull-secret.json') }}\"\n#target_aws_access_key: \"{{ lookup('ansible.builtin.ini', 'aws_access_key_id', section='default', file='~/.aws/credentials') }}\"\n#target_aws_access_secret: \"{{ lookup('ansible.builtin.ini', 'aws_secret_access_key', section='default', file='~/.aws/credentials') }}\"\n```\n\n*It'd be much better to Vault them and/or use GitOps.*\n\nAnd then set up a Survey to prompt for the `shared_public_key` variable, and the true/false values for workload deployments.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkenmoini%2Fgrain-tower","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkenmoini%2Fgrain-tower","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkenmoini%2Fgrain-tower/lists"}