ENH: prod scripts

[ZLLentz]

I've rearranged things a bit in advance of using this on production PLCs. In github diff order:

• The host vars are intended to be committed now, and potentially used for customizing configs per-plc.
• The Makefile is relegated to the VM workflows and hopefully works as it did before. This was kind of strange for use on prod PLCs for various reasons, e.g. the single hard-coded IP in a system that can nominally apply itself to many PLC hosts at once. A few edits were made here to match the rest of the changes, but I am not going to go back to testing on VMs for the moment.
• The readme has been updated with the new instructions on setting up a new, real PLC using this repo.
• The inventory and configs are split between VMs and real PLCs (and between hutches, so you can conceivable run on your whole hutch at once). Sensible defaults have been set for real PLCs that are different than the original defaults for VMs.
• The SSH key file has been moved out of the static configs so we can dynamically find it instead, avoiding hard-coded paths to specific home directories.
• plc-tst-bsd has been added to the inventory, in the tst_all group.
• scripts/first_time_setup.sh has been added, which is intended to be used to do the one-time pre-setup for a new PLC. This is intended to be run on exactly one PLC at a time.
• scripts/provision_plcs.sh has been added, which is intended to do the main part of the setup (and also, to re-do the main part of the setup if needed, e.g. in the case of changed settings). This can be run on any single PLC in the inventory or on any defined group all at once, e.g. you could update RIX all at once if you wanted to.
• The playbooks now expect to be given a "target" at runtime, allowing us to decide which PLCs to run on at runtime without hard-coding them into the playbooks. I took "inspiration" from https://stackoverflow.com/questions/18195142/safely-limiting-ansible-playbooks-to-a-single-machine
• The host vars template has been extended with a commented-out version of the defaults, to make it easier to update these on a per-plc basis.

Unsolved mysteries:

• My edits to the ansible config to disable the ssh port sharing

  twincat-bsd-ansible/ansible.cfg

  Lines 6 to 7 in 9f9259f

  	[ssh_connection]
  	ssh_args =

  are no longer needed. I'm not sure if something changed on the cds end or if one of the bsd software updates fixed the incompatibility. I'm sure I'll learn soon enough when I try again on another new PLC.

Hopefully these seem sensible... at this point, I can reasonably hand this off to someone else to try, though a few of the steps are still manual (current struggle documented at https://confluence.slac.stanford.edu/display/~zlentz/TcBSD+Notes). I have a list of specific steps to add to the ansible playbook in future PRs.

[tangkong]

I think this looks good, we chatted about the future plans and I'm pretty excited for what this can unlock. I think it's good to get this in and keep iterating on it

[tangkong]

Why do we uninstall this? For security reasons? I'd expect future updates / playbooks to need pip, naively

Edit: Nominally for security reasons, though this is vestigial and we can loop back to it later

[tangkong]

Which PC Is this? Is this the PC that will be performing future updates? (the "control node"?)

Edit: This is Ken's PC. This bit is vestigial, and we can loop back to it later

[tangkong]

Note from a conversation with Zach, steps 2 and 3 need to be swapped

[tangkong]

Arbitrarily noting this here: It might be worth considering ansible-vault to manage secrets. But that's just an association I made, I'm not convinced yet that it's the right solution