AdvancedLinuxAdmin/ansible/playbooks/init-nodes.yml

190 lines
4.8 KiB
YAML
Raw Normal View History

---
- name: Configure system for running OpenStack Ansible
hosts: "{{ host }}"
become: true
handlers:
- import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Loading Variables from OS Common
import_tasks: tasks/common_vars.yml
- name: Disable Firewalld
ansible.builtin.systemd:
name: firewalld.service
masked: yes
2021-12-30 00:37:01 +00:00
enabled: no
force: yes
state: stopped
2021-12-30 00:54:31 +00:00
tags: services
2021-12-30 00:37:01 +00:00
- name: Set SELinux to permissive
2021-12-30 00:37:01 +00:00
ansible.posix.selinux:
policy: targeted
2022-01-05 21:57:06 +00:00
state: disabled
2021-12-30 00:54:31 +00:00
tags: services
- name: Ensure packages are upgraded
2021-12-30 00:37:01 +00:00
ansible.builtin.dnf:
name: "*"
state: latest
2021-12-30 00:54:31 +00:00
tags: packages
2022-01-05 21:57:06 +00:00
- name: Generate SSH key
block:
- name: Create ssh key for root
ansible.builtin.user:
name: root
generate_ssh_key: yes
ssh_key_bits: 4096
ssh_key_file: .ssh/id_rsa
register: sshkey_register
tags: sshkey
- name: fetch_keys
tags: sshkey
fetch:
src: "~/.ssh/id_rsa.pub"
dest: "files/buffer/infra-id_rsa.pub"
flat: yes
when: sshkey_register.ssh_public_key != ""
register: sshkey_fetch
when: tag.find("infra") != -1 and name == "infra1"
2022-01-05 21:57:06 +00:00
tags:
- infra
- sshkey
2021-12-30 00:37:01 +00:00
- name: Disable SSH Agent Forwarding
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^.*AllowAgentForwarding'
line: 'AllowAgentForwarding no'
2021-12-30 00:54:31 +00:00
tags: services
2021-12-30 00:37:01 +00:00
notify:
- restart_sshd
- name: Copy interface.sh script to host
ansible.builtin.copy:
src: 'files/interfaces.sh'
dest: '/root/interfaces.sh'
mode: 0744
owner: 'root'
group: 'root'
2022-01-22 23:44:47 +00:00
when: not aio_install
2021-12-30 00:37:01 +00:00
tags:
2021-12-30 00:54:31 +00:00
- interfaces
2021-12-30 00:37:01 +00:00
- name: Generate ifcfg files
shell: /root/interfaces.sh
args:
chdir: /etc/sysconfig/network-scripts/
creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt
when: not aio_install
2021-12-30 00:37:01 +00:00
tags:
- interfaces
- name: Setup Infra Nodes
block:
- name: Install packages
ansible.builtin.dnf:
name:
- git-core
- wget
2022-02-04 01:11:23 +00:00
#- python36
2021-12-30 00:37:01 +00:00
- chrony
- openssh-server
2022-02-04 01:11:23 +00:00
#- python3-devel
2021-12-30 00:37:01 +00:00
- sudo
state: latest
2021-12-30 00:54:31 +00:00
tags: packages
2021-12-30 00:37:01 +00:00
- name: Clone repository
ansible.builtin.git:
2022-02-04 01:11:23 +00:00
#repo: https://opendev.org/openstack/openstack-ansible.git
repo: https://review.opendev.org/openstack/openstack-ansible
2021-12-30 00:37:01 +00:00
#single_branch: yes
dest: /opt/openstack-ansible
2022-02-04 01:11:23 +00:00
version: 'master'
2021-12-30 00:54:31 +00:00
tags: repos
2021-12-30 00:37:01 +00:00
2022-02-04 01:11:23 +00:00
- name: fetch patch
ansible.builtin.shell: 'git fetch https://review.opendev.org/openstack/openstack-ansible refs/changes/73/823573/5 && git checkout FETCH_HEAD'
args:
chdir: /opt/openstack-ansible/
- name: Create ssh key for root
ansible.builtin.user:
name: root
generate_ssh_key: yes
ssh_key_bits: 4096
ssh_key_file: .ssh/id_rsa
register: sshkey_register
tags: sshkey
- name: fetch_keys
tags: sshkey
fetch:
src: "~/.ssh/id_rsa.pub"
dest: "files/buffer/infra-id_rsa.pub"
flat: yes
when: sshkey_register.ssh_public_key != ""
register: sshkey_fetch
when: tag.find("infra") != -1 or aio_install
2021-12-30 00:54:31 +00:00
tags: infra
2021-12-30 00:37:01 +00:00
- name: Install packages on non-infra hosts
2022-01-22 23:44:47 +00:00
when: tag.find("infra") == -1 or aio_install
ansible.builtin.dnf:
name:
- iputils
- lsof
- openssh-server
- sudo
- tcpdump
- python3
state: latest
post_tasks:
- name: Copy key to others
ansible.posix.authorized_key:
user: root
state: present
key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}"
when: tag.find("infra") == -1 and sshkey_fetch
tags: sshkey
2021-12-30 00:37:01 +00:00
- name: Disable cloud init from future runs
file:
path: /etc/cloud/cloud-init.disabled
state: touch
mode: '0644'
owner: root
group: root
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...