From 54d396ebf1361a9abbad5544c1d798facf262fd9 Mon Sep 17 00:00:00 2001
From: Neil Hanlon <neil@rockylinux.org>
Date: Sat, 15 Jan 2022 15:56:13 -0500
Subject: [PATCH] don't run iface script on aio, make sure ssh is configured.

---
 ansible/playbooks/init-nodes.yml      |  3 ++-
 ansible/playbooks/role-infra-host.yml | 10 +++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/ansible/playbooks/init-nodes.yml b/ansible/playbooks/init-nodes.yml
index 2d658dd..a495fa2 100644
--- a/ansible/playbooks/init-nodes.yml
+++ b/ansible/playbooks/init-nodes.yml
@@ -94,6 +94,7 @@
       args:
         chdir: /etc/sysconfig/network-scripts/
         creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt
+      when: not aio_install
       tags:
         - interfaces
 
@@ -137,7 +138,7 @@
           when: sshkey_register.ssh_public_key != ""
           register: sshkey_fetch
 
-      when: tag.find("infra") != -1
+      when: tag.find("infra") != -1 or aio_install
       tags: infra
 
 
diff --git a/ansible/playbooks/role-infra-host.yml b/ansible/playbooks/role-infra-host.yml
index cb5f65d..cce1dbc 100644
--- a/ansible/playbooks/role-infra-host.yml
+++ b/ansible/playbooks/role-infra-host.yml
@@ -99,7 +99,15 @@
         mode: '0644'
       with_items:
         - user_lxc
-        - user_galera
+
+    - name: Disable SSH Agent Forwarding
+      lineinfile:
+        dest: /etc/ssh/sshd_config
+        regexp: '^.*AllowAgentForwarding'
+        line: 'AllowAgentForwarding no'
+      tags: services
+      notify:
+        - restart_sshd
 
 
     - name: Check playbooks