--- - name: Configure system for running OpenStack Ansible hosts: "{{ host }}" become: true handlers: - import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" tasks: - name: Loading Variables from OS Common import_tasks: tasks/common_vars.yml - name: Disable Firewalld ansible.builtin.systemd: name: firewalld.service masked: yes enabled: no force: yes state: stopped tags: services - name: Set SELinux to permissive ansible.posix.selinux: policy: targeted state: disabled tags: services - name: Ensure packages are upgraded ansible.builtin.dnf: name: "*" state: latest tags: packages - name: Generate SSH key block: - name: Create ssh key for root ansible.builtin.user: name: root generate_ssh_key: yes ssh_key_bits: 4096 ssh_key_file: .ssh/id_rsa register: sshkey_register tags: sshkey - name: fetch_keys tags: sshkey fetch: src: "~/.ssh/id_rsa.pub" dest: "files/buffer/infra-id_rsa.pub" flat: yes when: sshkey_register.ssh_public_key != "" register: sshkey_fetch when: tag.find("infra") != -1 and name == "infra1" tags: - infra - sshkey - name: Disable SSH Agent Forwarding lineinfile: dest: /etc/ssh/sshd_config regexp: '^.*AllowAgentForwarding' line: 'AllowAgentForwarding no' tags: services notify: - restart_sshd - name: Copy interface.sh script to host ansible.builtin.copy: src: 'files/interfaces.sh' dest: '/root/interfaces.sh' mode: 0744 owner: 'root' group: 'root' when: not aio_install tags: - interfaces - name: Generate ifcfg files shell: /root/interfaces.sh args: chdir: /etc/sysconfig/network-scripts/ creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt when: not aio_install tags: - interfaces - name: Setup Infra Nodes block: - name: Install packages ansible.builtin.dnf: name: - git-core - wget #- python36 - chrony - openssh-server #- python3-devel - sudo state: latest tags: packages - name: Clone repository ansible.builtin.git: #repo: https://opendev.org/openstack/openstack-ansible.git repo: https://review.opendev.org/openstack/openstack-ansible #single_branch: yes dest: /opt/openstack-ansible version: 'master' tags: repos - name: fetch patch ansible.builtin.shell: 'git fetch https://review.opendev.org/openstack/openstack-ansible refs/changes/73/823573/5 && git checkout FETCH_HEAD' args: chdir: /opt/openstack-ansible/ - name: Create ssh key for root ansible.builtin.user: name: root generate_ssh_key: yes ssh_key_bits: 4096 ssh_key_file: .ssh/id_rsa register: sshkey_register tags: sshkey - name: fetch_keys tags: sshkey fetch: src: "~/.ssh/id_rsa.pub" dest: "files/buffer/infra-id_rsa.pub" flat: yes when: sshkey_register.ssh_public_key != "" register: sshkey_fetch when: tag.find("infra") != -1 or aio_install tags: infra - name: Install packages on non-infra hosts when: tag.find("infra") == -1 or aio_install ansible.builtin.dnf: name: - iputils - lsof - openssh-server - sudo - tcpdump - python3 state: latest post_tasks: - name: Copy key to others ansible.posix.authorized_key: user: root state: present key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}" when: tag.find("infra") == -1 and sshkey_fetch tags: sshkey - name: Disable cloud init from future runs file: path: /etc/cloud/cloud-init.disabled state: touch mode: '0644' owner: root group: root - name: Touching run file that ansible has ran here file: path: /var/log/ansible.run state: touch mode: '0644' owner: root group: root ...