--- - name: Disable Firewalld ansible.builtin.systemd: name: firewalld.service masked: yes enabled: no force: yes state: stopped tags: services - name: Set SELinux to permissive ansible.posix.selinux: policy: targeted state: disabled tags: services - name: Ensure packages are upgraded ansible.builtin.dnf: name: "*" state: latest tags: packages - name: Generate SSH key block: - name: Create ssh key for root ansible.builtin.user: name: root generate_ssh_key: yes ssh_key_bits: 4096 ssh_key_file: .ssh/id_rsa register: sshkey_register tags: sshkey - name: fetch_keys tags: sshkey fetch: src: "~/.ssh/id_rsa.pub" dest: "files/buffer/infra-id_rsa.pub" flat: yes when: sshkey_register.ssh_public_key != "" register: sshkey_fetch when: tag.find("infra") != -1 and name == "infra1" tags: - infra - sshkey - name: Disable SSH Agent Forwarding lineinfile: dest: /etc/ssh/sshd_config regexp: '^.*AllowAgentForwarding' line: 'AllowAgentForwarding no' tags: services notify: - restart_sshd - name: Copy interface.sh script to host ansible.builtin.copy: src: 'files/interfaces.sh' dest: '/root/interfaces.sh' mode: 0744 owner: 'root' group: 'root' when: aio_install is undefined or not aio_install tags: - interfaces - name: Generate ifcfg files shell: /root/interfaces.sh args: chdir: /etc/sysconfig/network-scripts/ creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt when: aio_install is undefined or not aio_install tags: - interfaces - name: Setup Infra Nodes block: - name: Install packages ansible.builtin.dnf: name: - git-core - wget - chrony - openssh-server #- python3-devel - sudo - patch # temporary state: latest tags: packages - name: Clone repository ansible.builtin.git: #repo: https://opendev.org/openstack/openstack-ansible.git repo: https://review.opendev.org/openstack/openstack-ansible #single_branch: yes dest: /opt/openstack-ansible version: 'master' tags: repos - name: fetch patch ansible.builtin.shell: 'git fetch https://review.opendev.org/openstack/openstack-ansible refs/changes/73/823573/8 && git checkout FETCH_HEAD' args: chdir: /opt/openstack-ansible/ - name: Create ssh key for root ansible.builtin.user: name: root generate_ssh_key: yes ssh_key_bits: 4096 ssh_key_file: .ssh/id_rsa register: sshkey_register tags: sshkey - name: fetch_keys tags: sshkey fetch: src: "~/.ssh/id_rsa.pub" dest: "files/buffer/infra-id_rsa.pub" flat: yes when: sshkey_register.ssh_public_key != "" register: sshkey_fetch when: tag.find("infra") != -1 or aio_install | default(false) tags: infra - name: Install packages on non-infra hosts when: tag.find("infra") != -1 or aio_install | default(false) ansible.builtin.dnf: name: - iputils - lsof - openssh-server - sudo - tcpdump - python3 state: latest - name: Copy key to others ansible.posix.authorized_key: user: root state: present key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}" when: tag.find("infra") == -1 and sshkey_fetch | default(false) tags: sshkey #- name: Setup a hosts file for the static deployment # ansible.builtin.lineinfile: # dest: /etc/hosts # line: "{{ hostvars[ansible_fqdn]['ansible_br_mgmt']['ipv4']['address'] }} {{ ansible_hostname }}" # when: # - hostvars[ansible_fqdn]['ansible_br_mgmt'] is defined # - hostvars[ansible_fqdn]['ansible_br_mgmt']['ipv4']['address'] is defined # tags: debug123 - name: Disable cloud init from future runs file: path: /etc/cloud/cloud-init.disabled state: touch mode: '0644' owner: root group: root ...