148 lines
3.3 KiB
YAML
148 lines
3.3 KiB
YAML
---
|
|
- name: Disable Firewalld
|
|
ansible.builtin.systemd:
|
|
name: firewalld.service
|
|
masked: true
|
|
enabled: false
|
|
force: true
|
|
state: stopped
|
|
tags: services
|
|
|
|
- name: Set SELinux to permissive
|
|
ansible.posix.selinux:
|
|
policy: targeted
|
|
state: disabled
|
|
tags: services
|
|
|
|
- name: Ensure packages are upgraded
|
|
ansible.builtin.dnf:
|
|
name: "*"
|
|
state: latest
|
|
tags: packages
|
|
|
|
- name: remove curl
|
|
ansible.builtin.dnf:
|
|
name: "curl"
|
|
state: absent
|
|
tags: packages
|
|
|
|
- name: add curl-minimal
|
|
ansible.builtin.dnf:
|
|
name: "curl-minimal"
|
|
state: latest
|
|
tags: packages
|
|
|
|
- name: Generate SSH key
|
|
block:
|
|
- name: Create ssh key for root
|
|
ansible.builtin.user:
|
|
name: root
|
|
generate_ssh_key: true
|
|
ssh_key_bits: 4096
|
|
ssh_key_file: .ssh/id_rsa
|
|
register: sshkey_register
|
|
tags: sshkey
|
|
|
|
- name: fetch_keys
|
|
tags: sshkey
|
|
fetch:
|
|
src: "~/.ssh/id_rsa.pub"
|
|
dest: "files/buffer/infra-id_rsa.pub"
|
|
flat: true
|
|
when: sshkey_register.ssh_public_key != ""
|
|
register: sshkey_fetch
|
|
|
|
when: tag.find("infra") != -1 and name == "infra1"
|
|
tags:
|
|
- infra
|
|
- sshkey
|
|
|
|
- name: Disable SSH Agent Forwarding
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '^.*AllowAgentForwarding'
|
|
line: 'AllowAgentForwarding no'
|
|
tags: services
|
|
notify:
|
|
- restart_sshd
|
|
|
|
- name: Setup network
|
|
include_tasks: tasks/setup-network.yml
|
|
when: aio_install is undefined or not aio_install # don't run when AIO
|
|
args:
|
|
apply:
|
|
tags: interfaces
|
|
tags:
|
|
- interfaces
|
|
|
|
- name: Setup Infra Nodes
|
|
block:
|
|
- name: Install packages
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- git-core
|
|
- wget
|
|
- chrony
|
|
- openssh-server
|
|
- sudo
|
|
state: latest
|
|
tags: packages
|
|
- name: Clone repository
|
|
ansible.builtin.git:
|
|
repo: https://review.opendev.org/openstack/openstack-ansible
|
|
dest: /opt/openstack-ansible
|
|
version: stable/zed
|
|
# version: 'b958c02eeed355484be12db736ed81a047f7d7c0'
|
|
# refspec: 'refs/changes/81/852181/2'
|
|
|
|
tags: repos
|
|
|
|
- name: Create ssh key for root
|
|
ansible.builtin.user:
|
|
name: root
|
|
generate_ssh_key: true
|
|
ssh_key_bits: 4096
|
|
ssh_key_file: .ssh/id_rsa
|
|
register: sshkey_register
|
|
tags: sshkey
|
|
|
|
- name: fetch_keys
|
|
tags: sshkey
|
|
fetch:
|
|
src: "~/.ssh/id_rsa.pub"
|
|
dest: "files/buffer/infra-id_rsa.pub"
|
|
flat: true
|
|
when: sshkey_register.ssh_public_key != ""
|
|
register: sshkey_fetch
|
|
when: tag.find("infra") != -1 or aio_install | default(false)
|
|
tags: infra
|
|
|
|
- name: Install packages on non-infra hosts
|
|
when: tag.find("infra") != -1 or aio_install | default(false)
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- iputils
|
|
- lsof
|
|
- openssh-server
|
|
- sudo
|
|
- tcpdump
|
|
- python3
|
|
state: latest
|
|
|
|
- name: Copy key to others
|
|
ansible.posix.authorized_key:
|
|
user: root
|
|
state: present
|
|
key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}"
|
|
when: tag.find("infra") == -1 and sshkey_fetch | default(false)
|
|
tags: sshkey
|
|
|
|
- name: Disable cloud init from future runs
|
|
file:
|
|
path: /etc/cloud/cloud-init.disabled
|
|
state: touch
|
|
mode: '0644'
|
|
owner: root
|
|
group: root
|
|
...
|