AdvancedLinuxAdmin/ansible/playbooks/init-nodes.yml
2022-01-05 16:57:06 -05:00

181 lines
4.4 KiB
YAML

---
- name: Configure system for running OpenStack Ansible
hosts: "{{ host }}"
become: true
handlers:
- import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Loading Variables from OS Common
import_tasks: tasks/common_vars.yml
- name: Disable Firewalld
ansible.builtin.systemd:
name: firewalld.service
masked: yes
enabled: no
force: yes
state: stopped
tags: services
- name: Set SELinux to permissive
ansible.posix.selinux:
policy: targeted
state: disabled
tags: services
- name: Ensure packages are upgraded
ansible.builtin.dnf:
name: "*"
state: latest
tags: packages
- name: Generate SSH key
block:
- name: Create ssh key for root
ansible.builtin.user:
name: root
generate_ssh_key: yes
ssh_key_bits: 4096
ssh_key_file: .ssh/id_rsa
register: sshkey_register
tags: sshkey
- name: fetch_keys
tags: sshkey
fetch:
src: "~/.ssh/id_rsa.pub"
dest: "files/buffer/infra-id_rsa.pub"
flat: yes
when: sshkey_register.ssh_public_key != ""
register: sshkey_fetch
when: tag.find("infra") != -1
tags:
- infra
- sshkey
- name: Disable SSH Agent Forwarding
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^.*AllowAgentForwarding'
line: 'AllowAgentForwarding no'
tags: services
notify:
- restart_sshd
- name: Copy interface.sh script to host
ansible.builtin.copy:
src: 'files/interfaces.sh'
dest: '/root/interfaces.sh'
mode: 0744
owner: 'root'
group: 'root'
tags:
- interfaces
- name: Generate ifcfg files
shell: /root/interfaces.sh
args:
chdir: /etc/sysconfig/network-scripts/
creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt
tags:
- interfaces
- name: Setup Infra Nodes
block:
- name: Install packages
ansible.builtin.dnf:
name:
- git-core
- wget
- python36
- chrony
- openssh-server
- python3-devel
- sudo
state: latest
tags: packages
- name: Clone repository
ansible.builtin.git:
repo: https://github.com/NeilHanlon/openstack-ansible.git
#single_branch: yes
dest: /opt/openstack-ansible
version: 'feature/rocky8'
tags: repos
- name: Create ssh key for root
ansible.builtin.user:
name: root
generate_ssh_key: yes
ssh_key_bits: 4096
ssh_key_file: .ssh/id_rsa
register: sshkey_register
tags: sshkey
- name: fetch_keys
tags: sshkey
fetch:
src: "~/.ssh/id_rsa.pub"
dest: "files/buffer/infra-id_rsa.pub"
flat: yes
when: sshkey_register.ssh_public_key != ""
register: sshkey_fetch
when: tag.find("infra") != -1
tags: infra
- name: Install packages on non-infra hosts
when: tag.find("infra") == -1
ansible.builtin.dnf:
name:
- iputils
- lsof
- openssh-server
- sudo
- tcpdump
- python3
state: latest
post_tasks:
- name: Copy key to others
ansible.posix.authorized_key:
user: root
state: present
key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}"
when: tag.find("infra") == -1 and sshkey_fetch
tags: sshkey
- name: Disable cloud init from future runs
file:
path: /etc/cloud/cloud-init.disabled
state: touch
mode: '0644'
owner: root
group: root
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...