AdvancedLinuxAdmin/ansible/playbooks/init-nodes.yml
2021-12-29 19:54:31 -05:00

117 lines
2.8 KiB
YAML

---
- name: Configure system for running OpenStack Ansible
hosts: "{{ host }}"
become: true
handlers:
- import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Loading Variables from OS Common
import_tasks: tasks/common_vars.yml
- name: Disable Firewalld
ansible.builtin.systemd:
name: firewalld.service
masked: yes
enabled: no
force: yes
state: stopped
tags: services
- name: Set SELinux to permissive
ansible.posix.selinux:
policy: targeted
state: permissive
tags: services
- name: Ensure packages are upgraded
ansible.builtin.dnf:
name: "*"
state: latest
tags: packages
- name: Disable SSH Agent Forwarding
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^.*AllowAgentForwarding'
line: 'AllowAgentForwarding no'
tags: services
notify:
- restart_sshd
- name: Copy interface.sh script to host
ansible.builtin.copy:
src: 'files/interfaces.sh'
dest: '/root/interfaces.sh'
mode: 0744
owner: 'root'
group: 'root'
tags:
- interfaces
- name: Generate ifcfg files
shell: /root/interfaces.sh
args:
chdir: /etc/sysconfig/network-scripts/
creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt
tags:
- interfaces
- name: Setup Infra Nodes
block:
- name: Install packages
ansible.builtin.dnf:
name:
- git-core
- wget
- python36
- chrony
- openssh-server
- python3-devel
- sudo
state: latest
tags: packages
- name: Clone repository
ansible.builtin.git:
repo: https://github.com/NeilHanlon/openstack-ansible.git
#single_branch: yes
dest: /opt/openstack-ansible
version: 'feature/rocky8'
tags: repos
when: tag.find("infra") != -1
tags: infra
post_tasks:
- name: Disable cloud init from future runs
file:
path: /etc/cloud/cloud-init.disabled
state: touch
mode: '0644'
owner: root
group: root
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...