158 lines
3.8 KiB
YAML
158 lines
3.8 KiB
YAML
---
|
|
- name: Disable Firewalld
|
|
ansible.builtin.systemd:
|
|
name: firewalld.service
|
|
masked: yes
|
|
enabled: no
|
|
force: yes
|
|
state: stopped
|
|
tags: services
|
|
|
|
- name: Set SELinux to permissive
|
|
ansible.posix.selinux:
|
|
policy: targeted
|
|
state: disabled
|
|
tags: services
|
|
|
|
- name: Ensure packages are upgraded
|
|
ansible.builtin.dnf:
|
|
name: "*"
|
|
state: latest
|
|
tags: packages
|
|
|
|
- name: Generate SSH key
|
|
block:
|
|
- name: Create ssh key for root
|
|
ansible.builtin.user:
|
|
name: root
|
|
generate_ssh_key: yes
|
|
ssh_key_bits: 4096
|
|
ssh_key_file: .ssh/id_rsa
|
|
register: sshkey_register
|
|
tags: sshkey
|
|
|
|
- name: fetch_keys
|
|
tags: sshkey
|
|
fetch:
|
|
src: "~/.ssh/id_rsa.pub"
|
|
dest: "files/buffer/infra-id_rsa.pub"
|
|
flat: yes
|
|
when: sshkey_register.ssh_public_key != ""
|
|
register: sshkey_fetch
|
|
|
|
when: tag.find("infra") != -1 and name == "infra1"
|
|
tags:
|
|
- infra
|
|
- sshkey
|
|
|
|
- name: Disable SSH Agent Forwarding
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '^.*AllowAgentForwarding'
|
|
line: 'AllowAgentForwarding no'
|
|
tags: services
|
|
notify:
|
|
- restart_sshd
|
|
|
|
- name: Copy interface.sh script to host
|
|
ansible.builtin.copy:
|
|
src: 'files/interfaces.sh'
|
|
dest: '/root/interfaces.sh'
|
|
mode: 0744
|
|
owner: 'root'
|
|
group: 'root'
|
|
when: aio_install is undefined or not aio_install
|
|
tags:
|
|
- interfaces
|
|
|
|
- name: Generate ifcfg files
|
|
shell: /root/interfaces.sh
|
|
args:
|
|
chdir: /etc/sysconfig/network-scripts/
|
|
creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt
|
|
when: aio_install is undefined or not aio_install
|
|
tags:
|
|
- interfaces
|
|
|
|
- name: Setup Infra Nodes
|
|
block:
|
|
- name: Install packages
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- git-core
|
|
- wget
|
|
- chrony
|
|
- openssh-server
|
|
#- python3-devel
|
|
- sudo
|
|
- patch # temporary
|
|
state: latest
|
|
tags: packages
|
|
- name: Clone repository
|
|
ansible.builtin.git:
|
|
#repo: https://opendev.org/openstack/openstack-ansible.git
|
|
repo: https://review.opendev.org/openstack/openstack-ansible
|
|
#single_branch: yes
|
|
dest: /opt/openstack-ansible
|
|
version: 'master'
|
|
tags: repos
|
|
|
|
- name: Create ssh key for root
|
|
ansible.builtin.user:
|
|
name: root
|
|
generate_ssh_key: yes
|
|
ssh_key_bits: 4096
|
|
ssh_key_file: .ssh/id_rsa
|
|
register: sshkey_register
|
|
tags: sshkey
|
|
|
|
- name: fetch_keys
|
|
tags: sshkey
|
|
fetch:
|
|
src: "~/.ssh/id_rsa.pub"
|
|
dest: "files/buffer/infra-id_rsa.pub"
|
|
flat: yes
|
|
when: sshkey_register.ssh_public_key != ""
|
|
register: sshkey_fetch
|
|
when: tag.find("infra") != -1 or aio_install | default(false)
|
|
tags: infra
|
|
|
|
- name: Install packages on non-infra hosts
|
|
when: tag.find("infra") != -1 or aio_install | default(false)
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- iputils
|
|
- lsof
|
|
- openssh-server
|
|
- sudo
|
|
- tcpdump
|
|
- python3
|
|
state: latest
|
|
|
|
- name: Copy key to others
|
|
ansible.posix.authorized_key:
|
|
user: root
|
|
state: present
|
|
key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}"
|
|
when: tag.find("infra") == -1 and sshkey_fetch | default(false)
|
|
tags: sshkey
|
|
|
|
#- name: Setup a hosts file for the static deployment
|
|
# ansible.builtin.lineinfile:
|
|
# dest: /etc/hosts
|
|
# line: "{{ hostvars[ansible_fqdn]['ansible_br_mgmt']['ipv4']['address'] }} {{ ansible_hostname }}"
|
|
# when:
|
|
# - hostvars[ansible_fqdn]['ansible_br_mgmt'] is defined
|
|
# - hostvars[ansible_fqdn]['ansible_br_mgmt']['ipv4']['address'] is defined
|
|
# tags: debug123
|
|
|
|
|
|
- name: Disable cloud init from future runs
|
|
file:
|
|
path: /etc/cloud/cloud-init.disabled
|
|
state: touch
|
|
mode: '0644'
|
|
owner: root
|
|
group: root
|
|
...
|