diff --git a/ansible/configs/just-a-bunch-of-nodes/post_infra.yml b/ansible/configs/just-a-bunch-of-nodes/post_infra.yml index 88487c376e3..2481fb280e9 100644 --- a/ansible/configs/just-a-bunch-of-nodes/post_infra.yml +++ b/ansible/configs/just-a-bunch-of-nodes/post_infra.yml @@ -6,3 +6,16 @@ tasks: - debug: msg: "Step 002 Post Infrastructure" + +- name: Configure all hosts authorized_keys + hosts: + - all:!windows + become: true + gather_facts: false + tags: + - common_tasks + tasks: + + - include_role: + name: set_env_authorized_key + when: set_env_authorized_key | bool diff --git a/ansible/configs/just-a-bunch-of-nodes/pre_infra.yml b/ansible/configs/just-a-bunch-of-nodes/pre_infra.yml index ac875b08d77..901a48ea069 100644 --- a/ansible/configs/just-a-bunch-of-nodes/pre_infra.yml +++ b/ansible/configs/just-a-bunch-of-nodes/pre_infra.yml @@ -6,3 +6,7 @@ tasks: - debug: msg: "Step 000 Pre Infrastructure" + + - include_role: + name: infra-local-create-ssh_key + when: set_env_authorized_key | bool diff --git a/ansible/configs/just-a-bunch-of-nodes/pre_software.yml b/ansible/configs/just-a-bunch-of-nodes/pre_software.yml index d3ec4c23211..bd6115500fd 100644 --- a/ansible/configs/just-a-bunch-of-nodes/pre_software.yml +++ b/ansible/configs/just-a-bunch-of-nodes/pre_software.yml @@ -7,10 +7,6 @@ - debug: msg: "Step 003 Pre Software" - - include_role: - name: infra-local-create-ssh_key - when: set_env_authorized_key | bool - - name: Configure all hosts with Repositories, Common Files and Set environment key hosts: - all:!windows @@ -21,16 +17,12 @@ tasks: - include_role: name: set-repositories - when: repo_method is defined + when: repo_method is defined and repo_method != 'none' - include_role: name: common when: install_common | bool - - include_role: - name: set_env_authorized_key - when: set_env_authorized_key | bool - - name: Configuring Bastion Hosts hosts: bastions become: true diff --git a/ansible/configs/just-a-bunch-of-nodes/sample_vars/equinix_metal_ocp4_aio.yaml b/ansible/configs/just-a-bunch-of-nodes/sample_vars/equinix_metal_ocp4_aio.yaml new file mode 100644 index 00000000000..982a8b9e187 --- /dev/null +++ b/ansible/configs/just-a-bunch-of-nodes/sample_vars/equinix_metal_ocp4_aio.yaml @@ -0,0 +1,203 @@ +--- +cloud_provider: equinix_metal +remote_user: root +cloud_tags: + ci_org_owner: Customer And Field engagement BU + env_type: '{{ env_type }}' + platform: '{{ platform | d(''unknown'') }}' +env_type: just-a-bunch-of-nodes +extra_sno_nodes: false +hypervisor_count: 1 +hypervisor_os: centos_8 +install_bastion: false +install_common: false +install_ftl: false +install_student_user: true +key_name: opentlc_admin_backdoor +ocp4_aio_deploy_acm: false +ocp4_aio_deploy_acs: false +ocp4_aio_deploy_cnv: false +ocp4_aio_deploy_cnvlab: true +ocp4_aio_deploy_compact: false +ocp4_aio_deploy_disconnected: false +ocp4_aio_deploy_guacamole: true +ocp4_aio_deploy_ipi: true +ocp4_aio_deploy_nfs: false +ocp4_aio_deploy_ocp: true +ocp4_aio_deploy_ocp_plus: false +ocp4_aio_deploy_ocs: true +ocp4_aio_deploy_ods: false +ocp4_aio_deploy_sno: false +ocp4_aio_deploy_type: ipi +deploy_type: ipi +ocp4_aio_ocp_version: 4.9.5 +ocp4_aio_ocp_workers: 3 +ocp4_aio_baremetal_provider: "{{ cloud_provider }}" +ocp4_aio_rhcos_iso_url: https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/latest/latest/rhcos-live.x86_64.iso +ocp4_aio_use_ddns: true +own_repo_path: http://d3s3zqyaz8cp2d.cloudfront.net/repos/ocp/{{osrelease}} +platform: dev +pull_secret: '{{ ocp4_pull_secret }}' +purpose: production +repo_method: none +set_env_authorized_key: false +override_deploy_ocp: >- + {{ ( ocp4_aio_deploy_ocs + or ocp4_aio_deploy_cnv + or ocp4_aio_deploy_acm ) | bool + }} +override_deploy_compact: "{{ ocp4_aio_ocp_workers != 0 }}" +override_deploy_nfs: "{{ not ocp4_aio_deploy_ocs | bool }}" + +equinix_metal_facility: am6 +hypervisor_type: s3.xlarge.x86 + +ansible_user: root + +# Environment Instances +instances: + - name: "hypervisor" + count: "{{ hypervisor_count }}" + public_dns: true + type: "{{ hypervisor_type }}" + os: "{{ hypervisor_os }}" + facility: "{{ equinix_metal_facility }}" + tags: + - key: "AnsibleGroup" + value: "bastions,hypervisors" + - key: "ostype" + value: "linux" + +requirements_content: + roles: + - src: https://github.com/fridim/ocp4_aio_infra_role_base_software.git + scm: git + name: ocp4_aio_base_software + version: main + + - name: ocp4_aio_base_virt + src: https://github.com/RHFieldProductManagement/ocp4_aio_infra_role_base_virt.git + scm: git + version: v0.0.3 + + - name: ocp4_aio_prepare_bastion + src: https://github.com/RHFieldProductManagement/ocp4_aio_infra_role_prepare_bastion.git + scm: git + version: v0.0.2 + + - name: ocp4_aio_role_acm + src: https://github.com/RHFieldProductManagement/ocp4_aio_role_acm.git + scm: git + version: v0.0.1 + + - name: ocp4_aio_role_acs + src: https://github.com/RHFieldProductManagement/ocp4_aio_role_acs.git + scm: git + version: v0.0.1 + + - name: ocp4_aio_role_cnv + src: https://github.com/RHFieldProductManagement/ocp4_aio_role_cnv.git + scm: git + version: v0.0.1 + + - name: ocp4_aio_role_imgreg + src: https://github.com/RHFieldProductManagement/ocp4_aio_role_imgreg.git + scm: git + version: v0.0.1 + + - name: ocp4_aio_role_nfsmount + src: https://github.com/RHFieldProductManagement/ocp4_aio_role_nfsmount.git + scm: git + version: v0.0.2 + + - name: ocp4_aio_role_ocs + src: https://github.com/RHFieldProductManagement/ocp4_aio_role_ocs.git + scm: git + version: v0.0.3 + + - name: ocp4_aio_deploy_bastion + src: https://github.com/RHFieldProductManagement/ocp4_aio_infra_role_deploy_bastion.git + scm: git + version: v0.0.3 + + - name: ocp4_aio_deploy_guac + src: https://github.com/RHFieldProductManagement/ocp4_aio_infra_role_deploy_guacamole.git + scm: git + version: v0.0.1 + + - name: ocp4_aio_deploy_ocp + src: https://github.com/RHFieldProductManagement/ocp4_aio_infra_role_deploy_ocp.git + scm: git + version: v0.0.4 + + - name: ocp4_aio_workload_cnvlab + src: https://github.com/RHFieldProductManagement/ocp4_aio_role_deploy_cnvlab.git + scm: git + version: v0.0.2 + + # PoC, implement rogue tasks as roles + + - name: ocp4_equinix_aio_post_infra + src: https://github.com/fridim/ocp4_equinix_aio_post_infra + version: main + + - name: ocp4_equinix_aio_set_guid + src: https://github.com/fridim/ocp4_equinix_aio_set_guid + version: main + + - name: ocp4_equinix_metal_kube + src: https://github.com/fridim/ocp4_equinix_metal_kube + version: main + + collections: + - name: community.general + - name: containers.podman + + +agnosticd_post_infra_roles: + - name: ocp4_equinix_aio_post_infra + +agnosticd_pre_software_roles: + - name: ocp4_equinix_aio_set_guid + group: hypervisors + + - name: bastion-student-user + group: hypervisors + when: install_student_user + + - name: ocp4_aio_base_software + group: hypervisors + + - name: ocp4_aio_base_virt + group: hypervisors + facts: + aio_host_ip_address: "{{ hostvars['hypervisor']['public_ip_address'] }}" + + - name: ocp4_aio_prepare_bastion + group: hypervisors + facts: + ocp4_aio_ssh_key: "{{ lookup('file', '{{ output_dir }}/{{ guid }}_id_rsa.pub' ) }}" + + - name: ocp4_aio_deploy_guac + group: hypervisors + when: ocp4_aio_deploy_guacamole + + - name: ocp4_aio_deploy_bastion + host: bastion-vm + facts: + ocp4_aio_ssh_key: "{{ lookup('file', '{{ output_dir }}/{{ guid }}_id_rsa.pub' ) }}" + +agnosticd_software_roles: + - name: ocp4_aio_deploy_ocp + host: bastion-vm + facts: + aio_host_ip_address: "{{ hostvars['hypervisor']['public_ip_address'] }}" + +agnosticd_post_software_roles: + # Setup OCS Storage + - name: ocp4_aio_role_ocs + host: bastion-vm + + # Enable internal registry + - name: ocp4_aio_role_imgreg + host: bastion-vm diff --git a/ansible/destroy.yml b/ansible/destroy.yml index 77ffde02f73..ba41766d86d 100644 --- a/ansible/destroy.yml +++ b/ansible/destroy.yml @@ -29,6 +29,13 @@ }) }} +- name: Post Destroy Hooks + import_playbook: hooks/post_destroy.yaml + tags: + - dynamic_roles + - post_destroy + - post_destroy_tasks + - import_playbook: save_output_dir.yml - import_playbook: completion_callback.yml diff --git a/ansible/hooks/facts_tasks.yaml b/ansible/hooks/facts_tasks.yaml new file mode 100644 index 00000000000..c99eb7c8419 --- /dev/null +++ b/ansible/hooks/facts_tasks.yaml @@ -0,0 +1,4 @@ +--- +- name: Set facts + loop: "{{ _facts | default({}) | dict2items }}" + set_fact: {"{{ item.key }}":"{{ item.value }}"} diff --git a/ansible/hooks/infra.yml b/ansible/hooks/infra.yml new file mode 100644 index 00000000000..736b2ee455e --- /dev/null +++ b/ansible/hooks/infra.yml @@ -0,0 +1,35 @@ +--- +- name: Install Infra dynamic roles + hosts: localhost + gather_facts: false + tags: + - dynamic_roles + tasks: + - name: Process facts + loop: "{{ agnosticd_infra_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + when: >- + _role.facts | default({}) | length > 0 + and + lookup('test', _role.when | default(true)) + + include_tasks: facts_tasks.yaml + vars: + _facts: "{{ _role.facts }}" + + - name: Process roles + vars: + agnosticd_stage: infra + loop: "{{ agnosticd_infra_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + when: lookup('test', _role.when | default(true)) + include_role: + name: "{{ _role.name }}" + defaults_from: "{{ _role.defaults_from | default('main') }}" + handlers_from: "{{ _role.handlers_from | default('main') }}" + tasks_from: "{{ _role.tasks_from | default('main') }}" + vars_from: "{{ _role.vars_from | default('main') }}" diff --git a/ansible/hooks/post_destroy.yaml b/ansible/hooks/post_destroy.yaml new file mode 100644 index 00000000000..6f93deb2e8a --- /dev/null +++ b/ansible/hooks/post_destroy.yaml @@ -0,0 +1,38 @@ +--- +- name: Post Destroy Dynamic Roles + hosts: localhost + gather_facts: false + tags: + - dynamic_roles + tasks: + - name: Process facts + loop: "{{ agnosticd_post_destroy_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + when: >- + _role.facts | default({}) | length > 0 + and + lookup('test', _role.when | default(true)) + + include_tasks: facts_tasks.yaml + vars: + _facts: "{{ _role.facts }}" + + - name: Process roles + vars: + agnosticd_stage: post_destroy + loop: "{{ agnosticd_post_destroy_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + when: lookup('test', _role.when | default(true)) + include_role: + name: "{{ _role.name }}" + defaults_from: "{{ _role.defaults_from | default('main') }}" + handlers_from: "{{ _role.handlers_from | default('main') }}" + tasks_from: "{{ _role.tasks_from | default('main') }}" + vars_from: "{{ _role.vars_from | default('main') }}" + apply: + vars: + - "{{ _role.vars | default({}) }}" diff --git a/ansible/hooks/post_infra.yml b/ansible/hooks/post_infra.yml new file mode 100644 index 00000000000..e7d4f0d6fac --- /dev/null +++ b/ansible/hooks/post_infra.yml @@ -0,0 +1,53 @@ +--- +- name: Install Post Infra dynamic roles + hosts: all + gather_facts: false + tags: + - dynamic_roles + tasks: + - name: Process facts + loop: "{{ agnosticd_post_infra_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + when: >- + _role.facts | default({}) | length > 0 + and + lookup('test', _role.when | default(true)) + and + ( + _role.host | default('') == inventory_hostname + or + _role.group | default('') in group_names + or + _role.groups | default([]) | intersect(group_names) | list | length > 0 + ) + vars: + _facts: "{{ _role.facts }}" + include_tasks: facts_tasks.yaml + + - name: Process roles + vars: + agnosticd_stage: post_infra + loop: "{{ agnosticd_post_infra_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + include_role: + name: "{{ _role.name }}" + defaults_from: "{{ _role.defaults_from | default('main') }}" + handlers_from: "{{ _role.handlers_from | default('main') }}" + tasks_from: "{{ _role.tasks_from | default('main') }}" + vars_from: "{{ _role.vars_from | default('main') }}" + when: >- + _role.name | default('') != '' + and + lookup('test', _role.when | default(true)) + and + ( + _role.host | default('') == inventory_hostname + or + _role.group | default('') in group_names + or + _role.groups | default([]) | intersect(group_names) | list | length > 0 + ) diff --git a/ansible/hooks/post_software.yml b/ansible/hooks/post_software.yml new file mode 100644 index 00000000000..70074c8fd43 --- /dev/null +++ b/ansible/hooks/post_software.yml @@ -0,0 +1,58 @@ +--- +- name: Install Post Software dynamic roles + hosts: all + gather_facts: false + tags: + - dynamic_roles + tasks: + - name: Process facts + loop: "{{ agnosticd_post_software_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + when: >- + _role.facts | default({}) | length > 0 + and + lookup('test', _role.when | default(true)) + and + ( + _role.host | default('') == inventory_hostname + or + _role.group | default('') in group_names + or + _role.groups | default([]) + | intersect(group_names) | list | length > 0 + ) + + vars: + _facts: "{{ _role.facts }}" + include_tasks: facts_tasks.yaml + + - name: Process roles + vars: + agnosticd_stage: post_software + loop: "{{ agnosticd_post_software_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + include_role: + apply: + tags: + - post_software + name: "{{ _role.name }}" + defaults_from: "{{ _role.defaults_from | default('main') }}" + handlers_from: "{{ _role.handlers_from | default('main') }}" + tasks_from: "{{ _role.tasks_from | default('main') }}" + vars_from: "{{ _role.vars_from | default('main') }}" + when: >- + _role.name | default('') != '' + and + lookup('test', _role.when | default(true)) + and + ( + _role.host | default('') == inventory_hostname + or + _role.group | default('') in group_names + or + _role.groups | default([]) | intersect(group_names) | list | length > 0 + ) diff --git a/ansible/hooks/pre_infra.yml b/ansible/hooks/pre_infra.yml new file mode 100644 index 00000000000..c2bf00ac584 --- /dev/null +++ b/ansible/hooks/pre_infra.yml @@ -0,0 +1,35 @@ +--- +- name: Install Pre Infra dynamic roles + hosts: localhost + gather_facts: false + tags: + - dynamic_roles + tasks: + - name: Process facts + loop: "{{ agnosticd_pre_infra_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + when: >- + _role.facts | default({}) | length > 0 + and + lookup('test', _role.when | default(true)) + + include_tasks: facts_tasks.yaml + vars: + _facts: "{{ _role.facts }}" + + - name: Process roles + vars: + agnosticd_stage: pre_infra + loop: "{{ agnosticd_pre_infra_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + when: lookup('test', _role.when | default(true)) + include_role: + name: "{{ _role.name }}" + defaults_from: "{{ _role.defaults_from | default('main') }}" + handlers_from: "{{ _role.handlers_from | default('main') }}" + tasks_from: "{{ _role.tasks_from | default('main') }}" + vars_from: "{{ _role.vars_from | default('main') }}" diff --git a/ansible/hooks/pre_software.yml b/ansible/hooks/pre_software.yml new file mode 100644 index 00000000000..c80968890ac --- /dev/null +++ b/ansible/hooks/pre_software.yml @@ -0,0 +1,57 @@ +--- +- name: Install Pre Software dynamic roles + hosts: all + gather_facts: false + tags: + - dynamic_roles + tasks: + - name: Process facts + loop: "{{ agnosticd_pre_software_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + when: >- + _role.facts | default({}) | length > 0 + and + lookup('test', _role.when | default(true)) + and + ( + _role.host | default('') == inventory_hostname + or + _role.group | default('') in group_names + or + _role.groups | default([]) + | intersect(group_names) | list | length > 0 + ) + + include_tasks: facts_tasks.yaml + vars: + _facts: "{{ _role.facts }}" + + - name: Process roles + vars: + agnosticd_stage: pre_software + loop: "{{ agnosticd_pre_software_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + include_role: + name: "{{ _role.name }}" + defaults_from: "{{ _role.defaults_from | default('main') }}" + handlers_from: "{{ _role.handlers_from | default('main') }}" + tasks_from: "{{ _role.tasks_from | default('main') }}" + vars_from: "{{ _role.vars_from | default('main') }}" + + when: >- + _role.name | default('') != '' + and + lookup('test', _role.when | default(true)) + and + ( + _role.host | default('') == inventory_hostname + or + _role.group | default('') in group_names + or + _role.groups | default([]) + | intersect(group_names) | list | length > 0 + ) diff --git a/ansible/hooks/software.yml b/ansible/hooks/software.yml new file mode 100644 index 00000000000..8dd90f0e653 --- /dev/null +++ b/ansible/hooks/software.yml @@ -0,0 +1,56 @@ +--- +- name: Install Software dynamic roles + hosts: all + gather_facts: false + tags: + - dynamic_roles + tasks: + - name: Process facts + loop: "{{ agnosticd_software_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + when: >- + _role.facts | default({}) | length > 0 + and + lookup('test', _role.when | default(true)) + and + ( + _role.host | default('') == inventory_hostname + or + _role.group | default('') in group_names + or + _role.groups | default([]) + | intersect(group_names) | list | length > 0 + ) + + vars: + _facts: "{{ _role.facts }}" + include_tasks: facts_tasks.yaml + + + - name: Process roles + vars: + agnosticd_stage: software + loop: "{{ agnosticd_software_roles | default([]) }}" + loop_control: + loop_var: _role + label: "{{ _role.name }}" + include_role: + name: "{{ _role.name }}" + defaults_from: "{{ _role.defaults_from | default('main') }}" + handlers_from: "{{ _role.handlers_from | default('main') }}" + tasks_from: "{{ _role.tasks_from | default('main') }}" + vars_from: "{{ _role.vars_from | default('main') }}" + when: >- + _role.name | default('') != '' + and + lookup('test', _role.when | default(true)) + and + ( + _role.host | default('') == inventory_hostname + or + _role.group | default('') in group_names + or + _role.groups | default([]) | intersect(group_names) | list | length > 0 + ) diff --git a/ansible/install_galaxy_roles.yml b/ansible/install_galaxy_roles.yml index 08cad7197af..b4d1cd456e4 100644 --- a/ansible/install_galaxy_roles.yml +++ b/ansible/install_galaxy_roles.yml @@ -11,21 +11,45 @@ ## Needs to be validated ## var is called from main.yml requirements_path: "configs/{{ env_type }}/requirements.yml" + requirements_content: {} tasks: + - name: requirements_content is provided + when: requirements_content | length > 0 + block: + - name: Use requirements_content + set_fact: + requirements_path_final: "{{ output_dir }}/custom_requirements.yml" + + - name: Copy requirements content to output_dir + copy: + dest: "{{ requirements_path_final }}" + content: "{{ requirements_content | to_yaml }}" + + - when: requirements_content | length == 0 + name: Use requirements_path from the config + set_fact: + requirements_path_final: "{{ requirements_path }}" + - name: Check if requirements.yml exists stat: - path: "{{ requirements_path }}" + path: "{{ requirements_path_final }}" register: r_requirements_stat - set_fact: - r_requirements_content: "{{ lookup('file', requirements_path) | from_yaml }}" + r_requirements_content: "{{ lookup('file', requirements_path_final) | from_yaml }}" when: r_requirements_stat.stat.exists - name: Install roles from requirements.yml command: >- ansible-galaxy install - -r "{{ requirements_path }}" - -p "{{ ANSIBLE_REPO_PATH | default('.') }}/configs/{{ env_type }}/roles" + -r "{{ requirements_path_final }}" + -p "{%- if requirements_content | length > 0 -%} + {{ playbook_dir }}/dynamic-roles + {%- else -%} + {{ ANSIBLE_REPO_PATH + | default(playbook_dir) + | default('.') }}/configs/{{ env_type }}/roles + {%- endif -%}" when: >- r_requirements_stat.stat.exists and r_requirements_content | length > 0 @@ -44,7 +68,7 @@ __collections_path: "{{ lookup('config', 'COLLECTIONS_PATHS')[0] }}" command: >- ansible-galaxy collection install - -r "{{ requirements_path }}" + -r "{{ requirements_path_final }}" -p "{{ __collections_path | quote }}" --force-with-deps when: >- diff --git a/ansible/lookup_plugins/test.py b/ansible/lookup_plugins/test.py new file mode 100644 index 00000000000..8f269e0172e --- /dev/null +++ b/ansible/lookup_plugins/test.py @@ -0,0 +1,43 @@ +# Copyright: (c) 2020, Johnathan Kupferer +# Copyright: (c) 2022, Guillaume Core +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = """ + lookup: test + author: Johnathan Kupferer , Guillaume Core + version_added: "2.9" + short_description: check test condition + description: + - Return evaluation of test condition + options: + _terms: + description: list of tests +""" + +EXAMPLES = """ +- name: show templating results + debug: + msg: "{{ lookup('test', 'foo is defined') }}" +""" + +RETURN = """ +_raw: + description: boolean result of conditional evaluation +""" + +from ansible.plugins.lookup import LookupBase +from ansible.plugins.filter.core import to_bool + +class LookupModule(LookupBase): + + def run(self, terms, variables, **kwargs): + result = [] + for term in terms: + if isinstance(term, str): + result.append(self._templar.template('{{(' + term + ')|bool}}')) + else: + result.append(to_bool(term)) + return result diff --git a/ansible/main.yml b/ansible/main.yml index 2276a6a6c62..20d95c22e45 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -24,6 +24,14 @@ - step000 - pre_infra_tasks +- name: Pre Infra Dynamic Roles + import_playbook: hooks/pre_infra.yml + tags: + - step000 + - dynamic_roles + - pre_infra + - pre_infra_tasks + ################################################################################# ################################################################################# ############ Step 001 Deploy Infrastructure @@ -42,6 +50,18 @@ tags: - step001 - deploy_infrastructure + - infra + - infra_tasks + +- name: Infra Dynamic Roles + import_playbook: hooks/infra.yml + tags: + - step001 + - deploy_infrastructure + - infra + - infra_tasks + - dynamic_roles + - deploy_infrastructure ################################################################################ ################################################################################ @@ -55,6 +75,14 @@ - post_infra - post_infra_tasks +- name: Post Infra Dynamic Roles + import_playbook: hooks/post_infra.yml + tags: + - step002 + - dynamic_roles + - post_infra + - post_infra_tasks + - import_playbook: "export_inventory.yml" vars: agnosticd_inventory_exporter_stage: post_infra @@ -76,6 +104,14 @@ - pre_software - pre_software_tasks +- name: Pre Software Dynamic Roles + import_playbook: hooks/pre_software.yml + tags: + - step003 + - pre_software + - pre_software_tasks + - dynamic_roles + ################################################################################## ################################################################################## ############ Step 004 Software Deploy Tasks @@ -87,12 +123,25 @@ tags: - step004 - deploy_software + - software + - software_tasks - name: Software Playbook '{{ software_to_deploy | d('none') }}' import_playbook: "./software_playbooks/{{ software_to_deploy | d('none') }}.yml" tags: - step004 - deploy_software + - software + - software_tasks + +- name: Software Dynamic Roles + import_playbook: hooks/software.yml + tags: + - step004 + - deploy_software + - software + - software_tasks + - dynamic_roles ################################################################################ ################################################################################ @@ -106,6 +155,14 @@ - post_software - post_software_tasks +- name: Post Software Dynamic Roles + import_playbook: hooks/post_software.yml + tags: + - step005 + - post_software + - post_software_tasks + - dynamic_roles + - import_playbook: "export_inventory.yml" vars: agnosticd_inventory_exporter_stage: post_software diff --git a/ansible/roles-infra/infra-local-create-ssh_key/tasks/main.yml b/ansible/roles-infra/infra-local-create-ssh_key/tasks/main.yml index c6c3d62263e..d36be17d193 100644 --- a/ansible/roles-infra/infra-local-create-ssh_key/tasks/main.yml +++ b/ansible/roles-infra/infra-local-create-ssh_key/tasks/main.yml @@ -5,19 +5,25 @@ ignore_errors: true - name: Generate SSH keys - shell: ssh-keygen -b 2048 -t rsa -f "{{output_dir}}/{{env_authorized_key}}" -q -N "" + command: >- + ssh-keygen -b 2048 -t rsa + -f "{{ output_dir }}/{{ env_authorized_key }}" + -q -N "" args: - creates: "{{output_dir}}/{{env_authorized_key}}" + creates: "{{ output_dir }}/{{ env_authorized_key }}" when: set_env_authorized_key | bool - name: fix permission file: - path: "{{output_dir}}/{{env_authorized_key}}" + path: "{{ output_dir }}/{{ env_authorized_key }}" mode: 0400 when: set_env_authorized_key | bool - name: Generate SSH pub key - shell: ssh-keygen -y -f "{{output_dir}}/{{env_authorized_key}}" > "{{output_dir}}/{{env_authorized_key}}.pub" + shell: >- + ssh-keygen -y -f + "{{ output_dir }}/{{ env_authorized_key }}" + > "{{ output_dir }}/{{ env_authorized_key }}.pub" args: - creates: "{{output_dir}}/{{env_authorized_key}}.pub" + creates: "{{ output_dir }}/{{ env_authorized_key }}.pub" when: set_env_authorized_key | bool diff --git a/ansible/roles/set_env_authorized_key/tasks/main.yml b/ansible/roles/set_env_authorized_key/tasks/main.yml index b10c1f50a73..fc87c8af96e 100644 --- a/ansible/roles/set_env_authorized_key/tasks/main.yml +++ b/ansible/roles/set_env_authorized_key/tasks/main.yml @@ -5,7 +5,7 @@ mode: 0700 state: directory -- name: copy the environment .pem key +- name: Copy the infra .pem key on the bastions become: true copy: src: "{{ hostvars.localhost.env_authorized_key_path }}" @@ -13,9 +13,11 @@ owner: root group: root mode: 0400 - when: set_env_authorized_key|bool + when: >- + set_env_authorized_key|bool + and inventory_hostname in groups['bastions'] -- name: copy the environment .pub key +- name: Copy the environment .pub key become: true copy: src: "{{ hostvars.localhost.env_authorized_key_path_pub }}"