forked from google/bms-toolkit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhost-provision.yml
104 lines (96 loc) · 3.9 KB
/
host-provision.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# Assumption:
# First time connection is not through public private key pair
# First time connection is always through {{ firsttime_connect_user }} credentials password authentication
# Consequentially, to start with, inventory file will not have details about SSH private key
# Logic:
# First using the {{ firsttime_connect_user }} credentials, keypair is generated
# The tasks in host provisioning will be done using {{ firsttime_connect_user }}
# For running subsequent install-oracle.sh, customer can then ssh using the ansible user created
# Inventory file may be updated with: ansible_ssh_private_key_file and ansible_ssh_user=ansible
# Prior to calling the next steps (i.e.: install-oracle.sh)
- name: Create private public key pair locally
hosts: localhost
tasks:
- include_role:
name: host-provision
tasks_from: ssh-keygen.yml
tags: host-provision
- name: Create user and transfer public key to set up ssh equivalence
hosts: all
vars_prompt:
- name: ansible_password
prompt: Enter customeradmin password
vars:
#ansible_ssh_extra_args can be input as a command line or the following reasonable default may be used:
ansible_ssh_extra_args: '-o IdentityAgent=no'
become: yes
pre_tasks:
- name: Verify that Ansible on control node meets the version requirements
assert:
that: "ansible_version.full is version_compare('2.8', '>=')"
fail_msg: "You must update Ansible to at least 2.8 to use these playbooks"
success_msg: "Ansible version is {{ ansible_version.full }}, continuing"
tasks:
- include_role:
name: host-provision
tasks_from: user-setup.yml
remote_user: "{{ firsttime_connect_user }}"
tags: host-provision
- name: Perform config tasks (SSH equivalence validation, LVM setup, etc)
hosts: all
vars:
ansible_ssh_private_key_file: "{{ control_node_key_file }}"
#ansible_ssh_extra_args can be input as a command line or the following reasonable default may be used:
ansible_ssh_extra_args: '-o IdentityAgent=no'
become: yes
tasks:
- include_role:
name: host-provision
tasks_from: config-tasks.yml
remote_user: "{{ instance_ssh_user }}"
tags: host-provision
# Not clubbing this play inside the main play that performs all config tasks
# Reason: need to first connect as a non-sudo user (become: no) to get to the fact ansible_env['SSH_CLIENT']
- name: Proxy setup [optional]
hosts: all
vars:
ansible_ssh_private_key_file: "{{ control_node_key_file }}"
#ansible_ssh_extra_args can be input as a command line or the following reasonable default may be used:
ansible_ssh_extra_args: '-o IdentityAgent=no'
become: no
tasks:
- include_role:
name: host-provision
tasks_from: proxy.yml
when: proxy_setup|bool
remote_user: "{{ instance_ssh_user }}"
tags: host-provision
- name: Perform RHEL-specific config tasks (subscription-manager, etc)
hosts: all
vars:
ansible_ssh_private_key_file: "{{ control_node_key_file }}"
#ansible_ssh_extra_args can be input as a command line or the following reasonable default may be used:
ansible_ssh_extra_args: '-o IdentityAgent=no'
become: yes
tasks:
- include_role:
name: host-provision
tasks_from: rhel-config-tasks.yml
when:
- ansible_distribution == 'RedHat'
remote_user: "{{ instance_ssh_user }}"
tags: host-provision