| commit | author | age | ||
| 8d7955 | 1 | --- |
| WK | 2 | - name: Step 003 - Create env key |
| 3 | hosts: localhost | |
| 4 | connection: local | |
| 5 | gather_facts: false | |
| 6 | become: false | |
| 7 | vars_files: | |
| 5f2907 | 8 | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| WK | 9 | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| 8d7955 | 10 | tags: |
| 5f2907 | 11 | - step003 |
| WK | 12 | - generate_env_keys |
| 8d7955 | 13 | tasks: |
| 5f2907 | 14 | - name: Generate SSH keys |
| WK | 15 | shell: ssh-keygen -b 2048 -t rsa -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" -q -N "" |
| 16 | args: | |
| 17 | creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" | |
| 18 | when: set_env_authorized_key | |
| 8d7955 | 19 | |
| 5f2907 | 20 | - name: fix permission |
| WK | 21 | file: |
| 22 | path: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" | |
| 23 | mode: 0400 | |
| 24 | when: set_env_authorized_key | |
| 8d7955 | 25 | |
| 5f2907 | 26 | - name: Generate SSH pub key |
| WK | 27 | shell: ssh-keygen -y -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" > "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}.pub" |
| 28 | args: | |
| 29 | creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}.pub" | |
| 30 | when: set_env_authorized_key | |
| 8d7955 | 31 | |
| WK | 32 | # Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} |
| 33 | - name: Configure all hosts with Repositories, Common Files and Set environment key | |
| 34 | hosts: | |
| 5f2907 | 35 | - all:!windows |
| 8d7955 | 36 | become: true |
| WK | 37 | gather_facts: False |
| 38 | vars_files: | |
| 5f2907 | 39 | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| WK | 40 | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| 8d7955 | 41 | tags: |
| 5f2907 | 42 | - step004 |
| WK | 43 | - common_tasks |
| 8d7955 | 44 | roles: |
| 5f2907 | 45 | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories", when: 'repo_method is defined' } |
| WK | 46 | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/common", when: 'install_common' } |
| 47 | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key", when: 'set_env_authorized_key' } | |
| 8d7955 | 48 | |
| WK | 49 | - name: Configuring Bastion Hosts |
| 50 | hosts: bastions | |
| 51 | become: true | |
| 52 | vars_files: | |
| 5f2907 | 53 | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| WK | 54 | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| 8d7955 | 55 | roles: |
| 5f2907 | 56 | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion", when: 'install_bastion' } |
| WK | 57 | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-student-user", when: 'install_student_user' } |
| fa9fd4 | 58 | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa", when: 'install_ipa_client' } |
| 8d7955 | 59 | tags: |
| 5f2907 | 60 | - step004 |
| WK | 61 | - bastion_tasks |
| 8d7955 | 62 | |
| WK | 63 | - name: PreSoftware flight-check |
| 64 | hosts: localhost | |
| 65 | connection: local | |
| 66 | gather_facts: false | |
| 67 | become: false | |
| 68 | vars_files: | |
| 5f2907 | 69 | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| WK | 70 | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| 8d7955 | 71 | tags: |
| 5f2907 | 72 | - flight_check |
| 8d7955 | 73 | tasks: |
| 5f2907 | 74 | - debug: |
| WK | 75 | msg: "Pre-Software checks completed successfully" |
