commit | author | age
|
8d7955
|
1 |
--- |
WK |
2 |
- name: Step 003 - Create env key |
|
3 |
hosts: localhost |
|
4 |
connection: local |
|
5 |
gather_facts: false |
|
6 |
become: false |
|
7 |
vars_files: |
5f2907
|
8 |
- "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
WK |
9 |
- "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
8d7955
|
10 |
tags: |
5f2907
|
11 |
- step003 |
WK |
12 |
- generate_env_keys |
8d7955
|
13 |
tasks: |
5f2907
|
14 |
- name: Generate SSH keys |
WK |
15 |
shell: ssh-keygen -b 2048 -t rsa -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" -q -N "" |
|
16 |
args: |
|
17 |
creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" |
|
18 |
when: set_env_authorized_key |
8d7955
|
19 |
|
5f2907
|
20 |
- name: fix permission |
WK |
21 |
file: |
|
22 |
path: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" |
|
23 |
mode: 0400 |
|
24 |
when: set_env_authorized_key |
8d7955
|
25 |
|
5f2907
|
26 |
- name: Generate SSH pub key |
WK |
27 |
shell: ssh-keygen -y -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" > "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}.pub" |
|
28 |
args: |
|
29 |
creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}.pub" |
|
30 |
when: set_env_authorized_key |
8d7955
|
31 |
|
WK |
32 |
# Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} |
|
33 |
- name: Configure all hosts with Repositories, Common Files and Set environment key |
|
34 |
hosts: |
5f2907
|
35 |
- all:!windows |
8d7955
|
36 |
become: true |
WK |
37 |
gather_facts: False |
|
38 |
vars_files: |
5f2907
|
39 |
- "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
WK |
40 |
- "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
8d7955
|
41 |
tags: |
5f2907
|
42 |
- step004 |
WK |
43 |
- common_tasks |
8d7955
|
44 |
roles: |
5f2907
|
45 |
- { role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories", when: 'repo_method is defined' } |
WK |
46 |
- { role: "{{ ANSIBLE_REPO_PATH }}/roles/common", when: 'install_common' } |
|
47 |
- { role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key", when: 'set_env_authorized_key' } |
8d7955
|
48 |
|
WK |
49 |
- name: Configuring Bastion Hosts |
|
50 |
hosts: bastions |
|
51 |
become: true |
|
52 |
vars_files: |
5f2907
|
53 |
- "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
WK |
54 |
- "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
8d7955
|
55 |
roles: |
5f2907
|
56 |
- { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion", when: 'install_bastion' } |
WK |
57 |
- { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-student-user", when: 'install_student_user' } |
fa9fd4
|
58 |
- { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa", when: 'install_ipa_client' } |
8d7955
|
59 |
tags: |
5f2907
|
60 |
- step004 |
WK |
61 |
- bastion_tasks |
8d7955
|
62 |
|
WK |
63 |
- name: PreSoftware flight-check |
|
64 |
hosts: localhost |
|
65 |
connection: local |
|
66 |
gather_facts: false |
|
67 |
become: false |
|
68 |
vars_files: |
5f2907
|
69 |
- "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
WK |
70 |
- "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
8d7955
|
71 |
tags: |
5f2907
|
72 |
- flight_check |
8d7955
|
73 |
tasks: |
5f2907
|
74 |
- debug: |
WK |
75 |
msg: "Pre-Software checks completed successfully" |