Gitiles
Code Review Sign In
gerrit.nordix.org / infra / provisioner / heat / fef711b11bea4e86ee2f9d13edb9892bbd05772f / . / playbooks / roles / configure-jumphost / tasks / main.yaml
blob: ed7e84478ddf8e53326c7ad1cc0111e050826310 [file] [log] [blame]
---
# ============LICENSE_START=======================================================
# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
# we need the public IP of the jumphost so we can check if it is reachable
- name: Get public IP of jumphost from openstack stack output
command: "openstack stack output show {{ heat_stack_name }} jumphost_public_ip -c output_value -f json"
register: stack_output
changed_when: false
until: "'output_value' in stack_output.stdout"
retries: 10
delay: 3
environment:
PATH: "{{ engine_venv }}/bin"
delegate_to: localhost
run_once: true
- name: Set public IP of jumphost
set_fact:
jumphost_public_ip: "{{ stack_output.stdout }}"
- name: Log jumphost public IP to console
debug:
msg: "Jumphost public IP is {{ jumphost_public_ip.output_value[0] }}"
delegate_to: localhost
run_once: true
- name: Wait for jumphost to be reachable via SSH
wait_for:
host: "{{ jumphost_public_ip.output_value[0] }}"
port: 22
state: started
delay: 15
connect_timeout: 10
timeout: 1000
delegate_to: localhost
- name: Copy SSH keys to jumphost for target node access
copy:
src: "{{ item }}"
dest: "/root/.ssh/"
owner: "root"
group: "root"
mode: 0600
with_items:
- "/home/{{ local_user }}/.ssh/id_rsa"
- "/home/{{ local_user }}/.ssh/id_rsa.pub"
# NOTE (fdegir): it looks like the provisioner is the best place
# to prepare for offline deployments as the way things done for
# OpenStack based deployments are heavily dependend on the provisioner
# so we transfer the dependencies to jumphost here and update apt
# sources.list as well to ensure the rest of the provisioning and
# installation process stays as is
- block:
- name: Update /etc/hosts with server FQDN
lineinfile:
path: /etc/hosts
regex: '^127\.0\.0\.1'
line: "127.0.0.1 localhost {{ server_fqdn }}"
- name: Ensure /opt/engine exists and empty
file:
path: /opt/engine
state: absent
force: true
with_items:
- absent
- directory
ignore_errors: true
# NOTE (fdegir): we need dependencies available on jumphost
# before we continue with the rest of the process
- name: Synchronize dependencies with jumphost
synchronize:
src: /opt/engine/offline
dest: /opt/engine
recursive: true
delete: true
- name: Update /etc/apt/sources.list to use local apt repository
template:
src: sources.list.j2
dest: /etc/apt/sources.list
owner: root
group: root
mode: '0644'
backup: true
when: execution_mode == "offline-deployment"
# NOTE (fdegir): the python dependencies except python itself may not be
# available on the instances created on OpenStack so we install them here
# to ensure the rest of the process does not bother with them
- name: Install python dependencies
action: |
{{ ansible_pkg_mgr }} name={{ item }} state=present update_cache=true
with_items:
- "python3-pip"
- "python3-setuptools"
- "python3-virtualenv"
# vim: set ts=2 sw=2 expandtab: