playbooks/roles/configure-jumphost/tasks/main.yaml

---
# ============LICENSE_START=======================================================
#  Copyright (C) 2019 The Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================

# we need the public IP of the jumphost so we can check if it is reachable
- name: Get public IP of jumphost from openstack stack output
  command: "openstack stack output show {{ heat_stack_name }} jumphost_public_ip -c output_value -f json"
  register: stack_output
  changed_when: false
  until: "'output_value' in stack_output.stdout"
  retries: 10
  delay: 3
  environment:
    PATH: "{{ engine_venv }}/bin"
  delegate_to: localhost
  run_once: true

- name: Set public IP of jumphost
  set_fact:
    jumphost_public_ip: "{{ stack_output.stdout }}"

- name: Log jumphost public IP to console
  debug:
    msg: "Jumphost public IP is {{ jumphost_public_ip.output_value[0] }}"
  delegate_to: localhost
  run_once: true

- name: Wait for jumphost to be reachable via SSH
  wait_for:
    host: "{{ jumphost_public_ip.output_value[0] }}"
    port: 22
    state: started
    delay: 15
    connect_timeout: 10
    timeout: 1000
  delegate_to: localhost

- name: Copy SSH keys to jumphost for target node access
  copy:
    src: "{{ item }}"
    dest: "/root/.ssh/"
    owner: "root"
    group: "root"
    mode: 0600
  with_items:
    - "/home/{{ local_user }}/.ssh/id_rsa"
    - "/home/{{ local_user }}/.ssh/id_rsa.pub"

# NOTE (fdegir): it looks like the provisioner is the best place
# to prepare for offline deployments as the way things done for
# OpenStack based deployments are heavily dependend on the provisioner
# so we transfer the dependencies to jumphost here and update apt
# sources.list as well to ensure the rest of the provisioning and
# installation process stays as is
- block:
    - name: Update /etc/hosts with server FQDN
      lineinfile:
        path: /etc/hosts
        regex: '^127\.0\.0\.1'
        line: "127.0.0.1 localhost {{ server_fqdn }}"

    - name: Ensure /opt/engine exists and empty
      file:
        path: /opt/engine
        state: absent
        force: true
      with_items:
        - absent
        - directory
      ignore_errors: true

    # NOTE (fdegir): we need dependencies available on jumphost
    # before we continue with the rest of the process
    - name: Synchronize dependencies with jumphost
      synchronize:
        src: /opt/engine/offline
        dest: /opt/engine
        recursive: true
        delete: true

    - name: Update /etc/apt/sources.list to use local apt repository
      template:
        src: sources.list.j2
        dest: /etc/apt/sources.list
        owner: root
        group: root
        mode: '0644'
        backup: true
  when: execution_mode == "offline-deployment"

# NOTE (fdegir): the python dependencies except python itself may not be
# available on the instances created on OpenStack so we install them here
# to ensure the rest of the process does not bother with them
- name: Install python dependencies
  action: |
    {{ ansible_pkg_mgr }} name={{ item }} state=present update_cache=true
  with_items:
    - "python3-pip"
    - "python3-setuptools"
    - "python3-virtualenv"

# vim: set ts=2 sw=2 expandtab: