-
Notifications
You must be signed in to change notification settings - Fork 0
/
provision.yml
80 lines (74 loc) · 2.98 KB
/
provision.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
---
- name: Use beaker to provision/release the machine
hosts: localhost
vars_files:
- "{{ provision.image }}"
tasks:
- name: Provisioning the machine
beaker_provisioner:
url: "{{ provision.url }}"
username: "{{ provision.beaker.user }}"
password: "{{ provision.beaker.password }}"
host: "{{ provision.host.address }}"
action: "provision"
distro_tree_id: "{{ distro_id }}"
web_service: "{{ provision.web.service }}"
ca_cert: "{{ (provision.ca|default({})).cert | default(omit) }}"
custom_loan_comment: "{{ provision.comment | default('') }}"
when: not provision.dry
# Make beaker module prone to instance outages/failures, retry 3 times
register: provisioner_result
until: provisioner_result|success
retries: 3
delay: 5
- name: Add the host to host list
add_host:
name: "{{ provision.host.address }}"
groups: "beaker-baremetal"
ansible_host: "{{ provision.host.address }}"
ansible_user: "{{ provision.host.user }}"
ansible_ssh_pass: "{{ provision.host.password }}"
# Temporarily disable strict host checking and Ipv6 as this can introduce
# issues when accessing host by SSH password initially.
# Moreover ssh-askpass doesn't support Host Key checking enabled,
# we need to forcefully disable it until PKI is enabled.
ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o AddressFamily=inet -o HostbasedAuthentication=no"
- name: Wait for ssh port to be open
wait_for:
port: 22
host: "{{ provision.host.address }}"
search_regex: OpenSSH
delay: 10
sleep: 3
- name: Enable SSH access to provisioned host (this tasks connect using sshpass and Beaker host password)
hosts: beaker-baremetal
gather_facts: no
any_errors_fatal: true
tasks:
- name: Inject our public SSH key to the autorized_keys
authorized_key:
user: "{{ provision.host.user }}"
key: "{{ lookup('file', provision.host.pubkey ) }}"
- name: Refresh the hosts list with publickey access enabled, remove password from now on
add_host:
name: "{{ provision.host.address }}"
groups: "{{ provision.groups | join(',') }}"
ansible_host: "{{ provision.host.address }}"
ansible_user: "{{ provision.host.user }}"
ansible_ssh_pass: ''
ansible_ssh_private_key_file: "{{ provision.host.privkey }}"
- name: generate inventory file
hosts: localhost
gather_facts: no
tags: always
roles:
- role: inventory-update
inventory_file_name: 'hosts-prov'
- name: Check SSH sanity with PKI in place
hosts: beaker-baremetal
gather_facts: no
any_errors_fatal: true
tasks:
# Verify working access using SSH PKI (as previous steps used sshpass instead)
- name: Test direct SSH access
debug: msg="SSH access OK"