--- # Copyright 2015, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Bootstrap the All-In-One (AIO) hosts: localhost gather_facts: True user: root roles: - role: "sshd" - role: "bootstrap-host" vars: ansible_python_interpreter: "/usr/bin/python" bootstrap_host_scenario: "{{ lookup('env','SCENARIO') | default('aio_lxc', true) }}" install_method: "{{ lookup('env', 'INSTALL_METHOD') | default('source', true) }}" openstack_confd_entries: "{{ confd_overrides[bootstrap_host_scenario] }}" pip_install_upper_constraints_proto: "{{ ansible_python_version | version_compare('2.7.9', '>=') | ternary('https','http') }}" pip_install_upper_constraints: >- {{ (playbook_dir ~ '/../global-requirement-pins.txt') | realpath }} --constraint {{ pip_install_upper_constraints_proto }}://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?id={{ requirements_git_install_branch | regex_replace(' #.*$','') }} sftp_subsystem: 'apt': 'sftp /usr/lib/openssh/sftp-server' 'yum': 'sftp /usr/libexec/openssh/sftp-server' 'zypper': 'sftp /usr/lib/ssh/sftp-server' sshd: ListenAddress: - 0.0.0.0 - '::' Port: 22 Protocol: 2 HostKey: - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_ecdsa_key" - "/etc/ssh/ssh_host_ed25519_key" UsePrivilegeSeparation: yes KeyRegenerationInterval: 3600 ServerKeyBits: 1024 SyslogFacility: "AUTH" LogLevel: "INFO" LoginGraceTime: 120 StrictModes: yes RSAAuthentication: yes PubkeyAuthentication: yes IgnoreRhosts: yes RhostsRSAAuthentication: no HostbasedAuthentication: no PermitEmptyPasswords: no PermitRootLogin: yes ChallengeResponseAuthentication: no PasswordAuthentication: no X11DisplayOffset: 10 PrintMotd: no PrintLastLog: no TCPKeepAlive: yes AcceptEnv: "LANG LC_*" Subsystem: "{{ sftp_subsystem[ansible_pkg_mgr] }}" UsePAM: yes UseDNS: no X11Forwarding: no Compression: yes CompressionLevel: 6 MaxSessions: 100 MaxStartups: "100:100:100" GSSAPIAuthentication: no GSSAPICleanupCredentials: no post_tasks: - name: Check that new network interfaces are up assert: that: - ansible_eth12['active'] == true - ansible_eth13['active'] == true - ansible_eth14['active'] == true when: - (container_tech | default('unknown')) != 'nspawn' vars_files: - "{{ playbook_dir }}/../playbooks/defaults/repo_packages/openstack_services.yml" - vars/bootstrap-aio-vars.yml environment: "{{ deployment_environment_variables | default({}) }}"