---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Bootstrap the All-In-One (AIO)
  hosts: localhost
  gather_facts: True
  user: root
  roles:
    - role: "sshd"
    - role: "pip_install"
    - role: "bootstrap-host"
  vars:
    ansible_python_interpreter: "/usr/bin/python"
    openstack_confd_entries: "{{ confd_overrides[bootstrap_host_scenario] }}"
    bootstrap_host_scenario: "{{ lookup('env','SCENARIO') | default('aio', true) }}"
    confd_overrides:
      aio:
        - name: cinder.yml.aio
        - name: designate.yml.aio
        - name: glance.yml.aio
        - name: heat.yml.aio
        - name: horizon.yml.aio
        - name: keystone.yml.aio
        - name: neutron.yml.aio
        - name: nova.yml.aio
        - name: swift.yml.aio
      ceph:
        - name: ceph.yml.aio
        - name: cinder.yml.aio
        - name: glance.yml.aio
        - name: heat.yml.aio
        - name: horizon.yml.aio
        - name: keystone.yml.aio
        - name: neutron.yml.aio
        - name: nova.yml.aio
      translations:
        - name: cinder.yml.aio
        - name: designate.yml.aio
        - name: glance.yml.aio
        - name: heat.yml.aio
        - name: horizon.yml.aio
        - name: keystone.yml.aio
        - name: neutron.yml.aio
        - name: nova.yml.aio
        - name: swift.yml.aio
        - name: sahara.yml.aio
        - name: magnum.yml.aio
        - name: octavia.yml.aio
        - name: trove.yml.aio
      octavia:
        - name: glance.yml.aio
        - name: keystone.yml.aio
        - name: neutron.yml.aio
        - name: nova.yml.aio
        - name: octavia.yml.aio
      tacker:
        - name: keystone.yml.aio
        - name: heat.yml.aio
        - name: tacker.yml.aio
    pip_install_upper_constraints_proto: "{{ ansible_python_version | version_compare('2.7.9', '>=') | ternary('https','http') }}"
    sftp_subsystem:
        'apt': 'sftp /usr/lib/openssh/sftp-server'
        'yum': 'sftp /usr/libexec/openssh/sftp-server'
        'zypper': 'sftp /usr/lib/ssh/sftp-server'
    sshd:
      ListenAddress:
        - 0.0.0.0
        - '::'
      Port: 22
      Protocol: 2
      HostKey:
        - "/etc/ssh/ssh_host_rsa_key"
        - "/etc/ssh/ssh_host_ecdsa_key"
        - "/etc/ssh/ssh_host_ed25519_key"
      UsePrivilegeSeparation: yes
      KeyRegenerationInterval: 3600
      ServerKeyBits: 1024
      SyslogFacility: "AUTH"
      LogLevel: "INFO"
      LoginGraceTime: 120
      StrictModes: yes
      RSAAuthentication: yes
      PubkeyAuthentication: yes
      IgnoreRhosts: yes
      RhostsRSAAuthentication: no
      HostbasedAuthentication: no
      PermitEmptyPasswords: no
      PermitRootLogin: yes
      ChallengeResponseAuthentication: no
      PasswordAuthentication: no
      X11DisplayOffset: 10
      PrintMotd: no
      PrintLastLog: no
      TCPKeepAlive: yes
      AcceptEnv: "LANG LC_*"
      Subsystem: "{{ sftp_subsystem[ansible_pkg_mgr] }}"
      UsePAM: yes
      UseDNS: no
      X11Forwarding: no
      Compression: yes
      CompressionLevel: 6
      MaxSessions: 100
      MaxStartups: "100:100:100"
      GSSAPIAuthentication: no
      GSSAPICleanupCredentials: no
  vars_files:
    - "{{ playbook_dir }}/../playbooks/defaults/repo_packages/openstack_services.yml"