892c7fe46c
This patch converts the AIO bootstrap process to use Ansible instead of bash scripting. The patch also minimises the options available to focus the role concerned to just handle an AIO bootstrap, but gives it just enough flexibility to allow the use of an external MongoDB database for Ceilometer/Aodh and for a deployer to specify a secondary disk for the AIO to consume. A major change is that the AIO bootstrap process no longer assumes that it can destroy a secondary boot device. It requires a device name to be provided. This prevents horrible surprises. TODO (in subsequent patches): - update the developer AIO docs - convert run-playbooks.sh into an Ansible playbook Implements: blueprint convert-aio-bootstrap-to-ansible Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk> Change-Id: I6028952e7260388873f57db47cc3e08126ecc530
68 lines
1.7 KiB
YAML
68 lines
1.7 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Ensure root has a .ssh directory
|
|
file:
|
|
path: /root/.ssh
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
tags:
|
|
- ssh-key-dir
|
|
|
|
- name: Check for existing ssh private key file
|
|
stat:
|
|
path: /root/.ssh/id_rsa
|
|
register: ssh_key_private
|
|
tags:
|
|
- ssh-key-check
|
|
|
|
- name: Check for existing ssh public key file
|
|
stat:
|
|
path: /root/.ssh/id_rsa.pub
|
|
register: ssh_key_public
|
|
tags:
|
|
- ssh-key-check
|
|
|
|
- name: Remove an existing private/public ssh keys if one is missing
|
|
file:
|
|
path: "/root/.ssh/{{ item }}"
|
|
state: absent
|
|
when: not ssh_key_public.stat.exists or not ssh_key_private.stat.exists
|
|
with_items:
|
|
- 'id_rsa'
|
|
- 'id_rsa.pub'
|
|
tags:
|
|
- ssh-key-clean
|
|
|
|
- name: Create ssh key pair for root
|
|
user:
|
|
name: root
|
|
generate_ssh_key: yes
|
|
ssh_key_bits: 2048
|
|
ssh_key_file: /root/.ssh/id_rsa
|
|
tags:
|
|
- ssh-key-generate
|
|
|
|
- name: Ensure root's new public ssh key is in authorized_keys
|
|
authorized_key:
|
|
user: root
|
|
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
|
|
manage_dir: no
|
|
tags:
|
|
- ssh-key-authorized
|
|
|