TripleO Ansible project repository. Contains playbooks for use with TripleO OpenStack deployments.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

82 lines
2.9KB

  1. ---
  2. # Copyright 2019 Red Hat, Inc.
  3. # All Rights Reserved.
  4. #
  5. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  6. # not use this file except in compliance with the License. You may obtain
  7. # a copy of the License at
  8. #
  9. # http://www.apache.org/licenses/LICENSE-2.0
  10. #
  11. # Unless required by applicable law or agreed to in writing, software
  12. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  13. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  14. # License for the specific language governing permissions and limitations
  15. # under the License.
  16. - name: Add host keys in /etc/ssh/ssh_known_hosts for live/cold-migration
  17. become: true
  18. check_mode: false
  19. block:
  20. - name: Create temporary file for ssh_known_hosts
  21. tempfile:
  22. state: file
  23. register: ssh_known_hosts_tmp
  24. - name: Check for ssh_known_hosts file
  25. stat:
  26. path: /etc/ssh/ssh_known_hosts
  27. register: _ssh_known_hosts
  28. - name: Create a temporary copy of ssh_known_hosts
  29. slurp:
  30. src: "/etc/ssh/ssh_known_hosts"
  31. register: existing_ssh_known_hosts
  32. when:
  33. - _ssh_known_hosts.stat.exists | bool
  34. - name: Write temporary file
  35. copy:
  36. content: "{{ existing_ssh_known_hosts['content'] | b64decode }}"
  37. dest: "{{ ssh_known_hosts_tmp.path }}"
  38. when:
  39. - _ssh_known_hosts.stat.exists | bool
  40. - name: Set ssh_known_hosts fact
  41. run_once: true
  42. set_fact:
  43. ssh_known_hosts_lines: |-
  44. {%- for host in groups['overcloud'] | intersect(play_hosts) %}
  45. [{{ ctlplane_ip }}]*,[{{ host }}.{{ cloud_domain }}]*,[{{ host }}]*
  46. {%- if enabled_networks | length > 0 and role_networks and role_networks | length > 0 %},
  47. {%- for network in enabled_networks %}
  48. {%- if network in role_networks %}
  49. [{{ hostvars[host][networks[network]['name'] ~ '_ip'] }}]*,[{{ host }}.{{ network.lower() }}]*,{% if 1 %}{% endif %}
  50. [{{ host }}.{{ network.lower() }}.{{ cloud_domain }}]*{% if not loop.last %},{% endif %}
  51. {%- endif -%}
  52. {%- endfor -%}
  53. {%- endif -%}
  54. {{ ' ssh-rsa ' ~ hostvars[host]['ansible_ssh_host_key_rsa_public'] }}
  55. {% endfor %}
  56. - name: Add host keys to temporary ssh_known_hosts
  57. blockinfile:
  58. path: "{{ ssh_known_hosts_tmp.path }}"
  59. block: "{{ ssh_known_hosts_lines }}"
  60. create: true
  61. # Workaround https://bugs.launchpad.net/tripleo/+bug/1810932
  62. # Ansible modules perform a replace instead of in-place modification.
  63. # This breaks propagation of changes to containers that bind mount ssh_known_hosts
  64. - name: In-place update of /etc/ssh_known_hosts
  65. shell: |-
  66. cat '{{ ssh_known_hosts_tmp.path }}' > /etc/ssh/ssh_known_hosts
  67. - name: Remove temp file
  68. file:
  69. path: "{{ ssh_known_hosts_tmp.path }}"
  70. state: absent
  71. tags:
  72. - tripleo_ssh_known_hosts