122 lines
4.0 KiB
YAML
122 lines
4.0 KiB
YAML
---
|
|
|
|
- name: set file if already set by heat variable (backwards-compatibility)
|
|
set_fact:
|
|
image_filename: "{{ amp_image_filename }}"
|
|
when:
|
|
- amp_image_filename is defined
|
|
- not ((amp_image_filename | length) < 1)
|
|
|
|
- name: set location if CentOS
|
|
set_fact:
|
|
image_filename: "/usr/share/openstack-octavia-amphora-images/amphora-x64-haproxy.qcow2"
|
|
when:
|
|
- ansible_facts['distribution'] == 'CentOS'
|
|
- not (image_filename is defined)
|
|
|
|
- name: set location if Red Hat
|
|
set_fact:
|
|
image_filename: "/usr/share/openstack-octavia-amphora-images/octavia-amphora.qcow2"
|
|
when:
|
|
- ansible_facts['distribution'] == 'RedHat'
|
|
- not (image_filename is defined)
|
|
|
|
- name: check if amphora image file exists
|
|
stat:
|
|
path: "{{ image_filename }}"
|
|
follow: true
|
|
get_checksum: true
|
|
register: image_file_result
|
|
|
|
- include_tasks: image_mgmt.yml
|
|
when:
|
|
- image_file_result.stat.exists | bool
|
|
|
|
- name: use ssh pub key file if provided and is readable
|
|
block:
|
|
- name: check if pub key file exists
|
|
stat: path="{{ amp_ssh_key_path }}"
|
|
register: key_file_result
|
|
|
|
- name: fail if ssh pub key file does not exist or is not readable
|
|
fail: msg="{{ amp_ssh_key_path }} does not exist or is not readable by user {{ ansible_user }}"
|
|
when:
|
|
- (not (key_file_result.stat.exists | bool)) or (not (key_file_result.stat.readable | bool))
|
|
|
|
- name: Set ssh key path fact
|
|
set_fact:
|
|
amp_ssh_key_path_final: "{{ amp_ssh_key_path }}"
|
|
when:
|
|
- amp_ssh_key_path is defined
|
|
- (amp_ssh_key_path | length) > 0
|
|
|
|
- name: Generate ssh public key for Octavia
|
|
block:
|
|
- name: Create ssh key dir
|
|
file:
|
|
path: "{{ ssh_key_dir }}"
|
|
state: directory
|
|
|
|
- name: Generate ssh key for Octavia
|
|
shell: "ssh-keygen -q -t rsa -N '' -f {{ ssh_key_dir }}/octavia_id_rsa"
|
|
args:
|
|
creates: "{{ ssh_key_dir }}/octavia_id_rsa"
|
|
no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}"
|
|
|
|
- name: Set ssh key path fact
|
|
set_fact:
|
|
amp_ssh_key_path_final: "{{ ssh_key_dir }}/octavia_id_rsa.pub"
|
|
vars:
|
|
ssh_key_dir: "{{ amp_ssh_key_dir|default('/etc/octavia/ssh/') }}"
|
|
when:
|
|
- amp_ssh_key_path is not defined or ((amp_ssh_key_path | length) < 1)
|
|
|
|
- name: get the desired sha-256 public key fingerprint
|
|
shell: |
|
|
set -o pipefail
|
|
ssh-keygen -E sha256 -lf {{ amp_ssh_key_path_final }} | awk '{ print $2 }'
|
|
no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}"
|
|
register: ssh_keygen_results
|
|
|
|
- name: get existing public key sha-256 fingerprint
|
|
shell: |
|
|
set -o pipefail
|
|
openstack keypair show --public-key {{ amp_ssh_key_name }} | \
|
|
ssh-keygen -E sha256 -lf - | awk '{ print $2 }'
|
|
ignore_errors: true
|
|
no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}"
|
|
environment:
|
|
OS_USERNAME: "{{ auth_username }}"
|
|
OS_PASSWORD: "{{ auth_password }}"
|
|
OS_PROJECT_NAME: "{{ auth_project_name }}"
|
|
register: os_keypair_results
|
|
|
|
# os_keypair doesn't allow updating a keypair, we need to remove the previous
|
|
# keypair in case we need to update it.
|
|
- name: delete previous Octavia ssh key
|
|
openstack.cloud.keypair:
|
|
state: absent
|
|
name: "{{ amp_ssh_key_name }}"
|
|
auth:
|
|
username: "{{ auth_username }}"
|
|
password: "{{ auth_password }}"
|
|
project_name: "{{ auth_project_name }}"
|
|
no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}"
|
|
when:
|
|
- os_keypair_results.stdout != ''
|
|
- os_keypair_results.stdout != ssh_keygen_results.stdout
|
|
|
|
- name: Create keypair
|
|
openstack.cloud.keypair:
|
|
state: present
|
|
name: "{{ amp_ssh_key_name }}"
|
|
public_key_file: "{{ amp_ssh_key_path_final }}"
|
|
auth:
|
|
username: "{{ auth_username }}"
|
|
password: "{{ auth_password }}"
|
|
project_name: "{{ auth_project_name }}"
|
|
no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}"
|
|
register: keypair_fingerprint
|
|
when:
|
|
- os_keypair_results.stdout == '' or os_keypair_results.stdout != ssh_keygen_results.stdout
|