76 lines
2.3 KiB
YAML
76 lines
2.3 KiB
YAML
---
|
|
#
|
|
# Copyright (c) 2019 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
# ROLE DESCRIPTION:
|
|
# This role is to perform tasks that are common to the playbooks.
|
|
#
|
|
|
|
# Include user override files for a play
|
|
- stat:
|
|
path: "{{ item }}"
|
|
register: files_to_import
|
|
with_items:
|
|
- "{{ override_files_dir }}/secrets.yml"
|
|
- "{{ override_files_dir }}/{{ inventory_hostname }}_secrets.yml"
|
|
- "{{ override_files_dir }}/site.yml"
|
|
- "{{ override_files_dir }}/{{ inventory_hostname }}.yml"
|
|
delegate_to: localhost
|
|
|
|
- include_vars: "{{ item.item }}"
|
|
when: item.stat.exists
|
|
with_items: "{{ files_to_import.results }}"
|
|
|
|
# Check host connectivity, change password if provided
|
|
- block:
|
|
- name: Set SSH port
|
|
set_fact:
|
|
ansible_port: "{{ ansible_port | default(22) }}"
|
|
|
|
- name: Update SSH known hosts
|
|
lineinfile:
|
|
path: ~/.ssh/known_hosts
|
|
state: absent
|
|
regexp: '^{{ ansible_host }}|^\[{{ ansible_host }}\]:{{ ansible_port }}'
|
|
delegate_to: localhost
|
|
|
|
- name: Check connectivity
|
|
local_action: command ping -c 1 {{ ansible_host }}
|
|
failed_when: false
|
|
register: ping_result
|
|
|
|
- name: Fail if host is unreachable
|
|
fail: msg='Host {{ ansible_host }} is unreachable!'
|
|
with_items:
|
|
- "{{ ping_result.stdout_lines|list }}"
|
|
when: ping_result.rc != 0 and item is search('100% packet loss')
|
|
|
|
- block:
|
|
- name: Fail if password change response sequence is not defined
|
|
fail: msg="The mandatory parameter password_change_response is not defined."
|
|
when: (vault_password_change_responses is not defined) and
|
|
(password_change_responses is not defined)
|
|
|
|
- debug:
|
|
msg: "Changing the initial password.."
|
|
|
|
- name: Change initial password
|
|
expect:
|
|
echo: yes
|
|
command: "ssh -p {{ ansible_port }} {{ ansible_ssh_user }}@{{ ansible_host }}"
|
|
responses: "{{ vault_password_change_responses | default(password_change_responses) }}"
|
|
failed_when: false
|
|
delegate_to: localhost
|
|
|
|
rescue:
|
|
# Initial password has been changed and the user forgot to exclude
|
|
# password_change option in the command line for the replay.
|
|
- debug:
|
|
msg: "Password has already been changed"
|
|
|
|
when: password_change
|
|
|
|
when: inventory_hostname != 'localhost'
|