-
Notifications
You must be signed in to change notification settings - Fork 110
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support new OpenStack initialization resource for RHOSO install
- Loading branch information
Showing
3 changed files
with
200 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
--- | ||
- hosts: "{{ cifmw_target_host | default('all') }}" | ||
vars: | ||
_user: "{{ remote_user | default('zuul') }}" | ||
_rhos_release: "{{ use_rhose_release | default(true) }}" | ||
tasks: | ||
- name: Create user on remote host | ||
become: true | ||
ansible.builtin.user: | ||
name: "{{ _user }}" | ||
state: present | ||
|
||
- name: Look for local ssh pub key | ||
delegate_to: localhost | ||
block: | ||
- name: Look for id_rsa.pub file | ||
ansible.builtin.stat: | ||
path: "{{ lookup('env', 'HOME') }}//.ssh/id_rsa.pub" | ||
register: rsa_pub_key | ||
|
||
- name: Look for id_ed25519.pub file | ||
delegate_to: localhost | ||
ansible.builtin.stat: | ||
path: "{{ lookup('env', 'HOME') }}//.ssh/id_ed25519.pub" | ||
register: ed_pub_key | ||
|
||
- name: Assert at least one public key exists | ||
ansible.builtin.assert: | ||
that: | ||
- rsa_pub_key.stat.exists or ed_pub_key.stat.exists | ||
quiet: true | ||
msg: | | ||
FATAL: you need to have at least one public key in your ~/.ssh directory. | ||
Please generate one using either ssh-keygen -t ed25519 -b 512 or | ||
ssh-keygen -t rsa -b 4096. | ||
- name: Add RSA pub key to authorized keys | ||
when: rsa_pub_key.stat.exists | ||
ansible.posix.authorized_key: | ||
user: "{{ _user }}" | ||
state: present | ||
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}" | ||
|
||
- name: Add ed25519 pub key to authorized keys | ||
when: ed_pub_key.stat.exists | ||
ansible.posix.authorized_key: | ||
user: "{{ _user }}" | ||
state: present | ||
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}" | ||
|
||
- name: Grant sudo privileges to remote user | ||
ansible.builtin.copy: | ||
content: | | ||
"{{ _user }}" ALL=(ALL) NOPASSWD:ALL | ||
dest: /etc/sudoers.d/zuul | ||
owner: root | ||
group: root | ||
mode: 0640 | ||
|
||
- name: Remove existing repos | ||
when: | ||
- _rhos_release | bool | ||
ansible.builtin.command: "rm -fr /etc/yum.repos.d/*.repo" | ||
|
||
- name: Cleanup the existing cache | ||
when: | ||
- _rhos_release | bool | ||
ansible.builtin.command: "dnf clean all" | ||
|
||
- name: Install RHOS Release tool | ||
when: | ||
- _rhos_release | bool | ||
ansible.builtin.package: | ||
name: "http://download.devel.redhat.com/rcm-guest/puddles/OpenStack/rhos-release/rhos-release-latest.noarch.rpm" | ||
state: present | ||
disable_gpg_check: true | ||
|
||
- name: Enable RHEL repos | ||
when: | ||
- _rhos_release | bool | ||
ansible.builtin.command: "rhos-release rhel" | ||
|
||
- name: Install certs | ||
ansible.builtin.package: | ||
name: "http://hdn.corp.redhat.com/rhel8-csb/RPMS/noarch/redhat-internal-cert-install-0.1-31.el7.noarch.rpm" | ||
state: present | ||
disable_gpg_check: true | ||
|
||
- name: Install basic packages | ||
ansible.builtin.package: | ||
name: | ||
- git | ||
- make | ||
- libvirt | ||
- libvirt-client | ||
- libvirt-daemon | ||
- libvirt-daemon-kvm | ||
- virt-install | ||
- qemu-kvm | ||
- libguestfs | ||
- guestfs-tools | ||
|
||
- name: Allow qemu user on user home directory for VM storage accesses | ||
ansible.posix.acl: | ||
path: "/home/{{ _user }}" | ||
entity: qemu | ||
etype: user | ||
permissions: rx | ||
state: present | ||
|
||
- name: Add zuul user to libvirt group | ||
ansible.builtin.user: | ||
name: "{{ _user }}" | ||
groups: libvirt | ||
append: true | ||
|
||
- name: Clear facts from the hypervisor | ||
ansible.builtin.meta: clear_facts |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters