ansible/tasks/aws_cloud.yml

# c&p from persistent_cloud.yml, with necessary edits, this only works
# with modern Fedora for now, not RHEL/CentOS

- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README

- name: check it out
  local_action: shell nc -w 5 {{ inventory_hostname }} 22 < /dev/null
  register: host_is_up
  # ignore_errors: true
  changed_when: false
  check_mode: no

#####################################################x
# from https://github.com/praiskup/ansible-role-fix-root-ssh
- name: allow root ssh connections
  lineinfile:
    path: /etc/cloud/cloud.cfg
    regexp: '^disable_root:'
    line: 'disable_root: 0'
  remote_user: fedora
  become: true
  become_user: root
  when: birthday is defined

- name: use the same authorized_keys
  replace:
    path: /root/.ssh/authorized_keys
    regexp: '.*Please login as the user.* ssh-rsa '
    replace: 'ssh-rsa '
    backup: yes
  remote_user: fedora
  become: true
  become_user: root
  when: birthday is defined

- meta: reset_connection
  when: birthday is defined

# from https://github.com/praiskup/ansible-role-fix-root-ssh
#####################################################x

###   - name: spin UP VM using nova_compute
###     become: False
###     local_action:
###         module: nova_compute
###         auth_url: "{{os_auth_url}}"
###         login_username: "admin"
###         login_password: "{{ADMIN_PASS}}"
###         login_tenant_name: "{{inventory_tenant}}"
###         name: "{{inventory_instance_name}}"
###         image_id: "{{ image|image_name_to_id('admin', ADMIN_PASS, inventory_tenant, os_auth_url) }}"
###         wait_for: 600
###         flavor_id: "{{ instance_type|flavor_name_to_id('admin', ADMIN_PASS, inventory_tenant, os_auth_url) }}"
###         security_groups: "{{security_group}}"
###         key_name: "{{ keypair }}"
###         nics: "{{ cloud_networks }}"
###         user_data: "#cloud-config\ndisable_root: 0"
###         floating_ips:
###           - "{{public_ip}}"
###     register: nova_result
###     when: host_is_up is failed
###
###   # instance can be both id and name, volume must be id
###   # volume must be id
###   #
###   # Check that the volume is available
###   #
###   - local_action: shell nova --os-auth-url="{{os_auth_url}}" --os-username="admin" --os-password="{{ADMIN_PASS}}" --os-tenant-name={{inventory_tenant}} volume-list | grep ' {{item.volume_id}} ' | grep 'available'
###     with_items: "{{ volumes|default([]) }}"
###     register: volume_available
###     failed_when: volume_available.rc == 2
###     changed_when: volume_available.rc == 0
###     ignore_errors: True
###     when: volumes is defined
###     check_mode: no
###
###   #
###   # If it is attach it.
###   #
###   - local_action: shell nova --os-auth-url="{{os_auth_url}}" --os-username="admin" --os-password="{{ADMIN_PASS}}" --os-tenant-name={{inventory_tenant}} volume-attach "{{inventory_instance_name}}" "{{item.volume_id}}" "{{item.device}}"
###     with_items: "{{ volume_available.results|default([]) }}"
###     ignore_errors: True
###     failed_when: False
###     when: volumes is defined and volume_available is defined and item.changed
###
###   - name: wait for he host to be hot
###     local_action: wait_for host={{ public_ip }} port=22 delay=1 timeout=600
###     when: host_is_up is failed
###
###   # SSH is up and running, however cloud-init still did not deployed ssh keypair
###   # we have to wait some time. 10 sec is usually enough, but not always.
###
###   - name: waiting for cloud-init
###     pause: seconds=30
###     when: host_is_up is failed

- name: gather ssh host key from new instance
  local_action: command ssh-keyscan -t rsa {{ inventory_hostname }}
###  ignore_errors: True
  register: hostkey
  when: birthday is defined
###   when: host_is_up is failed

- name: add new ssh host key (until we can sign it)
  local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present
###  ignore_errors: True
  with_items:
  - /root/.ssh/known_hosts
  when: birthday is defined
###   when: host_is_up is failed

#
# Next we try and gather facts. If the host doesn't have python2 this will fail.
#

- name: gather facts
  setup:
  check_mode: no
  ignore_errors: True
  register: facts

#
# If that failed, then we use the raw module to install things
#

- name: install python3 and dnf stuff
  raw: sudo dnf -y install python3-dnf python3-libselinux python3
  when: facts is failed

# TODO - somehow guess when keypair is finally deployed and return little bit earlier
## We need to specify user, here we trying with fedora or root
#- name: wait until ssh is available
#  # local_action:  shell false; until [ "$?" -eq "0" ]; do sleep 2; ssh -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar'  || ssh -o PasswordAuthentication=no root@{{ public_ip }} 'echo foobar'; done
#  # local_action: shell false; until [ "$?" -eq "0" ]; do sleep 2; ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar'; done
#  local_action: shell whoami && ssh -vvvv -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar'
#  # async: 20
#  # poll: 5
#  ignore_errors: True
#

## - name: Include SSH config
##   import_role: name=basessh
aws_cloud.yml: more python3/fedora hacks 2020-02-19 22:50:52 +01:00			`# c&p from persistent_cloud.yml, with necessary edits, this only works`
			`# with modern Fedora for now, not RHEL/CentOS`
copr: add aws_cloud.yml task replacing persistent_cloud.yml And use it in copr-backend.yml playbook. 2020-02-19 22:14:32 +01:00
			`- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README`

			`- name: check it out`
			`local_action: shell nc -w 5 {{ inventory_hostname }} 22 < /dev/null`
			`register: host_is_up`
			`# ignore_errors: true`
			`changed_when: false`
			`check_mode: no`

aws_cloud.yml: more python3/fedora hacks 2020-02-19 22:50:52 +01:00			`#####################################################x`
			`# from https://github.com/praiskup/ansible-role-fix-root-ssh`
			`- name: allow root ssh connections`
			`lineinfile:`
			`path: /etc/cloud/cloud.cfg`
			`regexp: '^disable_root:'`
			`line: 'disable_root: 0'`
			`remote_user: fedora`
			`become: true`
			`become_user: root`
aws_cloud: conditionalize things by birthday 2020-02-21 11:25:15 +01:00			`when: birthday is defined`
aws_cloud.yml: more python3/fedora hacks 2020-02-19 22:50:52 +01:00
			`- name: use the same authorized_keys`
			`replace:`
			`path: /root/.ssh/authorized_keys`
			`regexp: '.Please login as the user. ssh-rsa '`
			`replace: 'ssh-rsa '`
			`backup: yes`
			`remote_user: fedora`
			`become: true`
			`become_user: root`
aws_cloud: conditionalize things by birthday 2020-02-21 11:25:15 +01:00			`when: birthday is defined`
aws_cloud.yml: more python3/fedora hacks 2020-02-19 22:50:52 +01:00
			`- meta: reset_connection`
aws_cloud: conditionalize things by birthday 2020-02-21 11:25:15 +01:00			`when: birthday is defined`

aws_cloud.yml: more python3/fedora hacks 2020-02-19 22:50:52 +01:00			`# from https://github.com/praiskup/ansible-role-fix-root-ssh`
			`#####################################################x`

copr: add aws_cloud.yml task replacing persistent_cloud.yml And use it in copr-backend.yml playbook. 2020-02-19 22:14:32 +01:00			`### - name: spin UP VM using nova_compute`
			`### become: False`
			`### local_action:`
			`### module: nova_compute`
			`### auth_url: "{{os_auth_url}}"`
			`### login_username: "admin"`
			`### login_password: "{{ADMIN_PASS}}"`
			`### login_tenant_name: "{{inventory_tenant}}"`
			`### name: "{{inventory_instance_name}}"`
			`### image_id: "{{ image\|image_name_to_id('admin', ADMIN_PASS, inventory_tenant, os_auth_url) }}"`
			`### wait_for: 600`
			`### flavor_id: "{{ instance_type\|flavor_name_to_id('admin', ADMIN_PASS, inventory_tenant, os_auth_url) }}"`
			`### security_groups: "{{security_group}}"`
			`### key_name: "{{ keypair }}"`
			`### nics: "{{ cloud_networks }}"`
			`### user_data: "#cloud-config\ndisable_root: 0"`
			`### floating_ips:`
			`### - "{{public_ip}}"`
			`### register: nova_result`
			`### when: host_is_up is failed`
remove whitespace, it annoys me 2020-02-21 11:08:07 +01:00			`###`
copr: add aws_cloud.yml task replacing persistent_cloud.yml And use it in copr-backend.yml playbook. 2020-02-19 22:14:32 +01:00			`### # instance can be both id and name, volume must be id`
			`### # volume must be id`
			`### #`
			`### # Check that the volume is available`
			`### #`
			`### - local_action: shell nova --os-auth-url="{{os_auth_url}}" --os-username="admin" --os-password="{{ADMIN_PASS}}" --os-tenant-name={{inventory_tenant}} volume-list \| grep ' {{item.volume_id}} ' \| grep 'available'`
			`### with_items: "{{ volumes\|default([]) }}"`
			`### register: volume_available`
			`### failed_when: volume_available.rc == 2`
			`### changed_when: volume_available.rc == 0`
			`### ignore_errors: True`
			`### when: volumes is defined`
			`### check_mode: no`
remove whitespace, it annoys me 2020-02-21 11:08:07 +01:00			`###`
copr: add aws_cloud.yml task replacing persistent_cloud.yml And use it in copr-backend.yml playbook. 2020-02-19 22:14:32 +01:00			`### #`
			`### # If it is attach it.`
			`### #`
			`### - local_action: shell nova --os-auth-url="{{os_auth_url}}" --os-username="admin" --os-password="{{ADMIN_PASS}}" --os-tenant-name={{inventory_tenant}} volume-attach "{{inventory_instance_name}}" "{{item.volume_id}}" "{{item.device}}"`
			`### with_items: "{{ volume_available.results\|default([]) }}"`
			`### ignore_errors: True`
			`### failed_when: False`
			`### when: volumes is defined and volume_available is defined and item.changed`
remove whitespace, it annoys me 2020-02-21 11:08:07 +01:00			`###`
copr: add aws_cloud.yml task replacing persistent_cloud.yml And use it in copr-backend.yml playbook. 2020-02-19 22:14:32 +01:00			`### - name: wait for he host to be hot`
			`### local_action: wait_for host={{ public_ip }} port=22 delay=1 timeout=600`
			`### when: host_is_up is failed`
remove whitespace, it annoys me 2020-02-21 11:08:07 +01:00			`###`
copr: add aws_cloud.yml task replacing persistent_cloud.yml And use it in copr-backend.yml playbook. 2020-02-19 22:14:32 +01:00			`### # SSH is up and running, however cloud-init still did not deployed ssh keypair`
			`### # we have to wait some time. 10 sec is usually enough, but not always.`
remove whitespace, it annoys me 2020-02-21 11:08:07 +01:00			`###`
copr: add aws_cloud.yml task replacing persistent_cloud.yml And use it in copr-backend.yml playbook. 2020-02-19 22:14:32 +01:00			`### - name: waiting for cloud-init`
			`### pause: seconds=30`
			`### when: host_is_up is failed`

			`- name: gather ssh host key from new instance`
			`local_action: command ssh-keyscan -t rsa {{ inventory_hostname }}`
			`### ignore_errors: True`
			`register: hostkey`
aws_cloud: conditionalize things by birthday 2020-02-21 11:25:15 +01:00			`when: birthday is defined`
copr: add aws_cloud.yml task replacing persistent_cloud.yml And use it in copr-backend.yml playbook. 2020-02-19 22:14:32 +01:00			`### when: host_is_up is failed`

			`- name: add new ssh host key (until we can sign it)`
			`local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present`
			`### ignore_errors: True`
			`with_items:`
			`- /root/.ssh/known_hosts`
aws_cloud: conditionalize things by birthday 2020-02-21 11:25:15 +01:00			`when: birthday is defined`
copr: add aws_cloud.yml task replacing persistent_cloud.yml And use it in copr-backend.yml playbook. 2020-02-19 22:14:32 +01:00			`### when: host_is_up is failed`

			`#`
			`# Next we try and gather facts. If the host doesn't have python2 this will fail.`
			`#`

			`- name: gather facts`
			`setup:`
			`check_mode: no`
			`ignore_errors: True`
			`register: facts`

			`#`
			`# If that failed, then we use the raw module to install things`
			`#`

aws_cloud.yml: rely on python3 for now 2020-02-19 22:35:10 +01:00			`- name: install python3 and dnf stuff`
aws_cloud.yml: more python3/fedora hacks 2020-02-19 22:50:52 +01:00			`raw: sudo dnf -y install python3-dnf python3-libselinux python3`
copr: add aws_cloud.yml task replacing persistent_cloud.yml And use it in copr-backend.yml playbook. 2020-02-19 22:14:32 +01:00			`when: facts is failed`

			`# TODO - somehow guess when keypair is finally deployed and return little bit earlier`
			`## We need to specify user, here we trying with fedora or root`
			`#- name: wait until ssh is available`
			`# # local_action: shell false; until [ "$?" -eq "0" ]; do sleep 2; ssh -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar' \|\| ssh -o PasswordAuthentication=no root@{{ public_ip }} 'echo foobar'; done`
			`# # local_action: shell false; until [ "$?" -eq "0" ]; do sleep 2; ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar'; done`
			`# local_action: shell whoami && ssh -vvvv -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar'`
			`# # async: 20`
			`# # poll: 5`
			`# ignore_errors: True`
			`#`
aws_cloud: don't run basessh role It is done in cloud_setup_basic.yml. 2020-02-21 11:02:57 +01:00
			`## - name: Include SSH config`
			`## import_role: name=basessh`