From 9ec46957fd787fb7d72c34e94e8022168b459a63 Mon Sep 17 00:00:00 2001 From: Pavel Raiskup Date: Wed, 18 Nov 2020 10:32:24 +0100 Subject: [PATCH] aws-cloud: clean up and try to fix batcave's host keys --- inventory/group_vars/copr_dev_aws | 2 + tasks/aws_cloud.yml | 110 ++++++------------------------ 2 files changed, 21 insertions(+), 91 deletions(-) diff --git a/inventory/group_vars/copr_dev_aws b/inventory/group_vars/copr_dev_aws index 3bbb61bd02..6ae62cbe5a 100644 --- a/inventory/group_vars/copr_dev_aws +++ b/inventory/group_vars/copr_dev_aws @@ -1,6 +1,8 @@ --- devel: true +birthday: yes + copr_messaging: false datacenter: aws diff --git a/tasks/aws_cloud.yml b/tasks/aws_cloud.yml index d773aad572..a4015306ec 100644 --- a/tasks/aws_cloud.yml +++ b/tasks/aws_cloud.yml @@ -1,16 +1,29 @@ -# c&p from persistent_cloud.yml, with necessary edits, this only works -# with modern Fedora for now, not RHEL/CentOS +# Inspired by persistent_cloud.yml, but the VM is not started automatically. +# This only works with modern Fedora for now, not with RHEL/CentOS. +--- - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README -- name: check it out +- name: check if the server is up, needs to be pre-started local_action: shell nc -w 5 {{ inventory_hostname }} 22 < /dev/null register: host_is_up - # ignore_errors: true changed_when: false check_mode: no -#####################################################x +- name: gather ssh host key from new instance + local_action: command ssh-keyscan -t rsa {{ inventory_hostname }} + ignore_errors: true + register: hostkey + when: birthday is defined + +- name: add new ssh host key (until we can sign it) + local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" + host={{ inventory_hostname }} state=present + ignore_errors: true + with_items: + - /root/.ssh/known_hosts + when: birthday is defined + # from https://github.com/praiskup/ansible-role-fix-root-ssh - name: allow root ssh connections lineinfile: @@ -33,80 +46,6 @@ become_user: root when: birthday is defined -- meta: reset_connection - when: birthday is defined - -# from https://github.com/praiskup/ansible-role-fix-root-ssh -#####################################################x - -### - name: spin UP VM using nova_compute -### become: False -### local_action: -### module: nova_compute -### auth_url: "{{os_auth_url}}" -### login_username: "admin" -### login_password: "{{ADMIN_PASS}}" -### login_tenant_name: "{{inventory_tenant}}" -### name: "{{inventory_instance_name}}" -### image_id: "{{ image|image_name_to_id('admin', ADMIN_PASS, inventory_tenant, os_auth_url) }}" -### wait_for: 600 -### flavor_id: "{{ instance_type|flavor_name_to_id('admin', ADMIN_PASS, inventory_tenant, os_auth_url) }}" -### security_groups: "{{security_group}}" -### key_name: "{{ keypair }}" -### nics: "{{ cloud_networks }}" -### user_data: "#cloud-config\ndisable_root: 0" -### floating_ips: -### - "{{public_ip}}" -### register: nova_result -### when: host_is_up is failed -### -### # instance can be both id and name, volume must be id -### # volume must be id -### # -### # Check that the volume is available -### # -### - local_action: shell nova --os-auth-url="{{os_auth_url}}" --os-username="admin" --os-password="{{ADMIN_PASS}}" --os-tenant-name={{inventory_tenant}} volume-list | grep ' {{item.volume_id}} ' | grep 'available' -### with_items: "{{ volumes|default([]) }}" -### register: volume_available -### failed_when: volume_available.rc == 2 -### changed_when: volume_available.rc == 0 -### ignore_errors: True -### when: volumes is defined -### check_mode: no -### -### # -### # If it is attach it. -### # -### - local_action: shell nova --os-auth-url="{{os_auth_url}}" --os-username="admin" --os-password="{{ADMIN_PASS}}" --os-tenant-name={{inventory_tenant}} volume-attach "{{inventory_instance_name}}" "{{item.volume_id}}" "{{item.device}}" -### with_items: "{{ volume_available.results|default([]) }}" -### ignore_errors: True -### failed_when: False -### when: volumes is defined and volume_available is defined and item.changed -### -### - name: wait for he host to be hot -### local_action: wait_for host={{ public_ip }} port=22 delay=1 timeout=600 -### when: host_is_up is failed -### -### # SSH is up and running, however cloud-init still did not deployed ssh keypair -### # we have to wait some time. 10 sec is usually enough, but not always. -### -### - name: waiting for cloud-init -### pause: seconds=30 -### when: host_is_up is failed - -### - name: gather ssh host key from new instance -### local_action: command ssh-keyscan -t rsa {{ inventory_hostname }} -### ignore_errors: True -### register: hostkey -### when: host_is_up is failed -### -### - name: add new ssh host key (until we can sign it) -### local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present -### ignore_errors: True -### with_items: -### - /root/.ssh/known_hosts -### when: host_is_up is failed - # # Next we try and gather facts. If the host doesn't have python2 this will fail. # @@ -114,7 +53,7 @@ - name: gather facts setup: check_mode: no - ignore_errors: True + ignore_errors: true register: facts # @@ -127,16 +66,5 @@ - birthday is defined - facts is failed -# TODO - somehow guess when keypair is finally deployed and return little bit earlier -## We need to specify user, here we trying with fedora or root -#- name: wait until ssh is available -# # local_action: shell false; until [ "$?" -eq "0" ]; do sleep 2; ssh -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar' || ssh -o PasswordAuthentication=no root@{{ public_ip }} 'echo foobar'; done -# # local_action: shell false; until [ "$?" -eq "0" ]; do sleep 2; ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar'; done -# local_action: shell whoami && ssh -vvvv -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar' -# # async: 20 -# # poll: 5 -# ignore_errors: True -# - - name: Include SSH config import_role: name=basessh