[ansible] Add aarch64 builders
by Nicolas Chauvet
commit a6757590a75d8cc5593cf441a11d8de8a8131875
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Mar 16 23:07:56 2017 +0100
Add aarch64 builders
inventory/builders | 7 +++++++
inventory/inventory | 1 +
2 files changed, 8 insertions(+), 0 deletions(-)
---
diff --git a/inventory/builders b/inventory/builders
index 42a2b9a..ff5f89e 100644
--- a/inventory/builders
+++ b/inventory/builders
@@ -1,3 +1,6 @@
+[buildaarch64]
+aarch64-01.linaro.rpmfusion.net
+aarch64-02.linaro.rpmfusion.net
[buildvm]
buildvm-01.online.rpmfusion.net
@@ -20,6 +23,9 @@ buildvm-ppc64le
[buildarm:children]
scaleway-c1
+[linaro:children]
+buildaarch64
+
[osuosl:children]
buildvm-ppc64
buildvm-ppc64le
@@ -31,6 +37,7 @@ arm-builder03.scaleway.rpmfusion.net
#arm-builder04.scaleway.rpmfusion.net
[builders:children]
+buildaarch64
buildhw
buildvm
buildvm-ppc64
diff --git a/inventory/inventory b/inventory/inventory
index 67e778c..a4e8901 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -1,5 +1,6 @@
[bastion]
hv01.online.rpmfusion.net
+bastion02.linaro.rpmfusion.net
[bodhi2]
bodhi01.online.rpmfusion.net
7 years, 9 months
[ansible] Remove dynamic var on pythonsitelib as not used by this role actually. TODO: include_vars rhel6's
by Xavier Lamien
commit 0b85120a726207ff3005076a99e17477cc2f0747
Author: Xavier Lamien <laxathom(a)fedoraproject.org>
Date: Tue Mar 7 14:45:15 2017 +0100
Remove dynamic var on pythonsitelib as not used by this role actually. TODO: include_vars rhel6's
roles/fas_server/tasks/main.yml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/fas_server/tasks/main.yml b/roles/fas_server/tasks/main.yml
index 4b8b159..04ccfcf 100644
--- a/roles/fas_server/tasks/main.yml
+++ b/roles/fas_server/tasks/main.yml
@@ -378,7 +378,7 @@
- name: HOTFIX on tgcatpcha2's model to prevent code execution
copy: src={{ files }}/hotfix/python-tgcaptcha2/model.py
- dest={{ pythonsitelib }}/tgcaptcha2/model.py
+ dest=/usr/lib/python2.6/site-packages/tgcaptcha2/model.py
mode=644 owner=root group=root
when: master_fas_node
tags:
7 years, 9 months
[ansible] Update syntaxes on check and typo
by Xavier Lamien
commit 701aa7fbf407f2b10f614fdd91e0ed9bbba1b1ba
Author: Xavier Lamien <laxathom(a)fedoraproject.org>
Date: Tue Mar 7 14:43:36 2017 +0100
Update syntaxes on check and typo
roles/fas_server/tasks/main.yml | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/roles/fas_server/tasks/main.yml b/roles/fas_server/tasks/main.yml
index ee04516..4b8b159 100644
--- a/roles/fas_server/tasks/main.yml
+++ b/roles/fas_server/tasks/main.yml
@@ -377,11 +377,11 @@
- hotfixfas
- name: HOTFIX on tgcatpcha2's model to prevent code execution
- copy: src={{ files}}/hotfix/python-tgcaptcha2/model.py
+ copy: src={{ files }}/hotfix/python-tgcaptcha2/model.py
dest={{ pythonsitelib }}/tgcaptcha2/model.py
mode=644 owner=root group=root
- when: master_fas_node = True
+ when: master_fas_node
tags:
- fas
- hotfix-captcha2
- - hostfix-fas
+ - hotfix-fas
7 years, 9 months
[ansible] Add hotfix on tgcaptcha2 to prevent code execution
by Xavier Lamien
commit be1e1bb0034f94c09c1b00b63faf0cc1761d7182
Author: Xavier Lamien <laxathom(a)fedoraproject.org>
Date: Tue Mar 7 14:30:33 2017 +0100
Add hotfix on tgcaptcha2 to prevent code execution
files/hotfix/python-tgcaptcha2/model.py | 66 +++++++++++++++++++++++++++++++
roles/fas_server/tasks/main.yml | 9 ++++
2 files changed, 75 insertions(+), 0 deletions(-)
---
diff --git a/files/hotfix/python-tgcaptcha2/model.py b/files/hotfix/python-tgcaptcha2/model.py
new file mode 100644
index 0000000..50b943a
--- /dev/null
+++ b/files/hotfix/python-tgcaptcha2/model.py
@@ -0,0 +1,66 @@
+from datetime import datetime
+import calendar
+import json
+import uuid
+
+
+class Captcha(object):
+ """Pertinent data about a Captcha.
+
+ Exposed properties are:
+ plaintext: (read/write) a string representing the text of the captcha
+ (i.e. what is it supposed to say)
+ created: (read only) the UTC date when the captcha was created. This
+ data is updated when the plaintext property is updated.
+
+ Exposed methods:
+ serialize(): returns a binary representation of the object
+ deseralize(obj): creates a Captcha object given the output of the
+ serialize() method. This is a classmethod.
+ """
+
+ _plaintext = None
+ _created = None # stored as UTC
+ _nonce = None
+
+ def __init__(self, plaintext=''):
+ super(Captcha, self).__init__()
+ self.plaintext = plaintext
+ self.label = None
+ self._nonce = uuid.uuid1().hex
+
+ def get_plaintext(self):
+ return self._plaintext
+
+ def set_plaintext(self, text):
+ self._plaintext = text
+ self._created = datetime.utcnow()
+
+ plaintext = property(get_plaintext, set_plaintext)
+ # def get_created(self):
+ # return self._created
+
+ c = lambda s: s._created
+
+ nonce = property(lambda s: s._nonce)
+ created = property(lambda s: s._created)
+
+ def serialize(self):
+ """Get a serialized binary representation of the object."""
+ # Serializing to a tuple containing the data elements instead of
+ # just pickling the object is being done because the tuple
+ # pickle is much smaller than the pickled object itself.
+ secs = int(calendar.timegm(self.created.utctimetuple()))
+ t = (self.plaintext, secs, self.label, self.nonce)
+ return json.dumps(t)
+
+ def deserialize(cls, serialized_obj):
+ "Create a new Captcha object given output from the serialize method."
+ t = json.loads(serialized_obj)
+ scp = cls()
+ scp._plaintext = t[0]
+ scp._created = datetime.utcfromtimestamp(t[1])
+ scp.label = t[2]
+ scp._nonce = t[3]
+ return scp
+ deserialize = classmethod(deserialize)
diff --git a/roles/fas_server/tasks/main.yml b/roles/fas_server/tasks/main.yml
index f4499d4..ee04516 100644
--- a/roles/fas_server/tasks/main.yml
+++ b/roles/fas_server/tasks/main.yml
@@ -376,3 +376,12 @@
- fas
- hotfixfas
+- name: HOTFIX on tgcatpcha2's model to prevent code execution
+ copy: src={{ files}}/hotfix/python-tgcaptcha2/model.py
+ dest={{ pythonsitelib }}/tgcaptcha2/model.py
+ mode=644 owner=root group=root
+ when: master_fas_node = True
+ tags:
+ - fas
+ - hotfix-captcha2
+ - hostfix-fas
7 years, 9 months
[ansible] HACK disable keytab for sigul bridge
by Nicolas Chauvet
commit 8e33604fc5aa64a83b333b9df8298abf3e487856
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Mar 2 18:32:05 2017 +0100
HACK disable keytab for sigul bridge
playbooks/groups/sign-bridge.yml | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/playbooks/groups/sign-bridge.yml b/playbooks/groups/sign-bridge.yml
index 0cd8cfd..ebd038b 100644
--- a/playbooks/groups/sign-bridge.yml
+++ b/playbooks/groups/sign-bridge.yml
@@ -24,10 +24,10 @@
- hosts
- fas_client
- sudo
- - role: keytab/service
- service: sigul
- owner_user: sigul
- owner_group: sigul
+# - role: keytab/service
+# service: sigul
+# owner_user: sigul
+# owner_group: sigul
- sigul/bridge
tasks:
7 years, 9 months
[ansible] Add keytab service
by Nicolas Chauvet
commit d1257948c97bf9c1c246eaab23e0bc57480d2e22
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Mar 2 18:31:13 2017 +0100
Add keytab service
roles/keytab/service/defaults/main.yml | 4 +
roles/keytab/service/tasks/main.yml | 156 ++++++++++++++++++++++++++++++++
2 files changed, 160 insertions(+), 0 deletions(-)
---
diff --git a/roles/keytab/service/defaults/main.yml b/roles/keytab/service/defaults/main.yml
new file mode 100644
index 0000000..13bd71e
--- /dev/null
+++ b/roles/keytab/service/defaults/main.yml
@@ -0,0 +1,4 @@
+owner_user: root
+owner_group: root
+host: "{{inventory_hostname }}"
+kt_location: "/etc/krb5.{{service}}_{{host}}.keytab"
diff --git a/roles/keytab/service/tasks/main.yml b/roles/keytab/service/tasks/main.yml
new file mode 100644
index 0000000..a98c896
--- /dev/null
+++ b/roles/keytab/service/tasks/main.yml
@@ -0,0 +1,156 @@
+---
+- name: Determine whether we need to get keytab
+ stat: path={{kt_location}}
+ register: keytab_status
+ check_mode: no
+ changed_when: "1 != 1"
+ tags:
+ - keytab
+ - config
+ - krb5
+
+- name: Get admin ticket
+ delegate_to: "{{ ipa_server }}"
+ shell: echo "{{ipa_admin_password}}" | kinit admin
+ check_mode: no
+ changed_when: "1 != 1"
+ tags:
+ - keytab
+ - config
+ - krb5
+ when: not keytab_status.stat.exists
+
+- name: Create host entry
+ delegate_to: "{{ ipa_server }}"
+ command: ipa host-add {{host}}
+ register: host_add_result
+ check_mode: no
+ changed_when: "'Added host' in host_add_result.stdout"
+ failed_when: "not ('Added host' in host_add_result.stdout or 'already exists' in host_add_result.stderr)"
+ tags:
+ - keytab
+ - config
+ - krb5
+ when: not keytab_status.stat.exists
+
+- name: Create service entry
+ delegate_to: "{{ ipa_server }}"
+ command: ipa service-add {{service}}/{{host}}
+ register: service_add_result
+ check_mode: no
+ changed_when: "'Added service' in service_add_result.stdout"
+ failed_when: "not ('Added service' in service_add_result.stdout or 'already exists' in service_add_result.stderr)"
+ tags:
+ - keytab
+ - config
+ - krb5
+ when: not keytab_status.stat.exists and service != "host"
+
+- name: Grant host access to keytab
+ delegate_to: "{{ ipa_server }}"
+ command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --hosts={{inventory_hostname}}
+ register: service_perm_add_result
+ check_mode: no
+ changed_when: "'members added 1' in service_perm_add_result.stdout"
+ failed_when: "not ('members added' in service_perm_add_result.stdout)"
+ tags:
+ - keytab
+ - config
+ - krb5
+ when: not keytab_status.stat.exists
+
+- name: Grant admin access to keytab
+ delegate_to: "{{ ipa_server }}"
+ command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --users=admin
+ register: service_perm_add_result
+ check_mode: no
+ changed_when: "'members added 1' in service_perm_add_result.stdout"
+ failed_when: "not ('members added' in service_perm_add_result.stdout)"
+ tags:
+ - keytab
+ - config
+ - krb5
+ when: not keytab_status.stat.exists
+
+- name: Retrieve keytab
+ delegate_to: "{{ ipa_server }}"
+ command: ipa-getkeytab --retrieve --server {{ipa_server}} --keytab /tmp/{{service}}_{{host}}.kt --principal {{service}}/{{host}}
+ register: retrieve_result
+ check_mode: no
+ changed_when: "1 != 1"
+ failed_when: "not ('Keytab successfully retrieved' in retrieve_result.stderr or 'krbPrincipalKey not found' in retrieve_result.stderr)"
+ tags:
+ - keytab
+ - config
+ - krb5
+ when: not keytab_status.stat.exists
+
+- name: Create keytab if it did not exist
+ delegate_to: "{{ ipa_server }}"
+ command: ipa-getkeytab --server {{ipa_server}} --keytab /tmp/{{service}}_{{host}}.kt --principal {{service}}/{{host}}
+ tags:
+ - keytab
+ - config
+ - krb5
+ when: not keytab_status.stat.exists and 'krbPrincipalKey not found' in retrieve_result.stderr
+
+- name: Destroy admin ticket
+ delegate_to: "{{ ipa_server }}"
+ command: kdestroy -A
+ tags:
+ - keytab
+ - config
+ - krb5
+ when: not keytab_status.stat.exists
+
+- name: Get keytab
+ delegate_to: "{{ ipa_server }}"
+ command: base64 /tmp/{{service}}_{{host}}.kt
+ register: keytab
+ check_mode: no
+ tags:
+ - keytab
+ - config
+ - krb5
+ when: not keytab_status.stat.exists
+
+- name: Destroy stored keytab
+ delegate_to: "{{ ipa_server }}"
+ file: path=/tmp/{{service}}_{{host}}.kt state=absent
+ tags:
+ - keytab
+ - config
+ - krb5
+ when: not keytab_status.stat.exists
+
+- name: Deploy base64 keytab
+ copy: dest={{kt_location}}.b64
+ content={{keytab.stdout}}
+ owner={{owner_user}} group={{owner_group}} mode=0600
+ tags:
+ - keytab
+ - config
+ - krb5
+ when: not keytab_status.stat.exists
+
+- name: Base64-decode keytab
+ shell: "umask 077 && base64 -d {{kt_location}}.b64 >{{kt_location}}"
+ tags:
+ - keytab
+ - config
+ - krb5
+ when: not keytab_status.stat.exists
+
+- name: Destroy encoded keytab
+ file: path={{kt_location}}.b64 state=absent
+ tags:
+ - keytab
+ - config
+ - krb5
+
+- name: Set keytab permissions
+ file: path={{kt_location}} owner={{owner_user}} group={{owner_group}} mode=0600 state=file
+ tags:
+ - keytab
+ - config
+ - krb5
7 years, 9 months
[ansible] Update sigul-bridge
by Nicolas Chauvet
commit 499982d4b53e295756ce7c89bacaf1bee2034975
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Mar 2 18:23:06 2017 +0100
Update sigul-bridge
playbooks/groups/sign-bridge.yml | 14 +++++++++-----
1 files changed, 9 insertions(+), 5 deletions(-)
---
diff --git a/playbooks/groups/sign-bridge.yml b/playbooks/groups/sign-bridge.yml
index 890b14f..0cd8cfd 100644
--- a/playbooks/groups/sign-bridge.yml
+++ b/playbooks/groups/sign-bridge.yml
@@ -2,9 +2,9 @@
# NOTE: this assumes the boxes are already up and are accessible
# NOTE: most of these vars_path come from group_vars/sign or from hostvars
#
-# FURTHER NOTE: some of These machines run day to day with sshd disabled/off.
-# Access is via management interface only. This playbook does initial setup.
-# Please check with rel-eng before doing anything here.
+# FURTHER NOTE: some of These machines run day to day with sshd disabled/off.
+# Access is via management interface only. This playbook does initial setup.
+# Please check with rel-eng before doing anything here.
#- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=sign-bridge"
@@ -13,7 +13,7 @@
user: root
gather_facts: true
- vars_files:
+ vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
@@ -24,12 +24,16 @@
- hosts
- fas_client
- sudo
+ - role: keytab/service
+ service: sigul
+ owner_user: sigul
+ owner_group: sigul
+ - sigul/bridge
tasks:
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- - include: "{{ tasks }}/sign_setup.yml"
handlers:
- include: "{{ handlers }}/restart_services.yml"
7 years, 9 months
[ansible] Remove old file
by Nicolas Chauvet
commit dde7ef829ed41ca18fc6209415a500d80a5573fd
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Mar 2 16:40:34 2017 +0100
Remove old file
tasks/sign_setup.yml | 70 --------------------------------------------------
1 files changed, 0 insertions(+), 70 deletions(-)
7 years, 9 months
[ansible] Update virt_instance_create
by Nicolas Chauvet
commit 8cc42da70ab0852823028438498d31e934173076
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Mar 2 16:26:42 2017 +0100
Update virt_instance_create
tasks/virt_instance_create.yml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/tasks/virt_instance_create.yml b/tasks/virt_instance_create.yml
index 94fc84b..290d396 100644
--- a/tasks/virt_instance_create.yml
+++ b/tasks/virt_instance_create.yml
@@ -6,7 +6,7 @@
delegate_to: "{{ vmhost }}"
virt: command=list_vms
register: result
- always_run: yes
+ check_mode: no
- name: ensure the lv for the guest is made
lvol: lv={{ inventory_hostname }} vg={{ volgroup }} size={{ lvm_size }} state=present
7 years, 9 months
[ansible] Update tasks
by Nicolas Chauvet
commit 563085c395223e73d363736177bbdd167ad6e0bf
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Mar 2 16:25:32 2017 +0100
Update tasks
tasks/cloud_setup_basic.yml | 38 ++++++++++++++++++++++++++++++--------
tasks/growroot_cloud.yml | 6 +++---
tasks/growroot_cloud_el7.yml | 6 +++---
tasks/persistent_cloud.yml | 28 +++++++++++++++++++++++-----
4 files changed, 59 insertions(+), 19 deletions(-)
---
diff --git a/tasks/cloud_setup_basic.yml b/tasks/cloud_setup_basic.yml
index 1e5db4e..6fddfd3 100644
--- a/tasks/cloud_setup_basic.yml
+++ b/tasks/cloud_setup_basic.yml
@@ -1,5 +1,5 @@
---
-- name: ntp pkgs
+- name: Install desired extra packages (yum)
yum: state=present pkg={{ item }}
with_items:
- ntpdate
@@ -10,12 +10,33 @@
tags:
- packages
-- name: ntp pkgs
- command: dnf install -y ntpdate ntp libsemanage-python libselinux-python
+- name: Install desired extra packages (dnf)
+ dnf: state=present pkg={{ item }}
+ with_items:
+ - ntpdate
+ - ntp
+ - libsemanage-python
+ - libselinux-python
when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
tags:
- packages
+- name: remove some packages (yum)
+ yum: state=absent pkg={{ item }}
+ with_items:
+ - chrony
+ tags:
+ - packages
+ when: ansible_distribution_major_version|int < 22
+
+- name: remove some packages (dnf)
+ dnf: state=absent pkg={{ item }}
+ with_items:
+ - chrony
+ tags:
+ - packages
+ when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
+
- name: put step-tickers in place
copy: src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
when: ansible_cmdline.ostree is not defined
@@ -32,17 +53,18 @@
# tags:
# - config
-- name: add ansible root key
+- name: add ansible root key
authorized_key: user=root key="{{ item }}"
with_file:
- /srv/web/infra/ansible/roles/base/files/ansible-pub-key
tags:
- config
- sshkeys
-
+
- name: add root keys for sysadmin-main and other allowed users
authorized_key: user=root key="{{ item }}"
- with_lines: "/srv/web/infra/ansible/scripts/auth-keys-from-fas @sysadmin-main {{ root_auth_users }}"
+ with_lines:
+ - "/srv/web/infra/ansible/scripts/auth-keys-from-fas @sysadmin-main {{ root_auth_users }}"
tags:
- config
- sshkeys
@@ -54,7 +76,7 @@
# note - kinda should be a handler - but handlers need args
- name: restorecon
- command: restorecon -R /root/.ssh
+ file: path=/root/.ssh setype=ssh_home_t recurse=yes
tags:
- config
@@ -73,7 +95,7 @@
- packages
- name: write out global-update-applied file if we updated
- copy: content="updated" dest=/etc/sysconfig/global-update-applied
+ copy: content="updated" dest=/etc/sysconfig/global-update-applied
when: updated is defined
tags:
- packages
diff --git a/tasks/growroot_cloud.yml b/tasks/growroot_cloud.yml
index 6388736..630c919 100644
--- a/tasks/growroot_cloud.yml
+++ b/tasks/growroot_cloud.yml
@@ -1,4 +1,4 @@
-- name: add infra repo
+- name: add infra repo
get_url: url=http://infrastructure.fedoraproject.org/el/infrastructure.repo dest=/etc/yum.repos.d/
when: is_rhel is defined
tags:
@@ -12,11 +12,11 @@
- name: growpart the second partition (/) to full size
command: growpart /dev/vda 2
register: growpart
- always_run: true
+ check_mode: no
changed_when: "growpart.rc != 1"
#failed_when: growpart.rc == 2
ignore_errors: true
-
+
- name: reboot the box
command: /sbin/reboot
when: growpart.rc == 0
diff --git a/tasks/growroot_cloud_el7.yml b/tasks/growroot_cloud_el7.yml
index b8ae7b1..0803064 100644
--- a/tasks/growroot_cloud_el7.yml
+++ b/tasks/growroot_cloud_el7.yml
@@ -1,4 +1,4 @@
-- name: add infra repo
+- name: add infra repo
get_url: url=http://infrastructure.fedoraproject.org/el/infrastructure.repo dest=/etc/yum.repos.d/
when: is_rhel is defined
tags:
@@ -12,10 +12,10 @@
- name: growpart the first partition (/) to full size
command: growpart /dev/vda 1
register: growpart
- always_run: true
+ check_mode: no
changed_when: "growpart.rc != 1"
failed_when: growpart.rc == 2
-
+
- name: reboot the box
command: /sbin/reboot
when: growpart.rc == 0
diff --git a/tasks/persistent_cloud.yml b/tasks/persistent_cloud.yml
index c4ae2f1..11a16dc 100644
--- a/tasks/persistent_cloud.yml
+++ b/tasks/persistent_cloud.yml
@@ -4,6 +4,8 @@
local_action: shell nc -w 5 {{ inventory_hostname }} 22 < /dev/null
register: host_is_up
ignore_errors: true
+ changed_when: false
+ check_mode: no
- name: clean out old known_hosts (name based entries)
local_action: known_hosts path={{item}} host={{inventory_hostname}} state=absent
@@ -44,10 +46,26 @@
# instance can be both id and name, volume must be id
# volume must be id
-- local_action: shell nova --os-auth-url="{{os_auth_url}}" --os-username="admin" --os-password="{{ADMIN_PASS}}" --os-tenant-name={{inventory_tenant}} volume-list | grep ' {{item.volume_id}} ' | grep 'available' && nova --os-auth-url="{{os_auth_url}}" --os-username="admin" --os-password="{{ADMIN_PASS}}" --os-tenant-name={{inventory_tenant}} volume-attach "{{inventory_instance_name}}" "{{item.volume_id}}" "{{item.device}}"
- with_items: volumes
- ignore_errors: yes
+#
+# Check that the volume is available
+#
+- local_action: shell nova --os-auth-url="{{os_auth_url}}" --os-username="admin" --os-password="{{ADMIN_PASS}}" --os-tenant-name={{inventory_tenant}} volume-list | grep ' {{item.volume_id}} ' | grep 'available'
+ with_items: "{{ volumes|default([]) }}"
+ register: volume_available
+ failed_when: volume_available.rc == 2
+ changed_when: volume_available.rc == 0
+ ignore_errors: True
when: volumes is defined
+ check_mode: no
+
+#
+# If it is attach it.
+#
+- local_action: shell nova --os-auth-url="{{os_auth_url}}" --os-username="admin" --os-password="{{ADMIN_PASS}}" --os-tenant-name={{inventory_tenant}} volume-attach "{{inventory_instance_name}}" "{{item.volume_id}}" "{{item.device}}"
+ with_items: "{{ volumes|default([]) }}"
+ ignore_errors: True
+ failed_when: False
+ when: volumes is defined and volume_available is defined and volume_available
- name: wait for he host to be hot
local_action: wait_for host={{ public_ip }} port=22 delay=1 timeout=600
@@ -60,7 +78,7 @@
when: host_is_up|failed
- name: add new ssh host key (you still need to add it to official ssh_host_keys later)
- local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present
+ local_action: known_hosts path={{ item }} key={{ hostkey.stdout }} host={{ inventory_hostname }} state=present
ignore_errors: True
with_items:
- /root/.ssh/known_hosts
@@ -80,7 +98,7 @@
- name: gather facts
setup:
- always_run: True
+ check_mode: no
ignore_errors: True
register: facts
7 years, 9 months