dave
/
ansible-playbooks
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
2 Branches
0 Tags
425 KiB
Tag: Branch: Tree: 5878ef2e31
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5878ef2e31'
${ noResults }
ansible-playbooks/roles/common/tasks/main.yml

148 lines
3.6 KiB
Raw Normal View History Unescape

init
2 years ago
- block:
- name: try to connect
wait_for_connection:
timeout: 10
- set_fact:
ssh_ok: yes
rescue:
- name: save old ansible ssh args
set_fact:
old_ansible_ssh_extra_args: "{{ ansible_ssh_extra_args | d('') }}"
- name: disable key checking and enable password login
set_fact:
ssh_ok: no
host_key_checking: no
ansible_password: "{{ container_password | d(host_password) }}"
ansible_ssh_extra_args: "{{ ansible_ssh_extra_args | d('') }} -o StrictHostKeyChecking=no"
- name: try to connect without key checking
wait_for_connection:
timeout: 10
- name: gather facts
setup:
gather_subset:
- min
- distribution
- name: generate host ssh key
include_tasks: gen_ssh_key.yml
when: (use_ssh_keys | d(true) == true) and ('containers' not in group_names)
- block:
- name: remove default dropbear keys
file:
path: "{{ (dropbear_dir, item) | path_join }}"
state: absent
loop:
- dropbear_dss_host_key
- dropbear_rsa_host_key
- dropbear_ecdsa_host_key
notify: restart dropbear
- name: generate ed25519 dropbear key if missing
command:
cmd: "dropbearkey -t ed25519 -f {{ (dropbear_dir, 'dropbear_ed25519_host_key') | path_join | quote }}"
creates: "{{ (dropbear_dir, 'dropbear_ed25519_host_key') | path_join }}"
notify: restart dropbear
- name: get remote host public key
command:
cmd: "dropbearkey -y -f {{ (dropbear_dir, 'dropbear_ed25519_host_key') | path_join | quote }}"
register: pubkey
changed_when: no
- name: get actual public key
set_fact:
host_ssh_pubkey: "{{ pubkey.stdout_lines | map('regex_search', '^ssh-ed25519.*$') | select('string') | first }}"
- name: fail if public key is missing
fail:
msg: "remote host ssh public key is missing"
when: host_ssh_pubkey | length == 0
- name: add public key to known_hosts on ansible controller
known_hosts:
key: "{{ ansible_host }} {{ host_ssh_pubkey }}"
name: "{{ ansible_host }}"
delegate_to: localhost
- name: edit dropbear conf file
lineinfile:
path: /etc/conf.d/dropbear
regexp: '^DROPBEAR_OPTS=.*$'
line: "DROPBEAR_OPTS=\"-r {{ (dropbear_dir, 'dropbear_ed25519_host_key') | path_join | quote }} -jk -T 5 -K 360 -I 7200\""
notify: restart dropbear
- name: copy dropbear init file
copy:
src: dropbear_init
dest: /etc/init.d/dropbear
force: yes
notify: restart dropbear
- name: ensure remote host has ansible key in authorized_keys file
lineinfile:
path: /root/.ssh/authorized_keys
line: "{{ container_key.public_key }}"
create: yes
mode: 0400
when: container_key is defined and container_key.public_key is defined
when: ansible_distribution == 'Alpine'
- name: flush handlers
meta: flush_handlers
- name: if key checking was disabled
block:
- name: set it back on
set_fact:
host_key_checking: yes
ansible_ssh_extra_args: "{{ old_ansible_ssh_extra_args }}"
ansible_password: "{{ None }}"
- name: try to connect
wait_for_connection:
timeout: 10
- set_fact:
ssh_ok: true
when: not ssh_ok
- name: add etc directory to backup plan
include_role:
name: backup
vars:
function: add
backup_items:
- /etc
- name: alpine setup
include_tasks: alpine.yml
when: ansible_distribution == 'Alpine'
- name: debian setup
include_tasks: debian.yml
when: ansible_distribution == 'Debian'