# Make expensive lookups to NetBox once for later reference by any host.
- when: lookup("env", "NETBOX_API") != ""
delegate_to: localhost
block:
- name: Lookup networks and prefixes
run_once: true
set_fact:
vlans: '{{ query("netbox.netbox.nb_lookup", "vlans", api_filter="group=new-net", raw_data=true)
| sort(attribute="vid") }}'
prefixes: '{{ query("netbox.netbox.nb_lookup", "prefixes", raw_data=true)
| sort(attribute="prefix") | sort(attribute="family.value") }}'
- when: 'cluster is defined and not is_virtual'
block:
- name: Get my cluster and all nodes in it
set_fact:
cluster: '{{ query("netbox.netbox.nb_lookup", "clusters", raw_data=true, api_filter="name="+cluster) | first }}'
nodes: '{{ groups["cluster_"+cluster] | map("extract", hostvars) | rejectattr("is_virtual") }}'
- name: Get cluster services
set_fact:
cluster_services: '{{ (cluster_services|default([])) + query("netbox.netbox.nb_lookup", "services", raw_data=true, api_filter="id="+item) }}'
loop: '{{ cluster.custom_fields.services | map(attribute="id") | map("string") }}'
- name: Fetch passwords
delegate_to: localhost
set_fact:
password: '{{ lookup("passwordstore", ("vm/" if is_virtual else "host/")~inventory_hostname, returnall=true, missing="empty") | from_yaml }}'
- name: Get SSH keys
delegate_to: localhost
check_mode: false
run_once: true
block:
- name: Get GPG key IDs
shell: cat ${PASSWORD_STORE_DIR:-~/.password-store}/.gpg-id
changed_when: false
register: gpg_ids
- name: Export public SSH keys
shell: echo "$(gpg --export-ssh-key {{ item }} | cut -d ' ' -f 1,2) $(gpg --list-keys --with-colons {{ item }} | sed -n 's@uid:.*<\(.*\)>.*@\1@p')"
loop: '{{ gpg_ids.stdout_lines }}'
changed_when: false
register: ssh_export
- name: Set SSH keys to deploy on servers
set_fact:
ssh_keys: '{{ ssh_export.results | map(attribute="stdout") }}'
failed_when: not ssh_keys # something must be terribly wrong so let’s not lock everyone out