Timotej Lazar
d162f175a4
Instead of pinging each host to see if it’s Windows. Make sure to set the platform at least for such hosts.
64 lines
2.5 KiB
YAML
64 lines
2.5 KiB
YAML
# Read secrets and keys.
|
|
- name: Get public SSH keys for root login
|
|
delegate_to: localhost
|
|
check_mode: false
|
|
run_once: true
|
|
block:
|
|
- name: Read GPG key IDs from secret store
|
|
shell: cat ${PASSWORD_STORE_DIR:-~/.password-store}/.gpg-id
|
|
changed_when: false
|
|
register: gpg_ids
|
|
|
|
- name: Retrieve public SSH keys from GPG keyring
|
|
shell: echo "$(gpg --export-ssh-key {{ item }} | cut -d ' ' -f 1,2) $(gpg --list-keys --with-colons {{ item }} | sed -n 's@uid:.*<\(.*\)>.*@\1@p')"
|
|
loop: '{{ gpg_ids.stdout_lines }}'
|
|
changed_when: false
|
|
register: ssh_export
|
|
|
|
- name: Store a list of SSH keys
|
|
set_fact:
|
|
ssh_keys: '{{ ssh_export.results | map(attribute="stdout") }}'
|
|
failed_when: not ssh_keys # something must be terribly wrong so let’s not lock everyone out
|
|
|
|
- name: Get passwords
|
|
delegate_to: localhost
|
|
set_fact:
|
|
password: '{{ lookup("passwordstore", ("vm/" if is_virtual else "host/")~inventory_hostname, returnall=true, missing="empty") | from_yaml }}'
|
|
no_log: true
|
|
|
|
# Make expensive lookups to NetBox once for later reference by any host.
|
|
- when: lookup("env", "NETBOX_API") != ""
|
|
delegate_to: localhost
|
|
block:
|
|
- name: Lookup networks and prefixes
|
|
run_once: true
|
|
set_fact:
|
|
vlans: '{{ query("netbox.netbox.nb_lookup", "vlans", api_filter="group=new-net", raw_data=true)
|
|
| sort(attribute="vid") }}'
|
|
prefixes: '{{ query("netbox.netbox.nb_lookup", "prefixes", raw_data=true)
|
|
| sort(attribute="prefix") | sort(attribute="family.value") }}'
|
|
|
|
- when: 'cluster is defined and not is_virtual'
|
|
block:
|
|
- name: Get my cluster and all nodes in it
|
|
set_fact:
|
|
cluster: '{{ query("netbox.netbox.nb_lookup", "clusters", raw_data=true, api_filter="name="+cluster) | first }}'
|
|
nodes: '{{ groups["cluster_"+cluster] | map("extract", hostvars) | rejectattr("is_virtual") }}'
|
|
|
|
- name: Get cluster services
|
|
set_fact:
|
|
cluster_services: '{{ (cluster_services|default([])) + query("netbox.netbox.nb_lookup", "services", raw_data=true, api_filter="id="+item) }}'
|
|
loop: '{{ cluster.custom_fields.services | map(attribute="id") | map("string") }}'
|
|
|
|
# Set host-specific connection parameters.
|
|
- name: Set SSH connection username
|
|
set_fact:
|
|
ansible_ssh_user: "{{ password.user }}"
|
|
when: password.user is defined
|
|
|
|
- name: Set connection parameters for Windows
|
|
set_fact:
|
|
ansible_shell_type: powershell
|
|
ansible_become_method: runas
|
|
ansible_become_flags: ""
|
|
when: platform == "windows"
|