76 lines
3 KiB
YAML
76 lines
3 KiB
YAML
# Read secrets and keys.
|
|
- name: Get public SSH keys for root login
|
|
delegate_to: localhost
|
|
check_mode: false
|
|
run_once: true
|
|
block:
|
|
- name: Read GPG key IDs from secret store
|
|
shell: cat ${PASSWORD_STORE_DIR:-~/.password-store}/.gpg-id
|
|
changed_when: false
|
|
register: gpg_ids
|
|
|
|
- name: Retrieve public SSH keys from GPG keyring
|
|
shell: echo "$(gpg --export-ssh-key {{ item }} | cut -d ' ' -f 1,2) $(gpg --list-keys --with-colons {{ item }} | sed -n 's@uid:.*<\(.*\)>.*@\1@p')"
|
|
loop: '{{ gpg_ids.stdout_lines }}'
|
|
changed_when: false
|
|
register: ssh_export
|
|
|
|
- name: Store a list of SSH keys
|
|
set_fact:
|
|
ssh_keys: '{{ ssh_export.results | map(attribute="stdout") }}'
|
|
failed_when: not ssh_keys # something must be terribly wrong so let’s not lock everyone out
|
|
|
|
- name: Get passwords
|
|
delegate_to: localhost
|
|
set_fact:
|
|
password: '{{ lookup("passwordstore", ("vm/" if is_virtual else "host/")~inventory_hostname, returnall=true, missing="empty") | from_yaml }}'
|
|
no_log: true
|
|
|
|
# Make expensive lookups to NetBox once for later reference by any host.
|
|
- when: lookup("env", "NETBOX_API") != ""
|
|
delegate_to: localhost
|
|
block:
|
|
- name: Lookup networks and prefixes
|
|
run_once: true
|
|
set_fact:
|
|
vlans: '{{ query("netbox.netbox.nb_lookup", "vlans", api_filter="group=new-net", raw_data=true)
|
|
| sort(attribute="vid") }}'
|
|
prefixes: '{{ query("netbox.netbox.nb_lookup", "prefixes", raw_data=true)
|
|
| sort(attribute="prefix") | sort(attribute="family.value") }}'
|
|
|
|
# can only get NetBox ID for device/VM from (any) interface
|
|
# probably safe to assume at least one interface
|
|
- name: Get my ID
|
|
set_fact:
|
|
id: '{{ interfaces | map(attribute=("virtual_machine.id" if is_virtual else "device.id")) | first }}'
|
|
|
|
- name: Get my services
|
|
set_fact:
|
|
services: '{{
|
|
query("netbox.netbox.nb_lookup", "services", raw_data=true,
|
|
api_filter=("virtual_machine_id" if is_virtual else "device_id")+"="+id) }}'
|
|
|
|
- when: 'cluster is defined and not is_virtual'
|
|
block:
|
|
- name: Get my cluster and all nodes in it
|
|
set_fact:
|
|
cluster: '{{ query("netbox.netbox.nb_lookup", "clusters", raw_data=true, api_filter="name="+cluster) | first }}'
|
|
nodes: '{{ groups["cluster_"+cluster] | map("extract", hostvars) | rejectattr("is_virtual") }}'
|
|
|
|
- name: Get cluster services
|
|
set_fact:
|
|
cluster_services: '{{ (cluster_services|default([])) + query("netbox.netbox.nb_lookup", "services", raw_data=true, api_filter="id="+item) }}'
|
|
loop: '{{ cluster.custom_fields.services | map(attribute="id") | map("string") }}'
|
|
|
|
# Set host-specific connection parameters.
|
|
- name: Set SSH connection username
|
|
set_fact:
|
|
ansible_ssh_user: "{{ password.user }}"
|
|
when: password.user is defined
|
|
|
|
- name: Set connection parameters for Windows
|
|
set_fact:
|
|
ansible_shell_type: powershell
|
|
ansible_become_method: runas
|
|
ansible_become_flags: ""
|
|
when: platform | default("") == "windows"
|