############################################################################## # Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. # # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- - name: make sure ssh dir exist file: path: '{{ item.path }}' owner: '{{ item.owner }}' group: '{{ item.group }}' state: directory mode: 0755 with_items: - path: /root/.ssh owner: root group: root - name: write ssh config copy: content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no" dest: '{{ item.dest }}' owner: '{{ item.owner }}' group: '{{ item.group }}' mode: 0600 with_items: - dest: /root/.ssh/config owner: root group: root - name: generate ssh keys shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \ then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \ else echo "already gen ssh key!"; fi; - name: fetch ssh keys fetch: src: /root/.ssh/id_rsa.pub dest: /tmp/ssh-keys-{{ ansible_hostname }} flat: "yes" - authorized_key: user: root key: "{{ lookup('file', item) }}" with_fileglob: - /tmp/ssh-keys-* - /root/.ssh/id_rsa.pub - name: configure BOOTPROTO to static replace: dest: /etc/sysconfig/network-scripts/ifcfg-{{ compu_sys_mappings["external"]["interface"] }} regexp: 'BOOTPROTO=.*' replace: 'BOOTPROTO=static' - name: remove default route for mgmt lineinfile: dest: /etc/sysconfig/network-scripts/ifcfg-eth0 line: "DEFROUTE=\"no\"" - name: backup external configure shell: | mv /etc/sysconfig/network-scripts/ifcfg-{{ compu_sys_mappings["external"]["interface"] }} \ /home/ifcfg-{{ compu_sys_mappings["external"]["interface"] }} - name: configure external network template: src: ifcfg-external.j2 dest: /etc/sysconfig/network-scripts/ifcfg-{{compu_sys_mappings["external"]["interface"]}} - name: restart network shell: systemctl restart network - name: change sources(yum) list copy: src: centos_base.repo dest: /etc/yum.repos.d/centos_base.repo - name: Install yum packages yum: pkg: "{{ item }}" state: "present" with_items: "{{ yumpackages }}" - name: add the appropriate kernel modules copy: src: modules dest: /etc/modules-load.d/openstack-ansible.conf - name: restart ntp service shell: | systemctl stop ntpd.service; systemctl disable ntpd.service; - name: change the MaxSessions lineinfile: dest: /etc/ssh/sshd_config line: "MaxSessions 500" - name: restart ssh service shell: service sshd restart - name: recovery external configure shell: | mv /home/ifcfg-{{ compu_sys_mappings["external"]["interface"] }} \ /etc/sysconfig/network-scripts/ifcfg-{{ compu_sys_mappings["external"]["interface"] }} - name: add default route for mgmt lineinfile: dest: /etc/sysconfig/network-scripts/ifcfg-eth0 regexp: "^DEFROUTE=\"no\"" state: absent - name: restart network shell: systemctl restart network