54bec263a0
It is helpful to install haveged so we don't run out of entropy. Change-Id: I6c89b9d618a53f822ae8a9edb0528ac710f19da7 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
64 lines
1.7 KiB
YAML
64 lines
1.7 KiB
YAML
# Copyright 2019 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
---
|
|
- name: Configure bastion SSH known_hosts
|
|
hosts: bastion:!disabled
|
|
gather_facts: false
|
|
tasks:
|
|
- name: Ensure SSH host keys are known
|
|
template:
|
|
dest: ~/.ssh/known_hosts
|
|
src: bastion/root/.ssh/known_hosts.j2
|
|
|
|
- name: Bootstrap all hosts
|
|
hosts: all:!disabled
|
|
tasks:
|
|
- name: Setup users role
|
|
include_role:
|
|
name: users
|
|
|
|
- name: Setup hostname role
|
|
include_role:
|
|
name: hostname
|
|
|
|
- name: Setup swap role
|
|
include_role:
|
|
name: swap
|
|
|
|
- name: Setup haveged role
|
|
include_role:
|
|
name: haveged
|
|
|
|
- name: Setup postfix role
|
|
include_role:
|
|
name: postfix
|
|
|
|
- name: Setup openstack.virtualenv role
|
|
include_role:
|
|
name: openstack.virtualenv
|
|
|
|
# NOTE(pabelanger): We currently only support debuntu, this needs to be
|
|
# fixed!
|
|
- name: Setup iptables role
|
|
include_role:
|
|
name: iptables
|
|
when: ansible_os_family == 'Debian'
|
|
|
|
- name: Bootstrap bastion hosts
|
|
hosts: bastion:!disabled
|
|
tasks:
|
|
- name: Setup openstack.ansible role
|
|
include_role:
|
|
name: openstack.ansible
|