-
Notifications
You must be signed in to change notification settings - Fork 39
/
17_bastion_services.yml
82 lines (70 loc) · 2.51 KB
/
17_bastion_services.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
- name: Bastion services configuration
hosts: bastion
become: true
vars_files:
- vars/infra_vars.yml
- vars/cluster_vars.yml
tasks:
- name: Ensuring tftp boot directory exists
ansible.builtin.file:
state: directory
path: "{{ tftp_boot_root }}/pxelinux.cfg"
mode: "0755"
- name: Copy pxelinux.0 file
ansible.builtin.copy:
src: /usr/share/syslinux/{{ item }}
dest: "{{ tftp_boot_root }}/"
mode: "0755"
remote_src: true
loop: "{{ pxe_files }}"
- name: Creating seelinux rules for dnsmasq service
ansible.builtin.copy:
src: files/my-dnsmasq.pp
dest: /tmp
mode: "0755"
- name: Apply seelinux rules for dnsmasq service # noqa no-changed-when
ansible.builtin.command: semodule -X 300 -i /tmp/my-dnsmasq.pp
- name: Delete selinux temp file
ansible.builtin.file:
path: "{{ item }}"
state: absent
loop:
- /tmp/my-dnsmasq.pp
- /tmp/my-dnsmasq.te
- name: Firing dnsmasq template
ansible.builtin.template:
src: templates/dnsmasq.j2
dest: /etc/dnsmasq.conf
mode: "0755"
- name: Firing pxe boot template
ansible.builtin.template:
src: templates/pxeboot_mac.j2
dest: "{{ tftp_boot_root }}/pxelinux.cfg/01-{{ hostvars[item].node_mac | replace(':', '-') }}"
mode: "0755"
loop: "{{ groups['masters'] }}"
- name: Firing pxe boot template
ansible.builtin.template:
src: templates/pxeboot_mac.j2
dest: "{{ tftp_boot_root }}/pxelinux.cfg/01-{{ hostvars[item].node_mac | replace(':', '-') }}"
mode: "0755"
loop: "{{ groups['bootstrap'] }}"
- name: Firing pxe boot template
ansible.builtin.template:
src: templates/pxeboot_mac.j2
dest: "{{ tftp_boot_root }}/pxelinux.cfg/01-{{ hostvars[item].node_mac | replace(':', '-') }}"
mode: "0755"
loop: "{{ groups['workers'] }}"
- name: Configure interface to use bastion as DNS server # noqa no-changed-when
ansible.builtin.command: nmcli con mod {{ host_interface }} ipv4.dns "{{ host_ip }}"
- name: Refreshing inteface # noqa no-changed-when
ansible.builtin.shell: nmcli con down "{{ host_interface }}"; nmcli con up "{{ host_interface }}"
- name: Enable services
ansible.builtin.service:
name: "{{ item }}"
enabled: true
state: started
loop:
- dnsmasq
- nginx
- name: Rebooting bastion
ansible.builtin.reboot: