ansible: merge master to vm-install branch

author Christian Pointner <equinox@realraum.at>

Sun, 22 Apr 2018 18:00:01 +0000 (20:00 +0200)

committer Christian Pointner <equinox@realraum.at>

Sun, 22 Apr 2018 18:00:01 +0000 (20:00 +0200)
author Christian Pointner <equinox@realraum.at>
Sun, 22 Apr 2018 18:00:01 +0000 (20:00 +0200)
committer Christian Pointner <equinox@realraum.at>
Sun, 22 Apr 2018 18:00:01 +0000 (20:00 +0200)
diff --git a/ansible/group_vars/all/main.yml b/ansible/group_vars/all/main.yml

index 90463fc..0c8abc3 100644 (file)
--- a/ansible/group_vars/all/main.yml
+++ b/ansible/group_vars/all/main.yml
@@ -9,20 +9,30 @@ user_groups:
  users:
    equinox:
      email: equinox@realraum.at
-    gpg:   0xD74907C9E64E6CED8FE3
+    gpg: 0xD74907C9E64E6CED8FE3
+    ssh:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at
  
    gebi:
      email: michael@mgeb.org
-    gpg:   0x6E302CF4D98B9702
+    gpg: 0x6E302CF4D98B9702
+    ssh:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAvjmZbqEQ9EpTcyTFoxqCJileq4dF//ye0JiPBP0kPvtoW33V3TUNon5btd28DzLnFeiU/3NEjTqkaHFRM+t8EoIj4kc/6lozjIlsZN7xoz6CnNrbbHPsgi3FvelyBcsi0sbunFEV2Qw1q1tTC93UcaPqL3hx01Cxfw0Dycs/6lyljvR4eW5O5nFnvtDAoDQYwq5i4U/VZs0Gz1XAOuAb4JQ0KzLeBhfdzvmhANSWIvybmb1V6UPtdK9pCxdo9FL5NwB8nkGloIa3kC4JAINC/Pvk0czZ80rXfIckBgZKxQVUCDVUKZUZ4GZYPI6azglQmZuslziAmiTmhiUkhSZ/m2m9EN1TnMEYEmcoscvrd97l0v2BzBZPkzqL7cSAoehpQsrIe/ceBNjZP1eotS3/fFY70GabW0o2+QFx1ZXGUqRVIwOZ2ZWRp4SoqMl+UtRZx6EMGO20H17etB1b5gF6xO1e8723FFXiS3oY9oUfS+lMX5BDgGUc5wJQ696jPK/pRYrasf6piKuyFpoF+nh/rOvIGSbwHSOOApxKZoj5R+fwfVyoD2uoxd0g5meKEfqB6RDGz+W4cLgS9Th6uEAXo+LLcinjMAJNr50rJFuXYRF1zpa7p4LG/97doq2hk8LXZuTqjB3WCnTUrLy59sHrmwdkRSs6bj7mLEdRRrI1TxU= secure key of gebi
  
    nicoo:
      email: nicolas@braud-santoni.eu
-    gpg:   0x3F41B0739AAD91B7CDC0
+    gpg: 0x3F41B0739AAD91B7CDC0
+    ssh:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDirhW/XNWCDMBy9TAEZgrahGSMlYdddyc9bNAOBbLJ8TVDe0M7YAZ4kU5EYGZBmd4NGZ4Z2Vb+sc0xlJE1MYprL0hFoOSMmU17pa6uzXwAfWtiYAsm/Z8QssOVvyte629gCPUgw1oJM19N7/i8yZh+5j+iEpffbv66USpatLJqJgeM67VjcHPLHf75dEBwkqsWMvpIk3+8gtwXDR8t8YUuxJgHOLFUEWQ6wiXxBoIJTAvdzAzykIs/yJbsMpKjDNLfF0guaRDC5GnjwHqTkGegxBS3l/MzkOpXtWbbbhYX8yIvFkryBFbyB0oa/rnE2HnYbaq2riyZpcsKRXqIvvFFa80FqGE+8sQnMlHn2IaOlkmkBMBytL+6rP3feFWq+vGZLRMs7ezMs+o0ofe0svMhLjy79AJnRBfaFn350AnmqNGZ8HbS0A1vOpPJsJVMhcqx+0cPHfxIedNGs7BJZypmBiw6vZ0rzxm1YX7CZcpiIe2Ob9o/+ypwWVXlT1zcLMC6u5/2YXDCXea0QtiOnM9h4ahkRaBb8CUTMtDurOf9uPtwE8wzmq34baAOQMfY3Tb9uGvAlCcLbke5RDCLfvBx3C2g2KkaboFL/7V9YQ1DCpj+zpOEdr/Jr1wKoWBzgCfZcfXn954J2z2BjbHZRTpCW6EmaYXj4J2bRIX7FalKkw== nicoo@harbard
  
    bernhard:
      email: xro@realraum.at
-    gpg:   0xE3468B9CE81EB4F91486
+    gpg: 0xE3468B9CE81EB4F91486
+    ssh:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYjli6dqjyOVemjvBBckdxFBMfxhInzEpd/4ROcb950UI38thuJ0C0m9JAK77xOtGAkHG8lA0rtlymFeWuXhWO+OYHzLB9kspesrbejkc24D5F88FHR725xjdVazHnMgYt8WlY9LkSgZGuaR/6D2bkJl339eSCjn5yTc5HGnwlB+e2xRdvFqfHiQjkkQToO70xv+xYMmThYk8MPhwvlzqPNyMd28FVXG3n6QE+QTqpFHhmEabIBjCdvNr3ESXnCd1z7nwvQZYayvbkigH/gea8uN6A19wUYZHYzwk0is6XTa0fQCYklQIq6F4KWQ3iZUQTgOPJWVqdqLnddkkBNuefav559SoAT1fd8D9PNijCFv6eXy6h2gvYPKeHRzTSbtYneUAZeYYbkMvHeQB8TFq2b/z7kQIgkt+mDlw60JVxRVP2Ts2s98flfM2yKPfKmUEjbISuLNQzBvyxEuD7g3aTtRZZzA9CV4yxwpOW5bgVSSBanGC8S/y7xbToZ3ZX1dmfkV5/yG9eI2F4bb9Kxoec/p6CMtGgJgS6m+JX+sY8/bQrjrq58XTxQEGcaLES64AFoHz/o5c17Klz0QFSNe0QaDu5rqvln0b67j4lLg4XRDDYaoalflotv1haRRUYNemCOTso/XWbUhQhN0puV3k7rNAN9ZJEkAiKzH4qd8AS6w== xro@r3.at
  
  noc_groups:
    - adm
    - sudo
+
+noc_ssh_keys: "{{ user_groups.noc | map('extract', users) | map(attribute='ssh') | flatten | list }}"
diff --git a/ansible/hosts.ini b/ansible/hosts.ini

index 9edea82..519fe6a 100644 (file)
--- a/ansible/hosts.ini
+++ b/ansible/hosts.ini
@@ -3,25 +3,41 @@ host_domain=realraum.at
  ansible_host={{ inventory_hostname }}.{{ host_domain }}
  ansible_user=root
  
+[net-zone-mgmt]
+#torwaechter
+alfred
+calendar
+galley
+hacksch
+r3home
+tickets
+## TODO: remove the variable once https://github.com/ansible/ansible/issues/39119 is fixed
+metrics localconfig_ssh_config_user=root
+testvm localconfig_ssh_config_user=root
+
+[net-zone-mgmt:vars]
+host_domain=mgmt.realraum.at
+
+##########################
+
  [baremetalservers]
-alfred.mgmt
+alfred
  
  [kvmhosts]
-alfred.mgmt
+alfred
  
  [virtualservers]
  athsdisc
-calendar.mgmt
+calendar
  ctf
  entrance
-galley.mgmt
-hacksch.mgmt
-r3home.mgmt
-tickets.mgmt
+galley
+hacksch
+metrics
+r3home
+tickets
  vex
-## TODO: remove the variable once https://github.com/ansible/ansible/issues/39119 is fixed
-metrics.mgmt localconfig_ssh_config_user=root
-testvm.mgmt localconfig_ssh_config_user=root
+testvm
  
  [servers:children]
  baremetalservers
@@ -34,7 +50,7 @@ wuerfel
  
  #[alix]
  #gw
-#torwaechter.mgmt
+#torwaechter
  
  #[apu]
  #gnocchi1
diff --git a/ansible/roles/base/tasks/main.yml b/ansible/roles/base/tasks/main.yml

index 69b96f6..17e95ab 100644 (file)
--- a/ansible/roles/base/tasks/main.yml
+++ b/ansible/roles/base/tasks/main.yml
@@ -47,9 +47,7 @@
  - name: Set authorized keys for root user
    authorized_key:
      user: root
-    ### TODO: this lookup doesn't work if the playbook lives in another directory
-    ###       replace this with variables!!!
-    key: "{{ lookup('pipe','cat ../ssh/noc/*.pub') }}"
+    key: "{{ noc_ssh_keys | join('\n') }}"
      exclusive: yes
  
  - name: disable apt suggests and recommends
diff --git a/ansible/roles/localconfig/templates/ssh/10r3.conf.j2 b/ansible/roles/localconfig/templates/ssh/10r3.conf.j2

index ba11160..dd33944 100644 (file)
--- a/ansible/roles/localconfig/templates/ssh/10r3.conf.j2
+++ b/ansible/roles/localconfig/templates/ssh/10r3.conf.j2
@@ -2,12 +2,11 @@
  # realraum ssh-config (generated by ansible NOC repo)
  
  #######################################
-### dynamically generated hosts
+### dynamically generated host configs
  
  {% for host in (groups['all'] | sort) %}
-{% set shortname = (host.split('.') | first) %}
-Host {{ host }}.realraum.at r3-{{ shortname }} r3g-{{ shortname }} r3e-{{ shortname }}
-    Hostname {{ host }}.realraum.at
+Host {{ hostvars[host].ansible_host }} r3-{{ host }} r3g-{{ host }} r3e-{{ host }}
+    Hostname {{ hostvars[host].ansible_host }}
  {% if 'localconfig_ssh_config_proxycommand' in hostvars[host] %}
      ProxyCommand {{ hostvars[host].localconfig_ssh_config_proxycommand }}
  {% endif %}
diff --git a/ansible/ssh/noc/equinox@realraum.pub b/ansible/ssh/noc/equinox@realraum.pub

deleted file mode 100644 (file)

index bc68a15..0000000
--- a/ansible/ssh/noc/equinox@realraum.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at
diff --git a/ansible/ssh/noc/gebi.pub b/ansible/ssh/noc/gebi.pub

deleted file mode 100644 (file)

index 56c8f5b..0000000
--- a/ansible/ssh/noc/gebi.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAvjmZbqEQ9EpTcyTFoxqCJileq4dF//ye0JiPBP0kPvtoW33V3TUNon5btd28DzLnFeiU/3NEjTqkaHFRM+t8EoIj4kc/6lozjIlsZN7xoz6CnNrbbHPsgi3FvelyBcsi0sbunFEV2Qw1q1tTC93UcaPqL3hx01Cxfw0Dycs/6lyljvR4eW5O5nFnvtDAoDQYwq5i4U/VZs0Gz1XAOuAb4JQ0KzLeBhfdzvmhANSWIvybmb1V6UPtdK9pCxdo9FL5NwB8nkGloIa3kC4JAINC/Pvk0czZ80rXfIckBgZKxQVUCDVUKZUZ4GZYPI6azglQmZuslziAmiTmhiUkhSZ/m2m9EN1TnMEYEmcoscvrd97l0v2BzBZPkzqL7cSAoehpQsrIe/ceBNjZP1eotS3/fFY70GabW0o2+QFx1ZXGUqRVIwOZ2ZWRp4SoqMl+UtRZx6EMGO20H17etB1b5gF6xO1e8723FFXiS3oY9oUfS+lMX5BDgGUc5wJQ696jPK/pRYrasf6piKuyFpoF+nh/rOvIGSbwHSOOApxKZoj5R+fwfVyoD2uoxd0g5meKEfqB6RDGz+W4cLgS9Th6uEAXo+LLcinjMAJNr50rJFuXYRF1zpa7p4LG/97doq2hk8LXZuTqjB3WCnTUrLy59sHrmwdkRSs6bj7mLEdRRrI1TxU= secure key of gebi
diff --git a/ansible/ssh/noc/nicoo@harbard.pub b/ansible/ssh/noc/nicoo@harbard.pub

deleted file mode 100644 (file)

index ec60523..0000000
--- a/ansible/ssh/noc/nicoo@harbard.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDirhW/XNWCDMBy9TAEZgrahGSMlYdddyc9bNAOBbLJ8TVDe0M7YAZ4kU5EYGZBmd4NGZ4Z2Vb+sc0xlJE1MYprL0hFoOSMmU17pa6uzXwAfWtiYAsm/Z8QssOVvyte629gCPUgw1oJM19N7/i8yZh+5j+iEpffbv66USpatLJqJgeM67VjcHPLHf75dEBwkqsWMvpIk3+8gtwXDR8t8YUuxJgHOLFUEWQ6wiXxBoIJTAvdzAzykIs/yJbsMpKjDNLfF0guaRDC5GnjwHqTkGegxBS3l/MzkOpXtWbbbhYX8yIvFkryBFbyB0oa/rnE2HnYbaq2riyZpcsKRXqIvvFFa80FqGE+8sQnMlHn2IaOlkmkBMBytL+6rP3feFWq+vGZLRMs7ezMs+o0ofe0svMhLjy79AJnRBfaFn350AnmqNGZ8HbS0A1vOpPJsJVMhcqx+0cPHfxIedNGs7BJZypmBiw6vZ0rzxm1YX7CZcpiIe2Ob9o/+ypwWVXlT1zcLMC6u5/2YXDCXea0QtiOnM9h4ahkRaBb8CUTMtDurOf9uPtwE8wzmq34baAOQMfY3Tb9uGvAlCcLbke5RDCLfvBx3C2g2KkaboFL/7V9YQ1DCpj+zpOEdr/Jr1wKoWBzgCfZcfXn954J2z2BjbHZRTpCW6EmaYXj4J2bRIX7FalKkw== nicoo@harbard
diff --git a/ansible/ssh/noc/xro@realraum.pub b/ansible/ssh/noc/xro@realraum.pub

deleted file mode 100644 (file)

index 3cb67d6..0000000
--- a/ansible/ssh/noc/xro@realraum.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYjli6dqjyOVemjvBBckdxFBMfxhInzEpd/4ROcb950UI38thuJ0C0m9JAK77xOtGAkHG8lA0rtlymFeWuXhWO+OYHzLB9kspesrbejkc24D5F88FHR725xjdVazHnMgYt8WlY9LkSgZGuaR/6D2bkJl339eSCjn5yTc5HGnwlB+e2xRdvFqfHiQjkkQToO70xv+xYMmThYk8MPhwvlzqPNyMd28FVXG3n6QE+QTqpFHhmEabIBjCdvNr3ESXnCd1z7nwvQZYayvbkigH/gea8uN6A19wUYZHYzwk0is6XTa0fQCYklQIq6F4KWQ3iZUQTgOPJWVqdqLnddkkBNuefav559SoAT1fd8D9PNijCFv6eXy6h2gvYPKeHRzTSbtYneUAZeYYbkMvHeQB8TFq2b/z7kQIgkt+mDlw60JVxRVP2Ts2s98flfM2yKPfKmUEjbISuLNQzBvyxEuD7g3aTtRZZzA9CV4yxwpOW5bgVSSBanGC8S/y7xbToZ3ZX1dmfkV5/yG9eI2F4bb9Kxoec/p6CMtGgJgS6m+JX+sY8/bQrjrq58XTxQEGcaLES64AFoHz/o5c17Klz0QFSNe0QaDu5rqvln0b67j4lLg4XRDDYaoalflotv1haRRUYNemCOTso/XWbUhQhN0puV3k7rNAN9ZJEkAiKzH4qd8AS6w== xro@r3.at
author	Christian Pointner <equinox@realraum.at>
	Sun, 22 Apr 2018 18:00:01 +0000 (20:00 +0200)
committer	Christian Pointner <equinox@realraum.at>
	Sun, 22 Apr 2018 18:00:01 +0000 (20:00 +0200)
ansible/group_vars/all/main.yml		patch \| blob \| history
ansible/hosts.ini		patch \| blob \| history
ansible/roles/base/tasks/main.yml		patch \| blob \| history
ansible/roles/localconfig/templates/ssh/10r3.conf.j2		patch \| blob \| history
ansible/ssh/noc/equinox@realraum.pub	[deleted file]	patch \| blob \| history
ansible/ssh/noc/gebi.pub	[deleted file]	patch \| blob \| history
ansible/ssh/noc/nicoo@harbard.pub	[deleted file]	patch \| blob \| history
ansible/ssh/noc/xro@realraum.pub	[deleted file]	patch \| blob \| history