1 files changed, 109 insertions, 0 deletions

diff --git a/roles/cloud/install/tasks/hroot.yml b/roles/cloud/install/tasks/hroot.yml
new file mode 100644
index 00000000..606df5f6
--- /dev/null
+++ b/roles/cloud/install/tasks/hroot.yml
@@ -0,0 +1,109 @@
+---
+- name: retrieve ssh key fingerprints
+  uri:
+    url: "https://robot-ws.your-server.de/key"
+    method: GET
+    user: "{{ install_cooked.cloud_credentials.username }}"
+    password: "{{ install_cooked.cloud_credentials.password }}"
+    force_basic_auth: yes
+    status_code: 200
+  register: sshkeys
+  delegate_to: localhost
+  check_mode: no
+
+- name: do not continue in check mode
+  fail:
+    msg: "can not bootstrap new servers in check mode"
+  when: ansible_check_mode | bool
+  check_mode: no
+
+- block:
+  - name: retrieve server list from robot
+    uri:
+      url: "https://robot-ws.your-server.de/server"
+      method: GET
+      user: "{{ install_cooked.cloud_credentials.username }}"
+      password: "{{ install_cooked.cloud_credentials.password }}"
+      force_basic_auth: yes
+      status_code: 200
+    register: servers
+    delegate_to: localhost
+    check_mode: no
+
+  - name: extract server IP address from robot result
+    set_fact:
+      hetzner_main_ip: "{{ servers.json | hroot_extract_serverip(host_name) }}"
+
+  when: hetzner_main_ip is not defined
+
+- name: display warning message
+  pause:
+    prompt: |
+      *** Danger ****
+      will be bootstraping host {{ inventory_hostname }} with main IP {{ hetzner_main_ip }} ...
+      ALL DATA WILL BE LOST!!! press CTRL-C then A to abort.
+    seconds: 15
+
+- name: check if rescue mode is already active
+  uri:
+    url: "https://robot-ws.your-server.de/boot/{{ hetzner_main_ip }}/rescue"
+    method: GET
+    user: "{{ install_cooked.cloud_credentials.username }}"
+    password: "{{ install_cooked.cloud_credentials.password }}"
+    force_basic_auth: yes
+    status_code: 200
+  register: rescuestatus
+  delegate_to: localhost
+  check_mode: no
+
+### TODO: for now we add all ssh keys that are installed in the robot - this might not be a good idea!
+- name: activate rescue mode
+  when: not rescuestatus.json.rescue.active
+  uri:
+    url: "https://robot-ws.your-server.de/boot/{{ hetzner_main_ip }}/rescue"
+    method: POST
+    user: "{{ install_cooked.cloud_credentials.username }}"
+    password: "{{ install_cooked.cloud_credentials.password }}"
+    force_basic_auth: yes
+    body: "os=linux&arch=64&authorized_key[]={{ sshkeys.json | hroot_extract_ssh_key_fingerprints | join('&authorized_key[]=') }}"
+    status_code: 200
+    headers:
+      Content-Type: "application/x-www-form-urlencoded"
+  delegate_to: localhost
+
+- name: wait for the rescue mode to become active
+  pause:
+    seconds: 5
+
+- name: do a hardware reset
+  uri:
+    url: "https://robot-ws.your-server.de/reset/{{ hetzner_main_ip }}"
+    method: POST
+    user: "{{ install_cooked.cloud_credentials.username }}"
+    password: "{{ install_cooked.cloud_credentials.password }}"
+    force_basic_auth: yes
+    body: "type=hw"
+    status_code: 200
+    headers:
+      Content-Type: "application/x-www-form-urlencoded"
+  delegate_to: localhost
+
+### TODO: would be nice to get the SSH host key from robot
+- name: completely ignore ssh host keys for now
+  set_fact:
+    old_ansible_ssh_extra_args: "{{ ansible_ssh_extra_args | default('') }}"
+    ansible_ssh_extra_args: "{{ ansible_ssh_extra_args | default('') }} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
+
+- name: wait for rescue system to start up
+  wait_for_connection:
+    delay: 30
+    timeout: 120
+
+- include_tasks: hetzner_installimage.yml
+
+- name: reboot
+  shell: sleep 2 && shutdown -r now "triggered by ansible after running installimage"
+  async: 1
+  poll: 0
+  ignore_errors: True
+  changed_when: True