diff options
Diffstat (limited to 'roles/cloud/install/tasks')
| -rw-r--r-- | roles/cloud/install/tasks/hcloud.yml | 68 | ||||
| -rw-r--r-- | roles/cloud/install/tasks/hetzner_installimage.yml | 38 | ||||
| -rw-r--r-- | roles/cloud/install/tasks/hroot.yml | 109 | ||||
| -rw-r--r-- | roles/cloud/install/tasks/main.yml | 2 |
4 files changed, 217 insertions, 0 deletions
diff --git a/roles/cloud/install/tasks/hcloud.yml b/roles/cloud/install/tasks/hcloud.yml new file mode 100644 index 00000000..ca5435b8 --- /dev/null +++ b/roles/cloud/install/tasks/hcloud.yml @@ -0,0 +1,68 @@ +--- +- name: retrieve ssh key ids + uri: + url: "https://api.hetzner.cloud/v1/ssh_keys" + method: GET + headers: + Authorization: "Bearer {{ install_cooked.cloud_credentials.token }}" + status_code: 200 + register: sshkeys + delegate_to: localhost + +- name: retrieve server id and check if rescue mode is already active + uri: + url: "https://api.hetzner.cloud/v1/servers?name={{ inventory_hostname }}" + method: GET + headers: + Authorization: "Bearer {{ install_cooked.cloud_credentials.token }}" + status_code: 200 + register: serverstatus + delegate_to: localhost + +- name: do not continue in check mode + fail: + msg: "can not bootstrap new servers in check mode" + when: ansible_check_mode | bool + check_mode: no + +### TODO: for now we add all ssh keys that are installed for this project - this might not be a good idea! +- name: activate rescue mode + when: not serverstatus.json.servers[0].rescue_enabled + uri: + url: "https://api.hetzner.cloud/v1/servers/{{ serverstatus.json.servers[0].id }}/actions/enable_rescue" + method: POST + body: "{{ {'type': 'linux64', 'ssh_keys': (sshkeys.json.ssh_keys | map(attribute='id') | list) } | to_nice_json }}" + headers: + Authorization: "Bearer {{ install_cooked.cloud_credentials.token }}" + Content-Type: "application/json" + status_code: 201 + delegate_to: localhost + +- name: do a hardware reset + uri: + url: "https://api.hetzner.cloud/v1/servers/{{ serverstatus.json.servers[0].id }}/actions/reset" + method: POST + headers: + Authorization: "Bearer {{ install_cooked.cloud_credentials.token }}" + status_code: 201 + delegate_to: localhost + +### TODO: would be nice to get the SSH host key from robot +- name: completely ignore ssh host keys for now + set_fact: + old_ansible_ssh_extra_args: "{{ ansible_ssh_extra_args | default('') }}" + ansible_ssh_extra_args: "{{ ansible_ssh_extra_args | default('') }} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" + +- name: wait for rescue system to start up + wait_for_connection: + delay: 30 + timeout: 120 + +- include_tasks: hetzner_installimage.yml + +- name: reboot + shell: sleep 2 && shutdown -r now "triggered by ansible after running installimage" + async: 1 + poll: 0 + ignore_errors: True + changed_when: True diff --git a/roles/cloud/install/tasks/hetzner_installimage.yml b/roles/cloud/install/tasks/hetzner_installimage.yml new file mode 100644 index 00000000..f54a785b --- /dev/null +++ b/roles/cloud/install/tasks/hetzner_installimage.yml @@ -0,0 +1,38 @@ +--- +- name: determine latest image name + shell: | + set -o pipefail + shopt -s nocaseglob + ls /root/.oldroot/nfs/images/{{ install_distro }}-*-{{ install_codename }}-64-minimal.tar.gz | sort -r | head -n 1 + args: + executable: /bin/bash + check_mode: no + changed_when: false + register: latest_image + +- name: generate installimage config + template: + src: hetzner_installimage.conf.j2 + dest: /root/installimage.conf + +- name: generate postinst script + template: + src: hetzner_postinst.sh.j2 + dest: /root/postinst.sh + mode: 0755 + +- name: run installimage + command: /root/.oldroot/nfs/install/installimage -a -c installimage.conf -x postinst.sh + register: hetzner_installimage_cmd + changed_when: true + args: + chdir: /root + +- name: "print installimage output" + debug: + msg: "{{ hetzner_installimage_cmd.stdout_lines + hetzner_installimage_cmd.stderr_lines }}" + +- name: "check if installimage succeeded" + fail: + msg: "failed to run installimage" + when: "hetzner_installimage_cmd.rc != 0 or 'postinst.sh finished successfully' not in hetzner_installimage_cmd.stdout_lines" diff --git a/roles/cloud/install/tasks/hroot.yml b/roles/cloud/install/tasks/hroot.yml new file mode 100644 index 00000000..606df5f6 --- /dev/null +++ b/roles/cloud/install/tasks/hroot.yml @@ -0,0 +1,109 @@ +--- +- name: retrieve ssh key fingerprints + uri: + url: "https://robot-ws.your-server.de/key" + method: GET + user: "{{ install_cooked.cloud_credentials.username }}" + password: "{{ install_cooked.cloud_credentials.password }}" + force_basic_auth: yes + status_code: 200 + register: sshkeys + delegate_to: localhost + check_mode: no + +- name: do not continue in check mode + fail: + msg: "can not bootstrap new servers in check mode" + when: ansible_check_mode | bool + check_mode: no + +- block: + - name: retrieve server list from robot + uri: + url: "https://robot-ws.your-server.de/server" + method: GET + user: "{{ install_cooked.cloud_credentials.username }}" + password: "{{ install_cooked.cloud_credentials.password }}" + force_basic_auth: yes + status_code: 200 + register: servers + delegate_to: localhost + check_mode: no + + - name: extract server IP address from robot result + set_fact: + hetzner_main_ip: "{{ servers.json | hroot_extract_serverip(host_name) }}" + + when: hetzner_main_ip is not defined + +- name: display warning message + pause: + prompt: | + *** Danger **** + will be bootstraping host {{ inventory_hostname }} with main IP {{ hetzner_main_ip }} ... + ALL DATA WILL BE LOST!!! press CTRL-C then A to abort. + seconds: 15 + +- name: check if rescue mode is already active + uri: + url: "https://robot-ws.your-server.de/boot/{{ hetzner_main_ip }}/rescue" + method: GET + user: "{{ install_cooked.cloud_credentials.username }}" + password: "{{ install_cooked.cloud_credentials.password }}" + force_basic_auth: yes + status_code: 200 + register: rescuestatus + delegate_to: localhost + check_mode: no + +### TODO: for now we add all ssh keys that are installed in the robot - this might not be a good idea! +- name: activate rescue mode + when: not rescuestatus.json.rescue.active + uri: + url: "https://robot-ws.your-server.de/boot/{{ hetzner_main_ip }}/rescue" + method: POST + user: "{{ install_cooked.cloud_credentials.username }}" + password: "{{ install_cooked.cloud_credentials.password }}" + force_basic_auth: yes + body: "os=linux&arch=64&authorized_key[]={{ sshkeys.json | hroot_extract_ssh_key_fingerprints | join('&authorized_key[]=') }}" + status_code: 200 + headers: + Content-Type: "application/x-www-form-urlencoded" + delegate_to: localhost + +- name: wait for the rescue mode to become active + pause: + seconds: 5 + +- name: do a hardware reset + uri: + url: "https://robot-ws.your-server.de/reset/{{ hetzner_main_ip }}" + method: POST + user: "{{ install_cooked.cloud_credentials.username }}" + password: "{{ install_cooked.cloud_credentials.password }}" + force_basic_auth: yes + body: "type=hw" + status_code: 200 + headers: + Content-Type: "application/x-www-form-urlencoded" + delegate_to: localhost + +### TODO: would be nice to get the SSH host key from robot +- name: completely ignore ssh host keys for now + set_fact: + old_ansible_ssh_extra_args: "{{ ansible_ssh_extra_args | default('') }}" + ansible_ssh_extra_args: "{{ ansible_ssh_extra_args | default('') }} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" + +- name: wait for rescue system to start up + wait_for_connection: + delay: 30 + timeout: 120 + +- include_tasks: hetzner_installimage.yml + +- name: reboot + shell: sleep 2 && shutdown -r now "triggered by ansible after running installimage" + async: 1 + poll: 0 + ignore_errors: True + changed_when: True diff --git a/roles/cloud/install/tasks/main.yml b/roles/cloud/install/tasks/main.yml new file mode 100644 index 00000000..c5cc046f --- /dev/null +++ b/roles/cloud/install/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "{{ cloud_provider }}.yml" |