Prepare for separation of ansible Git repo

2024-07-28 11:23:31 +03:00
parent 9c2b5c39ee
commit 4e80899c77
4 changed files with 51 additions and 15 deletions
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -1,5 +1,5 @@
 [defaults]
-inventory = ansible/inventory.yml
+inventory = inventory.yml
 nocows = 1
 pattern =
 deprecation_warnings = False
@@ -11,5 +11,5 @@ remote_user = root
 [ssh_connection]
 control_path = ~/.ssh/cm-%%r@%%h:%%p
-ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ansible/ssh_config
+ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ssh_config
 pipelining = True
--- a/ansible/known_hosts
+++ b/ansible/known_hosts
@@ -1,4 +1,4 @@
-# Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
+# Use `ansible-playbook update-ssh-config.yml` to update this file
 100.102.3.3 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN4SifLddYAz8CasmFwX5TQbiM8atAYMFuDQRchclHM0sq9Pi8wRxSZK8SHON4Y7YFsIY+cXnQ2Wx4FpzKmfJYE= # backdoor
 100.102.3.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE8/E7PDqTrTdU+MFurHkIPzTBTGcSJqXuv5n0Ugd/IlvOr2v+eYi3ma91pSBmF5Hjy9foWypCLZfH+vWMkV0gs= # frontdoor
 100.102.3.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFcH8D2AhnESw3uu2f4EHBhT9rORQQJJ3TlbwN+kro5tRZsZk4p3MKabBiuCSZw2KWjfu0MY4yHSCrUUQrggJDM= # grounddoor
@@ -10,6 +10,7 @@
 172.21.3.63 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMgOIL43dgCYlwAI2O269iHxo7ymweG7NoXjnk2F529G5mP+mp5We4lDZEJVyLYtemvhQ2hEHI/WVPWy3SNiuM= # mon3.kube.k-space.ee
 172.23.0.7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC15tWIbuBqd4UZLaRbpb6oTlwniS4cg2IYZYe5ys352azj2kzOnvtCGiPo0fynFadwfDHtge9JjK6Efwl87Wgc= # nas.k-space.ee
 172.20.0.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO77ffkJi903aA6cM7HnFfSyYbPP4jkydI/+/tIGeMv+c9BYOE27n+ylNERaEhYkyddIx93MB4M6GYRyQOjLWSc= # ns1.k-space.ee
 [78.28.64.17]:10648 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE7J61p3YzsbRAYtXIrhQUeqc47LuVw1I38egHzi/kLG+CFPsyB9krd29yJMyLRjyM+m5qUjoxNiWK/x0g3jKOI= # offsite
 172.21.20.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHLHc3T/J5G1CIf33XeniJk5+D0cpaXe0OkHmpCQ3DoZC3KkFBpA+/U1mlo+qb8xf/GrMj6BMMMLXKSUxbEVGaU= # pve1
 172.21.20.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFGSRetFdHExRT69pHJAcuhqzAu+Xx4K2AEmWJhUZ2JYF7aa0JbltiYQs58Bpx9s9NA793tiHLZXABy56dI+D9Q= # pve2
 172.21.20.8 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMzNvX3ga56EELcI9gV7moyFdKllSwb81V2tCWIjhFVSFTo3QKH/gX/MBnjcs+RxeVV3GF7zIIv8492bCvgiO9s= # pve8
--- a/ansible/ssh_config
+++ b/ansible/ssh_config
@@ -1,9 +1,10 @@
-# Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
+# Use `ansible-playbook update-ssh-config.yml` to update this file
 # Use `ssh -F ssh_config ...` to connect to target machine or
 # Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
 Host backdoor 100.102.3.3
    User root
    Hostname 100.102.3.3
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -11,6 +12,7 @@ Host backdoor 100.102.3.3
 Host frontdoor 100.102.3.2
    User root
    Hostname 100.102.3.2
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -18,6 +20,7 @@ Host frontdoor 100.102.3.2
 Host grounddoor 100.102.3.1
    User root
    Hostname 100.102.3.1
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -25,6 +28,7 @@ Host grounddoor 100.102.3.1
 Host master1.kube.k-space.ee 172.21.3.51
    User root
    Hostname 172.21.3.51
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -32,6 +36,7 @@ Host master1.kube.k-space.ee 172.21.3.51
 Host master2.kube.k-space.ee 172.21.3.52
    User root
    Hostname 172.21.3.52
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -39,6 +44,7 @@ Host master2.kube.k-space.ee 172.21.3.52
 Host master3.kube.k-space.ee 172.21.3.53
    User root
    Hostname 172.21.3.53
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -46,6 +52,7 @@ Host master3.kube.k-space.ee 172.21.3.53
 Host mon1.kube.k-space.ee 172.21.3.61
    User root
    Hostname 172.21.3.61
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -53,6 +60,7 @@ Host mon1.kube.k-space.ee 172.21.3.61
 Host mon2.kube.k-space.ee 172.21.3.62
    User root
    Hostname 172.21.3.62
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -60,6 +68,7 @@ Host mon2.kube.k-space.ee 172.21.3.62
 Host mon3.kube.k-space.ee 172.21.3.63
    User root
    Hostname 172.21.3.63
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -67,6 +76,7 @@ Host mon3.kube.k-space.ee 172.21.3.63
 Host nas.k-space.ee 172.23.0.7
    User root
    Hostname 172.23.0.7
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -74,6 +84,15 @@ Host nas.k-space.ee 172.23.0.7
 Host ns1.k-space.ee 172.20.0.2
    User root
    Hostname 172.20.0.2
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
    ControlPersist 8h
 Host offsite 78.28.64.17
    User root
    Hostname 78.28.64.17
    Port 10648
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -81,6 +100,7 @@ Host ns1.k-space.ee 172.20.0.2
 Host pve1 172.21.20.1
    User root
    Hostname 172.21.20.1
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -88,6 +108,7 @@ Host pve1 172.21.20.1
 Host pve2 172.21.20.2
    User root
    Hostname 172.21.20.2
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -95,6 +116,7 @@ Host pve2 172.21.20.2
 Host pve8 172.21.20.8
    User root
    Hostname 172.21.20.8
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -102,6 +124,7 @@ Host pve8 172.21.20.8
 Host pve9 172.21.20.9
    User root
    Hostname 172.21.20.9
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -109,6 +132,7 @@ Host pve9 172.21.20.9
 Host storage1.kube.k-space.ee 172.21.3.71
    User root
    Hostname 172.21.3.71
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -116,6 +140,7 @@ Host storage1.kube.k-space.ee 172.21.3.71
 Host storage2.kube.k-space.ee 172.21.3.72
    User root
    Hostname 172.21.3.72
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -123,6 +148,7 @@ Host storage2.kube.k-space.ee 172.21.3.72
 Host storage3.kube.k-space.ee 172.21.3.73
    User root
    Hostname 172.21.3.73
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -130,6 +156,7 @@ Host storage3.kube.k-space.ee 172.21.3.73
 Host storage4.kube.k-space.ee 172.21.3.74
    User root
    Hostname 172.21.3.74
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -137,6 +164,7 @@ Host storage4.kube.k-space.ee 172.21.3.74
 Host worker1.kube.k-space.ee 172.20.3.81
    User root
    Hostname 172.20.3.81
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -144,6 +172,7 @@ Host worker1.kube.k-space.ee 172.20.3.81
 Host worker2.kube.k-space.ee 172.20.3.82
    User root
    Hostname 172.20.3.82
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -151,6 +180,7 @@ Host worker2.kube.k-space.ee 172.20.3.82
 Host worker3.kube.k-space.ee 172.20.3.83
    User root
    Hostname 172.20.3.83
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -158,6 +188,7 @@ Host worker3.kube.k-space.ee 172.20.3.83
 Host worker4.kube.k-space.ee 172.20.3.84
    User root
    Hostname 172.20.3.84
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -165,6 +196,7 @@ Host worker4.kube.k-space.ee 172.20.3.84
 Host worker9.kube.k-space.ee 172.20.3.89
    User root
    Hostname 172.20.3.89
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
@@ -172,6 +204,7 @@ Host worker9.kube.k-space.ee 172.20.3.89
 Host workshopdoor 100.102.3.4
    User root
    Hostname 100.102.3.4
    Port 22
    GlobalKnownHostsFile known_hosts
    UserKnownHostsFile /dev/null
    ControlMaster auto
--- a/ansible/update-ssh-config.yaml
+++ b/ansible/update-ssh-config.yaml
@@ -5,31 +5,33 @@
  vars:
    targets: "{{ hostvars[groups['all']] }}"
  tasks:
    - name: Generate known_hosts
      ansible.builtin.copy:
        dest: known_hosts
        content: |
          # Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
          {% for host in groups['all'] | sort %}
          {{ lookup('ansible.builtin.pipe', 'ssh-keyscan -t ecdsa %s ' % (
              hostvars[host].get('ansible_host', host))) }} # {{ host }}
          {% endfor %}
    - name: Generate ssh_config
      ansible.builtin.copy:
        dest: ssh_config
        content: |
-          # Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
+          # Use `ansible-playbook update-ssh-config.yml` to update this file
          # Use `ssh -F ssh_config ...` to connect to target machine or
          # Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
          {% for host in groups['all'] | sort %}
          Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
              User root
              Hostname {{ hostvars[host].get('ansible_host', host) }}
              Port {{ hostvars[host].get('ansible_port', 22) }}
              GlobalKnownHostsFile known_hosts
              UserKnownHostsFile /dev/null
              ControlMaster auto
              ControlPersist 8h
          {% endfor %}
    - name: Generate known_hosts
      ansible.builtin.copy:
        dest: known_hosts
        content: |
          # Use `ansible-playbook update-ssh-config.yml` to update this file
          {% for host in groups['all'] | sort %}
          {{ lookup('ansible.builtin.pipe', 'ssh-keyscan -p %d -t ecdsa %s' % (
              hostvars[host].get('ansible_port', 22),
              hostvars[host].get('ansible_host', host))) }} # {{ host }}
          {% endfor %}
 - name: Pull authorized keys from Gitea
  hosts: localhost
@@ -60,7 +62,7 @@
        group: root
        mode: '0644'
        content: |
-          # Use `ansible-playbook ansible/update-ssh-config.yml` from https://git.k-space.ee/k-space/kube/ to update this file
+          # Use `ansible-playbook update-ssh-config.yml` from https://git.k-space.ee/k-space/kube/ to update this file
          {% for user in admins + extra_admins | unique | sort %}
          {% for line in lookup("ansible.builtin.file", user + ".keys").split("\n") %}
          {% if line.startswith("sk-") %}