liudalibj
commented
5 months ago Verified the pr with a test playbook:
- name: Configure jumphost if network mode == 'NAT'
hosts: jumphost
tags: ssh, ssh_copy_id, section_1
gather_facts: true
vars_files:
- "{{ inventory_dir }}/group_vars/all.yaml"
vars:
ssh_target: ["{{ env.bastion.networking.ip }}", "{{ env.bastion.access.user }}", "{{ env.bastion.access.pass }}", "{{ env.jumphost.path_to_keypair }}"]
pre_tasks:
- name: Generate an OpenSSH keypair with the default values (4096 bits, RSA), if using jumphost for NAT.
tags: ssh_key_gen, ssh, section_1
community.crypto.openssh_keypair:
path: "{{ env.jumphost.path_to_keypair.split('.')[:-1] | join('.') }}"
passphrase: ""
regenerate: never
when: (env.network_mode | upper == "NAT") and (env.jumphost.ip is not none)
- block:
- name: Gather package facts
package_facts:
manager: auto
when: (env.network_mode | upper == "NAT") and (env.jumphost.ip is not none)
- name: Check if expect package is installed
set_fact:
expect_installed: "{{ 'expect' in ansible_facts.packages }}"
when: (env.network_mode | upper == "NAT") and (env.jumphost.ip is not none)
- name: Fail if expect package is not installed
fail:
msg: "'expect' package is not installed"
when: (env.network_mode | upper == "NAT") and (env.jumphost.ip is not none) and (not expect_installed)
rescue:
- name: Package 'expect' must be installed on the jumphost, attempting to install it. #Using 'block' and 'rescue' to avoid running the 'package' module (which requires 'sudo') unless necessary.
become: true
package:
name: expect
state: present
use: dnf
when: (env.network_mode | upper == "NAT") and (env.jumphost.ip is not none)
roles:
- role: ssh_copy_id
when: (env.network_mode | upper == "NAT") and (env.jumphost.ip is not none)
post_tasks:
- meta: clear_facts- when 'expect' is installed on jumphost
[root@a3elp66 Ansible-OpenShift-Provisioning]# ansible-playbook d1.yaml [WARNING]: Found both group and host with same name: jumphost
PLAY [Configure jumphost if network mode == 'NAT'] *****
TASK [Gathering Facts] ***** ok: [jumphost]
TASK [Generate an OpenSSH keypair with the default values (4096 bits, RSA), if using jumphost for NAT.] **** ok: [jumphost]
TASK [Gather package facts] **** ok: [jumphost]
TASK [Check if expect package is installed] **** ok: [jumphost]
TASK [Fail if expect package is not installed] ***** skipping: [jumphost]
TASK [ssh_copy_id : Load in variables] ***** ok: [jumphost]
TASK [ssh_copy_id : Delete SSH key from known hosts if it already exists for idempotency] ** changed: [jumphost]
TASK [ssh_copy_id : Use template file to create expect script] ***** changed: [jumphost -> 127.0.0.1]
TASK [ssh_copy_id : Copy expect file to jumphost first, if not running on localhost.] ** ok: [jumphost]
TASK [ssh_copy_id : Print results of copying ssh id to remote host] **** ok: [jumphost] => { "ssh_copy": "VARIABLE IS NOT DEFINED!" }
TASK [ssh_copy_id : Copy SSH ID from controller to remote host with pre-provided password.] **** skipping: [jumphost]
TASK [ssh_copy_id : Print results of copying ssh id to remote host] **** skipping: [jumphost]
TASK [ssh_copy_id : Copy SSH ID from jumphost to remote host with pre-provided password.] ** changed: [jumphost]
TASK [ssh_copy_id : Print results of copying ssh id to remote host] **** ok: [jumphost] => { "ssh_copy": { "changed": true, "cmd": [ "expect", "~/.ssh/ssh-copy-id-expect-pass.exp" ], "delta": "0:00:00.398599", "end": "2024-06-20 12:58:37.340610", "failed": false, "msg": "", "rc": 0, "start": "2024-06-20 12:58:36.942011", "stderr": "", "stderr_lines": [], "stdout": "spawn ssh-copy-id -f -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa-to-bastion.pub root@192.168.122.81\r\n/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: \"/root/.ssh/id_rsa-to-bastion.pub\"\r\n\rroot@192.168.122.81's password: \r\n\r\nNumber of key(s) added: 1\r\n\r\nNow try logging into the machine, with: \"ssh -o 'StrictHostKeyChecking=no' 'root@192.168.122.81'\"\r\nand check to make sure that only the key(s) you wanted were added.", "stdout_lines": [ "spawn ssh-copy-id -f -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa-to-bastion.pub root@192.168.122.81", "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: \"/root/.ssh/id_rsa-to-bastion.pub\"", "", "root@192.168.122.81's password: ", "", "Number of key(s) added: 1", "", "Now try logging into the machine, with: \"ssh -o 'StrictHostKeyChecking=no' 'root@192.168.122.81'\"", "and check to make sure that only the key(s) you wanted were added." ] } }
TASK [ssh_copy_id : Delete templated expect script on controller.] ***** changed: [jumphost -> 127.0.0.1]
TASK [ssh_copy_id : Delete templated expect script on jumphost.] *** ok: [jumphost]
TASK [ssh_copy_id : Ensure ssh-copy-id files folder exists for future runs.] *** ok: [jumphost -> 127.0.0.1]
TASK [meta] ****
PLAY RECAP ***** jumphost : ok=14 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
- when 'expect' is not install on jumphost[root@a3elp66 Ansible-OpenShift-Provisioning]# ansible-playbook d1.yaml [WARNING]: Found both group and host with same name: jumphost
PLAY [Configure jumphost if network mode == 'NAT'] *****
TASK [Gathering Facts] ***** ok: [jumphost]
TASK [Generate an OpenSSH keypair with the default values (4096 bits, RSA), if using jumphost for NAT.] **** ok: [jumphost]
TASK [Gather package facts] **** ok: [jumphost]
TASK [Check if expect package is installed] **** ok: [jumphost]
TASK [Fail if expect package is not installed] ***** fatal: [jumphost]: FAILED! => {"changed": false, "msg": "'expect' package is not installed"}
TASK [Package 'expect' must be installed on the jumphost, attempting to install it.] *** changed: [jumphost]
TASK [ssh_copy_id : Load in variables] ***** ok: [jumphost]
TASK [ssh_copy_id : Delete SSH key from known hosts if it already exists for idempotency] ** changed: [jumphost]
TASK [ssh_copy_id : Use template file to create expect script] ***** changed: [jumphost -> 127.0.0.1]
TASK [ssh_copy_id : Copy expect file to jumphost first, if not running on localhost.] ** ok: [jumphost]
TASK [ssh_copy_id : Print results of copying ssh id to remote host] **** ok: [jumphost] => { "ssh_copy": "VARIABLE IS NOT DEFINED!" }
TASK [ssh_copy_id : Copy SSH ID from controller to remote host with pre-provided password.] **** skipping: [jumphost]
TASK [ssh_copy_id : Print results of copying ssh id to remote host] **** skipping: [jumphost]
TASK [ssh_copy_id : Copy SSH ID from jumphost to remote host with pre-provided password.] ** changed: [jumphost]
TASK [ssh_copy_id : Print results of copying ssh id to remote host] **** ok: [jumphost] => { "ssh_copy": { "changed": true, "cmd": [ "expect", "~/.ssh/ssh-copy-id-expect-pass.exp" ], "delta": "0:00:01.086339", "end": "2024-06-20 13:00:24.292387", "failed": false, "msg": "", "rc": 0, "start": "2024-06-20 13:00:23.206048", "stderr": "", "stderr_lines": [], "stdout": "spawn ssh-copy-id -f -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa-to-bastion.pub root@192.168.122.81\r\n/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: \"/root/.ssh/id_rsa-to-bastion.pub\"\r\n\rroot@192.168.122.81's password: \r\n\r\nNumber of key(s) added: 1\r\n\r\nNow try logging into the machine, with: \"ssh -o 'StrictHostKeyChecking=no' 'root@192.168.122.81'\"\r\nand check to make sure that only the key(s) you wanted were added.", "stdout_lines": [ "spawn ssh-copy-id -f -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa-to-bastion.pub root@192.168.122.81", "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: \"/root/.ssh/id_rsa-to-bastion.pub\"", "", "root@192.168.122.81's password: ", "", "Number of key(s) added: 1", "", "Now try logging into the machine, with: \"ssh -o 'StrictHostKeyChecking=no' 'root@192.168.122.81'\"", "and check to make sure that only the key(s) you wanted were added." ] } }
TASK [ssh_copy_id : Delete templated expect script on controller.] ***** changed: [jumphost -> 127.0.0.1]
TASK [ssh_copy_id : Delete templated expect script on jumphost.] *** ok: [jumphost]
TASK [ssh_copy_id : Ensure ssh-copy-id files folder exists for future runs.] *** ok: [jumphost -> 127.0.0.1]
TASK [meta] ****
PLAY RECAP ***** jumphost : ok=15 changed=5 unreachable=0 failed=0 skipped=2 rescued=1 ignored=0
AmadeusPodvratnik
Fixes https://github.com/IBM/Ansible-OpenShift-Provisioning/issues/296
Signed-off-by: Da Li Liu liudali@cn.ibm.com