diff --git a/changelogs/fragments/271-ssh.yml b/changelogs/fragments/271-ssh.yml new file mode 100644 index 000000000..e4aac6bc6 --- /dev/null +++ b/changelogs/fragments/271-ssh.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - "orahost_ssh: added block with configure_cluster check (#271)" diff --git a/playbooks/os.yml b/playbooks/os.yml index cb6b8f4f4..8decb9b9c 100644 --- a/playbooks/os.yml +++ b/playbooks/os.yml @@ -10,8 +10,7 @@ - common - orahost - orahost_storage - - name: orahost_ssh - when: configure_cluster | default(false) + - orahost_ssh - cxoracle - orahost_logrotate diff --git a/roles/orahost_ssh/tasks/main.yml b/roles/orahost_ssh/tasks/main.yml index 2edb563e2..846128fb7 100644 --- a/roles/orahost_ssh/tasks/main.yml +++ b/roles/orahost_ssh/tasks/main.yml @@ -1,56 +1,62 @@ --- -- name: ssh-keys | get public key for oracle user - ansible.builtin.shell: cat /home/{{ oracle_user }}/.ssh/id_rsa.pub - # noqa command-instead-of-shell no-changed-when - register: oracle_key - tags: - - sshkeys +- name: Deploy SSH-Keys on Cluster + block: -- name: ssh-keys | get public key for grid user - ansible.builtin.shell: cat /home/{{ grid_user }}/.ssh/id_rsa.pub - # noqa command-instead-of-shell - register: grid_key - when: role_separation - tags: - - sshkeys + - name: ssh-keys | get public key for oracle user + ansible.builtin.shell: cat /home/{{ oracle_user }}/.ssh/id_rsa.pub + # noqa command-instead-of-shell no-changed-when + register: oracle_key + tags: + - sshkeys -- name: ssh-keys | Add keys for {{ oracle_user }} user - ansible.builtin.authorized_key: user={{ oracle_user }} key="{{ item[1] }}" - delegate_to: "{{ item[0] }}" - with_nested: - - "{{ groups[hostgroup] }}" - - "{{ oracle_key.stdout }}" - tags: - - sshkeys - when: oracle_key is defined + - name: ssh-keys | get public key for grid user + ansible.builtin.shell: cat /home/{{ grid_user }}/.ssh/id_rsa.pub + # noqa command-instead-of-shell + register: grid_key + when: role_separation + tags: + - sshkeys -- name: ssh-keys | Add keys for {{ grid_user }} user - ansible.builtin.authorized_key: user={{ grid_user }} key="{{ item[1] }}" - delegate_to: "{{ item[0] }}" - with_nested: - - "{{ groups[hostgroup] }}" - - "{{ grid_key.stdout }}" - tags: - - sshkeys - when: role_separation and grid_key is defined + - name: ssh-keys | Add keys for {{ oracle_user }} user + ansible.builtin.authorized_key: user={{ oracle_user }} key="{{ item[1] }}" + delegate_to: "{{ item[0] }}" + with_nested: + - "{{ groups[hostgroup] }}" + - "{{ oracle_key.stdout }}" + tags: + - sshkeys + when: oracle_key is defined -- name: ssh-keys | create .known_hosts - ansible.builtin.file: - path: "/home/{{ item }}/.ssh/known_hosts" - state: touch - owner: "{{ item }}" - group: "{{ oracle_group }}" - mode: 0600 - with_items: - - "{{ oracle_user }}" - - "{% if role_separation %}{{ grid_user }}{% else %}[]{% endif %}" - changed_when: false - tags: sshkeys,known_hosts + - name: ssh-keys | Add keys for {{ grid_user }} user + ansible.builtin.authorized_key: user={{ grid_user }} key="{{ item[1] }}" + delegate_to: "{{ item[0] }}" + with_nested: + - "{{ groups[hostgroup] }}" + - "{{ grid_key.stdout }}" + tags: + - sshkeys + when: role_separation and grid_key is defined -- ansible.builtin.include: known-hosts.yml - with_items: - - "{{ oracle_user }}" - - "{% if role_separation %}{{ grid_user }}{% else %}[]{% endif %}" - loop_control: - loop_var: user - tags: sshkeys,known_hosts + - name: ssh-keys | create .known_hosts + ansible.builtin.file: + path: "/home/{{ item }}/.ssh/known_hosts" + state: touch + owner: "{{ item }}" + group: "{{ oracle_group }}" + mode: 0600 + with_items: + - "{{ oracle_user }}" + - "{% if role_separation %}{{ grid_user }}{% else %}[]{% endif %}" + changed_when: false + tags: sshkeys,known_hosts + + - ansible.builtin.include: known-hosts.yml + with_items: + - "{{ oracle_user }}" + - "{% if role_separation %}{{ grid_user }}{% else %}[]{% endif %}" + loop_control: + loop_var: user + tags: sshkeys,known_hosts + + when: + - configure_cluster | default(false)