107 lines
3.3 KiB
YAML
107 lines
3.3 KiB
YAML
---
|
|
# Node Onboarding Playbook
|
|
# Purpose: Bootstrap new nodes for Ansible management
|
|
# Usage: ansible-playbook playbooks/onboard-nodes.yml -k -K
|
|
# (-k prompts for SSH password, -K prompts for sudo password)
|
|
|
|
- name: Onboard new nodes to Ansible control
|
|
hosts: physical_servers
|
|
gather_facts: true
|
|
become: false
|
|
tasks:
|
|
- name: Gather OS facts
|
|
ansible.builtin.setup:
|
|
gather_subset:
|
|
- "!all"
|
|
- "!min"
|
|
- "network"
|
|
- "distribution"
|
|
|
|
- name: Display target host information
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
Onboarding {{ inventory_hostname }}
|
|
IP: {{ ansible_host }}
|
|
Distribution: {{ ansible_distribution }} {{ ansible_distribution_version }}
|
|
Architecture: {{ ansible_architecture }}
|
|
|
|
- name: Ensure .ssh directory exists
|
|
ansible.builtin.file:
|
|
path: "/home/{{ ansible_user }}/.ssh"
|
|
state: directory
|
|
mode: "0700"
|
|
owner: "{{ ansible_user }}"
|
|
group: "{{ ansible_user }}"
|
|
|
|
- name: Deploy watchtower SSH public key
|
|
ansible.builtin.authorized_key:
|
|
user: "{{ ansible_user }}"
|
|
state: present
|
|
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9ryXcRsMITcIW+Rc0t3Qou7XGfyIeihLR2PInySogp ansible@watchtower"
|
|
comment: "ansible@watchtower"
|
|
|
|
- name: Test passwordless sudo access
|
|
ansible.builtin.command: sudo -n true
|
|
register: sudo_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Display sudo access status
|
|
ansible.builtin.debug:
|
|
msg: >-
|
|
{% if sudo_check.rc == 0 %}
|
|
✅ Passwordless sudo is configured
|
|
{% else %}
|
|
⚠️ Passwordless sudo is NOT configured - some playbooks may require -K flag
|
|
{% endif %}
|
|
|
|
- name: Verify Python 3 is available
|
|
ansible.builtin.command: python3 --version
|
|
register: python_version
|
|
changed_when: false
|
|
|
|
- name: Display Python version
|
|
ansible.builtin.debug:
|
|
msg: "Python: {{ python_version.stdout }}"
|
|
|
|
- name: Check if Docker is installed
|
|
ansible.builtin.command: docker --version
|
|
register: docker_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Display Docker status
|
|
ansible.builtin.debug:
|
|
msg: >-
|
|
{% if docker_check.rc == 0 %}
|
|
✅ Docker installed: {{ docker_check.stdout }}
|
|
{% else %}
|
|
⚠️ Docker is NOT installed
|
|
{% endif %}
|
|
|
|
- name: Check NFS mount point
|
|
ansible.builtin.stat:
|
|
path: /mnt/appdata
|
|
register: nfs_mount
|
|
|
|
- name: Display NFS mount status
|
|
ansible.builtin.debug:
|
|
msg: >-
|
|
{% if nfs_mount.stat.exists %}
|
|
✅ /mnt/appdata exists
|
|
{% else %}
|
|
⚠️ /mnt/appdata does NOT exist
|
|
{% endif %}
|
|
|
|
- name: Create onboarding summary
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "=========================================="
|
|
- "Onboarding Complete for {{ inventory_hostname }}"
|
|
- "=========================================="
|
|
- "✅ SSH key deployed"
|
|
- "✅ Host is reachable"
|
|
- "Next steps:"
|
|
- " • Test connectivity: ansible {{ inventory_hostname }} -m ping"
|
|
- " • Verify sudo: ansible {{ inventory_hostname }} -b -m command -a 'whoami'"
|