From 677fd46cf37cab5f995170b3567939d784ebb07a Mon Sep 17 00:00:00 2001
From: Bogdan Dobrelya <bdobreli@redhat.com>
Date: Wed, 5 Jul 2017 12:46:57 +0200
Subject: Add bastion and ssh config for the static inventory role
* Autogenerate SSH config for static inventory and bastion.
* When using bastion, use FQDN for inventory's ansible_host and SSH
config's Hostname. Simplifies accessing nodes by names instead of
private IPs.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
---
roles/static_inventory/defaults/main.yml | 13 +++++++++++
roles/static_inventory/tasks/main.yml | 4 ++++
roles/static_inventory/tasks/openstack.yml | 25 ++++++++++++++++++++--
roles/static_inventory/tasks/sshconfig.yml | 13 +++++++++++
roles/static_inventory/templates/inventory.j2 | 4 ++++
.../templates/openstack_ssh_config.j2 | 21 ++++++++++++++++++
6 files changed, 78 insertions(+), 2 deletions(-)
create mode 100644 roles/static_inventory/tasks/sshconfig.yml
create mode 100644 roles/static_inventory/templates/openstack_ssh_config.j2
(limited to 'roles/static_inventory')
diff --git a/roles/static_inventory/defaults/main.yml b/roles/static_inventory/defaults/main.yml
index 315965cde..63de45646 100644
--- a/roles/static_inventory/defaults/main.yml
+++ b/roles/static_inventory/defaults/main.yml
@@ -4,5 +4,18 @@ refresh_inventory: True
inventory: static
inventory_path: ~/openstack-inventory
+# Either to configure bastion
+use_bastion: true
+
+# SSH user/key/options to access hosts via bastion
+ssh_user: openshift
+ssh_options: >-
+ -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
+ -o ConnectTimeout=90 -o ControlMaster=auto -o ControlPersist=270s
+ -o ServerAliveInterval=30 -o GSSAPIAuthentication=no
+
# SSH key to access nodes
private_ssh_key: ~/.ssh/openshift
+
+# The patch to store the generated config to access bastion/hosts
+ssh_config_path: /tmp/ssh.config.ansible
diff --git a/roles/static_inventory/tasks/main.yml b/roles/static_inventory/tasks/main.yml
index 15c81690e..b58866017 100644
--- a/roles/static_inventory/tasks/main.yml
+++ b/roles/static_inventory/tasks/main.yml
@@ -4,3 +4,7 @@
- name: Checkpoint in-memory data into a static inventory
include: checkpoint.yml
+
+- name: Generate SSH config for accessing hosts via bastion
+ include: sshconfig.yml
+ when: use_bastion|bool
diff --git a/roles/static_inventory/tasks/openstack.yml b/roles/static_inventory/tasks/openstack.yml
index a25502835..95d0d172f 100644
--- a/roles/static_inventory/tasks/openstack.yml
+++ b/roles/static_inventory/tasks/openstack.yml
@@ -16,12 +16,14 @@
- name: set_fact for openstack inventory nodes
set_fact:
+ registered_bastion_nodes: "{{ (registered_nodes_output.stdout | from_json) | json_query(q) }}"
registered_nodes_floating: "{{ (registered_nodes_output.stdout | from_json) | json_query(q2) }}"
vars:
q: "[] | [?metadata.group=='infra.{{stack_name}}']"
q2: "[] | [?metadata.clusterid=='{{stack_name}}'] | [?public_v4!='']"
when:
- refresh_inventory|bool
+ - use_bastion|bool
- name: Add cluster nodes w/o floating IPs to inventory
with_items: "{{ registered_nodes }}"
@@ -29,9 +31,11 @@
add_host:
name: '{{ item.name }}'
groups: '{{ item.metadata.group }}'
- ansible_host: '{{ item.private_v4 }}'
+ ansible_host: "{% if use_bastion|bool %}{{ item.name }}{% else %}{{ item.private_v4 }}{% endif %}"
ansible_fqdn: '{{ item.name }}'
+ ansible_user: '{{ ssh_user }}'
ansible_private_key_file: '{{ private_ssh_key }}'
+ ansible_ssh_extra_args: '-F {{ ssh_config_path }}'
private_v4: '{{ item.private_v4 }}'
- name: Add cluster nodes with floating IPs to inventory
@@ -40,8 +44,25 @@
add_host:
name: '{{ item.name }}'
groups: '{{ item.metadata.group }}'
- ansible_host: '{{ item.public_v4 }}'
+ ansible_host: "{% if use_bastion|bool %}{{ item.name }}{% else %}{{ item.private_v4 }}{% endif %}"
ansible_fqdn: '{{ item.name }}'
+ ansible_user: '{{ ssh_user }}'
ansible_private_key_file: '{{ private_ssh_key }}'
+ ansible_ssh_extra_args: '-F {{ ssh_config_path }}'
private_v4: '{{ item.private_v4 }}'
public_v4: '{{ item.public_v4 }}'
+
+ - name: Add bastion node to inventory
+ add_host:
+ name: bastion
+ groups: bastions
+ ansible_host: '{{ registered_bastion_nodes[0].public_v4 }}'
+ ansible_fqdn: '{{ registered_bastion_nodes[0].name }}'
+ ansible_user: '{{ ssh_user }}'
+ ansible_private_key_file: '{{ private_ssh_key }}'
+ ansible_ssh_extra_args: '-F {{ ssh_config_path }}'
+ private_v4: '{{ registered_bastion_nodes[0].private_v4 }}'
+ public_v4: '{{ registered_bastion_nodes[0].public_v4 }}'
+ when:
+ - registered_bastion_nodes is defined
+ - use_bastion|bool
diff --git a/roles/static_inventory/tasks/sshconfig.yml b/roles/static_inventory/tasks/sshconfig.yml
new file mode 100644
index 000000000..7119fe6ff
--- /dev/null
+++ b/roles/static_inventory/tasks/sshconfig.yml
@@ -0,0 +1,13 @@
+---
+- name: set ssh proxy command prefix for accessing nodes via bastion
+ set_fact:
+ ssh_proxy_command: >-
+ ssh {{ ssh_options }}
+ -i {{ private_ssh_key }}
+ {{ ssh_user }}@{{ hostvars['bastion'].ansible_host }}
+
+- name: regenerate ssh config
+ template:
+ src: openstack_ssh_config.j2
+ dest: "{{ ssh_config_path }}"
+ mode: 0644
diff --git a/roles/static_inventory/templates/inventory.j2 b/roles/static_inventory/templates/inventory.j2
index 464726a0b..ac74db35c 100644
--- a/roles/static_inventory/templates/inventory.j2
+++ b/roles/static_inventory/templates/inventory.j2
@@ -10,8 +10,12 @@
%} private_v4={{ hostvars[host]['private_v4'] }}{% endif %}
{% if 'public_v4' in hostvars[host]
%} public_v4={{ hostvars[host]['public_v4'] }}{% endif %}
+{% if 'ansible_user' in hostvars[host]
+%} ansible_user={{ hostvars[host]['ansible_user'] }}{% endif %}
{% if 'ansible_private_key_file' in hostvars[host]
%} ansible_private_key_file={{ hostvars[host]['ansible_private_key_file'] }}{% endif %}
+{% if 'ansible_ssh_extra_args' in hostvars[host]
+%} ansible_ssh_extra_args={{ hostvars[host]['ansible_ssh_extra_args']|quote }}{% endif %}
openshift_hostname={{ host }}
{% endif %}
diff --git a/roles/static_inventory/templates/openstack_ssh_config.j2 b/roles/static_inventory/templates/openstack_ssh_config.j2
new file mode 100644
index 000000000..ad5d1253a
--- /dev/null
+++ b/roles/static_inventory/templates/openstack_ssh_config.j2
@@ -0,0 +1,21 @@
+Host *
+ IdentitiesOnly yes
+
+Host bastion
+ Hostname {{ hostvars['bastion'].ansible_host }}
+ IdentityFile {{ hostvars['bastion'].ansible_private_key_file }}
+ User {{ ssh_user }}
+ StrictHostKeyChecking no
+ UserKnownHostsFile=/dev/null
+
+{% for host in groups['all'] | difference(groups['bastions'][0]) %}
+
+Host {{ host }}
+ Hostname {{ hostvars[host].ansible_host }}
+ ProxyCommand {{ ssh_proxy_command }} -W {{ hostvars[host].private_v4 }}:22
+ IdentityFile {{ hostvars[host].ansible_private_key_file }}
+ User {{ ssh_user }}
+ StrictHostKeyChecking no
+ UserKnownHostsFile=/dev/null
+
+{% endfor %}
--
cgit v1.2.3
From df8f5f0e251a014ab30dabd62c17e151b7fe36e8 Mon Sep 17 00:00:00 2001
From: Bogdan Dobrelya <bdobreli@redhat.com>
Date: Wed, 12 Jul 2017 13:09:45 +0200
Subject: Options for bastion, SSH config, static inventory autogeneration
* At the provisioning stage, allow users to auto-generate SSH config,
when using a static inventory.
* Run playbooks to provsion and post-provision as a separate, when
using a bastion. This re-applies the SSH config, which ansible can't
do on the fly.
* Support a pre-installed bastion node, colocated with the 1st infra
node.
* With a bastion enabled, reduce floating IP footprint to infra and
dns nodes only, effectively isolating a cluster in a private
network.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
---
roles/static_inventory/tasks/openstack.yml | 7 ++-----
roles/static_inventory/templates/inventory.j2 | 5 ++---
2 files changed, 4 insertions(+), 8 deletions(-)
(limited to 'roles/static_inventory')
diff --git a/roles/static_inventory/tasks/openstack.yml b/roles/static_inventory/tasks/openstack.yml
index 95d0d172f..499adf08c 100644
--- a/roles/static_inventory/tasks/openstack.yml
+++ b/roles/static_inventory/tasks/openstack.yml
@@ -23,11 +23,9 @@
q2: "[] | [?metadata.clusterid=='{{stack_name}}'] | [?public_v4!='']"
when:
- refresh_inventory|bool
- - use_bastion|bool
- name: Add cluster nodes w/o floating IPs to inventory
- with_items: "{{ registered_nodes }}"
- when: not item in registered_nodes_floating
+ with_items: "{{ registered_nodes|difference(registered_nodes_floating) }}"
add_host:
name: '{{ item.name }}'
groups: '{{ item.metadata.group }}'
@@ -40,11 +38,10 @@
- name: Add cluster nodes with floating IPs to inventory
with_items: "{{ registered_nodes_floating }}"
- when: item in registered_nodes_floating
add_host:
name: '{{ item.name }}'
groups: '{{ item.metadata.group }}'
- ansible_host: "{% if use_bastion|bool %}{{ item.name }}{% else %}{{ item.private_v4 }}{% endif %}"
+ ansible_host: "{% if use_bastion|bool %}{{ item.name }}{% else %}{{ item.public_v4 }}{% endif %}"
ansible_fqdn: '{{ item.name }}'
ansible_user: '{{ ssh_user }}'
ansible_private_key_file: '{{ private_ssh_key }}'
diff --git a/roles/static_inventory/templates/inventory.j2 b/roles/static_inventory/templates/inventory.j2
index ac74db35c..24dc9d4a8 100644
--- a/roles/static_inventory/templates/inventory.j2
+++ b/roles/static_inventory/templates/inventory.j2
@@ -14,9 +14,8 @@
%} ansible_user={{ hostvars[host]['ansible_user'] }}{% endif %}
{% if 'ansible_private_key_file' in hostvars[host]
%} ansible_private_key_file={{ hostvars[host]['ansible_private_key_file'] }}{% endif %}
-{% if 'ansible_ssh_extra_args' in hostvars[host]
-%} ansible_ssh_extra_args={{ hostvars[host]['ansible_ssh_extra_args']|quote }}{% endif %}
- openshift_hostname={{ host }}
+{% if use_bastion|bool and 'ansible_ssh_extra_args' in hostvars[host]
+%} ansible_ssh_extra_args={{ hostvars[host]['ansible_ssh_extra_args']|quote }}{% endif %} openshift_hostname={{ host }}
{% endif %}
{% endfor %}
--
cgit v1.2.3
From 784443b0d88597b988c3d5c58bc6358f5c73675e Mon Sep 17 00:00:00 2001
From: Bogdan Dobrelya <bdobreli@redhat.com>
Date: Tue, 15 Aug 2017 17:48:58 +0200
Subject: Support multiple private networks for static inventory (#604)
Add openstack_private_network_name to filter by a wanted private
network.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
---
roles/static_inventory/defaults/main.yml | 2 ++
roles/static_inventory/tasks/openstack.yml | 20 ++++++++++++++++----
2 files changed, 18 insertions(+), 4 deletions(-)
(limited to 'roles/static_inventory')
diff --git a/roles/static_inventory/defaults/main.yml b/roles/static_inventory/defaults/main.yml
index 63de45646..5b8aacf5c 100644
--- a/roles/static_inventory/defaults/main.yml
+++ b/roles/static_inventory/defaults/main.yml
@@ -19,3 +19,5 @@ private_ssh_key: ~/.ssh/openshift
# The patch to store the generated config to access bastion/hosts
ssh_config_path: /tmp/ssh.config.ansible
+
+openstack_private_network: private
diff --git a/roles/static_inventory/tasks/openstack.yml b/roles/static_inventory/tasks/openstack.yml
index 499adf08c..75d0ee6d5 100644
--- a/roles/static_inventory/tasks/openstack.yml
+++ b/roles/static_inventory/tasks/openstack.yml
@@ -29,12 +29,20 @@
add_host:
name: '{{ item.name }}'
groups: '{{ item.metadata.group }}'
- ansible_host: "{% if use_bastion|bool %}{{ item.name }}{% else %}{{ item.private_v4 }}{% endif %}"
+ ansible_host: >-
+ {% if use_bastion|bool -%}
+ {{ item.name }}
+ {%- else -%}
+ {%- set node = registered_nodes | json_query("[?name=='" + item.name + "']") -%}
+ {{ node[0].addresses[openstack_private_network|quote][0].addr }}
+ {%- endif %}
ansible_fqdn: '{{ item.name }}'
ansible_user: '{{ ssh_user }}'
ansible_private_key_file: '{{ private_ssh_key }}'
ansible_ssh_extra_args: '-F {{ ssh_config_path }}'
- private_v4: '{{ item.private_v4 }}'
+ private_v4: >-
+ {% set node = registered_nodes | json_query("[?name=='" + item.name + "']") -%}
+ {{ node[0].addresses[openstack_private_network|quote][0].addr }}
- name: Add cluster nodes with floating IPs to inventory
with_items: "{{ registered_nodes_floating }}"
@@ -46,7 +54,9 @@
ansible_user: '{{ ssh_user }}'
ansible_private_key_file: '{{ private_ssh_key }}'
ansible_ssh_extra_args: '-F {{ ssh_config_path }}'
- private_v4: '{{ item.private_v4 }}'
+ private_v4: >-
+ {% set node = registered_nodes | json_query("[?name=='" + item.name + "']") -%}
+ {{ node[0].addresses[openstack_private_network|quote][0].addr }}
public_v4: '{{ item.public_v4 }}'
- name: Add bastion node to inventory
@@ -58,7 +68,9 @@
ansible_user: '{{ ssh_user }}'
ansible_private_key_file: '{{ private_ssh_key }}'
ansible_ssh_extra_args: '-F {{ ssh_config_path }}'
- private_v4: '{{ registered_bastion_nodes[0].private_v4 }}'
+ private_v4: >-
+ {% set node = registered_nodes | json_query("[?name=='" + registered_bastion_nodes[0].name + "']") -%}
+ {{ node[0].addresses[openstack_private_network|quote][0].addr }}
public_v4: '{{ registered_bastion_nodes[0].public_v4 }}'
when:
- registered_bastion_nodes is defined
--
cgit v1.2.3
From 6ebad037254b0c254638f6e6dfbd48e451a1ceeb Mon Sep 17 00:00:00 2001
From: Bogdan Dobrelya <bdobreli@redhat.com>
Date: Wed, 16 Aug 2017 09:14:06 +0200
Subject: Access UI via a bastion node (#596)
When using a bastion and a single master, use the lb-secgrp
to access UI port allowed from the ingress bastion node cidr.
For HA (masters>1), UI still should be accessed via
the LB node's ingress cidr, omitting the bastion.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
---
roles/static_inventory/defaults/main.yml | 6 ++++++
roles/static_inventory/tasks/main.yml | 7 +++++++
roles/static_inventory/tasks/sshtun.yml | 15 +++++++++++++++
.../static_inventory/templates/ssh-tunnel.service.j2 | 20 ++++++++++++++++++++
4 files changed, 48 insertions(+)
create mode 100644 roles/static_inventory/tasks/sshtun.yml
create mode 100644 roles/static_inventory/templates/ssh-tunnel.service.j2
(limited to 'roles/static_inventory')
diff --git a/roles/static_inventory/defaults/main.yml b/roles/static_inventory/defaults/main.yml
index 5b8aacf5c..871700f8c 100644
--- a/roles/static_inventory/defaults/main.yml
+++ b/roles/static_inventory/defaults/main.yml
@@ -20,4 +20,10 @@ private_ssh_key: ~/.ssh/openshift
# The patch to store the generated config to access bastion/hosts
ssh_config_path: /tmp/ssh.config.ansible
+# The IP:port to make an SSH tunnel to access UI on the 1st master
+# via bastion node (requires sudo on the ansible control node)
+ui_ssh_tunnel: False
+ui_port: "{{ openshift_master_api_port | default(8443) }}"
+target_ip: "{{ hostvars[groups['masters.' + stack_name|quote][0]].private_v4 }}"
+
openstack_private_network: private
diff --git a/roles/static_inventory/tasks/main.yml b/roles/static_inventory/tasks/main.yml
index b58866017..24e11beb6 100644
--- a/roles/static_inventory/tasks/main.yml
+++ b/roles/static_inventory/tasks/main.yml
@@ -8,3 +8,10 @@
- name: Generate SSH config for accessing hosts via bastion
include: sshconfig.yml
when: use_bastion|bool
+
+- name: Configure SSH tunneling to access UI
+ include: sshtun.yml
+ become: true
+ when:
+ - use_bastion|bool
+ - ui_ssh_tunnel|bool
diff --git a/roles/static_inventory/tasks/sshtun.yml b/roles/static_inventory/tasks/sshtun.yml
new file mode 100644
index 000000000..b0e4c832c
--- /dev/null
+++ b/roles/static_inventory/tasks/sshtun.yml
@@ -0,0 +1,15 @@
+---
+- name: Create ssh tunnel systemd service
+ template:
+ src: ssh-tunnel.service.j2
+ dest: /etc/systemd/system/ssh-tunnel.service
+ mode: 0644
+
+- name: reload the systemctl daemon after file update
+ command: systemctl daemon-reload
+
+- name: Enable ssh tunnel service
+ service:
+ name: ssh-tunnel
+ enabled: true
+ state: restarted
diff --git a/roles/static_inventory/templates/ssh-tunnel.service.j2 b/roles/static_inventory/templates/ssh-tunnel.service.j2
new file mode 100644
index 000000000..0d1cf8f79
--- /dev/null
+++ b/roles/static_inventory/templates/ssh-tunnel.service.j2
@@ -0,0 +1,20 @@
+[Unit]
+Description=Set up ssh tunneling for OpenShift cluster UI
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/ssh -NT -o \
+ ServerAliveInterval=60 -o \
+ UserKnownHostsFile=/dev/null -o \
+ StrictHostKeyChecking=no -o \
+ ExitOnForwardFailure=no -i \
+ {{ private_ssh_key }} {{ ssh_user }}@{{ hostvars['bastion'].ansible_host }} \
+ -L 0.0.0.0:{{ ui_port }}:{{ target_ip }}:{{ ui_port }}
+
+
+# Restart every >2 seconds to avoid StartLimitInterval failure
+RestartSec=5
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--
cgit v1.2.3
From f4b584fcef4fad12be931631e0c95ac677799ee7 Mon Sep 17 00:00:00 2001
From: Bogdan Dobrelya <bdobreli@redhat.com>
Date: Wed, 16 Aug 2017 11:04:27 +0200
Subject: Add docs and defaults for multi-master setup
Additionally, add the lb group to contain lb nodes to the
static inventory template. Include the lb group into the
OSEv3 group, in order to apply the cluster group vars to it.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
---
roles/static_inventory/templates/inventory.j2 | 5 +++++
1 file changed, 5 insertions(+)
(limited to 'roles/static_inventory')
diff --git a/roles/static_inventory/templates/inventory.j2 b/roles/static_inventory/templates/inventory.j2
index 24dc9d4a8..987c98ec6 100644
--- a/roles/static_inventory/templates/inventory.j2
+++ b/roles/static_inventory/templates/inventory.j2
@@ -39,6 +39,7 @@ dns
[OSEv3:children]
nodes
etcd
+lb
# Set variables common for all OSEv3 hosts
#[OSEv3:vars]
@@ -68,6 +69,9 @@ nodes.{{ stack_name }}
[dns:children]
dns.{{ stack_name }}
+[lb:children]
+lb.{{ stack_name }}
+
# Empty placeholders for all groups of the cluster nodes
[masters.{{ stack_name }}]
[etcd.{{ stack_name }}]
@@ -75,6 +79,7 @@ dns.{{ stack_name }}
[nodes.{{ stack_name }}]
[app.{{ stack_name }}]
[dns.{{ stack_name }}]
+[lb.{{ stack_name }}]
# BEGIN Autogenerated groups
{% for group in groups %}
--
cgit v1.2.3
From daa0b91119d2c16860a19b4ead2d0d128f8bc5ce Mon Sep 17 00:00:00 2001
From: Tomas Sedovic <tomas@sedovic.cz>
Date: Wed, 6 Sep 2017 10:24:16 +0200
Subject: Allow using a provider network (#701)
* Allow using a provider network
This adds a new option `openstack_provider_network_name` which will take
a name of an existing network and put the servers there. It will also
prevent creating floating IP addresses as the provider network's IPs
should already be accessible without any additional routing required.
Fixes #622
* Requested changes
Don't fail on external/private networks and use role defaults for the
provider network.
* Add missing endif
---
roles/static_inventory/tasks/openstack.yml | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
(limited to 'roles/static_inventory')
diff --git a/roles/static_inventory/tasks/openstack.yml b/roles/static_inventory/tasks/openstack.yml
index 75d0ee6d5..e36974d93 100644
--- a/roles/static_inventory/tasks/openstack.yml
+++ b/roles/static_inventory/tasks/openstack.yml
@@ -24,6 +24,15 @@
when:
- refresh_inventory|bool
+ - name: set_fact for openstack inventory nodes with provider network
+ set_fact:
+ registered_nodes_floating: "{{ (registered_nodes_output.stdout | from_json) | json_query(q) }}"
+ vars:
+ q: "[] | [?metadata.clusterid=='{{stack_name}}'] | [?public_v4=='']"
+ when:
+ - refresh_inventory|bool
+ - openstack_provider_network_name|default(None)
+
- name: Add cluster nodes w/o floating IPs to inventory
with_items: "{{ registered_nodes|difference(registered_nodes_floating) }}"
add_host:
@@ -49,7 +58,14 @@
add_host:
name: '{{ item.name }}'
groups: '{{ item.metadata.group }}'
- ansible_host: "{% if use_bastion|bool %}{{ item.name }}{% else %}{{ item.public_v4 }}{% endif %}"
+ ansible_host: >-
+ {% if use_bastion|bool -%}
+ {{ item.name }}
+ {%- elif openstack_provider_network_name|default(None) -%}
+ {{ item.private_v4 }}
+ {%- else -%}
+ {{ item.public_v4 }}
+ {%- endif %}
ansible_fqdn: '{{ item.name }}'
ansible_user: '{{ ssh_user }}'
ansible_private_key_file: '{{ private_ssh_key }}'
@@ -57,7 +73,12 @@
private_v4: >-
{% set node = registered_nodes | json_query("[?name=='" + item.name + "']") -%}
{{ node[0].addresses[openstack_private_network|quote][0].addr }}
- public_v4: '{{ item.public_v4 }}'
+ public_v4: >-
+ {% if openstack_provider_network_name|default(None) -%}
+ {{ item.private_v4 }}
+ {%- else -%}
+ {{ item.public_v4 }}
+ {%- endif %}
- name: Add bastion node to inventory
add_host:
--
cgit v1.2.3