orahost_ssh: added block with configure_cluster check

Author: Rendanic

changelogs/fragments/271-ssh.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - "orahost_ssh: added block with configure_cluster check (#271)"

playbooks/os.yml

@@ -10,8 +10,7 @@
     - common
     - orahost
     - orahost_storage
-    - name: orahost_ssh
-      when: configure_cluster | default(false)
+    - orahost_ssh
     - cxoracle
     - orahost_logrotate
 

roles/orahost_ssh/tasks/main.yml

@@ -1,56 +1,62 @@
 ---
-- name: ssh-keys | get public key for oracle user
-  ansible.builtin.shell: cat /home/{{ oracle_user }}/.ssh/id_rsa.pub
-  # noqa command-instead-of-shell no-changed-when
-  register: oracle_key
-  tags:
-    - sshkeys
+- name: Deploy SSH-Keys on Cluster
+  block:
 
-- name: ssh-keys | get public key for grid user
-  ansible.builtin.shell: cat /home/{{ grid_user }}/.ssh/id_rsa.pub
-  # noqa command-instead-of-shell
-  register: grid_key
-  when: role_separation
-  tags:
-    - sshkeys
+    - name: ssh-keys | get public key for oracle user
+      ansible.builtin.shell: cat /home/{{ oracle_user }}/.ssh/id_rsa.pub
+      # noqa command-instead-of-shell no-changed-when
+      register: oracle_key
+      tags:
+        - sshkeys
 
-- name: ssh-keys | Add keys for {{ oracle_user }} user
-  ansible.builtin.authorized_key: user={{ oracle_user }} key="{{ item[1] }}"
-  delegate_to: "{{ item[0] }}"
-  with_nested:
-    - "{{ groups[hostgroup] }}"
-    - "{{ oracle_key.stdout }}"
-  tags:
-    - sshkeys
-  when: oracle_key is defined
+    - name: ssh-keys | get public key for grid user
+      ansible.builtin.shell: cat /home/{{ grid_user }}/.ssh/id_rsa.pub
+      # noqa command-instead-of-shell
+      register: grid_key
+      when: role_separation
+      tags:
+        - sshkeys
 
-- name: ssh-keys | Add keys for {{ grid_user }} user
-  ansible.builtin.authorized_key: user={{ grid_user }} key="{{ item[1] }}"
-  delegate_to: "{{ item[0] }}"
-  with_nested:
-    - "{{ groups[hostgroup] }}"
-    - "{{ grid_key.stdout }}"
-  tags:
-    - sshkeys
-  when: role_separation and grid_key is defined
+    - name: ssh-keys | Add keys for {{ oracle_user }} user
+      ansible.builtin.authorized_key: user={{ oracle_user }} key="{{ item[1] }}"
+      delegate_to: "{{ item[0] }}"
+      with_nested:
+        - "{{ groups[hostgroup] }}"
+        - "{{ oracle_key.stdout }}"
+      tags:
+        - sshkeys
+      when: oracle_key is defined
 
-- name: ssh-keys | create .known_hosts
-  ansible.builtin.file:
-    path: "/home/{{ item }}/.ssh/known_hosts"
-    state: touch
-    owner: "{{ item }}"
-    group: "{{ oracle_group }}"
-    mode: 0600
-  with_items:
-    - "{{ oracle_user }}"
-    - "{% if role_separation %}{{ grid_user  }}{% else %}[]{% endif %}"
-  changed_when: false
-  tags: sshkeys,known_hosts
+    - name: ssh-keys | Add keys for {{ grid_user }} user
+      ansible.builtin.authorized_key: user={{ grid_user }} key="{{ item[1] }}"
+      delegate_to: "{{ item[0] }}"
+      with_nested:
+        - "{{ groups[hostgroup] }}"
+        - "{{ grid_key.stdout }}"
+      tags:
+        - sshkeys
+      when: role_separation and grid_key is defined
 
-- ansible.builtin.include: known-hosts.yml
-  with_items:
-    - "{{ oracle_user }}"
-    - "{% if role_separation  %}{{ grid_user }}{% else %}[]{% endif %}"
-  loop_control:
-    loop_var: user
-  tags: sshkeys,known_hosts
+    - name: ssh-keys | create .known_hosts
+      ansible.builtin.file:
+        path: "/home/{{ item }}/.ssh/known_hosts"
+        state: touch
+        owner: "{{ item }}"
+        group: "{{ oracle_group }}"
+        mode: 0600
+      with_items:
+        - "{{ oracle_user }}"
+        - "{% if role_separation %}{{ grid_user  }}{% else %}[]{% endif %}"
+      changed_when: false
+      tags: sshkeys,known_hosts
+
+    - ansible.builtin.include: known-hosts.yml
+      with_items:
+        - "{{ oracle_user }}"
+        - "{% if role_separation  %}{{ grid_user }}{% else %}[]{% endif %}"
+      loop_control:
+        loop_var: user
+      tags: sshkeys,known_hosts
+
+  when:
+    - configure_cluster | default(false)