Options for bastion, SSH config, static inventory autogeneration

* At the provisioning stage, allow users to auto-generate SSH config,
  when using a static inventory.
* Run playbooks to provsion and post-provision as a separate, when
  using a bastion. This re-applies the SSH config, which ansible can't
  do on the fly.
* Support a pre-installed bastion node, colocated with the 1st infra
  node.
* With a bastion enabled, reduce floating IP footprint to infra and
  dns nodes only, effectively isolating a cluster in a private
  network.

Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>

1 files changed, 9 insertions, 2 deletions

diff --git a/playbooks/provisioning/openstack/provision-openstack.yml b/playbooks/provisioning/openstack/provision-openstack.yml
index 0cac37aaf..6ec944d56 100644
--- a/playbooks/provisioning/openstack/provision-openstack.yml
+++ b/playbooks/provisioning/openstack/provision-openstack.yml
@@ -12,13 +12,20 @@
       when: openstack_inventory|default('static') == 'static'
       inventory_path: "{{ openstack_inventory_path|default(inventory_dir) }}"
       private_ssh_key: "{{ openstack_private_ssh_key|default('~/.ssh/id_rsa') }}"
+      ssh_config_path: "{{ openstack_ssh_config_path|default('/tmp/ssh.config.openshift.ansible' + '.' + stack_name) }}"
+      ssh_user: "{{ ansible_user }}"
 
-- name: Refresh Server inventory
+- name: Refresh Server inventory or exit to apply SSH config
   hosts: localhost
   connection: local
   become: False
   gather_facts: False
   tasks:
-    - meta: refresh_inventory
+    - name: Exit to apply SSH config for a bastion
+      meta: end_play
+      when: openstack_use_bastion|default(False)|bool
+    - name: Refresh Server inventory
+      meta: refresh_inventory
 
 - include: post-provision-openstack.yml
+  when: not openstack_use_bastion|default(False)|bool