fdo-servers.yml

- name: Set up manufacturing_server
  hosts: manufacturing_server
  become: true
  gather_facts: true
  vars:
    manufacturing_server_generate_keys_and_certificates: false
    rendezvous_server: "{{ groups['rendezvous_server'][0] }}"
    manufacturing_server_rendezvous_info_ip_address: "{{ hostvars[rendezvous_server].ansible_host | default(hostvars[rendezvous_server].inventory_hostname) }}"
    localhost_manufacturing_server_certs_dir: "{{ playbook_dir }}/keys"
  roles:
    - community.fdo.setup_manufacturing_server
    - community.fdo.copy_manufacturing_server_certs_to_manufacturing_server
    - community.fdo.configure_manufacturing_server

- name: Set up rendezvous server
  hosts: rendezvous_server
  become: true
  gather_facts: true
  vars:
    copy_manufacturer_certs: false
    update_cert: false
    localhost_manufacturing_server_certs_dir: "{{ playbook_dir }}/keys"
  roles:
    - community.fdo.setup_rendezvous_server
    - community.fdo.copy_manufacturing_server_certs_to_rendezvous_server
    - community.fdo.configure_rendezvous_server

- name: Set up owner server
  hosts: owner_server
  become: true
  gather_facts: true
  vars:
    copy_manufacturer_certs: false
    update_keys_certs: false
    localhost_manufacturing_server_certs_dir: "{{ playbook_dir }}/keys"
    owner_onboarding_server_owner_addresses_ip_address: "{{ hostvars[inventory_hostname].ansible_host | default(inventory_hostname) }}"
    fdo_disk_label: /dev/vda4
    serviceinfo_api_server_config: |-
      initial_user:
        username: admin
        password: "{{ fdo_admin_password }}"
        sshkeys:
        - "{{ fdo_admin_ssh_key }}"
      commands:
      - command: touch
        args:
        - /var/tmp/fdo-onboard-success
        return_stdout: true
        return_stderr: true
      diskencryption_clevis:
      - disk_label: "{{ fdo_disk_label }}"
        binding:
          pin: tpm2
          config: "{}"
        reencrypt: true
      additional_serviceinfo: ~
  roles:
    - community.fdo.setup_owner_server
    - community.fdo.copy_manufacturing_server_certs_to_owner_server
    - community.fdo.configure_owner_server