diff --git a/README.md b/README.md index 12a5a08..c39060b 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,13 @@ Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacem This repository is for IPA Management. +Setting up the initial domain is as so: + +* `role-rocky-ipa.yml` +* `role-rocky-replica.yml` +* `role-rocky-client.yml` (for any initial client machines) +* `init-rocky-ipa-team.yml` + ``` . ├── adhoc-ipabinder.yml @@ -15,27 +22,62 @@ This repository is for IPA Management. ├── adhoc-ipagetkeytab.yml ├── adhoc-ipagroup.yml ├── adhoc-ipaservice.yml +├── adhoc-ipauser-disable-pdr.yml ├── adhoc-ipauser-disable.yml ├── adhoc-ipauser-enable.yml ├── adhoc-ipauser.yml +├── collections +│   └── requirements.yml ├── defaults │   └── main.yml ├── files │   └── README.md ├── handlers │   └── main.yml +├── import-rockygroups.yml +├── import-rockyipaprivs.yml +├── import-rockypwpolicy.yml +├── import-rockysudo.yml +├── import-rockyusers.yml +├── init-rocky-ipa-internal-dns.yml +├── init-rocky-ipa-team.yml ├── README.md ├── role-rocky-ipa-client.yml ├── role-rocky-ipa-replica.yml ├── role-rocky-ipa.yml +├── roles +│   └── requirements.yml ├── tasks +│   ├── dns-ext.yml +│   ├── domain-prework.yml │   └── main.yml ├── templates -│   └── README.md +│   ├── etc +│   │   └── named +│   │   ├── ipa-ext.conf +│   │   └── ipa-options-ext.conf +│   ├── README.md +│   └── tmp +│   └── binder.update.j2 ├── tests │   ├── inventory │   ├── README.md │   └── test.yml └── vars + ├── ipa + │   ├── adminusers.yml + │   ├── agreements.yml + │   ├── common.yml + │   ├── fdns.yml + │   ├── groups.yml + │   ├── ipaclient.yml + │   ├── ipaprivs.yml + │   ├── ipareplica.yml + │   ├── ipaserver.yml + │   ├── rdns.yml + │   ├── sudorules.yml + │   ├── svcusers.yml + │   └── users.yml + ├── ipaserver.yml └── main.yml ``` diff --git a/vars/ipa/adminusers.yml b/vars/ipa/adminusers.yml index 6fac5e2..d99f21f 100644 --- a/vars/ipa/adminusers.yml +++ b/vars/ipa/adminusers.yml @@ -6,30 +6,12 @@ adminusers: password: ThisIsNotMyPassword1! title: Infrastructure IdM Manager loginshell: /bin/bash - - name: gmk2 - first: Gregory - last: Kurtzer - password: ThisIsNotMyPassword1! - title: Executive Director - loginshell: /bin/bash - - name: brian2 - first: Brian - last: Clemens - password: ThisIsNotMyPassword1! - title: Project Manager - loginshell: /bin/bash - name: neil2 first: Neil last: Hanlon password: ThisIsNotMyPassword1! title: Infrastructure Manager loginshell: /bin/bash - - name: rlh2 - first: R. Leigh - last: Hennig - password: ThisIsNotMyPassword1! - title: Operations Manager - loginshell: /bin/bash - name: rfelsburg2 first: Rob last: Felsburg @@ -42,10 +24,4 @@ adminusers: password: ThisIsNotMyPassword1! title: Infrastructure Manager loginshell: /bin/bash - - name: bagner2 - first: Benjamin - last: Agner - password: ThisIsNotMyPassword1! - title: Security Director - loginshell: /bin/bash ... diff --git a/vars/ipa/groups.yml b/vars/ipa/groups.yml index e3723a9..c96cf38 100644 --- a/vars/ipa/groups.yml +++ b/vars/ipa/groups.yml @@ -7,45 +7,27 @@ ipagroups: - neil - rlh - rfelsburg - - tg + - tgo - bagner - - group: operations - description: Operations Team - user: - - rlh - - rfelsburg - group: development description: Development Team - - group: qa - description: Quality Assurance Team - - group: marketing - description: Marketing - group: rocky description: Rocky Linux Team user: - label - gmk - brian - - hbjy - - jorp - neil - - rlh - rfelsburg - - tg - - bagner + - tgo - group: rockyadm description: Rocky Linux Administrators - Only Admin Accounts user: - label2 - - gmk2 - brian2 - - hbjy2 - - jorp2 - neil2 - - rlh2 - rfelsburg2 - tg2 - - bagner2 - group: gitadm description: Rocky Linux GitLab Admins user: @@ -53,8 +35,7 @@ ipagroups: - neil - rlh - rfelsburg - - tg - - hbjy + - tgo - group: gitusers description: Rocky Linux GitLab Users user: @@ -62,16 +43,14 @@ ipagroups: - neil - rlh - rfelsburg - - tg - - hbjy + - tgo - rockyautomation managers_users: - label - neil - rlh - rfelsburg - - tg - - hbjy + - tgo - group: services description: Rocky Linux Service Accounts user: @@ -82,18 +61,20 @@ ipagroups: - pubsub_federation - rockypubsub - rockyautomation - - group: iam - description: Rocky Linux Identity Management - user: - - label - managers_users: - - label - group: releng description: Rocky Linux Release Engineering user: - label + - mustafa + - skip + - pgreco + - tgo + - sherif + - neil managers_users: - label + - neil + - mustafa - group: mq_pub_readonly description: RabbitMQ ReadOnly ... diff --git a/vars/ipa/users.yml b/vars/ipa/users.yml index 26e6050..ddbcc3e 100644 --- a/vars/ipa/users.yml +++ b/vars/ipa/users.yml @@ -28,13 +28,6 @@ users: password: ThisIsNotMyPassword1! title: Infrastructure Manager loginshell: /bin/bash - - name: rlh - first: R. Leigh - last: Hennig - email: rlh@rockylinux.org - password: ThisIsNotMyPassword1! - title: Operations Manager - loginshell: /bin/bash - name: rfelsburg first: Rob last: Felsburg @@ -49,11 +42,4 @@ users: password: ThisIsNotMyPassword1! title: Infrastructure Manager loginshell: /bin/bash - - name: bagner - first: Benjamin - last: Agner - email: bagner@rockylinux.org - password: ThisIsNotMyPassword1! - title: Security Director - loginshell: /bin/bash ...