From 991360bbaa414ad356f5cdb00646182d94e584c5 Mon Sep 17 00:00:00 2001 From: Louis Abel Date: Sat, 22 Apr 2023 00:58:06 -0700 Subject: [PATCH] update handlers and fix template --- handlers/main.yml | 10 ++++++++ role-rocky-ipa-replica.yml | 38 +++-------------------------- role-rocky-ipa.yml | 38 +++-------------------------- tasks/domain-prework.yml | 42 ++++++++++++++++++++++++++++++++ templates/etc/named/ipa-ext.conf | 2 +- 5 files changed, 59 insertions(+), 71 deletions(-) create mode 100644 tasks/domain-prework.yml diff --git a/handlers/main.yml b/handlers/main.yml index 644f929..e007b42 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -9,4 +9,14 @@ ansible.builtin.service: name: named state: restarted + +- name: enable_firewalld + ansible.builtin.service: + name: firewalld + state: started + enabled: true + +- name: enable_crb + ansible.builtin.shell: "set -o pipefail && /usr/bin/crb enable" + changed_when: "1 != 1" ... diff --git a/role-rocky-ipa-replica.yml b/role-rocky-ipa-replica.yml index 7edafa0..435293e 100644 --- a/role-rocky-ipa-replica.yml +++ b/role-rocky-ipa-replica.yml @@ -25,40 +25,8 @@ success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" - - name: Ensure 'dns=none' is set for Network Manager - community.general.ini_file: - path: /etc/NetworkManager/NetworkManager.conf - state: present - no_extra_spaces: true - section: main - option: dns - value: none - owner: root - group: root - mode: '0644' - backup: true - notify: - - reload_networkmanager - - - name: Ensure epel-release is installed - ansible.builtin.dnf: - name: epel-release - state: present - - - name: Enable CRB - ansible.builtin.shell: "set -o pipefail && /usr/bin/crb enable" - - - name: Install ipa-fas - ansible.builtin.dnf: - name: ipa-fas - state: present - - - name: Open firewalld service before hand - ansible.posix.firewalld: - service: freeipa-4 - permanent: true - immediate: true - state: enabled + - name: Perform domain pre-work + ansible.builtin.import_tasks: tasks/domain-prework.yml roles: - role: freeipa.ansible_freeipa.ipareplica @@ -74,5 +42,5 @@ group: root - name: Configure recursion for private nets - import_tasks: tasks/dns-ext.yml + ansible.builtin.import_tasks: tasks/dns-ext.yml ... diff --git a/role-rocky-ipa.yml b/role-rocky-ipa.yml index 6e77f02..8b97fc4 100644 --- a/role-rocky-ipa.yml +++ b/role-rocky-ipa.yml @@ -30,40 +30,8 @@ success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" - - name: Ensure 'dns=none' is set for Network Manager to avoid change - community.general.ini_file: - path: /etc/NetworkManager/NetworkManager.conf - state: present - no_extra_spaces: true - section: main - option: dns - value: none - owner: root - group: root - mode: '0644' - backup: true - notify: - - reload_networkmanager - - - name: Ensure epel-release is installed - ansible.builtin.dnf: - name: epel-release - state: present - - - name: Enable CRB - ansible.builtin.shell: "set -o pipefail && /usr/bin/crb enable" - - - name: Install ipa-fas - ansible.builtin.dnf: - name: ipa-fas - state: present - - - name: Open firewalld service before hand - ansible.posix.firewalld: - service: freeipa-4 - permanent: true - immediate: true - state: enabled + - name: Perform domain pre-work + ansible.builtin.import_tasks: tasks/domain-prework.yml roles: - role: freeipa.ansible_freeipa.ipaserver @@ -84,5 +52,5 @@ allow_sync_ptr: true - name: Configure recursion for private nets - import_tasks: tasks/dns-ext.yml + ansible.builtin.import_tasks: tasks/dns-ext.yml ... diff --git a/tasks/domain-prework.yml b/tasks/domain-prework.yml new file mode 100644 index 0000000..e1ba557 --- /dev/null +++ b/tasks/domain-prework.yml @@ -0,0 +1,42 @@ +--- +- name: Ensure epel-release and firewalld are installed + ansible.builtin.dnf: + name: + - epel-release + - firewalld + state: present + notify: + - enable_firewalld + - enable_crb + +# We need this immediately. +- name: Flush handlers + ansible.builtin.meta: flush_handlers + +- name: Ensure 'dns=none' is set for Network Manager + community.general.ini_file: + path: /etc/NetworkManager/NetworkManager.conf + state: present + no_extra_spaces: true + section: main + option: dns + value: none + owner: root + group: root + mode: '0644' + backup: true + notify: + - reload_networkmanager + +- name: Install ipa-fas + ansible.builtin.dnf: + name: ipa-fas + state: present + +- name: Open firewalld service before hand + ansible.posix.firewalld: + service: freeipa-4 + permanent: true + immediate: true + state: enabled +... diff --git a/templates/etc/named/ipa-ext.conf b/templates/etc/named/ipa-ext.conf index 3bedd5d..cac563d 100644 --- a/templates/etc/named/ipa-ext.conf +++ b/templates/etc/named/ipa-ext.conf @@ -15,4 +15,4 @@ * }; */ -acl "trusted_nets" { {{ ipa_trusted_nets|join(';') }} }; +acl "trusted_nets" { {{ ipa_trusted_nets|join(';') }}; };