Update readme, use "all" for awx

README.md

@@ -12,27 +12,219 @@ There are some playbooks that are meant to be ran locally. There are also cases
 * `init-rocky-ansible-host.yml` will need to be ran using that configuration file (if there are roles/collections needed)
 * **It is highly recommended that you change all `host: all` to `host: '{{ host }}'` as you may want more control.**
 
+## Notes on system deployment
+
+When provisioning a system, the minimum order of playbooks to run are:
+
+* ansible-ipa-management/role-rocky-ipa-client.yml
+* ansible-ops-management/init-rocky-system-config.yml
+
+The first ensures the system is enrolled with the IPA domain. The second ensures the basic minimum system configuration is completed, such as basic hardening, auditd rules, PAM, and others.
+
 ## Provides / Information
 
 This repository is for Infrastructure operations.
 
 ```
 .
-├── README.md
+├── adhoc-facts-refresh.yml
+├── adhoc-rabbitmqqueue.yml
+├── adhoc-rabbitmquser.yml
+├── collections
+│   ├── README.md
+│   └── requirements.yml
 ├── defaults
 │   └── main.yml
 ├── files
-│   └── README.md
+│   ├── etc
+│   │   ├── authselect
+│   │   │   └── custom
+│   │   │       └── sssd-rocky
+│   │   │           ├── CentOS-8-system-auth -> RedHat-8-system-auth
+│   │   │           ├── RedHat-8-system-auth
+│   │   │           ├── RedHat-9-nsswitch.conf
+│   │   │           ├── RedHat-9-system-auth
+│   │   │           ├── Rocky-8-system-auth -> RedHat-8-system-auth
+│   │   │           ├── Rocky-9-nsswitch.conf -> RedHat-9-nsswitch.conf
+│   │   │           └── Rocky-9-system-auth -> RedHat-9-system-auth
+│   │   ├── dynmotd
+│   │   ├── motd
+│   │   ├── pam.d
+│   │   │   ├── CentOS-7-system-auth-ac -> RedHat-7-system-auth-ac
+│   │   │   └── RedHat-7-system-auth-ac
+│   │   ├── rockybanner
+│   │   ├── sudoers.d
+│   │   │   └── cis
+│   │   └── systemd
+│   │       └── system
+│   │           └── noggin.service
+│   ├── home
+│   │   └── ansible
+│   ├── README.md
+│   ├── root
+│   │   └── 9-tmux.conf
+│   ├── tmp
+│   ├── usr
+│   │   └── local
+│   │       └── bin
+│   │           ├── dmidecode-pretty
+│   │           └── lock-wrapper
+│   └── var
+│       └── www
+│           └── mantisbt
+│               └── signup_page.php
 ├── handlers
 │   └── main.yml
-├── tasks
-│   └── main.yml
-├── templates
-│   └── README.md
-├── tests
+├── init-rocky-account-services.yml
+├── init-rocky-ansible-host.yml
+├── init-rocky-bugzilla.yml
+├── init-rocky-chrony.yml
+├── init-rocky-install-kvm-hosts.yml
+├── init-rocky-koji-ecosystem.yml
+├── init-rocky-mantisbt.yml
+├── init-rocky-noggin-theme.yml
+├── init-rocky-noggin.yml
+├── init-rocky-openqa-developer-host.yml
+├── init-rocky-postfix-relay.yml
+├── init-rocky-repo-servers.yml
+├── init-rocky-session-recording.yml
+├── init-rocky-system-config.yml
+├── local-ansible.cfg
+├── README.md
+├── role-rocky-bootstrap_staging.yml
+├── role-rocky-graylog.yml
+├── role-rocky-kojid-staging.yml
+├── role-rocky-kojid.yml
+├── role-rocky-kojihub-staging.yml
+├── role-rocky-kojihub.yml
+├── role-rocky-mirrormanager.yml
+├── role-rocky-monitoring.yml
+├── role-rocky-mqtt.yml
+├── role-rocky-node_exporter.yml
+├── role-rocky-pinnwand.yml
+├── role-rocky-rabbitmq.yml
+├── role-rocky-repopool.yml
+├── roles
 │   ├── README.md
+│   └── requirements.yml
+├── tasks
+│   ├── account_services.yml
+│   ├── auditd.yml
+│   ├── authentication.yml
+│   ├── banners.yml
+│   ├── bugzilla_install.yml
+│   ├── bugzilla.yml
+│   ├── chrony.yml
+│   ├── efs_mount.yml
+│   ├── grub.yml
+│   ├── harden.yml
+│   ├── init-koji.yml
+│   ├── koji_efs.yml
+│   ├── main.yml
+│   ├── mantis
+│   │   ├── mantispatch.yml
+│   │   └── mantis.yml
+│   ├── mirrormanager.yml
+│   ├── noggin.yml
+│   ├── openqa.yml
+│   ├── postfix_relay.yml
+│   ├── rabbitmq
+│   │   ├── rabbitmq.yml
+│   │   ├── topics.yml
+│   │   ├── users.yml
+│   │   └── vhost.yml
+│   ├── repository.yml
+│   ├── rsyncd.yml
+│   ├── scripts.yml
+│   ├── skel.yml
+│   ├── srpmproc.yml
+│   ├── ssh_config.yml
+│   ├── tlog.yml
+│   └── variable_loader_common.yml
+├── templates
+│   ├── etc
+│   │   ├── audit
+│   │   │   └── rules.d
+│   │   │       └── collection.rules.j2
+│   │   ├── chrony.conf.j2
+│   │   ├── httpd
+│   │   │   └── conf.d
+│   │   │       ├── bugzilla.conf.j2
+│   │   │       └── mantis.conf.j2
+│   │   ├── modprobe.d
+│   │   │   └── cis.conf.j2
+│   │   ├── postfix
+│   │   │   └── sasl_passwd.j2
+│   │   ├── rabbitmq
+│   │   │   ├── rabbitmq.conf.j2
+│   │   │   └── rabbitmq-env.conf.j2
+│   │   ├── resolv.conf.j2
+│   │   ├── rsyncd.conf.j2
+│   │   ├── rsyncd-motd
+│   │   ├── rsyslog.d
+│   │   ├── ssh
+│   │   │   ├── CentOS-8-sshd_config.j2 -> RedHat-8-sshd_config.j2
+│   │   │   ├── CentOS-9-sshd_config.j2 -> RedHat-9-sshd_config.j2
+│   │   │   ├── RedHat-8-sshd_config.j2
+│   │   │   ├── RedHat-9-60-infra.conf.j2
+│   │   │   ├── RedHat-9-sshd_config.j2
+│   │   │   ├── Rocky-8-sshd_config.j2 -> RedHat-8-sshd_config.j2
+│   │   │   ├── Rocky-9-60-infra.conf.j2 -> RedHat-9-60-infra.conf.j2
+│   │   │   └── Rocky-9-sshd_config.j2 -> RedHat-9-sshd_config.j2
+│   │   ├── sssd
+│   │   │   └── conf.d
+│   │   │       └── session-recording.conf
+│   │   └── tlog
+│   │       └── tlog-rec-session.conf
+│   ├── opt
+│   │   └── mirrormanager
+│   │       └── mirrormanager2.cfg.j2
+│   ├── README.md
+│   ├── tmp
+│   │   └── mantis_import.sql.j2
+│   └── var
+│       └── www
+│           ├── bugzilla
+│           │   ├── answer
+│           │   └── localconfig.j2
+│           └── mantis
+│               └── config
+│                   ├── config_inc.php.j2
+│                   ├── custom_constants_inc.php.j2
+│                   └── custom_strings_inc.php.j2
+├── tests
 │   ├── inventory
+│   ├── README.md
 │   └── test.yml
 └── vars
-    └── main.yml
+    ├── bugzilla.yml
+    ├── CentOS.yml -> RedHat.yml
+    ├── common.yml
+    ├── ipaserver.yml
+    ├── main.yml
+    ├── mantis.yml
+    ├── mirrormanager.yml
+    ├── mounts
+    │   ├── bootstrap_staging.yml
+    │   ├── mirrormanager.yml
+    │   ├── repopool.yml
+    │   └── srpmproc.yml
+    ├── mqtt.yml
+    ├── openqa.yml
+    ├── pinnwand.yml
+    ├── production
+    │   ├── koji-common.yml
+    │   ├── kojid.yml
+    │   └── kojihub.yml
+    ├── rabbitmq_topics.yml
+    ├── rabbitmq_users.yml
+    ├── rabbitmq_vhost.yml
+    ├── rabbitmq.yml
+    ├── RedHat.yml
+    ├── Rocky.yml -> RedHat.yml
+    ├── rsync.yml
+    └── staging
+        ├── koji-common.yml
+        ├── kojid.yml
+        └── kojihub.yml
 ```

role-rocky-rabbitmq.yml

@@ -1,7 +1,7 @@
 ---
 # Stands up a RabbitMQ Cluster
 - name: Configure RabbitMQ
-  hosts: '{{ host }}'
+  hosts: all
   become: true
   vars_files:
     # vars/vaults/encpass.yml

role-rocky-repopool.yml

@@ -1,12 +1,12 @@
 ---
 # Configures an instance to function as a HTTP serving member of repopool
-- name: Configure Repo Pool hosts
+- name: Configure Repo Pool hosts (rsync)
   hosts: all
   become: true
   vars_files:
-  # vars/vaults/encpass.yml
-  - vars/common.yml
-  - vars/mounts/repopool.yml
+    # vars/vaults/encpass.yml
+    - vars/common.yml
+    - vars/mounts/repopool.yml
 
   # This is to try to avoid the handler issue in pre/post tasks
   handlers:

tasks/authentication.yml

@@ -4,7 +4,10 @@
 - name: Enterprise Linux 8+ PAM Configuration
   when:
     - ansible_facts['os_family'] == 'RedHat'
-    - ansible_facts['distribution_major_version']|int >= 8
+    - (ansible_facts['distribution'] == 'Rocky') or
+      (ansible_facts['distribution'] == 'Fedora') or
+      (ansible_facts['distribution'] == 'RedHat') or
+      (ansible_facts['distribution'] == 'OracleLinux')
   block:
     - name: Ensure Custom Profile is removed
       ansible.builtin.file: