diff --git a/README.md b/README.md index 20cef55..fff1666 100644 --- a/README.md +++ b/README.md @@ -12,27 +12,219 @@ There are some playbooks that are meant to be ran locally. There are also cases * `init-rocky-ansible-host.yml` will need to be ran using that configuration file (if there are roles/collections needed) * **It is highly recommended that you change all `host: all` to `host: '{{ host }}'` as you may want more control.** +## Notes on system deployment + +When provisioning a system, the minimum order of playbooks to run are: + +* ansible-ipa-management/role-rocky-ipa-client.yml +* ansible-ops-management/init-rocky-system-config.yml + +The first ensures the system is enrolled with the IPA domain. The second ensures the basic minimum system configuration is completed, such as basic hardening, auditd rules, PAM, and others. + ## Provides / Information This repository is for Infrastructure operations. ``` . -├── README.md +├── adhoc-facts-refresh.yml +├── adhoc-rabbitmqqueue.yml +├── adhoc-rabbitmquser.yml +├── collections +│   ├── README.md +│   └── requirements.yml ├── defaults │   └── main.yml ├── files -│   └── README.md +│   ├── etc +│   │   ├── authselect +│   │   │   └── custom +│   │   │   └── sssd-rocky +│   │   │   ├── CentOS-8-system-auth -> RedHat-8-system-auth +│   │   │   ├── RedHat-8-system-auth +│   │   │   ├── RedHat-9-nsswitch.conf +│   │   │   ├── RedHat-9-system-auth +│   │   │   ├── Rocky-8-system-auth -> RedHat-8-system-auth +│   │   │   ├── Rocky-9-nsswitch.conf -> RedHat-9-nsswitch.conf +│   │   │   └── Rocky-9-system-auth -> RedHat-9-system-auth +│   │   ├── dynmotd +│   │   ├── motd +│   │   ├── pam.d +│   │   │   ├── CentOS-7-system-auth-ac -> RedHat-7-system-auth-ac +│   │   │   └── RedHat-7-system-auth-ac +│   │   ├── rockybanner +│   │   ├── sudoers.d +│   │   │   └── cis +│   │   └── systemd +│   │   └── system +│   │   └── noggin.service +│   ├── home +│   │   └── ansible +│   ├── README.md +│   ├── root +│   │   └── 9-tmux.conf +│   ├── tmp +│   ├── usr +│   │   └── local +│   │   └── bin +│   │   ├── dmidecode-pretty +│   │   └── lock-wrapper +│   └── var +│   └── www +│   └── mantisbt +│   └── signup_page.php ├── handlers │   └── main.yml -├── tasks -│   └── main.yml -├── templates -│   └── README.md -├── tests +├── init-rocky-account-services.yml +├── init-rocky-ansible-host.yml +├── init-rocky-bugzilla.yml +├── init-rocky-chrony.yml +├── init-rocky-install-kvm-hosts.yml +├── init-rocky-koji-ecosystem.yml +├── init-rocky-mantisbt.yml +├── init-rocky-noggin-theme.yml +├── init-rocky-noggin.yml +├── init-rocky-openqa-developer-host.yml +├── init-rocky-postfix-relay.yml +├── init-rocky-repo-servers.yml +├── init-rocky-session-recording.yml +├── init-rocky-system-config.yml +├── local-ansible.cfg +├── README.md +├── role-rocky-bootstrap_staging.yml +├── role-rocky-graylog.yml +├── role-rocky-kojid-staging.yml +├── role-rocky-kojid.yml +├── role-rocky-kojihub-staging.yml +├── role-rocky-kojihub.yml +├── role-rocky-mirrormanager.yml +├── role-rocky-monitoring.yml +├── role-rocky-mqtt.yml +├── role-rocky-node_exporter.yml +├── role-rocky-pinnwand.yml +├── role-rocky-rabbitmq.yml +├── role-rocky-repopool.yml +├── roles │   ├── README.md +│   └── requirements.yml +├── tasks +│   ├── account_services.yml +│   ├── auditd.yml +│   ├── authentication.yml +│   ├── banners.yml +│   ├── bugzilla_install.yml +│   ├── bugzilla.yml +│   ├── chrony.yml +│   ├── efs_mount.yml +│   ├── grub.yml +│   ├── harden.yml +│   ├── init-koji.yml +│   ├── koji_efs.yml +│   ├── main.yml +│   ├── mantis +│   │   ├── mantispatch.yml +│   │   └── mantis.yml +│   ├── mirrormanager.yml +│   ├── noggin.yml +│   ├── openqa.yml +│   ├── postfix_relay.yml +│   ├── rabbitmq +│   │   ├── rabbitmq.yml +│   │   ├── topics.yml +│   │   ├── users.yml +│   │   └── vhost.yml +│   ├── repository.yml +│   ├── rsyncd.yml +│   ├── scripts.yml +│   ├── skel.yml +│   ├── srpmproc.yml +│   ├── ssh_config.yml +│   ├── tlog.yml +│   └── variable_loader_common.yml +├── templates +│   ├── etc +│   │   ├── audit +│   │   │   └── rules.d +│   │   │   └── collection.rules.j2 +│   │   ├── chrony.conf.j2 +│   │   ├── httpd +│   │   │   └── conf.d +│   │   │   ├── bugzilla.conf.j2 +│   │   │   └── mantis.conf.j2 +│   │   ├── modprobe.d +│   │   │   └── cis.conf.j2 +│   │   ├── postfix +│   │   │   └── sasl_passwd.j2 +│   │   ├── rabbitmq +│   │   │   ├── rabbitmq.conf.j2 +│   │   │   └── rabbitmq-env.conf.j2 +│   │   ├── resolv.conf.j2 +│   │   ├── rsyncd.conf.j2 +│   │   ├── rsyncd-motd +│   │   ├── rsyslog.d +│   │   ├── ssh +│   │   │   ├── CentOS-8-sshd_config.j2 -> RedHat-8-sshd_config.j2 +│   │   │   ├── CentOS-9-sshd_config.j2 -> RedHat-9-sshd_config.j2 +│   │   │   ├── RedHat-8-sshd_config.j2 +│   │   │   ├── RedHat-9-60-infra.conf.j2 +│   │   │   ├── RedHat-9-sshd_config.j2 +│   │   │   ├── Rocky-8-sshd_config.j2 -> RedHat-8-sshd_config.j2 +│   │   │   ├── Rocky-9-60-infra.conf.j2 -> RedHat-9-60-infra.conf.j2 +│   │   │   └── Rocky-9-sshd_config.j2 -> RedHat-9-sshd_config.j2 +│   │   ├── sssd +│   │   │   └── conf.d +│   │   │   └── session-recording.conf +│   │   └── tlog +│   │   └── tlog-rec-session.conf +│   ├── opt +│   │   └── mirrormanager +│   │   └── mirrormanager2.cfg.j2 +│   ├── README.md +│   ├── tmp +│   │   └── mantis_import.sql.j2 +│   └── var +│   └── www +│   ├── bugzilla +│   │   ├── answer +│   │   └── localconfig.j2 +│   └── mantis +│   └── config +│   ├── config_inc.php.j2 +│   ├── custom_constants_inc.php.j2 +│   └── custom_strings_inc.php.j2 +├── tests │   ├── inventory +│   ├── README.md │   └── test.yml └── vars - └── main.yml + ├── bugzilla.yml + ├── CentOS.yml -> RedHat.yml + ├── common.yml + ├── ipaserver.yml + ├── main.yml + ├── mantis.yml + ├── mirrormanager.yml + ├── mounts + │   ├── bootstrap_staging.yml + │   ├── mirrormanager.yml + │   ├── repopool.yml + │   └── srpmproc.yml + ├── mqtt.yml + ├── openqa.yml + ├── pinnwand.yml + ├── production + │   ├── koji-common.yml + │   ├── kojid.yml + │   └── kojihub.yml + ├── rabbitmq_topics.yml + ├── rabbitmq_users.yml + ├── rabbitmq_vhost.yml + ├── rabbitmq.yml + ├── RedHat.yml + ├── Rocky.yml -> RedHat.yml + ├── rsync.yml + └── staging + ├── koji-common.yml + ├── kojid.yml + └── kojihub.yml ``` diff --git a/role-rocky-rabbitmq.yml b/role-rocky-rabbitmq.yml index e283e50..9a89245 100644 --- a/role-rocky-rabbitmq.yml +++ b/role-rocky-rabbitmq.yml @@ -1,7 +1,7 @@ --- # Stands up a RabbitMQ Cluster - name: Configure RabbitMQ - hosts: '{{ host }}' + hosts: all become: true vars_files: # vars/vaults/encpass.yml diff --git a/role-rocky-repopool.yml b/role-rocky-repopool.yml index 0799198..0a2ce89 100644 --- a/role-rocky-repopool.yml +++ b/role-rocky-repopool.yml @@ -1,12 +1,12 @@ --- # Configures an instance to function as a HTTP serving member of repopool -- name: Configure Repo Pool hosts +- name: Configure Repo Pool hosts (rsync) hosts: all become: true vars_files: - # vars/vaults/encpass.yml - - vars/common.yml - - vars/mounts/repopool.yml + # vars/vaults/encpass.yml + - vars/common.yml + - vars/mounts/repopool.yml # This is to try to avoid the handler issue in pre/post tasks handlers: diff --git a/tasks/authentication.yml b/tasks/authentication.yml index 9a3b4c5..43d1e61 100644 --- a/tasks/authentication.yml +++ b/tasks/authentication.yml @@ -4,7 +4,10 @@ - name: Enterprise Linux 8+ PAM Configuration when: - ansible_facts['os_family'] == 'RedHat' - - ansible_facts['distribution_major_version']|int >= 8 + - (ansible_facts['distribution'] == 'Rocky') or + (ansible_facts['distribution'] == 'Fedora') or + (ansible_facts['distribution'] == 'RedHat') or + (ansible_facts['distribution'] == 'OracleLinux') block: - name: Ensure Custom Profile is removed ansible.builtin.file: