Update readme, use "all" for awx

This commit is contained in:
Louis Abel 2023-08-13 23:25:05 -07:00
parent 90c4496c77
commit bc87fdb86c
Signed by: label
GPG key ID: 3331F061D1D9990E
4 changed files with 209 additions and 14 deletions

208
README.md
View file

@ -12,27 +12,219 @@ There are some playbooks that are meant to be ran locally. There are also cases
* `init-rocky-ansible-host.yml` will need to be ran using that configuration file (if there are roles/collections needed)
* **It is highly recommended that you change all `host: all` to `host: '{{ host }}'` as you may want more control.**
## Notes on system deployment
When provisioning a system, the minimum order of playbooks to run are:
* ansible-ipa-management/role-rocky-ipa-client.yml
* ansible-ops-management/init-rocky-system-config.yml
The first ensures the system is enrolled with the IPA domain. The second ensures the basic minimum system configuration is completed, such as basic hardening, auditd rules, PAM, and others.
## Provides / Information
This repository is for Infrastructure operations.
```
.
├── README.md
├── adhoc-facts-refresh.yml
├── adhoc-rabbitmqqueue.yml
├── adhoc-rabbitmquser.yml
├── collections
│   ├── README.md
│   └── requirements.yml
├── defaults
│   └── main.yml
├── files
│   └── README.md
│   ├── etc
│   │   ├── authselect
│   │   │   └── custom
│   │   │   └── sssd-rocky
│   │   │   ├── CentOS-8-system-auth -> RedHat-8-system-auth
│   │   │   ├── RedHat-8-system-auth
│   │   │   ├── RedHat-9-nsswitch.conf
│   │   │   ├── RedHat-9-system-auth
│   │   │   ├── Rocky-8-system-auth -> RedHat-8-system-auth
│   │   │   ├── Rocky-9-nsswitch.conf -> RedHat-9-nsswitch.conf
│   │   │   └── Rocky-9-system-auth -> RedHat-9-system-auth
│   │   ├── dynmotd
│   │   ├── motd
│   │   ├── pam.d
│   │   │   ├── CentOS-7-system-auth-ac -> RedHat-7-system-auth-ac
│   │   │   └── RedHat-7-system-auth-ac
│   │   ├── rockybanner
│   │   ├── sudoers.d
│   │   │   └── cis
│   │   └── systemd
│   │   └── system
│   │   └── noggin.service
│   ├── home
│   │   └── ansible
│   ├── README.md
│   ├── root
│   │   └── 9-tmux.conf
│   ├── tmp
│   ├── usr
│   │   └── local
│   │   └── bin
│   │   ├── dmidecode-pretty
│   │   └── lock-wrapper
│   └── var
│   └── www
│   └── mantisbt
│   └── signup_page.php
├── handlers
│   └── main.yml
├── tasks
│   └── main.yml
├── templates
│   └── README.md
├── tests
├── init-rocky-account-services.yml
├── init-rocky-ansible-host.yml
├── init-rocky-bugzilla.yml
├── init-rocky-chrony.yml
├── init-rocky-install-kvm-hosts.yml
├── init-rocky-koji-ecosystem.yml
├── init-rocky-mantisbt.yml
├── init-rocky-noggin-theme.yml
├── init-rocky-noggin.yml
├── init-rocky-openqa-developer-host.yml
├── init-rocky-postfix-relay.yml
├── init-rocky-repo-servers.yml
├── init-rocky-session-recording.yml
├── init-rocky-system-config.yml
├── local-ansible.cfg
├── README.md
├── role-rocky-bootstrap_staging.yml
├── role-rocky-graylog.yml
├── role-rocky-kojid-staging.yml
├── role-rocky-kojid.yml
├── role-rocky-kojihub-staging.yml
├── role-rocky-kojihub.yml
├── role-rocky-mirrormanager.yml
├── role-rocky-monitoring.yml
├── role-rocky-mqtt.yml
├── role-rocky-node_exporter.yml
├── role-rocky-pinnwand.yml
├── role-rocky-rabbitmq.yml
├── role-rocky-repopool.yml
├── roles
│   ├── README.md
│   └── requirements.yml
├── tasks
│   ├── account_services.yml
│   ├── auditd.yml
│   ├── authentication.yml
│   ├── banners.yml
│   ├── bugzilla_install.yml
│   ├── bugzilla.yml
│   ├── chrony.yml
│   ├── efs_mount.yml
│   ├── grub.yml
│   ├── harden.yml
│   ├── init-koji.yml
│   ├── koji_efs.yml
│   ├── main.yml
│   ├── mantis
│   │   ├── mantispatch.yml
│   │   └── mantis.yml
│   ├── mirrormanager.yml
│   ├── noggin.yml
│   ├── openqa.yml
│   ├── postfix_relay.yml
│   ├── rabbitmq
│   │   ├── rabbitmq.yml
│   │   ├── topics.yml
│   │   ├── users.yml
│   │   └── vhost.yml
│   ├── repository.yml
│   ├── rsyncd.yml
│   ├── scripts.yml
│   ├── skel.yml
│   ├── srpmproc.yml
│   ├── ssh_config.yml
│   ├── tlog.yml
│   └── variable_loader_common.yml
├── templates
│   ├── etc
│   │   ├── audit
│   │   │   └── rules.d
│   │   │   └── collection.rules.j2
│   │   ├── chrony.conf.j2
│   │   ├── httpd
│   │   │   └── conf.d
│   │   │   ├── bugzilla.conf.j2
│   │   │   └── mantis.conf.j2
│   │   ├── modprobe.d
│   │   │   └── cis.conf.j2
│   │   ├── postfix
│   │   │   └── sasl_passwd.j2
│   │   ├── rabbitmq
│   │   │   ├── rabbitmq.conf.j2
│   │   │   └── rabbitmq-env.conf.j2
│   │   ├── resolv.conf.j2
│   │   ├── rsyncd.conf.j2
│   │   ├── rsyncd-motd
│   │   ├── rsyslog.d
│   │   ├── ssh
│   │   │   ├── CentOS-8-sshd_config.j2 -> RedHat-8-sshd_config.j2
│   │   │   ├── CentOS-9-sshd_config.j2 -> RedHat-9-sshd_config.j2
│   │   │   ├── RedHat-8-sshd_config.j2
│   │   │   ├── RedHat-9-60-infra.conf.j2
│   │   │   ├── RedHat-9-sshd_config.j2
│   │   │   ├── Rocky-8-sshd_config.j2 -> RedHat-8-sshd_config.j2
│   │   │   ├── Rocky-9-60-infra.conf.j2 -> RedHat-9-60-infra.conf.j2
│   │   │   └── Rocky-9-sshd_config.j2 -> RedHat-9-sshd_config.j2
│   │   ├── sssd
│   │   │   └── conf.d
│   │   │   └── session-recording.conf
│   │   └── tlog
│   │   └── tlog-rec-session.conf
│   ├── opt
│   │   └── mirrormanager
│   │   └── mirrormanager2.cfg.j2
│   ├── README.md
│   ├── tmp
│   │   └── mantis_import.sql.j2
│   └── var
│   └── www
│   ├── bugzilla
│   │   ├── answer
│   │   └── localconfig.j2
│   └── mantis
│   └── config
│   ├── config_inc.php.j2
│   ├── custom_constants_inc.php.j2
│   └── custom_strings_inc.php.j2
├── tests
│   ├── inventory
│   ├── README.md
│   └── test.yml
└── vars
└── main.yml
├── bugzilla.yml
├── CentOS.yml -> RedHat.yml
├── common.yml
├── ipaserver.yml
├── main.yml
├── mantis.yml
├── mirrormanager.yml
├── mounts
│   ├── bootstrap_staging.yml
│   ├── mirrormanager.yml
│   ├── repopool.yml
│   └── srpmproc.yml
├── mqtt.yml
├── openqa.yml
├── pinnwand.yml
├── production
│   ├── koji-common.yml
│   ├── kojid.yml
│   └── kojihub.yml
├── rabbitmq_topics.yml
├── rabbitmq_users.yml
├── rabbitmq_vhost.yml
├── rabbitmq.yml
├── RedHat.yml
├── Rocky.yml -> RedHat.yml
├── rsync.yml
└── staging
├── koji-common.yml
├── kojid.yml
└── kojihub.yml
```

View file

@ -1,7 +1,7 @@
---
# Stands up a RabbitMQ Cluster
- name: Configure RabbitMQ
hosts: '{{ host }}'
hosts: all
become: true
vars_files:
# vars/vaults/encpass.yml

View file

@ -1,12 +1,12 @@
---
# Configures an instance to function as a HTTP serving member of repopool
- name: Configure Repo Pool hosts
- name: Configure Repo Pool hosts (rsync)
hosts: all
become: true
vars_files:
# vars/vaults/encpass.yml
- vars/common.yml
- vars/mounts/repopool.yml
# vars/vaults/encpass.yml
- vars/common.yml
- vars/mounts/repopool.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:

View file

@ -4,7 +4,10 @@
- name: Enterprise Linux 8+ PAM Configuration
when:
- ansible_facts['os_family'] == 'RedHat'
- ansible_facts['distribution_major_version']|int >= 8
- (ansible_facts['distribution'] == 'Rocky') or
(ansible_facts['distribution'] == 'Fedora') or
(ansible_facts['distribution'] == 'RedHat') or
(ansible_facts['distribution'] == 'OracleLinux')
block:
- name: Ensure Custom Profile is removed
ansible.builtin.file: