Go to file
2024-04-08 11:50:53 -07:00
collections update collection requirements 2023-08-18 15:12:53 -07:00
defaults init 2022-02-26 20:19:20 -07:00
files Add rsyslog portions for further refinement 2024-04-02 13:48:55 -07:00
handlers Add rsyslog portions for further refinement 2024-04-02 13:48:55 -07:00
roles delegate to first in list 2023-07-15 18:51:26 -07:00
tasks add missing faillock configuration 2024-04-08 11:50:53 -07:00
templates add missing faillock configuration 2024-04-08 11:50:53 -07:00
tests init 2022-02-26 20:19:20 -07:00
vars add missing faillock configuration 2024-04-08 11:50:53 -07:00
.ansible-lint init 2022-02-26 20:19:20 -07:00
.gitignore Use FQCN 2022-03-27 22:01:23 -07:00
.pre-commit-config.yaml update pre-commit config 2023-02-15 16:51:44 -07:00
.yamllint init 2022-02-26 20:19:20 -07:00
adhoc-facts-refresh.yml Use FQCN 2022-03-27 22:01:23 -07:00
adhoc-rabbitmqqueue.yml change host to match inv hostgroup names 2024-02-10 17:31:11 -07:00
adhoc-rabbitmquser.yml change host to match inv hostgroup names 2024-02-10 17:31:11 -07:00
init-rocky-account-services.yml change host to match inv hostgroup names 2024-02-10 17:31:11 -07:00
init-rocky-ansible-host.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-bugzilla.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-chrony.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-install-kvm-hosts.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-koji-ecosystem.yml add koji playbooks to ops repo 2023-04-13 15:19:30 -07:00
init-rocky-mantisbt.yml change host to match inv hostgroup names 2024-02-10 17:31:11 -07:00
init-rocky-noggin-theme.yml change host to match inv hostgroup names 2024-02-10 17:31:11 -07:00
init-rocky-noggin.yml change host to match inv hostgroup names 2024-02-10 17:31:11 -07:00
init-rocky-openqa-developer-host.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-postfix-relay.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-session-recording.yml fix tlogging 2023-04-21 21:46:27 -07:00
init-rocky-simple-builder.yml Users should be part of the mock group 2023-08-18 14:45:12 -07:00
init-rocky-syslog-client.yml Add rsyslog portions for further refinement 2024-04-02 13:48:55 -07:00
init-rocky-system-config.yml add syslog playbook for future use 2023-12-22 14:30:08 -07:00
local-ansible.cfg init 2022-02-26 20:19:20 -07:00
README.md Update readme, use "all" for awx 2023-08-13 23:25:05 -07:00
role-rocky-bootstrap_staging.yml Use FQCN 2022-03-27 22:01:23 -07:00
role-rocky-graylog.yml Use FQCN 2022-03-27 22:01:23 -07:00
role-rocky-kojid-staging.yml copr is only for 8 2023-09-20 23:34:00 -07:00
role-rocky-kojid.yml copr is only for 8 2023-09-20 23:34:00 -07:00
role-rocky-kojihub-staging.yml copr is only for 8 2023-09-20 23:34:00 -07:00
role-rocky-kojihub.yml copr is only for 8 2023-09-20 23:34:00 -07:00
role-rocky-mirrormanager.yml change host to match inv hostgroup names 2024-02-10 17:31:11 -07:00
role-rocky-monitoring.yml Use FQCN 2022-03-27 22:01:23 -07:00
role-rocky-mqtt.yml use crb handlers 2023-04-22 00:57:00 -07:00
role-rocky-netbox.yml adjust more netbox, vars for mantis 2024-03-31 23:44:11 -07:00
role-rocky-node_exporter.yml Use FQCN 2022-03-27 22:01:23 -07:00
role-rocky-pinnwand.yml Use FQCN 2022-03-27 22:01:23 -07:00
role-rocky-rabbitmq-mbs.yml rabbitmq: prepare for different rabbitmq clusters 2024-03-26 23:46:26 -07:00
role-rocky-rabbitmq.yml change cluster_tag to env, require cluster_name 2024-04-02 12:04:42 -07:00
role-rocky-repopool-http.yml change host to match inv hostgroup names 2024-02-10 17:31:11 -07:00
role-rocky-repopool-rsync.yml change host to match inv hostgroup names 2024-02-10 17:31:11 -07:00
role-rocky-rss-feed.yml change host to match inv hostgroup names 2024-02-10 17:31:11 -07:00
role-rocky-syslog-server.yml Add rsyslog portions for further refinement 2024-04-02 13:48:55 -07:00

Ansible AWX Template: Ops Management

Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacement for using the CLI. This template is used specifically for management of systems and infrastructure and takes bits and pieces from the original infrastructure git repository on GitHub.

This repository may include duplicate playbooks from other ansible management repositories. Some pieces may also be removed and put into their own repository.

Notes on local runs and playbooks for local development systems

There are some playbooks that are meant to be ran locally. There are also cases where AWX is not feasible. To run said playbooks, these are things to keep in mind:

  • local-ansible.cfg will need to be used
  • init-rocky-ansible-host.yml will need to be ran using that configuration file (if there are roles/collections needed)
  • It is highly recommended that you change all host: all to host: '{{ host }}' as you may want more control.

Notes on system deployment

When provisioning a system, the minimum order of playbooks to run are:

  • ansible-ipa-management/role-rocky-ipa-client.yml
  • ansible-ops-management/init-rocky-system-config.yml

The first ensures the system is enrolled with the IPA domain. The second ensures the basic minimum system configuration is completed, such as basic hardening, auditd rules, PAM, and others.

Provides / Information

This repository is for Infrastructure operations.

.
├── adhoc-facts-refresh.yml
├── adhoc-rabbitmqqueue.yml
├── adhoc-rabbitmquser.yml
├── collections
│   ├── README.md
│   └── requirements.yml
├── defaults
│   └── main.yml
├── files
│   ├── etc
│   │   ├── authselect
│   │   │   └── custom
│   │   │       └── sssd-rocky
│   │   │           ├── CentOS-8-system-auth -> RedHat-8-system-auth
│   │   │           ├── RedHat-8-system-auth
│   │   │           ├── RedHat-9-nsswitch.conf
│   │   │           ├── RedHat-9-system-auth
│   │   │           ├── Rocky-8-system-auth -> RedHat-8-system-auth
│   │   │           ├── Rocky-9-nsswitch.conf -> RedHat-9-nsswitch.conf
│   │   │           └── Rocky-9-system-auth -> RedHat-9-system-auth
│   │   ├── dynmotd
│   │   ├── motd
│   │   ├── pam.d
│   │   │   ├── CentOS-7-system-auth-ac -> RedHat-7-system-auth-ac
│   │   │   └── RedHat-7-system-auth-ac
│   │   ├── rockybanner
│   │   ├── sudoers.d
│   │   │   └── cis
│   │   └── systemd
│   │       └── system
│   │           └── noggin.service
│   ├── home
│   │   └── ansible
│   ├── README.md
│   ├── root
│   │   └── 9-tmux.conf
│   ├── tmp
│   ├── usr
│   │   └── local
│   │       └── bin
│   │           ├── dmidecode-pretty
│   │           └── lock-wrapper
│   └── var
│       └── www
│           └── mantisbt
│               └── signup_page.php
├── handlers
│   └── main.yml
├── init-rocky-account-services.yml
├── init-rocky-ansible-host.yml
├── init-rocky-bugzilla.yml
├── init-rocky-chrony.yml
├── init-rocky-install-kvm-hosts.yml
├── init-rocky-koji-ecosystem.yml
├── init-rocky-mantisbt.yml
├── init-rocky-noggin-theme.yml
├── init-rocky-noggin.yml
├── init-rocky-openqa-developer-host.yml
├── init-rocky-postfix-relay.yml
├── init-rocky-repo-servers.yml
├── init-rocky-session-recording.yml
├── init-rocky-system-config.yml
├── local-ansible.cfg
├── README.md
├── role-rocky-bootstrap_staging.yml
├── role-rocky-graylog.yml
├── role-rocky-kojid-staging.yml
├── role-rocky-kojid.yml
├── role-rocky-kojihub-staging.yml
├── role-rocky-kojihub.yml
├── role-rocky-mirrormanager.yml
├── role-rocky-monitoring.yml
├── role-rocky-mqtt.yml
├── role-rocky-node_exporter.yml
├── role-rocky-pinnwand.yml
├── role-rocky-rabbitmq.yml
├── role-rocky-repopool.yml
├── roles
│   ├── README.md
│   └── requirements.yml
├── tasks
│   ├── account_services.yml
│   ├── auditd.yml
│   ├── authentication.yml
│   ├── banners.yml
│   ├── bugzilla_install.yml
│   ├── bugzilla.yml
│   ├── chrony.yml
│   ├── efs_mount.yml
│   ├── grub.yml
│   ├── harden.yml
│   ├── init-koji.yml
│   ├── koji_efs.yml
│   ├── main.yml
│   ├── mantis
│   │   ├── mantispatch.yml
│   │   └── mantis.yml
│   ├── mirrormanager.yml
│   ├── noggin.yml
│   ├── openqa.yml
│   ├── postfix_relay.yml
│   ├── rabbitmq
│   │   ├── rabbitmq.yml
│   │   ├── topics.yml
│   │   ├── users.yml
│   │   └── vhost.yml
│   ├── repository.yml
│   ├── rsyncd.yml
│   ├── scripts.yml
│   ├── skel.yml
│   ├── srpmproc.yml
│   ├── ssh_config.yml
│   ├── tlog.yml
│   └── variable_loader_common.yml
├── templates
│   ├── etc
│   │   ├── audit
│   │   │   └── rules.d
│   │   │       └── collection.rules.j2
│   │   ├── chrony.conf.j2
│   │   ├── httpd
│   │   │   └── conf.d
│   │   │       ├── bugzilla.conf.j2
│   │   │       └── mantis.conf.j2
│   │   ├── modprobe.d
│   │   │   └── cis.conf.j2
│   │   ├── postfix
│   │   │   └── sasl_passwd.j2
│   │   ├── rabbitmq
│   │   │   ├── rabbitmq.conf.j2
│   │   │   └── rabbitmq-env.conf.j2
│   │   ├── resolv.conf.j2
│   │   ├── rsyncd.conf.j2
│   │   ├── rsyncd-motd
│   │   ├── rsyslog.d
│   │   ├── ssh
│   │   │   ├── CentOS-8-sshd_config.j2 -> RedHat-8-sshd_config.j2
│   │   │   ├── CentOS-9-sshd_config.j2 -> RedHat-9-sshd_config.j2
│   │   │   ├── RedHat-8-sshd_config.j2
│   │   │   ├── RedHat-9-60-infra.conf.j2
│   │   │   ├── RedHat-9-sshd_config.j2
│   │   │   ├── Rocky-8-sshd_config.j2 -> RedHat-8-sshd_config.j2
│   │   │   ├── Rocky-9-60-infra.conf.j2 -> RedHat-9-60-infra.conf.j2
│   │   │   └── Rocky-9-sshd_config.j2 -> RedHat-9-sshd_config.j2
│   │   ├── sssd
│   │   │   └── conf.d
│   │   │       └── session-recording.conf
│   │   └── tlog
│   │       └── tlog-rec-session.conf
│   ├── opt
│   │   └── mirrormanager
│   │       └── mirrormanager2.cfg.j2
│   ├── README.md
│   ├── tmp
│   │   └── mantis_import.sql.j2
│   └── var
│       └── www
│           ├── bugzilla
│           │   ├── answer
│           │   └── localconfig.j2
│           └── mantis
│               └── config
│                   ├── config_inc.php.j2
│                   ├── custom_constants_inc.php.j2
│                   └── custom_strings_inc.php.j2
├── tests
│   ├── inventory
│   ├── README.md
│   └── test.yml
└── vars
    ├── bugzilla.yml
    ├── CentOS.yml -> RedHat.yml
    ├── common.yml
    ├── ipaserver.yml
    ├── main.yml
    ├── mantis.yml
    ├── mirrormanager.yml
    ├── mounts
    │   ├── bootstrap_staging.yml
    │   ├── mirrormanager.yml
    │   ├── repopool.yml
    │   └── srpmproc.yml
    ├── mqtt.yml
    ├── openqa.yml
    ├── pinnwand.yml
    ├── production
    │   ├── koji-common.yml
    │   ├── kojid.yml
    │   └── kojihub.yml
    ├── rabbitmq_topics.yml
    ├── rabbitmq_users.yml
    ├── rabbitmq_vhost.yml
    ├── rabbitmq.yml
    ├── RedHat.yml
    ├── Rocky.yml -> RedHat.yml
    ├── rsync.yml
    └── staging
        ├── koji-common.yml
        ├── kojid.yml
        └── kojihub.yml