Go to file
2023-08-18 14:45:12 -07:00
collections Use FQCN 2022-03-27 22:01:23 -07:00
defaults init 2022-02-26 20:19:20 -07:00
files fixes for system config 2023-08-14 00:14:33 -07:00
handlers delegate to first in list 2023-07-15 18:51:26 -07:00
roles delegate to first in list 2023-07-15 18:51:26 -07:00
tasks make auditd list autogenerate 2023-08-14 00:34:58 -07:00
templates fix auditd 2023-08-14 00:40:04 -07:00
tests init 2022-02-26 20:19:20 -07:00
vars make auditd list autogenerate 2023-08-14 00:34:58 -07:00
.ansible-lint init 2022-02-26 20:19:20 -07:00
.gitignore Use FQCN 2022-03-27 22:01:23 -07:00
.pre-commit-config.yaml update pre-commit config 2023-02-15 16:51:44 -07:00
.yamllint init 2022-02-26 20:19:20 -07:00
adhoc-facts-refresh.yml Use FQCN 2022-03-27 22:01:23 -07:00
adhoc-rabbitmqqueue.yml Use FQCN 2022-03-27 22:01:23 -07:00
adhoc-rabbitmquser.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-account-services.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-ansible-host.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-bugzilla.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-chrony.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-install-kvm-hosts.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-koji-ecosystem.yml add koji playbooks to ops repo 2023-04-13 15:19:30 -07:00
init-rocky-mantisbt.yml start to decommission rabbitmq role 2023-07-15 00:10:52 -07:00
init-rocky-noggin-theme.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-noggin.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-openqa-developer-host.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-postfix-relay.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-repo-servers.yml Use FQCN 2022-03-27 22:01:23 -07:00
init-rocky-session-recording.yml fix tlogging 2023-04-21 21:46:27 -07:00
init-rocky-simple-builder.yml Users should be part of the mock group 2023-08-18 14:45:12 -07:00
init-rocky-system-config.yml conform motd to 80x24 2023-04-22 01:24:19 -07:00
local-ansible.cfg init 2022-02-26 20:19:20 -07:00
README.md Update readme, use "all" for awx 2023-08-13 23:25:05 -07:00
role-rocky-bootstrap_staging.yml Use FQCN 2022-03-27 22:01:23 -07:00
role-rocky-graylog.yml Use FQCN 2022-03-27 22:01:23 -07:00
role-rocky-kojid-staging.yml FQCN and simple builder 2023-08-18 14:23:40 -07:00
role-rocky-kojid.yml FQCN and simple builder 2023-08-18 14:23:40 -07:00
role-rocky-kojihub-staging.yml FQCN and simple builder 2023-08-18 14:23:40 -07:00
role-rocky-kojihub.yml FQCN and simple builder 2023-08-18 14:23:40 -07:00
role-rocky-mirrormanager.yml Use FQCN 2022-03-27 22:01:23 -07:00
role-rocky-monitoring.yml Use FQCN 2022-03-27 22:01:23 -07:00
role-rocky-mqtt.yml use crb handlers 2023-04-22 00:57:00 -07:00
role-rocky-node_exporter.yml Use FQCN 2022-03-27 22:01:23 -07:00
role-rocky-pinnwand.yml Use FQCN 2022-03-27 22:01:23 -07:00
role-rocky-rabbitmq.yml Update readme, use "all" for awx 2023-08-13 23:25:05 -07:00
role-rocky-repopool.yml Update readme, use "all" for awx 2023-08-13 23:25:05 -07:00

Ansible AWX Template: Ops Management

Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacement for using the CLI. This template is used specifically for management of systems and infrastructure and takes bits and pieces from the original infrastructure git repository on GitHub.

This repository may include duplicate playbooks from other ansible management repositories. Some pieces may also be removed and put into their own repository.

Notes on local runs and playbooks for local development systems

There are some playbooks that are meant to be ran locally. There are also cases where AWX is not feasible. To run said playbooks, these are things to keep in mind:

  • local-ansible.cfg will need to be used
  • init-rocky-ansible-host.yml will need to be ran using that configuration file (if there are roles/collections needed)
  • It is highly recommended that you change all host: all to host: '{{ host }}' as you may want more control.

Notes on system deployment

When provisioning a system, the minimum order of playbooks to run are:

  • ansible-ipa-management/role-rocky-ipa-client.yml
  • ansible-ops-management/init-rocky-system-config.yml

The first ensures the system is enrolled with the IPA domain. The second ensures the basic minimum system configuration is completed, such as basic hardening, auditd rules, PAM, and others.

Provides / Information

This repository is for Infrastructure operations.

.
├── adhoc-facts-refresh.yml
├── adhoc-rabbitmqqueue.yml
├── adhoc-rabbitmquser.yml
├── collections
│   ├── README.md
│   └── requirements.yml
├── defaults
│   └── main.yml
├── files
│   ├── etc
│   │   ├── authselect
│   │   │   └── custom
│   │   │       └── sssd-rocky
│   │   │           ├── CentOS-8-system-auth -> RedHat-8-system-auth
│   │   │           ├── RedHat-8-system-auth
│   │   │           ├── RedHat-9-nsswitch.conf
│   │   │           ├── RedHat-9-system-auth
│   │   │           ├── Rocky-8-system-auth -> RedHat-8-system-auth
│   │   │           ├── Rocky-9-nsswitch.conf -> RedHat-9-nsswitch.conf
│   │   │           └── Rocky-9-system-auth -> RedHat-9-system-auth
│   │   ├── dynmotd
│   │   ├── motd
│   │   ├── pam.d
│   │   │   ├── CentOS-7-system-auth-ac -> RedHat-7-system-auth-ac
│   │   │   └── RedHat-7-system-auth-ac
│   │   ├── rockybanner
│   │   ├── sudoers.d
│   │   │   └── cis
│   │   └── systemd
│   │       └── system
│   │           └── noggin.service
│   ├── home
│   │   └── ansible
│   ├── README.md
│   ├── root
│   │   └── 9-tmux.conf
│   ├── tmp
│   ├── usr
│   │   └── local
│   │       └── bin
│   │           ├── dmidecode-pretty
│   │           └── lock-wrapper
│   └── var
│       └── www
│           └── mantisbt
│               └── signup_page.php
├── handlers
│   └── main.yml
├── init-rocky-account-services.yml
├── init-rocky-ansible-host.yml
├── init-rocky-bugzilla.yml
├── init-rocky-chrony.yml
├── init-rocky-install-kvm-hosts.yml
├── init-rocky-koji-ecosystem.yml
├── init-rocky-mantisbt.yml
├── init-rocky-noggin-theme.yml
├── init-rocky-noggin.yml
├── init-rocky-openqa-developer-host.yml
├── init-rocky-postfix-relay.yml
├── init-rocky-repo-servers.yml
├── init-rocky-session-recording.yml
├── init-rocky-system-config.yml
├── local-ansible.cfg
├── README.md
├── role-rocky-bootstrap_staging.yml
├── role-rocky-graylog.yml
├── role-rocky-kojid-staging.yml
├── role-rocky-kojid.yml
├── role-rocky-kojihub-staging.yml
├── role-rocky-kojihub.yml
├── role-rocky-mirrormanager.yml
├── role-rocky-monitoring.yml
├── role-rocky-mqtt.yml
├── role-rocky-node_exporter.yml
├── role-rocky-pinnwand.yml
├── role-rocky-rabbitmq.yml
├── role-rocky-repopool.yml
├── roles
│   ├── README.md
│   └── requirements.yml
├── tasks
│   ├── account_services.yml
│   ├── auditd.yml
│   ├── authentication.yml
│   ├── banners.yml
│   ├── bugzilla_install.yml
│   ├── bugzilla.yml
│   ├── chrony.yml
│   ├── efs_mount.yml
│   ├── grub.yml
│   ├── harden.yml
│   ├── init-koji.yml
│   ├── koji_efs.yml
│   ├── main.yml
│   ├── mantis
│   │   ├── mantispatch.yml
│   │   └── mantis.yml
│   ├── mirrormanager.yml
│   ├── noggin.yml
│   ├── openqa.yml
│   ├── postfix_relay.yml
│   ├── rabbitmq
│   │   ├── rabbitmq.yml
│   │   ├── topics.yml
│   │   ├── users.yml
│   │   └── vhost.yml
│   ├── repository.yml
│   ├── rsyncd.yml
│   ├── scripts.yml
│   ├── skel.yml
│   ├── srpmproc.yml
│   ├── ssh_config.yml
│   ├── tlog.yml
│   └── variable_loader_common.yml
├── templates
│   ├── etc
│   │   ├── audit
│   │   │   └── rules.d
│   │   │       └── collection.rules.j2
│   │   ├── chrony.conf.j2
│   │   ├── httpd
│   │   │   └── conf.d
│   │   │       ├── bugzilla.conf.j2
│   │   │       └── mantis.conf.j2
│   │   ├── modprobe.d
│   │   │   └── cis.conf.j2
│   │   ├── postfix
│   │   │   └── sasl_passwd.j2
│   │   ├── rabbitmq
│   │   │   ├── rabbitmq.conf.j2
│   │   │   └── rabbitmq-env.conf.j2
│   │   ├── resolv.conf.j2
│   │   ├── rsyncd.conf.j2
│   │   ├── rsyncd-motd
│   │   ├── rsyslog.d
│   │   ├── ssh
│   │   │   ├── CentOS-8-sshd_config.j2 -> RedHat-8-sshd_config.j2
│   │   │   ├── CentOS-9-sshd_config.j2 -> RedHat-9-sshd_config.j2
│   │   │   ├── RedHat-8-sshd_config.j2
│   │   │   ├── RedHat-9-60-infra.conf.j2
│   │   │   ├── RedHat-9-sshd_config.j2
│   │   │   ├── Rocky-8-sshd_config.j2 -> RedHat-8-sshd_config.j2
│   │   │   ├── Rocky-9-60-infra.conf.j2 -> RedHat-9-60-infra.conf.j2
│   │   │   └── Rocky-9-sshd_config.j2 -> RedHat-9-sshd_config.j2
│   │   ├── sssd
│   │   │   └── conf.d
│   │   │       └── session-recording.conf
│   │   └── tlog
│   │       └── tlog-rec-session.conf
│   ├── opt
│   │   └── mirrormanager
│   │       └── mirrormanager2.cfg.j2
│   ├── README.md
│   ├── tmp
│   │   └── mantis_import.sql.j2
│   └── var
│       └── www
│           ├── bugzilla
│           │   ├── answer
│           │   └── localconfig.j2
│           └── mantis
│               └── config
│                   ├── config_inc.php.j2
│                   ├── custom_constants_inc.php.j2
│                   └── custom_strings_inc.php.j2
├── tests
│   ├── inventory
│   ├── README.md
│   └── test.yml
└── vars
    ├── bugzilla.yml
    ├── CentOS.yml -> RedHat.yml
    ├── common.yml
    ├── ipaserver.yml
    ├── main.yml
    ├── mantis.yml
    ├── mirrormanager.yml
    ├── mounts
    │   ├── bootstrap_staging.yml
    │   ├── mirrormanager.yml
    │   ├── repopool.yml
    │   └── srpmproc.yml
    ├── mqtt.yml
    ├── openqa.yml
    ├── pinnwand.yml
    ├── production
    │   ├── koji-common.yml
    │   ├── kojid.yml
    │   └── kojihub.yml
    ├── rabbitmq_topics.yml
    ├── rabbitmq_users.yml
    ├── rabbitmq_vhost.yml
    ├── rabbitmq.yml
    ├── RedHat.yml
    ├── Rocky.yml -> RedHat.yml
    ├── rsync.yml
    └── staging
        ├── koji-common.yml
        ├── kojid.yml
        └── kojihub.yml