mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-12-22 10:58:29 +00:00
commit
0fcdda7c24
@ -167,3 +167,23 @@ When initializing the ansible host, you should be in `./infrastructure/ansible`
|
||||
% cd infrastructure/ansible
|
||||
% ansible-playbook playbooks/init-rocky-ansible-host.yml
|
||||
```
|
||||
|
||||
## Initializing the environment
|
||||
|
||||
To get a base environment, you will need to run the playbooks in this order.
|
||||
|
||||
```
|
||||
# Ansible host
|
||||
init-rocky-ansible-host.yml
|
||||
# First IPA server
|
||||
role-rocky-ipa.yml
|
||||
# Replicas
|
||||
role-rocky-ipa-replica.yml
|
||||
# Base users, groups, and DNS
|
||||
init-rocky-ipa-team.yml
|
||||
init-rocky-ipa-internal-dns.yml
|
||||
# All clients should be listed under [ipaclients]
|
||||
role-rocky-ipa-client.yml
|
||||
# All systems should be hardened
|
||||
init-rocky-system-config.yml
|
||||
```
|
||||
|
@ -17,14 +17,14 @@
|
||||
vars:
|
||||
ipa_getcert_requested_hostnames:
|
||||
- name: "{{ getcert_name|default(ansible_fqdn) }}"
|
||||
owner: "{{ getcert_owner|default(omit) }}"
|
||||
key_location: "{{ getcert_key|default(omit) }}"
|
||||
cert_location: "{{ getcert_cert|default(omit) }}"
|
||||
nss_db_dir: "{{ getcert_nss_db_dir|default(omit) }}"
|
||||
owner: "{{ getcert_owner|default('root') }}"
|
||||
key_location: "{{ getcert_key|default('/etc/pki/tls/private/newcert.key') }}"
|
||||
cert_location: "{{ getcert_cert|default('/etc/pki/tls/certs/newcert.crt') }}"
|
||||
nss_db_dir: "{{ getcert_nss_db_dir|default('/etc/pki/tls/db') }}"
|
||||
nss_nickname: "{{ getcert_nss_nickname|default(ansible_fqdn) }}"
|
||||
postcmd: "{{ getcert_postcmd|default(omit) }}"
|
||||
ipa_getcert_chain: "{{ getcert_chain|default(omit) }}"
|
||||
ipa_getcert_chain_location: "{{ getcert_chain_location|default(omit) }}"
|
||||
postcmd: "{{ getcert_postcmd|default(false) }}"
|
||||
ipa_getcert_chain: "{{ getcert_chain|default(false) }}"
|
||||
ipa_getcert_chain_location: "{{ getcert_chain_location|default('/etc/pki/tls/chain') }}"
|
||||
ipa_getcert_nss: "{{ getcert_nss|default(false) }}"
|
||||
|
||||
roles:
|
||||
|
@ -4,7 +4,7 @@
|
||||
hosts: "{{ host }}"
|
||||
become: true
|
||||
|
||||
handers:
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
|
@ -4,7 +4,7 @@
|
||||
hosts: "{{ host }}"
|
||||
become: true
|
||||
|
||||
handers:
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
|
@ -6,7 +6,7 @@
|
||||
vars_files:
|
||||
- vars/buildsys.yml
|
||||
|
||||
handers:
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
|
@ -4,7 +4,7 @@
|
||||
hosts: "idp"
|
||||
become: true
|
||||
|
||||
handers:
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
|
@ -7,6 +7,7 @@
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/common.yml
|
||||
- vars/kojid.yml
|
||||
- vars/koji-common.yml
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
handlers:
|
||||
@ -28,13 +29,13 @@
|
||||
- name: Check for keytabs - kojid
|
||||
stat:
|
||||
path: /etc/kojid.keytab
|
||||
register: kojid_keytab
|
||||
register: kojid_keytab_check
|
||||
changed_when: "1 != 1"
|
||||
|
||||
- name: Verify keytab
|
||||
assert:
|
||||
that:
|
||||
- "kojid_keytab.stat.exists"
|
||||
- "kojid_keytab_check.stat.exists"
|
||||
success_msg: "It is likely we have all keytabs"
|
||||
fail_msg: "There are no keytabs. Please build the keytabs."
|
||||
|
||||
@ -77,6 +78,9 @@
|
||||
state: present
|
||||
|
||||
post_tasks:
|
||||
- name: "Setup shared filesystem mount"
|
||||
import_tasks: tasks/koji_efs.yml
|
||||
|
||||
- name: Touching run file that ansible has ran here
|
||||
file:
|
||||
path: /var/log/ansible.run
|
||||
|
@ -7,6 +7,7 @@
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/common.yml
|
||||
- vars/kojihub.yml
|
||||
- vars/koji-common.yml
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
handlers:
|
||||
@ -110,6 +111,9 @@
|
||||
state: present
|
||||
|
||||
post_tasks:
|
||||
- name: "Setup shared filesystem mount"
|
||||
import_tasks: tasks/koji_efs.yml
|
||||
|
||||
- name: Touching run file that ansible has ran here
|
||||
file:
|
||||
path: /var/log/ansible.run
|
||||
|
21
ansible/playbooks/tasks/koji_efs.yml
Normal file
21
ansible/playbooks/tasks/koji_efs.yml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
# Sets up the EFS mount for /mnt/koji {{ koji_efs_mount_path }}
|
||||
# Requires amazon-efs-utils; included
|
||||
#
|
||||
- name: Installing amazon-efs-utils
|
||||
yum:
|
||||
name: amazon-efs-utils
|
||||
state: present
|
||||
tags:
|
||||
- amazon_efs_utils
|
||||
- packages
|
||||
|
||||
- name: "Creating and mounting {{ koji_efs_fsid }} at {{ koji_efs_mount_path }}"
|
||||
ansible.posix.mount:
|
||||
path: "{{ koji_efs_mount_path }}"
|
||||
src: "{{ koji_efs_fsid }}:/"
|
||||
fstype: "{{ koji_efs_fs_type }}"
|
||||
opts: "{{ koji_efs_fs_opts | join(',') }}"
|
||||
state: "{{ koji_efs_fs_state | default('mounted') }}"
|
||||
tags:
|
||||
- mounts
|
@ -33,5 +33,5 @@
|
||||
- name: Ensure postfix is running and enabled
|
||||
service:
|
||||
name: postfix
|
||||
state: running
|
||||
state: restarted
|
||||
enabled: true
|
||||
|
8
ansible/playbooks/vars/koji-common.yml
Normal file
8
ansible/playbooks/vars/koji-common.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
# Koji common
|
||||
koji_efs_mount_path: /mnt/koji
|
||||
koji_efs_fsid: whatever.amazonaws.com
|
||||
koji_efs_fs_type: efs
|
||||
koji_efs_fs_opts:
|
||||
- tls
|
||||
- iam
|
@ -38,3 +38,4 @@ collections:
|
||||
- name: ansible.posix
|
||||
- name: ktdreyer.koji_ansible
|
||||
- name: netbox.netbox
|
||||
- name: community.aws
|
||||
|
Loading…
Reference in New Issue
Block a user