From 54aae004f0066a2c184400966c163399b3d72faa Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 24 Jan 2021 12:07:32 -0700 Subject: [PATCH 1/7] spelling fix --- ansible/playbooks/init-rocky-account-services.yml | 2 +- ansible/playbooks/init-rocky-bugzilla.yml | 2 +- ansible/playbooks/init-rocky-builder-postfix.yml | 2 +- ansible/playbooks/init-rocky-noggin-theme.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/playbooks/init-rocky-account-services.yml b/ansible/playbooks/init-rocky-account-services.yml index a5da739..312a4f7 100644 --- a/ansible/playbooks/init-rocky-account-services.yml +++ b/ansible/playbooks/init-rocky-account-services.yml @@ -4,7 +4,7 @@ hosts: "{{ host }}" become: true - handers: + handlers: - import_tasks: handlers/main.yml pre_tasks: diff --git a/ansible/playbooks/init-rocky-bugzilla.yml b/ansible/playbooks/init-rocky-bugzilla.yml index fe16092..dae4b5a 100644 --- a/ansible/playbooks/init-rocky-bugzilla.yml +++ b/ansible/playbooks/init-rocky-bugzilla.yml @@ -4,7 +4,7 @@ hosts: "{{ host }}" become: true - handers: + handlers: - import_tasks: handlers/main.yml pre_tasks: diff --git a/ansible/playbooks/init-rocky-builder-postfix.yml b/ansible/playbooks/init-rocky-builder-postfix.yml index 02157bb..97bf800 100644 --- a/ansible/playbooks/init-rocky-builder-postfix.yml +++ b/ansible/playbooks/init-rocky-builder-postfix.yml @@ -6,7 +6,7 @@ vars_files: - vars/buildsys.yml - handers: + handlers: - import_tasks: handlers/main.yml pre_tasks: diff --git a/ansible/playbooks/init-rocky-noggin-theme.yml b/ansible/playbooks/init-rocky-noggin-theme.yml index 2ae8d34..7d80e0f 100644 --- a/ansible/playbooks/init-rocky-noggin-theme.yml +++ b/ansible/playbooks/init-rocky-noggin-theme.yml @@ -4,7 +4,7 @@ hosts: "idp" become: true - handers: + handlers: - import_tasks: handlers/main.yml pre_tasks: From 7c35cfe2268f83a4ec8a554fc49457a132d4d26f Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 24 Jan 2021 12:15:04 -0700 Subject: [PATCH 2/7] restarted --- ansible/playbooks/tasks/postfix_relay.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/tasks/postfix_relay.yml b/ansible/playbooks/tasks/postfix_relay.yml index 7cc58cf..ba984a5 100644 --- a/ansible/playbooks/tasks/postfix_relay.yml +++ b/ansible/playbooks/tasks/postfix_relay.yml @@ -33,5 +33,5 @@ - name: Ensure postfix is running and enabled service: name: postfix - state: running + state: restarted enabled: true From 9a194464edf80c1df799400a5eba0859a8d182c9 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 24 Jan 2021 12:55:38 -0700 Subject: [PATCH 3/7] fixing omits --- ansible/playbooks/adhoc-ipagetcert.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ansible/playbooks/adhoc-ipagetcert.yml b/ansible/playbooks/adhoc-ipagetcert.yml index af4f63d..1a919c0 100644 --- a/ansible/playbooks/adhoc-ipagetcert.yml +++ b/ansible/playbooks/adhoc-ipagetcert.yml @@ -17,14 +17,14 @@ vars: ipa_getcert_requested_hostnames: - name: "{{ getcert_name|default(ansible_fqdn) }}" - owner: "{{ getcert_owner|default(omit) }}" - key_location: "{{ getcert_key|default(omit) }}" - cert_location: "{{ getcert_cert|default(omit) }}" - nss_db_dir: "{{ getcert_nss_db_dir|default(omit) }}" + owner: "{{ getcert_owner|default('root') }}" + key_location: "{{ getcert_key|default('/etc/pki/tls/private/newcert.key') }}" + cert_location: "{{ getcert_cert|default('/etc/pki/tls/certs/newcert.crt') }}" + nss_db_dir: "{{ getcert_nss_db_dir|default('/etc/pki/tls/db') }}" nss_nickname: "{{ getcert_nss_nickname|default(ansible_fqdn) }}" - postcmd: "{{ getcert_postcmd|default(omit) }}" - ipa_getcert_chain: "{{ getcert_chain|default(omit) }}" - ipa_getcert_chain_location: "{{ getcert_chain_location|default(omit) }}" + postcmd: "{{ getcert_postcmd|default(false) }}" + ipa_getcert_chain: "{{ getcert_chain|default(false) }}" + ipa_getcert_chain_location: "{{ getcert_chain_location|default('/etc/pki/tls/chain') }}" ipa_getcert_nss: "{{ getcert_nss|default(false) }}" roles: From b0a8a91d88cf5ea1eeecb57973ffa4cab54fabf2 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 24 Jan 2021 16:00:57 -0700 Subject: [PATCH 4/7] efs --- ansible/playbooks/role-rocky-kojid.yml | 7 +++++-- ansible/playbooks/tasks/koji_efs.yml | 21 +++++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 ansible/playbooks/tasks/koji_efs.yml diff --git a/ansible/playbooks/role-rocky-kojid.yml b/ansible/playbooks/role-rocky-kojid.yml index fc03071..ae59a2a 100644 --- a/ansible/playbooks/role-rocky-kojid.yml +++ b/ansible/playbooks/role-rocky-kojid.yml @@ -28,13 +28,13 @@ - name: Check for keytabs - kojid stat: path: /etc/kojid.keytab - register: kojid_keytab + register: kojid_keytab_check changed_when: "1 != 1" - name: Verify keytab assert: that: - - "kojid_keytab.stat.exists" + - "kojid_keytab_check.stat.exists" success_msg: "It is likely we have all keytabs" fail_msg: "There are no keytabs. Please build the keytabs." @@ -77,6 +77,9 @@ state: present post_tasks: + - name: "Setup shared filesystem mount" + import_tasks: tasks/koji_efs.yml + - name: Touching run file that ansible has ran here file: path: /var/log/ansible.run diff --git a/ansible/playbooks/tasks/koji_efs.yml b/ansible/playbooks/tasks/koji_efs.yml new file mode 100644 index 0000000..007d44a --- /dev/null +++ b/ansible/playbooks/tasks/koji_efs.yml @@ -0,0 +1,21 @@ +--- +# Sets up the EFS mount for /mnt/koji {{ koji_efs_mount_path }} +# Requires amazon-efs-utils; included +# +- name: Installing amazon-efs-utils + yum: + name: amazon-efs-utils + state: present + tags: + - amazon_efs_utils + - packages + +- name: "Creating and mounting {{ koji_efs_fsid }} at {{ koji_efs_mount_path }}" + ansible.posix.mount: + path: "{{ koji_efs_mount_path }}" + src: "{{ koji_efs_fsid }}:/" + fstype: "{{ koji_efs_fs_type }}" + opts: "{{ koji_efs_fs_opts | join(',') }}" + state: "{{ koji_efs_fs_state | default('mounted') }}" + tags: + - mounts From 7b024538f2bb491f5efefd04b5322313c9c4692e Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 24 Jan 2021 16:30:46 -0700 Subject: [PATCH 5/7] efs --- ansible/playbooks/role-rocky-kojid.yml | 1 + ansible/playbooks/role-rocky-kojihub.yml | 4 ++++ ansible/playbooks/vars/koji-common.yml | 8 ++++++++ 3 files changed, 13 insertions(+) create mode 100644 ansible/playbooks/vars/koji-common.yml diff --git a/ansible/playbooks/role-rocky-kojid.yml b/ansible/playbooks/role-rocky-kojid.yml index ae59a2a..d69ea2f 100644 --- a/ansible/playbooks/role-rocky-kojid.yml +++ b/ansible/playbooks/role-rocky-kojid.yml @@ -7,6 +7,7 @@ - vars/vaults/encpass.yml - vars/common.yml - vars/kojid.yml + - vars/koji-common.yml # This is to try to avoid the handler issue in pre/post tasks handlers: diff --git a/ansible/playbooks/role-rocky-kojihub.yml b/ansible/playbooks/role-rocky-kojihub.yml index e1c0b88..dd3d8a3 100644 --- a/ansible/playbooks/role-rocky-kojihub.yml +++ b/ansible/playbooks/role-rocky-kojihub.yml @@ -7,6 +7,7 @@ - vars/vaults/encpass.yml - vars/common.yml - vars/kojihub.yml + - vars/koji-common.yml # This is to try to avoid the handler issue in pre/post tasks handlers: @@ -110,6 +111,9 @@ state: present post_tasks: + - name: "Setup shared filesystem mount" + import_tasks: tasks/koji_efs.yml + - name: Touching run file that ansible has ran here file: path: /var/log/ansible.run diff --git a/ansible/playbooks/vars/koji-common.yml b/ansible/playbooks/vars/koji-common.yml new file mode 100644 index 0000000..67f942d --- /dev/null +++ b/ansible/playbooks/vars/koji-common.yml @@ -0,0 +1,8 @@ +--- +# Koji common +koji_efs_mount_path: /mnt/koji +koji_efs_fsid: whatever.amazonaws.com +koji_efs_fs_type: efs +koji_efs_fs_opts: + - tls + - iam From 7e8faaa3954ef5dc746b445258e779bad29f1dad Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 24 Jan 2021 17:59:02 -0700 Subject: [PATCH 6/7] add aws collection --- ansible/roles/requirements.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index 46b4cdf..1400d44 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -38,3 +38,4 @@ collections: - name: ansible.posix - name: ktdreyer.koji_ansible - name: netbox.netbox + - name: community.aws From 09e83ccd420a676b94d252560eaace6703b8cf61 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Wed, 27 Jan 2021 01:31:17 -0700 Subject: [PATCH 7/7] update readme --- ansible/README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/ansible/README.md b/ansible/README.md index 6b111ce..b7020b5 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -167,3 +167,23 @@ When initializing the ansible host, you should be in `./infrastructure/ansible` % cd infrastructure/ansible % ansible-playbook playbooks/init-rocky-ansible-host.yml ``` + +## Initializing the environment + +To get a base environment, you will need to run the playbooks in this order. + +``` +# Ansible host +init-rocky-ansible-host.yml +# First IPA server +role-rocky-ipa.yml +# Replicas +role-rocky-ipa-replica.yml +# Base users, groups, and DNS +init-rocky-ipa-team.yml +init-rocky-ipa-internal-dns.yml +# All clients should be listed under [ipaclients] +role-rocky-ipa-client.yml +# All systems should be hardened +init-rocky-system-config.yml +```