mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-29 08:26:28 +00:00
commit
0fcdda7c24
@ -167,3 +167,23 @@ When initializing the ansible host, you should be in `./infrastructure/ansible`
|
|||||||
% cd infrastructure/ansible
|
% cd infrastructure/ansible
|
||||||
% ansible-playbook playbooks/init-rocky-ansible-host.yml
|
% ansible-playbook playbooks/init-rocky-ansible-host.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Initializing the environment
|
||||||
|
|
||||||
|
To get a base environment, you will need to run the playbooks in this order.
|
||||||
|
|
||||||
|
```
|
||||||
|
# Ansible host
|
||||||
|
init-rocky-ansible-host.yml
|
||||||
|
# First IPA server
|
||||||
|
role-rocky-ipa.yml
|
||||||
|
# Replicas
|
||||||
|
role-rocky-ipa-replica.yml
|
||||||
|
# Base users, groups, and DNS
|
||||||
|
init-rocky-ipa-team.yml
|
||||||
|
init-rocky-ipa-internal-dns.yml
|
||||||
|
# All clients should be listed under [ipaclients]
|
||||||
|
role-rocky-ipa-client.yml
|
||||||
|
# All systems should be hardened
|
||||||
|
init-rocky-system-config.yml
|
||||||
|
```
|
||||||
|
@ -17,14 +17,14 @@
|
|||||||
vars:
|
vars:
|
||||||
ipa_getcert_requested_hostnames:
|
ipa_getcert_requested_hostnames:
|
||||||
- name: "{{ getcert_name|default(ansible_fqdn) }}"
|
- name: "{{ getcert_name|default(ansible_fqdn) }}"
|
||||||
owner: "{{ getcert_owner|default(omit) }}"
|
owner: "{{ getcert_owner|default('root') }}"
|
||||||
key_location: "{{ getcert_key|default(omit) }}"
|
key_location: "{{ getcert_key|default('/etc/pki/tls/private/newcert.key') }}"
|
||||||
cert_location: "{{ getcert_cert|default(omit) }}"
|
cert_location: "{{ getcert_cert|default('/etc/pki/tls/certs/newcert.crt') }}"
|
||||||
nss_db_dir: "{{ getcert_nss_db_dir|default(omit) }}"
|
nss_db_dir: "{{ getcert_nss_db_dir|default('/etc/pki/tls/db') }}"
|
||||||
nss_nickname: "{{ getcert_nss_nickname|default(ansible_fqdn) }}"
|
nss_nickname: "{{ getcert_nss_nickname|default(ansible_fqdn) }}"
|
||||||
postcmd: "{{ getcert_postcmd|default(omit) }}"
|
postcmd: "{{ getcert_postcmd|default(false) }}"
|
||||||
ipa_getcert_chain: "{{ getcert_chain|default(omit) }}"
|
ipa_getcert_chain: "{{ getcert_chain|default(false) }}"
|
||||||
ipa_getcert_chain_location: "{{ getcert_chain_location|default(omit) }}"
|
ipa_getcert_chain_location: "{{ getcert_chain_location|default('/etc/pki/tls/chain') }}"
|
||||||
ipa_getcert_nss: "{{ getcert_nss|default(false) }}"
|
ipa_getcert_nss: "{{ getcert_nss|default(false) }}"
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
hosts: "{{ host }}"
|
hosts: "{{ host }}"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
handers:
|
handlers:
|
||||||
- import_tasks: handlers/main.yml
|
- import_tasks: handlers/main.yml
|
||||||
|
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
hosts: "{{ host }}"
|
hosts: "{{ host }}"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
handers:
|
handlers:
|
||||||
- import_tasks: handlers/main.yml
|
- import_tasks: handlers/main.yml
|
||||||
|
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
vars_files:
|
vars_files:
|
||||||
- vars/buildsys.yml
|
- vars/buildsys.yml
|
||||||
|
|
||||||
handers:
|
handlers:
|
||||||
- import_tasks: handlers/main.yml
|
- import_tasks: handlers/main.yml
|
||||||
|
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
hosts: "idp"
|
hosts: "idp"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
handers:
|
handlers:
|
||||||
- import_tasks: handlers/main.yml
|
- import_tasks: handlers/main.yml
|
||||||
|
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
|
@ -7,6 +7,7 @@
|
|||||||
- vars/vaults/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
- vars/common.yml
|
- vars/common.yml
|
||||||
- vars/kojid.yml
|
- vars/kojid.yml
|
||||||
|
- vars/koji-common.yml
|
||||||
|
|
||||||
# This is to try to avoid the handler issue in pre/post tasks
|
# This is to try to avoid the handler issue in pre/post tasks
|
||||||
handlers:
|
handlers:
|
||||||
@ -28,13 +29,13 @@
|
|||||||
- name: Check for keytabs - kojid
|
- name: Check for keytabs - kojid
|
||||||
stat:
|
stat:
|
||||||
path: /etc/kojid.keytab
|
path: /etc/kojid.keytab
|
||||||
register: kojid_keytab
|
register: kojid_keytab_check
|
||||||
changed_when: "1 != 1"
|
changed_when: "1 != 1"
|
||||||
|
|
||||||
- name: Verify keytab
|
- name: Verify keytab
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- "kojid_keytab.stat.exists"
|
- "kojid_keytab_check.stat.exists"
|
||||||
success_msg: "It is likely we have all keytabs"
|
success_msg: "It is likely we have all keytabs"
|
||||||
fail_msg: "There are no keytabs. Please build the keytabs."
|
fail_msg: "There are no keytabs. Please build the keytabs."
|
||||||
|
|
||||||
@ -77,6 +78,9 @@
|
|||||||
state: present
|
state: present
|
||||||
|
|
||||||
post_tasks:
|
post_tasks:
|
||||||
|
- name: "Setup shared filesystem mount"
|
||||||
|
import_tasks: tasks/koji_efs.yml
|
||||||
|
|
||||||
- name: Touching run file that ansible has ran here
|
- name: Touching run file that ansible has ran here
|
||||||
file:
|
file:
|
||||||
path: /var/log/ansible.run
|
path: /var/log/ansible.run
|
||||||
|
@ -7,6 +7,7 @@
|
|||||||
- vars/vaults/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
- vars/common.yml
|
- vars/common.yml
|
||||||
- vars/kojihub.yml
|
- vars/kojihub.yml
|
||||||
|
- vars/koji-common.yml
|
||||||
|
|
||||||
# This is to try to avoid the handler issue in pre/post tasks
|
# This is to try to avoid the handler issue in pre/post tasks
|
||||||
handlers:
|
handlers:
|
||||||
@ -110,6 +111,9 @@
|
|||||||
state: present
|
state: present
|
||||||
|
|
||||||
post_tasks:
|
post_tasks:
|
||||||
|
- name: "Setup shared filesystem mount"
|
||||||
|
import_tasks: tasks/koji_efs.yml
|
||||||
|
|
||||||
- name: Touching run file that ansible has ran here
|
- name: Touching run file that ansible has ran here
|
||||||
file:
|
file:
|
||||||
path: /var/log/ansible.run
|
path: /var/log/ansible.run
|
||||||
|
21
ansible/playbooks/tasks/koji_efs.yml
Normal file
21
ansible/playbooks/tasks/koji_efs.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
# Sets up the EFS mount for /mnt/koji {{ koji_efs_mount_path }}
|
||||||
|
# Requires amazon-efs-utils; included
|
||||||
|
#
|
||||||
|
- name: Installing amazon-efs-utils
|
||||||
|
yum:
|
||||||
|
name: amazon-efs-utils
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- amazon_efs_utils
|
||||||
|
- packages
|
||||||
|
|
||||||
|
- name: "Creating and mounting {{ koji_efs_fsid }} at {{ koji_efs_mount_path }}"
|
||||||
|
ansible.posix.mount:
|
||||||
|
path: "{{ koji_efs_mount_path }}"
|
||||||
|
src: "{{ koji_efs_fsid }}:/"
|
||||||
|
fstype: "{{ koji_efs_fs_type }}"
|
||||||
|
opts: "{{ koji_efs_fs_opts | join(',') }}"
|
||||||
|
state: "{{ koji_efs_fs_state | default('mounted') }}"
|
||||||
|
tags:
|
||||||
|
- mounts
|
@ -33,5 +33,5 @@
|
|||||||
- name: Ensure postfix is running and enabled
|
- name: Ensure postfix is running and enabled
|
||||||
service:
|
service:
|
||||||
name: postfix
|
name: postfix
|
||||||
state: running
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
|
8
ansible/playbooks/vars/koji-common.yml
Normal file
8
ansible/playbooks/vars/koji-common.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
# Koji common
|
||||||
|
koji_efs_mount_path: /mnt/koji
|
||||||
|
koji_efs_fsid: whatever.amazonaws.com
|
||||||
|
koji_efs_fs_type: efs
|
||||||
|
koji_efs_fs_opts:
|
||||||
|
- tls
|
||||||
|
- iam
|
@ -38,3 +38,4 @@ collections:
|
|||||||
- name: ansible.posix
|
- name: ansible.posix
|
||||||
- name: ktdreyer.koji_ansible
|
- name: ktdreyer.koji_ansible
|
||||||
- name: netbox.netbox
|
- name: netbox.netbox
|
||||||
|
- name: community.aws
|
||||||
|
Loading…
Reference in New Issue
Block a user