diff --git a/ansible/inventories/production/group_vars/ipareplicas/main.yml b/ansible/inventories/production/group_vars/ipareplicas/main.yml index d04be2b..101e54e 100644 --- a/ansible/inventories/production/group_vars/ipareplicas/main.yml +++ b/ansible/inventories/production/group_vars/ipareplicas/main.yml @@ -1,7 +1,6 @@ --- ipaadmin_principal: admin -ipaclient_no_ntp: true ipaclient_mkhomedir: true ipaserver_realm: ROCKYLINUX.ORG ipaserver_hostname: ipa002.rockylinux.org diff --git a/ansible/inventories/production/hosts.ini b/ansible/inventories/production/hosts.ini index c3ca97a..d55c4db 100644 --- a/ansible/inventories/production/hosts.ini +++ b/ansible/inventories/production/hosts.ini @@ -16,6 +16,7 @@ ipa001.rockylinux.org ansible_host=10.100.1.110 [ipareplicas] ipa002.rockylinux.org ansible_host=10.100.1.111 +ipa003.rockylinux.org ansible_host=10.100.1.112 [ipaclients] build-a-box.rockylinux.org ansible_host=10.100.1.112 @@ -60,3 +61,8 @@ ppc64le-03.boxbuild.rockylinux.org ansible_host=10.100.1.212 [mqtt] mqtt.boxbuild.rockylinux.org ansible_host=10.100.1.213 + +[rabbitmq] +rabbitmq01.rockylinux.org ansible_host=10.100.1.214 +rabbitmq02.rockylinux.org ansible_host=10.100.1.215 +rabbitmq03.rockylinux.org ansible_host=10.100.1.216 diff --git a/ansible/playbooks/init-rocky-ipa-internal-dns.yml b/ansible/playbooks/init-rocky-ipa-internal-dns.yml index 7720216..8772ba4 100644 --- a/ansible/playbooks/init-rocky-ipa-internal-dns.yml +++ b/ansible/playbooks/init-rocky-ipa-internal-dns.yml @@ -21,10 +21,12 @@ freeipa.ansible_freeipa.ipadnszone: ipaadmin_password: '{{ ipaadmin_password }}' name: '{{ item }}' + dynamic_update: true with_items: '{{ rdns }}' - name: "Create Forward Domains" freeipa.ansible_freeipa.ipadnszone: ipaadmin_password: '{{ ipaadmin_password }}' name: '{{ item }}' + dynamic_update: true with_items: '{{ fdns }}' diff --git a/ansible/playbooks/role-rocky-ipa-replica.yml b/ansible/playbooks/role-rocky-ipa-replica.yml index 3aebeff..c8c208b 100644 --- a/ansible/playbooks/role-rocky-ipa-replica.yml +++ b/ansible/playbooks/role-rocky-ipa-replica.yml @@ -6,7 +6,6 @@ become: true vars_files: - vars/vaults/encpass.yml - - vars/ipa/ipareplica.yml # This is to try to avoid the handler issue in pre/post tasks handlers: diff --git a/ansible/playbooks/role-rocky-ipa.yml b/ansible/playbooks/role-rocky-ipa.yml index f361b8a..0283c05 100644 --- a/ansible/playbooks/role-rocky-ipa.yml +++ b/ansible/playbooks/role-rocky-ipa.yml @@ -11,7 +11,6 @@ become: true vars_files: - vars/vaults/encpass.yml - - vars/ipa/ipaserver.yml # This is to try to avoid the handler issue in pre/post tasks handlers: diff --git a/ansible/playbooks/vars/ipa/adminusers.yml b/ansible/playbooks/vars/ipa/adminusers.yml index 220a50b..4a15dec 100644 --- a/ansible/playbooks/vars/ipa/adminusers.yml +++ b/ansible/playbooks/vars/ipa/adminusers.yml @@ -3,70 +3,60 @@ adminusers: - name: label2 first: Louis last: Abel - email: label@rockylinux.org password: ThisIsNotMyPassword1! title: Infrastructure IdM Manager loginshell: /bin/bash - name: gmk2 first: Gregory last: Kurtzer - email: gmk@rockylinux.org password: ThisIsNotMyPassword1! title: Executive Director loginshell: /bin/bash - name: brian2 first: Brian last: Clemens - email: brian@rockylinux.org password: ThisIsNotMyPassword1! title: Project Manager loginshell: /bin/bash - name: hbjy2 first: Hayden last: Young - email: hbjy@rockylinux.org password: ThisIsNotMyPassword1! title: Web & Branding Manager loginshell: /bin/bash - name: jorp2 first: Jordan last: Pisaniello - email: jorp@rockylinux.org password: ThisIsNotMyPassword1! title: Community Manager loginshell: /bin/bash - name: neil2 first: Neil last: Hanlon - email: neil@rockylinux.org password: ThisIsNotMyPassword1! title: Infrastructure Manager loginshell: /bin/bash - name: rlh2 first: R. Leigh last: Hennig - email: rlh@rockylinux.org password: ThisIsNotMyPassword1! title: Operations Manager loginshell: /bin/bash - name: rfelsburg2 first: Rob last: Felsburg - email: rfelsburg@rockylinux.org password: ThisIsNotMyPassword1! title: Operations Manager loginshell: /bin/bash - name: tg2 first: Taylor last: Goodwill - email: tg@rockylinux.org password: ThisIsNotMyPassword1! title: Infrastructure Manager loginshell: /bin/bash - name: bagner2 first: Benjamin last: Agner - email: bagner@rockylinux.org password: ThisIsNotMyPassword1! title: Security Director loginshell: /bin/bash diff --git a/ansible/playbooks/vars/ipa/svcusers.yml b/ansible/playbooks/vars/ipa/svcusers.yml index 7387e92..e19bfaa 100644 --- a/ansible/playbooks/vars/ipa/svcusers.yml +++ b/ansible/playbooks/vars/ipa/svcusers.yml @@ -3,49 +3,42 @@ svcusers: - name: hostman first: Host last: Manager - email: infrastructure@rockylinux.org password: ThisIsNotMyPassword1! title: System Account - Host Manager loginshell: /sbin/nologin - name: kerbman first: Kerberos last: Manager - email: infrastructure@rockylinux.org password: ThisIsNotMyPassword1! title: System Account - Kerberos Key Manager loginshell: /sbin/nologin - name: userman first: User last: Manager - email: infrastructure@rockylinux.org password: ThisIsNotMyPassword1! title: System Account - User Manager loginshell: /sbin/nologin - name: rockykoji first: Koji last: Manager - email: infrastructure@rockylinux.org password: ThisIsNotMyPassword1! title: System Account - Koji Manager loginshell: /sbin/nologin - name: pubsub_federation first: pubsub last: federation - email: infrastructure@rockylinux.org password: ThisIsNotMyPassword1! title: System Account - pubsub federator loginshell: /sbin/nologin - name: rockypubsub first: rocky last: pubsub - email: infrastructure@rockylinux.org password: ThisIsNotMyPassword1! title: System Account - pubsub loginshell: /sbin/nologin - name: rockyautomation first: Rocky last: Automation - email: infrastructure@rockylinux.org password: ThisIsNotMyPassword1! title: System Account - Automation loginshell: /sbin/nologin