diff --git a/ansible/README.md b/ansible/README.md index 9dddd30..dabe5f7 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -91,6 +91,9 @@ At a minimum, there should be `pre_tasks` and `post_tasks` that can judge whethe file: path: /var/log/ansible.run state: touch + mode: '0644' + owner: root + group: root ``` ### Comments diff --git a/ansible/inventory/ipainventory b/ansible/inventory/ipainventory index 86d01fa..e915a91 100644 --- a/ansible/inventory/ipainventory +++ b/ansible/inventory/ipainventory @@ -8,15 +8,15 @@ ipa001.rockylinux.org ansible_host=10.100.1.110 [ipaserver:vars] ipaserver_domain=rockylinux.org ipaserver_realm=ROCKYLINUX.ORG -ipaserver_setup_dns=yes +ipaserver_setup_dns=true ipaserver_setup_kra=true -ipaserver_auto_forwarders=yes +ipaserver_auto_forwarders=true ipaserver_no_host_dns=true ipaserver_hostname=ipa001.rockylinux.org -ipaserver_allow_zone_overlap=yes -ipaserver_setup_firewalld=yes +ipaserver_allow_zone_overlap=true +ipaserver_setup_firewalld=true ipaclient_no_ntp=true -ipaclient_mkhomedir=yes +ipaclient_mkhomedir=true ipaserver_reverse_zones=["1.100.10.in-addr.arpa."] [ipareplicas] @@ -25,17 +25,19 @@ ipa002.rockylinux.org ansible_host=10.100.1.111 [ipareplicas:vars] ipaadmin_principal=admin ipaclient_no_ntp=true -ipaclient_mkhomedir=yes +ipaclient_mkhomedir=true ipaserver_realm=ROCKYLINUX.ORG ipaserver_hostname=ipa002.rockylinux.org ipareplica_domain=rockylinux.org -ipareplica_auto_forwarders=yes -ipareplica_setup_firewalld=yes -ipareplica_setup_ca=yes -ipareplica_setup_kra=yes -ipareplica_setup_dns=yes +ipareplica_auto_forwarders=true +ipareplica_setup_firewalld=true +ipareplica_setup_ca=true +ipareplica_setup_kra=true +ipareplica_setup_dns=true ipa_dns_master=10.100.1.110 +# This is for example purposes - it is likely we'll use "all" instead of +# putting everything under an ipaclient [ipaclients] build-a-box.rockylinux.org ansible_host=10.100.1.112 @@ -43,4 +45,4 @@ build-a-box.rockylinux.org ansible_host=10.100.1.112 ipaclient_domain=rockylinux.org ipaadmin_principal=admin ipaclient_no_ntp=true -ipaclient_mkhomedir=yes +ipaclient_mkhomedir=true diff --git a/ansible/playbooks/init-rocky-install-kvm-hosts.yml b/ansible/playbooks/init-rocky-install-kvm-hosts.yml index 373e802..7df1382 100644 --- a/ansible/playbooks/init-rocky-install-kvm-hosts.yml +++ b/ansible/playbooks/init-rocky-install-kvm-hosts.yml @@ -53,5 +53,5 @@ path: /var/log/ansible.run state: touch mode: '0644' - user: root + owner: root group: root diff --git a/ansible/playbooks/init-rocky-system-config.yml b/ansible/playbooks/init-rocky-system-config.yml index 2675f87..2c01324 100644 --- a/ansible/playbooks/init-rocky-system-config.yml +++ b/ansible/playbooks/init-rocky-system-config.yml @@ -36,5 +36,5 @@ path: /var/log/ansible.run state: touch mode: '0644' - user: root + owner: root group: root diff --git a/ansible/playbooks/requirements.yml b/ansible/playbooks/requirements.yml index add2528..5f44742 100644 --- a/ansible/playbooks/requirements.yml +++ b/ansible/playbooks/requirements.yml @@ -1,2 +1,3 @@ --- - src: freeipa.ansible_freeipa +- src: community.general diff --git a/ansible/playbooks/role-rocky-ipa-client.yml b/ansible/playbooks/role-rocky-ipa-client.yml index 6de3fb8..27eb198 100644 --- a/ansible/playbooks/role-rocky-ipa-client.yml +++ b/ansible/playbooks/role-rocky-ipa-client.yml @@ -19,6 +19,9 @@ - "not no_ansible.stat.exists" msg: "/etc/no-ansible exists - skipping run on this node" + - name: Check if we can see LDAP srv records + + roles: - role: ipaclient state: present @@ -29,5 +32,5 @@ path: /var/log/ansible.run state: touch mode: '0644' - user: root + owner: root group: root diff --git a/ansible/playbooks/role-rocky-ipa-replica.yml b/ansible/playbooks/role-rocky-ipa-replica.yml index ba911c6..16b3ac6 100644 --- a/ansible/playbooks/role-rocky-ipa-replica.yml +++ b/ansible/playbooks/role-rocky-ipa-replica.yml @@ -59,5 +59,5 @@ path: /var/log/ansible.run state: touch mode: '0644' - user: root + owner: root group: root diff --git a/ansible/playbooks/role-rocky-ipa.yml b/ansible/playbooks/role-rocky-ipa.yml index 5241c63..d9aba24 100644 --- a/ansible/playbooks/role-rocky-ipa.yml +++ b/ansible/playbooks/role-rocky-ipa.yml @@ -1,6 +1,11 @@ --- # Creates the first server for an IPA infrastructure # Variables for the infrastructure are in inventory/ipainventory +# Recommended specs for the IPA systems, that scale based on number of objects: +# CPU: 2 cores +# Memory: 4GB +# Storage: 10G /var/lib/dirsrv +# System fully up to date - name: Configure IPA server hosts: ipaserver become: true @@ -48,5 +53,5 @@ path: /var/log/ansible.run state: touch mode: '0644' - user: root + owner: root group: root diff --git a/ansible/playbooks/vars/rdns.yml b/ansible/playbooks/vars/rdns.yml index b1b56b3..0676858 100644 --- a/ansible/playbooks/vars/rdns.yml +++ b/ansible/playbooks/vars/rdns.yml @@ -2,9 +2,15 @@ rdns: - 0.1.10.in-addr.arpa. - 2.1.10.in-addr.arpa. + - 4.1.10.in-addr.arpa. + - 6.1.10.in-addr.arpa. - 8.1.10.in-addr.arpa. + - 10.1.10.in-addr.arpa. - 14.1.10.in-addr.arpa. - 0.16.10.in-addr.arpa. - 2.16.10.in-addr.arpa. + - 4.16.10.in-addr.arpa. + - 6.16.10.in-addr.arpa. - 8.16.10.in-addr.arpa. + - 10.16.10.in-addr.arpa. - 14.16.10.in-addr.arpa.