infrastructure/mono-infrastructure
7
0
Fork 0
mirror of https://github.com/rocky-linux/infrastructure synced 2024-11-22 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

linting, ipa rdns

Browse Source
This commit is contained in:
nazunalika 2020-12-11 14:00:14 -07:00
parent 085c9ae83e
commit 33a6d29608
9 changed files with 37 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/README.md
View File

@ -91,6 +91,9 @@ At a minimum, there should be `pre_tasks` and `post_tasks` that can judge whethe
file: file:
path: /var/log/ansible.run path: /var/log/ansible.run
state: touch state: touch
mode: '0644'
owner: root
group: root
``` ```
### Comments ### Comments

26
ansible/inventory/ipainventory
View File

@ -8,15 +8,15 @@ ipa001.rockylinux.org ansible_host=10.100.1.110
[ipaserver:vars] [ipaserver:vars]
ipaserver_domain=rockylinux.org ipaserver_domain=rockylinux.org
ipaserver_realm=ROCKYLINUX.ORG ipaserver_realm=ROCKYLINUX.ORG
ipaserver_setup_dns=yes ipaserver_setup_dns=true
ipaserver_setup_kra=true ipaserver_setup_kra=true
ipaserver_auto_forwarders=yes ipaserver_auto_forwarders=true
ipaserver_no_host_dns=true ipaserver_no_host_dns=true
ipaserver_hostname=ipa001.rockylinux.org ipaserver_hostname=ipa001.rockylinux.org
ipaserver_allow_zone_overlap=yes ipaserver_allow_zone_overlap=true
ipaserver_setup_firewalld=yes ipaserver_setup_firewalld=true
ipaclient_no_ntp=true ipaclient_no_ntp=true
ipaclient_mkhomedir=yes ipaclient_mkhomedir=true
ipaserver_reverse_zones=["1.100.10.in-addr.arpa."] ipaserver_reverse_zones=["1.100.10.in-addr.arpa."]
[ipareplicas] [ipareplicas]
@ -25,17 +25,19 @@ ipa002.rockylinux.org ansible_host=10.100.1.111
[ipareplicas:vars] [ipareplicas:vars]
ipaadmin_principal=admin ipaadmin_principal=admin
ipaclient_no_ntp=true ipaclient_no_ntp=true
ipaclient_mkhomedir=yes ipaclient_mkhomedir=true
ipaserver_realm=ROCKYLINUX.ORG ipaserver_realm=ROCKYLINUX.ORG
ipaserver_hostname=ipa002.rockylinux.org ipaserver_hostname=ipa002.rockylinux.org
ipareplica_domain=rockylinux.org ipareplica_domain=rockylinux.org
ipareplica_auto_forwarders=yes ipareplica_auto_forwarders=true
ipareplica_setup_firewalld=yes ipareplica_setup_firewalld=true
ipareplica_setup_ca=yes ipareplica_setup_ca=true
ipareplica_setup_kra=yes ipareplica_setup_kra=true
ipareplica_setup_dns=yes ipareplica_setup_dns=true
ipa_dns_master=10.100.1.110 ipa_dns_master=10.100.1.110
# This is for example purposes - it is likely we'll use "all" instead of
# putting everything under an ipaclient
[ipaclients] [ipaclients]
build-a-box.rockylinux.org ansible_host=10.100.1.112 build-a-box.rockylinux.org ansible_host=10.100.1.112
@ -43,4 +45,4 @@ build-a-box.rockylinux.org ansible_host=10.100.1.112
ipaclient_domain=rockylinux.org ipaclient_domain=rockylinux.org
ipaadmin_principal=admin ipaadmin_principal=admin
ipaclient_no_ntp=true ipaclient_no_ntp=true
ipaclient_mkhomedir=yes ipaclient_mkhomedir=true

2
ansible/playbooks/init-rocky-install-kvm-hosts.yml
View File

@ -53,5 +53,5 @@
path: /var/log/ansible.run path: /var/log/ansible.run
state: touch state: touch
mode: '0644' mode: '0644'
user: root owner: root
group: root group: root

2
ansible/playbooks/init-rocky-system-config.yml
View File

@ -36,5 +36,5 @@
path: /var/log/ansible.run path: /var/log/ansible.run
state: touch state: touch
mode: '0644' mode: '0644'
user: root owner: root
group: root group: root

1
ansible/playbooks/requirements.yml
View File

@ -1,2 +1,3 @@
--- ---
- src: freeipa.ansible_freeipa - src: freeipa.ansible_freeipa
- src: community.general

5
ansible/playbooks/role-rocky-ipa-client.yml
View File

@ -19,6 +19,9 @@
- "not no_ansible.stat.exists" - "not no_ansible.stat.exists"
msg: "/etc/no-ansible exists - skipping run on this node" msg: "/etc/no-ansible exists - skipping run on this node"
- name: Check if we can see LDAP srv records
roles: roles:
- role: ipaclient - role: ipaclient
state: present state: present
@ -29,5 +32,5 @@
path: /var/log/ansible.run path: /var/log/ansible.run
state: touch state: touch
mode: '0644' mode: '0644'
user: root owner: root
group: root group: root

2
ansible/playbooks/role-rocky-ipa-replica.yml
View File

@ -59,5 +59,5 @@
path: /var/log/ansible.run path: /var/log/ansible.run
state: touch state: touch
mode: '0644' mode: '0644'
user: root owner: root
group: root group: root

7
ansible/playbooks/role-rocky-ipa.yml
View File

@ -1,6 +1,11 @@
--- ---
# Creates the first server for an IPA infrastructure # Creates the first server for an IPA infrastructure
# Variables for the infrastructure are in inventory/ipainventory # Variables for the infrastructure are in inventory/ipainventory
# Recommended specs for the IPA systems, that scale based on number of objects:
# CPU: 2 cores
# Memory: 4GB
# Storage: 10G /var/lib/dirsrv
# System fully up to date
- name: Configure IPA server - name: Configure IPA server
hosts: ipaserver hosts: ipaserver
become: true become: true
@ -48,5 +53,5 @@
path: /var/log/ansible.run path: /var/log/ansible.run
state: touch state: touch
mode: '0644' mode: '0644'
user: root owner: root
group: root group: root

6
ansible/playbooks/vars/rdns.yml
View File

@ -2,9 +2,15 @@
rdns: rdns:
- 0.1.10.in-addr.arpa. - 0.1.10.in-addr.arpa.
- 2.1.10.in-addr.arpa. - 2.1.10.in-addr.arpa.
- 4.1.10.in-addr.arpa.
- 6.1.10.in-addr.arpa.
- 8.1.10.in-addr.arpa. - 8.1.10.in-addr.arpa.
- 10.1.10.in-addr.arpa.
- 14.1.10.in-addr.arpa. - 14.1.10.in-addr.arpa.
- 0.16.10.in-addr.arpa. - 0.16.10.in-addr.arpa.
- 2.16.10.in-addr.arpa. - 2.16.10.in-addr.arpa.
- 4.16.10.in-addr.arpa.
- 6.16.10.in-addr.arpa.
- 8.16.10.in-addr.arpa. - 8.16.10.in-addr.arpa.
- 10.16.10.in-addr.arpa.
- 14.16.10.in-addr.arpa. - 14.16.10.in-addr.arpa.