ipa groups

ansible/playbooks/import-rockygroups.yml

@@ -6,6 +6,7 @@
     name: "{{ item.group }}"
     description: "{{ item.description }}"
     nonposix: false
+    user: "{{ item.user | default(none) }}"
   loop: "{{ ipagroups }}"
   tags:
     - groups

ansible/playbooks/import-rockypwpolicy.yml

@@ -0,0 +1,16 @@
+---
+# Creates the first set of groups for the IdM Infrastructure
+- name: "Setting up password policies"
+  freeipa.ansible_freeipa.ipapwpolicy:
+    ipaadmin_password: "{{ ipaadmin_password }}"
+    name: "{{ item.group }}"
+    minlife: "{{ item.minlife | default(0) }}"
+    maxlife: "{{ item.maxlife | default(84) }}"
+    history: "{{ item.history | default(5) }}"
+    priority: "{{ item.priority | default(1) }}"
+    lockouttime: "{{ item.lockout | default(300) }}"
+    minlength: "{{ item.minlength | default(8) }}"
+    maxfile: "{{ item.maxfail | default(5) }}"
+  loop: "{{ ipapwpolicies }}"
+  tags:
+    - groups

ansible/playbooks/role-rocky-kojihub.yml

@@ -1,6 +1,6 @@
 ---
 # Stands up an ipsilon instance for simple SSO
-- name: Configure ipsilon server
+- name: Configure koji hub and web server
   hosts: kojihub
   become: true
   vars_files:

ansible/playbooks/vars/groups.yml

@@ -2,8 +2,18 @@
 ipagroups:
   - group: infrastructure
     description: Infrastructure Team
+    user:
+      - label
+      - neil
+      - rlh
+      - rfelsburg
+      - tg
+      - bagner
   - group: operations
     description: Operations Team
+    user:
+      - rlh
+      - rfelsburg
   - group: development
     description: Development Team
   - group: qa
@@ -12,5 +22,29 @@ ipagroups:
     description: Marketing
   - group: rockyadm
     description: Rocky Linux Administrators - Only Admin Accounts
+    user:
+      - label2
+      - gmk2
+      - brian2
+      - hbjy2
+      - jorp2
+      - neil2
+      - rlh2
+      - rfelsburg2
+      - tg2
+      - bagner2
   - group: gitadm
     description: Rocky Linux GitLab Admins
+    user:
+      - label
+      - neil
+      - rlh
+      - rfelsburg
+      - tg
+      - hbjy
+  - group: services
+    description: Rocky Linux Service Accounts
+    user:
+      - hostman
+      - kerbman
+      - rockykoji