From 868c9fc772745e5a1be3a9247d548aba99e1bded Mon Sep 17 00:00:00 2001
From: nazunalika <tucklesepk@gmail.com>
Date: Sun, 13 Dec 2020 20:06:42 -0700
Subject: [PATCH] fixing some little mistakes

---
 ansible/README.md                       | 20 ++++++--
 ansible/playbooks/import-rockyusers.yml | 15 ++++++
 ansible/playbooks/tasks/grub.yml        |  3 +-
 ansible/playbooks/vars/adminusers.yml   | 65 +++++++++++++++++++++++++
 ansible/playbooks/vars/users.yml        | 61 ++++++++++++++++++++---
 5 files changed, 153 insertions(+), 11 deletions(-)
 create mode 100644 ansible/playbooks/vars/adminusers.yml

diff --git a/ansible/README.md b/ansible/README.md
index f37c0e3..f7d5f7a 100644
--- a/ansible/README.md
+++ b/ansible/README.md
@@ -29,7 +29,7 @@ Loosely copied from the CentOS ansible infrastructure.
 │   ├── vars
 ├── roles/local
 │   └── <role-name>
-|   └── requirements.yml
+│   └── requirements.yml
 ├── tasks -> playbooks/tasks
 ├── templates -> playbooks/templates
 └── vars -> playbooks/vars
@@ -110,11 +110,23 @@ Ensure that you use relevant tags where necessary for your tasks.
 
 ### Roles
 
-If you are using roles that are not part of this repository in the `roles` directory, you will need to list them in the `requirements.yml`. For example, we use the IPA role.
+If you are using roles or collections, you will need to list them in `./roles/requirements.yml`. For example, we use the freeipa collection and a mysql role from geerlingguy.
 
 ```
 ---
-- src: freeipa.ansible_freeipa
+roles:
+  - name: geerlingguy.mysql
+
+collections:
+  - name: freeipa.ansible_freeipa
+    version: 0.3.1
 ```
 
-Otherwise, custom roles for the infrastructure will sit in `ansible/roles`.
+Custom roles for infrastructure use will have their own separate repository. Right now, we do not have a Ansible Galaxy presence. For this, when referencing roles under Rocky Linux, you will have to specify its location and follow the naming format. Example below.
+
+```
+roles:
+  - name: rockylinux.ipsilon
+    src: https://github.com/rocky-linux/ansible-role-ipsilon
+    version: main
+```
diff --git a/ansible/playbooks/import-rockyusers.yml b/ansible/playbooks/import-rockyusers.yml
index ab5847c..ab5e1be 100644
--- a/ansible/playbooks/import-rockyusers.yml
+++ b/ansible/playbooks/import-rockyusers.yml
@@ -16,3 +16,18 @@
   loop: "{{ users }}"
   tags:
     - users
+
+- name: "Creating Initial Admin Accounts"
+  freeipa.ansible_freeipa.ipauser:
+    ipaadmin_password: "{{ ipaadmin_password }}"
+    name: "{{ item.name }}"
+    first: "{{ item.first }}"
+    last: "{{ item.last }}"
+    email: "{{ item.email }}"
+    password: "{{ item.password }}"
+    title: "{{ item.title }}"
+    loginshell: "{{ item.loginshell }}"
+    update_password: on_create
+  loop: "{{ adminusers }}"
+  tags:
+    - users
diff --git a/ansible/playbooks/tasks/grub.yml b/ansible/playbooks/tasks/grub.yml
index a7e776b..455ac13 100644
--- a/ansible/playbooks/tasks/grub.yml
+++ b/ansible/playbooks/tasks/grub.yml
@@ -46,7 +46,8 @@
 
 - name: Rebuild grub
   command: "/usr/sbin/grub2-mkconfig -o {{ grub_config_path_link }}"
-  changed_when: flase
+  register: grub_command_result
+  changed_when: "grub_command_result.rc == 0"
   tags:
     - grub
     - kernel
diff --git a/ansible/playbooks/vars/adminusers.yml b/ansible/playbooks/vars/adminusers.yml
new file mode 100644
index 0000000..d740723
--- /dev/null
+++ b/ansible/playbooks/vars/adminusers.yml
@@ -0,0 +1,65 @@
+---
+users:
+  - name: label2
+    first: Louis
+    last: Abel
+    email: label@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Infrastructure IdM Manager
+    loginshell: /bin/bash
+  - name: gmk2
+    first: Gregory
+    last: Kurtzer
+    email: gmk@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Executive Director
+    loginshell: /bin/bash
+  - name: brian2
+    first: Brian
+    last: Clemens
+    email: brian@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Project Manager
+    loginshell: /bin/bash
+  - name: hbjy2
+    first: Hayden
+    last: Young
+    email: hbjy@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Web & Branding Manager
+    loginshell: /bin/bash
+  - name: jorp2
+    first: Jordan
+    last: Pisaniello
+    email: jorp@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Community Manager
+    loginshell: /bin/bash
+  - name: neil2
+    first: Neil
+    last: Hanlon
+    email: neil@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Infrastructure Manager
+    loginshell: /bin/bash
+  - name: rlh2
+    first: R. Leigh
+    last: Hennig
+    email: rlh@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Operations Manager
+    loginshell: /bin/bash
+  - name: rfelsburg2
+    first: Rob
+    last: Felsburg
+    email: rfelsburg@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Operations Manager
+    loginshell: /bin/bash
+  - name: tg2
+    first: Taylor
+    last: Goodwill
+    email: tg@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Infrastructure Manager
+    loginshell: /bin/bash
diff --git a/ansible/playbooks/vars/users.yml b/ansible/playbooks/vars/users.yml
index cc3c520..313cbc5 100644
--- a/ansible/playbooks/vars/users.yml
+++ b/ansible/playbooks/vars/users.yml
@@ -5,12 +5,61 @@ users:
     last: Abel
     email: label@rockylinux.org
     password: ThisIsNotMyPassword1!
-    title: Infrastructure IdM Engineer
+    title: Infrastructure IdM Manager
     loginshell: /bin/bash
-  - name: label2
-    first: Louis
-    last: Abel
-    email: label@rockylinux.org
+  - name: gmk
+    first: Gregory
+    last: Kurtzer
+    email: gmk@rockylinux.org
     password: ThisIsNotMyPassword1!
-    title: Infrastructure IdM Engineer - Admin
+    title: Executive Director
+    loginshell: /bin/bash
+  - name: brian
+    first: Brian
+    last: Clemens
+    email: brian@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Project Manager
+    loginshell: /bin/bash
+  - name: hbjy
+    first: Hayden
+    last: Young
+    email: hbjy@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Web & Branding Manager
+    loginshell: /bin/bash
+  - name: jorp
+    first: Jordan
+    last: Pisaniello
+    email: jorp@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Community Manager
+    loginshell: /bin/bash
+  - name: neil
+    first: Neil
+    last: Hanlon
+    email: neil@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Infrastructure Manager
+    loginshell: /bin/bash
+  - name: rlh
+    first: R. Leigh
+    last: Hennig
+    email: rlh@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Operations Manager
+    loginshell: /bin/bash
+  - name: rfelsburg
+    first: Rob
+    last: Felsburg
+    email: rfelsburg@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Operations Manager
+    loginshell: /bin/bash
+  - name: tg
+    first: Taylor
+    last: Goodwill
+    email: tg@rockylinux.org
+    password: ThisIsNotMyPassword1!
+    title: Infrastructure Manager
     loginshell: /bin/bash