prepping for AWX future

2024-11-22 05:01:27 +00:00 · 2021-01-09 21:47:18 -07:00 · 2021-01-09 21:47:18 -07:00 · ad81b58d3c
commit ad81b58d3c
parent 47e041d43f
7 changed files with 39 additions and 9 deletions
--- a/ansible/inventories/production/group_vars/ipaclients/main.yml
+++ b/ansible/inventories/production/group_vars/ipaclients/main.yml
@ -5,3 +5,5 @@ ipaclient_realm: ROCKYLINUX.ORG
 ipaadmin_principal: admin
 ipaclient_no_ntp: true
 ipaclient_mkhomedir: true
+ipaclient_ssh_trust_dns: true
+ipasssd_enable_dns_updates: true
--- a/ansible/playbooks/role-rocky-ipa-client.yml
+++ b/ansible/playbooks/role-rocky-ipa-client.yml
@ -1,8 +1,8 @@
 ---
 # Configures an IPA client for the Rocky infrastructure
-
+# Define "host" as a hostgroup name or a single host
 - name: Configure IPA client
-  hosts: ipaclients
+  hosts: "{{ host }}"
  become: true
  vars_files:
  - vars/vaults/encpass.yml
@ -21,9 +21,6 @@
        success_msg: "We are able to run on this node"
        fail_msg: "/etc/no-ansible exists - skipping run on this node"

-#   - name: Check if we can see LDAP srv records
-
-
  roles:
    - role: freeipa.ansible_freeipa.ipaclient
      state: present
--- a/ansible/playbooks/role-rocky-ipa-replica.yml
+++ b/ansible/playbooks/role-rocky-ipa-replica.yml
@ -1,11 +1,12 @@
 ---
 # Creates an IPA replica
-
+# Define "host" as a hostgroup name or a single host
 - name: Configure IPA server
-  hosts: ipareplicas
+  hosts: "{{ host }}"
  become: true
  vars_files:
  - vars/vaults/encpass.yml
+  - vars/ipa/ipareplica.yml

  # This is to try to avoid the handler issue in pre/post tasks
  handlers:
--- a/ansible/playbooks/role-rocky-ipa.yml
+++ b/ansible/playbooks/role-rocky-ipa.yml
@ -5,11 +5,13 @@
 # Memory: 4GB
 # Storage: 10G /var/lib/dirsrv
 # System fully up to date
+# Define "host" as a hostgroup name or a single host
 - name: Configure IPA server
-  hosts: ipaserver
+  hosts: "{{ host }}"
  become: true
  vars_files:
  - vars/vaults/encpass.yml
+  - vars/ipa/ipaserver.yml

  # This is to try to avoid the handler issue in pre/post tasks
  handlers:
--- a/ansible/playbooks/vars/ipa/ipaclient.yml
+++ b/ansible/playbooks/vars/ipa/ipaclient.yml
@ -1,8 +1,10 @@
 ---
-
+# IPA Client Vars
 ipaclient_domain: rockylinux.org
 ipaclient_realm: ROCKYLINUX.ORG
 ipaadmin_principal: admin
 ipaclient_no_ntp: true
 ipaclient_mkhomedir: true
+ipaclient_ssh_trust_dns: true
+ipasssd_enable_dns_updates: true
 ipatype: client
--- a/ansible/playbooks/vars/ipa/ipareplica.yml
+++ b/ansible/playbooks/vars/ipa/ipareplica.yml
@ -0,0 +1,13 @@
+---
+# IPA Replica
+ipaadmin_principal: admin
+ipaclient_no_ntp: true
+ipaclient_mkhomedir: true
+ipaserver_realm: ROCKYLINUX.ORG
+ipareplica_domain: rockylinux.org
+ipareplica_auto_forwarders: true
+ipareplica_setup_firewalld: true
+ipareplica_setup_ca: true
+ipareplica_setup_kra: true
+ipareplica_setup_dns: true
+ipatype: replica
--- a/ansible/playbooks/vars/ipa/ipaserver.yml
+++ b/ansible/playbooks/vars/ipa/ipaserver.yml
@ -1,2 +1,15 @@
 ---
+# IPA Server
+ipaserver_domain: rockylinux.org
+ipaserver_realm: ROCKYLINUX.ORG
+ipaserver_setup_dns: true
+ipaserver_setup_kra: true
+ipaserver_auto_forwarders: true
+ipaserver_no_host_dns: true
+ipaserver_allow_zone_overlap: true
+ipaserver_setup_firewalld: true
+ipaclient_no_ntp: true
+ipaclient_mkhomedir: true
+ipaserver_no_hbac_allow: true
+ipaserver_reverse_zones: ["32.10.in-addr.arpa."]
 ipatype: server