rearranging

This commit is contained in:
nazunalika 2021-01-02 22:18:47 -07:00
parent d2dc1bef07
commit b45404cdc2
32 changed files with 57 additions and 25 deletions

View File

@ -8,7 +8,7 @@
become: false
gather_facts: false
vars_files:
- vars/encpass.yml
- vars/vaults/encpass.yml
tasks:
- name: "Checking for user variables"

View File

@ -18,7 +18,7 @@
become: true
gather_facts: false
vars_files:
- vars/encpass.yml
- vars/vaults/encpass.yml
tasks:
- name: "Checking for user variables"

View File

@ -7,7 +7,7 @@
become: false
gather_facts: false
vars_files:
- vars/encpass.yml
- vars/vaults/encpass.yml
tasks:
- name: "Checking for user variables"

View File

@ -7,7 +7,7 @@
become: false
gather_facts: false
vars_files:
- vars/encpass.yml
- vars/vaults/encpass.yml
tasks:
- name: "Checking for user variables"

View File

@ -7,7 +7,7 @@
become: false
gather_facts: false
vars_files:
- vars/encpass.yml
- vars/vaults/encpass.yml
tasks:
- name: "Checking for user variables"

View File

@ -22,7 +22,7 @@
become: false
gather_facts: false
vars_files:
- vars/encpass.yml
- vars/vaults/encpass.yml
- vars/rabbitmq.yml
tasks:

View File

@ -8,7 +8,7 @@
become: false
gather_facts: false
vars_files:
- vars/encpass.yml
- vars/vaults/encpass.yml
- vars/rabbitmq.yml
tasks:

View File

@ -46,3 +46,25 @@
loop: "{{ svcusers }}"
tags:
- users
- name: "Creating bind account template - binder"
template:
src: "tmp/binder.update"
dest: "/tmp/binder.update"
owner: root
group: root
mode: '0600'
tags:
- users
- name: "Adding in the bind account - binder"
command: "/usr/sbin/ipa-ldap-updater /tmp/binder.update"
register: bind_account
changed_when: "bind_account.rc == 0"
tags:
- users
- name: "Remove template"
file:
path: "/tmp/binder.update"
state: absent

View File

@ -5,9 +5,9 @@
become: false
gather_facts: false
vars_files:
- vars/encpass.yml
- vars/rdns.yml
- vars/fdns.yml
- vars/vaults/encpass.yml
- vars/ipa/rdns.yml
- vars/ipa/fdns.yml
tasks:
- name: "Checking for user variables"

View File

@ -5,12 +5,12 @@
become: false
gather_facts: false
vars_files:
- vars/encpass.yml
- vars/users.yml
- vars/adminusers.yml
- vars/svcusers.yml
- vars/groups.yml
- vars/ipaprivs.yml
- vars/vaults/encpass.yml
- vars/ipa/users.yml
- vars/ipa/adminusers.yml
- vars/ipa/svcusers.yml
- vars/ipa/groups.yml
- vars/ipa/ipaprivs.yml
tasks:
- name: "Checking for user variables"

View File

@ -5,8 +5,8 @@
hosts: ipaclients
become: true
vars_files:
- vars/encpass.yml
- vars/ipaclient.yml
- vars/vaults/encpass.yml
- vars/ipa/ipaclient.yml
pre_tasks:
- name: Check if ansible cannot be run here

View File

@ -5,7 +5,7 @@
hosts: ipareplicas
become: true
vars_files:
- vars/encpass.yml
- vars/vaults/encpass.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:

View File

@ -9,7 +9,7 @@
hosts: ipaserver
become: true
vars_files:
- vars/encpass.yml
- vars/vaults/encpass.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:

View File

@ -4,7 +4,7 @@
hosts: ipsilon
become: true
vars_files:
- vars/encpass.yml
- vars/vaults/encpass.yml
- vars/ipsilon.yml
# This is to try to avoid the handler issue in pre/post tasks

View File

@ -4,7 +4,7 @@
hosts: kojihub
become: true
vars_files:
- vars/encpass.yml
- vars/vaults/encpass.yml
- vars/kojihub.yml
# This is to try to avoid the handler issue in pre/post tasks

View File

@ -4,7 +4,7 @@
hosts: kojihub
become: true
vars_files:
- vars/encpass.yml
- vars/vaults/encpass.yml
- vars/mqtt.yml
# This is to try to avoid the handler issue in pre/post tasks

View File

@ -5,7 +5,7 @@
become: true
vars_files:
- vars/common.yml
- vars/encpass.yml
- vars/vaults/encpass.yml
- vars/rabbitmq.yml
# This is to try to avoid the handler issue in pre/post tasks

View File

@ -0,0 +1,7 @@
dn: uid=binder,cn=sysaccounts,cn=etc,dc=rockylinux,dc=org
add:objectclass:account
add:objectclass:simplesecurityobject
add:uid:binder
add:userPassword:{{ ipa_binder_password }}
add:passwordExpirationTime:20380119031407Z
add:nsIdleTimeout:0

View File

@ -6,4 +6,4 @@ rocky_ldap_account_basedn: "cn=accounts,dc=rockylinux,dc=org"
# Requires jinja 2.9+
rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
# This will need to be vaulted
rocky_ldap_bind_pw: "ThisIsNotThePassword!"
# rocky_ldap_bind_pw: "ThisIsNotThePassword!"

View File

@ -10,6 +10,9 @@ ipaadmin_password: !vault |
ipadm_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
REDACTED
ipa_binder_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
REDACTED
ipsilon_db_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
REDACTED