mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-12-22 10:58:29 +00:00
rearranging
This commit is contained in:
nazunalika
parent
d2dc1bef07
commit
b45404cdc2
@ -8,7 +8,7 @@
|
|||||||
become: false
|
become: false
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: "Checking for user variables"
|
- name: "Checking for user variables"
|
||||||
|
|||||||
@ -18,7 +18,7 @@
|
|||||||
become: true
|
become: true
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: "Checking for user variables"
|
- name: "Checking for user variables"
|
||||||
|
|||||||
@ -7,7 +7,7 @@
|
|||||||
become: false
|
become: false
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: "Checking for user variables"
|
- name: "Checking for user variables"
|
||||||
|
|||||||
@ -7,7 +7,7 @@
|
|||||||
become: false
|
become: false
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: "Checking for user variables"
|
- name: "Checking for user variables"
|
||||||
|
|||||||
@ -7,7 +7,7 @@
|
|||||||
become: false
|
become: false
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: "Checking for user variables"
|
- name: "Checking for user variables"
|
||||||
|
|||||||
@ -22,7 +22,7 @@
|
|||||||
become: false
|
become: false
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
- vars/rabbitmq.yml
|
- vars/rabbitmq.yml
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|||||||
@ -8,7 +8,7 @@
|
|||||||
become: false
|
become: false
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
- vars/rabbitmq.yml
|
- vars/rabbitmq.yml
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|||||||
@ -46,3 +46,25 @@
|
|||||||
loop: "{{ svcusers }}"
|
loop: "{{ svcusers }}"
|
||||||
tags:
|
tags:
|
||||||
- users
|
- users
|
||||||
|
|
||||||
|
- name: "Creating bind account template - binder"
|
||||||
|
template:
|
||||||
|
src: "tmp/binder.update"
|
||||||
|
dest: "/tmp/binder.update"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0600'
|
||||||
|
tags:
|
||||||
|
- users
|
||||||
|
|
||||||
|
- name: "Adding in the bind account - binder"
|
||||||
|
command: "/usr/sbin/ipa-ldap-updater /tmp/binder.update"
|
||||||
|
register: bind_account
|
||||||
|
changed_when: "bind_account.rc == 0"
|
||||||
|
tags:
|
||||||
|
- users
|
||||||
|
|
||||||
|
- name: "Remove template"
|
||||||
|
file:
|
||||||
|
path: "/tmp/binder.update"
|
||||||
|
state: absent
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
become: false
|
become: false
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
- vars/rdns.yml
|
- vars/ipa/rdns.yml
|
||||||
- vars/fdns.yml
|
- vars/ipa/fdns.yml
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: "Checking for user variables"
|
- name: "Checking for user variables"
|
||||||
|
|||||||
@ -5,12 +5,12 @@
|
|||||||
become: false
|
become: false
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
- vars/users.yml
|
- vars/ipa/users.yml
|
||||||
- vars/adminusers.yml
|
- vars/ipa/adminusers.yml
|
||||||
- vars/svcusers.yml
|
- vars/ipa/svcusers.yml
|
||||||
- vars/groups.yml
|
- vars/ipa/groups.yml
|
||||||
- vars/ipaprivs.yml
|
- vars/ipa/ipaprivs.yml
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: "Checking for user variables"
|
- name: "Checking for user variables"
|
||||||
|
|||||||
@ -5,8 +5,8 @@
|
|||||||
hosts: ipaclients
|
hosts: ipaclients
|
||||||
become: true
|
become: true
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
- vars/ipaclient.yml
|
- vars/ipa/ipaclient.yml
|
||||||
|
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
- name: Check if ansible cannot be run here
|
- name: Check if ansible cannot be run here
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
hosts: ipareplicas
|
hosts: ipareplicas
|
||||||
become: true
|
become: true
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
|
|
||||||
# This is to try to avoid the handler issue in pre/post tasks
|
# This is to try to avoid the handler issue in pre/post tasks
|
||||||
handlers:
|
handlers:
|
||||||
|
|||||||
@ -9,7 +9,7 @@
|
|||||||
hosts: ipaserver
|
hosts: ipaserver
|
||||||
become: true
|
become: true
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
|
|
||||||
# This is to try to avoid the handler issue in pre/post tasks
|
# This is to try to avoid the handler issue in pre/post tasks
|
||||||
handlers:
|
handlers:
|
||||||
|
|||||||
@ -4,7 +4,7 @@
|
|||||||
hosts: ipsilon
|
hosts: ipsilon
|
||||||
become: true
|
become: true
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
- vars/ipsilon.yml
|
- vars/ipsilon.yml
|
||||||
|
|
||||||
# This is to try to avoid the handler issue in pre/post tasks
|
# This is to try to avoid the handler issue in pre/post tasks
|
||||||
|
|||||||
@ -4,7 +4,7 @@
|
|||||||
hosts: kojihub
|
hosts: kojihub
|
||||||
become: true
|
become: true
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
- vars/kojihub.yml
|
- vars/kojihub.yml
|
||||||
|
|
||||||
# This is to try to avoid the handler issue in pre/post tasks
|
# This is to try to avoid the handler issue in pre/post tasks
|
||||||
|
|||||||
@ -4,7 +4,7 @@
|
|||||||
hosts: kojihub
|
hosts: kojihub
|
||||||
become: true
|
become: true
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
- vars/mqtt.yml
|
- vars/mqtt.yml
|
||||||
|
|
||||||
# This is to try to avoid the handler issue in pre/post tasks
|
# This is to try to avoid the handler issue in pre/post tasks
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
become: true
|
become: true
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/common.yml
|
- vars/common.yml
|
||||||
- vars/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
- vars/rabbitmq.yml
|
- vars/rabbitmq.yml
|
||||||
|
|
||||||
# This is to try to avoid the handler issue in pre/post tasks
|
# This is to try to avoid the handler issue in pre/post tasks
|
||||||
|
|||||||
7
ansible/playbooks/templates/tmp/binder.update
Normal file
7
ansible/playbooks/templates/tmp/binder.update
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
dn: uid=binder,cn=sysaccounts,cn=etc,dc=rockylinux,dc=org
|
||||||
|
add:objectclass:account
|
||||||
|
add:objectclass:simplesecurityobject
|
||||||
|
add:uid:binder
|
||||||
|
add:userPassword:{{ ipa_binder_password }}
|
||||||
|
add:passwordExpirationTime:20380119031407Z
|
||||||
|
add:nsIdleTimeout:0
|
||||||
@ -6,4 +6,4 @@ rocky_ldap_account_basedn: "cn=accounts,dc=rockylinux,dc=org"
|
|||||||
# Requires jinja 2.9+
|
# Requires jinja 2.9+
|
||||||
rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
|
rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
|
||||||
# This will need to be vaulted
|
# This will need to be vaulted
|
||||||
rocky_ldap_bind_pw: "ThisIsNotThePassword!"
|
# rocky_ldap_bind_pw: "ThisIsNotThePassword!"
|
||||||
|
|||||||
@ -10,6 +10,9 @@ ipaadmin_password: !vault |
|
|||||||
ipadm_password: !vault |
|
ipadm_password: !vault |
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
REDACTED
|
REDACTED
|
||||||
|
ipa_binder_password: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
REDACTED
|
||||||
ipsilon_db_password: !vault |
|
ipsilon_db_password: !vault |
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
REDACTED
|
REDACTED
|
||||||
Loading…
Reference in New Issue
Block a user