mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-12-22 10:58:29 +00:00
rearranging
This commit is contained in:
parent
d2dc1bef07
commit
b45404cdc2
@ -8,7 +8,7 @@
|
||||
become: false
|
||||
gather_facts: false
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
|
||||
tasks:
|
||||
- name: "Checking for user variables"
|
||||
|
@ -18,7 +18,7 @@
|
||||
become: true
|
||||
gather_facts: false
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
|
||||
tasks:
|
||||
- name: "Checking for user variables"
|
||||
|
@ -7,7 +7,7 @@
|
||||
become: false
|
||||
gather_facts: false
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
|
||||
tasks:
|
||||
- name: "Checking for user variables"
|
||||
|
@ -7,7 +7,7 @@
|
||||
become: false
|
||||
gather_facts: false
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
|
||||
tasks:
|
||||
- name: "Checking for user variables"
|
||||
|
@ -7,7 +7,7 @@
|
||||
become: false
|
||||
gather_facts: false
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
|
||||
tasks:
|
||||
- name: "Checking for user variables"
|
||||
|
@ -22,7 +22,7 @@
|
||||
become: false
|
||||
gather_facts: false
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/rabbitmq.yml
|
||||
|
||||
tasks:
|
||||
|
@ -8,7 +8,7 @@
|
||||
become: false
|
||||
gather_facts: false
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/rabbitmq.yml
|
||||
|
||||
tasks:
|
||||
|
@ -46,3 +46,25 @@
|
||||
loop: "{{ svcusers }}"
|
||||
tags:
|
||||
- users
|
||||
|
||||
- name: "Creating bind account template - binder"
|
||||
template:
|
||||
src: "tmp/binder.update"
|
||||
dest: "/tmp/binder.update"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
tags:
|
||||
- users
|
||||
|
||||
- name: "Adding in the bind account - binder"
|
||||
command: "/usr/sbin/ipa-ldap-updater /tmp/binder.update"
|
||||
register: bind_account
|
||||
changed_when: "bind_account.rc == 0"
|
||||
tags:
|
||||
- users
|
||||
|
||||
- name: "Remove template"
|
||||
file:
|
||||
path: "/tmp/binder.update"
|
||||
state: absent
|
||||
|
@ -5,9 +5,9 @@
|
||||
become: false
|
||||
gather_facts: false
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/rdns.yml
|
||||
- vars/fdns.yml
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/ipa/rdns.yml
|
||||
- vars/ipa/fdns.yml
|
||||
|
||||
tasks:
|
||||
- name: "Checking for user variables"
|
||||
|
@ -5,12 +5,12 @@
|
||||
become: false
|
||||
gather_facts: false
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/users.yml
|
||||
- vars/adminusers.yml
|
||||
- vars/svcusers.yml
|
||||
- vars/groups.yml
|
||||
- vars/ipaprivs.yml
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/ipa/users.yml
|
||||
- vars/ipa/adminusers.yml
|
||||
- vars/ipa/svcusers.yml
|
||||
- vars/ipa/groups.yml
|
||||
- vars/ipa/ipaprivs.yml
|
||||
|
||||
tasks:
|
||||
- name: "Checking for user variables"
|
||||
|
@ -5,8 +5,8 @@
|
||||
hosts: ipaclients
|
||||
become: true
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/ipaclient.yml
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/ipa/ipaclient.yml
|
||||
|
||||
pre_tasks:
|
||||
- name: Check if ansible cannot be run here
|
||||
|
@ -5,7 +5,7 @@
|
||||
hosts: ipareplicas
|
||||
become: true
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
handlers:
|
||||
|
@ -9,7 +9,7 @@
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
handlers:
|
||||
|
@ -4,7 +4,7 @@
|
||||
hosts: ipsilon
|
||||
become: true
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/ipsilon.yml
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
|
@ -4,7 +4,7 @@
|
||||
hosts: kojihub
|
||||
become: true
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/kojihub.yml
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
|
@ -4,7 +4,7 @@
|
||||
hosts: kojihub
|
||||
become: true
|
||||
vars_files:
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/mqtt.yml
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
|
@ -5,7 +5,7 @@
|
||||
become: true
|
||||
vars_files:
|
||||
- vars/common.yml
|
||||
- vars/encpass.yml
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/rabbitmq.yml
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
|
7
ansible/playbooks/templates/tmp/binder.update
Normal file
7
ansible/playbooks/templates/tmp/binder.update
Normal file
@ -0,0 +1,7 @@
|
||||
dn: uid=binder,cn=sysaccounts,cn=etc,dc=rockylinux,dc=org
|
||||
add:objectclass:account
|
||||
add:objectclass:simplesecurityobject
|
||||
add:uid:binder
|
||||
add:userPassword:{{ ipa_binder_password }}
|
||||
add:passwordExpirationTime:20380119031407Z
|
||||
add:nsIdleTimeout:0
|
@ -6,4 +6,4 @@ rocky_ldap_account_basedn: "cn=accounts,dc=rockylinux,dc=org"
|
||||
# Requires jinja 2.9+
|
||||
rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
|
||||
# This will need to be vaulted
|
||||
rocky_ldap_bind_pw: "ThisIsNotThePassword!"
|
||||
# rocky_ldap_bind_pw: "ThisIsNotThePassword!"
|
||||
|
@ -10,6 +10,9 @@ ipaadmin_password: !vault |
|
||||
ipadm_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
REDACTED
|
||||
ipa_binder_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
REDACTED
|
||||
ipsilon_db_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
REDACTED
|
Loading…
Reference in New Issue
Block a user