From 86b46e6ea498891af663fab6c629ca1e7f92b49f Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 31 Jan 2021 01:49:40 -0700 Subject: [PATCH 1/3] update pre-commit --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ea29d2d..5f5065c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v3.3.0 + rev: v3.4.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -25,7 +25,7 @@ repos: always_run: true - repo: https://github.com/adrienverge/yamllint.git - rev: v1.24.2 + rev: v1.26.0 hooks: - id: yamllint files: \.(yaml|yml)$ From 65ce1a3d7774057e8bc4ef6629cab7256715687a Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 31 Jan 2021 20:14:13 -0700 Subject: [PATCH 2/3] dev env --- .../staging/group_vars/chronyservers/main.yml | 4 ++++ .../inventories/staging/group_vars/ipa/main.yml | 0 .../staging/group_vars/ipaclients/main.yml | 9 +++++++++ .../staging/group_vars/ipareplicas/main.yml | 12 ++++++++++++ .../staging/group_vars/ipaserver/main.yml | 15 +++++++++++++++ 5 files changed, 40 insertions(+) create mode 100644 ansible/inventories/staging/group_vars/chronyservers/main.yml create mode 100644 ansible/inventories/staging/group_vars/ipa/main.yml create mode 100644 ansible/inventories/staging/group_vars/ipaclients/main.yml create mode 100644 ansible/inventories/staging/group_vars/ipareplicas/main.yml create mode 100644 ansible/inventories/staging/group_vars/ipaserver/main.yml diff --git a/ansible/inventories/staging/group_vars/chronyservers/main.yml b/ansible/inventories/staging/group_vars/chronyservers/main.yml new file mode 100644 index 0000000..354d2aa --- /dev/null +++ b/ansible/inventories/staging/group_vars/chronyservers/main.yml @@ -0,0 +1,4 @@ +--- + +chrony_server: true +chrony_allow_cidr: "10.0.0.0/16" diff --git a/ansible/inventories/staging/group_vars/ipa/main.yml b/ansible/inventories/staging/group_vars/ipa/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/inventories/staging/group_vars/ipaclients/main.yml b/ansible/inventories/staging/group_vars/ipaclients/main.yml new file mode 100644 index 0000000..abd0ae9 --- /dev/null +++ b/ansible/inventories/staging/group_vars/ipaclients/main.yml @@ -0,0 +1,9 @@ +--- + +ipaclient_domain: rockylinux.org +ipaclient_realm: ROCKYLINUX.ORG +ipaadmin_principal: admin +ipaclient_no_ntp: true +ipaclient_mkhomedir: true +ipaclient_ssh_trust_dns: true +ipasssd_enable_dns_updates: true diff --git a/ansible/inventories/staging/group_vars/ipareplicas/main.yml b/ansible/inventories/staging/group_vars/ipareplicas/main.yml new file mode 100644 index 0000000..13ab775 --- /dev/null +++ b/ansible/inventories/staging/group_vars/ipareplicas/main.yml @@ -0,0 +1,12 @@ +--- + +ipaadmin_principal: admin +ipaclient_mkhomedir: true +ipaserver_realm: ROCKYLINUX.ORG +ipareplica_domain: rockylinux.org +ipareplica_auto_forwarders: true +ipareplica_setup_firewalld: true +ipareplica_setup_ca: true +ipareplica_setup_kra: true +ipareplica_setup_dns: true +ipa_dns_master: 10.100.1.110 diff --git a/ansible/inventories/staging/group_vars/ipaserver/main.yml b/ansible/inventories/staging/group_vars/ipaserver/main.yml new file mode 100644 index 0000000..c09acd8 --- /dev/null +++ b/ansible/inventories/staging/group_vars/ipaserver/main.yml @@ -0,0 +1,15 @@ +--- + +ipaserver_domain: rockylinux.org +ipaserver_realm: ROCKYLINUX.ORG +ipaserver_setup_dns: true +ipaserver_setup_kra: true +ipaserver_auto_forwarders: true +ipaserver_no_host_dns: true +ipaserver_hostname: ipa001.rockylinux.org +ipaserver_allow_zone_overlap: true +ipaserver_setup_firewalld: true +ipaclient_no_ntp: true +ipaclient_mkhomedir: true +ipaserver_no_hbac_allow: true +ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."] From baf25659a22839e513cd2d179527e649b97288e2 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Mon, 1 Feb 2021 01:22:12 -0700 Subject: [PATCH 3/3] update readme --- ansible/README.md | 215 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 215 insertions(+) diff --git a/ansible/README.md b/ansible/README.md index b7020b5..5b00c99 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -187,3 +187,218 @@ role-rocky-ipa-client.yml # All systems should be hardened init-rocky-system-config.yml ``` + +## Current Set + +``` +. +├── README.md +├── ansible.cfg +├── collections +│   └── Readme.md +├── files -> playbooks/files +├── handlers -> playbooks/handlers +├── inventories +│   ├── production +│   │   ├── group_vars +│   │   │   ├── chronyservers +│   │   │   │   └── main.yml +│   │   │   ├── ipa +│   │   │   │   └── main.yml +│   │   │   ├── ipaclients +│   │   │   │   └── main.yml +│   │   │   ├── ipareplicas +│   │   │   │   └── main.yml +│   │   │   ├── ipaserver +│   │   │   │   └── main.yml +│   │   │   └── rabbitmq +│   │   │   └── main.yml +│   │   └── hosts.ini +│   └── staging +│   ├── group_vars +│   │   ├── chronyservers +│   │   │   └── main.yml +│   │   ├── ipa +│   │   │   └── main.yml +│   │   ├── ipaclients +│   │   │   └── main.yml +│   │   ├── ipareplicas +│   │   │   └── main.yml +│   │   ├── ipaserver +│   │   │   └── main.yml +│   │   └── rabbitmq +│   │   └── main.yml +│   └── hosts.ini +├── playbooks +│   ├── adhoc-facts-refresh.yml +│   ├── adhoc-ipabinder.yml +│   ├── adhoc-ipadnsrecord.yml +│   ├── adhoc-ipadnszone.yml +│   ├── adhoc-ipagetcert.yml +│   ├── adhoc-ipagetkeytab.yml +│   ├── adhoc-ipagroup.yml +│   ├── adhoc-ipaservice.yml +│   ├── adhoc-ipauser-disable.yml +│   ├── adhoc-ipauser-enable.yml +│   ├── adhoc-ipauser.yml +│   ├── adhoc-rabbitmqqueue.yml +│   ├── adhoc-rabbitmquser.yml +│   ├── files +│   │   ├── etc +│   │   │   ├── authselect +│   │   │   │   └── custom +│   │   │   │   └── sssd-rocky +│   │   │   │   ├── CentOS-8-system-auth -> RedHat-8-system-auth +│   │   │   │   └── RedHat-8-system-auth +│   │   │   ├── gitlab +│   │   │   ├── pam.d +│   │   │   │   ├── CentOS-7-system-auth-ac -> RedHat-7-system-auth-ac +│   │   │   │   └── RedHat-7-system-auth-ac +│   │   │   ├── rockybanner +│   │   │   └── sudoers.d +│   │   │   └── cis +│   │   ├── tmp +│   │   └── usr +│   │   └── local +│   │   └── bin +│   │   └── lock-wrapper +│   ├── handlers +│   │   └── main.yml +│   ├── import-rockygroups.yml +│   ├── import-rockyipaprivs.yml +│   ├── import-rockypwpolicy.yml +│   ├── import-rockysudo.yml +│   ├── import-rockyusers.yml +│   ├── init-rocky-account-services.yml +│   ├── init-rocky-ansible-host.yml +│   ├── init-rocky-bugzilla.yml +│   ├── init-rocky-builder-postfix.yml +│   ├── init-rocky-chrony.yml +│   ├── init-rocky-install-kvm-hosts.yml +│   ├── init-rocky-ipa-internal-dns.yml +│   ├── init-rocky-ipa-team.yml +│   ├── init-rocky-noggin-theme.yml +│   ├── init-rocky-system-config.yml +│   ├── rocky-rocky-gitlab-ee.yml +│   ├── role-rocky-graylog.yml +│   ├── role-rocky-ipa-client.yml +│   ├── role-rocky-ipa-replica.yml +│   ├── role-rocky-ipa.yml +│   ├── role-rocky-ipsilon.yml +│   ├── role-rocky-kojid.yml +│   ├── role-rocky-kojihub.yml +│   ├── role-rocky-monitoring.yml +│   ├── role-rocky-mqtt.yml +│   ├── role-rocky-node_exporter.yml +│   ├── role-rocky-rabbitmq.yml +│   ├── role-rocky-sigul-bridge.yml +│   ├── role-rocky-sigul-server.yml +│   ├── tasks +│   │   ├── account_services.yml +│   │   ├── auditd.yml +│   │   ├── authentication.yml +│   │   ├── chrony.yml +│   │   ├── gitlab-reconfigure.yml +│   │   ├── grub.yml +│   │   ├── harden.yml +│   │   ├── koji_efs.yml +│   │   ├── main.yml +│   │   ├── mantis.yml +│   │   ├── postfix_relay.yml +│   │   ├── rabbitmq-reconfigure.yml +│   │   ├── scripts.yml +│   │   ├── ssh_config.yml +│   │   └── variable_loader_common.yml +│   ├── templates +│   │   ├── etc +│   │   │   ├── audit +│   │   │   │   └── rules.d +│   │   │   │   └── collection.rules.j2 +│   │   │   ├── chrony.conf.j2 +│   │   │   ├── gitlab +│   │   │   │   └── rocky_gitlab.rb +│   │   │   ├── httpd +│   │   │   │   └── conf.d +│   │   │   │   ├── id.conf.j2 +│   │   │   │   └── mantis.conf.j2 +│   │   │   ├── modprobe.d +│   │   │   │   └── cis.conf.j2 +│   │   │   ├── nginx +│   │   │   │   ├── conf.d +│   │   │   │   │   └── omnibus.conf.j2 +│   │   │   │   └── nginx.conf.j2 +│   │   │   ├── postfix +│   │   │   │   └── sasl_passwd.j2 +│   │   │   ├── resolv.conf.j2 +│   │   │   ├── rsyslog.d +│   │   │   ├── ssh +│   │   │   │   ├── CentOS-7-sshd_config.j2 -> RedHat-7-sshd_config.j2 +│   │   │   │   ├── CentOS-8-sshd_config.j2 -> RedHat-8-sshd_config.j2 +│   │   │   │   ├── RedHat-7-sshd_config.j2 +│   │   │   │   └── RedHat-8-sshd_config.j2 +│   │   │   └── sssd +│   │   ├── hidden +│   │   │   ├── README.md +│   │   │   └── home +│   │   │   └── noggin +│   │   │   └── noggin.cfg +│   │   ├── tmp +│   │   │   ├── binder.update +│   │   │   └── binder_template.update +│   │   └── var +│   │   └── www +│   │   └── mantis +│   │   └── config +│   │   └── config_inc.php.j2 +│   └── vars +│   ├── CentOS.yml -> RedHat.yml +│   ├── RedHat.yml +│   ├── buildsys.yml +│   ├── chrony.yml +│   ├── chronyserver.yml +│   ├── common.yml +│   ├── gitlab.yml +│   ├── graylog.yml +│   ├── ipa +│   │   ├── adminusers.yml +│   │   ├── agreements.yml +│   │   ├── fdns.yml +│   │   ├── groups.yml +│   │   ├── ipaclient.yml +│   │   ├── ipaprivs.yml +│   │   ├── ipareplica.yml +│   │   ├── ipaserver.yml +│   │   ├── rdns.yml +│   │   ├── sudorules.yml +│   │   ├── svcusers.yml +│   │   └── users.yml +│   ├── ipaserver.yml +│   ├── ipsilon.yml +│   ├── koji-common.yml +│   ├── kojid.yml +│   ├── kojihub.yml +│   ├── mantis.yml +│   ├── matterbridge.yml +│   ├── monitoring +│   │   └── README.md +│   ├── monitoring.yml +│   ├── mqtt.yml +│   ├── rabbitmq.yml +│   ├── sigul_bridge.yml +│   ├── sigul_server.yml +│   └── vaults +│   └── README.md +├── roles +│   ├── local +│   │   └── Readme.md +│   ├── public +│   │   └── Readme.md +│   └── requirements.yml +├── ssh_config +├── tasks -> playbooks/tasks +├── templates -> playbooks/templates +├── tmp +│   ├── Readme.md +│   └── ansible.log +└── vars -> playbooks/vars +```